Privacy Policy

Except as otherwise noted below, this Privacy Notice applies to the personal data that ECMS processes related to the following Persons (“data subjects”, “you”, “your”):

• website visitors and users

visitors and users of websites and other online services that link to this Privacy Notice (“Websites”) as well as applications, downloadable software, or platforms provided by us that link to this Privacy Notice (collectively the “Services”);

• employees of vendors, partners, and customers

current, former and prospective vendors and partners, and customers that purchase our products and Services,

• webinar / event participants
• individuals who register for or participate in our webinars and other events;
• individuals who participate in surveys, contests and research conducted by us; and
• individuals who communicate with us or otherwise interact and engage with us in person or electronically, including related to our Services.

This Privacy Notice does not apply to the personal data we collect about job applicants and candidates who apply for employment with us, or to employees and non-employee workers in the context of our working relationship with them (which are subject to different privacy notices).

Additional Notices. Additional or supplemental notices and disclosures (each an “additional notice”) may be provided and will apply to certain personal data collected and processed by us. Generally, we provide additional notices in order to clarify our privacy practices in specific circumstances and provide you with additional information about certain processing activities. To the extent there is a conflict with this Privacy Notice, the additional notice will control with respect to the personal data subject to that additional notice.

If you are a California resident, please also review our CCPA Privacy Notice (set forth in Section 14.D below), which includes important information about the categories of personal information we collect and process, and your rights under, the California Consumer Privacy Act (“CCPA”).

In addition, Section 14 of this Privacy Notice also provides additional information to individuals in certain jurisdictions, as required by applicable privacy and data protection laws.

Data Controller.  For the purposes of applicable privacy and data protection laws, the data controller for your personal data is BASF Environmental Catalyst and Metal Solutions LLC and the ECMS Group entity with whom you have a business relationship unless otherwise indicated in Section 14 of this Privacy Notice. A list of the ECMS data controllers and their contact details is set forth in Section 15 of this Privacy Notice. 

We collect personal data directly from individuals and, in some cases, we may collect personal data automatically (e.g., when you access our Websites) as well as from third parties.   

The actual personal data we collect, and how we use it, varies depending upon the nature of your relationship and interactions with us. Also, in some cases, including where required by applicable law, we ask for your consent or give you certain choices prior to collecting or using certain personal data.  Where we ask you for personal data, we will indicate to you what information is mandatory and what is optional to provide.  If you do not provide us with information marked as mandatory, we may not be able to consider you properly for the position(s) for which you are applying.

We collect personal data that you provide to us, our affiliates or share through our Services, which may include:

• Contact Information: we may collect and receive certain contact information about current, former and prospective customers, vendors, business partners, and others with whom we have a business relationship., such as name, company name, IP address and email or physical address, from you directly, or indirectly, through business relationships, or from publicly available online sources.
• Purchase and Payment Information: if you purchase our products or purchase our Services, you are required to provide your payment information, including name, billing and shipping address and details as well as payment type. There are cases where we work with third-party payment processors and fulfillment partners to process these payments. We do not collect, receive, process, or store credit card or debit card numbers, or other third-party payment account credentials ourselves. Depending upon the transaction, we may receive your username, name, email, payment type, product(s) or service(s) purchased, and other transaction details, and we may maintain records of your purchase and subscription history. information.
• Your requests: when you contact us for support or other customer service requests, we maintain support tickets and other records about your requests and related communications. For example, we may collect details about you, including your name, contact details, state and region, company, request type, request details you provide, your preferred contact, product and brand name and where relevant serial number.
• Communications: if you contact us by email, mail, phone, chat, our product finder, or otherwise regarding our Services, we collect and maintain a record of name and contact information, contact details, your communications and our responses, including a transcript of the communication and any information (including attachments) you may provide to us. If you call us, we may also record calls and maintain logs and records of those calls.
• Events and other information: we also collect personal data related to your participation in our events as well as other requests that you submit to us related to our Services. For example, if you register for or attend an event that we host or sponsor, we may collect information related to your registration for and participation in such event. When you sign up for our mailing lists, or otherwise request information from us, we collect and maintain records of your requests. When you complete a survey, we collect personal data about you, including your responses.
• Other information: If you visit our premises, we may ask you to provide certain information for health, safety, or security purposes.

We may collect personal data about how you use our Services and your interactions with us and others, including information we collect automatically (e.g., through cookies and pixel tags), as well as information we derive about you and your use of the Services, such as:

• Device and browser information: we use cookies, log files, pixel tags and other technologies to automatically collect information when users access or use our Services, such as IP address, general location information, domain name, browser type, device type, device ID, internet service provider, referring and exiting URLs, operating system, language, clickstream data, and similar device and usage information. We may also collect or derive location information about you, such as through your IP address.
• Usage data: we also collect activity information related to your use of our Websites and Services, such as information regarding what pages you accessed and when, date and time of your visit, the links clicked, searches, features used, items viewed, and time spent within the Services. We may also use pixels in HTML emails to understand if individuals read or open the emails we send to them.

