What do we do with your personal data, and why?
We use your personal data for a number of different purposes in connection with your use of the Website, the provision of services or goods from us to you, or from you to us, your communication or other engagement with us and the management and administration of our business. We must always have a “lawful basis” (i.e. a reason prescribed by law) for processing your personal data. The personal data purposes table below sets out the purposes for which we process the different categories of your personal data and the corresponding lawful basis for that processing. The purposes applicable to you will vary according to the relevant LyondellBasell controller of your personal data (as explained in the introductory paragraph above) as well as the applicable local laws. For some processing activities, we consider that more than one lawful basis may be relevant – depending on the circumstances.
Please note that where our processing of your personal data is either:
- necessary for us to comply with a legal obligation; or
- necessary for us to take steps, at your request, to potentially enter into a contract with you, or to perform it, and you choose not to provide the relevant personal data to us, we may not be able to enter into or continue our contract or engagement with you.
If you choose not to provide the relevant personal data to us, we may not be able to enter into or continue our contract or engagement with you, except for the circumstance where there are other parts of our contract or engagement with you that do not require such personal data and those parts of our contract or engagement with you can nevertheless still be entered into or performed.
Purposes for processing personal data
| Lawful basis | ||||
|
Purposes of processing |
Your consent |
To perform a contract with you |
To comply with a legal obligation |
For our legitimate interests |
|
Contact Information |
|
|
|
|
|
Responding to your inquiries (including any contact you make via the Website that is not associated with a pre-existing relationship with us as customer/supplier or otherwise) |
|
|
✔ |
✔ (It is important that we can identify you and respond to your inquiries) |
|
Establishing you/your organization as a client on our systems |
|
✔ |
|
✔ |
|
Confirming and processing orders for goods or services that you may make with us (either as customer or supplier) |
|
✔ |
|
|
|
Sending you information (including direct marketing) as set out in the section below, “How do we communicate with you?” |
✔ |
|
|
✔ (It is important to keep you updated of orders made with us and notified of factual updates to our engagement with you) |
|
Registration for and use of website services through our Guest Wifi |
✔ |
|
|
|
|
Website Information |
|
|
|
|
|
Ensure the operation and performance of the Website (PLEASE ALSO SEE THE COOKIES SECTION BELOW) |
|
|
|
✔ (We need to ensure the Website functions correctly) |
|
To improve the functionality of the Website |
|
|
|
✔ (It is in our interest to keep the Website up to date and improve its functionality for the benefit of users) |
|
Monitoring and producing statistical information regarding the use of our platforms, and analyzing and improving their functionality |
|
|
|
✔ (We need to perform this routine monitoring to make sure our platforms work properly, analyze how they are used and improve them) |
|
To enable you to create accounts and log in to them via the Website |
|
|
|
✔ (It is in our interests to grant you access to a private log-in where you can access information relevant to you and your relationship with LyondellBasell. This additionally helps LyondellBasell comply with certain applicable laws) |
|
Customer / Supplier Information |
|
|
|
|
|
Taking payment from you in respect of our goods and services |
|
✔
|
|
|
|
Hosting you at our sites / offices and providing hospitality services |
|
|
|
✔ (We need to be able to host our customers and prospective customers effectively) |
|
Conducting surveys for benchmarking, continuous improvement and marketing purposes |
✔
|
|
|
✔ (We need to collect your feedback in relation to our services, in order to resolve any problems or complaints and improve and innovate) |
|
For our general recordkeeping and customer / supplier relationship management |
|
✔
|
|
✔ (We need to store customer/supplier related information so we can refer back to it) |
|
Managing our business relationship with you, or any other after sales services, including for warranty purposes (where applicable) |
|
✔
|
|
|
|
Managing and administering the user accounts and profiles you have with us, collecting information about how you use them and your preferences and tailoring and improving our services accordingly |
✔
|
|
|
✔ (We need to tailor our services in accordance with feedback and preferences) |
|
Continuously reviewing and improving our products and services (including by seeking and obtaining your feedback) and developing new ones |
|
|
|
✔ (We have a legitimate interest in making sure that we are continuously improving our service offering) |
|
Performing identity, financial and credit searches, screening and checks against third party sources for anti-money laundering and identity verification |
|
|
✔
|
✔ (It is important that we seek to limit incidents of fraud) |
|
All Categories / General Business Requirements |
|
|
|
|
|
Analyzing how our electronic marketing communications are used by you (including whether you open them and click through to access their contents) |
|
|
|
