Privacy Policy

Last updated: March 31st, 2022

The CheMondis platform and website is operated by

CheMondis GmbH
Zeppelinstrasse 9
50667 Cologne
Germany

E-Mail: support@chemondis.com
Internet: www.chemondis.com

(“ we ”, “ our ”, “ us ”). We are committed to protecting and respecting your privacy. For the purpose of the General Data Protection Regulation (“ GDPR ”), we are the data controller.

This privacy notice sets out the basis on which we will process any personal data or usage information we collect from you, or that you provide to us, in connection with your access to and use of the CheMondis platform through our website at www.CheMondis.com (“Platform”) in your function as authorized representative of your company which is a user of the Platform. We will only process your personal data in compliance with the GDPR and the German Federal Data Protection Act ( Bundesdatenschutzgesetz , BDSG). Please read this privacy notice carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data. If you do not agree with this privacy notice in general or any part of it, you should not access the Platform.

a) Information you give us.
‍
If you want to participate in the offer of our platform, you have to register first. We collect the following data on the basis of Art. 6 (1)(b) GDPR.

User data:
• E-Mail, First name, Last name
• Optional: Profile picture, Role, Phone

Company data:
• Company Name, VAT / Tax ID, Contact email, Country, Company Type
• Optional: Phone,Fax, Website URL, Logo Image, List of certificates, Account data, Payment information

We use data you provide to us in the course of registration or your inquiries to:
• provide customer support
• contact users about new developments on the marketplace
• tailor content, and other aspects the user experience
• perform data analytics to operate, improve and enhance our product and services as well as to gain business insights
• enforce compliance with our terms of use
• protect against misuse or abuse of our product and services
• comply with the law
.

You can change or delete your profile at any time within the account. The data will then be automatically removed from our system after 4 weeks, provided that there are no retention periods or the data is not required in individual cases (e.g. in the case of open claims for the collection of receivables).

Information concerning you may be provided by your company in the context of your registration as an authorized representative of your company in relation to the use of the Platform. You may provide information by contacting us via the Platform, by email, telephone, communication channels within the Platform, or otherwise.
‍
Legal basis for this data processing is our legitimate interest according to Article 6(1)(f) GDPR to operate and ensure the proper functioning of the Platform, we will use your information to:
• communicate with you;
• contact you via telephone or email;
• administer and provide services and customer support;
• enhance, improve and personalise our services;
• enforce our general terms of use for the CheMondis platform; or
• collect statistical information about your use of the Platform


b) Data processing during the use of Platform features

The CheMondis marketplace offers functions to search for a product and request companies that offer the product for negotiation and purchase transactions. Suppliers are able to list products, to receive, to negotiate requests and to sell products.

Marketplace users can export existing agreements. Those include the e-mail of the contact person of the company with which the agreement was concluded. A user also can import existing contracts. Those contracts are only visible for the two companies involved and their users.

There is also the possibility for marketplace users to communicate via the platform. For this purpose CheMondis uses a communication service provider.

The supplier user is data controller of the data he exports and imports. CheMondis is again also responsible for the data that has to be processed e.g. in the context of support purposes and of the platform provision (see above).Legal basis for this data processing is our legitimate interest according to Article 6(1) (b), (f) GDPR to to provide customers with the services of our platform including communication functionalities.


c) Data processing for marketing purposes:

In the scenarios described below, we process your personal data for marketing purposes; this particularly applies for your contact details. Depending on the communication channel we use, the legal basis for this marketing data processing is either your consent pursuant to Articles 6(1)(a), 7 GDPR or legitimate interests pursuant to Article 6(1)(f) GDPR.