In addition, to the extent permitted by applicable law, we may also collect certain personal data from third parties, such as:

• Third-party platforms: if you connect with us, or share information about us, through social media networks and other third party platforms that you use, we may receive personal data from these platforms. These third-party platforms control the personal data they collect and share about you. For information about how they may use and disclose your personal data, including any data you make public, please consult their respective privacy policies;
• Vendors and providers: we may engage vendors and work with other partners to provide services to us or you on our behalf (such as payment processors, digital storefronts, cloud hosting, and service providers). In addition, we may receive personal data from ad networks, analytics providers, and others who we work with to deliver, improve, and measure our online advertising and marketing campaigns; and
• Prospective customer information: we may receive lead and prospect information from third parties about prospective customers that may be interested in our products and Services. We may also engage with third parties to enhance or update our customer information.

Aggregate and Non-Identifiable Information. We may also collect, use, share, disclose, and otherwise process aggregate, anonymous, and in some cases de-identified information related to our business, products and the Services for research, marketing, analytics, and other purposes. Where we use, disclose or otherwise process any de-identified information, we will maintain and use such information in de-identified form and not attempt to re-identify the information, except in accordance with applicable privacy laws. 

While the purposes for which we may process personal data will vary depending upon the circumstances, in general, we use personal data for the business and commercial purposes set forth in this Section. In this Section, we also explain the legal bases for which we process personal data about Users, as required by certain data protection and privacy laws, including the EU/UK General Data Protection Regulation (the “GDPR”). Regarding the European Economic Area (“EEA”) and the UK, for each purpose additional information about the legal bases for processing, relevant data categories and recipients can be found in Section 14.A of this Privacy Notice.

Legal Bases for Processing. Certain data protection laws (such as those in the EU and UK), require that we identify the legal bases for which we process personal data.  In general, we rely on the following legal bases (as applicable) under these data protection laws, in order to process personal data:

• Performance of contract: the personal data we collect may be used to perform our agreements with you, including the terms and conditions applicable to the Services you use;
• Compliance with legal obligations: the personal data we collect may be processed in order to comply with the law and regulatory and legal obligations to which we are subject;
• Our legitimate business interests: to the extent permitted by law, we may process personal data in furtherance of our legitimate business interests (which include our interests in: protecting, maintaining, and improving the Services; developing new products and services; marketing and promoting our Services (including by profiling and marketing to you); protecting our legal rights and interests; supporting mergers, acquisitions, reorganizations, and other similar business transactions; and to generally operate and improve our business); and
• Your consent: with your express consent (for example, where required by law, to send you marketing communications, surveys, news, updates, and other communications), which you may withdraw at any time (as set forth Section 11. Your Privacy Rights and Choices) in accordance with applicable laws.

Purposes of Collection, Use, Disclosure and Processing. While the purposes for which we may process personal data will vary depending upon the circumstances, in general, we use your personal data for the business and commercial purposes set forth below (and we have also set forth the legal bases for such processing, as further described above, pursuant to certain data protection laws, as applicable):

• Providing our Services and related support: to manage our business and provide day-to-day services including, but not limited to, ordering, shipping, delivering, invoicing, collecting, establishing credit arrangements, administering rebates, discounts, and special programs, processing payments, managing accounts, and supply chain activities; to provide troubleshooting and other technical support; and for other customer service and support purposes; (Legal basis: performance of contract; our legitimate interests);
• Communications: to seek your views or comments on the products or Services we provide and send you communications by post or email, which you have requested or that may be of interest to you, including newsletters, or promotions of our products or Services or events, and to notify you of changes to our products and Services (Legal basis: our legitimate interests; your consent);
• Manage customer, partner and vendor relationships: to establish customer, supplier, distributor, and retailer relationships and to communicate with customers, suppliers, distributors, and retailers; to purchase, acquire, and solicit products, Services, and special offers from our suppliers (Legal basis :performance of contract, our legitimate interests);
• Customer training: to provide information and training to customers, suppliers, distributors, and retailers about existing and new products and services of ECMS, including the use of such products and services (Legal basis: performance of contract; our legitimate interests; your consent);
• Business operations and related support: to manage and promote the business activities of ECMS, including the development and evaluation of business plans; to consider and implement mergers, acquisitions, reorganizations, and other business transactions, and where necessary to the administration of our general business, accounting, recordkeeping and legal functions (Legal basis: our legitimate interests; complying with our legal or statutory obligations; for the establishment, exercise or defense of a legal claim; our legitimate interest);
• Customization and personalization: to tailor content we may send or display on our Websites and Services, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences (Legal basis: our legitimate interests; your consent);
• Marketing and advertising: to develop, implement, market, promote, and sell products, Services, and special offers, including on third-party websites, as well as for direct marketing purposes, including to send you newsletters, alerts and information we think may interest you (Legal basis: our legitimate interests; your consent);
• Research and analytics: to research, develop and improve existing and new products, technologies, and services; to review and assess market trends and activities impacting the business of ECMS; to better understand our customers, online visitors, suppliers and service providers, we may analyze your information in aggregate form; (Legal basis: our legitimate interests);
• Fraud prevention on our Websites and Services: to detect fraud on our Websites and Services, including detection of bots; (Legal basis: our legitimate interests);
• Planning and managing events: for event planning and management, including registration, attendance, connecting you with other event attendees, and contacting you about relevant events and Services (Legal basis: performance of contract; our legitimate interests);
• Security and protection of rights: to secure and protect the safety and well-being of our customers, suppliers, distributors, retailers, the community, and the environment; for example: to prevent, detect and investigate fraud, misuse, harassment or other types of unlawful activities; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of this Privacy Notice and our applicable agreements (Legal basis: complying with our legal or statutory obligations; legitimate interests; for the establishment, exercise or defense of a legal claim);
• Defending our legal rights: to administer or enforce our rights under an agreement or otherwise protect ECMS and its rights; to investigate and respond to customer inquiries and complaints (Legal basis: meeting our legal or statutory obligations; legitimate interests; for the establishment, exercise or defense of a legal claim; in Brazil, this also includes the exercise of rights in judicial, administrative, or arbitration proceedings in accordance with applicable laws);
• Complying with legal obligations: to meet requirements imposed by law; including court orders, subpoenas, or compliance with the legal process (Legal basis: complying with our legal or statutory obligations); and
• Otherwise with consent: to carry out other purposes which are identified to and agreed to by you; for example, in any terms of use or agreements related to a specific product or service of ECMS (Legal basis: your consent).  

