Finland
Data protection @BASF

Data protection @BASF

Data protection is of high priority for BASF. This includes a high level of transparency. Here you can find information on how BASF processes personal data of contact persons of customers and business partners.

Alexandra Haug

BASF Data Protection Officer

Data_Protection_051905_shutterstock_1089540224_RGB.jpg

Please find an overview on the EU Data Protection Coordinators here.

The BASF company with which you are in contact is responsible for data processing unless otherwise stated (hereinafter referred to as "BASF" or “Controller” or "we"). The Controller can be identified, for example, as follows:
 

  • If you are a customer, service provider or supplier of ours or have any other business relationship with BASF, your BASF contractual partner is the Controller
  • On websites or on social media channels, the BASF company named in the privacy policy, imprint or terms of use is the Controller.
  • If you are an attendee at a BASF event, the BASF company carrying out the event is the Controller.
  • For digital events, the BASF company inviting to the respective digital event is the Controller.
  • If you are a visitor to our factory premises, the BASF company with which you have an appointment and whose premises you enter is the Controller.
  • If you book at a BASF hotel or are a guest at a BASF restaurant, the BASF company is the Controller which is operating the respective facility.

As an internationally active group, BASF has contact persons for data protection for each country. For countries of the European Union you will find  here an overview with the contact addresses.

In addition, you can address questions and concerns about data protection to our central Data Protection Office at any time:  data-protection.eu@basf.com

Within the BASF Group, BASF SE, as a holding company, performs central functions that require the processing of personal data and may also be performed for other BASF Group companies. Such central functions can be, for instance:

  • Corporate Communications Department
  • Human Resources Department
  • Centralized management
  • Legal Department, Compliance, Factory Security, Corporate Auditing, Data Protection
  • Central Procurement

 

In addition, certain BASF Group companies process personal data as intra-group service providers, whereby data processing may also be carried out on behalf of the respective BASF Group companies. These can be, for example:

  • IT Services
  • Shared Service Centers
     

BASF also uses central data processing systems that enable standardized data processing processes. Such systems can be, for example:

  • Central databases, such as CRM or supplier management systems
  • Central archiving and document management systems
  • Central communication systems

BASF processes personal data exclusively for specific purposes. In the course of our business activities, various processing situations arise, which we shall generally inform you of within the framework of the respective activity, e.g. in the form of a data protection declaration on a website.

 

In general, BASF processes your personal data for the following purposes:

 

  • Contract
    If you or the company for which you work have entered into a contract with BASF, we process personal data if and to the extent that it is necessary for the performance of the contract. The data processing includes master and contact data as well as contract-relevant data, which may also contain personal data of our customers, sales partners, service providers, suppliers, sellers and other business partners.
    The legal basis for this data processing is Art. 6 Sec. 1 lit.b) GDPR and lit. f) GDPR, provided that the contract is concluded between BASF and another legal entity.

 

  • Communication with contact persons
    If you contact us, we process your personal data provided in the respective contact form in order to process your request or to communicate with you. If necessary, we will forward your request internally to colleagues responsible for supporting your request.
    The legal basis for this data processing is Art. 6 Sec. 1 lit. f) GDPR.

 

  • Collaboration with business partners
    Outside of customer, service provider, and supplier relationships; we also work with companies and institutions on projects, joint ventures, and other collaborations to advance scientific progress and contribute to topics relevant to our business goals. In particular, we process contact data of our collaboration partners and data relating to the respective cooperation for the purposes of project implementation and networking.
    The legal basis for this data processing is Art. 6 Sec. 1 lit. f) GDPR.

 

  • Public relations and representation of interests in the public and political sector
    BASF closely follows current events and public discourses that affect our products and corporate goals. In this context, we regularly work with newspapers and journals in order to answer inquires from them and to coordinate articles. In addition, we use press mailing lists to inform selected representatives of the independent media about company-relevant developments. For these purposes, we process contact data of journalists and press representatives.
    The legal basis for this data processing is Art. 6 Sec. 1 lit. f) GDPR.

    In addition, BASF maintains and operates websites on which we provide information to interested parties, customers and other business partners. In this context, BASF processes personal data that is necessary for technical reasons for the presentation of the website (e.g., IP address and strictly necessary cookies). In addition, cookies are also occasionally used to measure the performance of the website. Further information on the specific use of such services and on the further processing of personal data can be found in the privacy policy of the respective website.