(1) Newsletter E-Mails
‍ Regardless of a registration with us, you may subscribe to our newsletter (Opt-In). If you do so, we will process your contact details and other personal data to send you our newsletter based on your corresponding consent pursuant to Articles 6(1)(a), 7 GDPR. ‍
‍ You may withdraw your consent at any time with effect for the future. We will provide you with the possibility to withdraw your consent via a link in every newsletter e-mail we will send to you and within the settings of your customer account. However, withdrawing your consent will not affect the lawfulness of the processing prior to the withdrawal. If you withdraw your consent, we will refrain from sending you our newsletter and delete your related personal data within a four week period. ‍
‍ As a part of the newsletter registration process, we will send you an e-mail with a link to confirm you are the owner of the provided e-mail address (Double Opt-In). We will also store certain information including your IP address or the confirmation e-mail sent by us for documentation purposes. The legal basis for the processing of such data are our legitimate interests according to Art. 6(1)(f) GDPR to confirm and prove the lawfulness of your newsletter subscription and our related processing of your personal data.

(2) Marketing e-mails (Registered users) ‍
‍ As a registered user, we may from time to time send you marketing e-mails including information about our products and surveys and other requests for feedback. The legal basis for such marketing e-mails are our legitimate interests to inform you about new products and services and to receive your feedback on our products and services according to Article 6(1)(f), Recital 47(7) GDPR. ‍
‍ You have the right to object to receiving such e-mails from us at any time and without any further requirements. We provide a corresponding option within the registration process. Furthermore, every marketing e-mail we will provide you with, will contain a notice about your right to object and instructions how you can object.
‍
‍
d) Social Media
We in addition to the provider of the social media platform (platform provider) are jointly responsible as data controllers for the processing activities concerning your data. The platform provider in this respect primarily determines the purposes and means of the processing activities, which we can influence only to a limited extent. To the extent that we can exert influence over or set parameters regarding the processing of your data, we will, within our means, take actions to ensure that the platform provider processes your data in compliance with applicable data protection regulations.

We operate the following social media sites:

• LinkedIn:  https://www.linkedin.com/company/chemondis
• Instagram: https://www.instagram.com/chemondis.career
• Twitter: https://twitter.com/chemondis

The data you provide directly on our social media pages e.g. during events or by using the page, such as comments, videos, pictures, likes, tweets etc.are published by the social media platform. The processing by us is based on Art. 6 (1) (f) GDPR which refers to processing which is done in the interest of public relations and communication.

We evaluate the results of our (marketing) activities on our social media and applicant websites to measure the efficiency and relevance of our web presence. We determine the success of our activities in order to continuously improve our (marketing) activities in your interest and to plan new measures.

At no time is your data used or processed by us for any undisclosed purposes. To the extent that the platform provider leaves us room to exert influence over or set parameters regarding the processing of your data, we will design our social media pages to be as compliant as possible with applicable data protection rules. We therefore do not make use of demographic, interest-based, behavior-based or location-based target group classifications for the purposes of advertising, notwithstanding that such services may (by default) be provided to us by the social media platform providers.

With regards to the receipt of the statistics provided by the platform provider, this may only be influenced by us to a limited extent and we do not possess the means to deactivate them completely. However, we make sure that no additional optional statistics are made available to us.

If you wish to object to a particular data processing, please contact us via the contact information provided in our imprint.  Following our examination of your request, we will determine whether we are able to respond to your request. If we are unable to fulfill your request using our own means, we will forward it to the appropriate service provider.
‍
If you send us an inquiry through the social media platform, we may also, depending on your request, refer to other secure communication channels that guarantee confidentiality. You always have the option to send us confidential inquiries to the address given in the imprint.


e) Data processing by the provider of the social media platform
The provider of the social media platform uses web tracking methods. Webtracking may also take place independently of whether or not you are logged in or registered on the social media platform. Unfortunately, we cannot influence or restrict the web tracking methods of the social media platform.

Please be aware that the platform provider may use your profile and behavioral data to evaluate, among other things, your habits, personal relationships and preferences. We have no influence on the processing of your data by the platform provider.

