TOP
Global
Investors

Information about data protection for BASF SE shareholders

Data protection is something BASF SE (hereinafter also referred to as “we”) takes very seriously. As you know, we are legally obligated to main a share register. In the following, we will inform you about how we process your personal data when you provide us with personal data for the share register via our website www.basf.com/agm-service, in writing or by email, or if you inform us about changes to your personal data that is stored in the BASF SE share register. We would also like to inform you about your data protection rights (information according to Art. 13 and Art. 14 GDPR).

Information about your personal data that we collect and retain when you visit our website can be found here.

Who is responsible for processing the data?

The controller in accordance with data protection policies is:
BASF SE
Carl-Bosch-Str. 38
67056 Ludwigshafen, Germany
Phone: +49 (621) 60-0
Email: data-protection@basf.com

Our Data Protection Officer can be reached by post at the above mailing address (please add “Data Protection Officer Alexandra Haug” as the recipient) or by email at data-protection@basf.com

For what purposes and on what legal basis do we process your personal data and where does this data come from?

We process your personal data in accordance with the E.U. General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), the German Stock Corporation Act (Aktiengesetz, AktG), the German Act to Mitigate the Consequences of the COVID-19 Pandemic under Civil, Insolvency and Criminal Procedure Law (Covid-19-Act) and all other relevant legislation.

BASF SE’s shares are registered shares. According to Section 67 of the German Stock Corporation Act, registered shares are to be recorded in the Company’s share register listing the name, date of birth and address of the shareholder as well as the number of shares held. The shareholder is obligated to provide this information to the Company. Your personal data is therefore in general collected directly from you.

The credit institutions through which you purchase or hold your BASF SE registered shares regularly pass on information to us on your behalf which is relevant for the maintenance of the share register (e.g., also nationality and, where applicable, the sector in which you work). This occurs via Clear-stream Banking Frankfurt, the central depositary that carries out the technical settlement of securities transactions and holds the shares on behalf of the credit institutions. If you sell your shares, the new owner’s credit institution will inform us of this.

Prior to the Annual Shareholders’ Meeting of BASF SE, you can inform us via our website about any changes in your address, email address or, if applicable, your proxy and instructions. In these cases, we receive your personal data from the above-mentioned credit institutions and process them exclusively for the purposes of maintaining the share register, communicating with you as a shareholder and conducting the Annual Shareholders’ Meeting. The legal basis for the processing of your personal data is the German Stock Corporation Act in conjunction with Art. 6 (1) c) and (4) GDPR.

If you make use of this possibility, we will process the personal data you provide only for the purpose of updating our share register with this information.

If you submit a question prior to the Annual Shareholders’ Meeting pursuant to Section 1, Paragraph 2 of the COVID-19 Act and in accordance with the requirements stated in the notice of the virtual Annual Shareholders’ Meeting via the Online-Service or if, during the Meeting, you declare an objection to a resolution of the Annual Shareholders’ Meeting, we will therefore process your name, date of birth and address and the stockholder number along with your email address in order to deal with such request or objection.

The legal basis for the processing of your personal data is our legitimate interest in the proper conduct of the Annual Shareholders Meeting Article 6 (1) (c) GDPR.

Should we want to process your personal data for a purpose not mentioned above, we will inform you in advance in accordance with the statutory provisions.

To which categories of recipients will we potentially pass on your data?

External service providers:
We sometimes use external service providers for the administration and technical management of the share register (share register service company, IT service provider) as well as to put on the Annual Shareholders’ Meeting (annual meeting service provider).

Other recipients:
Furthermore, we may transmit your personal data to other recipients, such as public authorities in order to meet statutory disclosure obligations (e.g., when legally defined voting rights thresholds are exceeded).

How long will we store your data?

We delete your personal data as soon as it is no longer needed for the abovementioned purposes. However, we may need to store personal data for the period during which claims can be made against our Company (statutory limitation period of three years or as long as 30 years). As a rule, we save your personal data to the extent we are required to do so by law. The obligations to provide and retain supporting documents arise from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act, among others. These establish storage periods of up to 10 years.

How do we transmit data to non-European countries?

We do not intend to transmit your data to a third country outside of the European Economic Area (EEA) or an international organization. In the event that we transmit personal data to service providers outside of the European Economic Area (EEA), the transmission only occurs if the European Commission has confirmed that the third country offers an adequate level of data protection or if other appropriate safeguards (e.g., making use of binding corporate rules on data protection or standard data protection clauses adopted by the European Commission) are in place. Detailed information about this as well as about data protection at our service providers in third countries can be obtained via the contact information listed above.

What rights do you have as a data subject?

Right of access: The right to be informed about your personal data processed by us and about certain other information (such as that given in this privacy policy);

Right of rectification: If your personal data is incorrect or incomplete, you have the right to rectification;

Right to deletion: Based on the so-called "right to be forgotten", you can request the deletion of your personal data, unless there is a storage obligation. The right of deletion is not an exclusive right. For example, we have the right to continue processing your personal data if such processing is necessary to comply with our legal obligations or to assert, exercise or defend legal claims;

Right to limit processing: This right includes the right to limit the use or the way in which the data is used. This right is limited to certain cases and exists in particular if: (a) the data is inaccurate; (b) the processing is unlawful and you refuse to delete it; (c) we no longer need the data, but you need the data to assert, exercise or defend legal claims. If the processing is restricted, we may continue to store the data but not use it. We will maintain a list of those who have exercised the right to restrict processing in order to ensure such restriction;

Right to data transferability: This right implies that we transfer your personal data in a structured, common and machine-readable format for your own purposes, as far as technically possible;

Right of opposition: You have the right to object to the processing of your personal data if it is processed on the basis of legitimate interests, in particular in the case of direct marketing;

Right to information: you have the right to be informed, in clear and easily understandable language, of how we process your personal data; and

Right to withdraw your consent: If you have given us your consent for processing, you have the right to revoke your consent at any time. Such revocation does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

The exercise of these rights is free of charge for you. You must, however, prove your identity with two factors. We will make reasonable efforts in accordance with our legal obligations to transfer, correct or delete your personal data in our file systems.

To exercise your rights, make a complaint or submit any other requests, please contact us by e-mail or write to us. We will endeavour to reply to you within 30 days.

If we receive a complaint, we will contact the person who made the complaint to investigate the complaint. If we are unable to resolve a complaint immediately, we will cooperate with the authorities, especially the data protection authorities, as necessary.

Do you have a complaint about the handling of your data?

You have the possibility to contact the abovementioned Data Protection Officer or a data protection supervisory authority. The data protection supervisory authority responsible for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34
55116 Mainz, Germany

Last Update May 22, 2020