Home
Who we are
Organization
Locations
Europe
German Sites
HRdirektApp
Datenschutz

Who we are

BASF MOBILE APP PRIVACY POLICY

Data Privacy for HRdirect App

1. Introduction

This service (the "App") is provided by BASF Human Resources ("we" or "us") as the responsible party within the meaning of the German Data Protection Ordinance (DSGVO).

With this app we make it possible for you to use the following service:

  • Digital submission of documents ("certificates of incapacity for work")

 

If you use the app, we process personal data about you. Personal information is any information that relates to an identified or identifiable individual. With this data protection declaration, we inform you which of your personal data we process and how we process it.

 

You can access this data protection declaration at any time via the menu item "Data Protection" within the app.

2. Information on the processing of your personal data

2.1 Personal data processed when downloading the App

When you download the App, certain information will be transmitted to the selected App Store, including your username, email address, customer number, payment information, and device code. These data are processed exclusively by the respective App Store and are beyond our control.

You can download the app to your mobile device free of charge from the Apple App Store / Google Play Store. When you download the app, additional user data is processed through our website. For details, please see the privacy statement on our website at https://on.basf.com/HRdirektDataPrivacy.

2.2 Automatically collected personal data

We collect and process this data because it is necessary to fulfil the contract you have concluded with us on the use of the app or because we have a legitimate interest in processing it, e.g. to guarantee or improve the functionality of the app or to prevent misuse.

2.3 Personal data processed on logon

When you sign up for a user account, we use your credentials such as BASF User ID and password to give you access and manage your account. These are mandatory details that are specially marked during registration and are required for the fulfillment of the user contract. If you do not provide this information, you will not be able to use the app.

We process the mandatory information to verify your eligibility to use your account and to contact you.

This personal data is processed because it is required to fulfil the contract you have concluded with us for the use of the app or because we have a legitimate interest in processing it, e.g. to guarantee or improve the functionality of the app.

2.4 Personal data processed during the use of the app

As you use the app, you can enter, manage, and edit various information, tasks, and activities.

The app requires the following personal information:

  • Name (complete)
  • Username (BASF User ID)
  • Title
  • Company code
  • Local personnel number

The app also requires the following permissions:

  • Internet access: authentication and transfer of the collected data
  • Accessing the Camera: Capturing Data

The data is processed because it is necessary for the fulfilment of the contract you have concluded with us on the use of the app.

3. Transmission of personal data

In addition to the cases expressly mentioned in this Privacy Policy, your personal data will only be transmitted without your express prior consent if this is legally permissible or necessary.

  • The information you provide during registration will be shared within our group of companies for internal administrative purposes, including joint customer support. This transfer is in our legitimate interest to use the data for administrative purposes within the group.
  • Your personal data may be disclosed to authorities within the scope of their responsibility (e.g. tax authorities, police, criminal prosecution authorities). The data is transmitted because we are legally obliged to transmit the data or because it is in our legitimate interest to pass on the data to detect misuse or to enforce legal claims.
  • Your personal data will be passed on to the following external companies and service providers on whose services we depend for the provision of our services: Insiders Technologies, 67657 Kaiserslautern, Germany
  • The transmission of personal data is necessary in order to fulfil the contract you have concluded with us regarding the use of the app.  We have carefully selected our external companies and external service providers as contract processors within the meaning of Art. 28 (1) GDPR and have contractually obligated them to process all personal data exclusively in accordance with our instructions.

4. Data transfers to third countries

Data will not be transferred to countries outside the European Economic Area ("third countries").

5. Retention periods for your personal data

We will delete or make anonymous your personal data as soon as they are no longer needed for the purposes for which we have processed them in accordance with the preceding paragraphs.  As a rule, we store your personal data for the duration of the use or the contractual relationship on the use of the app plus a period of 16 days, during which we keep back-up copies after deletion, unless this data is needed for criminal prosecution or to secure, assert or enforce legal claims for a longer period of time. Legal requirements for the storage and deletion of personal data, in particular those which we have to store for tax reasons, remain unaffected.

6. Rights of the persons concerned

As a data subject, you have the following rights with regard to the processing of your personal data:

Information: You have the right to request information from us about the scope of data processing and data transfer. You can request a copy of your personal data stored by us. 

Correction: Regarding your personal data stored by us, you have the right to demand the immediate correction of incorrect personal data and you have the right to have incomplete personal data supplemented.   

Deletion: You have the right to demand the immediate deletion or blocking of your personal data stored with us, if the legal requirements are fulfilled:

This is particularly the case if

  • Your personal data is no longer required for the purposes for which it was collected;
  • the exclusive legal basis for the processing of such data was your consent and you have withdrawn it;
  • you have objected to the processing on the legal grounds relevant to your particular situation and we cannot demonstrate that there are compelling legitimate grounds for further processing;
  • your personal data has been unlawfully processed; or
  • Your personal data must be deleted in order to comply with legal requirements.

If we have passed on your data to third parties, we will inform them of the deletion within the framework of the statutory provisions.

Please note that your right to deletion is subject to certain restrictions. For example, we are not entitled and/or not obliged to delete data that we still have to store due to legal storage obligations. In addition, your right to deletion does not extend to data that we need to assert, exercise or defend against legal claims.

Restriction of processing: Under certain circumstances, you have the right to request the restriction of processing of your personal data. This is possible under the following conditions:

  • The correctness of your personal data is contested by you and we must prove the correctness of the personal data;
  • the processing is unlawful, but you refuse to delete the personal data and instead request that it be restricted;
  • We no longer need the personal data for processing purposes, but you need the data to establish, exercise or defend your legal rights.
  • You have objected to the data processing until it has been checked whether our legitimate interests outweigh your rights.

Where processing is limited, such data will be flagged accordingly and, with the exception of storage, will only be processed with your consent or for the purpose of establishing, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the EU or an EU Member State.

Data transferability: If we automatically process your personal data which you have made available to us on the basis of your consent or a contract with you, you have the right to receive this data in structured, generally used and machine-readable form and have the right to transfer this data from us unhindered to another responsible person. You also have the right to have the personal data transmitted directly by us to another responsible person, provided this is technically possible and provided that this transmission does not impair the rights and freedoms of others.

Revocation of consent: If you have consented to the processing of your personal data, you can revoke this consent at any time. Please note that the revocation is only valid for the future. The processing, which took place before the revocation of the consent, remains unaffected.

Complaint: In addition, you have the right to lodge a complaint with a data protection authority if you are of the opinion that the processing of your personal data is unlawful. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

Right of objection: You have the right to object to the processing of your personal data for reasons relating to your particular situation. The prerequisite for this is that the data processing is carried out in the public interest or on the basis of a reconciliation of interests. This also applies to the creation of profiles. If we process your personal data on the basis of a legitimate interest, we generally assume that we can prove compelling legitimate reasons, but will of course examine each individual case. We will stop processing your personal data unless we can put forward compelling legitimate reasons for further processing which invalidate your interests, rights and freedoms or your personal data serves to substantiate, exercise or defend legal claims.

7. Contact Details

If you have any questions or comments about how we handle your personal information or wish to exercise your rights under Section 6, please contact us at: data-protection@basf.com.

You can contact our data protection officer at the following e-mail address:

data-protection@basf.com.

8. Updates

From time to time we will update this privacy statement.  Any changes will be effective when we post the revised Privacy Statement in the App.  This Privacy Statement was last updated on the "Last Update" date above.