The Symrise Group (hereinafter "Symrise"), is pleased that you are visiting our website. Data protection and data security are very important to us. Therefore, we would like to inform you about the personal data we collect during your visit to our website and about the intended purposes.

As changes to the law or changes to our corporate processes may require an adaptation of this privacy statement, we ask you to read this privacy policy regularly. The privacy policy can be accessed any time under “Privacy Policy”, saved and printed out.

§ 1 Data Controller and Scope

The controller according to the EU General Data Protection Regulation (hereinafter: GDPR) and other national data protection acts of the Member States, as well as other data protection regulations, is:

Symrise AG
Mühlenfeldstraße 1
37603 Holzminden
Deutschland

Phone: +49 (0) 5531 90-0
Fax: +49 (0) 5531 90-1617
E-Mail: data-protection@symrise.com

This privacy policy applies to the online presence of Symrise, which is available at www.symrise.com and the various subdomains (hereinafter referred to as "our website").

§ 2 Data Protection Officer

The external Data Protection Officer of Symrise is:

Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
D-50672 Cologne

Phone: +49 (0)221 – 222 183 – 0
E-Mail: dpo-symrise@kinast.eu 
Website: kinast.eu/en

§ 3 Principles of Processing Personal Data

Personal data are all information relating to an identified or identifiable natural person. This includes information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior. Information that cannot (or only with a disproportionate effort) be referred to your person, e.g. by anonymizing the information, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis or your consent.
Processed personal data will be deleted as soon as the purpose of the processing has been fulfilled and no legally prescribed retention obligations are to be observed.

In case we process your personal data for the provision of certain offers, please find below information about the specific processes, the scope and purpose of data processing, the legal basis for processing and the respective storage period.

§ 4 Processing activities

1. Access and Use of the website 

a. Scope and Purpose of the Processing

When you access and use our website, we only collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file.
The following personal data is recorded to the extent necessary for the provision of a functional website and our contents and services:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • The website from which access is made (referrer URL)
  • The used browser and, if applicable, the operating system of your computer as well as the name of your access provider

b. Legal Basis

Article 6 (1) lit. f)GDPR serves as the legal basis for the data processing. The processing of the mentioned data is necessary for the provision of our services and thus serves the protection of a legitimate interest of our company.

c. Data Deletion and Storage Time

The data subject’s personal data are deleted or blocked as soon as the purpose of the storage is fulfilled. Data older than seven days is getting deleted. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection for the user. Further storage may take place in individual cases if this is required by law.

2. Contact options

a. Scope and purpose of Processing

On our website, we offer you the opportunity to contact us via the forms provided or various email addresses in order to submit your concerns, make product enquiries or receive information about our company. If you make use of our contact options, the following personal data will be processed:

  • Name
  • Email address
  • Country
  • Subject and content of your contact

If you provide them voluntarily:

  • Address
  • Telephone number
  • Fax number
  • Your company

Your email address, name, country (if applicable) as well as the subject and content of your contact serve the purpose of allocating your enquiry and responding to you. When using our contact options, your personal data will not be passed on to third parties.

b. Legal basis

The data processing described above (cf. § 4 3. a.) for the purpose of establishing contact is carried out voluntarily in accordance with Article 6 (1) lit. a) GDPR on the declaration of consent submitted by you.

c. Data Deletion and Storage Time

As soon as the enquiry you have made has been dealt with and the relevant matter has been conclusively clarified, the personal data processed in relation to your contact will be deleted. Further storage may take place in individual cases if this is required by law.

3. “Investor News and Corporate Reports“

a. Scope and purpose of the Processing

Under the "Investors" tab, you can use the "IR Distribution List" button to call up a contact form in order to be entered in our Investor Relations distribution list, to receive the publication of our quarterly announcements and other ad-hoc announcements and/or to request a print copy of our corporate report. When you join the distribution list and/or request a print copy of our corporate report, we process the following personal data from you:

  • Salutation
  • Name
  • Email address
  • Investor affiliation
  • Preferred language
  • Address (only required for ordering our company report)
  • Country

If you provide them voluntarily:

  • Title
  • Your company

The purpose of providing your personal data as described above is to enable us to send you the desired information to the desired (email) address in accordance with your language preference. If you register on our distribution list, your personal data will be processed by our US-based service provider "Nasdaq" on our behalf and in accordance with our instructions (for more information, see § 5). Your data will not be passed on to any other third parties.

