Information on data protection

Data protection is a top priority at BASF (hereinafter "we"). This naturally requires a high degree of transparency. In the following sections, you will therefore find information about how we process your personal data (hereinafter "your personal data"). Of course, your personal data will only be processed in accordance with the applicable legal provisions for the protection of personal data and for data security.

Who is responsible for data processing and who is the data protection officer?

Responsible for data processing is
BASF SE
Carl-Bosch-Str. 38, 67056 Ludwigshafen, Germany
Tel. +49 621 60-0
Tel. +49 621 60-42525
Email: global.info@basf.com

Data protection officer:
Email: data-protection.eu@basf.com

Welche Datenkategorien nutzen wir und woher stammen diese?

Your personal data is collected directly, in the context of the execution of the contractual relationship.

We process the following types of personal data:

IP address of your computer
Information about your browser
Name of the website from which you visit us
Name of the page (URL) or file you opened
Date and time of your visit
Data volumes transferred
Status information such as error messages

Wenn Sie über ein Kontaktformular unserer Webseite oder per E-Mail mit uns in Kontakt treten, erhalten wir die folgenden Informationen:

Your name, email address and any other information that you provide in your email or in the fields of a contact form
Date and time of your contact

The following personal data is processed in the context of the internal log in:

First Name
Last Name
BASF UserID
Associated organization unit
Email address
Encrypted password, which is sent to the LDAP service for verification

For which purposes and on which legal basis is your personal data processed?

The processing of your personal data serves the following purposes:

Delivering the requested content. We only store your full IP address for as long as is technically required to display the requested page.
Transmitting your IP address to a service provider who will match your public IP address with non-personal company information. This company information is stored by us. In this step, your IP address will be stored neither by our service provider nor by us.
Protecting us from attacks and ensuring proper operation of our website. We store the data in question only temporarily and in an access-protected way for a maximum of 180 days. Exempt from deletion after a maximum of 180 days is data about accesses which is necessary to trace attacks and disruptions.
Maintaining the safety and security of our premises (issuing of daily passes when access-ing our premises, access control)
Compliance with legal requirements (e.g. tax and commercial law retention obligations to prevent economic crime or money laundering)
Settlement of legal disputes, enforcement of existing contracts and the assertion, exercise, and defense of legal claims.
We store the IP address of your computer after shortening it by the last octet - i.e. in anonymous form - in order to analyze the usage behavior of visitors on our website and thus to improve our website. The aforementioned shortening of the IP address for this purpose is carried out immediately after collecting the data. This means we do not collect any personal information about your usage behavior on our website.
If you contact us via a contact form on our website or by email, we use the personal data mentioned above to answer your inquiry and to fulfill it in the best possible way. This personal data will be stored for as long as is necessary to answer and fulfill your inquiry.
Login data of our employees is processed to give them access to the internal content area.

Processing of the categories of personal data mentioned above is required to achieve these purposes.
The legal basis for data processing is Article 6 (1) (b) and (f) of the General Data Protection Regulation, unless explicitly stated otherwise.
In case of explicit consent, Article 6 (1) (a) of the General Data Protection Regulation also applies.
If we plan to process the personal data of our contact persons for a purpose not mentioned above, we will inform them in advance.

To whom will your personal data be transferred?

Within our group of companies, your personal data will be transferred to certain companies if they perform central data processing tasks for the companies affiliated to the group or if this is necessary to fulfill the purposes mentioned above.

We may disclose your personal Information to courts, regulatory authorities or law firms to the extent permitted and necessary to comply with applicable law or to enforce, exercise or defend legal claims.

We also collaborate with service providers. These service providers only work according to our instructions and are contractually bound to comply with the applicable data protection requirements.

Some recipients of your personal data may be located in countries outside the European Economic Area ("third-party countries") where the applicable law does not ensure the same level of data protection as within the European Union. In this case, we will take appropriate measures to ensure adequate guarantees for protecting your personal data.

We will therefore only transfer your personal data to external recipients in third-party countries if they have concluded standard EU contractual clauses with us or if they have introduced Binding Corporate Rules.

Additional information and a copy of the measures implemented can be obtained from the data pro-tection officer mentioned above.

For how long is your personal data stored?

If no explicit storage period is specified during data collection (e.g. in the context of a declaration of consent), your personal data will be deleted if it is no longer required to fulfill the purpose of storage, unless legal obligations (e.g. commercial and tax storage obligations) prevent deletion.