Further information on the data processing conducted by the platform provider, including information concerning your rights as a user, can be found in the provider's data protection policy and, where relevant, the joint controller addendum:

- LinkedIn: LinkedIn:https://www.linkedin.com/legal/privacy-policy
- Instagram: https://www.instagram.com/legal/privacy/
- Twitter: https://twitter.com/en/privacy
‍
‍
f) Technical usage information.
‍
When you visit and use the Platform, we automatically collect the information sent to us by your computer, mobile device, or other access device. This information includes:
‍
• your IP address;
• device information including, but not limited to, identifier, name, and type of operating system;
• mobile network information; and
• standard web information, such as your browser type and the pages you access on our Platform.

Legal basis for this data processing is § 25 (2) No. 2 TTDSG in conjunction with our legitimate interest according to Article 6(1) (f)GDPR to process your data to provide effective services, we collect this information in order to:

• personalise our Platform to ensure content from the Platform is presented in the most effective manner for you and your device;
• monitor and analyse trends, usage and activity in connection with ourPlatform and services to improve the Platform;
• administer the Platform, and for internal operations, in order to conduct troubleshooting, data analysis, testing, research, statistical and survey analysis;
• keep the Platform safe and secure; or
• measure and understand the effectiveness of the content and information we provide through the Platform.

g- Use of Cookies
On our website, we use cookies which are necessary in order for the site to function. Cookies are small text files that can be placed on your computer or mobile device by websites that you visit.

A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. We do not use these necessary cookies for analysis, tracking or advertising purposes.
In some cases, these cookies only contain information on certain settings and cannot be linked to a person. They may also be necessary to enable user guidance, security and implementation of the site.

The legal basis for using these cookies is § 25 (2) No. 2 TTDSG in conjunction with our legitimate interest according to Art. 6 (1) (f) GDPR.

You can set your browser to inform you about the placement of cookies. This is in order to make the use of cookies transparent for you. You can also delete cookies or prevent the setting of new cookies at any time by using the appropriate browser settings. Please note that if you delete certain cookies, our web pages may not be displayed correctly, and some functions may no longer be available.

Google Analytics
We use the web analysis tool "Google Analytics" to design our websites according to your needs. Google Analytics creates user profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and accessed out by us.  In this way we are able to recognize and measure returning visitors.

The Google Analytics tool is provided by Google Ireland Limited and Google LLC. (USA) who support us as processors according to Art. 28 GDPR. The data processing can therefore also take place outside the EU or EEA. With regard to Google LLC (USA), no adequate level of data protection can be assumed due to the processing in the USA. There is a risk that authorities may access the data for security and surveillance purposes without you being informed or having the right to appeal.

Please take this into account if you decide to give your consent to our use of Google Analytics.

The legal basis for this data processing is your consent if you have given your consent via our consent banner, according to § 25 (1) TTDSG (consent for the setting or reading of cookies)in conjunction with. Art. 6 (1) (a) GDPR (consent for the data processing based on it).

The transfer to a third country takes place on the basis of Art. 49 (1) (a)GDPR.  You can withdraw your consent at any time.

Please follow this link and make the appropriate settings via our banner.

Embedded Videos
On our websites, we embed videos that are not hosted on our servers. In order to ensure that accessing our websites containing embedded videos does not automatically lead to the download of third-party content, we only show locally hosted preview images of the videos as a first step. As a result, the third-party provider does not receive any information.

Only after you click on the preview image, is content from the third-party provider downloaded. This provides the third party with information that you have accessed our site and with the usage data technically required for this purpose. Furthermore, the third party provider is then able to implement tracking technologies. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us your consent to download content from the third-party provider.

The embedding is based on your consent if you have given your consent by clicking on the preview image. Please note that the embedding of many videos leads to your data being processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without informing you or allowing you to take legal action. Where we use providers in third countries without an adequate level of protection and you give your consent, the transfer to this third country is based on Art. 49 (1) (a) GDPR.

• Provider: Vimeo
• Adequate level of data protection: No adequate level of data protection. The data is transmitted on the basis of Art. 49 (1) (a) GDPR.
• Withdrawal of consent: If you click on a preview image, the content of the  third-party provider is immediately downloaded. To avoid this downloading on  other sites, please do not click on the preview image.

