Information about data protection in our data processing as per Articles 13, 14 and 21 of the General Data Protection Regulation
Thank you for visiting our Website and for your interest in our company. Protecting your personal data is an important priority for us. The following provides you with data as per Articles 12, 13 and 21 of the General Data Protection Regulation (GDPR) about how we handle your personal data when you use our Website.
Personal data consists of individual data about personal or factual circumstances relating to a determined or determinable natural person. This includes data such as your name, address, telephone number and date of birth.
Evonik Industries AG
Rellinghauser Straße 1-11
- Group Data Protection Officer -
Evonik Industries AG
Konzerndatenschutz (Group Privacy)
Rellinghauser Straße 1-11
You can visit our Website without providing any personal details. If you exclusively use our Website for data purposes and do not provide us with any personal details, we will not process any personal data, with the exception of data transferred by your browser in order to permit your use of the Website as well as information provided to us through the installed cookies.
For the technical provision of the Website, our system (i.e. the web server) automatically collects data from your browser each time the Website is called up.
The temporary storage of your IP address by our system is necessary to allow delivery of the Website to your computer. This is why the IP address of the user has to be stored for the duration of the session.
The IP address is stored in the log files to ensure the functionality of our Website. In addition, we use this data to optimise the Website and to ensure the security of our data technology systems (e.g. attack detection). Furthermore, the data is evaluated for marketing purposes in connection with the tools mentioned in section B.I.2 "Analysis and Tracking".
The following data is collected:
- IP address
- Browser type/version (e.g.: Firefox 59.0.2 (64 bit))
- Browser language (e.g.: German)
- Operating system used (e.g.: Windows 11)
- Cookies On / Off
- Time of access
- The previous website from which you reached us
We process your personal data for the technical provision of our Website on the basis of the following legal basis:
- To carry out pre-contractual measures in accordance with Art. 6 Para. 1 lit. b GDPR, insofar as you visit our Website to obtain information about our company and our products/services; and
- To protect our legitimate interests in accordance with Art. 6 (1) lit. f GDPR, in order to be able to make the Website technically available to you. Our legitimate interest in doing so is to be able to provide you with an attractive, technically functional and user-friendly Website, as well as to take measures to protect our Website from cyber risks and to prevent our Website from posing cyber risks to third parties.
UserCentrics processes your personal data in order to record your decision to accept cookies and tools and to display the UserCentrics pop-up, and to save this data for a subsequent visit to our Website. This includes the corresponding cookie with your (consent) decision as well as further usage data, e.g. IP address, domain name, time of request, server data (including data transmission types, server status, etc.), country, browser and operating system.
We process your personal data for the technical provision of our Website on the basis of the following legal grounds:
- To carry out pre-contractual measures in accordance with Art. 6 Para. 1 lit. b GDPR, insofar as you visit our Website to obtain data about our products or services;
- For the use of cookie management to meet a legal obligation to which we are subject as the responsible party pursuant to Art. 6 (1) lit. c GDPR. The legal obligation is to inform you about cookies we use and to obtain and document your consent to data processing; and
- To protect our legitimate interests pursuant to Art. 6 (1) lit. f GDPR, in order to be able to make cookie management technically available to you. Our legitimate interest in doing so is to be able to provide you with an attractive, technically functional and user-friendly cookie management system, as well as to take measures to protect the cookie management system from cyber risks and to prevent the cookie management system from posing cyber risks to third parties.
You can obtain more detailed information about the cookies and tools we use, their purposes and functions, the data processed in each case, the data recipients, the place of processing or transfer to so-called third countries (outside the EU/EEA), and the storage periods via UserCentrics ("fingerprint" icon).
We process your personal data on the basis of the following legal basis:
- Your consent according to Art. 6 para. 1 lit. a GDPR.
Links to the Facebook, Twitter, LinkedIn, YouTube and Xing services are integrated on the Website. You will, for instance, be redirected to our Facebook or LinkedIn page after clicking on the link, i.e. only then will user data be transferred to the respective site. For information on the handling of your data when using the social media sites, please refer to the respective data protection notices:
- Facebook: https://www.facebook.com/privacy/explanation
- Instagram: https://www.facebook.com/help/instagram/519522125107875
- Twitter: https://twitter.com/en/privacy
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- YouTube: https://policies.google.com/privacy?hl=en
- Xing: https://privacy.xing.com/en/privacy-policy
In addition to the purely informative use of our Website, you can also actively use our Website to download information, register for a newsletter or an event or to contact us. In addition to the processing of your personal data described above in the case of purely informational use, we will then also process further personal data from you which we require, for example, to process your enquiry.