 

  • Events
    If BASF conducts events, we process the contact details of the participating guests in order to carry out the event. Depending on the event, this may also include information relevant to catering, e.g. food intolerances or allergies. If photographs, video recordings or other recordings are made at the event, we will inform our participating guests separately, in particular if a publication of the recordings and recordings is planned, and obtain any necessary consents.
    The legal basis for this data processing is Art. 6 Sec. 1 lit. f) GDPR, unless otherwise stated.

 

  • Marketing
    If we have your consent or are otherwise allowed, we will provide you with information on products and topics from BASF, including information related to events. For the purpose of providing you with this information, we process your contact data provided in the respective registration or request forms for the purpose of carrying out the respective marketing activity, e.g., sending the newsletter or the customer satisfaction survey. The exact information on the communication channel, the processing purposes and the processed personal data can be found in the respective request for consent and/or the associated data protection statement. If and to the extent that you provide us with feedback, we process your information in order to improve the quality of our products and services. In this case, we may contact you to discuss any follow-up questions that may arise from that feedback.
    The legal basis for this data processing is your consent, Art. 6 Sec. 1 lit. a) GDPR or the respective legal basis as communicated otherwise and specifically to you.

 

  • Maintaining and protecting the security of our facilities, products and services
    For the purpose of preventing and detecting security risks, fraudulent procedures, or other criminal or harmful acts; we process master and contact data in order to identify data subjects, e.g. in the context of service provider onboarding or in the context of granting access to customer portals. Data processing also includes compliance with and fulfilment of BASF’s duties of care and due diligence. In such cases, we process your contact details to inform you about important changes to product formulations or approvals.
    If you visit us in person, we will issue day passes to grant you access to our premises and to control access for security reasons through processes such as issuing you with a visitor pass. For this purpose, we process specific information about you such as your name, your date of birth, the persons you visit, your identity card number, your telephone number and your visit duration in days. If necessary, you must answer test questions about the safe behavior on the factory premises in a safety test; in which case the test results shall be saved. For drivers, BASF also processes the license plate of the vehicle used. If you as a driver transport dangerous goods, the dangerous goods are checked and the control is documented. 
    The legal basis for this data processing is Art. 6 Sec. 1 lit. f) GDPR.

 

  • Compliance with legal requirements
    If and to the extent required by law, we process your personal data in order to fulfil legal requirements. These can be, for example, tax and commercial retention obligations or regulations for the prevention of white-collar crime such as money laundering laws. 
    If you are a shareholder of BASF, we will also process your personal data required for your entry in BASF's shareholder register for corporate and stock corporation law reasons (e.g. on the basis of § 67 German Share Law - Aktiengesetz). We receive your personal data from the bank involved in the share purchase.
    If and to the extent necessary, we also work with representatives of the authorities to coordinate legally relevant issues with them. In this context, we process contact data and data relating to the respective cooperation for the purpose of legal coordination.
    The legal basis for this data processing is Art. 6 Sec. 1 lit.c) and f) GDPR.

 

  • Data processing in the context of legal matters
    In the context of legal disputes, we may process personal data within the framework of these disputes. We therefore also process personal data if and to the extent it is required to settle legal disputes; enforce existing contracts; and to assert, exercise and defend legal claims.
    The legal basis for this data processing is Art. 6 Sec. 1 lit. f) GDPR.

 

As an international group, BASF relies on flexible and user-friendly forms of communication and at the same time has an interest in communicating efficiently and as needed internally and with external parties.

 

For these reasons, BASF uses digital conference systems for the implementation of digital events, in particular:

  • Communication with internal and external stakeholders, e.g. in the context of meetings and online conferences
  • Implementation of online events (e.g. webinars, training information events)

 

When using digital conference systems, we process the following categories of personal data for technical reasons when you use one of our digital conference systems:

  • Communication data (e.g. your email address)
  • Log files, log data (e.g. version of the conference system, IP address, audio and video codec)
  • Metadata (e.g., time of participation, indication of the media node, the hardware used, version of the operating system, etc.)
  • User profile data (e.g., your username (if you provide it yourself) and your profile picture, if and to the extent that it is technically available)
  • BASF account information (when used by BASF employees

 

Depending on the type and format of the digital event, we process the following categories of personal data, provided that you voluntarily provide it to us:

  • Audio transmissions, unless you have muted your microphone
  • Text input, if you use the respective chat function
  • Video transmissions, if the camera function is activated by you
  • Attachments, when you upload them during an event

 

We carry out the respective data processing on the basis of a legitimate interest in accordance with Art. 6 Sec. 1 f) GDPR. Our legitimate interest arises from the above-mentioned purposes for data processing.

