Privacy notice

Privacy notice

BASF Digital Solutions, S.L. (hereinafter: BDS), welcomes your interest in working for us. Before you proceed with your job application, we would like to briefly notify you how we process and protect your personal data.

We are hereby informing you regarding the processing of your personal data by BDS and your rights under the General Data Protection Regulation (“GDPR”).

For better clarity, this privacy notice is divided into three sections: Section I provides you with information about the processing of your data when you use this website to apply for a job; Section II provides information about the processing of your data in the recruitment; Section III gives further insights into technically relevant information on this website for website’s visitors.

Overview

Part I. – Information about the job application on this website

Part II. – Information about the recruitment process

Part III. – Technical Information for website’s visitors

PART I. – INFORMATION ABOUT JOB APPLICATION ON THIS WEBSITE:

A. Who is responsible for data processing and who is our data protection officer?

B. What data do we process, for what purposes, for how long and on what legal basis?

C. Are you obliged to provide us with this data?

D. Whom do we disclose your personal data to?

E. How do we secure your personal data?

F. What are your rights?

G.Where can you lodge a complaint?

A. Who is responsible for data processing and who is our data protection officer?

Responsible for data processing is:

BASF Digital Solutions, S.L.

Paseo de la Castellana, 77

28046 – Madrid

Our Data Protection Officer can be contacted at: data-protection.es@basf.com

B. What data de we process within the job application in this website, for what purposes, for how long and what legal basis ?

In the following, we inform you about; a) the data processing on our site when you submit a job application, b)its purposes and legal basis c) as well as the respective storage period and, if applicable, specific objection and removal options (c).

a) data processing

In order to submit a job application through this website, it is necessary that you fill out the job application form for each advertised position to which you wish to apply.

The mandatory data that you must complete in the job application form in order to apply for a specific job position via this website are: pronoun, first name, surname, location, visa status, notice period, salary expectations, CV and e-mail.

When you submit the job application form, we can process your application and contact you for the specific job position you apply for.

In addition, you can voluntarily upload additional information in the job application form, such as attachments with your cover letter, with information about your education and work experience, professional certificates and language skills.

b) Purposes and legal basis are the data processed?

If you want to apply for an advertised position, the submission of job application form is required so that we can process your application and contact you.

To submit the application form is part of the application process and thus serves to carry out pre-contractual measures. The legal basis for the processing of data is therefore Art. 6 para. 1 letter b of the EU General Data Protection Regulation (GDPR). The legal basis for the processing of the data that you have voluntarily provided us with is your consent in accordance with Art 6 para.1 letter a) of the GDPR.

When you apply to a specific job position, if you give us your consent to process your data in order to inform you about other open job opportunities in BDS, we can process your data provided in the application form for a specific job position and contact you when BDS reasonably believes that you would be interested in any other open job position within BDS. In this case, the legal bases for the processing of data is your consent Art 6 para.1 letter a) of the GDPR.

c) Storage period

When you apply for a job position, your application will be deleted after the completion of the application procedure, as soon as the provision of data for the above-mentioned purposes is no longer necessary. Your personal data will be stored for the time in which claims can be made against us.

If you give us your consent to process your data to inform about other open job opportunities in BDS we will process your data for one year period since you give us your consent, after that your personal data will be stored for the time which claims can be made against us.

C. Are you obliged to provide us with this data?

If you want to apply for an advertised position, the submission of job application form is required so that we can process your application and contact you. If you want to apply to a position the mandatory data you have to provide us in the application form is indicated above in “a) data processing” section.

D. To whom do we pass on your personal data?

Within our company, only persons and departments are granted access to your personal data as far as they need it to fulfil the abovementioned purposes.

We also involve service providers. These service providers will only act on our instructions and are contractually obliged to comply with the applicable data protection requirements.

Otherwise, we will only pass on your data to third parties if:

you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
there is a legal obligation for us to pass on the data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, or
this is legally permissible and, in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, is necessary for the fulfilment of contractual relationships with you.

A transfer of your personal data to service providers in a third country will only take place if the special requirements of Art. 44 ff. GDPR are fulfilled.

E. How do we secure your personal data?

BDS uses technical and organizational security measures to protect your personal data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously revised in line with technological developments.