In order to be able to process and answer your enquiries to us, e.g. via contact forms, to our e-mail address or via a chat, we process the personal data you provide in this context. In any case, this includes your name and e-mail address in order to send you a reply, as well as any other data you send us as part of your communication.
We process your personal data to respond to user requests on the basis of the following legal grounds:
- To protect our legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR; our legitimate interest is to respond appropriately to customer enquiries;
- If the request is aimed at the conclusion of a contract, the additional legal basis is Art. 6 para. 1 lit. b GDPR;
- If the request is aimed at asserting your data subject rights, the additional legal basis is Art. 6 (1) lit. c GDPR, as the processing of your data is necessary for the fulfilment of legal obligations.
With your consent, we use your data for promotional purposes, such as the transmission of our newsletter or customer magazine, the transmission of data via e.g. download links, eBooks or whitepapers, promotional surveys, the transmission of product data, your invitation to events that are of interest to you, follow-ups, status messages or we use your data for market research purposes. We collect mandatory data such as your e-mail address, but also data that you provide to us voluntarily. We use the voluntary data to permanently improve our customer relationship.
Where you have provided us with your e-mail address in connection with the purchase of goods or services, we may subsequently use it to send you a newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter.
We process your data for the purpose of sending newsletters, surveys, etc. and personalising the approach on the following legal bases:
- if you have given us your consent, in accordance with Art. 6 Para. 1 lit. a GDPR;
We also process your personal data on our Website in order to be able to assert our rights and enforce our legal claims. We also process your personal data in order to be able to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to prevent or prosecute criminal offences.
We process your personal data for this purpose on the following legal basis:
- To protect our legitimate interests pursuant to Art. 6 (1) lit. f GDPR, insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offences.
We also process your personal data on our Website to comply with other legal requirements. These may affect us inter alia in connection with business communications and include in particular retention periods under commercial or tax law.
We process your personal data on the basis of the following legal basis:
- To fulfil a legal obligation to which we are subject in accordance with Art. 6 Para. 1 lit. c GDPR in connection with commercial, industrial or tax law, insofar as we are obliged to record and store your data.
We may process your personal data in order to complete a (partial) sale of a business or merger (or similar process such as acquisition in liquidation, insolvency, dissolution, etc.) with another company. In the event that another company acquires or proposes to acquire assets from us, which may include your personal data, or we merge or seek to merge with another company, we may need to provide that company with access to or transfer your personal data held by us for the purpose of reviewing and implementing the sale/merger (e.g., to determine the value of the business or business risks, to transfer the data/assets, etc.).
We process your personal data on the basis of the following legal basis:
- To safeguard our legitimate interests pursuant to Art. 6 (1) lit. f GDPR in order to be able to organise and implement a planned sale of the company or a planned merger.
Some sections of our Website contain links to third-party websites. Such websites are subject to their own data protection principles. We are not responsible for their operation including data handling. If you send data to or through such third-party websites, you should review the privacy statements of those sites before sending them any personally identifiable data.
Initially, only our employees will gain knowledge of your personal data.
Your data will only be passed on to third parties if this is permitted or required by law or if you have given your consent. We also share your data to the extent necessary with the service providers we use to provide our services. We limit the transfer of data to what is necessary to provide our services to you. In some cases, our service providers receive your data as order processors and are then strictly bound by our instructions when handling your data. In some cases, the recipients act independently with your data that we transmit to them.
Please find below the categories of recipients of your data:
- Affiliated companies within the group of companies, insofar as they act as order processors for us and e.g. provide IT services or insofar as this is necessary for the provision of our services,
- IT service providers who, among other things, store data, assist in the administration and maintenance of the systems;
- Legal counsel in the assertion of our claims,
- public bodies and institutions insofar as we are legally obliged to do so.
- Agencies, printers and lettershops that support us in the implementation of advertising measures, competitions, promotions, etc,
- Logistics service provider to deliver goods, etc
In addition, we may share your personal data within our global group of companies, e.g. with subsidiaries or other companies affiliated with us, which require this data to fulfil our contractual and legal obligations or on the basis of our legitimate interests. This may be for economic, administrative or other internal business purposes and only insofar as such purposes do not override your interests or fundamental rights and freedoms which require the protection of personal data. Beyond that we will not pass your data on to third parties.
We operate on a global scale. Therefore, your personal data may be transferred to other parts of our business in countries outside the European Union. Data will only be transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary in the context of the processing of our contractual relationships or is required by law (e.g. tax reporting obligations), you have given us your consent or in the context of an order processing.