 

BASF generally uses the following digital conference systems:

Cisco Systems' conference program allows us to offer you video/audio participation in our digital events. Depending on the event, we use the Meeting Center, Event Center or Training Center mode (hereinafter referred to as "WebEx").

WebEx is a software of the company

Cisco Systems Inc.
170 West Tasman Dr.
San Jose
CA 95134
UNITED STATES
(hereinafter referred to as "Cisco")

 

Data processing with WebEx takes place on servers in data centers in the European Union. In this context, we use order processing agreements in accordance with Art. 28 GDPR to ensure that extensive technical and organizational measures are implemented that correspond to the currently applicable state of the art in IT security, e.g. with regard to access authorization and end-to-end encryption concepts for data lines, databases and servers.

For the purpose of remote maintenance, Cisco may request access to the servers. This access will then be checked by us on a case-by-case basis and granted upon approval. In this case, such access may also be made by Cisco affiliates from outside the European Union. In the event of access from outside the European Union, in individual cases approved by us, we have concluded EU standard contracts (standard contractual clauses) with Cisco. In order to guarantee an adequate level of data protection when transferring personal data to a third country, such as the USA as a specific case, we have implemented supplementary measures in the form of state-of-the-art technical and organizational measures such as access authorization and encryption concepts for data lines, databases and servers.

Microsoft Teams' video conferencing feature allows us to let you participate via video / audio at our digital events. We use Microsoft Teams to run online events. At Microsoft Teams, we use the Team Meetings mode.

Microsoft Teams is part of Microsoft Office 365. Microsoft Teams is a productivity, collaboration and exchange platform for individual users, teams, communities and networks used in BASF. MS Teams also has a video conferencing function.

Microsoft Office365 is a software of the company   

Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
D18 P521
Ireland
(hereinafter referred to as "Microsoft")

 

Microsoft Teams is part of the cloud application Office 365, for which a user account must be created.

Data processing with Office 365 takes place on servers in data centers in the European Union (in Ireland and the Netherlands). For this purpose, we have concluded an order processing agreement with Microsoft in accordance with Art. 28 GDPR. Accordingly, we have agreed extensive technical and organizational measures with Microsoft for Office 365 that correspond to the currently applicable state of the art in IT security, e.g. with regard to access authorization and end-to-end encryption concepts for data lines, databases and servers.

Furthermore, we have implemented the "Customer Lockbox" functionality in Office 365. The Customer Lockbox ensures that Microsoft cannot access your content in support cases without the prior permission of a BASF administrator. This ensures that only authorized requests allow access to your content. The Customer Lockbox is only used if conventional software solutions for troubleshooting no longer help in the event of support. 

For the purpose of remote maintenance, Microsoft may request access to the servers. This access will then be checked by us on a case-by-case basis and granted upon approval. In this case, such access may also be made by Microsoft affiliates from outside the European Union. In the event of access from outside the European Union in the individual case approved by us, we have concluded EU standard contracts (standard data protection clauses) with Microsoft. In order to guarantee an adequate level of data protection when transferring personal data to a third country, such as the USA as a specific case, we have, as described above, supplementary measures in the form of state-of-the-art technical and organizational measures such as e.g.  Implemented access authorization and encryption concepts for data lines, databases and servers.

Microsoft reserves the right to process customer data for its own legitimate business purposes. We have no influence on this data processing by Microsoft. To the extent that Microsoft Teams processes personal data in connection with legitimate business purposes, Microsoft is the independent controller of these data processing activities and, as such, responsible for compliance with all applicable data protection regulations. If you need information about the processing by Microsoft, please consult the corresponding statement from Microsoft.

In principle, online events in BASF are not recorded. However, in justified individual cases, a recording may exceptionally take place. In these cases, the participants will be informed separately and expressly in advance of the digital event and at the beginning of the appointment.