F. What rights do you have?

You have certain rights under the General Data Protection Regulation including the right to request a copy of the personal information we hold about you, if you request it from us in writing:

Right to access: the right to obtain access to your information (if we’re processing it), and certain other information (like that provided in this Privacy Policy);

Right to correct: if your personal information is inaccurate or incomplete you have the right to have your personal information rectified;

Right to erasure: this is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions. For example, we have the right to continue using your personal data if such use is necessary for compliance with our legal obligations or for the establishment, exercise or defense of legal claims;

Right to restriction of processing: the right to suspend the usage of your personal information or limit the way in which we can process it. Please note that this right is limited in certain situations: When we are processing your personal information that we collected from you with your consent you can only request restriction on the basis of: (a) inaccuracy of data; (b) where our processing is unlawful and you don’t want your personal information erased; (c) you need it for a legal claim; or (d) if we no longer need to use the data for the purposes for which we hold it. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for restriction of the use of their personal information to make sure the restriction is respected in future;

Right to data portability: the right to request that we move, copy or transfer (where technically feasible) your personal information in a structured, commonly used and machine-readable format, for your own purposes across different services;

Right to object:
the right to object to our processing of your personal information including where we process it for our legitimate interests, direct marketing.

Right to withdraw consent: if you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful).

You can withdraw both your application/s for a specific job position/s and your consent to the processing of your data for other open job positions. However, if you cancel your application/s, we can no longer consider your application/s.

Exercising these rights is free of charge. However, you are required to prove your identity by means of a two-factor-authentication. We will engage reasonable efforts consistent with our legal duty to supply, correct or delete personal information about you.

To exercise your rights, please contact us, for example by e-mail or by post. You will find the contact details in section A.

G. Where can you complain?

You have the right to lodge a complaint with our data protection officer (for contact details see Section A) or with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

In either case, you can contact our Lead Data Protection Authority:

State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz)
Hinter Bleiche 34
55116 Mainz

https://www.datenschutz.rlp.de/de/general-storage/footer/ueber-den-lfdi/kontakt/

E-Mail: poststelle@datenschutz.rlp.de

PART II. – INFORMATION ABOUT THE RECRUITMENT PROCESS

A. Who is responsible for data processing and who is our data protection officer?

B. What data do we process, for what purposes, for how long and on what legal basis?

C. Are you obliged to provide us with this data?

D. Whom do we disclose your personal data to?

E. How do we secure your personal data?

F. What are your rights?

G. Where can you lodge a complaint?

A. Who is responsible for data processing and who is our data protection officer?

Responsible for data processing is:

BASF Digital Solutions, S.L.

Paseo de la Castellana, 77

28046 – Madrid

Our Data Protection Officer can be contacted at: data-protection.es@basf.com

B. Which data categories do we use as the potential employer and where do they come from?

In the following, we inform you about; a) the data processing in the recruitment process , b) its purposes and legal basis c) as well as the respective storage period and, if applicable, specific objection and removal options (c).

a) data processing

In particular the data you have given during the recruitment process, e.g. master data (such as first name, last name, additional titles, nationality), contact data (such as private address, cellphone number, e-mail address), qualification data (testimonies, motivational letter), soft skill data (learnings from the interview, assessment center), suitability data (results from suitability test), bank account details, data on occupational pension schemes and family data (e.g. names and dates of birth of spouse and children) are part of the categories being processed. This may also include special categories of personal data such as health data.

Your personal data are normally recorded directly within the scope of the hiring process or during the application selection procedure. In specific constellations, your personal data are also recorded by other official bodies on the basis of statutory provisions. This includes in particular requests for tax-related information from the relevant tax authority based on a particular case as well as information regarding absences from work by the respective healthcare provider. In addition, we may have received data from third parties (e.g. job placement agencies, courts).

b) Purposes and legal basis are the data processed?

We process your personal data in compliance with the provisions of the GDPR as well as all other relevant laws.

The data is processed primarily for the potential conclusion, performance and termination of the employment contract. As part of the application process your data will thus be used by the HR department at BDS and by other persons within BDS with a legitimate interest in the data, in particular the managers involved in the application process, in order to check your profile against job openings. At the same time, we will check whether we can offer you admission to our talent pool. The primary legal basis for this is Art. 6 Sect. 1 b) GDPR. In addition, collective agreements (company agreements and union regulations) in accordance with Art. 6 Sect. 1 b) in conjunction with Art. 88 Sect. 1 GDPR as well as your special consents in accordance with Art. 6 Sect. 1 a), 7 GDPR.

