Privacy Statement

BASF is delighted that you have visited our website and thanks you for your interest in our company. BASF takes data protection seriously. This Privacy Statement describes:

the personal data BASF collects when you visit our website
the purposes for which BASF uses such data
the legal basis for the processing of personal data
the recipients of such personal data
the period for which such personal data will be stored
whether you are obliged to provide personal data

Furthermore, we would like to inform you about:

the existence of your rights regarding the processing of your personal data
the Controller in the meaning of data protection laws and, where applicable, our Data Protection Officer

1. What personal data does BASF collect when you visit our website?

(1) When you visit our website without contacting us or signing in, your browser transmits the following information automatically to our server:

IP address of your computer
Information about your browser
Website that you were on right before you landed on our website
URL or file requested
Date and time of your visit
Volume of data transmitted
Status information, e.g. error messages

(2) If you contact us by email or by contact form on our website, we receive the following information:

Your email address and further information that you provide by email or contact form
Date and time of your message

(3) Our website offers the option of subscribing to the free newsletter. When a user registers for the newsletter, the data entered into the input screen is transmitted to us.

The following data is also collected during registration:

IP address of the accessing computer
Date and time of registration
Email address
Name and family name

Your permission for data processing is obtained as part of the subscription process and a link to this Data Privacy Statement is provided. The data is not shared with third parties in the context of data processing for the purpose of sending newsletters. The data is used exclusively to send the newsletter.

(4) Our website offers our users the opportunity to register with their personal data. The data is entered into an input screen, transmitted to us and stored. The following data is collected as part of the registration process:

The user's IP address
Date and time of registration
Name Family Name
Email (as user name)
Postal code
Country
Password
User group e.g. architect

Your permission for data processing is obtained as part of the registration process and a link to this Data Privacy Statement is provided.

2. To what extent and for what purposes does BASF process such data?

(1) When you visit our website, we use your IP address and the other data that your browser transmits automatically to our server (see Section 1 (1) ) in order to:

send the requested content to your browser. In doing so, we store the complete IP address only to the extent necessary to serve the requested content to you.
send your IP address to a service provider to map your public IP address with company and industry related information (no personal information). This company- and industry related information will be processed to our web measurement system. In this process step your IP address is not stored at our service provider or in our system at any time.
protect us from attacks and to safeguard the proper operation of our website. In doing so, we store said data transiently and with restricted access for a maximum period of 180 days. Such period may be extended if and to the extent necessary to prosecute attacks and incidents.

BASF will investigate the user of an IP address only in case of an illegal attack.

(2) If you contact us by email or by contact form on our website, we use the data under Section 1 (2) to answer and, if possible, to meet your request. We store such data to the extent necessary to answer and meet your request.

(3) If we offer a newsletter your email address is collected in order to send you the newsletter.

(4) If you register to a service offered on our website we collect and process your personal data to provide the service to you.

3. Are you required to provide the data? Are you entitled to object to processing?

When you visit our website, your browser transmits the information under Section 1 (1) automatically to our server. You are free to transmit such data. Without providing such data we are not able to serve you the requested content.
You are not obliged to let us use your anonymized data for web audience measuring. You are also not obliged to let us use your IP address for mapping with your company or industry information.
If you want to contact us by email or by contact form on our website, you are free to transmit the data under Section 1 (2). We will mark mandatory fields, if any, of a contact form. Without providing the required data you may prevent us from answering and meeting your request properly.

4. What is the legal basis for the processing?

The legal basis for the processing under Section 2 is point (f) of Article 6 (1) General Data Protection Regulation. The legitimate interests are determined by the purposes described under Section 2. If the user has granted permission, the legal basis for processing personal data after the user has registered for the newsletter is Art. 6 Para. 1 lit. a EU GDPR.

5. To what recipients do we transmit your data?

We transmit the data mentioned in Section 1 to Data Processors based in the European Union for the purposes determined in Section 2. Such Data Processors process personal data only on instructions from us and the processing is carried out on behalf of us. We do not intend to transfer your personal data to a third country.

6. How do we protect your personal data?

BASF implemented technical and organizational measures to ensure an appropriate level of security to protect your personal data against accidental or unlawful alteration, destruction, loss or unauthorized disclosure. Such measures will be continuously enhanced in line with technological developments.