Further information can be obtained from your respective contact person for the online event or from the contact person for data protection in BASF.

As a chemical company that deals with hazardous and harmful substances, among other things, we are interested in ensuring the safety of our plants and our employees. For this reason, BASF carries out video surveillance at selected sites on its premises if and to the extent necessary to ensure safety aspects at BASF. The public space as well as the private space of individuals (e.g. private gardens) are not monitored. BASF provides information on site by means of signs and pictograms placed near the video surveillance system about the specific video surveillance carried out in each case.

Further information on data protection can be found at the respective video surveillance system.

BASF is interested in presenting itself on as many channels as possible, being approachable for customers, service providers, other business partners, applicants and interested parties, and promoting topics and products via social networks.

We process personal data when you visit BASF on social media channels. With our various social media channels, we want to offer you a wide range of multimedia services and exchange ideas with you on topics that are important to you. In addition to the respective provider of a social network, we also collect and process personal user data on our social media channels. For the respective data processing purposes and data categories, we refer to the individual social media channels, which are explained in more detail below.

In principle, data processing serves the following purposes:

  • Communication with the BASF social media channel visitors;
  • Handling inquiries from our BASF social media channel visitors;
  • Collecting statistical information about the reach of BASF's social media channels;
  • Conducting customer surveys, marketing campaigns, market analyses, sweepstakes, competitions or similar promotions or events;
  • Resolution of disputes and disputes, establishment, exercise or defense against legal claims or litigation, enforcement of existing contracts.

 

The processing of your personal data is necessary for the achievement of these purposes.

As part of our social media activities, we also use technologies of so-called social listening or social monitoring (hereinafter referred to as "social listening") to get an idea of the perception of our products and services and to identify any potential for improvement. In doing so, we evaluate comments and contributions of the respective network on social networks according to a search request. We can only view those contributions that have been freely made available to an unlimited public by the users of the social network.

The data collected and the scope of data processing are generally determined by the type and content of the respective search request and the contributions. For example, a posting in text form or an uploaded image file may be affected.

In principle, we only receive statistical information as the results of our search requests. In individual cases, however, we may also be shown specific posts and comments as search results, which can also provide conclusions about personal data of individual users, for example because the specific posts or comments contain the user’s username, which can also be the real name of such user. Such contributions serve exclusively as an exemplary reproduction of the desired mood picture.

Our overriding legitimate interest in the use of social listening lies in recognizing any deficits in our products and services as well as the public mood about BASF as a company and topics relevant to BASF in public discourse in publicly accessible statements and to be able to react appropriately to them. The legal basis for the processing of personal data in the context of social listening is Art. 6 Sec. 1 lit. f) GDPR.

 

When carrying out social listening, we use in particular the services of the following providers:

Runtime Collective Ltd.
Sovereign House
Church Street, 1st Floor
Brighton
E Sussex
BN1 1UJ
United Kingdom

 

Cision Germany GmbH
Westhafenplatz 1
D-60327 Frankfurt am Main

BASF is generally represented and active on the following social networks:

The BASF Facebook fan pages are operated on Facebook, a social network by Meta Plaforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland ("Facebook"). When you visit our fan pages, Facebook processes your personal data in accordance with their privacy policy, which you can find  here.

 

We process the following personal data:

  • Your Facebook username as well as comments posted on our fan pages and messages you have sent through our fan pages.
  • Your activity on our fan pages via the Facebook Insights service, e.g. visits to our website, the number of interactions, visits and average duration of video playback, information about which countries and cities our visitors come from and statistics about the general relationships of our visitors.
  • Other information necessary to respond to requests from our visitors or to uniquely identify our visitors in our systems.

We use the statistical information (the visits to our website, the number of interactions, the visits and the average duration of video playbacks, information about which countries and cities our visitors come from, and statistics about the gender ratios of our visitors) about the use of the fan pages that Facebook provides in anonymous form via the Facebook "Insights" service. Conclusions about individual users and access to individual user profiles by BASF are not possible.

Learn more about Facebook Insights  here.

For this reason, BASF and Facebook are considered "joint controllers" within the meaning of the GDPR and have therefore concluded a so-called joint responsibility agreement in order to meet the requirements of the GDPR. This joint responsibility agreement can be found  here. Here you will find all information that is relevant to you as a data subject, in particular with regard to the exercise of your data protection rights.