We also process your data in order to comply with our obligations as an employer particularly in the area of Tax and Social Security Law. This is done on the basis of Art. 6 Sect. 1 c) GDPR.

Where necessary, we also process your data on the basis of Art. 6 Sect. 1 f) GDPR for safeguarding legitimate interests by us or third parties (e.g. government agencies). This applies in particular to help solving crimes or within the BASF group for purposes of group management, internal communication and other administration purposes.

Moreover, due to the European regulations 2580/2001 and 881/2002 we are obligated to compare your data with the “EU terror list” in order to ensure that no money or other type of funding is being provided for terrorism-related purposes.

To the extent that special categories of personal data are processed in accordance with Art. 9 Sect. 1 GDPR, this is for the purpose of exercising rights or complying with legal duties under Employment Law, Social Security and Social Protection (e.g. disclosure of health data to healthcare provider, recording of severe disability status due to additional vacation and for calculating the severe disability charges) within the framework of the employment relationship. This is done on the basis of Art. 9 Sect. 2 b) GDPR. Moreover, processing of health data may be necessary for assessment of your fitness for work in accordance with Art. 9 Sect. 2 h) GDPR.

In addition, the processing of special categories of personal data may be on the basis of consent as set out in Art. 9 Sect. 2 a) GDPR (e.g. company health and integration management).

If we intend to process your personal data for a purpose not stated above we will inform you in advance.

c) Storage period

We delete your personal data as soon as they are no longer needed for the purposes cited above. After termination of the employment contract, your personal data will be stored for as long as we are obligated to do so by law or it is necessary for fulfillment of subsequent obligations (e.g. from the company pension scheme). This normally arises due to obligations to provide and preserve records prescribed by law. Moreover, personal data may be stored for the time in which claims may be asserted against us.

C. Are you obliged to provide us with this data?

Within the scope of your application and the recruitment process you are obligated to provide personal data necessary for the conclusion, performance and termination of your potential employment contract and compliance with the associated contractual duties or data which we are obligated by law to record. Without this data we will be unable to survey whether we can enter into a contractual relationship with you.

D. To whom do we pass on your personal data?

Within our company only persons and bodies (e.g. HR department, Works Council, Severely Disabled Representatives) who need your personal data for fulfillment of their contractual and statutory duties will receive your data.

Within the BASF group your data is provided to specific companies within the group as well as affiliated companies (e.g. joint ventures) if they centrally perform key tasks for affiliates within the company group or perform cross-company functions on the basis of the organizational structure.

In addition, in order to fulfill our contractual and statutory obligations we in part employ different service providers (e.g. in the context of onboarding “Enboarder” and otherwise travel service providers, debt collection service providers, IT service providers, consulting companies).

We may also disclose your personal data to other recipients outside of the company if necessary for fulfillment of our contractual and statutory duties as an employer. These may be, for example:

Auditors and experts
Official bodies (pension insurance provider, occupational pension schemes, Social Security providers, tax authorities, courts)
The employee’s bank (SEPA-payment medium)
Receiving offices of healthcare providers
Official bodies in order to guarantee claims from the company pension scheme
Third party debtors in the case of salary and wage garnishing
Receiver in the case of private insolvency

E. How do we secure your personal data?

F. What rights do you have?

You have certain rights under the General Data Protection Regulation including the right to request a copy of the personal information we hold about you, if you request it from us in writing:

Right to access: the right to obtain access to your information (if we’re processing it), and certain other information (like that provided in this Privacy Policy);

Right to correct: if your personal information is inaccurate or incomplete you have the right to have your personal information rectified;

Right to object:
the right to object to our processing of your personal information including where we process it for our legitimate interests, direct marketing;

To exercise your rights, please contact us, for example by e-mail or by post. You will find the contact details in section A.

