With respect to the aforementioned Facebook page, Brenntag and Facebook are “joint controllers”, as defined in Art. 26 GDPR. The platform is operated by Facebook and the specific individual fan page is operated by Brenntag.
DETAILS REGARDING THE JOINT CONTROLLERS
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
Brenntag SE
Messeallee 11
45131 Essen, Germany
Further information regarding Brenntag is available in our legal notice here.The Joint Controller Agreement, which controls the joint data processing, shows that Facebook assumes the key responsibility with respect to duties imposed by the GDPR, including, without limitation, the notification of data subjects, being the point of contact for data subject rights and ensuring that all required technical and organisational measures are taken.Comprehensive information on how Facebook protects data, as well as options for contacting Facebook, are available here: https://www.facebook.com/policy.phpIrrespective of this, you are of course also able to exercise your rights by contacting us directly. Where this is necessary, we will forward your inquiry to Facebook.
LEGAL BASIS FOR PROCESSING
Personal data is processed based on the following legal bases:
- Where personal data is processed to provide the requested functions or services, the legal basis is Art. 6 (1b) GDPR, e.g. with respect to inquiries, comments, or the like
- Where personal data is processed based on our legitimate interest, the legal basis is Art. 6 (1f) GDPR, e.g. with respect to the creation of statistics and analyses of the reactions to our posts, in order to further improve our offering and implement any feedback
- To comply with legal obligations set out in Art. 6 (1c), e.g. retention periods imposed under commercial law
Detailed information on the respective legal bases, in particular with respect to the processing operations for which Facebook is directly responsible, is available at: https://www.facebook.com/about/privacy/legal_bases
MESSAGING, COMMENT AND CHAT FUNCTIONS
If you use the messaging, comment, or chat functions, we will only use the personal data submitted to process your message unless another legal basis allows us to further process that data.
THE “LIKE” BUTTON AND FACEBOOK INSIGHTS (STATISTICS AND ADVERTISING)
When you click on the “Like” button on the Brenntag's Facebook fan page, Facebook submits information to Brenntag on your chosen user name, your age, your city of residence, your gender, your selected language and your activities to the extent that you have provided this data on Facebook and made it public in your profile.Further information on how Facebook processes your personal data can be found in the privacy notice provided by Facebook which is available here: https://www.facebook.com/privacy/explanation .
The data regarding users’ activities, in particular their interaction with the Facebook page of the Brenntag Group and the associated posts, is used to create statistics which allow us to see the geographic reach of the posts, the region of the users involved and other information to the extent this information is made public by the user. Brenntag will distribute target-group-specific advertising via Facebook on an irregular basis.In this context, Facebook provides numerous criteria, depending on the scope requested, which may be selected in order to determine the target group of the advertisement. We are not able to identify a specific person, even though this might be possible in general. More information on this can be found in the explanations provided by Facebook: https://www.facebook.com/about/ads .
SOCIAL MEDIA LISTENING
The Brenntag Group uses what is referred to as “social media listening”. Social media listening refers to the process of identifying and evaluating comments that are spread on the internet about a company, a person, a product, or a brand. Brenntag only uses social media listening services (in content that is publicly available on the internet) in order to
- understand the scope of conversations about the Brenntag brand or topics from the industries in which Brenntag operates;
- monitor publicly available opinions, comments or other interactions on the internet which are important to Brenntag and Brenntag's business
This monitoring is conducted in Brenntag's legitimate interest, Art. 6 (1f) GDPR, including, without limitation, in order to protect legal claims, e.g. to detect trademark infringement or comments that constitute an abuse of rights and procure the prosecution of infringers or rights abusers. Brenntag also uses the results provided by the social media listening services to better understand intentions, moods, feelings and market trends, as well as the needs of customers and/or interest groups.
PROCESSING ACTIVITIES PERFORMED OUTSIDE OF THE EU
Brenntag may disclose individuals’ personal data to recipients outside of the EU if the data subjects have consented to this or if there is another legal basis. Where the servers on which Brenntag stores personal data are located outside of the EU and the EEA, Brenntag must ensure that appropriate guarantees for a proper level of data protection are in place.Data is transmitted in accordance with the applicable statutory provisions, with adequate safeguards, in compliance with existing data protection laws and effective legal remedies for data subjects or based on binding company policies. Where these options are not available, any required transmission of data will be performed in accordance with Art. 49 GDPR, e.g. based on the data subject's consent.
SECURITY
Brenntag uses appropriate physical, technical and administrative security measures to protect personal data against loss, misuse, unauthorised access or disclosure, manipulation or destruction.
STORAGE PERIOD
Brenntag only stores personal data as long as this is necessary to fulfil the purpose for which it was collected. In order to determine the required retention period for personal data, Brenntag considers the scope and type of personal data and the related risk, the potential risk of damage if the personal data is used or made public without authorisation, the purpose of processing, and whether we can fulfil this purpose by other means and applicable legal requirements.
DATA SUBJECT RIGHTS
Data subjects can exercise the following rights:
- The right of access
- The right to rectification
- The right to erasure / “right to be forgotten”
- The right to data portability
- The right to restriction of processing
- The right to object
- The right not to be subject to decisions that are solely based on automated processing (including profiling).
Please contact our Group Data Protection Officer (using the contact data provided below) if you want to exercise any of these rights. Where this is necessary, we will forward the inquiry to Facebook.
THE RIGHT TO CONTACT THE SUPERVISORY AUTHORITY
Regardless of any other rights, data subjects are entitled to send a complaint to the supervisory authority that is responsible for handling cases related to this person, in particular in the Member State of his or her habitual residence or the country in which the alleged violation took place, if they believe that the processing of personal data concerning him/her violates these regulations.
CONTACT DATA OF THE DATA PROTECTION OFFICER
Brenntag has appointed a Group Data Protection Officer, who is located at Brenntag's headquarters in Germany, as well as an international team of data protection coordinators in each country. This allows you to contact us in your respective national language. Feel free to contact us with any questions at any time.You can contact the Group Data Protection Officer at the following address:
Group Data Protection Officer (GDPO)
Messeallee 11
45131
Essen, Germany