For adding recipients to the distribution list, we use the so-called double opt-in procedure, i.e. we will only send you the newsletter if you first confirm your registration via the link that we send you for this purpose in a confirmation email. In this way, we want to ensure that only you yourself, as the owner of the email address provided, can register for the newsletter. Your confirmation must be sent promptly after receipt of the confirmation email, otherwise your newsletter registration will be automatically deleted from our database.

b. Legal basis

The processing of your personal data for the purpose of entering you in our Investor Relations distribution list and/or sending you our corporate report - as described under § 4 2. a. - only takes place if you have voluntarily given us your consent in each case in accordance with Art. 6 Para. 1 sent. 1 lit. a) GDPR. Your consent can be revoked in each case and at any time with effect for the future by unsubscribing via a link in the footer of the investor communication or by sending us an email to ir@symrise.com.

c. Data Deletion and Storage Time

Your personal data will be processed and stored by us as described under § 4 2. a. for as long as it is required for the transmission of our quarterly reports and other ad-hoc reports and/or the transmission of the corporate report or until you revoke your consent. If it is no longer necessary for the respective purpose or as soon as you have revoked your consent, your personal data will be deleted. Further storage may take place in individual cases if required by law.

4. Applicant Portal

a. Scope and purpose of the Processing

On our career section, you have the opportunity to find out about vacant positions and to upload your application to our applicant portal. Your personal data will only be processed by us for the purpose of managing your application and may be forwarded within the company. For further information on data processing in the context of your application, please refer to the respective data protection statements on our careers page.

When you use our applicant portal, we collect the following data, which is technically necessary for us to be able to display the applicant portal to you and to ensure stability and security:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the file accessed
  • Website from which access was made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider.

Please note that the use of functional cookies must be consented to in order to operate the applicant portal.

b. Legal Basis

Article 6 (1) lit. a) GDPR serves as the legal basis for the data processing. You can revoke your voluntarily declared consent at any time by prohibiting the use of functional cookies again.

c. Data deletion and Storage Time

As soon as the aforementioned data is no longer required to display the applicant portal, it will be deleted. This takes place after 7 days. Further storage may take place in individual cases if this is required by law.

5. „Job Alert“ Newsletter (career section)

a. Scope and purpose of Processing

In our career section you have the option of subscribing to a free newsletter, the so-called “Job Alert”. This will inform you regularly, at intervals chosen by you, about new job advertisements. For this purpose, we require the following personal data from you:

  • Name
  • Email address

Your data will not be passed on to third parties in connection with the newsletter dispatch.

For sending the newsletter, we use the so-called double opt-in procedure, i.e. we will only send you the newsletter if you first confirm your registration via the link that we send you for this purpose in a confirmation email. In this way, we want to ensure that only you yourself, as the owner of the email address provided, can register for the newsletter. Your confirmation must be sent promptly after receipt of the confirmation email, otherwise your newsletter registration will be automatically deleted from our database.

b. Legal basis

The processing of your name and email address for the newsletter dispatch is based on your voluntary declaration of consent in accordance with Art. 6 Para. 1 sent. 1 lit. a GDPR. Your consent can be revoked at any time with effect for the future by unsubscribing via a link in the footer of our newsletter or by sending us an email to info@symrise.com.

c. Data deletion and Storage Time

Your name and email address will be stored for as long as you are subscribed to the newsletter. After unsubscribing from our newsletter, your aforementioned personal data will be deleted. Further storage may take place in individual cases if required by law.

6. Marketing Communication

a. Scope and Purpose of the Processing

On our websites, you can choose to be contacted by us with information on topics related to Symrise, which may include newsletter, new products information or event invitation (hereinafter referred to as: marketing communication). Your personal information will only be used for the purpose described before and will not be sold.

For the purpose of providing you with such marketing communication we use the following personal data as contact information about you:

  • Name
  • Email address
  • Company
  • Title
  • Country/Location

This information is also needed to ensure your serious interest in Symrise and our products. For the collection and storage of your personal data Symrise AG will be the main responsible controller. However, while Symrise AG is responsible regarding the use of your contact information for marketing communication on a global scale, there is also a regional point of contact and a local point of contact, which act as a so-called joint controller together with Symrise AG. In this context, your country/location is needed in order to ensure that you will be assigned to the accurate responsible points of contact within Symrise. In other words, regarding the processing of your personal data and the use for marketing communications there will be one global joint controller (Symrise AG), one regional joint controller (regional Headquarter) and one local joint controller (Local Point of Contact) only. Next to Symrise AG, which also acts as the regional Headquarter for the European, African and Middle East Area, there are three more regional Headquarters, which are Symrise APAC pte. Ltd., Singapore (for the Asian Pacific Area), Symrise Inc., USA (for North America) and Symrise Aromas e Fragrancias Ltda. (South & Central America). For your local Point of Contact, which is the local joint controller at the same time, please see the list of countries. If your country/location is not explicitly named in this list (i.e. you would fall under “other countries”) your local point of contact will the respective regional Headquarter as described before.

