Data privacy
Covestro is aware that the protection of your private information is a very important concern as you use our websites. We take the protection of your personal data very seriously. Therefore, we would like to take this opportunity to explain the basic principles we apply in handling your personal data. This information is always provided whenever such data is collected.
The following document refers to the statutory regulations of the EU General Data Protection Regulation, as an example. To ensure better legibility, this global Data Privacy Declaration does not refer to national regulations, which are frequently comparable. If necessary, these and other information are listed/found in a country-specific declaration in the “Contact” paragraph of the Data Privacy Declaration.
If we obtain consent from a data subject to process personal data, Art. 6 para. 1 lit. a. of the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing such personal data. When processing personal information necessary to fulfill a contract to which the data subject is a contractual party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing procedures necessary to take steps prior to entering into a contract. If personal data must be processed to fulfill a legal obligation of our company, Art. 6 para. 1 lit. c GDPR serves as the legal basis. If data processing is required to safeguard a legitimate interest of our company or a third party, and if the interests, basic rights, and basic freedoms of the data subject do not outweigh the above interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing. Our company has a legitimate interest in carrying out and improving our business activities and in ensuring and improving the proper and error-free operation of the website and further coordinating website operations to the needs of users.
Collecting and processing information
You can use Covestro's website without providing any personal data to us. Some offers and services available on our websites, however, do require personal information to access.
Recording technical access data
When you visit our websites, Covestro uses an automated system to collect data and information. However, this information is not associated with any individual for the purpose of assessing their behavior. Technical access data saved in server log files includes, for instance, the following data:
- Information on your browser type and version used
- The user's operating system
- The user's internet service provider
- The user’s IP address
- Date and time of access
- Websites from which the user’s system accessed our website (referrer)
- Websites accessed by the user’s system through our website.
Data is processed to deliver the content of our website, to ensure the functionality of our IT systems, and to optimize our website, as well as to protect our justifiable interests and clarify any issues in case of unauthorized access or attempts to access our website (Art. 6 (1, f GDPR).
Cookies
Our websites use cookies. These are files saved on the user's computer system by their web browser. Cookies can be transmitted to the user’s browser when they access a page, and are used to identify the user. Cookies help simplify the use of websites for users.
You can prevent cookies from being saved by changing your browser settings at any time. Saved cookies can be deleted at any time.
We would like to note that, if you deactivate cookies, you may not be able to use all of the functions of our website to their fullest extent.
Cookies / pixels on this website*
* Cookies regularly deleted at the end of a session are not listed here. A list of the cookies/pixels/tools used can be found in our Consent tool.
The Adex
On our website, we use the digital marketing platform “The Adex” from Virtual Minds GmbH (Ellen-Gottlieb-Straße 16, 79106 Freiburg im Breisgau, Germany). In addition to the information provided in our cookie consent tool, you will find the following further explanations of the service.
The digital marketing platform “The Adex” is generally used to (anonymously) record information on your user behavior and to provide this anonymous data to third-party providers, in order to display usage-based advertisement. Within the framework of the IAB TCF framework, we differentiate between the following purposes of processing for The Adex:
- Saving and/or accessing information on a device
- Selecting simplified ads
- Creating a personalized ad profile
- Selecting personalized ads
- Creating a personalized content profile
- Selecting personalized content
- Measuring ad performance
- Measuring content performance
- Using market research to gain insight regarding target audiences
- Developing and enhancing products
The data processing necessary to fulfill these purposes is carried out only with your consent (Art. 6 para. 1 lit. a GDPR or Sec. 25 para. 1 TDDDG). You can individually accept or reject each purpose of processing, as well as the provider “Adex (Virtual Minds GmbH.” If you reject an individual purpose or the provider itself, then “The Adex” will no longer process your data.
In addition to the aforementioned purposes of processing, “The Adex” also performs the following “special purposes of processing” and “functions:”
- Ensuring security, preventing fraud, and correcting errors
- Technical provision of ads or content
- Combining with offline data sources
- Linking different devices
- Receiving and using automatically transmitted device properties for identification
The legal basis for this data processing is safeguarding legitimate interests (Art. 6 para. 1 lit. f GDPR). The legitimate interests are derived directly from the indicated special purposes of processing and functions. The data processing necessary to fulfill these special purposes of processing and functions are carried out only if you have consented to all purposes of processing (that require consent) as well as the provider “Adex (Virtual Minds GmbH)”).
When you use this service, or to fulfill the purposes of processing, special purposes and functions, the following data is processed and saved until it is no longer needed for the corresponding purpose:
- Settings and system configurations
- Unique identifier of the mobile device
- IP address
- Geographic location
- Referrer URL
- Cookie ID
- Device operating system
- Date and time of visit
- Device information
- Browser information
- Websites visited
- Ads viewed
- Ads clicked
Data collected by “The Adex” is shared with the provider itself (Virtual Minds GmbH, Ellen-Gottlieb-Straße 16, 79106 Freiburg im Breisgau, Germany). The Data Privacy Policies of the provider are available at https://theadex.com/privacy-platform/ and https://theadex.com/privacy-opt-out/. The email address for the Virtual Minds GmbH Data Privacy Officer is legal@theadex.com.