G. Where can you complain?

In either case, you can contact our Lead Data Protection Authority:

https://www.datenschutz.rlp.de/de/general-storage/footer/ueber-den-lfdi/kontakt/

E-Mail: poststelle@datenschutz.rlp.de

PART III. – TECHNICAL INFORMATION FOR WEBSITE VISITORS

Thank your visiting the BDS website. We appreciate your interest in our company.

The topic of data protection has the highest priority at BDS. Therefore, we would like to inform you in detail about it in the following.

A. Who is responsible for data processing and who is our data protection officer?

B. What data do we process, for what purposes, for how long and on what legal basis?

C. Are you obliged to provide us with this data?

D. To whom do we pass on your personal data?

E. How do we safeguard your personal data?

F. What rights do you have?

G. Where can you complain?

H. Data protection for minors

A. Who is responsible for data processing and who is our data protection officer?

The controller is

BASF Digital Solutions SL.

Paseo de la Castellana 77 – Planta 14

28046 Madrid (Spain).

Our Data Protection Officer can be contacted at: data-protection.es@basf.com

B. What data do we process, for what purposes, for how long and on what legal basis?

Below, we inform you about data processing on our site (a), its purposes and legal basis (b) as well as the respective storage period and, if applicable, specific objection and removal options (c).

1. Log files

a) Data processing

If you visit our website for information purposes only, i.e. if you do not register or transmit data in any other way (e.g. via a contact form), the following information is automatically transmitted from your browser to our server:

– IP address of your device

– Information about your browser

– Name of the website from which you visit us

– Name of the visited page (URL) or the opened file

– Date and time of your visit

– Status information such as error messages

– Transferred data volume and the access status (file transferred, file not found, etc.)

– Operating system and version of your computer’s operating system and the name of your access provider

b) Purposes and legal bases

When you visit the BDS web site, we use the IP address and other information automatically transmitted to our server by your browser under B. 1. a. to

(i) provide you with the requested content

(ii) ensure the security and stability of our website and to trace unauthorized use

(iii) enable a comfortable use of our website.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the above listed purposes for data processing. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

c) Storage period

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended. In the case of storage of the data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses are anonymized by deleting the last eight bits, so that an identification of you is no longer possible.

2. Cookies

a) Data processing and respective legal basis

We use cookies on our website. These are text information that can be stored in the browser on the device of the viewer to a visited website (web server, server). The cookie is either sent from the web server to the browser or generated in the browser by a script (JavaScript). The web server can read this cookie information directly from the server when the user visits this page again or transfer the cookie information to the server via a script of the website. Cookies do not cause any damage to your device, do not contain viruses, trojans or other malware.

Information is stored in the cookie that is related to the specific device used. This does not mean, however, that we obtain direct knowledge of your identity.

We generally use the following cookies:

– Strictly necessary cookies

These cookies are necessary for the functioning of the website. In general, these cookies are only set in response to actions you take in response to a service request, such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block these cookies or to notify you about these cookies. However, some areas of the website may not function properly.

The legal basis for the processing of these cookies is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the data processing purposes listed under B.1.b.

– Performance cookies

These cookies enable us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us answering questions about which pages are most popular, which are least used and how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we cannot know when you visited our website.

The legal basis for the processing of these cookies is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, which you have given us by making your selection in the cookie banner or in our Privacy Preference Center.

You have the right to revoke your consent at any time, without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. To do so, please change the settings in the Privacy Preference Center.

– Functional cookies

These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third parties whose services we use on our pages. If you do not allow these cookies, some or all of these services may not function properly.

The legal basis for the processing of these cookies is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, which you have given us by making your selection in the cookie banner or in our Privacy Preference Center.

– Cookies for marketing purposes

These cookies can be set via our website. They may be used by our marketing partners to profile your interests and show you relevant ads on other websites. If you do not allow these cookies, you will experience less targeted advertising.

b) Specific use of cookies, purposes and storage duration

Specifically, we use the following cookies, depending on the cookie preferences you set in the Privacy Preference Center. Only the strictly necessary cookies are activated by default. If you do not want this either, you have the option of generally rejecting cookies in your browser. In this case, the functionality of the visited website may be impaired.

[Automatic insertion of ONETRUST]

3. Contact form and e-mail

a) Data processing

Our web pages contain contact forms as well as links to send us an e-mail directly. If you use one of these contact forms, the data which you provide in such forms will be transmitted to us and processed. The mandatory data that must be filled in for electronic contact via the respective contact form are marked with (*). If you provide us with additional data, this is done voluntarily.

