本政策仅适用于巴斯夫中国的创迈思trinamiX产品或服务。
This Policy applies only to trinamiX products or services of BASF China, including...
最近更新日期：2021年12月。
本政策将帮助您了解以下内容：
This Policy will help you understand the following:
◼业务功能的个人信息收集使用规则
Rules on collection and use of Personal Information for Business Function
◼我们如何保护您的个人信息
How do we protect your Personal Information
◼您的权利
Your rights
◼我们如何处理儿童的个人信息
How do we process the Personal Information of children
◼您的个人信息如何在全球范围转移
How is your Personal Information transferred globally
◼本政策如何更新
How will this Policy be updated
◼如何联系我们
How to contact us
巴斯夫中国深知个人信息对您的重要性，并会尽全力保护您的个人信息安全可靠。我们致力于维持您对我们的信任，恪守以下原则，保护您的个人信息：权责一致原则、目的明确原则、选择同意原则、最小必要原则、确保安全原则、主体参与原则、公开透明原则等。同时，巴斯夫中国承诺，我们将按业界成熟的安全标准，采取相应的安全保护措施来保护您的个人信息。
BASF China is fully aware of the importance of your Personal Information to you, and will do its utmost to protect the security and reliability of your Personal Information. We are committed to maintaining your trust in us, and abide by the following principles in our efforts to protect your Personal Information: commensurability of powers and responsibilities, clear purpose, consent, minimum necessary, security assurance, engagement of Subjects, openness and transparency, etc. In the meanwhile, BASF China undertakes to take appropriate security protection measures to protect your Personal Information according to the established industry-specific security standards.
请在使用我们的产品或服务前，仔细阅读并了解本《个人信息保护政策》。
Please read carefully and understand this Personal Information Protection Policy before using our products or services.

业务功能的个人信息收集使用规则
Rules on Collection and Use of Personal Information for Business Function
1、我们收集哪些您的个人信息
1. What Personal Information do we collect?

⚫我们提供的业务功能需要依赖部分信息才得以运行。您选择使使用该项业务功能，则需要向我们提供或允许我们收集的必要信息包括：个人基本信息（个人姓名、联系电话）、个人职业信息（公司名称、联系邮箱）、网络身份标识（IP地址）
Running of this Business Function we provide requires certain information. If you choose to use this Business Function, you need to provide or allow us to collect the following necessary information: personal information (name, mobile number), vocational information (company name, email) and network ID (IP address).
共计3类个人信息。
A total of 3 types of Personal Information.
您可自主选择向我们提供或允许我们收集下列信息：个人基本信息（个人姓名、联系电话）、个人职业信息（公司名称、联系邮箱）、网络身份标识（IP地址）
You can choose to provide or allow us to collect the following information: personal information (name, mobile number), vocational information (company name, email) and network ID (IP address).
共计3类个人信息。这些信息并非该业务功能运行所必需，但这些信息对改善服务质量、研发新产品或服务等有非常重要的意义。我们不会强制要求您提供这些信息，您如拒绝不会对使用该业务功能产生不利影响。
A total of 3 types of Personal Information. Such information is not necessary for the running of this Business Function, but is of great importance for improving the service quality, developing new products or services or other purposes. You are not mandatorily required to provide such information, and your refusal to provide the same will not adversely affect your use of this Business Function.
⚫在您使用该业务功能时，我们会向您申请下列与个人信息相关的系统权限：个人基本信息（个人姓名、联系电话）、个人职业信息（公司名称、联系邮箱）、网络身份标识（IP地址）
When you are using this Business Function, our App will apply to you for the following Personal Information-related system authorities: personal information (name, mobile number), vocational information (company name, email) and network ID (IP address).
共计3项系统权限。如果您不授权，将会导致我们无法提供该业务功能。除上述权限之外，您可自主选择是否额外授予其他的系统权限。
A total of 3 system authorities. If you do not grant such authorities, we will become unable to provide this Business Function. In addition to the above authorities, you can elect whether to grant additional system authorities to our App.

2、我们如何使用您的个人信息
2. How do we use your Personal Information

⚫对于必要的个人信息，我们会用来提供该项业务功能，包括“产品调研”、“专家回访”等， 我们也会使用上述信息来维护和改进本项业务功能，开发新的业务功能等。
We will use the necessary Personal Information to provide this Business Function, including"product survey”, “business survey”, as well as to maintain and improve this Business Function, develop new Business Functions, and so forth.
⚫对于非必要的个人信息，我们会用于以下用途，包括维护和改进本项业务功能，开发新的业务功能等, 所收集的个人资料将于本推广活动完结后3个月内销毁。
We will use the non-necessary Personal Information for purposes including maintaining and improving the business functions, new business development etc. All personal data collected would be deleted in 3months after the promotional activity is ended.

