Data Privacy Statement – OneLogin at Covestro

Copied to clipboard


Imprint | Covestro AG

Data privacy

Covestro is aware that the protection of your private information is a very important concern as you use our websites. We take the protection of your personal data very seriously. Therefore, we would like to take this opportunity to explain the basic principles we apply in handling your personal data. This information is always provided whenever such data is collected.
The following document refers to the statutory regulations of the EU General Data Protection Regulation, as an example. To ensure better legibility, this global Data Privacy Declaration does not refer to national regulations, which are frequently comparable. If necessary, these and other information are listed in a country-specific information in the “Region & Country-specific Privacy Statements” paragraph below.

If we obtain consent from a data subject to process personal data, Art. 6 para. 1 lit. a. of the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing such personal data. When processing personal information necessary to fulfill a contract to which the data subject is a contractual party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing procedures necessary to take steps prior to entering into a contract. If personal data must be processed to fulfill a legal obligation of our company, Art. 6 para. 1 lit. c GDPR serves as the legal basis. If data processing is required to safeguard a legitimate interest of our company or a third party, and if the interests, basic rights, and basic freedoms of the data subject do not outweigh the above interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing. Our company has a legitimate interest in carrying out and improving our business activities and in ensuring and improving the proper and error-free operation of the website and further coordinating website operations to the needs of users.

Collecting and processing information

OneLogin is used to provide access to Covestro websites that are not generally accessible to everyone. To make this possible, for each user an account is registered in OneLogin which stores the first and last name of the user and the email address that is used to log in. Additionally, the role(s) the user is authorized for is recorded in the user account.

Recording technical access data

When you visit a Covestro website through OneLogin, the system checks whether a user is authorized to access the specific website and in some cases which authorizations are assigned. Data that is logged by OneLogin only relates to access and assigned authorizations of connected websites. Possible systems collecting data and information about user behavior on the Covestro websites are related to these websites, not to OneLogin. To be able to support in case of issues, the following process and technical data is logged (Art. 6 para. 1 lit. f GDPR):

  • The creation of an account
  • The successful or failed login attempt
  • The change of a password
  • The assignment or removal of an authorization
  • The type of device the user used (desktop or mobile)
  • The type of client the user used (i.e. browser)
  • The type of operating system the user used
  • The user’s IP address
  • The date and time of access


OneLogin uses cookies. Cookies are small text files that are stored in the local memory of your web browser on your terminal device. We use only technically necessary cookies to authenticate the user's identity and allow them to access the appropriate websites. The cookies are temporary and are removed after the user ends the session (closes the browser) or when the max. session time is reached (8 hours).. Legal basis for these is (Art. 6 para. 1 lit. f GDPR, § 25 TTDSG).

There is always the possibility to refuse the use of cookies by changing the browser settings. Placed cookies can be deleted at any time.

Please note that, if you deactivate cookies, you may not be able to use all of the functions of our website to their fullest extent.

Registration on our websites (if applicable)

If you take advantage of the opportunity to register on our website and provide us with personal information, the data entered into the input fields (i.e. first name, last name, email address) will be registered in OneLogin.

When a user registers on our website, the date and time of account creation is logged. The purpose of this is to provide support in case of issues.

Data must be registered to enable access to websites. Registered persons may delete or amend their saved data at any time. Affected persons may obtain information on their saved personal information at any time.

Transmitting data for the purpose of contract data processing

In some cases, we use specialized service providers to process your data. These providers only process personal information on our behalf, acting strictly in accordance with our instructions and based on relevant agreements for contract data processing.

Data processing outside of the EU / EEA

In some cases, your data may also be processed in countries outside of the European Union (“EU”) or European Economic Area (“EEA”), areas which may have a lower level of data privacy protections than the EU. In such cases, we establish contractual agreements or other methods with our contractual partners for ensuring they provide a sufficient level of protection for your data, or we ask you for your explicit consent.

Storing your data

We save your personal information as long as necessary to complete a service you have requested or consented to, unless we are subject to other legal obligations such as commercial or tax law retention periods or those related to ongoing court proceedings.
(Log files on websites 2 years, contact inquiries - response center - 6 years).

Data security

Data you provide to us is protected using suitable technical and organizational means, with the objective of securing it against accidental or intentional manipulation, loss, destruction, unauthorized access, or unauthorized disclosure to third parties. Our security measures are continuously reviewed and improved in accordance with technological developments and organizational possibilities.

Your personal data is only transmitted to service providers in a third country if the specific requirements of Art. 44 et seqq. GDPR are fulfilled.

Information about your rights

You have the right to:

  • receive information on your personal data saved by us;
  • have your personal information corrected, deleted, or to have processing restricted;
  • object to processing that serves our justifiable interest, the public interest, or profiling, unless we can show that there are mandatory grounds for this processing which outweigh your interests, rights, and freedoms, or unless the processing is completed to assert, exercise, or defend legal claims;
  • have your data transmitted to the extent allowed under the law, such as in Art. 20 GDPR, and
  • submit a complaint to a supervisory authority in your country if available, or to the State Officer of Data Privacy and Freedom of Information of North Rhine Westphalia, P.O. Box 20 04 44 40102 Düsseldorf.

You can revoke any consent you have granted to have your personal information collected, processed, and used at any time, effective for the future. Further information is provided in the individual sections describing data processing to which you must consent.

A written letter sent to the Group Data Privacy Office will be sufficient (for address and contact form see below).

Protecting the privacy of children

We do not knowingly collect the personal information of children. Typically, we have no way of knowing how old visitors to our site are. Since it is highly important to us to protect children as they use the internet, we advise all parents and guardians to teach their children how to use the internet safely and responsibly. Children should not transmit personal information to Covestro without the express consent of their parent or guardian.

Region & Country-specific Privacy Statements

Additional privacy statements that contain information specific to your country or region (e.g. Japan, USA) can be found here: Link


Covestro AG is responsible for this website (controller).

Kaiser-Wilhelm-Allee 60
51373 Leverkusen, Germany
Telephone: +49 214 6009 2000.

If you have any questions or suggestions related to data privacy, please contact the Covestro AG Group Data Privacy Office.

Kaiser-Wilhelm-Allee 60
51373 Leverkusen, Germany
Telephone:+49 214 6009 2000

Ongoing development on the internet requires that we adjust our data privacy declaration from time to time. We reserve the right to make such changes at any time.

Get in touch with us!

Contact form image Zoe

How would you describe yourself?

What type of material are you interested in?

What type of inquiry is this?

How can we contact you?

* Mandatory Fields