We are delighted that you have visited our website and thank you for your interest in our company.
We take data protection seriously. This privacy statement describes:
- the personal data we collect when you visit our website
- the purposes for which we use such data
- the legal basis for the processing of personal data
- the recipients of such personal data
- the period for which such personal data will be stored
- whether you are obliged to provide personal data
Furthermore, we would like to inform you about:
- the existence of your rights regarding the processing of your personal data
- the controller in the meaning of data protection laws and, where applicable, our data protection officer
- What Personal Data Do We Collect When You Visit Our Website?
- Visiting Our Website
When you visit our website without contacting us or signing in, your browser transmits the following information automatically to our server:
- IP address of your computer
- information about your browser
- website that you were on right before you landed on our website
- URL or file requested
- date and time of your visit
- volume of data transmitted
- status information, e.g. error messages
What Is the Purpose of Such Processing?
Processing of the information cited above is necessary to send the requested content to your browser. In doing so, we store the complete IP address only to the extent necessary to make available the functionalities of the website requested by you.
Moreover, to protect us from attacks and to safeguard the proper operation of our website, we store transiently and with restricted access for a maximum period of 180 days. Such period may be extended if and to the extend necessary to prosecute attacks and incidents. We will only investigate the user of an IP address in case of an illegal attack.
What Is the Legal Basis for Such Processing?
The legal basis for the handling of personal data results from the fact that such handling is required to make available the functionalities of the website requested by you (Art. 6 (1), lit b.) General Data Protection Regulation [“GDPR”]). Moreover, storing of personal data cited above takes place to protect our legitimate interest, to defend and protect our website and to investigate in case of illegal attacks (Art. 6 (1), lit f.) GDPR).
- Contacting Us
If you contact us by email or by contact form on our website, we receive the following information:
- name, surname
- your email address
- date and time of your message
- your message
What Is the Purpose of Such Processing?
If you contact us via the contact form on our website or by email, we use the personal information exclusively to process your request.
What Is the Legal Basis for Such Processing?
The legal basis for such processing is Art. 6 (1), lit f.) GDPR. The legitimate interest of BASF is given by the purposes of proccing sited above.
- User-Account Data
If you sign up to Exittus® training, the following data will be processed:
- E-mail address
- First name
- Postal code
- Company name
User data will be registered and stored in the platform to manage the certification process (generate repots and download user data). After having completed the final quiz, you will get personal certification that can be downloaded and printed. The certificate will include, your name and a unique identification number.
If you have given us your consent to do so, we [and the companies listed in the table below (together "We")] will process your personal data [e-mail address, first name, surname, country, postal code, company name] to send you the newsletter about our products and services at regular intervals to the e-mail address you have provided.
We will share your personal data with other affiliated companies of the BASF Group if they provide IT services for us or if this is necessary for operational reasons. Furthermore, we will pass on your personal data to the technical IT service providers we use from whom we obtain services. Our IT service providers are carefully selected and regularly checked by us. They process personal data only on our behalf and strictly in accordance with our instructions on the basis of corresponding contracts for order processing.
We store your personal data collected within the scope of your consent for the above-mentioned purposes until your consent is revoked.
The legal basis for the processing of your personal data for the above-mentioned purposes is your consent, Art 6, paragraph 1, lit. a) GDPR.
You can revoke your consent at any time with effect for the future by notifying us of your revocation under [email protected].
You are at liberty to grant or withhold consent. This has no effect on the use of this platform.
If you revoke your consent, we will delete your personal data immediately, provided that we process them for marketing purposes on the basis of your consent. Please note that the revocation does not result in the deletion of all your personal data which we process in the course of the business relationship with you, if there is another legal basis for this. The revocation of your consent does not affect the legality of the data processing that has taken place up to that point.
Kalvebod Brygge 45_ 2, DK-1560 København V, Denmark
BASF AB Haraldsgatan 5 Box 7144 402 33 Gothenburg Sweden
BASF Oy, Tammasaarenkatu 3, 00180 Helsinki, Finland
Strandgata 60, 6270 Brattvåg, Norwegen
Speyerer Straße 2, 67117 Limburgerhof, Germany
- Are You Required to Provide the Data?
When you visit our website, your browser transmits the information under Section 1 (1) automatically to our server. You are free to transmit such data. Without providing such data we are not able to serve you the requested content.
You are not obliged to let us use your anonymized data for web audience measuring. You are also not obliged to let us use your IP address for mapping with your company or industry information.