For the purpose of drawing the attention of our corporate presence on Facebook and its content (posts) to users and to gain new followers, we use the Facebook Ads Manager. With this service, we can display our content and our channel as a recommendation to Facebook users who may not have subscribed to our channel based on their interests and interactions. The groups of persons can be defined on the basis of the general characteristics of place of residence, age, gender, language and interests. A selection of individual users is not possible. The legal basis for this data processing is our overriding legitimate interest in improving our reach on Facebook, Art. 6 Sec. 1 lit. f) GDPR.

Beyond the processing of personal data mentioned in this privacy policy, BASF has no influence on the processing of personal data in connection with your use of the fan pages.

The BASF Instagram pages are operated on Instagram by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland. When you visit the BASF Instagram pages, Instagram processes your personal data in accordance with its privacy policy, which you can find  here.

We use the statistical information (the visits to our website, the number of interactions, information about which countries and cities our visitors come from and statistics about the gender of our visitors) about the use of the BASF Instagram pages, which Instagram makes available in anonymous form via the Instagram service "Insights". Conclusions about individual users and access to individual user profiles by BASF are not possible.

 

We process the following personal data:

  • Your Instagram username as well as comments on our BASF Instagram pages and messages that you send us via our BASF Instagram pages.
  • Your activity on our BASF Instagram pages via the Instagram Insights service, e.g., visits to our website, the range of posts, information about which countries and cities our visitors come from and statistics on the gender ratio of our visitors.
  • Other information necessary to respond to requests from our visitors or to uniquely identify our visitors in our systems.

For the purpose of drawing the attention of our corporate presence on Instagram and its content (posts) to users and gaining new followers, we use the Facebook Ads Manager, which is also provided by the Meta Group for Instagram under the same product name. With this service, we can display our content and our channel as a recommendation to Instagram users who may not have subscribed to our channel based on their interests and interactions. The groups of persons can be defined on the basis of the general characteristics of place of residence, age, gender, language and interests. A selection of individual users is not possible. The legal basis for this data processing is our overriding legitimate interest in improving our reach on Instagram, Art. 6 Sec. 1 lit. f) GDPR.

The BASF Twitter pages are operated on Twitter, a social network by by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.  When you visit the BASF Twitter pages, personal data will be collected and processed to the extent described in its privacy policy. The privacy policy can be found  here

We use the statistical information (the visits to our website, the number of interactions, information about the countries and cities from which our visitors come and statistics about the gender ratio of our visitors) about the use of the BASF Twitter pages, which Twitter makes available in anonymous form via the "Analytics" service. It is not possible to draw conclusions about individual users and access to individual user profiles by BASF.

 

We process the following personal data:

  • Your Twitter username and comments on our BASF Twitter pages and messages you send us via our BASF Twitter pages.
  • Your activity on our BASF Twitter pages via the Twitter Analytics service, e.g. visits to our website, the number of interactions, information about which countries and cities our visitors come from and statistics on the gender ratio of our visitors.
  • Other information necessary to respond to requests from our visitors or to uniquely identify our visitors in our systems.

 

We do not store or process any of your personal data other than your Twitter username or your message when you write to us directly.

As part of our corporate presence on Twitter, Twitter also provides us with the Twitter Ad Manager, by means of which we can draw attention to our corporate identity and its content in a target group-oriented manner.  The target groups can be defined on the basis of the general characteristics of place of residence, age, gender, language and interests. A selection of individual users is not possible. The legal basis for this data processing is our overriding legitimate interest in improving our reach on Instagram, Art. 6 Sec. 1 lit. f) GDPR.

The BASF LinkedIn Pages are operated by on LinkedIn, a social network by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). When you visit the BASF LinkedIn pages, LinkedIn processes your personal data in accordance with their privacy policy, which you can find  here.

 

We process the following personal data:

  • Your LinkedIn username as well as comments on our BASF LinkedIn pages and messages you send us via our BASF LinkedIn pages.
  • Other information necessary to respond to requests from our visitors or to uniquely identify our visitors in our systems.

