Personal Data Privacy Statement

Contents

1. Introduction.
2. Collection of Personal Data.
3. Use of Personal Data.
4. Sharing of Personal Data.
5. Applying for Employment.
6. Cookies and Similar Technologies.
7. Sensitive Personal Data, Teenagers and Children’s Data.
8. Access, Correction, and Other Data Subjects’ Rights.
9. Data Security and Integrity.
10. International Transfers.
11. Changes.
12. Links to Other Websites.
13. Contact Information.

1. Introduction.

This Personal Data Privacy Statement describes how Ashland Inc., and its commercial units and majority-owned or controlled subsidiaries (“Ashland”) collect, use, disclose, transfer, or otherwise process “personal data” about our website visitors, job applicants, and employees and agents of our suppliers, and service providers and customers, including with respect to personal data that we receive from the EU, EEA, Switzerland UK and Brazil. Ashland processes your personal data according to this privacy statement and as permitted or required by law. For purposes of this privacy statement, the term “personal data” refers to any information that alone, or in combination with other information or data, can be used to identify a particular person and that is subject to, or otherwise afforded protection under, an applicable data protection law, statute, or regulation.

This privacy statement also describes the choices you have regarding the use of your personal data and how you can access or correct it. Additionally, we discuss the security procedures we have put into place to protect your personal data.  Ashland strives to ensure that every person has access to information related to our products and services, including this privacy statement. Please contact us if you would like this privacy statement provided in an alternative format and we will seek to meet your needs.

2. Collection of Personal Data.

Ashland may collect information that you voluntarily give us, such as via our website, in person, or through email, mail, or social media platforms, or which is collected through automated means. If you do not provide personal data that Ashland requests, we may not be able to provide you the requested service or complete a transaction, and you agree that Ashland will not be liable or otherwise responsible for any actions resulting therefrom.

As permitted or required by local law, Ashland may collect the following information about you:

• Contact information, such as name, addresses, telephone numbers, and email addresses;
• Account information, such as usernames, passwords, and transaction-related data for website accounts or e-commerce stores;
• Product and services information, such as the product or service you ordered;
• Financial information, such as credit card, bank account information, and credit history;
• Website usage data, such as your IP address, browser type and version, browser language, operating system, time of access, website you previously visited, or other information detailed in Section 6 below; and
• Business contact data, such as information related to other employees, owners, directors, officers, or contractors of a third-party organization (e.g., business, company, partnership, sole proprietorship, nonprofit, or government agency) with whom we may conduct, or possibly conduct, business activities.
• Communications data, including your marketing preferences and your subscriptions to our publications.
• Your feedback, including feedback from you about products and services generally, which may include data gathered from any surveys in which you participate.
• Other identifying information we may obtain from you, as disclosed in other policies or notices.

Personal Data Storage Retention

We will store and retain your personal data in accordance with applicable law and our Corporate Record Retention Policy, after which it will be archived or deleted. Please note that certain information could be retained for longer periods of time if we have continuing obligations to you or if required by local law.

3. Use of Personal Data.

Ashland may use your personal data for providing products or services; business management, including communications with you; legal and compliance related activities; for the technical functionality of our website; and processing employment applications. Ashland may also use information about you as required or permitted by applicable local law, such as with your consent.

1. Providing Products and Services.
   
   Ashland may use your personal data for the purposes of providing or improving our products or services. For example, Ashland may process your personal data to establish or maintain customer relationships; provide access to accounts or e-commerce websites; process orders; perform financial, accounting, or administrative functions; for project management; or other permissible purposes.
   Our legal bases for processing your personal data for ordering or providing products or services include your consent; for the performance of a contract; and to further Ashland’s legitimate business interests. Our legitimate business interests may relate to managing Ashland’s business and our relationship with you.
   
   
2. Communication and Business Management.
   
   Ashland may use your personal data for the purpose of communicating with you, for marketing and advertising purposes, for improving our website, or for business management purposes. For example, we may send you email communications regarding our products or services or request your input via surveys. We may process your personal data to establish or maintain business relationships with our suppliers or service providers; provide access to accounts or e-commerce websites; process orders; conduct aggregate analysis or business intelligence; perform financial, accounting, or administrative functions; for project management; respond to inquiries; provide customer support; address issues or disputes; or otherwise manage our business or relationship with you. We may merge Personal Data with other information Ashland has about you.
   Our legal bases for processing your personal data for communications include your consent; for the performance of a contract; for marketing, advertising, and promoting our products and services; to meet our legal obligations; and our legitimate business interests. Our legitimate business interests include managing Ashland’s business or our relationship with you, improving our website, and complying with Ashland’s global legal obligations or legal processes (such as fraud prevention or detection and for evidentiary purposes).
   
