Data Protection & Privacy
- 1 Processing of your Personal Data
- 2 The Type of Data Processed
- 3 Purposes of Processing and Legal Bases
- 4 Recipients of Your Data
- 5 Transfer to Other Countries
- 6 Storage and Retention Period
- 7 Obligation to Provide Data
- 8 Automtated Decision Making and Profiling
- 9 Your Privacy Rights
The Clariant Company that you conduct business with is responsible for processing your personal data in the context of data protection law.
The data protection officer responsible for this Clariant Company is available to answer any questions you may have about data protection at Clariant.
You can contact him at datenschutzbeauftragter@clariant.com or contact directly Clariant’s Group Privacy Head at dataprotectionoffice@clariant.com.
Our customers, vendors and business partners are located in and outside Europe. Therefore we process personal data of natural persons, as far as it is necessary to fulfil our contractual and legal obligations from the business relationship with our customers, vendors and other business partners. In the broader sense, business partners are defined as business contacts such as visitors to our company premises or representatives of the press who contact us. We may therefore collect, store, delete or transmit personal data.
The categories of personal data we process may include, but are not limited to:
- Addresses and contact data, e.g. business address and contact data such as name, address, telephone number, e-mail address, function and department of the contact persons at our customers, suppliers and other business partners;
- Data that we need for issuing correct invoices, such as bank details, tax number, etc., as far as this includes personal data of a natural person;
- Identification data, e.g. name, gender, date and place of birth of visitors, ID card number of truck drivers, pictures (badges), CCTV (visit to monitored areas), user ID (via business applications);
- Authorizations and their use, e.g. IP addresses or user accounts for Wi-Fi (Guest-WIFI), online services or business applications used;
- Time management, e.g. on company premises or for the provision of services;
- Information on activities, tasks and operations, e.g. for projects.
We process personal data only for permitted purposes and in compliance with the legal provisions of the European Data Protection Regulation (GDPR) and local laws.
3.1 We process data to fulfil our contractual obligations
We process personal data to comply with our contractual obligations towards our customers, suppliers and business partners or to carry out so-called preliminary contractual measures in response to a specific request. This includes data processing measures for business transactions including payment, invoicing, contract management, monitoring and inspection measures, the provision of transport & logistics services, authorization and identity management for electronic services including technical support and troubleshooting as well as for product development.
In these cases, the purpose of data processing is determined by the contract we have in place with our customers, suppliers or business partners and the services we provide on this basis. This also includes, for e.g., the processing of personal data for sending catalogues and information on our products, the preparation of specific offers, the answering of enquiries and the other exchange of information concerning our company, including the coordination of appointments and meetings.
With respect to media representatives, interested parties and visitors, personal data may be used to identify, authorize and verify access to, as well as the provision of information and requested services.
3.2 We process data to fulfil our legal obligations
We must process certain data in order to meet legal obligations. Such an obligation may arise from requirements of commercial, trade, tax and social law as well as from European legislation. For e.g., business partner data (companies and persons) can be checked against certain lists in connection with regulations to prevent, combat and clarify financing of terrorism, to prevent fraud and money laundering and to comply with export and payment restrictions.
In detail, this may also result in retention, storage, reporting and data collection obligations for our company, which as a rule serve control purposes of the relevant public authorities. In addition, the disclosure of personal data may become necessary for official or judicial measures for the purpose of taking evidence or prosecution.
3.3 We process data to uphold legitimate interests (taking your interests into account)
We also process personal data if necessary to uphold the legitimate interests of the companies of the Clariant Group or our customers, suppliers or business partners (and, where applicable, other third parties). This includes e.g.:
- customer support
- measures to improve our products and processes, quality controls, needs analysis and customer care;
- cooperation with credit agencies for the purpose of credit assessment;
- direct mail, as long as you have not objected to the processing of your personal data for these purposes;
If we receive your e-mail address in connection with the conclusion of a contract and the provision of our products and you have not objected to this, we reserve the right to regularly send you offers for similar products from our product range by e-mail. You can object to this use of your e-mail address at any time by sending a message to the contact option described below or via a link provided for this purpose in the newsletter e-mail, without incurring any costs other than the transmission costs according to the basic rates.
- the surveillance of publicly accessible rooms in our branches by means of video surveillance
- sharing personal data within the Clariant Group for internal administrative purposes;
- to protect our IT against various threats (malware, hacker attacks, spam, espionage and theft of intellectual property), to examine the data exchanged for viruses and to analyse the connection data for anomalies and in suspicious cases;
- to report and investigate suspected compliance cases, to prevent and investigate criminal offences and to assert and defend against legal claims.