7. Do we use cookies on our website?

We will inform you about using cookies in our cookie banner when you visit our website. You accept the use of cookies by further using our website. We would like to inform you about the cookies we use and how you may decline cookies.

The following cookies are important for the smooth operation and specific services of our website:

File Name	Purpose	Lifespan
MBS_Cookie_Advice / BASF_Cookie_Advice_Name	The cookie is only set and stored with the value true if a user has clicked ok on the cookie advice. Otherwise the cookie doesn´t exist.	Erased as soon as you close your browser will be erased one year after your visit.
MBS_Country_Language_Selector / BASF_Country_Language_name	The cookie is only set and stored with the value "true" when a user hits a selection value in the country and language sector, provided that the automatic display of the same is active. Otherwise, the cookie does not exist.	Will be erased one year after your visit
__AntiXsrfToken	This cookie and its value are regenerated with each session. It ensures that requests are made from the same browser to prevent tampering. For details see https://www.owasp.org/index.php/Anti_CSRF_Tokens_ASP.NET	Will be erased as soon as you clear your cache or close your browser.
ASP.NET_SessionId	Unique browser session. Currently only needed for the CAPTCHA.	Will be erased as soon as you clear your cache or close your browser
fileDownload	Only set if a document download occurs in the same window (via a hidden iFrame).	Current query, then immediately in-validated
FedAuth	Ensures the logged on access after a User has successfully logged in.	Erased as soon as you close your browserWill be erased as soon as you clear your cache or close your browser.
[UserName]_userProject	Saves the configuration of the currently assembled project so that it can later be sent to the server; In addition, the project is persisted so that it is not lost by the newcomers of the site.	Will be erased as soon as you clear your cache or close your browser.
[UserName]_tempData	If you use our website with a mobile device, like a smartphone, you will be asked if you would like to be redirected to our mobile website. This cookie saves your decision and ensures that you will not be asked which version of the website you prefer again. Stores temporary information about the user / account status for corresponding UI handling: newsletter, user locked, draft for administrators.	Will be erased as soon as you clear your cache or you close your browser.
Idsrvauth Idssrvauth	Ensures logged in access after a user logs in successfully.	Will be erased as soon as you clear your cache. If selected “keep me logged in”: Will be erased one year after your visit.
IdSrvUserLang	Saves the currently selected language so that it will be displayed again the next time you visit.	Will be erased one year after your visit
wsfedsignout	Saves the return URL back to the external application for after a successful login / logout process during the same session	Will be erased as soon as you clear your cache or close your browser

2. Cookies for web audience measuring:

File Name	Purpose	Lifespan
ACOOKIE	This cookie allows the web analytics tool Webtrends to collect anonymous information about how our website is used. Such anonymous information shows us inter alia how many people visited our website, the websites that the users were on right before they landed on our website and which pages they visited.	Will be erased two years after your visit
WT_FPC	By default, Webtrends tracks visitors across the primary domain and all sub-domains. This is done by setting a first party cookie on your primary domain with the leading dot, which allows sub-domains to also read this cookie.	Will be erased two years after your visit
Id	Cookie for keeping track of sessions. This is used to determine if we should increment the session number and timestamps in the __hstc cookie. It contains: the domain, viewCount (increments each pageView in a session), session start timestamp.We use the DoubleClick cookie to collect data regarding user interactions with ad impressions and other ad service functions as they relate to our website.	Will be erased two years after your visit
utag_main	The Tealium Tag Management library creates and maintains a single cookie called utag_main. Within that cookie are several built-in values that keep track of the anonymous visitor session. Like a unique identifier for the session and a Unix/Epoch time stamp in milliseconds.	Will be erased one year after your visit.
D41ID	We use this cookie from Dun and Bradstreet to derive anonymous information concerning businesses visiting our websites.	Will be erased one year after your visit
__hstc	The main cookie for tracking visitors. It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).	Will be erased 2 years after your visit
hubspotutk	This cookie is used for to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when de-duplicating contacts.	Will be erased 10 years after your visit
__hssc	This cookie used to keep track of page views in a session.Whenever HubSpot changes the session cookie, this cookie is also set. We set it to 1 and use it to determine if the user has restarted their browser. If this cookie does not exist when we manage cookies, we assume it is a new session.	Will be erased as soon as you close your browser
__hssrc	Whenever HubSpot changes the session cookie, this cookie is also set. We set it to 1 and use it to determine if the user has restarted their browser. If this cookie does not exist when we manage cookies, we assume it is a new session.	Will be erased as soon as you close your browser
__hs_opt_out	This cookie is used by the opt-in privacy policy to remember not to ask the user to accept cookies again. This cookie is set when you give users the choice to opt out of cookies.	Will be erased 2 years after your visit
__hs_do_not_track	This cookie can be set to prevent the tracking code from sending any information to HubSpot. Setting this cookie is different from opting out of cookies, which still allows anonymized information to be sent to HubSpot.	Will be erased 2 years after your visit
__hs_testcookie	This cookie is used to test whether the visitor has support for cookies enabled.	Will be erased as soon as you close your browser
hsPagesViewedThisSession	This cookie is used to keep track of page views in a session.	Will be erased as soon as you close your browser
hsfirstvisit	This cookie is used to track the first visit of a visitor.	Will be erased 10 years after your visit