We disclose personal data for the purposes listed, which, generally, may include the following disclosures:

• ECMS Group entities: to our affiliates and subsidiaries and other members in the ECMS group of companies (in aggregate and non-aggregate forms) for the purposes described in this Privacy Notice;
• Processors and service providers: to vendors and services who provide services to us or on our behalf (which may include website hosting and cloud storage providers, consent management providers, customer relationship management platforms, fraud prevention providers and third-party payment solution providers);
• Vendors, business partners, and other third parties: with our agents, auditors, consultants, current and prospective business partners, and to other third parties;
• Distributors: we may disclose your contact information to Distributors who distribute ECMS products if you request to learn more about ECMS products or to be contacted by someone to discuss ECMS products;
• Third-party platforms and services: we may disclose or make available personal data to third-party platforms and providers that we use to provide or make available certain features or portions of the Services, or as necessary to respond to your requests;
• Marketing, advertising and analytics providers: we may disclose certain information that includes personal data to third-party ad network providers, sponsors and/or traffic measurement services, who may use this information to improve and measure the effectiveness of our ads and those of third parties. For more information, see Section 5. Cookies, Advertising and Tracking. We may also engage third-party analytics companies to collect information about Website and Services usage in order to help us to understand how you access and use the Services, to improve our Services and other products and offerings, and for other research and analytical purposes;
• Security and protection of rights: to administer or enforce our rights under an agreement; for example, we may disclose personal data where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our terms of use and other agreements, to respond to claims asserted against us, or as evidence in litigation in which we are involved and to regularly exercise our rights in judicial, administrative, or arbitration proceedings (as applicable in Brazil). We may also share personal data where necessary in order to protect your vital interests or in emergency situations that threaten the life, health, or security of an individual, the community, or the environment, or where we believe necessary to protect the Services, our business operations and our rights, such as to prevent and detect fraud, unauthorized activities and access, and other misuse;
• Corporate transactions: in connection with a change of ownership, sale, merger, liquidation, reorganization, or acquisition of ECMS, an ECMS business unit or department, or substantially all of ECMS or an ECMS business unit or department’s assets outside the ordinary course of business, your personal data may be transferred as part of the transaction, as permitted by law;
• Legal compliance: in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements and when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas; as required or permitted by law including, but not limited to, complying with a court order, complying with a statute or regulation, and assisting with investigations by law; and
• Otherwise: as directed by you or with your consent. 

We may use cookies (a/k/a browser or HTTP cookies), clear GIFs/pixel tags, JavaScript, log files, and other tracking mechanisms (“cookies”) to automatically collect and record information about your browsing activities, and use of the Websites and Services, and to make available certain features and functions. 

Cookies. Cookies are small packets of data that a website stores on your computer’s or mobile device’s hard drive (or other storage medium) so that your computer or device will “remember” information about your visit. Some cookies allow us to make it easier for you to navigate our Websites and Services, while others are used to enable a faster login process or to allow us to track your activities while using our Websites and Services. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. However, if you decide not to accept cookies from us, certain aspects of our Websites or other ECMS websites or platforms or our Services may not function properly or as intended.

Pixels (sometimes referred to as tags, pixel tags or clear GIFs) and other technologies. These are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, pixels are embedded invisibly on web pages. We may use pixels (also referred to as web beacons, web bugs or pixel tags) in connection with our Services to, among other things, track the activities of users of our Services, help us manage content, and compile statistics about usage of our Services. We and our service providers also use clear GIFs in HTML emails to our customers, to help us track emails and to evaluate and improve our marketing e-mails. Pixels can be embedded in a web page or in an e-mail for purposes such as traffic reporting, unique visitor counts, advertising auditing and reporting, as well as determining whether a recipient has opened a particular e-mail sent by ECMS.