   
3. Technical Functionality of Our Website.
   
   When you visit our website, we process certain information that is automatically transmitted about and by the computer system you are using, so that your browser can display our website and you can use the website. This information is automatically collected for each visit to our website. Please see Section 6 below on Cookies and Similar Technologies for additional information.
   
   
4. Legal and Compliance.
   
   Ashland may use your personal data for legal or compliance related purposes. This may include enforcing our legal agreements; preventing prohibited or illegal activities; cooperating or complying with government investigations, litigation, or discovery; regulatory requirements, corporate investigations, dispute resolution, or others.
   
   Our legal bases for processing your personal data for legal and compliance purposes are to meet our legal obligations or to further Ashland’s legitimate business interests, which include efficiently running and managing Ashland’s businesses, including complying with applicable local law.

4. Sharing of Personal Data.

We may share your personal data for purposes of providing products or services, to communicate with you and improve our website, for business process execution and business management, for the technical functionality of the website, and for legal and compliance related purposes. Ashland shares information about you consistent with this privacy statement to the extent necessary to carry out the purposes described in this privacy statement, and as permitted or required by local law.

1. Providing Products and Services.
   
   In order to provide you with products and services, Ashland may share your personal data with our employees, affiliates, subsidiaries, suppliers, and service providers. Our service providers may include information technology and security providers; financial institutions; customer service providers; and others that provide order fulfillment, shipping, financial, accounting, auditing, and actuarial services.
   
   
2. Communication and Business Management.
   
   We may share your personal data in communicating with you, for marketing or advertising purposes, and for other business management purposes. As part of these efforts, we may share your personal data with our employees, affiliates, subsidiaries, suppliers, and service providers, such as customer relationship management service providers, social media networks (where you use those services to connect with us), market research service providers, information and technology service providers, financial institutions and others that provide financial, accounting, auditing, actuarial, tax preparation, business process outsourcing, insurance, or other technical, logistical, and administrative services.
   
   
3. Technical Functionality of the Website
   
   In order to provide this functioning website, we may share personal data with our IT service providers, such as web hosting providers, web design agencies web shop providers, others, and as further described in Section 6 below on Cookies and Similar Technologies.
   
   
4. Legal and Compliance.
   
   We may also share your personal data to for legal and compliance purposes; to enforce our agreements, pursue remedies, or limit our damages; to detect, prevent, or address fraud or other suspected illegal activity; and where necessary to protect the rights, privacy, property, or safety of others. As part of our legal and compliance efforts, we may share personal data with our attorneys, governmental entities, supervisory authorities, law enforcement agencies, or others as required or permitted by applicable local law.
   
   
5. Business Reorganization and Others.
   
   Ashland may share personal data as part of corporate transactions, such as mergers, acquisitions, or divestitures; however, your personal data used in those transactions will still be protected in accordance with this privacy statement. In addition, we may share your personal data with your consent, at your direction, or where other reasons allow it or other laws require it.

In the event that you facilitate a transaction with Ashland, or request information from, or otherwise engage with us, and such activities require Ashland (in our reasonable judgment) to share your personal data with a service provider or other third party, you hereby direct Ashland to intentionally disclose your personal data to the service provider or third party as described herein provided the service provider or third party does not, in its reasonable judgment, sell the personal data, unless that disclosure would be consistent with the law.

5. Applying for Employment.

If you are applying for a job at Ashland, we may collect information from you, such as information found in your application, resume, and other employment records; details regarding the type of employment sought, your willingness to relocate, your job compensation and benefit preferences. To the extent permitted by local law, we may also collect information related to your background, criminal record, credit history and similar data; and information provided about or by your references or other third parties related to your employment history, skills, or qualifications. Job applicants will, if applicable and appropriate, be informed of any additional terms that apply when they submit their applications.

Ashland may use your personal data when considering your application for employment. Our legal bases for processing your personal data for employment application purposes are your consent and to further Ashland’s legitimate business interests, which include efficiently running and managing Ashland’s business, including complying with applicable local law.

During the application and hiring process we may share your personal data with our employees, affiliates, subsidiaries, suppliers, and service providers, including, recruiting service providers, hiring consultants and agencies, information and technology service providers, human resources information system providers, and others. Where permitted by local law and with your authorization, we may also share your information with background check service providers, drug testing service providers, and others.

