<>本政策仅适用于巴斯夫中国提供的trinamiX 近红外光谱解决方案。
This Policy applies only to trinamiX NIR spectroscopy solution provided by BASF China.
最近更新日期：2022年04月。
Last update date: 042022.
如果您有任何疑问、意见或建议，请通过以下联系方式与我们联系：
If you have any queries, comments or suggestions, please contact us via the following means:
电子邮件：support@trinamixsensing.cn
Email: support@trinamixsensing.cn
本政策将帮助您了解以下内容：
This Policy will help you understand the following:
◼业务功能的个人信息收集使用规则
Rules on collection and use of Personal Information for Business Function
◼我们如何保护您的个人信息
How do we protect your Personal Information
◼您的权利
Your rights
◼我们如何处理儿童的个人信息
How do we process the Personal Information of children
◼您的个人信息如何在全球范围转移
How is your Personal Information transferred globally

巴斯夫中国深知个人信息对您的重要性，并会尽全力保护您的个人信息安全可靠。我们致力于维持您对我们的信任，恪守以下原则，保护您的个人信息：权责一致原则、目的明确原则、选择同意原则、最小必要原则、确保安全原则、主体参与原则、公开透明原则等。同时，巴斯夫中国承诺，我们将按业界成熟的安全标准，采取相应的安全保护措施来保护您的个人信息。
BASF China is fully aware of the importance of your Personal Information to you, and will do its utmost to protect the security and reliability of your Personal Information. We are committed to maintaining your trust in us, and abide by the following principles in our efforts to protect your Personal Information: commensurability of powers and responsibilities, clear purpose, consent, minimum necessary, security assurance, engagement of Subjects, openness and transparency, etc. In the meanwhile, BASF China undertakes to take appropriate security protection measures to protect your Personal Information according to the established industry-specific security standards.
请在使用我们的产品或服务前，仔细阅读并了解本《个人信息保护政策》。
Please read carefully and understand this Personal Information Protection Policy before using our products or services.

业务功能的个人信息收集使用规则
Rules on Collection and Use of Personal Information for Business Function
1、我们收集哪些您的个人信息
1. What Personal Information do we collect?

<>⚫我们提供的业务功能需要依赖部分信息才得以运行。您选择使用本业务功能，则需要向我们提供或允许我们收集的必要信息包括：
Running of this Business Function we provide requires certain information. If you choose to use this Business Function, you need to provide or allow us to collect the following necessary information:
- 身份提供商：通过使用您的身份提供商注册并登录我们的应用服务，您将向我们提供有关您首选的身份提供商信息（例如“微信”）
- Identity Provider: by using your Identity Provider to register and log in to our app service, you give us information about your preferred identity provider (e.g. WeChat)
- 姓名：您将被要求提供您的真实姓名，我们将使用该姓名来创建用户 ID，以确保服务的正常运行
- Name: you will be asked to provide your full name which will be used by us to create a User ID to ensure the normal operation of the service
- 邮件地址：您将被要求提供您的邮件地址，我们将使用该地址创建用户 ID并与您联系，以确保服务的正常运行
- Mail address: you will be asked to provide your mail address which will be used by us to create a User ID and to contact you to ensure the normal operation of the service
共计3类个人信息。
A total of 3 types of Personal Information.
⚫在您使用该业务功能时，我们的App会向您申请下列与个人信息相关的系统权限：
When you are using this Business Function, our App will apply to you for the following Personal Information-related system authorizations:
- 互联网接入：我们需要互联网接入以确保我们所提供服务的正常运行。 通过互联网接入，测量数据将传输至云端，在云端进行数据处理。 如果不能接入互联网，则无法将测量数据转化为测量结果。
- Internet access: we need internet access to ensure the normal operation of the service we provide. With internet access, the measurement data is be transferred to the cloud, where the data is processed. It will be not possible to translate measurement data into results without internet access.
- 无线连接/USB/定位：我们需要访问无线连接/USB/定位，以确保我们提供的服务能正常运行。 通过无线连接，光谱设备可以连接到您的智能手机/平板电脑，这是将测量数据发送到云端的必要条件。通过对您无线连接的访问，在技术上也可能间接获得关于您的位置的信息，即使我们不会使用该功能。
- Wireless connection/USB/Location: we need access to wireless connection/USB/Location to ensure the normal operation of the service we provide. Via wireless connection, the spectroscopy device is connected to your smartphone/tablet, which is needed to send the measurement data to the cloud. By giving access to your wireless connection, it might be technically also possible to indirectly get information about your location, even though we will not use this function.
共计2项系统权限。如果您不授权，将会导致我们无法提供该业务功能。除上述权限之外，您可自主选择是否额外授予App其他的系统权限。
A total of 2 system authorizations. If you do not grant such authorities, we will become unable to provide this Business Function. In addition to the above authorities, you can elect whether to grant additional system authorities to our App.
额外及可选的授权包括：
Additional and optional authorizations include:
- 照相机/QR-/条形码扫描仪：使用此功能，您将更容易识别和管理要测量的样品。
额外及可选的授权包括：
- Camera/QR-/barcode scanner: with this functionality it will be easier for you to identify and manage the samples you want to measure.
- GPS/定位：使用此功能，您将更容易将测量数据标记到特定位置，这在运行历史或地理评估时将具有优势。
- GPS/location: with this functionality it will be easier for you to tag your measurement data to a certain location, which will be of advantage when running historic or geographic evaluations.
这些功能授权是自愿的，可在不影响应用程序功能的情况下撤销。
The authorization of these functions is voluntary and can be withdrawn without comprising of app functionality.

2、我们如何使用您的个人信息
2. How do we use your Personal Information

⚫对于必要的个人信息，我们会用来提供该项业务功能，包括分配个人用户 ID，联系您以便您访问应用程序和隐私声明的修订， 我们也会使用上述信息来维护和改进本项业务功能，开发新的业务功能等。未经事先同意，我们不会使用您的个人信息作广告用途。
We will use the necessary Personal Information to provide this Business Function, including assigning an individual User ID and contacting you to give you access to the app and changes of privacy note, as well as to maintain and improve this Business Function, develop new Business Functions, and so forth. We will not use your personal information for advertising purposes without prior consent.

3、我们如何委托处理、共享、转让、公开披露您的个人信息
3. How do we delegate the processing, sharing, transfer, and public disclosure of your Personal Information
（1）共享
(1)Sharing

我们不会与本公司及本公司关联公司以外的任何公司、组织和个人分享您的个人信息，除非获得您的明确同意。“关联公司”应指，就本公司而言，直接或间接控制该方或受其控制，或与该方同受直接或间接控制的任何实体。如果控制人直接或间接地拥有该实体至少百分之五十（50%）的股权的所有权或有权利影响该实体的管理层。目前，我们会在以下情形中，向您征求您对共享个人信息的授权同意：
We will not share your Personal Information with any company, organization or individual other than this Company and Affiliates of this Company unless we have obtained your Explicit Consent. “Affiliate” shall mean, with respect to this Company, any entity which, directly or indirectly, controls, is controlled by or is under the common control with the Party. An entity shall be deemed to control another person if the controlling person possesses, directly or indirectly, ownership of at least fifty percent (50%) of the equity shares of such an entity or has the power to direct the management of such an entity. In the following cases, we will seek consent from you before sharing your Personal Information:
a)如果在登陆或用户注册方面存在严重问题，我们可能会在征得您的明确同意后，转移以下个人信息：
If there are some serious issues for onboarding or user registration, we might, after your explicit consent, transfer the following personal information: – 姓名
– Name
– 邮件
– Mail address
– 身份提供商
– Identity Provider
– 我们将仅与 trinamiX GmbH （位于德国）共享数据，该公司与巴斯夫中国同受巴斯夫欧洲公司控制/拥有。
– We will share the data only with trinamiX GmbH (located in Germany), who is under the same control/ownership of BASF SE with BASF China.
– 我们可能会根据法律法规或政府主管部门的要求对外分享您的个人信息。
– We may share your Personal Information externally in accordance with laws and regulations or as required by government authorities.
– 姓名

（2）转让
(2)Transfer

我们不会将您的个人信息转让给任何公司、组织和个人，但以下情形除外：
We will not transfer your Personal Information to any company, organization or individual, except in the following cases:
a)在获取明确同意的情况下转让：获得您的明确同意后，我们会向其他方转让您的个人信息；
Transfer with Explicit Consent: we may transfer your Personal Information to other parties after obtaining your Explicit Consent;
b)在涉及合并、收购或破产清算时，如涉及到个人信息转让，我们会在要求新的持有您个人信息的公司、组织继续受此个人信息保护政策的约束，否则我们将要求该公司、组织重新向您征求授权同意。
In case of merger, acquisition or bankruptcy liquidation in which transfer of Personal Information is involved, we will require the new companies or organizations that will hold your Personal Information to continue to be bound by this Personal Information Protection Policy, or alternatively we will require such companies or organizations to seek consent from you again.

（3）公开披露
(3)Public Disclosure

我们仅会在以下情形下，公开披露您的个人信息：
We will publicly disclose your Personal Information only under the following circumstances:
a)获得您明确同意后；
Upon obtaining your Explicit Consent;
b)基于法律的披露：在法律、法律程序、诉讼或政府主管部门强制性要求的情况下，我们可能会公开披露您的个人信息。
Disclosure according to law: We may disclose your Personal Information publicly if required by laws, legal procedures, or litigation or government authorities.

我们如何保护您的个人信息
How do we protect your Personal Information

（一）我们已使用符合业界标准的安全防护措施保护您提供的个人信息， 防止数据遭到未经授权访问、公开披露、使用、修改、损坏或丢失。我们会采取一切合理可行的措施，保护您的个人信息。例如，通过我们的服务器结构，我们确保所有的服务和存储都托管在中国，以便用户的数据留在中国。
(1) We have employed security protection measures that meet industry standards to protect the Personal Information provided by you and prevent such data from unauthorized access, public disclosure, use, modification, damage or loss. We will take all reasonable and feasible measures to protect your Personal Information. For example, with our server structure we ensure that all services and storages are hosted in China so that the user data stays in China.
（二）我们会采取一切合理可行的措施，确保未收集无关的个人信息。我们只会在达成本政策所述目的所需的期限内保留您的个人信息，除非需要延长保留期或受到法律的允许。
(2) We will take all reasonable and feasible measures to ensure that no irrelevant Personal Information is collected. We will retain your Personal Information only for such period as necessary to achieve the purposes specified in this Policy, unless extension of the retention period is needed or permitted by law.
（三）我们将定期更新并公开安全风险、个人信息安全影响评估等报告的有关内容。我们将通过App或您所提供的邮件地址来通知您。
(3) We will regularly update and publish the relevant contents of reports on security risks, personal information security impact assessments and so on. You will be informed by us via App or your given mail address.
（四）互联网环境并非百分之百安全，我们将尽力确保或担保您发送给我们的任何信息的安全性。如果我们的物理、技术、或管理防护设施遭到破坏，导致信息被非授权访问、公开披露、篡改、或毁坏，导致您的合法权益受损，我们将承担相应的法律责任。
(4) The Internet environment is by no means 100% secure. We will do our best to ensure or guarantee the security of any information you send to us. If our physical, technical, or management safeguards are damaged, resulting in unauthorized access, public disclosure, tampering or destruction of any information and therefore causing any damage to your legitimate rights and interests, we will bear the corresponding legal responsibilities therefor.
（五）在不幸发生个人信息安全事件后，我们将按照法律法规的要求，及时向您告知：安全事件的基本情况和可能的影响、我们已采取或将要采取的处置措施、您可自主防范和降低风险的建议、对您的补救措施等。我们将及时将事件相关情况以邮件、信函、电话、推送通知等方式告知您，难以逐一告知个人信息主体时，我们会采取合理、有效的方式发布公告。
(5) After any Personal Information security incident occurs, we will inform you of the following in a timely manner as required by laws and regulations: the basic situation and possible impact of the security incident, measures we have taken or will take to handle the incident, suggestions on the steps you can take independently to prevent and reduce any risks, remedies available to you, etc. We will promptly notify you of the incident-related information by email, letter, phone, push notification or other means. Where it is difficult to inform the Personal Information Subjects individually, a public announcement will be released in a reasonable and effective manner.
同时，我们还将按照监管部门要求，主动上报个人信息安全事件的处置情况。
In the meanwhile, we will report the handling of Personal Information security incidents according to the requirements of regulatory authorities.

您的权利
Your rights

按照中国相关的法律、法规、标准，以及其他国家、地区的通行做法，我们保障您对自己的个人信息行使以下权利：
We will, in accordance with the relevant Chinese laws, regulations and standards, and the common practices in other countries and regions, guarantee that you can exercise the following rights with respect to your Personal Information:

（一）访问您的个人信息
(1) Right of access to your Personal Information

您有权访问您的个人信息，法律法规规定的例外情况除外。如果您想行使数据访问权，可以通过以下方式自行访问：
You have the right of access to your Personal Information, except as otherwise provided by laws and regulations. You may exercise the right of access to data in the following way:
（1. a）移动应用程序
(1.a) mobile App
- 打开 trinamiX光谱应用程序
- Open the trinamiX Spectroscopy App
- 使用您的帐户登录
- Sign In with your account
- 点击右下方的齿轮按钮
- Press the gear button on the bottom right
- 点击“账户”
- Press “Account”
（1. b）网络应用程序
(1.b) web App
- 转到nirs.trinamixsensing.cn
- Go to nirs.trinamixsensing.cn
- 使用您的账户登录
- Sign In with your account
- 点击右上方的头像
- Press on your Avatar on the top right
- 选择“个人资料”
- Select “profile”
对于您在使用我们的产品或服务过程中产生的其他个人信息，只要我们不需要过多投入，我们会向您提供。如果您想行使数据访问权， 请发送电子邮件至zhi-hua.liu@trinamix.de。
With respect to other Personal Information generated during your use of our products or services, we will provide such information to you as long as this is not excessively onerous for us. If you want to exercise the right of access to data, please send an email to zhi-hua.liu@trinamix.de.

（二）更正您的个人信息
(2) Right to correct your Personal Information

当您发现我们处理的关于您的个人信息有错误时，您有权要求我们作出更正。您可以随时使用我们的 Web 表单联系或发送电子邮件至zhi-hua.liu@trinamix.de。
Where you find any error in your Personal Information processed by us, you have the right to require us to make corrections. you can use our web forms to contact us or send an email to zhi-hua.liu@trinamix.de at any time.
我们将在30天内回复您的更正请求。
We will respond to your request for correction within 30 days.

（三）删除您的个人信息
(3) Right to delete your Personal Information

在以下情形中，您可以向我们提出删除个人信息的请求：
You can make a request for deletion of your Personal Information where:
1、如果我们处理个人信息的行为违反法律法规；
1. Our processing of your Personal Information violates any laws or regulations;
2、如果我们收集、使用您的个人信息，却未征得您的同意；
2. We have collected or used your Personal Information without your consent;
3、如果我们处理个人信息的行为违反了与您的约定；
3. Our processing of your Personal Information violates the agreement with you;
4、如果您不再使用我们的产品或服务，或您注销了账号；
4. You no longer use our products or services, or you have cancelled your account;
5、如果我们不再为您提供产品或服务。
5. We no longer provide products or services for you.
若我们决定响应您的删除请求，我们还将同时通知从我们获得您的个人信息的实体，要求其及时删除，除非法律法规另有规定，或这些实体获得您的独立授权。
If we decide to respond to your request for deletion, we will also notify the entities that have obtained your Personal Information from us and require them to delete such information in a promptly manner, except as otherwise provided by laws and regulations, or unless these entities have obtained consent from you separately.
当您从我们的服务中删除信息后，我们可能不会立即在备份系统中删除相应的信息，但会在备份更新时删除这些信息。
Where your Personal Information has been deleted from our service system, we may not delete the corresponding information from the backup system immediately but will instead delete such information when the backup system is updated.

（四）改变您授权同意的范围
(4) Right to change the scope of your consent

每个业务功能需要一些基本的个人信息才能得以完成。对于额外收集的个人信息的收集和使用，您可以随时给予或收回您的授权同意。
Each Business Function needs certain basic Personal Information to be realized. For the collection and use of additional Personal Information, you can give or withdraw your consent at any time.
您可以通过以下方式自行操作：
You can give or withdraw your consent in the following way:
（4.a）移动应用程序
(4.a) mobile App
- 打开 trinamiX Spectroscopy App
- Open the trinamiX Spectroscopy App
- 使用您的账户登录
- Sign In with your account
- 点击右下角的齿轮按钮
- Press the gear button on the bottom right
- 点击“隐私设置”
- Press “Privacy Settings”
（4. b）网络应用程序
(4.b) web App
- 转至nirs.trinamixsensing.cn
- Go to nirs.trinamixsensing.cn
- 点击底部的 "管理Cookies"。
- Press “Manage Cookies” on the bottom
当您收回同意后，我们将不再处理相应的个人信息。但您收回同意的决定，不会影响此前基于您的授权而开展的个人信息处理。
If you withdraw your consent, we will cease processing the corresponding Personal Information. However, your decision to withdraw your consent will not affect our previous Personal Information processing activities carried out under your authorization.

（五）个人信息主体注销账户
(5) Right of Personal Information Subjects to cancel their accounts

您随时可注销此前注册的账户，您可以通过以下方式自行操作：
You can cancel your previously registered account at any time in the following way:
（5. a）移动应用程序
(5.a) mobile App
- 重复（1.a）中所描述的步骤
- Repeat steps described in (1.a)
- 点击 "停用 "按钮
- Press the “Deactivate” button
- 当被问及您是否真的想停用您的账户时，点击 "是"
- Press “Yes” when asked if you really want to deactivate your account
（5. b）网络应用程序
(5.b) web App
- 重复（1. b）中所描述的步骤
- Repeat steps described in (1.b)
- 点击 "停用 "按钮
- Press the “Deactivate” button
- 当问及你是否真的想删除你的账户时，点击 "是"。
- Press “Yes” when asked if you really want to delete your account
在注销账户之后，我们将停止为您提供产品或服务，并根据《中华人民共和国网络安全法》和其他适用的法律规定，在法律规定的保留期限内保留您的个人信息。保留期满后，我们将删除或匿名化您的个人信息。
After your account is deleted, we will stop providing products or services for you and retain your personal information in accordance with the "Cybersecurity Law of the People's Republic of China" and other applicable laws and regulations for a retention period required by the laws. Upon the expiration of the retention period, we will remove or anonymize your personal information.

（六）个人信息主体获取个人信息副本
(6) Right of Personal Information Subjects to obtain copies of their Personal Information

您有权获取您的个人信息副本，您可以通过以下方式操作：发送邮件至mail to zhi-hua.liu@trinamix.de。
You have the right to obtain a copy of your Personal Information in the following way: mail to zhi-hua.liu@trinamix.de
在技术可行的前提下，如数据接口已匹配，我们还可按您的要求，直接将您的个人信息副本传输给您指定的第三方。
Where technically feasible, if the data interface is matched, we can also transmit a copy of your Personal Information directly to a third party designated by you at your request.

（七）约束信息系统自动决策
(7) Restrictions on automated decision-making of information systems

在某些业务功能中，我们可能仅依据信息系统、算法等在内的非人工自动决策机制作出决定。如果这些决定显著影响您的合法权益，您有权要求我们作出解释，我们也将提供适当的救济方式。
In some Business Functions, we may make decisions based solely on non-manual automated decision-making mechanisms including information systems, algorithms, etc. If these decisions significantly affect your lawful rights and interests, you have the right to require us to offer an explanation, and we will also provide appropriate remedies to you.