Advertising and Targeting. We work with third parties, such as ad networks, channel partners, mobile ad networks, analytics and measurement services and others (“third-party ad companies”) to personalize content and display advertising on our Websites and Services, as well as to manage our advertising on third-party sites, mobile apps and online services. We and these third-party ad companies may use cookies, pixel tags, and other tools to collect activity information on our Websites and our Services (as well as on third-party sites, platforms, and services), as well as IP address, location information, device ID, cookie and advertising IDs, and other identifiers. We and these third-party ad companies use this information to provide you more relevant ads and content on our Websites, our Services and on third-party sites and apps, and to evaluate the success of such ads and content. response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Third-Party Analytics. We may use one or more third-party analytics services and tools to evaluate your use of our Websites, our Services or other ECMS websites or online platforms, as the case may be, by compiling reports on activity (based on their collection of IP addresses, Internet service provider, browser type, operating system and language, referring and exit pages and URLs and other similar usage data) and analyzing performance metrics. These third parties use cookies and other technologies to help collect, analyze, and provide us reports or other data. 

Managing Your Cookie Preferences. You can review and manage your cookie preferences for our Websites and Services and opt out of most cookies, including targeting cookies and tags on our Websites and Services, by reviewing and changing your preferences (including to opt out of all but ‘strictly necessary’ cookies) by through the cookie settings manager accessible from the footer of our Websites and our Services.  Most browsers also allow you to delete and block cookies (see the “Help” menu of your browser for more information).

You can also control how participating third-party ad companies use the information that they collect about your visits to our Websites and of our Services, and those of third parties, in order to display more relevant targeted advertising to you. For more information and to opt out of receiving targeted ads from participating third-party ad networks go to:

• U.S. Users: https://aboutads.info/choices (Digital Advertising Alliance) (you can also download the DAA AppChoices tool in order to help control interest-based advertising on apps on your mobile device);
• EU Users: https://youronlinechoices.eu (European Interactive Digital Advertising Alliance); and
• Canada Users: https://youradchoices.ca/choices/ (Digital Advertising Alliance of Canada).

Cookie preferences are browser and device specific, which means that you need to set your preference for each browser and device you use to access our Websites and Services. In addition, if you delete or block cookies, or return to the Websites or Services with a different device, you may need to set your preferences again.  

ECMS has implemented safeguards to protect the personal data we collect. Please understand, however, that no security system is impenetrable. Therefore, we cannot guarantee the security of our databases or the databases of the third parties to whom we may disclose your information (as permitted herein), nor can we guarantee that the information you supply will not be intercepted or used in an unauthorized manner. In particular, emails sent to us may not be secure, and you should therefore take special care in deciding what information you send to us via email. 

Our content is not designed for, or directed at, children under the age of 16 and we do not knowingly collect personal data from individuals in this age group. If you believe we have inadvertently collected personal data about a child, please contact us at dataprivacy@basf-catalystsmetals.com), and we will endeavor to delete that information from our databases.

From time to time, for the purposes set out in this Privacy Notice above, we may also need to transfer your personal data to other members of the ECMS Group located outside the jurisdiction in which you are located.  A list of the ECMS Group entities and their location is set forth below, in Section 15. ECMS Group Entities. We may also disclose personal data to other data processors and third parties as described above, in Section 4. Disclosures of Personal Data, and some of these entities may be located outside your jurisdiction of residence.

As such, personal data may be transmitted to outside of your jurisdiction of residence, including to the United States and other jurisdictions which may not have equivalent data protection laws to the laws in your home country. If we transfer personal data outside of your home jurisdiction, we will ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it, including by implementing appropriate safeguards, such as written data processing terms, data transfer agreements, and/or other measures recognized or required by applicable local laws. 

The Website may contain links to third-party websites, such as social networking sites and plugins to facilitate social media functions, which may collect personal data about you. These third parties may collect information about you if you click on a link and may automatically record information about your browsing behavior every time you visit their respective sites or services. 

We have no control over the information that other websites or social media websites or plugins collect, store, or use subject to their own policies. Before you choose to access other websites from the Website or our Services or “like” or share information from the Website or our Services through any social media platform or website, please be certain that you review the privacy notice of that social media platform or website.

We retain your personal data for as long as reasonably necessary to fulfill the purposes for which we collected it (as described in this Privacy Notice), and we may also retain your personal data for an additional period of time where necessary to comply with our legal obligations or to establish, exercise or defend our legal rights (including responding to actual or potential legal claims). 

Subject to the conditions set forth under applicable law, you may have certain privacy rights regarding your personal data. 

Access, Deletion and Correction. You may submit a request to us to access, correct or delete personal data, or exercise your privacy rights under applicable law, by contacting us as set forth in Section 13. Contact Us. We will process your request in accordance with applicable privacy and data protection laws. We may ask you for additional information so that we can confirm your identity or process your request.

