Information on data processing according to Art. 13 and 14 General Data Protection Regulation (GDPR)

We care about the protection of your personal data and your privacy. For this reason, we will inform you in the following about our handling of your personal data, in particular for what we process your personal data, to whom we transmit them and the data protection claims and rights to which you are entitled. When we subsequently talk about data, we mean your personal information. This is all the information that identifies you as a person, directly or indirectly.

Please read the following information carefully.

1. About this Policy

This policy explains when and why we collect personal information, how we use it and how we keep it secure and your rights in relation to it.

We may collect, use and store your personal data, as described in this Data Privacy Policy and as described when we collect data from you.

We reserve the right to amend this Data Privacy Policy from time to time without prior notice. You are advised to check our website http://sibur-int.com regularly for any amendments (but amendments will not be made retrospectively).

We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you.

2. Who is responsible for data processing?

The responsible controller is:

SIBUR International GmbH

Prinz Eugen Str. 8-10, 1040 Vienna, Austria

Email: office@sibur-int.com

Phone: +43 1 370 8000

3. Which data are being processed and from which sources does this data come from?

We process personal data that we receive from you in the course of the business relationship.

In addition, we process personal data that we receive from third parties and/or public accessible sources (eg business register, register of associations, country register, press, media) in a permissible manner (eg for the fulfilment of orders / contracts, fulfilment of legal obligations or consent granted by you).

Your personal data includes in particular:

3.1. Contact person at suppliers / customers

  • Name

  • Contact information, including e-mail address, company telephone and mobile numbers

  • Name of the company

  • Position within the company

  • Authority of a signatory

3.2. Job Applicants

  • name and contact details,

  • the personal data you provide, training, further knowledge and qualifications, earlier employers and sent documents such as CV, certificates, etc.

4. For what purposes and on what legal basis is your data being processed?

We process your personal data in accordance with the data protection regulations (DSGVO and the Data Protection Act (DSG) in the current version).

  • Contact forms

    • You are able to contact SIBUR International GmbH by filling out our contact forms. The contact is by phone.

    • When submitting the contact form your data of the contact fields (title, name, company name, message in text field) are processed.

    • Purpose: answering/assisting you with your request

    • Legal basis: Consent – Art. 6 (1) lit. a) GDPR

  • Subscribe to news

    • You can register our mailing lists providing you with information to our products and services. The following data will be used: name, email

    • Purpose: providing you with news about SIBUR products and services

    • Legal basis: Consent – Art. 6 (1) lit. a) GDPR

  • Customers/supplier contact data base

    • For our business purposes we maintain a contact database regarding our customers and suppliers. The following data will be used: name, contact information, including e-mail address, company telephone and mobile numbers, name of the company, position within the company, authority of a signatory

    • Purpose: Administration of customers/supplier data base; contacting customers/suppliers; invoicing our services; internal document flow management and finance services; maintenance of customer and supplier relations in frame of performance of the contracts on realization of SIBUR Group companies’ products by SIBUR International GmbH.

    • Legal basis: legitimate interests – Art. 6 (1) lit. f) GDPR, namely the administration of a customer/supplier contact data base and maintenance of customer and supplier relations in frame of performance of the contracts on realization of SIBUR Group companies’ products by SIBUR International GmbH.

  • Job Applications

    • You can provide us with an application for open positions. The following data will be used: name and contact details, all the personal data you provide in your application, in particular training, further knowledge and qualifications, earlier employers and sent documents such as CV, certificates

    • Purpose: Recruiting of staff and processing of your application.

    • Legal basis: legitimate interests – Art. 6 (1) lit. f) GDPR, namely recruiting of new employees.

Art. 6 (1) lit. a GDPR serves as the legal basis for processing operations for which SIBUR International GmbH obtains consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6 (1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning products or services.

Is SIBUR International GmbH subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6 (1) lit. c GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 (1) lit. d GDPR.

Finally, processing operations could be based on Article 6 (1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by SIBUR International GmbH or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

5. Who receives your data?

Within SIBUR International GmbH only those departments or employees receive your data, as far as they need it for processing for the corresponding purposes. In addition, commissioned by us processors receive your data, if they need the data to fulfil their respective performance. All processors have been carefully selected and take appropriate technical and organizational measures to ensure that your data is processed in accordance with data protection obligations and that your rights are protected. Above all, contract processors are not permitted to use your personal data for their own purposes.

Moreover, data regarding contact persons at customers and suppliers will be transferred to the following group companies in Russia, Turkey and China, which are third countries without adequate level of data protection:

  • head company of the group, PJSC “SIBUR Holding”

  • Subsidiaries of PJSC “SIBUR Holding” providing management, logistics and business support for SIBUR Group companies

  • Wholly owned subsidiaries of SIBUR International GmbH, responsible for supplying the SIBUR Group companies’ products to Europe and Asia

  • Subsidiaries of PJSC “SIBUR Holding, being petrochemical companies

  • Subsidiaries of PJSC “SIBUR Holding, being hydrocarbon and gas processing companies

With regard to a transfer of data to other third parties (i.e. other group companies), we point out that such a transfer is made only on the basis of a valid legal basis and for pre-determined purposes.