 

In addition, we use the following services offered by LinkedIn:

To draw attention to our products, we use the LinkedIn Campaign Manager provided by LinkedIn. By using LinkedIn Campaign Manager, we define target groups based on the following criteria:

  • Location (e.g., country, region, city)
  • Companies (e.g., business sectors, names, size)
  • Interests (e.g., member groups, interests)
  • Professional experience (e.g. job titles, functions, seniority, skills)
  • Education (e.g., degrees, schools, fields of study)
  • Demographic data (e.g., gender, age)

 

Based on its algorithm, LinkedIn displays our content on its platform to users who fit the defined target group. The legal basis for this type of processing is Art. 6 Sec. 1 lit. f) GDPR.

We display content on our LinkedIn business account that is presented to you on the basis of the processing described in No. 4a of this Privacy Policy. If you interact with the said content, e.g. by subscribing to download or stream a video or other offered asset such as a white paper, we process your entered contact information (e.g name, e-mail-address and company) for the purpose of providing you with information about the products and services related to the respective content by sending you private messages or posts.

We store your personal data in the LinkedIn Campaign Manager. In the case of technical support, teams of LinkedIn Inc., located at 1000 W Maude, Sunnyvale, CA 94085, USA, may access your personal data. The USA is a country in which the level of data protection is not comparable to that of the EU. By subscribing to our content, you expressly consent to the transfer of your personal data to the USA.

The legal basis for the aforementioned processing is your consent, Art. 6 Sec. 1 lit. a) GDPR. You can withdraw your consent at any time by sending a message to the BASF representative who can contact you.

We use the statistical information (the visits to our website, the number of interactions, information about which countries and cities our visitors come from, and statistics about the field of work of our visitors) in connection with the use of our LinkedIn company page, which LinkedIn provides in anonymous form via the LinkedIn "Analytics" service. Conclusions about individual users and access to individual user profiles by BASF are not possible.

Because BASF processes and stores your personal data as described in the preceding paragraph, BASF and LinkedIn are considered "joint controllers" within the meaning of the GDPR and have therefore concluded a so-called joint responsibility agreement to meet the requirements of the GDPR. This agreement on the joint controller can be found  here. Here you will find all information that is relevant to you as a data subject, in particular with regard to the exercise of your data protection rights.

Beyond the processing of personal data mentioned in this privacy policy, BASF has no influence on the processing of personal data in connection with your use of our LinkedIn company page

The BASF XING pages are operated on XING, a social network by by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany ("XING"). When you visit the BASF XING pages, XING processes your personal data in accordance with its privacy policy, which you can view  here.

We use the statistical information (the number of interactions, statistics on the age composition and the working relationships of our visitors) about the use of the BASF XING pages, which XING makes available in anonymous form via its statistical service. Conclusions about individual users and access to individual user profiles by BASF are not possible.

 

We process the following personal data:

  • Your XING username as well as comments on our BASF XING pages and messages that you send us via our BASF XING pages.
  • Your activity on our BASF XING pages via the XING statistics service, e.g., the volume of interactions, statistics on age composition and the working relationships of our visitors.
  • Other information necessary to respond to requests from our visitors or to uniquely identify our visitors in our systems.

The BASF YouTube channel is operated on YouTube, a video platform by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.  When you visit the BASF YouTube channel, YouTube collects and processes personal data insofar as this is provided for in their privacy policy. The privacy policy can be found  here

We use the statistical information (the visits to our website, the number of interactions, the average duration of video playback, information about the countries and cities from which our visitors come and statistics about the gender ratio of our visitors) about the use of the BASF YouTube channel, which YouTube provides in anonymous form via the "Analytics" service. Conclusions about individual users and access to individual user profiles by BASF are not possible.

 

We process the following personal data:

  • Your YouTube username and comments posted on our BASF YouTube channel.
  • Your activity on our BASF YouTube channel via the YouTube Analytics service, e.g., visits to our website, the volume of interactions, the average duration of video playback, information about which countries and cities our visitors come from and statistics on the gender ratio of our visitors.
  • Other information necessary to respond to requests from our visitors or to uniquely identify our visitors in our systems.

We do not store or process any of your personal data other than your YouTube username and your comment when you comment on our video or otherwise get in touch.

On our YouTube channels, we use Google Ads, a service of Google LLC, D/B/A YouTube. 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter "Google"). Google Ads allows us to run ads on YouTube by defining audiences. We use various criteria offered by Google, such as location, age and interests, to determine who sees our videos.