Direct Marketing. You may opt out at any time from the use of your personal data for direct marketing purposes by clicking on the “Unsubscribe” link located on the bottom of any ECMS marketing email and following the instructions found on the page to which the link takes you. Please allow us a reasonable time to process your request. We may continue to send you transactional or product and service-related communications, such as service announcements and administrative messages, as far as allowed by applicable laws. In addition, where required by applicable law (including for individuals who reside within the People’s Republic of China (“PRC” or “China” herein)), we will only send you direct marketing emails on an opt-in basis.

Additional Information for Certain Jurisdictions. Section 14. Additional Information for Individuals in Certain Jurisdictions provides additional information, as required by certain privacy laws, about the rights of individuals under the privacy laws of certain jurisdictions (including California, the EEA, the UK and China). 

This Privacy Notice is effective as of the “Last Updated” date stated at the top of the Privacy Notice. We may change this Privacy Notice from time to time and encourage you to refer back to this Privacy Notice on a regular basis. We will post any changes to this Privacy Notice on our Website. If we make any changes to this Privacy Notice that materially affect our practices with regard to the personal data we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Websites or notifying you electronically. 

If you have any questions or for more information about our Privacy Notice and the practices set forth here, please contact us at: Dataprivacy@basf-catalystsmetals.com.  You may also contact the ECMS group entities as set forth below, in Section. 15. ECMS Group Entities. 

This Section 14 sets forth additional information to data subjects as required by certain applicable privacy laws. 

This Section 14.A provides additional information for and applies to data subjects in the EEA, the UK, Switzerland and Brazil or whose personal data we process subject to the laws of these jurisdictions.

Controller. The data controller of your personal data is the ECMS entity with who you interact or otherwise have a business relationship. You can find a list of the ECMS data controllers and their contact details below, in Section 15. ECMS Group Entities.

Your Rights. Subject to the conditions set out in applicable law, data subjects have the following rights regarding our processing of their personal data:

• to obtain confirmation from us that personal data is being processed and to request access to and a copy of the personal data we hold about you;
• to receive a copy of the personal data that you have provided to us, in a structured, commonly used and machine-readable format and require us to transmit it to other personal data controllers where this is technically feasible, if the processing of your personal data is based on your consent or a contract and the processing is carried out by automated means;
• to the request that we rectify (i.e., correct) any inaccurate personal data and to have incomplete personal data completed;
• to request to restrict our processing of your personal data:
  • if you contest the accuracy of your personal data, the restriction period will extend at least for the time we need to verify your request;
    • if you assert the processing is unlawful, you oppose the erasure of it and request restriction instead;
      • we no longer need it, but you tell us you need it to establish, exercise or defend a legal claim; or
      • if you object to processing based on a public or legitimate interest, the restriction period will extend at least for the time we need to verify your request;
• to request that we erase your personal data where:
  • if it is no longer necessary for the purposes for which we have collected it;
    • you have withdrawn your consent and no other legal ground for the processing exists
      • you objected and no overriding legitimate grounds for the processing exist;
      • the processing is unlawful; or
      • erasure is required to comply with a legal obligation; and
• to the extent we rely on our legitimate interest to use your personal data, you have the right to object, on grounds relating to your particular situation, at any time, to the processing of your personal data unless we can demonstrate that our compelling legitimate grounds for the processing outweigh your interests, rights, and freedoms or where we need to process the personal data to establish, exercise or defend legal claims.
• For transfers to service providers, contractors or other data processors acting on our behalf, Module Two (transfer from controllers to processors) of the SCCs is relevant; and
• For transfers to recipients which do not process personal data on our behalf but for their own purposes, Module One (transfer from controllers to controllers) is relevant.

Digital legacy: if you are resident of France, you also have the right to issue directives relating to the disposition of your personal data after your death.

Blocking: if you are located in Brazil, you may also request the anonymization, blocking, or erasure of unnecessary or excessive personal data, or personal data processed in violation of the LGPD.

Please note that some of the above rights may be limited, such as where we have an overriding interest or legal obligation to continue to process the personal data. Please note that we may request additional information in order to verify your identity. We will endeavor to respond to your request within all applicable timeframes required by law.

You may also lodge a complaint with a supervisory authority, in your jurisdiction of residence, place of employment, or the location where the issue that is the subject of the complaint occurred.  More information and the contact details for the respective EEA and UK supervisory authorities can be found at: (i) for Germany: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html, (ii) for the other EEA member states: https://edpb.europa.eu/about-edpb/about-edpb/members_en; (iii) and for the UK: https://ico.org.uk/.

Withdrawal of Consent. Where our processing of your personal data is based on your consent, you are free to withdraw your consent at any time by contacting us as set forth below. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected. Brazilian individuals also have the right to be informed about the consequences of denying or withdrawing consent.

Transfers from the EEA, Switzerland and UK. If we transfer your personal data from the EEA, UK or Switzerland to a jurisdiction that has not been recognized by the relevant jurisdiction as providing an adequate level of data protection, we will implement measures to adequately protect your personal data.  Such measures may include executing the standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 (the “SCCs,” the form for which is available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en, and, where UK data protection law applies, the UK International Data Transfer Addendum approved by the ICO where UK law applies (available at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf (collectively).