If you want to contact us by email or by contact form on our website, you are free to transmit the data under Section 1 (2). We will mark mandatory fields, if any, of a contact form. Without providing the required data you may prevent us from answering and meeting your request properly.
- To What Recipients Do We Transmit Your Data?
We transmit the data mentioned in section 1 to data processors based in the European Union for the purposes determined in section 2. Such data processors process personal data only on instructions from us and the processing is carried out on behalf of us.
Your personal data will only be transferred without your express prior consent if this is legally permissible or necessary.
The data you provide when signing up to Exittus® Training will be shared within our group of companies for internal administrative purposes, including joint customer care, as necessary. This transfer is in our legitimate interest to process the data for administrative purposes within the group of companies.
Your personal data can be transferred to authorities within the context of their jurisdiction (e.g. tax authorities, police, prosecuting authorities). The data will be transferred because we are legally obliged to transfer the data or it is in our legitimate interest to share the data to detect misuse or to enforce legal claims. When you sign up to Exittus® Training your personal data will be transferred to the following external company and external service provider on whose services we are dependent for the provision of our services: Mercuri International Srl, Via Santa Rita da Cascia, 33 cap 20142 - Milano, Italy.
We have carefully selected our external company and external service providers as processors and contractually obliged to process all personal data exclusively in accordance with our instructions.
In transactions where the structure of our company changes, customer information may be shared with the part of the company to be transferred. Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our form of business to the economic and legal circumstances as required.
- How Do We Protect Your Personal Data?
We implemented technical and organizational measures to ensure an appropriate level of security to protect your personal data against accidental or unlawful alteration, destruction, loss or unauthorized disclosure. Such measures will be continuously enhanced in line with technological developments.
- Data Retention Period
We delete or anonymize your personal data as soon as they are no longer required for the purposes for which we processed them in accordance with the above paragraphs unless deletion or blocking would violate our legal obligations to provide and preserve records (such as retention periods provided by commercial or tax laws).
Personal data processed based on your consent will be stored until you withdraw your consent.
What cookies are used by this site
The essential one is the session cookie, usually called MoodleSession. You must allow this cookie into your browser to provide continuity and maintain your login from page to page. When you log out or close the browser this cookie is destroyed (in your browser and on the server)
The other cookie is purely for convenience, usually called something like MOODLEID. It just remembers your username within the browser. This means when you return to this site the username field on the login page will be already filled out for you. It is safe to refuse this cookie - you will just have to retype your username every time you log in.
- What Rights Do You Have?
You have certain rights under the General Data Protection Regulation including the right to request a copy of the personal information we hold about you, if you request it from us in writing:
7.2. Right to Correct: if your personal is inaccurate or incomplete you have the right to have your personal information rectified;
7.3. Right to Erasure: this is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions. For example, we have the right to continue using your personal data if such use is necessary for compliance with our legal obligations or for the establishment, exercise or defense of legal claims.
7.4. Right to Restrict Our Use of Your Information: the right to suspend the usage of your personal information or limit the way in which we can use it. Please note that this right is limited in certain situations: when we are processing your personal information that we collected from you with your consent you can only request restriction on the basis of: (a) inaccuracy of data; (b) where our processing is unlawful and you don’t want your personal information erased; (c) you need it for a legal claim; or (d) if we no longer need to use the data for the purposes for which we hold it. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for restriction of the use of their personal information to make sure the restriction is respected in future;
7.5. Right to Data Portability: the right to request that we move, copy or transfer (where technically feasible) your personal information in a structured, commonly used and machine-readable format, for your own purposes across different services;
7.6. Right to Object: the right to object to our use of your personal information including where we use it for our legitimate interests, direct marketing;
7.7. Right to Be Informed: you have the right to be provided with clear, transparent and easily understandable information about how we use your personal information; and
7.8. Right to Withdraw Consent: if you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful).
The exercise of these rights is free of charge for you, however you are required to prove your identity with 2 pieces of approved identification. We will use reasonable efforts consistent with our legal duty to supply, correct or delete personal information about you on our files.
When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints that we cannot resolve directly.
If you are not satisfied with the way any complaint you make in relation to your personal information is handled by us then you may refer your complaint to the relevant data protection supervisory authority.
- Where Can You Lodge a Complaint?
You have the right to lodge a complaint with the following competent supervisory authority:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34
- Who Is Controller and Data Protection Officer?
You can find the controller in the meaning of data protection laws HERE
Please use the address of the controller above or the following address to contact our data protection officer: [email protected]