Your personal data may be transferred abroad, including to countries outside the European Economic Area (EEA) where the level of data security is not considered sufficient by the European Commission. In such case, SIBUR International GmbH will take the steps to ensure adequate protection of your personal information to the extent required by applicable law (e.g. concluding standard data protection clauses). A copy of these standard data protection clauses will be provided by SIBUR International GmbH upon request.

6. Update

The updating of your personal data takes place primarily on the basis of your direct feedback or change notices to us. However, updating is also possible due to information from third parties or the use of publicly available information.

7. How long will your data be stored?

We process your personal data, as far as necessary, for the duration of our business relationship (initiation, processing and termination of a contract) as well as in accordance with the statutory storage and documentation obligations arising from the Austrian Commercial Code (UGB) and the Federal Tax Code (BAO) or to assert, exercise or defend legal claims.

In addition, the storage period is also judged by the statutory limitation periods, which may be, for example, under the General Civil Code (ABGB) usually 30 years, in some cases, but only 3 years.

Basically, your data will therefore be deleted after complete execution of the contract, revocation of your consent or your objection, if the storage for the fulfilment of a legal obligation or for the establishment, exercise or defence of legal claims is not required. Further processing will only take place if you have expressly consented to the further use of your data or if we have reserved any further data processing that is permitted by law.

There is the possibility that anonymization of the data is carried out instead of a deletion. In this case, any personal reference is irretrievably removed, which is why the data protection cancellation obligations no longer apply. In this case, no personal reference can be restored.

8. Your rights

Under the GDPR you have the following rights:

  • Right of access – Art. 15 GDPR: the right to obtain confirmation as to whether or not personal data concerning yourself are being processed, and, where that is the case, access to the personal data;

  • Right to rectification – Art. 16 GDPR: the right to obtain without undue delay the rectification of inaccurate personal data concerning yourself;

  • Right to erasure (‘right to be forgotten’) – Art. 17 GDPR: the right to obtain the erasure of your personal data concerning yourself without undue delay;

  • Right to restriction of processing – Art. 18 GDPR: the right to obtain restriction of processing of your personal data;

  • Right to data portability – Art. 20 GDPR: the right to receive the personal data concerning yourself, which you provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance;

  • Right to object – Art. 21 GDPR: the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on Art. 6 (1) lit. e) or f) GDPR.

If you believe that the processing of your data violates data protection law or if your data protection claims have otherwise been violated in a way, you can complain to the supervisory authority. In Austria the data protection authority is responsible.

Österreichische Datenschutzbehörde

Wickenburggasse 8

1080 Vienna

Telephone: +43 1 52 152-0

Email: dsb@dsb.gv.at

9. Is there an obligation to provide data?

As part of the business relationship, you only need to provide the personal information that is required to establish and conduct the business relationship or that we are required to collect by law. You are also required to notify us of any changes in your data. Without this data, we will usually have to refuse the conclusion of the contract or the execution of the contract or an existing contract can no longer be performed and consequently terminated.

10. Is my data used for automated decision making including profiling?

We do not use automated decision-making according to Art. 22 DSGVO.

11. Security

We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

12. Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

13. Cookies

13.1. Cookies

A cookie is a small text file that stores Internet settings. Almost every website uses this technology. It will be downloaded from your internet browser the first time you visit a webpage. The next time this website is accessed using the same device, the cookie and the information stored therein will either be returned to the website that created it (First Party Cookie) or sent to another website to which it belongs (Third Party Cookie). This will tell the web page that it has been viewed with this browser before, and in some cases will vary the content displayed.

Some cookies are extremely useful as they can improve the user experience when revisiting a web page that you have already visited several times. Provided that you use the same device and the same browser as before, cookies remember for example, according to your preferences, how to use a page, and tailor the offers displayed to more relevant to your personal interests and needs. Most of the cookies we use are automatically deleted from your hard drive after the end of the browser session ("session cookies"). In addition, we also use cookies that remain on the hard disk beyond the session. This is mainly done to improve the user experience when you visit the website again, by the website can then be adapted to your personal needs and thus loading times can be optimized.

13.2. Approval-free cookies

Essential cookies, also called "strictly necessary", guarantee functions without which you could not use this website as intended. These cookies are used exclusively by us and are therefore called first party cookies. They are only stored on your computer during the current browser session. Absolutely necessary cookies: For the login function we have a so-called "session cookie". Without this cookie there is no login and thus no functions behind the login.

Furthermore, such cookies ensure, for example, the functionality of a change from http to https, and thus the compliance with increased security requirements for data transmission when changing pages. Consent for the use of essential cookies is not required.

13.3. Cookies requiring approval

Cookies that are not strictly required by law to be able to use the website still perform important tasks. Without these cookies, functions that allow comfortable browsing on our website, such as pre-filled forms, are no longer available. Made settings, such as a language selection cannot be saved and must therefore be queried again on each page.

Used first party cookies, including further description:

  • Visual Website Optimizer (https://vwo.com/knowledge/how-secure-is-vwo/)

    • Task: With the help of VWO we create user tests for the optimization and further development of our website. VWO analyzes static data about the use of our website. In addition, the tool is used as an A / B test tool. In the process, data such as the number of visitors, the click behavior and the average active residence time of the website user are assigned to the corresponding test variants.

    • Storage duration: Session or some data for up to 1 years (all data are anonymous)