3.4 We process data with your consent
We also process your personal data if you have given us your explicit consent. You may withdraw your consent at any time. Please note that data processing up to the withdrawal remains permissible.
3.5 Information about changes of purpose
If we process your personal data for any purpose other than that for which we originally collected it, we will inform you of this in accordance with the applicable legal provisions.
3.6 Processing principles
Appropriate technical and organizational measures for data security are implemented by internal regulations and - if the data is processed by an external service provider on the basis of data processing on a contract - by corresponding contractual agreements.
We regularly receive the personal data we process in the course of our business relationship with our customers, suppliers and other business partners. In some cases, we also receive personal data from other companies in the Clariant Group, e.g. as part of customer service at various locations.
In some cases, we also process personal data that we have received from publicly available sources, e.g. telephone directories, trade and company registers, trade fairs, exhibitions, Internet sources, newspapers, trade directories, etc., in accordance with the applicable data protection laws.
Personal data is transferred to other companies in the Clariant Group if and to the extent necessary to safeguard our statutory and contractual rights and obligations or our legitimate interests. This may be the case, for example, for the provision of our contractual services. Typical cases are the support of customers by several companies in the Clariant Group and the involvement of service providers for the delivery of products or the dispatch of advertising. If we involve external service providers, this is done in compliance with the applicable data protection regulations.
In accordance with the statutory provisions, the data required for the respective purpose may be passed on to other internal and external bodies in the following cases:
- to other Clariant Group companies and to internal and external service providers for operational purposes;
- to distribution partners;
- external data centers, printers, data destruction companies, courier services, logistics companies;
- to authorities, courts and other government agencies for the purposes of fulfilling reporting and information obligations;
- banks; and
- to attorneys, courts and other public institutions for clarification and assertion of claims or defence against asserted claims.
We only disclose personal data to other recipients outside the Clariant Group if we are legally obliged to do so or if you have given us your explicit consent.
Personal data will only be stored for as long as necessary to fulfil the specific purpose, as a rule for the duration of the respective contractual relationship, taking into account applicable statutory documentation, verification and retention periods.
In order to comply with legal requirements, such as commercial and tax documentation, proof and storage obligations, we must store some of your data after the legal deadlines beyond the end of contractual relationships.
For visitors, the data is deleted two years after the last contact and for subscription to information/newsletters on request.
Data is deleted using the deletion routines implemented by the process managers.
In order to provide our services to our customers or to receive them from suppliers and/or business partners, we must process certain personal data or are legally obliged to process them. We collect this data upon conclusion of the contract (e.g. business address, business contact data and function) or you make it available to us.
This data is the basis for a trustful and lawful contractual relationship, so that the conclusion and fulfilment of a contract is not possible without this data.
We do not use automated decision-making processes for decisions that may have a legal effect on you or significantly impair them in a similar way.
Profiling as defined in Art. 4 No. 4 GDPR does not take place.
In the context of the processing of personal data, you have the following rights pursuant to Articles 15 to 21 of the European Data Protection Regulation:
- Right to information,
- Right to correction,
- Right of deletion,
- Right to restrict processing and
- Right to data portability.
If you would exercise any of your rights, please contact the data protection officer at datenschutzbeauftragter@clariant.com or you Clariant’s Group Privacy Head at dataprotectionoffice@clariant.com
Requests for the exercise of rights must be made by means of a dated and signed application accompanied with a photocopy of the identity card.
In addition, you have the right to object to the processing of your data in order to safeguard the legitimate interests either of us or a third party. In this case, we will no longer process your personal data unless we can give overriding legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If we process your personal data for direct marketing purposes, you are entitled to opt out of the processing of your personal data for these purposes. In the event of an objection to processing for the purposes of direct marketing, we will no longer process your personal data for such purpose.
You can address your objection to us electronically. All you need to do is send an email to
datenschutzbeauftragter@clariant.com
or
You also have the right to withdraw your consent to the processing of your personal data at any time with immediate effect. Such withdrawal has no effect on the past, i.e. it does not affect the effectiveness of data processing until the withdrawal.
If you consider that our processing of personal data is not in compliance with data protection regulations or should you not be satisfied with our information, you have the right to complain to the supervising authority responsible for you or us under the European General Data Protection Regulation (GDPR).
Our responsible authority is:
Der Hessische Datenschutzbeauftragte
Gustav-Stresemann-Ring 1
65189 Wiesbaden