6. Cookies and Similar Technologies.

We use "cookies", web beacons, or similar technologies on our website. A cookie is a piece of data stored on a website visitor's device to help us improve access, use, and security of our website and identify repeat visitors to our website. For instance, when we use a cookie to identify you, you do not have to enter a password more than once, thereby saving time while on our website. Web beacons are objects embedded into webpages that allow us to monitor site activity. Cookies, web beacons, and similar technologies can also help us track and target your interests so that we can enhance your experience on our website, conduct analytics, determine the effectiveness of promotional campaigns, and direct advertisements or other marketing activities. However, the information we collect using cookies will not be used by us to create individual user profiles or to evaluate your individual browsing behavior.

We may also collect other automated information from you, such as your browser type and language, your operating system, your IP address, the date and time you visited our site, the URLs of websites you visited before and after visiting our website, the web search that landed you on our website, and web pages and advertisements you view and links you click on within our website.

Some of our business partners, such as advertisers or our service providers, may also use cookies, web beacons, or similar technologies on our website. We may use cookies and similar technologies from third parties, such as AddThis, Google Analytics, New Relic, Omniture, and others. These cookies and similar technologies may collect personal data about you over time and across different websites when you use our website. You may opt out of such collection by using the hyperlinks included above. Ashland websites do not currently respond to browser do-not-track signals.

Your browser’s help section should explain how to configure your browser’s cookie handling. Your browser may also have add-ons that help you manage web beacons and similar technologies. Although you may choose to accept or reject cookies or block these technologies, please note that some portions of our websites (such as our e-commerce stores or Online Ordering System) require the use of cookies to function properly.

• Specific Information about Google Analytics.
  
  On our website we use Google Analytics, a web analysis service of Google Inc. Google Analytics uses cookies to analyze the use of our website. Information generated by a cookie about your use of our website is usually transferred to a Google server in the USA and stored there. On our behalf, Google will use this information to evaluate your use of the website, to compile overall reports on website activities and to provide the website operator with other services relating to website and internet use.
  
  The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. In addition, on our website we use Google Analytics with an anonymizing feature so that any further processing of your IP addresses in abridged form, eliminating a direct link to you.
  
  You have the ability to opt-out of our use of Google Analytics. You may opt-out in one of the following ways
  
  You may refuse the use of cookies by selecting the appropriate settings in your browser, however please note that as discussed above, this may mean that you are unable to use all features of our websites
  
  You can prevent the collection of data generated by Google Analytics relating to your use of our websites (including your IP address) and its transmission to Google, as well as Google’s processing of this data by visiting Google’s website and downloading and installing the Google Analytics browser plug-in offered there. For more information on Google Analytics' Terms of Use and Privacy Policy, please visit https://www.google.com/analytics/terms/ or https://www.google.de/intl/de/policies
  
  
• Social Media Platforms.
  
  We may also include links to social media platforms such as Facebook, Twitter, YouTube, LinkedIn, and Google+. After clicking on the link, you will be redirected to the page of the respective provider. For information on the handling of your data when using the websites or features of other providers, please refer to the respective data privacy policies by these providers.

7. Sensitive Personal Data, Teenagers and Children’s Data.

Ashland will not use sensitive data (such as data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership) unless otherwise required or permitted by applicable law.

Our website and business activities are not directed at, nor intended for use by, minors under the age of eighteen (18). Accordingly, Ashland does not knowingly collect personal data from such individuals. If you are under the age of eighteen (18) you are prohibited from using our website or with providing us with your personal data, unless you can demonstrate affirmative authorization from your parent or legal guardian to do so.

Pursuant to the article 428 of Brazilian Consolidation of Labor Laws (CTL – Decree Law n. 5452/1943) minors as from fourteen (14) years might access Ashland’s website and other social medias in the area designated for participation on Ashland’ apprentice program, in this situation personal data will be processed as specified in item 5 of this Data Privacy Statement.

8. Data Subjects’ Rights and Responsibilities.

You are permitted, and hereby agree, to only provide personal data to Ashland if such personal data is accurate, reliable, and relevant to our relationship and only to the extent such disclosure will not violate any applicable data protection law, statute, or regulation or infringe upon any individual’s data privacy rights or privileges. If you provide Ashland with any personal data, including personal data about a third party, you expressly represent that you (i) have the full right and authority to submit the personal data to Ashland, (ii) have obtained all necessary and appropriate consent for such disclosure of personal data to Ashland, and (iii) will immediately contact Ashland in the event such personal data is no longer accurate or needs to be amended for any reason to ensure compliance with this privacy statement.

1. European Union and the United Kingdom (post-Brexit)
   
   If you are an EU data subject, then under the provisions of the EU General Data Protection Regulation (GDPR) of the UK Data Protection Act of 2018 (post-Brexit) you have certain rights as data subject, which you may assert against us. A summary of those rights are provided below. For more detailed information about these rights, and the limitations on these rights, you may access the full text of the GDPR at Regulation (EU) 2016/679.
   
   Right to information: You may request confirmation from us as to whether we are processing your personal data, and if so, receive information about what personal data we are processing, the purposes for which it is being processed, recipients of your personal data, how it is stored and for how long, the sources of your personal data, any use of automated decision-making, and a copy of the data.
   
   Right to correction: You may demand correction of the personal data stored about you if it is inaccurate or incorrect.
   
   Right to deletion: You may request that we delete your personal data without delay. However, in some situations we may lawfully refuse to delete your data immediately. For example, there is no right to immediate deletion of your personal data if our processing of your personal data is necessary for (i) the exercise of the right to freedom of expression and information, (ii) the fulfilment of a legal obligation to which we are subject (e.g. statutory retention obligations) or (iii) the assertion, exercise or defense of legal claims.
   
   Right to limitation of processing: You may request that we limit the processing of your personal data.
   
   Right to data transferability: You may request that we provide you with a copy of your personal data that you have submitted to us in a structured, current, and machine-readable format.
   
   Right of revocation: Where your consent serves as the lawful basis of our processing of your personal data, you may revoke your consent to that processing at any time, and without cost to you.
   
   Right to objection: You may object to the further processing of your personal data. This is a limited right, as our legitimate interests may allow us to continue to process your personal data, despite your objection.
   
   Right of appeal to a supervisory authority: You may file a complaint with the relevant governmental authority in the member state (or the UK or Switzerland) where you reside, work or suspect infringement to have occurred, if you believe that the processing of your personal data has occurred in violation of the GDPR. This right of appeal does not preclude you from seeking other administrative or judicial remedies.
   
   
2. California Privacy Rights
   
   Pursuant to the California Consumer Privacy Act of 2018, as amended (“CCPA”), certain California residents may have data privacy rights, which are set forth below. For more detailed information about these rights, and the limitations on these rights, you may access the full text of the CCPA here.
   
   Right to Know: You may have the right to request information about the personal data we have collected about you and for what purpose.
   
   Right to Access: You may have the right to request information about how we process your personal data and to obtain a copy of that personal data.
   
   Right to Portability: You may have the right to receive your personal data, in a structured, commonly used and machine-readable format and to have that data transmitted to another organization in certain circumstances.
   
   Right to Deletion: You may have the right to request the deletion of your personal data that we have collected from you.
   
   Right to Be Free from Discrimination: Ashland will not discriminate against you for exercising your consumer privacy rights.
   
   In some circumstances, California residents have the right to opt-out of the sale of their personal data. Ashland does not sell your personal data to third parties for profit or valuable consideration.
   
   To exercise any of these data privacy rights, please contact us, or have your authorized agent contact us, in accordance with the “Contact Information” section listed below. In the event you submit, or your authorized agent submits on your behalf, a data request, you (and your authorized agent) hereby acknowledge and agree, under penalty of perjury, that you are (or the authorized agent of) the consumer whose personal data is the subject of the request. We will respond to any data requests within the timeframes required by law, and we may charge a fee to facilitate your request, where permitted by law. The rights afforded under the CCPA are not absolute, and Ashland may be permitted to refrain from undertaking any action or changing its data processing activities, in response to a data request you submit to us.
   
   If you make, or an authorized agent on your behalf makes, any request related to your personal data under the CCPA, Ashland will ascertain your identity (and the identity of the authorized agent, to the extent applicable) to the degree of certainty required under the law before addressing your request. Ashland may require you to match at least two or three pieces of personal data we have previously collected from you before granting you access to, or erasing, specific pieces, or categories of, personal data, or otherwise responding to your request. We may require written documentation that demonstrates a third party is authorized to serve as your agent for the purposes of submitting the requests set forth herein.
   
   
3. Brazil
   If you are a Brazilian data subject, then under the provisions of the Brazilian General Data Protection Law (LGPD) you have certain rights as data subject, which you may assert against us.  A summary of those rights is provided below.  For more detailed information about these rights, and the limitations on these rights, you may access the full text of the http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm

   Right to information: You may request confirmation from us as to whether we are processing your personal data, and if so, receive information about what personal data we are processing, the purposes for which it is being processed, recipients of your personal data, public and private entities with which Ashland shared personal data, how it is stored and for how long, the sources of your personal data, any use of automated decision-making, and a copy of the data, the possibility of not providing your consent and the consequences of not providing consent. The information and data shall be provided by Ashland in electronical or printed format, as requested by you.

