1. Data controller

The legal entity responsible for processing your personal information is:

BASF Coatings Services AB

Org. Nr.: 10077214

Kalvebod Brygge 45, 2.

1560 København V



Information on data protection  


Customers, interested parties and distribution partners of BASF




The topic of data protection is of utmost priority for BASF (herein after referred to as “we” or “us”). Naturally, this also includes ensuring a high level of transparency. To ensure this transparency, the following document provides information on how we process the personal data of the contact persons of our customers, interested parties or distribution partners (herein after referred to as „Our Contact Persons“). Of course, we process personal data only in strict compliance with the applicable laws on the protection of personal data.  




Who is responsible for data processing and who is the Data Protection Representative?


The individual responsible for data processing is “BASF Coatings Services AB”

BASF Coatings Services AB

Transportgatan 37

422 46, Göteborg



Our Data Protection Representative (Helle Kibsgaard, Copenhagen) can be contacted at:


+45 2523 3517





Which data categories do we use and where do they come from?


We process the following categories of personal data:  


  • Contact information of Our Contact Persons (name and surname; address and phone number, cell phone number, fax number and e-mail address);


  • Other information necessary for the execution of the contractual relationship or a project with our customers and distribution partners (such as payment details, order details, etc.);


  • Other information that is necessary to complete requests from Our Contact Persons or to unambiguously identify Our Contact Persons in our systems


We collect the personal information of Our Contact Persons directly from Our Contact Persons or from our customers or distribution partners while carrying out the contractual relationship.   


In addition, we process personal information that we have acquired from public sources in an appropriate manner.



For what purposes and on what legal basis are data processed?



We process personal data of Our Contact Persons in compliance with the provisions of the General EU Data Protection Regulation (GDPR), as well as all other relevant laws.


Data processing serves the following purposes:  


  • Communicating with Our Contact Persons regarding products, services and projects (such as regularly distributing information and newsletters);


  • Completing requests from Our Contact Persons, customers, interested parties or distribution partners;


  • Planning, executing or administrating our (contractual) relationship with our customers, distribution partners, interested parties or Our Contact Persons, e.g. to process orders, for accounting purposes, to execute deliveries and organize transportation;


  • Carrying out customer surveys, marketing campaigns, market analysis, raffles, contests or similar actions or events;


  • Maintaining and protecting the security and safety of our products and services as well as security and functionality of our websites; avoiding and detecting security risks, fraudulent activities or other criminal or malicious acts;


  • Maintaining and protecting the security of our premises and establishments (e.g. conduct access control, issuing temporary access permits);


  • Compliance with legal requirements (e.g. compliance with fiscal or commercial retention obligations; preventing money laundering or economic crime)


  • Resolving disputes and lawsuits, establishing, exercising or defending against legal claims or litigation, enforcing existing contracts



The processing of the above-mentioned data categories is necessary to achieve these purposes.


If not otherwise expressly stipulated, the legal basis for the processing is article 6 Para. 1 lit (b) and (f) EU General Data Protection Regulation.


In addition, we also obtain express permission from Our Contact Persons to collect personal data under article 6 Para. 1 lit a of the EU Data Protection Regulation.


If we intend to process personal data of Our Contact Persons for any other purpose not mentioned above we will inform our Contact Persons accordingly prior to such processing.



To whom is personal data transmitted?


Within our company, only persons and bodies who need personal data of Our Contact Persons to fulfill the above-mentioned purposes will receive access to such data.


Within our group of companies, personal data of Our Contact Persons is provided to specific companies within the group if they centrally perform key tasks for affiliates within the company group or perform cross-company functions on the basis of the organizational structure or if it necessary to fulfill the above-mentioned purposes.


We might transfer personal data of Our Contact Persons to supervisory authorities, courts or law offices as far as necessary to ensure compliance with applicable law or to exercise, assert or defend legal rights if legally permitted.


We also work with service providers to fulfill the above-mentioned purposes. Those service providers process personal data of Our Contact Persons in our name and solely according to our instructions. They are contractually obliged to adhere to the applicable data protection regulations.


In some cases, we disclose personal data to service providers or group companies located outside of the European Economic Area (“third-party countries”), in which an adequate data protection level is not guaranteed by applicable laws. In such cases we take suitable measures to safeguard the protection of the personal data of Our Contact Persons and to ensure an adequate level of data protection. Hence, we disclose personal information of Our Contact Persons to recipients outside our group of companies located in a third-party country only if those recipients have concluded the EU Standard Contractual Clauses with us or if those recipients have implemented Binding Corporate Rules.


Further information as well as a copy of the measures taken can be obtained from the above specified contacts.




For how long do we retain personal data of Our Contact Persons?


If not explicitly stipulated otherwise (e.g. in a specific consent form) we delete or block personal data of Our Contact Persons as soon as they are no longer needed for the purposes cited above, unless deletion or blocking would violate our legal obligations to provide and preserve records (such as retention periods provided by commercial or tax laws). 



Which data protection rights can be asserted by concerned parties?


Our Contact Persons may request information regarding the personal data we store and processe concerning her or him at the above address. In addition, under specific circumstances Our Contact Persons may demand correction or deletion of the personal data concerning her or him. They may also be entitled to a right to restrict the processing of personal data as well as a right to the disclosure of the data provided by them in a structured, customary and machine-readable format.



Right to object


If the processing is based on a consent, Our Contact Persons have the right to object to the processing of personal data related to him or her at any time. If we process personal data of Our Contact Persons to safeguard our legitimate interests Our Contact Persons can object to the processing at any time for reasons resulting from his or her specific situation. In case of an objection we will stop processing the personal data of the respective data subject unless we can provide compelling reasons that prevail over the interests, rights and freedoms of Our Contact Persons or prove that the processing serves the establishment, exercise, defense of legal claims or litigation.



Where can complaints be submitted?


Irrespective of any other legal remedy under administrative law or judicial remedy, Our Contact Persons are entitled to file a complaint with the supervisory authority, particularly in the member state in which he or she is a resident or where the alleged violation took place, if Our Contact Persons believe the processing of personal data related to him or her is in violation of the EU General Data Protection Regulation.


The supervisory authority to which the complaint is submitted shall notify the appellant of the situation and the results of the complaint, including the option of a legal remedy in accordance with article 78 of the EU General Data Protection Regulation.  

Refishish Competence Centre (RCC), Transportgatan 37, 42246 Hisings Kärra tel. +46 763 098 006