Where we rely on the SCCs:

If we transfer your personal data from the EEA, the UK or Switzerland to a jurisdiction which has been recognized as providing an adequate level of data protection, we will rely on the European Commission's adequacy decision (a list of the adequacy decisions can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) respectively the UK's equivalents.

You may request additional details of the mechanism under which your personal data is transferred and/or a copy thereof, by contacting us as set forth above, in Section 13. Contact Us.

Transfers from Brazil. If your personal data is subject to Brazilian laws, we will implement appropriate safeguards to protect your personal data, as required under the LGPD.

Contact Us. If you like to submit a request pursuant to your privacy rights, you may contact us at Dataprivacy@basf-catalystsmetals.com.

If you engage with an ECMS group entity located in Germany or if your request in any other way relates to Germany, you may also contact our Data Protection Officer for the relevant ECMS group entity located in Germany at dataprivacy_ger@basf-catalystsmetals.com. 

Detailed information on purposes, legal bases and related data categories and recipients for the EEA and UK. From the table below you can ascertain which categories of personal data potentially are processed for various relevant purposes, to which categories of recipients they are potentially transferred, and which specific legal basis (and potentially legitimate interest) is relevant.

In this Section 14.B we provide additional information to users within the People’s Republic of China (“China,” which for the purposes of this Privacy Notice only, excludes Hong Kong, Macau and Taiwan) about how we handle their personal data. Your Rights. Subject to any restrictions and exemptions under applicable law, individuals in China may have the following rights in respect of your personal data:

• To access to your personal data (and copies thereof), and information regarding the sources and purposes of processing your personal data and the identity or type of third party who has obtained your personal data;
• To rectify your personal data if it is inaccurate or incomplete;
• To require deletion of your personal data if (i) the purpose of the processing has been achieved or cannot be achieved, (ii) the processing is based on your consent and your withdraw the consent; or (iii) the processing violates any legal requirements;
• Where your personal data is used for automated decision and we use the decisions to send marketing messages or promotions, right to refuse such processing or request non-customized messages or promotions;
• To withdraw or restrict the scope of your consent to the processing of your personal data;
• To lodge a complaint with us or with the relevant supervisory authority;
• To request the deregistration of any account (if applicable);
• To request your personal data to be transferred to another data controller, provided that our processing is based on your consent or is necessary for performing contracts and the transfer is technically feasible and will not infringe others' rights; and
• To appeal and obtain explanation and manual review of any decisions that may significantly affect your rights and interests made by information systems based on automated decisions made using your personal data (if applicable).

If you wish to exercise your rights, you can contact us dataprivacy_chn@basf-catalystsmetals.com. In some cases, we may request additional information in order to verify your request or where necessary to process your request. We will respond to your request consistent with applicable law.

Legitimate Interests. We will not rely on legitimate interests as a legal basis for processing your personal data. Instead, for all the processing that could have been relied upon legitimate interests in other jurisdictions, we would rely on your consent for the processing.

Disclosure of Personal Data. We may share your personal data with third parties that process and store your personal data within or outside of China. These third parties may either process your personal data on our behalf ("Data Processors"), or with their independent purposes and means ("Separate Controllers").

We have set out in the table below details of (i) the Separate Controllers (no matter whether they process personal data within or outside of China), and (ii) the third parties that process your personal data outside of China (no matter whether they act as Data Processors or Separate Controllers). We will only provide your Personal Data with such parties after obtaining your separate consent if required by law.

Sensitive Personal Data. In China, “sensitive personal data” refers to the personal data that, once leaked or illegally used, will easily lead to infringement of human dignity or harm to the personal or property safety of a natural person. Providing us with your sensitive personal data increases the risk that you may suffer harm to your personal safety or dignity or your reputation, or loss or damage to your property if your sensitive personal data is accessed, used, or divulged without authorization while it is in our custody. We will take enhanced security measures to protect your sensitive personal data. But please understand that no security measures can be entirely flawless, and we cannot guarantee that your sensitive personal data will never be accessed or used without authorization. We will only process your sensitive personal data after obtaining your separate consent if required by law.

Children. Our content is not designed for, or directed at, children under the age of 14 and we do not knowingly collect personal data from individuals in this age group. If you believe we have inadvertently collected personal data about a child, please contact us and we will take steps to delete this information. If you have reason to believe that a child under the age of 14 has provided personal data to us, please contact us at dataprivacy_chn@basf-catalystsmetals.com, and we will endeavor to delete that information from our databases.

Changes to this Privacy Notice. If we update this Privacy Notice due to changes to any processing activities that are based on your consent as the legal basis or require your separate consent, we will notify the update to you and obtain your consent if required by law.

For other privacy-related questions, you may also contact our privacy representative, who will be pleased to help you, at dataprivacy_chn@basf-catalystsmetals.com. 

This Section 14.C provides additional information for residents of India, pursuant to Indian privacy laws.