Besides, in case your country/location is not part of the European Economic Area (EEA), your contact information is shared with the responsible affiliates outside the EEA, regarding transfers outside the EEA please refer to § 5.

Furthermore, if you have indicated to be in the USA your personal data will be stored on our database in the USA, if you have indicated any other country, your personal data will be stored on our database in the Netherlands.

b. Legal Basis

We will only process your personal data as described before (cf. § 4 5. a.), when you have given your free consent according to Article 6 (1) lit. a) GDPR. You can withdraw your consent at any time for the future by using the unsubscribe link at the bottom of each communication.

c. Data Deletion and Storage Time

Your above-mentioned personal data (cf. § 4 5 a.) will be stored for three years as of the time when it was collected and then be deleted, except the responsible joint controllers obtain another consent from you. Besides, your contact information will be deleted if you have unsubscribed from the marketing communication. Further storage may take place in individual cases if this is required by law.

§ 5 Recipients of Personal Data and Data Transfers in-/ouside of the European Economic Area

1. When and why may we share your personal data

We will only share your personal data with third parties and other recipients where we have an appropriate legal ground under the GDPR, which permits us to do so. Commonly, this could include situations where we are legally obliged to provide the information (e.g. to data protection authorities), to comply with our contractual duties (e.g. to an affiliated company, if necessary in terms of our business relation.), where it is necessary in our legitimate interest (e.g. for compliance reasons), or where you have given your express consent to do so (e.g. to third-party Cookie providers).

We have also engaged certain service providers that process your data on our behalf and, therefore, are so-called data processors (e.g. our provider of the website and agencies that help us managing our content thereof). Such data processors are contractually obliged to solely process your personal data based on our contractual agreement and in line with our predefined instructions. As data processors our service providers are also recipients of your personal data.

2. Data Transfers in-/outside the European Economic Area

In general, the processing of your personal data is based inside the European Economic area (EEA). However, in the course of providing this website and its features, we use certain service providers and/or third party service providers (hereinafter referred to as recipients) (see under 3.) who may process your personal data not within but in a country outside the EEA. The transfer to recipients outside the EEA takes place on the basis of a so-called adequacy decision of the EU Commission pursuant to Art. 45 GDPR or on the basis of the Standard Data Protection Clauses of the European Union as an appropriate safeguard according to Art. 46 GDPR to ensure an adequate level of data protection in regard of the processing of your personal data.

However, when transferring your personal data to a recipient located in a country outside the EEA on the basis of EU standard contractual clauses, the processing may not be adequately protected due to the specific national laws applicable to the recipient in such country. This includes sharing your personal data with and the transfer of your personal data to recipients in the USA. This is because US authorities are entitled under applicable US law to access and use personal data of data subjects whose data is transferred from the EU to the US and who are non-US citizens, without specific grounds and without the possibility to object to unlawful access. Furthermore, these transfers are not regulated in such a way that would meet requirements equivalent to those existing under EU law specifically regarding the principle of proportionality as monitoring programs based on US legislation are not limited to what is strictly necessary.

Therefore, when we are aware that your personal data may be transferred to the US, e.g. to Google LLC or other recipients, we ensure to collect your express consent and inform you in this Privacy Policy about the corresponding risk that your data may not be appropriately safeguarded regarding illegitimate access or use, before such transfer takes place.

3. List of Recipients of your personal data

Recipient/Category of RecipientPurpose of transfer/disclosureLegal basis of the processingData transfer outside the EEA
Maxcluster GmbHHosting and support of our IT-systems and infrastructureLegitimate interestGermany
Die Medialen GmbHSupport on providing the website and the content thereofLegitimate interestGermany
OneTrust, LLCProvision of a platform to manage cookie consentLegitimate interestEU and US
Google Ireland LimitedAnalysis of website usage (Google Analytics)ConsentEU and US
Google LLCProvision of videos via the service YoutubeConsentEU and US
Investis DigitalProvision of a software for displaying share pricesConsentEngland
Saba Software Inc.Provision of a digital application processConsentEU and US
Vara Research GmbHProvision of a current consensusConsentEU
LinkedIn Ireland Unlimited CompanyProvision of a login function and the retrieval of data within the digital application processConsentEU and US
StreamShark.ConsentWorldwide
Twitter Inc.Provision of content from the platform TwitterConsentEU and US
Vimeo LLCProvision of videos via the Vimeo serviceConsentEU and US
Subsidiaries and affiliated companiesQuotes, Sales, Marketing, fraud protection, storage etc.- Contractual relation or pre-contractual steps
- Legitimate interest; or, if required,
- Consent
Worldwide
National and EU Authorities and Law Enforcement AgenciesOnly as an exemption, where no rights and freedoms of the affeted data subjects overweigh: Ensure compliance with laws or in exceptional situations (e.g. data security incidents)- Legal obligation; or
- Legitimate interests
 