Third party tracking technologies e.g. for advertising purposes
We use cross-device tracking technologies to help us show you targeted advertising on other websites based on your visit to our websites and to help us determine how effective our advertising efforts have been.

The legal basis for this data processing is your consent if you have given your consent via our consent banner, according to § 25 (1) TTDSG (consent for the setting or reading of cookies) in conjunction with. Art. 6 (1) (a) GDPR(consent for the data processing based on it).

Your consent is voluntary and can be withdrawn at any time.

How does tracking work?
When you visit our websites, it is possible that the third-party providers listed below may retrieve identification characteristics of your browser or terminal device (e.g. a browser fingerprint), evaluate your IP address, save or extract identification characteristics on your terminal device (e.g. cookies)or gain access to individual tracking pixels.

The individual characteristics can be used by these third parties to identify your terminal device on other websites. We may commission these third-party providers to show you advertisements based on the pages visited on our website.

What does cross-device tracking mean?
If you log on to the third-party provider with your user data, the respective identification characteristics of different browsers and end device scan be linked with each other. For example, if the third-party provider has created a unique identifier for each laptop, desktop personal computer, smartphone or tablet you use, these individual identifiers can be associated with each other as soon as you log in to a third-party service using your login credentials. This allows the third party to target our advertising campaigns across multiple devices.

Which third-party providers do we use in this context?
The third-party providers with whom we work for advertising purposes are listed below. If the data is processed outside the EU or EEA in this context, please note that there is a risk that local authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. Where we use providers in third countries without an adequate level of protection and you give your consent, the transfer to this third country is based on Art. 49 (1) (a) GDPR.

We do not sell, rent or lease your personal information to others except as described in this privacy notice. We share your information with selected recipients. These categories of recipients include:
‍
• cloud storage provides located in the European Union, to store the personal data you provide and for disaster recovery services, as well as for the performance of any contract we enter into with you;
• payment service provider;
• trust service provider;
• communication service provider;
• IT services providers that provide us with hosting or SaaS (software as a service) services who we use to store our customer relationship management information, etc.; and
• analytics providers located in the European Union that assist us in the improvement and optimisation of the Platform; and

We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
• comply with a legal obligation, process or request;
• enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
• detect, prevent or otherwise address security, fraud or technical issues; or
• protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
‍
We will also disclose your information to third parties:
• in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or
• if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.

Third party tools/services we use for the parts mentioned above are listed here. More information about their data privacy policy can be found by following the respective links:
‍
• Zendesk (https://www.zendesk.com/company/privacy-and-data-protection)
• Vimeo (https://vimeo.com/privacy)
• LinkedIn (https://www.linkedin.com/legal/privacy-policy)
• Bing (https://privacy.microsoft.com/de-de/privacystatement)
• Google (https://www.google.com/intl/de/analytics/learn/privacy.html)
• Convey This (https://www.conveythis.com/legal/privacy-policy)
• UseBasin (https://usebasin.com/privacy)
• Mailjet (https://www.mailjet.com/security-privacy)
• Zapier (https://zapier.com/privacy)
• Trustshare Ltd.(https://trustshare.co/privacy-policy.pdf)
• Stripe Payments Ltd. (https://stripe.com/privacy)
• Hubspot (https://legal.hubspot.com/privacy-policy)
‍
‍
We also share necessary data with our partner ALFRED TALKE KG and TALKE-Emmerich GmbH & Co. KG (Max-Planck-Straße 20, 50354 Hürth, Germany) for providing shipment offers on the CheMondis marketplace as described in Art. 6 (1) (f) GDPR.
After sending the request, CheMondis does not have any influence on the further processing of the data by ALFRED TALKE KG and TALKE-Emmerich GmbH & Co. KG.
‍
The data transferred from supplier and buyer to TALKE are Names, Addresses and Email addresses. This service is optional and only activated when the button “Request Shipment” in the corresponding form is clicked.

The data that you made available to us on the basis of a consent or for advertising purposes is not required by law or contract or necessary for the conclusion of a contract. You are not obliged to provide the data. If you do not wish to provide the data, this will have no negative consequences for you.