3、我们如何委托处理、共享、转让、公开披露您的个人信息
3. How do we delegate the processing, sharing, transfer, and public disclosure of your Personal Information
（1）委托处理
(1)Delegated processing

本业务功能中某些具体的模块或功能由外部供应商提供。例如我们会聘请服务提供商来协助我们提供客户支持。
Certain modules or sub-functions in this Business Function will be provided by external suppliers. For example, we will engage service providers to assist us in providing customer support.
对我们委托处理个人信息的公司、组织和个人，我们会与其签署严格的保密协定，要求他们按照我们的要求、本个人信息保护政策以及其他任何相关的保密和安全措施来处理个人信息。
We will sign strict confidentiality agreements with companies, organizations and individuals we have engaged to process Personal Information, and require them to process Personal Information according to our requirements, this Personal Information Protection Policy and any other related confidentiality and security measures.

（2）共享
(2)Sharing

我们不会与本公司及本公司关联公司以外的任何公司、组织和个人分享您的个人信息，除非获得您的明确同意。“关联公司”应指，就本公司而言，直接或间接控制该方或受其控制，或与该方同受直接或间接控制的任何实体。如果控制人直接或间接地拥有该实体至少百分之五十（50%）的股权的所有权或有权利影响该实体的管理层。目前，我们会在以下情形中，向您征求您对共享个人信息的授权同意：
We will not share your Personal Information with any company, organization or individual other than this Company and Affiliates of this Company unless we have obtained your Explicit Consent. “Affiliate” shall mean, with respect to this Company, any entity which, directly or indirectly, controls, is controlled by or is under the common control with the Party. An entity shall be deemed to control another person if the controlling person possesses, directly or indirectly, ownership of at least fifty percent (50%) of the equity shares of such an entity or has the power to direct the management of such an entity. In the following cases, we will seek consent from you before sharing your Personal Information:

（3）转让
(3)Transfer

我们不会将您的个人信息转让给任何公司、组织和个人，但以下情形除外：
We will not transfer your Personal Information to any company, organization or individual, except in the following cases:
a)在获取明确同意的情况下转让：获得您的明确同意后，我们会向其他方转让您的个人信息；
Transfer with Explicit Consent: we may transfer your Personal Information to other parties after obtaining your Explicit Consent;
b)在涉及合并、收购或破产清算时，如涉及到个人信息转让，我们会在要求新的持有您个人信息的公司、组织继续受此个人信息保护政策的约束，否则我们将要求该公司、组织重新向您征求授权同意。
In case of merger, acquisition or bankruptcy liquidation in which transfer of Personal Information is involved, we will require the new companies or organizations that will hold your Personal Information to continue to be bound by this Personal Information Protection Policy, or alternatively we will require such companies or organizations to seek consent from you again.

（4）公开披露
(4)Public Disclosure

我们仅会在以下情形下，公开披露您的个人信息：
We will publicly disclose your Personal Information only under the following circumstances:
a)获得您明确同意后；
Upon obtaining your Explicit Consent;
b)基于法律的披露：在法律、法律程序、诉讼或政府主管部门强制性要求的情况下，我们可能会公开披露您的个人信息。
Disclosure according to law: We may disclose your Personal Information publicly if required by laws, legal procedures, or litigation or government authorities.

我们如何保护您的个人信息
How do we protect your Personal Information

（一）我们已使用符合业界标准的安全防护措施保护您提供的个人信息， 防止数据遭到未经授权访问、公开披露、使用、修改、损坏或丢失。我们会采取一切合理可行的措施，保护您的个人信息。
我们已使用符合业界标准的安全防护措施保护您的用户信息，防止数据遭到未经授权的访问、公开披露、使用、修改、损坏或丢失。我们会采取一切合理可行的措施，保护您的用户信息。例如，我们会部署访问控制机制，确保只有授权人员才可访问用户信息；以及我们会举办安全和隐私保护培训课程，加强员工对于保护用户信息重要性的认识。-
(1) We have employed security protection measures that meet industry standards to protect the Personal Information provided by you and prevent such data from unauthorized access, public disclosure, use, modification, damage or loss. We will take all reasonable and feasible measures to protect your Personal Information. For example: we will deploy an access control mechanism to ensure that only authorized personnel can access user information; and we will organize security and privacy protection training courses to strengthen employees’ awareness of the importance of protecting user information
（二）我们已经取得了以下认证：信息系统安全等级保护三级认证、ISO9001质量管理体系认证、ISO27001信息安全管理体系认证证书。
(2) We have obtained the following certifications: Information system security level protection three-level certification, ISO9001 quality management system certification, ISO27001 information security management system certification -
（三）我们的数据安全能力：我们依据《数据安全法》、《网络安全法》、《个人信息安全规范》等一系列法律法规和行业标准已先后完成了个推业务信息系统安全等级保护三级认证、数据分类分级及配套的数据安全保障技术（明确数据脱敏、存储等要求）等一系列工作，制定了《安全总纲》、《数据分类分级规范》、《安全事件管理规范》等各种管控流程和应急响应制度等，对管理体系建设、物理环境安全、主机安全、应用系统安全、网络安全、数据安全等维度构建了企业数据安全“防火墙”，已经建立起贯穿数据积累、数据处理和使用、数据传输和存储等全链条的数据安全管控与防护机制。
(3) Our data security capacity: In accordance with a series of laws, regulations and industry standards such as the "Data Security Law", "Cyber Security Law", and "Personal Information Security Regulations", we have successively completed the three-level certification of the security level protection of the business information system, data classification and grading, and supporting systems. Data security assurance technology (clear data desensitization, storage, etc. requirements) and a series of work, formulated various management and control procedures and emergency response systems such as the "Safety General Program", "Data Classification and Classification Specifications", "Security Incident Management Specifications", etc., An enterprise data security "firewall" has been built for management system construction, physical environment security, host security, application system security, network security, and data security. It has been established throughout data accumulation, data processing and use, data transmission and storage, etc. The chain's data security control and protection mechanism.
（四）我们会采取一切合理可行的措施，确保未收集无关的个人信息。我们只会在达成本政策所述目的所需的期限内保留您的个人信息，除非需要延长保留期或受到法律的允许。
(4) We will take all reasonable and feasible measures to ensure that no irrelevant Personal Information is collected. We will retain your Personal Information only for such period as necessary to achieve the purposes specified in this Policy, unless extension of the retention period is needed or permitted by law.
（五）我们将定期更新并公开安全风险、个人信息安全影响评估等报告的有关内容。您可通过以下方式获得: 访问巴斯夫中国网站www.basf.com/cn
(5) We will regularly update and publish the relevant contents of reports on security risks, personal information security impact assessments and so on. You can obtain such contents by the following means: visit website: www.basf.com/cn
（六）互联网环境并非百分之百安全，我们将尽力确保或担保您发送给我们的任何信息的安全性。如果我们的物理、技术、或管理防护设施遭到破坏，导致信息被非授权访问、公开披露、篡改、或毁坏，导致您的合法权益受损，我们将承担相应的法律责任。
(6) The Internet environment is by no means 100% secure. We will do our best to ensure or guarantee the security of any information you send to us. If our physical, technical, or management safeguards are damaged, resulting in unauthorized access, public disclosure, tampering or destruction of any information and therefore causing any damage to your legitimate rights and interests, we will bear the corresponding legal responsibilities therefor.
（七）在不幸发生个人信息安全事件后，我们将按照法律法规的要求，及时向您告知：安全事件的基本情况和可能的影响、我们已采取或将要采取的处置措施、您可自主防范和降低风险的建议、对您的补救措施等。我们将及时将事件相关情况以邮件、信函、电话、推送通知等方式告知您，难以逐一告知个人信息主体时，我们会采取合理、有效的方式发布公告。
(7) After any Personal Information security incident occurs, we will inform you of the following in a timely manner as required by laws and regulations: the basic situation and possible impact of the security incident, measures we have taken or will take to handle the incident, suggestions on the steps you can take independently to prevent and reduce any risks, remedies available to you, etc. We will promptly notify you of the incident-related information by email, letter, phone, push notification or other means. Where it is difficult to inform the Personal Information Subjects individually, a public announcement will be released in a reasonable and effective manner.
同时，我们还将按照监管部门要求，主动上报个人信息安全事件的处置情况。
In the meanwhile, we will report the handling of Personal Information security incidents according to the requirements of regulatory authorities.

您的权利
Your rights

按照中国相关的法律、法规、标准，以及其他国家、地区的通行做法，我们保障您对自己的个人信息行使以下权利：
We will, in accordance with the relevant Chinese laws, regulations and standards, and the common practices in other countries and regions, guarantee that you can exercise the following rights with respect to your Personal Information:

（一）访问您的个人信息
(1) Right of access to your Personal Information

如果您想了解您的个人信息，您可以随时使用我们的 Web 表单联系，或发送电子邮件至rachel.yao@basf.com
If you cannot access your Personal Information through the above link, you can use our web forms to contact us or send an email to Rachel.yao@basf.com at any time.
我们将在30天内回复您的访问请求。
We will respond to your request for access within 30 days.
对于您在使用我们的产品或服务过程中产生的其他个人信息，只要我们不需要过多投入，我们会向您提供。如果您想行使数据访问权， 请发送电子邮件至rachel.yao@basf.com
With respect to other Personal Information generated during your use of our products or services, we will provide such information to you as long as this is not excessively onerous for us. If you want to exercise the right of access to data, please send an email to rachel.yao@basf.com

（二）更正您的个人信息
(2) Right to correct your Personal Information

当您发现我们处理的关于您的个人信息有错误时，您有权要求我们作出更正。您可以通过“（一）访问您的个人信息”中罗列的方式提出更正申请。
Where you find any error in your Personal Information processed by us, you have the right to require us to make corrections. You can file a request for correction by the means listed in “(1) Right of access to your Personal Information”.
如果您无法通过上述链接更正这些个人信息，您可以随时使用我们的 Web 表单联系，或发送电子邮件至rachel.yao@basf.com-
If you cannot access your Personal Information through the above link, you can use our web forms to contact us or send an email to Rachel.yao@basf.com at any time.
我们将在30天内回复您的更正请求。
We will respond to your request for correction within 30 days.

（三）删除您的个人信息
(3) Right to delete your Personal Information

在以下情形中，您可以向我们提出删除个人信息的请求：
You can make a request for deletion of your Personal Information where:
1、如果我们处理个人信息的行为违反法律法规；
1. Our processing of your Personal Information violates any laws or regulations;
2、如果我们收集、使用您的个人信息，却未征得您的同意；
2. We have collected or used your Personal Information without your consent;
3、如果我们处理个人信息的行为违反了与您的约定；
3. Our processing of your Personal Information violates the agreement with you;
4、如果您不再使用我们的产品或服务，或您注销了账号；
4. You no longer use our products or services, or you have cancelled your account;
5、如果我们不再为您提供产品或服务。
5. We no longer provide products or services for you.
若我们决定响应您的删除请求，我们还将同时通知从我们获得您的个人信息的实体，要求其及时删除，除非法律法规另有规定，或这些实体获得您的独立授权。
If we decide to respond to your request for deletion, we will also notify the entities that have obtained your Personal Information from us and require them to delete such information in a promptly manner, except as otherwise provided by laws and regulations, or unless these entities have obtained consent from you separately.
当您从我们的服务中删除信息后，我们可能不会立即在备份系统中删除相应的信息，但会在备份更新时删除这些信息。
Where your Personal Information has been deleted from our service system, we may not delete the corresponding information from the backup system immediately but will instead delete such information when the backup system is updated.

（四）约束信息系统自动决策
(4) Restrictions on automated decision-making of information systems

在某些业务功能中，我们可能仅依据信息系统、算法等在内的非人工自动决策机制作出决定。如果这些决定显著影响您的合法权益，您有权要求我们作出解释，我们也将提供适当的救济方式。
In some Business Functions, we may make decisions based solely on non-manual automated decision-making mechanisms including information systems, algorithms, etc. If these decisions significantly affect your lawful rights and interests, you have the right to require us to offer an explanation, and we will also provide appropriate remedies to you.

（五）响应您的上述请求
(5) Responding to your requests

为保障安全，您可能需要提供书面请求，或以其他方式证明您的身份。我们可能会先要求您验证自己的身份，然后再处理您的请求。
To ensure security, you may need to submit a written request or otherwise prove your identity. We may ask you to verify your identity before processing your requests.
我们将在三十天内作出答复。如您不满意，还可以通过以下途径投诉：发送电子邮件至rachel.yao@basf.com-
We will respond to your requests within thirty days. If you are dissatisfied with our response, you can also lodge a complaint through the following channels: .
对于您合理的请求，我们原则上不收取费用，但对多次重复、超出合理限度的请求，我们将视情收取一定成本费用。对于那些无端重复、需要过多技术手段（例如，需要开发新系统或从根本上改变现行惯例）、给他人合法权益带来风险或者非常不切实际（例如，涉及备份磁带上存放的信息）的请求，我们可能会予以拒绝。
In principle, we do not charge a fee on any reasonable requests made by you, but for repeated requests that exceed reasonable limits, we will charge a certain cost-based fee as appropriate. We may reject unreasonably repetitive requests that require excessive technical means (for example, the development of a new system or fundamental change of existing practices), pose a risk to the legitimate rights and interests of others or are extremely impractical (for example, involving any information stored on backup tapes).
在以下情形中，我们将无法响应您的请求：
We will be unable to respond to any request submitted by you if:
1、与个人信息控制者履行法律法规规定的义务相关的；
1. It is related to the performance by the Personal Information Controller of the obligations provided by laws and regulations;
2、与国家安全、国防安全直接相关的；
2. It is directly related to national security or national defense;
3、与公共安全、公共卫生、重大公共利益直接相关的；
3. It is directly related to public safety, public health, and significant public interests;
4、与刑事侦查、起诉、审判和执行判决等直接相关的；
4. It is directly related to criminal investigation, prosecution, trial, enforcement of judgments and the like;
5、个人信息控制者有充分证据表明个人信息主体存在主观恶意或滥用权利的；
5. The Personal Information Controller has sufficient evidence to prove that the Personal Information Subject is subjectively malicious or has engaged in the abuse of power;
6、出于维护个人信息主体或其他个人的生命、财产等重大合法权益但又很难得到本人同意的；
6. It is necessary for protecting the life, property or other major lawful rights and interests of the Personal Information Subject or other individuals, and it is difficult to obtain their consent;
7、响应个人信息主体的请求将导致个人信息主体或其他个人、组织的合法权益受到严重损害的；
7. Responding to such request would seriously undermine the lawful rights and interests of the Personal Information Subject or other individuals or entities;
涉及商业秘密的。
Trade secrets are involved.

我们如何处理儿童的个人信息
How do we process the Personal Information of children

我们的产品、网站和服务主要面向成人。如果没有父母或监护人的同意，儿童不应创建自己的个人信息主体账户。
Our products, websites and services are mainly for adults. Children should not be allowed to create their own Personal Information Subject account without the consent of their parents or guardians.
对于经父母同意而收集儿童个人信息的情况，我们只会在受到法律允许、父母或监护人明确同意或者保护儿童所必要的情况下使用或公开披露此信息。
For the collection of children’s Personal Information with parental consent, we will use or publicly disclose such information only to the extent permitted by law, with the Explicit Consent of their parents or guardians, or where it is necessary for the purpose of protecting the children.
尽管当地法律和习俗对儿童的定义不同，但我们将不满 14 周岁的任何人均视为儿童。
Although different laws and customs define a child differently, we treat anyone under 14 years of age as a child.
如果我们发现自己在未事先获得可证实的父母同意的情况下收集了儿童的个人信息，则会设法尽快删除相关数据。
If we find that we have collected any child’s Personal Information without prior verifiable parental consent, we will try to delete the relevant data as soon as possible.

您的个人信息如何在全球范围转移
How is your Personal Information transferred globally

原则上，我们在中华人民共和国境内收集和产生的个人信息， 将存储在中华人民共和国境内。
In principle, the Personal Information we collect and generate within the territory of the People’s Republic of China will also be stored within the territory of the People’s Republic of China.
由于我们通过遍布全球的资源和服务器提供产品或服务，这意味着，在获得您的授权同意后，您的个人信息可能会被转移到您使用产品或服务所在国家/地区的境外管辖区，或者受到来自这些管辖区的访问。
We provide products or services with resources and servers deployed across the world, which means that with your consent, your Personal Information may be transferred to the overseas jurisdictions (countries/regions) where you use our products or services, or be accessed from such jurisdictions.
此类管辖区可能设有不同的数据保护法，甚至未设立相关法律。在此类情况下，我们会确保您的个人信息得到在中华人民共和国境内足够同等的保护。例如，我们会请求您对跨境转移个人信息的同意，或者在跨境数据转移之前实施数据去标识化等安全举措。
Such jurisdictions may have different data protection laws, or even have no relevant laws. In such cases, we will ensure that your Personal Information is adequately protected to the same degree it is protected in the People’s Republic of China. For example, we will seek your consent for cross-border transfer of Personal Information, or implement de-identification and other security measures prior to cross-border data transfer.