（八）响应您的上述请求
(8) Responding to your requests

为保障安全，您可能需要提供书面请求，或以其他方式证明您的身份。我们可能会先要求您验证自己的身份，然后再处理您的请求。
To ensure security, you may need to submit a written request or otherwise prove your identity. We may ask you to verify your identity before processing your requests.
我们将在三十天内作出答复。如您不满意，你也可以通过以下渠道进行投诉：zhi-hua.liu@trinamix.de
We will respond to your requests within thirty days. If you are dissatisfied with our response, you can also lodge a complaint through the following channels: zhi-hua.liu@trinamix.de
对于您合理的请求，我们原则上不收取费用，但对多次重复、超出合理限度的请求，我们将视情况收取一定成本费用。对于那些无端重复、需要过多技术手段（例如，需要开发新系统或从根本上改变现行惯例）、给他人合法权益带来风险或者非常不切实际（例如，涉及备份磁带上存放的信息）的请求，我们可能会予以拒绝。
In principle, we do not charge a fee on any reasonable requests made by you, but for repeated requests that exceed reasonable limits, we will charge a certain cost-based fee as appropriate. We may reject unreasonably repetitive requests that require excessive technical means (for example, the development of a new system or fundamental change of existing practices), pose a risk to the legitimate rights and interests of others or are extremely impractical (for example, involving any information stored on backup tapes).
在以下情形中，我们将无法响应您的请求：
We will be unable to respond to any request submitted by you if:
1、与个人信息控制者履行法律法规规定的义务相关的；
1. It is related to the performance by the Personal Information Controller of the obligations provided by laws and regulations;
2、与国家安全、国防安全直接相关的；
2. It is directly related to national security or national defense;
3、与公共安全、公共卫生、重大公共利益直接相关的；
3. It is directly related to public safety, public health, and significant public interests;
4、与刑事侦查、起诉、审判和执行判决等直接相关的；
4. It is directly related to criminal investigation, prosecution, trial, enforcement of judgments and the like;
5、个人信息控制者有充分证据表明个人信息主体存在主观恶意或滥用权利的；
5. The Personal Information Controller has sufficient evidence to prove that the Personal Information Subject is subjectively malicious or has engaged in the abuse of power;
6、出于维护个人信息主体或其他个人的生命、财产等重大合法权益但又很难得到本人同意的；
6. It is necessary for protecting the life, property or other major lawful rights and interests of the Personal Information Subject or other individuals, and it is difficult to obtain their consent;
7、响应个人信息主体的请求将导致个人信息主体或其他个人、组织的合法权益受到严重损害的；
7. Responding to such request would seriously undermine the lawful rights and interests of the Personal Information Subject or other individuals or entities;
涉及商业秘密的。
Trade secrets are involved.

我们如何处理儿童的个人信息
How do we process the Personal Information of children

我们的产品、网站和服务主要面向成人。如果没有父母或监护人的同意，儿童不应创建自己的个人信息主体账户。
Our products, websites and services are mainly for adults. Children should not be allowed to create their own Personal Information Subject account without the consent of their parents or guardians.
对于经父母同意而收集儿童个人信息的情况，我们只会在受到法律允许、父母或监护人明确同意或者保护儿童所必要的情况下使用或公开披露此信息。
For the collection of children’s Personal Information with parental consent, we will use or publicly disclose such information only to the extent permitted by law, with the Explicit Consent of their parents or guardians, or where it is necessary for the purpose of protecting the children.
尽管当地法律和习俗对儿童的定义不同，但我们将不满 14 周岁的任何人均视为儿童。
Although different laws and customs define a child differently, we treat anyone under 14 years of age as a child.
如果我们发现自己在未事先获得可证实的父母同意的情况下收集了儿童的个人信息，则会设法尽快删除相关数据。
If we find that we have collected any child’s Personal Information without prior verifiable parental consent, we will try to delete the relevant data as soon as possible.

您的个人信息如何在全球范围转移
How is your Personal Information transferred globally

原则上，我们在中华人民共和国境内收集和产生的个人信息， 将存储在中华人民共和国境内。
In principle, the Personal Information we collect and generate within the territory of the People’s Republic of China will also be stored within the territory of the People’s Republic of China.
由于我们通过遍布全球的资源和服务器提供产品或服务，这意味着，在获得您的授权同意后，您的个人信息可能会被转移到您使用产品或服务所在国家/地区的境外管辖区，或者受到来自这些管辖区的访问。
We provide products or services with resources and servers deployed across the world, which means that with your consent, your Personal Information may be transferred to the overseas jurisdictions (countries/regions) where you use our products or services, or be accessed from such jurisdictions.
此类管辖区可能设有不同的数据保护法，甚至未设立相关法律。在此类情况下，我们会确保您的个人信息得到在中华人民共和国境内足够同等的保护。例如，我们会请求您对跨境转移个人信息的同意，或者在跨境数据转移之前实施数据去标识化等安全举措。
Such jurisdictions may have different data protection laws, or even have no relevant laws. In such cases, we will ensure that your Personal Information is adequately protected to the same degree it is protected in the People’s Republic of China. For example, we will seek your consent for cross-border transfer of Personal Information, or implement de-identification and other security measures prior to cross-border data transfer.