In addition, we use remarketing on YouTube to show viewers on YouTube and video partner sites personalized ads based on their previous interactions with our videos or our YouTube channel. For this purpose, we create remarketing campaigns that reach people who have carried out actions on YouTube such as:

- Watched any video of a BASF channel

- Watched certain BASF videos

- Viewed any video or its preview of a BASF channel

- Certain videos viewed (as advertisements)

- Subscribed to a BASF channel

- Visit the homepage of a BASF channel

- Liked any video of a BASF channel

- Added any video of a BASF channel to a playlist

- Shared any video of a BASF channel

 

We are never able to identify an individual user when using Google Ads on YouTube. The legal basis for this processing is Art. 6 Sec. 1 lit. f) GDPR.

You can view Google's privacy policy  here.

Within our company, only persons and entities receive access to your aforementioned personal data insofar as they need it to fulfil the above-mentioned purposes.

We also work with service providers. These service providers only act in accordance with our instructions and are contractually obliged to comply with the applicable data protection requirements.

Otherwise, we will only pass on your data to third parties if:

  • you have given your express consent in accordance with Art. 6 Sec. 1 sentence 1 lit. a GDPR,
  • the disclosure is necessary in accordance with Art. 6 Sec. 1 sentence 1 lit. f GDPR for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • there is a legal obligation for the transfer pursuant to Art. 6 Sec. 1 sentence 1 lit. c GDPR, or
  • this is legally permissible and is necessary for the fulfilment of contractual relationships with you in accordance with Article 6 (1) sentence 1 lit. b GDPR.

 

Your personal data will only be passed on to service providers in a third country if the special requirements of Art. 44 et seq. GDPR are met. If and to the extent that the service providers are located in a third country, it is possible that either the servers of the respective service provider are located in the third country or that the servers are located in the EU, but in support cases they are accessed from a third country. Some third countries do not have a level of data protection equivalent to that of the EU, as authorities may have simplified access to personal data or that there are limited rights against such measures. If and to the extent that you give your consent, you expressly agree to the transfer of personal data to the respective third country.

Insofar as no express declaration of consent during the collection (e.g., in the context of a declaration of consent) storage period, the personal data of data subjects will be deleted insofar as they are no longer required to fulfil the purpose of storage, unless statutory retention obligations (e.g. commercial and tax retention obligations) preclude deletion.

You have the rights described below under the General Data Protection Regulation,. The exercise of these rights is free of charge for you. However, you may need to prove your identity with two factors. We will use reasonable efforts in accordance with our legal obligations to enforce your rights.

To exercise your rights, please contact us by any method The contact details can be found in the section "Contact with the Data Protection Officer" and the Imprint or Disclaimer page.

Right of access: You can request information from the controller about the personal data stored about you (Art. 15 GDPR). If you have direct access to your data via portals/self-service, the right to information is deemed to have been fulfilled.

Right to rectification: If your personal data is incorrect, you have the right to request its correction (Art. 16 GDPR).

Right to revoke the declaration of consent: If the processing of your data is based on your consent, you have the right to revoke it at any time in accordance with Article 7 (3) GDPR. The revocation does not affect the lawfulness of the processing carried out until then. You can declare a revocation in writing, by e-mail and, if necessary, within the scope of the service offered.

Right to object in the case of processing to safeguard legitimate interests: If we process your data to safeguard legitimate interests, you can object to this processing in accordance with Article 21 GDPR for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to erasure: Under the conditions set out in Article 17 GDPR, you have the right to request the deletion of your personal data. This is e.g., the case if you revoke a given consent or the data is no longer required for the purposes for which it was collected.

Right to restriction of processing: Under the conditions of Article 18 GDPR, you have the right to request a restriction of the processing of data concerning you.

Right to data portability: If you have provided us with personal data yourself, you have the right, in accordance with Article 20 GDPR, to request a transfer from us directly to another controller or to another organisation. Alternatively, you have the right to request that we ourselves provide you with the data in a machine-readable format. However, this only applies if we process your personal data on the basis of your consent or on the basis of a contract or in the context of contract negotiations and the processing is carried out using automated procedures.

Right to lodge a complaint: You have the possibility to lodge a complaint with the data protection officer referred to in this data protection declaration (contact details see above) or with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

 

In any case, you can contact: