SEA Privacy Statement

Bayer, (hereinafter “us”, “our” and “we”), as your employer would like to inform you about the possible processing of your personal data within the scope of your employment relationship. Please note that the processing operations listed below are not equally applicable to all employees. Whether and to what extent your personal

 

Categories of Personal Data

  • Private master data, e.g. name, address, private telephone number, date of birth, nationality
  • Data from the job application process
  • Employee master data, e.g. personnel number, CWID, business email, business address, business telephone number
  • Employment contract data
  • Certificates and attestations
  • Data on attendances and absences
  • Deployment an data is processed depends on the circumstances of your individual case, such as your area of work

 

Handling of shift planning

  • Organizational data with leadership relationships
  • Assessment and development data
  • Data on your career within the Bayer Group
  • Data on training, education and continuing education
  • Salary and payroll data
  • Company pension program data
  • Physical and logical access authorizations, approval rights as well as corresponding log data
  • Information on work equipment provided, e.g. mobile phone, laptop, protective clothing
  • Health data on examinations conducted as part of the hiring process, accidents at work, voluntary health offerings and companymedical service
  • Business trip data
  • Feedback and survey data
  • Other personal data in connection with the performance of your respective duties, such as personal data in reports, activity-specificapplications, presentations or other working documents
  • Family Data interalia spouse, children & next of kin including next of kin details
  • Other data on Bayer services/offerings you utilize


Handling of Personal Data
In the following, we explain the purpose(s) of processing, as well as related to each purpose, the categories of personal data, the legal basis, the retention period, and either the source from which the data originate or, if collected from the data subject, whether the provision is a requirement and the possible consequences of failure to provide:


To Perform HR Operations
In order to be able to execute our obligations in line with your employment contract we will process your Personal Data including but not limited to the following

  • Establishment, execution, and termination of the employment relationship
  • Activation of benefits
  • Company medical service
  • Occupational health management
  • Organization, deployment, and shift planning
  • Company pension program
  • Personnel development, education, and training
  • International assignments

To Execute Communication Activities
We will process your personal data for communication purposes including but not limited to

  • Maintenance of the Company address book
  • Lists of contacts and responsibilities
  • Employee communications


Work and process support activities
We will process your personal data for work and process purposes including but not limited to

  • Provision and administration of work equipment (in particular IT workstation including necessary IT infrastructure)
  • Electronic process support releases/approvals/applications/orders
  • Business trips
  • Approval and signature authorizations
  • Event planning and execution
  • Optimization of business processes and operational procedures
  • Ensuring proper operational, business, and organizational processes


Compliance with legal and regulatory requirements
We will process your personal data for legal and regulatory purposes including but not limited to

  • Regulatory documentation, monitoring, and reporting obligations
  • Statutory documentation, monitoring, and reporting obligations
  • Statutory certificates
  • Accounting and tax requirements & internal control system

 

Risk Mitigation Activities

We will process your personal data for the execution of operational risk mitigation purposes including but not limited to

  • Corporate and information security
  • ID card, access, and authorization management
  • Emergency planning and preparation
  • Occupational health and safety (including accidents at work)
  • Assertion, exercise, or defense of legal claims
  • Preventive abuse control (compliance measures)
  • Prosecution of abuse in the event of suspicion of a serious breach of duty or a criminal offense
  • Execution of general audit measures


Business development
We will process your personal data for the execution of business development activities including but not limited to;

  • Company acquisitions and sales
  • Inventions, patents, and suggestions for improvement

 

Legal Basis

The legal basis for the processing of your data for the aforementioned purposes is the execution of your employment Contract with us. If you do not provide your Personal Data, we will not be able to execute our contractual obligations with you.


We will store your Personal Data for the aforementioned purposes no longer than 10 years after termination of your employment unless a longer period is required by applicable laws.


Recipients of Personal data

Commissioned processing

For the processing of your Personal Data, we will to some extent use specialized service contractors that process your data on our behalf. Such service contractors are carefully selected and regularly monitored by us and will implement reasonable security measures to protect your personal information. Based on respective data processing agreements, they will only process personal data in accordance with our instructions. The said contractors support our HR operations including but not limited to the processing of Payroll, Recruitment, Medical Insurance, Group Life Assurance, Group Personal Accident, and other services as updated from time to time.

 

Affiliates

We may share your personal data with our affiliates from the Bayer Group, where necessary for the purposes described above.

 

Authorities and State Institutions

We may share your personal data with law enforcement agencies or other authorities and state institutions if legally required or necessary for the purposes described above.

 

External lawyers

In order to support legal decisions and to pursue or defend against legal claims, we may share your personal data with external lawyers.

 

Prospective Buyers in the Context of Mergers & Acquisitions

We may share your personal data with a prospective buyer in case of an acquisition, merger, or any other type of corporate or asset transition involving a change of ownership or control concerning us or our services.

 

Information regarding your rights

The following rights are in general available to you according to applicable data privacy laws:

  • Right of information about your personal data stored by us;
  • Right to request the correction, deletion, or restricted processing of your personal data;
  • Right to object to processing based on legitimate interest or the public interest, unless we are able to prove that compelling, warranted reasons superseding your interests, rights, and freedom exist, or that such processing is done for purposes of the assertion, exercise, or defense of legal claims;
  • Right to object to processing that is being carried out for the following purposes:- protecting legitimate interests of the data subject;- proper performance of public duty by a public body;- legitimate interests of the responsible or a third party; and direct marketing.
  • Right to data portability;
  • Right to file a complaint with a data protection authority;
  • Where you have provided your consent to the processing of your personal data, you may at any time withdraw your consent with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the withdrawal.


Amendment of Privacy Statement We may update our Privacy Statement from time to time. Updates of this Privacy Statement will be published on our intranet. Any amendments become effective upon publication. We, therefore, recommend that you regularly visit the site to keep yourself informed on possible updates.


Contact

For any questions you may have with respect to data privacy, or if you wish to exercise your rights, please address your request to our contact form (https://www.bayer.com/en/contacting-data-privacy), send an email to dataprivacy.ea@bayer.com or za_data_privacy@bayer.com

 

You can also contact our company data protection officers at any of the following address:

Data Privacy Officer

Bayer East Africa Ltd.

Thika/Outering Road Junction,

P. O. Box 30321

00100 Nairobi Kenya

or

 

Data Privacy Officer

Bayer Payer PTY

27 Wrench Road

Isando 1600

South Africa

 

Bayer AG is designated as a representative in the European Union for our non-European legal entities in accordance with Art. 27 GDPR. You may contact the representative at the following address:

 

Data Privacy

Representative Bayer AG Kaiser-Wilhelm-Allee 1 51368 Leverkusen, Germany Email: dp-representative@bayer.com Declaration as of: 08-21-2023