Sensitive Personal Data. If you are located in India, sensitive personal data includes password; financial information such as bank account, credit card, debit card or other payment instrument details; physical, physiological and mental health condition; sexual orientation; medical records and history; and biometric information.

Privacy Rights. In addition to the rights set out in the Section 11. Your Privacy Rights and Choices, you have the right to withdraw consent in relation to the processing or transfer of your personal data (including sensitive personal data).

Contact Us. If you have questions about this Privacy Notice or inquiries, complaints or concerns relating to our processing of your personal data or would like to exercise any of the rights you may have as set out in this Privacy Notice, you may contact us at dataprivacy_ind@basf-catalystsmetals.com. 

This Section 14.D (our “CCPA Privacy Notice”) provides additional information to California residents regarding the categories of personal information we collect, use, disclose and otherwise process and the rights individuals have under the California Consumer Privacy Act as amended (the “CCPA”) with respect to their personal information.

Scope. This CCPA Privacy Notice applies, generally, to the personal information that we collect and otherwise process about California residents.  This CCPA Privacy Notice does not address or apply to our collection of personal information that is:

• Exempt from or not subject to the CCPA, such as consumer credit reports and background checks, publicly available data, or other information that is exempt under the CCPA; or
• Personal information we collect from our contractors, employees, or from job applicants, which is subject to different privacy notices.

Categories of Personal Information Collected, Used, and Disclosed. Our collection, use, and disclosure of personal information about you will vary depending upon the circumstances and nature of our interactions or relationship with you. The table below sets out generally the categories of personal information (as defined by the CCPA) about California residents that we collect (and have in the prior 12 months collected), as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose.  In some cases (such as where required by law), we may ask for your consent or give you certain choices prior to collecting or using certain personal information.

Sales and Sharing of Personal Information. California privacy laws "sales" and “sharing” are broadly defined and include disclosing or making available to a third-party personal information in exchange for monetary or other valuable consideration, or for purposes of cross-context behavioral advertising.  While we do not disclose personal information to third parties in exchange for monetary compensation, we may sell or share (as defined by the CCPA) ) the following categories of personal information as identified in the table above: Identifiers, Commercial information, and Internet and electronic network activity information to/with third-party advertising networks, analytics providers, and social networks, in order to measure and improve our marketing and advertising campaigns and the Services. We may also share Identifiers and Commercial information with our distributors if you request to learn more about ECMS products or to be contacted by someone to discuss ECMS products. We do not “sell” or “share” (as defined by the CCPA) (i) any sensitive personal information, or (ii) any personal information about individuals who we know are under sixteen (16) years old.

Sources of Personal Information. In general, and as explained further above in this Privacy Notice, we obtain the categories of personal information directly, automatically and from third parties, which may include the following categories of sources:

• Business relationships, such as business partners, such as distributors, retailers, resellers, employment related services, consultants, sponsorships, and trade memberships;
• Data brokers/data resellers;
• Organizations involved in merger or acquisition activities etc.;
• Advertising networks;
• Data analytics providers;
• Social networks;
• Internet service providers;
• Operating systems and platforms; and
• Information publicly available online, such as government databases.

Purposes for the Collection, Use, Disclosure and Processing. As described in more detail in Section 3. Purposes and Legal Bases of Processing and Section 4. Disclosures of Personal Data, we may collect, use, disclose and otherwise process personal information for one or more of the following purpose(s) and as otherwise directed or consented to by you:

• Providing our products and Services and related support;
• Facilitating communications;
• Managing customer, partner and vendor relationships;
• Customer training;
• Business operations and related support;
• Customization and personalization;
• Marketing and advertising;
• Research and analytics;
• Fraud prevention on our Websites and for our Services;
• Planning and managing events;
• Security and protection of rights;
• Defending our legal rights;
• Complying with legal obligations; and
• Otherwise with consent.

Sensitive personal information: notwithstanding the above, we only use and disclose sensitive personal information as reasonably necessary (i) to perform services requested by you, (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents, (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct, (iv) to verify or maintain the quality and safety of our products and services, (v) for compliance with our legal obligations, (vi) to our service providers who perform services on our behalf, and (vii) for purposes other than inferring characteristics about you.  We do not use or disclose your sensitive personal information other than as authorized pursuant to Section 7027 of the CCPA regulations (Cal. Code. Regs., tit. 11, § 7027 (2022)).

Retention. We retain the personal information we collect only as reasonably necessary for the purposes described above or otherwise disclosed or consented to you at the time of collection. For example, we will retain transactional data for as long as necessary to comply with our tax, accounting and recordkeeping obligations, administer applicable returns and warranty programs, and for research, development and safety purposes, as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, comply with legal obligations and as may otherwise be required by law.