You may use your browser settings to decide which cookies to accept and to decline. Please be aware that you may not be able to use all features of our website if you decline cookies under Section 7 (1).

8. What rights do you have?

You have certain rights under the General Data Protection Regulation including the right to request a copy of the personal information we hold about you, if you request it from us in writing:

8.1. Right to access: the right to obtain access to your information (if we're processing it), and certain other information (like that provided in this Privacy Policy);
8.2. Right to correct: if your personal is inaccurate or incomplete you have the right to have your personal information rectified;
8.3. Right to erasure: this is also known as 'the right to be forgotten' and, in simple terms, enables you to request the deletion or removal of your information where there's no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions. For example, we have the right to continue using your personal data if such use is necessary for compliance with our legal obligations or for the establishment, exercise or defense of legal claims.
8.4. Right to restrict our use of your information: the right to suspend the usage of your personal information or limit the way in which we can use it. Please note that this right is limited in certain situations: when we are processing your personal information that we collected from you with your consent you can only request restriction on the basis of: (a) inaccuracy of data; (b) where our processing is unlawful and you don't want your personal information erased; (c) you need it for a legal claim; or (d) if we no longer need to use the data for the purposes for which we hold it. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for restriction of the use of their personal information to make sure the restriction is respected in future;
8.5. Right to data portability: the right to request that we move, copy or transfer (where technically feasible) your personal information in a structured, commonly used and machine-readable format, for your own purposes across different services;
8.6. Right to object: the right to object to our use of your personal information including where we use it for our legitimate interests, direct marketing;
8.7. Right to be informed: you have the right to be provided with clear, transparent and easily understandable information about how we use your personal information; and
8.8. Right to withdraw consent: if you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful).

The exercise of these rights is free of charge for you, however you are required to prove your identity with 2 pieces of approved identification. We will use reasonable efforts consistent with our legal duty to supply, correct or delete personal information about you on our files. To make inquiries or exercise any of your rights set out in this Privacy Policy and/or make a complaint please contact us by emailing or write to us and we will endeavor to respond within 30 days. Contact details can be found in section 10 below. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints that we cannot resolve directly. If you are not satisfied with the way any complaint you make in relation to your personal information is handled by us then you may refer your complaint to the relevant data protection supervisory authority.

9. Where can you lodge a complaint?

You have the right to lodge a complaint with our Data Protection Officer (for contact details see below) or with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. Or you can contact:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34
55116 Mainz

10. Who is Controller and Data Protection Officer?

The Controller in the meaning of data protection laws is:

BASF Stavební hmoty ?eská republika s. r. o.
K Májovu 1244, 537 01 CHRUDIM
Tel. + 420-469 607 111
Please use the address of the Controller above to contact our Data Protection Coordinator Mr Vit Sustr. Our Data Protection Coordinator can also be contacted via Mailbox data-protection.cz@basf.com

11. Privacy of Children

This Website is intended to be used by persons aged 18 and older. We do not seek to collect information about persons under the age of 18.

No information should be submitted to or posted on the Websites by persons younger than 18 years of age. If such a person submits personal information via the Websites, we shall delete that information as soon as we are made aware of their age and thereafter shall not use it for any purpose whatsoever.