   Right to correction: You may demand correction of the personal data stored about you if it is inaccurate, incorrect, or out of date.

   Right to deletion: You may request that we delete your personal data without delay. However, in some situations we may lawfully refuse to delete your data immediately.  For example, there is no right to immediate deletion of your personal data if our processing of your personal data is necessary for (ii) the fulfilment of an applicable legal or regulatory obligation or (iii)  asserting, exercising  or defending  a legal claim according to applicable law.

   Right to limitation of processing: You may request that we limit the processing of your personal data.

   Right to data transferability: You may request a transfer of personal data to another product or service provider or  we provide you with a copy of your personal data that you have submitted to us in a structured, current, and machine-readable format,  ensuring  Ashland’s right to refuse transferring personal data, in case this transferring includes commercial and industrial secrets.

   Right of revocation: Where your consent serves as the lawful basis of our processing of your personal data, you may revoke your consent to that processing at any time, and without cost to you.

   Right to objection: You may object to the further processing of your personal data.   This is a limited right, as our legitimate interests may allow us to continue to process your personal data, despite your objection.

   Right of appeal to a supervisory authority: You may file a complaint with the Nacional Data Protection Authority (ANPD), if you believe that the processing of your personal data has occurred in violation of the LGPD. This right of appeal does not preclude you from seeking other administrative or judicial remedies.

   Right of anonymization: You may request anonymization, blocking or deletion of unnecessary or excessive data, or in case of data processing in non-compliance with the applicable law.

9. Data Security and Integrity.

We take reasonable precautions to protect your personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. We also make reasonable efforts to keep your personal data reliable for its intended use, accurate, current, and complete. However, we are not responsible for the security of information you transmit to Ashland over networks that we do not control, including the Internet and wireless networks. The safety and security of your personal data also depends on you. Where we have given you (or where you have chosen) a user ID and password to access our website, you are responsible for keeping those credentials confidential and not revealing them to others. You must contact us immediately if you have to reason to believe that your user ID or password has been compromised.

We retain your personal data for as long as reasonably required for our business purposes, to comply with our legal obligations, and in compliance with our data retention policies and procedures.

We provide our employees, service providers, or other authorized third parties with access to your personal data to on a need to know basis only. In our contracts with our service providers, we require that they only use the personal data we provide them for purposes of providing us, and in some cases you, with their services.

10. International Transfers.

We store, collect, and otherwise process information mainly in the USA, India, Switzerland, Poland, Netherlands, Germany, France, Spain, Belgium, UK, Brazil and other locations where Ashland or its affiliates, subsidiaries, or service providers maintain office. As a result, your personal data may be transferred outside of the European Union, European Economic Area, Switzerland, UK and Brazil.

AAshland abides by local laws and restrictions relating to the transfer of the personal data that it collects, including the GDPR and the Brazilian LGPD. Ashland also uses and abides by standard contractual clauses issued by the European Commission for data transfers to data controllers and data processors established outside of the European Union, European Economic Area, Switzerland, and the UK.

11. Changes.

As permitted by law, we may change this privacy statement from time to time by posting a revised privacy statement on this website or a similar website that replaces this website and changing the “last modified” date. Prior to the effective date of any material changes to this website, we will notify you, either by email or through a prominent notice, about those changes.

Where required by applicable law, we will revise this privacy statement if we change the purposes of the processing of your personal data. Please revisit and review the terms of this website periodically to ensure you understand how we are processing your personal data.

12. Links to Other Websites.

This website contains links to other websites. We are not responsible for the content or privacy practices of such other websites. We encourage our users to be aware when they leave our website and to read the privacy policy of any other website that collects personal data.

13. Contact Information.

If you have any questions or concerns about this privacy statement or any of your rights under it, including requesting access to your personal data, please contact us by mail at:

Global Contact:
Ashland Legal Department
Attention: Privacy Officer
8145 Blazer Drive
Wilmington, DE 19808 USA
USA

By telephone at 1-800-ASHLAND (1-800-274-5263)

Or by email at privacy@ashland.com

For Brazil (direct contact in Portuguese) :

Ashland Comércio de Especialidades Químicas do Brasil Ltda.
Ashland Indústria de Ingredientes do Brasil Ltda.
Attention: Márcia Helena Rogero (Data Protection Officer)
Address: Av. Engenheiro Billigns, 1729, Jaguaré – São Paulo - 05321-010 – SP- Brasil

e-mail: contatodpobrasil@ashland.com

phone: 0800-891-4368

Last Modified:  November 2, 2020