The information that we collect from you will be mainly transferred to, and stored at/processed in the European Union. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this privacy notice. For the processing of your data, we also use service providers located in third countries outside the European Union. Countries outside the European Union handle the protection of personal data differently than countries within the European Union. There is currently no decision by the EU Commission that these third countries generally provide an adequate level of protection. With service providers in third countries, we at least conclude the data protection contract (standard data protection clauses) provided by the Commission of the European Union.

The transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Platform or via email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safe guard your personal data against loss, theft and unauthorised use, access or modification.

The Platform may include links to websites of other users of the Platform or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.

We will retain your information as follows:
‍
• if you contact us via email or www.chemondis.com we will keep your data for up to 24 months after;
• your technical usage information for up to 10 years;
• data on your use of the Platform/services: for up to 10 years

The data required for the use of the platform (registration) will be deleted after the end of your use, i.e. when no more business relations exist. If statutory retention periods exist, the data concerned is retained for six or ten years for the duration of these periods and then deleted.

After you have ceased being an authorized representative in relation to your company’s use of the Platform, we will store your information in an aggregated and anonymised format.

You have the right to request access to the personal data we hold about you and be provided with certain information about how and for which purposes we use your personal data and who we share it with. You also have the right to ask us to correct your personal data where it is inaccurate or incomplete.
‍
In certain circumstances, you have the right to ask us to delete the personal data we hold about you:
‍
• where you believe that it is no longer necessary for us to hold your personal data [(for example, if you no longer act as authorized representative of you company)];
• where we are processing your personal data on the basis of legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing;
• where you have provided your personal data to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your personal data; or
• where you believe the personal data we hold about you is being unlawfully processed by us.
In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data:


• where you believe the personal data we hold about you is inaccurate during the time we verify accuracy;
• where the processing of your personal data is unlawful but you do not want us to delete it, but instead want to restrict the processing;
• where we no longer need your personal data fort he purposes of our processing but you require us to retain the data for the establishment, exercise or defense of legal claims; or
• where you have objected to us processing your personal data based on our legitimate interests during the time we are considering your objection.

You have the right to ask us for a copy of the data concerning you in a structured, machine-readable format and to ask us to share (port) this data to another data controller.
‍
You can object to our processing of your personal data to the extent it is based on our legitimate interests. In such case we will no longer process your personal data unless we can demonstrate over riding compelling legitimate grounds for the processing.
‍
To exercise any of these rights above, please contact Sebastian Brenner at support@chemondis.com. In addition, you have the right to complain to the Information Commissioner’s Office or other applicable data protection supervisory authority.
‍
Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals or Company trade secrets or intellectual property, where there are overriding public interest reasons or where we are required by law to retain your personal data.

Where you have provided your consent for us to process your personal data, you can withdraw your consent at any time by contacting our data privacy officer or write to support@chemondis.com. The withdrawal of consent does not affect the lawfulness of the processing of your personal data based on consent before the withdrawal.

For this purpose, CheMondis GmbH will processes your personal data as described in the data protection notice. If you receive a commercial email from us, you may unsubscribe at any time and will not receive any further product information once the revocation is received. Once unsubscribed from our marketing campaigns, CheMondis GmbH will delete any non-required personal data within 4 weeks.
‍
At any time you have the right to object to our processing of data about you in order to send you promotions, newsletters, emails and special offers, including where we build profiles for such purposes, and we will stop processing the data for that purpose.

In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at support@chemondis.com. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the EU country in which you live or work or where you think we have infringed data protection laws.

Any changes we will make to this privacy notice in the future will be posted on his page. Please check back frequently to see any updates or changes to this privacy notice.

Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to support@chemondis.com.

Contact details of the data protection officer
‍ Our company data protection officer will provide you with further information or suggestions on the subject of data protection:

datenschutz süd GmbH
Wörthstr. 15
97082 Würzburg
office@datenschutz-sued.de