CCPA Privacy Rights.  California residents have certain rights under the CCPA with respect to their personal information we collect about them, subject to certain limitations and exceptions, including the right to:

• Know/access: the right to know what personal information we have collected about them, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about them;
• Correct: the right to request that a business that maintains inaccurate personal information about them corrects that personal information;
• Delete: the right to request deletion of their personal information that we have collected about them;
• Limit use or disclosure of sensitive personal information: the right to limit the use or disclosure of sensitive personal information to those uses authorized by California privacy laws (however, as noted above, we do not use or disclose sensitive personal information other than as authorized by the CCPA);
• To opt out of sales and sharing: the right to opt out of our sale and sharing of their personal information by us; and
• Non-discrimination: the right to not be subject to discriminatory treatment for exercising their rights under the CCPA.

Submitting CCPA Requests. California residents may submit a request to exercise their CCPA rights]via email at dataprivacy_us@basf-catalystsmetals.com. Only you, or someone legally authorized to act on your behalf (including representatives, agents, parents and legal guardians of minors), may make a consumer request related to your personal information.  We will process your request with respect to the personal information in our records that is linked or reasonable linkable to the personal information provided as part of your request.

Verifiable Requests to Access, Correct and Delete. Requests to access, correct and deleted must be verifiable, which means that to submit a request you must:

• Provide sufficient information in response to the verification questions asked when you submit your request via our webform, email or phone, that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative of such a person. In the event we need additional information, such as confirmation of the accuracy of personal information or of an individual’s status as an authorized representative, we will reach out to you personally or your authorized representative to ask additional questions or gather additional information; and
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. ECMS or a third party on behalf of ECMS may follow up with you to determine whether a request is a verifiable consumer request under applicable law.

If we cannot verify your identity or authority to make the request and confirm the personal information relates to you, ECMS will deny the consumer request in whole or in part and will not disclose the information requested or, as applicable, will not delete the information requested. ECMS will respond to any such consumer request with a denial and will also explain why it has no reasonable method by which it can verify the identity of the requestor.

If you submit a request to access, correct or delete through the use of an authorized agent, we may require that you (i) provide the authorized agent with written permission to act on your behalf, and (ii) verify your identity directly with us. We may deny a request from an authorized agent that does not submit proof of authorization or where you have not verified your identity directly with us.

Requests to opt-out of sales and sharing: You may request to opt out of sales and sharing of your personal information by ECMS by by using the methods described below. We will process your request with respect to the personal information in our records that is linked or reasonable linkable to the personal information provided as part of your request. 

• Cookie Settings Manager: You may opt out of any “sales” and “sharing” (if applicable) that occurs via cookies and automated technologies on one of our Websites,  by opting out of cookies other than those ‘Strictly Necessary’by adjusting your browser’s cookie preferences for our Websites in using the cookie settings manager available in the footer of that Website. You can access the cookie settings manager, and review and update your cookie preferences for our Websites, by using the "Manage Cookie Preferences" link, or the "Do Not Sell or Share My Personal Information" link for California residents, in the footer of that Website.
• Universal Browser Privacy Signals: In addition, if one of our Websites recognizes that your browser is transmitting a Global Privacy Control (“GPC”) signal, when you come to that Website, we will opt your browser out of [Targeting]  cookies on that Website, we will opt that browser out of cookie-related “sales” and “sharing” on that Website. To learn more about GPC and how to implement it visit: https://globalprivacycontrol.org/.
• Internet Browser Settings: In addition to our cookies settings manger, most Internet browsers allow you to change your cookie settings. However, if you use your browser settings to block all cookies (including ‘Strictly Necessary’ cookies), you may not be able to access all or parts of our Websites and related services. Use the help function on your browser or see the links below for more information on how to manage cookie settings for certain bowsers:
  • Chrome
  • Firefox
  • Internet Explorer
  • Safari

For more information on cookies and other tracking technologies that may be associated with our Websites, and more information on ways you may exercise preferences regarding them, see our Cookie Policy.

• Other: To opt out of “sales” and “sharing” by ECMS that is not cookie-or pixel related (if any), you may submit your opt-out request via e-mail at dataprivacy_us@basf-catalystsmetals.com. We will process your request with respect to the personal information in our records that is linked or reasonably linkable to the personal information provided in your request.

Please note that your opt out is browser and device specific and applies to “sales” and “sharing” via cookies and similar browser-based tools on the Website you are browsing. If you come to the Website from a different device or a different browser on the same device, you will need to apply your preferences or turn on GPC for that browser or device as well.  (Please note that ECMS does not currently respond to “Do Not Track” signals.) 

California’s Shine The Light Rights. Pursuant to California’s “Shine the Light” law (California Civil Code, § 1798.83) (“STL”), California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes, including the names and addresses of those third parties. You may make one request per year. In your request, you must identify the ECMS entity to which your request relates and attest to the fact that you are a California resident and provide a current California address for your response. You may request this information in writing by emailing us at dataprivacy_us@basf-catalystsmetals.com. Any such request must include “California STL Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please indicate if you are opting out of affiliate sharing, seeking information on our compliance, or both. Please note that we are not required to respond to requests made by means other than those described in this paragraph. ECMS complies with STL request by providing California consumers with opt-in and/or opt-out choices as required under the STL law. Please note that your CCPA and STL exist under different laws and you must exercise your respective rights under each law separately.