Where service providers in third countries are used and we are able to exercise an influence on them, they will also be obliged to comply with the level of data protection in Europe by agreeing to the EU standard contractual clauses in addition to written instructions. Alternatively, we transfer the data on the basis of Binding Corporate Rules or an adequacy decision of the EU Commission. For further data, please contact our data protection officer.
Apart from that, we will not transfer your personal data to countries outside the EU or the EEA or to international organisations.
In the case of purely informational use of our Website, we store your personal data on our servers exclusively for the duration of your visit to our Website. After you have left our Website, your personal data will be deleted.
Cookies installed by us are usually will also be deleted after you leave our Website. However, some cookies will be stored for a longer period of time, you can get more data about the respective storage period of the cookies and tools we use via UserCentrics ("fingerprint" icon on the bottom left of the screen). You also have the option of deleting installed cookies yourself at any time.
When you actively use our Website, we will initially store your personal data for the duration of the response to your inquiry and the actual initiation of a contract (pre-contractual legal relationship).
We will also process your data for the duration of your subscription to our newsletter, customer magazine, and other promotional communications or for the duration of our marketing campaigns or until you withdraw your consent to receive/participate.
In addition, we will then store your personal data until the statute of limitations for any legal claims arising from the relationship with you has expired, in order to use it as evidence if necessary. The statute of limitations is usually between one (1) and three (3) years, but can be as long as 30 years.
We will delete your personal data when the statute of limitations expires, unless there is a legal obligation to retain the data, for example under the German Commercial Code (Sections 238, 257 para. 4 HGB) or under the German Fiscal Code (Section147 para. 3, 4 AO). These retention requirements can range from two to ten years. For this period, the data will be processed again solely in the event of a review by the tax authorities.
In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to provide you with our Website, we will not be able to respond to your enquiries to us and we will not be able to provide you with data, newsletters, etc.
Apart from that, we will not carry out any profiling and will not use any purely automated decision-making processes in accordance with Article 22 GDPR. Should we use further procedures in individual cases in the future, we will inform you separately.
Right to object Art. 21 GDPR
You have the right to object at any time to the processing of your personal data which is carried out on the basis of Art. 6 (1) f GDPR (data processing on the basis of a balance of interests) or Art. 6 (1) e GDPR (data processing in the public interest) if there are grounds for doing so relating to your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
We also process your personal data in individual cases for direct marketing purposes. If you do not wish to receive advertising, you have the right to object to this at any time; this also includes profiling, insofar to the extent that this is related to such direct marketing. We will keep this objection in mind for the future.
We will no longer process your data for direct marketing purposes if you object to processing for these purposes.
Such objection can be made without any formalities and should, if possible, be addressed to the address mentioned under Clause I.
If you have come to us via one of our social media sites, please also note the further data on the processing of your data on these platforms.
Where personal data of yours is processed, you are a "data subject" within the meaning of the GDPR. Your rights as a data subject are as follows:
- Right of access: You can request data about whether we process personal data about you. If this is the case, you have a right of access to this personal data as well as to further data related to the processing (Art. 15 GDPR). Please note that this right of access may be limited or excluded in certain cases.
- Right of rectification: In the event that personal data about you is not (or is no longer) accurate or incomplete, you may request that this data be corrected and, if necessary, completed (Art. 16 GDPR).
- Right to erasure or restriction of processing: If the legal requirements are met, you may request the erasure of your personal data (Art. 17 GDPR) or the restriction of the processing of such data (Art. 18 GDPR). However, the right to erasure under Article 17(1) and (2) of the GDPR does not apply, inter alia, where the processing of personal data is necessary for compliance with a legal obligation (Article 17(3)(b) of the GDPR).
- Right to object: For reasons arising from your particular situation, you may also object to the processing of personal data concerning you by us at any time (Art. 21 GDPR). If the legal requirements are met, we will subsequently no longer process your personal data.
- Right to data portability: You are entitled, under the conditions of Art. 20 GDPR, to require that we provide you with the personal data relating to you that you have provided to us in a structured, common and machine-readable format.
- Right to revoke the declaration of consent under data protection law: You have the right to revoke your consent at any time. The revocation is only effective for the future; this means that the revocation does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.
- Right to complain to a supervisory authority: Without prejudice to any other administrative or judicial remedy, a data subject (you) shall have the right to lodge a complaint with a supervisory authority - in particular in the member state of your residence - if you consider that the processing of your personal data by us infringes the GDPR.
The supervisory authority responsible for us is:
State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen)
40213 Düsseldorf, Germany
Phone: +49 211/38424-0
Fax: +49 211/38424-10
However, we recommend that you always send a complaint to our data protection officer in the first instance.
Your requests about exercising your rights should preferably be addressed in writing to the address indicated above or directly to our Data Protection Officer.
Updated in November 2021