Declaration on data protection
Data protection is a high priority at DDCC. Therefore, we would like to inform you in detail about it below:
- Who is responsible for data processing?
- What data do we process, for what purposes, for how long and on what legal basis?
- Are you obliged to provide us with this data?
- Who do we share your personal data with?
- How do we secure your personal data?
- What rights do you have?
- Where can you complain?
- Data protection for minors
A. Who is responsible for data processing?
The Digital Data Chain Consortium (DDCC) GbR is responsible for data processing.
Questions about data protection can be sent to: data-protection.eu@basf.com
B. What data do we process, for what purposes, for how long and on what legal basis?
In the following, we inform you about the data processing that takes place on our website (a), its purposes and legal basis (b) as well as the respective storage period and, if applicable, concrete options for objection and removal (c).
1. log files
a. Data processing
When you visit our website, the following information is automatically transmitted from your browser to our server:
- IP address of your terminal device
- Information about your browser
- Name of the website from which you are visiting us
- Name of the accessed offer page (URL) or the accessed file
- Date and time of your visit
- Status information such as error messages
- Volume of data transferred and access status (file transferred, file not found, etc.)
- Operating system and version of the operating system of your computer as well as the name of your access provider
b. Purposes and legal basis
When you visit the DDCC website, we use the IP address and the other data automatically transmitted by your browser to our server under point B. 1 a in order to
(i) provide you with the requested content
(ii) to ensure the security and stability of our website and to track unauthorised use of our website
(iii)to enable a comfortable use of our website.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the data processing purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
c. Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses are anonymised by deleting the last eight bits so that it is no longer possible to assign the calling client.
2. Cookies
a. Data processing and respective legal basis
We use cookies on our website. These are text information that can be stored in the browser on the end device of the viewer in each case to a visited website (web server, server). The cookie is either sent to the browser by the web server or generated in the browser by a script (JavaScript). The web server can read this cookie information directly from the server or transfer the cookie information to the server via a script on the website during subsequent, renewed visits to this page. Cookies do not cause any damage to your end device and do not contain viruses, Trojans or other malware.
Information is stored in the cookie that arises in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.
We generally use the following cookies:
-
Absolutely necessary cookies
These cookies are necessary for the website to function. Generally, these cookies are only set in response to actions you take that correspond to a service request, such as setting your privacy preferences, logging in or filling out forms. You can set your browser to block these cookies or to notify you of these cookies. However, some areas of the website will then not function.
The legal basis for the processing of these cookies is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data processing listed under B.1.b.
-
Performance cookies
These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us answer questions about which pages are most popular, which are least used and how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not be able to know when you visited our website.
The legal basis for the processing of these cookies is your consent in accordance with Art. 6 (1) p. 1 lit. a DSGVO, which you have given us by your selection in the cookie banner or in our privacy preference centre.
You have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. To do this, please change the settings in the Privacy Preference Centre.
-
Functional cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third parties whose services we use on our sites. If you do not allow these cookies, some or all of these services may not function properly.
The legal basis for the processing of these cookies is your consent according to Art. 6 para. 1 p. 1 lit. a DSGVO, which you have given us by your selection in the cookie banner or in our data protection -preference centre.
You have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. To do this, please change the settings in the Data Protection Preference Centre.
-
Cookies for marketing purposes
These cookies may be set via our website. They may be used by our advertising partners to profile your interests and show you relevant ads on other websites. If you do not allow these cookies, you will experience less targeted advertising.
The legal basis for the processing of these cookies is your consent according to Art. 6 para. 1 p. 1 lit. a DSGVO, which you have given us by your selection in the cookie banner or in our privacy -preference centre.
You have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. To do this, please change the settings in the Data Protection Preference Centre.
b. Specific use of cookies, purposes and storage period
Specifically, we use the following cookies, depending on the cookie preferences you set in the Privacy Preference Centre. Only the cookies that are absolutely necessary are activated by default. If you do not want this either, you have the option of generally rejecting cookies in your browser. In this case, the functionality of the visited website may be impaired.
Cookie name | Purpose | Duration | Cookie type | |
1 | JSESSIONID | To identify the session (for various functions in use) | for the duration of the session | Strictly necessary cookies |
2 | cookiePolicyAnswer | Stores the selection of the cookies. | 1 year | Strictly necessary cookies |
3 | dlc_[TimestampMillis] | To tell the client that the file generation is finished. | 300 seconds | Functional cookies |
4 | VSSO (oder individuell Ticket.properties) | VSSO (oder individuell Ticket.properties) | Persistent, duration is defined per portal | Functional cookies |
5 | VSSO (oder individuell Ticket.properties) | For general use of Single-Sign-On. | for the duration of the session | Functional cookies |
6 | browserWarningClosed | To notice that the user has been shown the message. Message (Browser-Warning) appears with old browser versions. | 24 hours | Strictly necessary cookies |
7 | ckCsrfToken | For the use of the CK-Editor: Serves the secure communication by means of random numbers (Cross-Site-Request-Forgery). | for the duration of the session | Functional cookies |
3. Contact form and e-mail
a. Data processing
Our websites contain contact forms as well as links for sending an e-mail directly to us. If you use one of these contact forms, the data entered in the input mask will be transmitted to us and processed. The mandatory data that must be filled in to contact us electronically via the respective contact form are marked there with (*). If you provide us with additional data, this is done voluntarily.