If you send us an e-mail, we will process the associated metadata and the content of the message

b) Purposes and legal bases

Your data will be processed to enable us to contact you, to process your request and to provide you with our respective services, to prevent misuse of the contact form and to ensure the security of our information technology systems.

The legal basis for the processing of data classified as being mandatory is Art. 6 para. 1 sentence 1 lit. f GDPR. The aforementioned purposes also include a legitimate interest in the processing of the data. If the purpose of the contact is the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR. The legal basis for the processing of the data that you have voluntarily provided us with is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR

c) Storage period

The personal data of the person concerned will be deleted or made unavailable as soon as the purpose of the storage does no longer apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. Data will also be deleted or made unavailable when a storage period prescribed by the above-mentioned provisions expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.

In case of a consent, you have the right to revoke such consent at any time, without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. To do so, please change the settings in the Privacy Preference Center.

d) Social media hyperlink

We have included hyperlinks to the following social media services on our website: LinkedIn, Facebook, Twitter, YouTube and Instagram.

These hyperlinks are designed in the form of the corresponding logos and are stored on our own server. This means that when our website is loaded for the first time, no data about you as a user are transferred to the respective provider. You will be directed to the respective website only if you click on the logos. Further data about you may be processed on this website.

We have no influence on this data processing on the respective linked websites.

C. Are you obliged to provide us with this data?

When you visit our website, the information specified in section B. 1. a. as well as the information from the cookies classified as strictly necessary is processed automatically. The transfer of this information is voluntary. Without the provision of this personal data, we cannot display the requested page.

If you

– allow us to use cookies that are not classified as strictly necessary,

– want to contact us and send us an e-mail or use our contact form (including the necessary reCAPTCHA query) or

– want to see embedded YouTube videos

the transfer of the information is voluntary.

If you contact us, we cannot answer your inquiry in the chosen way without the provision of the personal data required in the individual case. As far as cookies are concerned, the lack of consent can lead to a restriction of the functionality of the website or parts of it. Embedded videos cannot be played without your consent.

D. To whom do we pass on your personal data?

Within our company, only persons and departments are granted access to your personal data as far as they need it to fulfil the abovementioned purposes.

Otherwise, we will only pass on your data to third parties if:

– you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,

– the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,

– there is a legal obligation for us to pass on the data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, or

– this is legally permissible and, in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, is necessary for the fulfilment of contractual relationships with you.

A transfer of your personal data to service providers in a third country will only take place if the special requirements of Art. 44 ff. GDPR are fulfilled. If and to the extent service providers are located in a third country, it may be that either the servers of the respective service provider are located in the third country or that the servers are located in the EU, but accessed in cases of support from a third country. Some third countries do not have a level of data protection adequate to that of the EU, e.g. the USA or China, as authorities might have simplified access to personal data in a simplified manner or that there are limited rights to such actions. If and to the extent you give consent, you expressly give consent to the transfer of personal data into the respective third country.

E. How do we secure your personal data?

BASF Digital Solutions SL uses technical and organizational security measures to protect your personal data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously revised in line with technological developments.

F. What rights do you have?

You have certain rights under the General Data Protection Regulation including the right to request a copy of the personal information we hold about you, if you request it from us in writing:

Right to access: the right to obtain access to your information (if we’re processing it), and certain other information (like that provided in this Privacy Policy);

Right to correct: if your personal information is inaccurate or incomplete you have the right to have your personal information rectified;

Right to object: the right to object to our processing of your personal information including where we process it for our legitimate interests, direct marketing

To exercise your rights, please contact us, for example by e-mail or by post. You will find the contact details in section A.

G. Where can you complain?

In either case, you can contact our Lead Data Protection Authority:

https://www.datenschutz.rlp.de/de/general-storage/footer/ueber-den-lfdi/kontakt/

E-Mail: poststelle@datenschutz.rlp.de

H. Data protection for minors

This website is intended for persons who are at least 18 years old. If a minor submits personal data via this website, we will delete this data and not process it further as soon as we become aware of this fact.

BASF Digital Hub Madrid

BASF Digital Hub Madrid

Privacy notice