4. Sharing and Transferring Personal Data

Sharing and Transferring Personal Data

Who do we share your personal data with, and why?

Sometimes we share your personal data with third parties where permitted by law, including the following:

Inside LyondellBasell’s group:

We are part of the LyondellBasell group, which includes a number of companies and operations globally. Therefore, we will need to share your personal data with other companies in the LyondellBasell group for our general business management purposes and, in some cases, to meet our customer needs where providing services across branches/locations and/or for authorizations/approvals with relevant decision makers, reporting and where systems and services are provided on a shared basis. You can find out more about the group and companies in the group here: lyb.com

Access rights between members of the LyondellBasell group are limited and granted only on a need to know basis, depending on job functions and roles.

Where any LyondellBasell group companies process your personal data on our behalf (as our processor), we will make sure that they will process your personal data within the scope of your consent to us, or based on other lawful basis under the applicable laws and have appropriate security standards in place to make sure your personal data is protected.

Outside LyondellBasell’s group:

From time to time we may ask third parties to carry out certain business functions for us, such as the administration of our Website and IT support. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to these third parties, we will impose a contractual obligation on them to ensure that they process your personal data within the scope of your consent to us, or based on other lawful basis under the applicable laws and have appropriate security standards in place to protect your personal data. Examples of these third party service providers include our outsourced IT systems software and maintenance, back up, and server hosting providers. 

In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, where the relevant disclosure is in relation to:

    • services provided to you or us by a third party acting independently to LyondellBasell but which has a relationship with LyondellBasell, for example certain payment fraud checking services;
    • the purchase or sale of our business (or part of it) in connection with a share or asset sale, for which we may disclose or transfer your personal data to the prospective seller or buyer and their advisors; and
    • the disclosure of your personal data in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others. 

We have set out below a list of the categories of recipients with whom we are likely to share your personal data:

    • IT support, website and data hosting providers and administrators;
    • payment processors in relation to purchases you make with us;
    • consultants and professional advisors including legal advisors and accountants;
    • courts, court-appointed persons/entities, receivers and liquidators;
    • business partners and joint ventures;
    • insurers; and
    • governmental departments, statutory and regulatory bodies (including tax authorities).

Where is your personal data transferred to?

Since LyondellBasell operates globally, we will sometimes need to transfer your personal data to recipients (either internally or externally, as set out above) in jurisdictions other than your own. Some of these jurisdictions may not provide the same level of protection to your personal data as provided in your jurisdiction.

If you are based in Europe and we transfer your personal data outside the European Economic Area, we will only make that transfer if:

  • that country ensures an adequate level of protection for your personal data;
  • the recipient or recipient country is subject to an approved certification mechanism or code of conduct with binding and enforceable commitments which amount to appropriate safeguards for your personal data;
  • we have put in place appropriate safeguards to protect your personal data, such as a contract with the person or entity receiving your personal data which incorporates specific provisions as directed by the European Commission;
  • the transfer is permitted by applicable laws; or
  • you explicitly consent to the transfer.

If you are based in the PRC, please note that we will not provide your personal data in the PRC to any government authorities outside the PRC unless we have obtained the Chinese government’s approval. Where the data recipient outside the PRC is not a government authority, we will only make that transfer if:

  • a proper data cross-border transfer agreement has been entered between us and the third-party, and where applicable, we will use standard contract clauses mandated by the PRC government;
  • we have passed the PRC government-led personal data cross-border transfer security assessment, or
  • we have completed personal data protection certification conducted by an accredited institution. 

If you would like to see a copy of any relevant safeguards used by us to protect the transfer of your personal data, please contact personaldataprivacy@lyondellbasell.com.