✔ (We need this information to ensure we are providing you with information that you are interested in) |
|
Managing, planning and delivering our global business and marketing strategies (including recording and reporting on our business development activities) |
|
|
|
✔ (As a global company, we need to implement effective business development and marketing strategies) |
|
Monitoring our systems and processes to identify, record and prevent fraudulent, criminal and/or otherwise illegal activity |
|
|
✔
|
✔ (We need to be able to monitor our systems in this way to help protect them, us and you from illegal activity) |
|
Purchasing, maintaining and claiming against our insurance policies |
|
|
✔
|
✔ (It is in our interests to protect our business against specified losses) |
|
Complying with our general regulatory and statutory obligations (including our responsibilities under codes of conduct and anti-bribery laws) |
|
|
✔
|
|
|
Complying with instructions, orders and requests from law enforcement agencies, any court or otherwise as required by law |
|
|
✔
|
|
|
Obtaining legal advice and establishing, defending and enforcing our legal rights and obligations in connection with any legal proceedings (including prospective legal proceedings) |
|
|
|
✔ (We must be able to establish and defend our legal rights and understand our obligations, and seek legal advice in connection with them) |
|
Training our staff |
|
|
✔
|
✔ (Sometimes it is appropriate for us to use your personal data so that we can provide our staff with training to manage risk and improve the quality of our services) |
|
Managing the proposed sale, restructuring, transfer or merging of any or all parts of our business, including to respond to queries from the prospective buyer or merging organization |
|
|
✔
|
✔ (We have a legitimate interest in being able to sell any part of our business) |
|
Maintaining the security and integrity of our systems, platforms, premises and communications (and detecting and preventing actual or potential threats to the same) |
|
✔
|
|
✔ (We need to make sure that our business processes are secure) |
|
To keep records required by law or to evidence our compliance with laws, including tax laws, consumer protection laws and data protection laws |
|
|
✔
|
|
|
Resolving any complaints from or disputes with you |
|
✔
|
|
✔ (We need to be able to try and resolve any complaint or dispute you might raise with us) |
|
Managing, publicizing and participating in corporate social responsibility initiatives |
✔
|
|
|
✔ (We need to ensure our CSR initiatives are properly managed) |
Aggregated / Anonymized Data
We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymized data cannot be linked back to you and is therefore no longer considered personal data. We may use it to conduct research and analysis, including to produce statistical research and reports. For example, to help us understand and improve the use of our Website.
Sensitive Information
We also process certain ‘special categories of personal data’ and/or sensitive personal data (together, “Sensitive Information” – as set out in the table below). This refers to special categories of personal data and information relating to your criminal record where applicable, which we are required to process with more care, and in some jurisdictions to comply with special requirements on our processing of your Sensitive Information (for example, our processing of Sensitive Information in the PRC must be conducted with your separate consent). The Sensitive Information purposes table below sets out the different purposes for which we process Sensitive Information about you and the relevant lawful basis on which we rely for that processing.
The purposes applicable to you will vary according to the relevant LyondellBasell controller of your personal data (as explained in this Privacy Statement) as well as the applicable local laws.
For some processing activities, we consider that more than one legal basis may be relevant – depending on the circumstances. We also have policies in place explaining our procedures for ensuring compliance with applicable laws in connection with the processing of Sensitive Information.
Purposes for processing Sensitive Information
|
Sensitive Information lawful basis We are permitted to process your personal data because… |
||||
|
Purposes of processing |
You have given your explicit consent to the processing |
It is necessary to protect somebody’s vital interests or they are incapable of giving consent |
It is necessary for the establishment, exercise or defense of legal claims |
It is necessary for reasons of substantial public interest |
|
Contact Information |
|
|
|
|
|
Hosting you at our offices and providing hospitality services |
✔ (for your dietary and access requirements) |
✔ (in case of accidents or emergencies at our offices) |
|
|
|
Investigating, evaluating, demonstrating, monitoring, improving and reporting on our compliance with relevant legal and regulatory requirements (such as anti-money laundering and customer verification checks) |
|
|
|
✔ |
|
Complying with our general regulatory and statutory obligations |
|
|
|
✔ |
|
Responding to binding requests or search warrants or orders from courts, governmental, regulatory and/or enforcement bodies and authorities or sharing information (on a voluntary basis) with the same |
|
|
✔ |
✔ |
|
Obtaining legal advice, establishing, defending and enforcing our legal rights and obligations in connection with any legal proceedings (including prospective legal proceedings) |
|
|
✔ |
✔ |