If you use the direct sending of an e-mail to us, we process the associated e-mail metadata as well as the content of the message.
b. Purposes and legal basis
Your data is processed to enable us to contact you and process your request as well as to provide our respective services, to prevent misuse of the contact form and to ensure the security of our information technology systems.
The legal basis for the processing of the mandatory data is Art. 6 para. 1 p. 1 lit. f DSGVO. The aforementioned purposes also constitute the legitimate interest in processing the data. If the contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) sentence 1 lit. b DSGVO. The legal basis for the processing of the data voluntarily provided to us by you is your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO.
c. Storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.
In the case of consent, you have the right to revoke it at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. Please inform your respective contact partner at our company of this.
4. Validation tools
On this website you have the possibility to validate regulatory documents. The validation tools we offer do not process any personal data. If and insofar as the documents uploaded by you for validation or otherwise made available for validation contain personal data, we process these for the purpose of validating the respective document. The legal basis for this data processing is Art. 6 para. 1 lit. f) DSGVO.
C. Are you obliged to provide us with this data?
When you visit our website, the information mentioned in point B. 1. a. as well as the information from the cookies classified as absolutely necessary are processed automatically. The provision of this information is voluntary. Without the provision of this personal data, we cannot show you the requested page.
If you
- allow us to use cookies that are not classified as strictly necessary,
- wish to contact us and send us an e-mail to do so (including the CAPTCHA query required for this)
the transmission of the information is voluntary.
Regarding your contact, without the provision of the personal data required in the individual case, we will not be able to answer your enquiry in the selected manner, or at least not in an optimal manner. As far as cookies are concerned, the lack of consent may lead to a restriction of the functionality of the website or parts thereof. Embedded videos cannot be played without your consent.
D. Who do we share your personal data with?
Within our company, only persons and bodies are given access to your aforementioned personal data insofar as they require it to fulfil the above-mentioned purposes.
We also work together with service providers. These service providers only act on our instructions and are contractually obliged to comply with the applicable data protection requirements.
Otherwise, we will only pass on your data to third parties if:
- you have given your express consent in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO,
- the disclosure is necessary for the assertion, exercise or defence of legal claims pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
- there is a legal obligation for the disclosure according to Art. 6 para. 1 p. 1 lit. c DSGVO, or
- this is legally permissible and necessary for the fulfilment of contractual relationships with you according to Art. 6 para. 1 p. 1 lit. b DSGVO.
Your personal data will only be passed on to service providers in a third country if the special requirements of Art. 44 et seq. DSGVO are fulfilled. If and to the extent that service providers are located in a third country, it is possible that either the servers of the respective service provider are located in the third country or that the servers are located in the EU but are accessed from a third country in support cases. Some third countries do not have a level of data protection equivalent to that of the EU, e.g. the US or China, as authorities may have simplified access to personal data or that there are limited rights against such actions. If and to the extent that you give your consent, you expressly consent to the transfer of personal data to the relevant third country.
E. How do we secure your personal data?
DDCC uses technical and organisational security measures to protect your personal data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously revised in line with technological developments.
F. What rights do you have?
You have certain rights under the General Data Protection Regulation:
Right of access:
the right of access allows you to obtain information about your personal data that we process and about certain other information (such as that given in this privacy notice);
Right of rectification:
If your personal data is inaccurate or incomplete, you have a right to rectification;
Right to erasure:
Based on the so-called "right to be forgotten", you can request the erasure of your personal data, unless there is a retention obligation. The right to erasure is not a right without exception. For example, we have the right to continue to process your personal data if such processing is necessary to comply with our legal obligations or to assert, exercise or defend legal claims;
Right to restrict processing:
this right includes restricting the use or manner of use. This right is limited to specific cases and exists in particular when: (a) the data is inaccurate; (b) the processing is unlawful and you object to erasure; (c) we no longer need the data but you need the data to assert, exercise or defend legal claims. If processing is restricted, we may continue to hold the data but not use it. We keep a list of those who have exercised the right to restrict processing so that we can ensure this restriction;
Right to data portability:
this right implies that we transfer your personal data, where technically possible, in a structured, commonly used and machine-readable format for your own purposes;
Right to object:
you may object to the processing of your personal data where it is processed on the basis of legitimate interests, in particular in the case of direct marketing.
Right to withdraw your consent:
If you have given us your consent to process, you have the right to withdraw your consent at any time. Such a revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Exercising these rights is free of charge for you. However, you will need to prove your identity with two factors. We will use reasonable efforts in accordance with our legal obligations to transfer, rectify or erase your personal data in our file systems.
To exercise your rights, please contact us e.g. by email or post. You will find the contact details under section A.
G. Where can you complain?
You have the possibility to address a complaint to the competent person mentioned in this privacy statement (for contact details see section A) or to a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement.
In any case, you can contact:
The State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate
Hintere Bleiche 34
55116 Mainz
E-mail: poststelle@datenschutz.rlp.de
Website: https://www.datenschutz.rlp.de/de/general-storage/footer/ueber-den-lfdi/kontakt/