Facebook Inc.Provision of content from the platform InstagramConsentEU and US
Nasdaq OMX Corporate Solutions LLCManagement of the Investor Relations distribution listConsentEU and US
SAP Marketing CloudE-mail marketing automationConsentEU and US
    

§ 6 Cookies

We use cookies on our website. Cookies are small files that are sent by us to the browser of your terminal device when you visit our website and are stored there. Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, however, enable us to carry out various analyses. Cookies are, for example, able to recognise the browser you are using when you visit our website again and to transmit various information to us. With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.

The use of technically necessary cookies is intended to ensure the protection of our legitimate interests pursuant to Art. 6 para. 1 sent. 1 lit. f GDPR to be able to provide you with our website with the functions required for this purpose. However, before we set any cookies that are not technically necessary, we obtain your consent via the "cookie banner" or the "cookie settings" in accordance with Article 6 para. 1 sent. 1 lit. a) GDPR. You can of course change your cookie settings on our website at any time by clicking on the "Change cookie settings" link in the footer of the website.

For more information, please see our Cookie Policy

§ 7 Tracking and analysis tools

We use tracking and analysis tools to ensure the ongoing optimisation and needs-based design of our website. With the help of tracking measures, it is also possible for us to statistically record the use of our website by visitors and to further develop our online offer for you with the help of the knowledge gained.

Based on these interests, the use of the tracking and analysis tools described below is justified pursuant to Art. 6 para. 1 sent. 1 lit. f) GDPR. If you have given us your consent to the use of cookies, tracking and analysis tools on the basis of a notice issued by us on the website ("cookie banner" or cookie settings), the lawfulness of the use is additionally based on Art. 6 para. 1 sent. 1 lit. a) GDPR.

For more information, please see our Cookie Policy.

§ 8 Hyperlinks

Our website contains hyperlinks to websites of other providers. When you activate these hyperlinks, you will be directed directly to the other providers' website. You will recognize this when the URL is changed. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.

§ 9 Your Rights as a Data Subject

The GDPR provides you as a Data Subject with the following rights in case you are subject to a data processing:

  • Pursuant to Article 15 GDPR you can request information about your personal data processed by us. 
  • In particular, you may obtain information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the right to lodge a complaint with a supervisory authority, the origin of your data, if not collected from us, about transfer to third countries or international organizations, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about the logic involved.
  • Pursuant to Article 16 GDPR you can immediately demand the correction of incorrect data or the completion of your personal data stored with us.
  • Pursuant to Article 17 GDPR, you may request the deletion of your personal data stored by us, provided that the processing is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
  • Pursuant to Article 18 GDPR, you can request the restriction of the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful, if we no longer need the data and if you refuse their deletion because you need to establish, exercise or defend legal claims. You are also entitled to the right under Article 18 GDPR if you have objected to the processing in accordance with Article 21 GDPR.
  • Pursuant to Article 20 GDPR, you may request that the personal data you have provided us with be received in a structured, current and machine-readable format or you may request that it be transmitted to another person responsible.
  • Pursuant to Article 7 (3) GDPR you can withdraw your consent at any time. As a consequence, we are no longer allowed to continue the data processing based on this consent for the future.
  • Pursuant to Article 77 GDPR, you have the right to complain to a supervisory authority. You can contact the supervisory authority of your habitual residence, place of work or our company headquarters.

§ 10 Right to Object

In case the processing of your personal data is based on legitimate interest in accordance with Article 6 (1) lit. f)GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR insofar as there are reasons which arise from your particular situation or if the objection refers to direct marketing. In the case of direct marketing, you have a general right of objection which will be considered without mentioning any particular situation.

§ 11 Data Security and Security Measures

We are committed to protecting your privacy and treating your personal information confidentially. In order to avoid any manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security measures that are regularly reviewed and adapted to technological progress. This includes, among other things, the use of recognized encryption methods (SSL or TLS). 

However, we would like to point out that due to the structure of the internet, it is possible that the rules of data protection and the above mentioned security measures may not be observed by other persons or institutions for which we are not responsible. 
In particular, unencrypted data - e.g. if this is done by e-mail - can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.