Social networks and other websites
Our websites can contain links to third-party websites. By following these links, you are leaving our website. This is also the case, for instance, when you click on the links to share on social networks. Covestro selects the linked websites with care, but Covestro cannot accept any responsibility or liability for how your personal data is used, processed, stored and transmitted by the operating companies of these websites. If you are active on social networks where Covestro is present or if you visit other websites, you should familiarize yourself with the terms of use and data protection policies of the respective operating companies. This will give you the opportunity to understand and control whether and which personal data you provide to the respective social or websites.
Personal Information
Other personal information is only collected if you provide it to us, for instance by filling out a form, sending e-mails, while placing an order for services or products, or while making an inquiry or requesting materials.
This also includes customer surveys that Covestro sends out several times a year, subject to their consent. Further details can be found here.
Registration on our websites (if applicable)
If you take advantage of the opportunity to register on our website and provide us with personal information, data entered into the input fields will be transmitted to the entity responsible for processing it.
When a user registers on our website, their IP address and the date and time of registration are saved. The purpose of this is to prevent misuse of services.
Data must be registered to provide content or services. Registered persons may delete or amend their saved data at any time. Affected persons may obtain information on their saved personal information at any time.
Contact options
Our website includes a contact form that can be used to contact us electronically. If you choose this option to contact us, personal information you provide will be saved automatically. Data is saved only for the purpose of processing or contacting the person in question.
Alternatively, you can also contact us at the provided telephone number or in writing via the provided address.
Newsletter
If you subscribe to our company newsletter, the data you enter in the input fields will be submitted to the entity responsible for data processing.
When a user registers for our newsletter, their IP address and the date and time of registration are saved. This is done to prevent a misuse of services or misuse of the individual’s e-mail address. Data is never transmitted to third parties, except if we are required to transmit such data by law.
This data is only used to send the newsletter. The affected person can cancel their newsletter registration at any time. They can also revoke their consent to have their personal information saved at any time. A link is provided in each newsletter for this purpose.
Transmitting data for the purpose of contract data processing
In some cases, we use specialized service providers to process your data. These providers only process personal information on our behalf, acting strictly in accordance with our instructions and based on relevant agreements for contract data processing.
Data processing outside of the EU / EEA
In some cases, your data may also be processed in countries outside of the European Union (“EU”) or European Economic Area (“EEA”), areas which may have a lower level of data privacy protections than the EU. In such cases, we establish contractual agreements or other methods with our contractual partners for ensuring they provide a sufficient level of protection for your data, or we ask you for your explicit consent.
Storing your data
We save your personal information as long as necessary to complete a service you have requested or consented to, unless we are subject to other legal obligations such as commercial or tax law retention periods or those related to ongoing court proceedings.
(Log files on websites 2 years, contact inquiries - response center - 6 years).
Data security
Data you provide to us is protected using suitable technical and organizational means, with the objective of securing it against accidental or intentional manipulation, loss, destruction, unauthorized access, or unauthorized disclosure to third parties. Our security measures are continuously reviewed and improved in accordance with technological developments and organizational possibilities.
Your personal data is only transmitted to service providers in a third country if the specific requirements of Art. 44 et seqq. GDPR are fulfilled.
Information about your rights
You have the right to:
- receive information on your personal data saved by us;
- have your personal information corrected, deleted, or to have processing restricted;
- object to processing that serves our justifiable interest, the public interest, or profiling, unless we can show that there are mandatory grounds for this processing which outweigh your interests, rights, and freedoms, or unless the processing is completed to assert, exercise, or defend legal claims;
- have your data transmitted to the extent allowed under the law, such as in Art. 20 GDPR, and
- submit a complaint to a supervisory authority in your country if available, or to the State Officer of Data Privacy and Freedom of Information of North Rhine Westphalia, P.O. Box 20 04 44 40102 Düsseldorf.
You can revoke any consent you have granted to have your personal information collected, processed, and used at any time, effective for the future. Further information is provided in the individual sections describing data processing to which you must consent.
A written letter sent to the Group Data Privacy Office will be sufficient (for address and contact form see below).
Protecting the privacy of children
We do not knowingly collect the personal information of children. Typically, we have no way of knowing how old visitors to our site are. Since it is highly important to us to protect children as they use the internet, we advise all parents and guardians to teach their children how to use the internet safely and responsibly. Children should not transmit personal information to Covestro without the express consent of their parent or guardian.
Region & Country-specific Privacy Statements
Supplementary Data Privacy Policies containing specific information for your country or region are available here:
Japan – Privacy Statement
USA – California Privacy Notice
USA – California Privacy Notice for Employees, Job Applicants and Contractors
Contact
Covestro AG is responsible for the content of this website.
Kaiser-Wilhelm-Allee 60
51373 Leverkusen, Germany
Telephone: +49 214 6009 2000.
If you have any questions or suggestions related to data privacy, please contact the Covestro AG Group Data Privacy Office.
Kaiser-Wilhelm-Allee 60
51373 Leverkusen, Germany
Telephone: +49 214 6009 2000
data.privacy[at]covestro.com
Ongoing development on the internet requires that we adjust our data privacy declaration from time to time. We reserve the right to make such changes at any time.