Data protection information pursuant to Articles 13, 14, 21 and 77 GDPR

Bitte klicken Sie hier für die deutsche Version

The aim of this document is to provide you with information on how we process your personal data and to notify you of your statutory rights with regard to data protection.

This information will be updated as required and published on this site, where you will also find data protection information for visitors to our website.

The data controller is:
ALTANA AG 
Abelstraße 43
46483 Wesel 
Tel +49 281/670-8
E-Mail: info@remove-this.altana.remove-this-also.com

Data protection officer contact information:
ALTANA AG
Data protection officer
Abelstraße 43
46483 Wesel 
Tel +49 281/670-8
E-Mail: Datenschutz.Altana@remove-this.altana.remove-this-also.com

We process personal data that we receive from our business partners in the context of our business relationship.

In addition, we process personal data that we legitimately obtain from public sources (e.g. commercial register, press, internet) or that are legitimately transmitted to us by other ALTANA companies or other third parties (e.g. social media, credit reference agency).

In the case of applications for an employment relationship, we process personal data that we receive directly from the applicants.

Specifically, we process the following data:

  • Master data on the business relationship with our business partners (name of the contact person, business address and business contact details)
  • Correspondence (e.g. correspondence)
  • Advertising and sales data
  • Applicant data

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR).

4.1 On the basis of your voluntary consent (Art. 6 para. 1 a GDPR)

If you have given us your consent to the processing of personal data for certain purposes (e.g. newsletter), the lawfulness of this processing is given based on your consent. A given consent can be revoked at any time. The revocation of consent does not affect the lawfulness of the data processed until the revocation.

4.2 For compliance with a legal obligation (Art. 6 para. 1 c GDPR)

We are subject to various legal obligations (e.g. tax and customs law). This includes the transfer of personal data to competent authorities and bodies (e.g. tax office, employers' liability insurance association, financial institutions and trust companies).

The purposes of the processing include, among other things, identity and age verification, screening based on anti-terror lists, the fulfilment of tax control and reporting obligations as well as the assessment and management of risks. This list is exemplary and not exhaustive.

4.3 In the context of our legitimate interests (Art. 6 para. 1 f GDPR)

We process the data of employees of our business partners based on our legitimate interest.

examples:

  • Handling of business processes with our business partners, e.g. order or order processing
  • Maintenance and further development of the business relationship within the framework of our CRM systems 
  • Market and opinion research, unless you have objected to the use of your data
  • Assertion of legal claims and defense in legal disputes
  • Ensuring the IT security and IT operations of the company
  • Prevention and investigation of criminal offences
  • Measures to safeguard domiciliary rights and to prevent damage to property and criminal activities.
  • Measures for building and plant safety
  • Data transfer within the Group considering recital 48 of the GDPR

4.4 As part of applicant management and our recruiting process (Art. 88 GDPR in conjunction with § 26 BDSG or Art. 6 para. 1 sentence b GDPR)

We process the data of applicants for the initiation of an employment relationship

  • in Germany based on Art. 88 GDPR in conjunction with § 26 BDSG
  • in other EU member states based on Art. 6 para. 1 sentence b GDPR

Your data will only be passed on if a legal basis permits this. Within the company, access to your personal data is granted to those departments that need it to fulfil our contractual and legal obligations (recital 48 GDPR). In addition, the following entities may receive your data:

  • Processors used by us (Art. 28 GDPR), in particular in the areas of IT services, sales, logistics and printing services, who process your data for us in accordance with instructions
  • Public bodies and institutions (e.g. tax office, customs authorities, employers' liability insurance association) in the presence of a legal obligation
  • Other bodies for which you have given us your consent (e.g. in the context of research projects)

A data transfer to bodies in countries outside the European Economic Area (so-called third countries) takes place as far as

  • this is necessary due to a legal obligation, e.g. tax reporting obligations),
  • you have given us your consent, or
  • this is permissible within the framework of the balancing of interests and considering recital 48 of the GDPR within affiliated companies, there is an adequate level of data protection in the third country (Art. 45 GDPR) or we have agreed appropriate guarantees with the affiliated companies and enforceable rights and effective legal remedies are available (Art. 46 GDPR).
  • it is necessary for the execution of orders (e.g. cooperation with our production sites in third countries).

In addition, we do not transfer any personal data to entities in third countries or international organizations. However, for certain tasks, we use service providers who may have their registered office, parent company or data centers in a third country. A transfer is permissible if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR). If the Commission has not taken such a decision, we may only transfer personal data to a service provider in a third country if appropriate safeguards are contractually agreed and enforceable rights and effective remedies are available (Art. 46 GDPR).

We process and store your personal data as long as it is necessary for the purposes set out in Section 4 or for the fulfilment of contractual and legal obligations, as well as for the pursuit of legitimate interests, i.e., for the preservation of evidence or evidence within the framework of the statutory statute of limitations.

We regularly delete personal data if the aforementioned requirements are no longer met.

You have the right to

  • Information (Article 15 GDPR)
  • Rectification (Article 16 GDPR)
  • Erasure (Article 17 GDPR)
  • Restriction of  processing (Article 18 GDPR)
  • Data portability (Article 20 GDPR)
  • Object (Article 21 GDPR)

The restrictions pursuant to Sections 34 and 35 DPA apply to the rights to information and to erasure.
You also have the right to complain to a responsible data protection supervisory authority (Article 77 GDPR).

As part of the business relationship with our business partners, you as an employee of the business partner must provide the personal data that is necessary for the establishment and execution of the business relationship and the fulfillment of the associated contractual obligations between our business partner and us or that we are legally obliged to collect.

If you have opted for an application procedure in our company, you must provide all the data necessary to establish an employment relationship.

We do not use any fully automated decision-making (scoring) processes pursuant to Article 22 GDPR to commence and carry out a business relationship.

Pursuant to Article 4 (4) GDPR, ‘profiling’ means any form of automated processing of personal data to evaluate, analyze or predict certain personal aspects relating to a natural person (e.g. performance at work, economic situation, personal preferences or interests, reliability, behavior or movements).

We do not use profiling.

12.1 Right to object to processing for the purpose of legitimate interest

For reasons arising from your particular situation, you have the right to object at any time to the processing of your personal data that is done pursuant to Article 6 para. 1 (f) GDPR (processing necessary for the purposes of legitimate interests). This also applies to profiling pursuant to Article 4 (4) GDPR based on this provision.

If you object, we will cease processing of your personal data unless we are able to demonstrate legitimate reasons for processing that override your interests, rights and freedoms, or unless the processing is for the purpose of enforcing, exercising or defending legal claims.

12.2 Right to object to the processing of data for the purposes of direct advertising

We may also process your data in the context of the statutory provisions for the purpose of direct advertising. You have the right to object at any time to the processing of your personal data for the purposes of such advertising. This also applies to profiling where this is connected to such direct advertising.
If you object to the processing for the purposes of direct advertising we will no longer process your personal data for this purpose.

12.3 Address for lodging objections

You may lodge your objection in any form.
Our contact details can be found in section 1.

Visitor Privacy Notice as part of the ALTANA Privacy Notice:

  • We process your personal data on the basis of voluntary consent in accordance with Art. 6 para. 1 sentence a DSGVO.
  • You can object to the processing at any time for the future.
  • The processing is carried out for the purpose of protecting the health of our employees and results from our duty of care as an employer.
  • A further purpose is to protect the company from the economic impact of an infection of employees by third parties.
  • We will delete the personal data collected from you after the end of the coronavirus pandemic, but no later than six months after collection.

The following link leads to the machine-readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.

https://www.cigna.com/legal/compliance/machine-readable-files