Which data protection rights can be asserted?

You can request information from the above address about your personal data stored. In addition, you can request correction or deletion of your personal data under certain circumstances. You may also have the right to restrict the processing of your personal data and the right to have the data you provided us with published in a structured, common, and machine-readable format.

If you have given your consent to the processing of your personal data, you can revoke this consent at any time. Please note that any revocation is only effective for the future. Processing operations that took place before the revocation are not affected.

Right of objection

In the event that your personal data is processed on the basis of your consent, you have the right to object to the processing of your personal data at any time without stating any reasons. If we process your personal data to protect legitimate interests, you may object to this processing for reasons arising from your particular situation. In the event of revocation, we will no longer process your personal data unless we can prove compelling legitimate reasons for processing which outweigh your interests, rights and freedoms, or if processing serves to assert, exercise or defend legal claims.

To whom can you address your complaint?

You can address your complaint to the above-mentioned data protection officer or to a data protection supervisory authority. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, if you consider that the processing of your personal data is contrary to the basic data protection regulation in particular in the member state in which you are resident or in which the place of alleged infringement is located.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the General Data Protection Regulation.

You can also address your complaint to the supervisory authority responsible for us:

For BASF:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34
55116 Mainz

Are cookies used on our website?

When you visit our website, our "cookie banner" informs you that we use cookies. By using our website, you agree that we may use cookies.

Cookie	Purpose	Lifetime
JSESSIONID	To identify the session (used for various functions)	for the duration of the session
utag_main	The Tealium Tag Management sets the utag_main cookie. This cookie anonymously records the user session using some parameters such as a unique session identifier and a Unix/epoch timestamp.	1 year after visiting our site
SessionPersistence (CLIENTCONTEXT and PROFILEDATA)	These cookies allow us to save settings that you have selected during your visit to our website.	Will be deleted as soon as you empty your browser cache (or one year after your visit)
cookiePolicyAnswer	Documents that the cookie request was confirmed.	Visit
dlc_[TimeMs]	To tell the client that file generation is completed.	300 seconds
treeOpenStateX[Parameter], treeStateX[Parameter], treeStateX[Parameter], gridOpen[Parameter]	To enable DHTMLX (saving thee layout status).	can be adjusted flexibly
highlightedTreeviewLink	For displaying a directory tree.	for the duration of the session
popUpNews[Parameter]	To determine whether the pop-up message has already been opened on the user's computer.	1 year
teaserHtmlPageRotatorPosition[Parameter]	To remember the position of the HTML page rotator.	1 year
browserWarningClosed	To remember that the user has been shown the message. Message (browser warning) appears with old browser versions.	24 hours
ckCsrfToken	For using the CK editor: Used for secure communication using random numbers (Cross-Site Request Forgery).	for the duration of the session
TS <pool-name>	This cookie ensures that the load caused by the requests of our users is ideally distributed on our servers. This ensures stability of the website.	for the duration of the session
atidvisitoer	This cookie of the AT Internet analytics tool serves to track visited pages and to store information about identified users. If the cookie is deleted, a user will be counted as a new visitor even if s/he is a returning visitor, due to the lack of information about the user.	6 months after visiting our site
atreman	This AT Internet Cookie saves a previous campaign. If the cookie is deleted, pre-attributing campaigns is no longer possible.	30 days after visiting our site
atredir	This cookie enables AT Internet to store information that is transferred during a JavaScript redirect in order to determine the source of a visit. If the cookie is deleted, the information transferred is lost.	30 seconds
atsession	This AT Internet cookie collects information about campaigns that a visitor uses during a visit. This prevents the same campaign being measured twice. If the cookie is deleted, campaigns that were used before will be considered as new ones.	30 minutes after visiting our site
atuserid	These AT Internet cookies are used to store the visitor ID for first-party cookies. If this cookie is deleted, no unique visitor ID is available for first-party cookie pages.	13 months after visiting our site
iddrxvr	This AT Internet third party cookie allows the visitor ID to be stored, which enables unique visitors to be tracked across domains. If this cookie is deleted, there may be differences in determining visits/visitors.	13 months after visiting our site
tmst	The AT Internet Timestamp Third-Party Cookie specifies the date when the Visitor ID cookie was placed for the first time. If this cookie is deleted, there may be differences in determining visits/visitors.	6 months after visiting our site
iddrxvr	This double-click cookie collects data on user interactions with advertisements and other advertising services if they refer to our website.	2 years after visiting our site

Login