Personal Information Protection Policy for loopamid® TexTracker

(Updated: 09/10/2025)

This Policy applies only to loopamid® TexTracker (the "System"), developed and operated by BASF (China) Company Ltd. (hereinafter referred to as "BASF China" or "we").

If you have any queries, comments or suggestions, please contact us via the following means:

Email: loopamid_Textracker@basf.com

This Policy will help you understand the following:
  • Rules on collection and use of Personal Information for Business Function
  • How do we protect your Personal Information
  • Your rights
  • How is your Personal Information transferred globally

BASF China fully recognizes the importance of your Personal Information to you and will do our utmost to protect the security and reliability of your Personal Information. We are committed to maintaining your trust in us, and abide by the following principles in our efforts to protect your Personal Information: commensurability of powers and responsibilities, clear purpose, consent, minimum necessary, security assurance, engagement of Subjects, openness and transparency, etc. In the meanwhile, BASF China undertakes to take appropriate security protection measures to protect your Personal Information according to the established industry-specific security standards.

Please read carefully and understand this Personal Information Protection Policy before using our System.

1. What Personal Information do we collect?

The functionalities provided by this System rely on certain information from you in order to operate. If you choose to use these functionalities, you will need to provide and allow us to collect the necessary information, which includes:

1.1
Email address: used for registration and login.
1.2
Phone number and name: used for registration and login.
1.3
Camera access: for scanning QR codes and taking photos of recyclable items.
1.4
Photo album access: for saving and uploading photos of recyclable items.
1.5
Location access: for recording the GPS location of recyclable items.
1.6
Device attribute information (e.g. serial number, system customizer): used to distinguish between handheld terminal printers (PDAs) and regular mobile devices.
1.7
IP and SIM Operator information: the System may access the device's SIM operator code and/or IP to determine the mobile network carrier and country of origin. This information is used solely for regional configuration and connectivity optimization, such as adapting network settings or ensuring compatibility with regional servers.
Please note, when you enable any permission, you authorize us to collect and use the relevant personal information to provide the corresponding services. Once you disable any permission, you revoke the authorization, and we will no longer collect or use the related information, nor can we provide the services requiring that permission. However, your decision to disable a permission will not affect the collection and use of information prior to the disabling of the permission (and revocation of the authorization).
2. How do we use your Personal Information?

We will use the necessary Personal Information to provide this Business Function, including assigning an individual User ID and contacting you to give you access to the System and updating this Policy, as well as to maintain and improve this Business Function, develop new Business Functions, and so forth. We will not use your Personal Information for advertising purposes without prior consent.

3. How do we share, transfer and publicly disclose your Personal Information?
(1)
Sharing:

We will not share your Personal Information with any company, organization or individual other than this Company and Affiliates of this Company, unless we have obtained your explicit consent. “Affiliate” shall mean, with respect to this Company, any entity which, directly or indirectly, controls, is controlled by or is under the common control with the Party. An entity shall be deemed to control another person if the controlling person possesses, directly or indirectly, ownership of at least fifty percent (50%) of the equity shares of such an entity or has the power to direct the management of such an entity. We may share your Personal Information externally in accordance with laws and regulations or as required by government authorities.

(2)
Public Disclosure:

We will publicly disclose your Personal Information only under the following circumstances:

a)
Upon obtaining your Explicit Consent;
b)
Disclosure according to law: We may disclose your Personal Information publicly if required by laws, legal procedures, or litigation or government authorities.
(3)
Third-party library background processing:

Some integrated third-party SDKs or system libraries may collect technical information in the background (such as device identifiers, app usage statistics, or crash logs) and transmit it to Google or related service providers (see Section 7 for details). These transmissions are typically used for reasonable purposes such as improving service stability or performance analysis. BASF China does not actively initiate or control these data transmissions, but continuously reviews SDK behavior, minimizes integration, and implements technical measures to limit unnecessary data sharing. Users can consult Google's privacy policy to understand its data processing practices: https://developers.google.com/ml-kit/terms.

4. How do we protect your Personal Information?
(1)
We have employed security protection measures that meet industry standards to protect the Personal Information provided by you and prevent such data from unauthorized access, public disclosure, use, modification, damage or loss. We will take all reasonable and feasible measures to protect your Personal Information.
(2)
We will take all reasonable and feasible measures to ensure that no irrelevant Personal Information is collected. We will retain your Personal Information only for such period as necessary to achieve the purposes specified in this Policy, unless extension of the retention period is needed or permitted by law.
(3)
The Internet environment is by no means 100% secure. We will do our best to ensure or guarantee the security of any information you send to us. If our physical, technical, or management safeguards are damaged, resulting in unauthorized access, public disclosure, tampering or destruction of any information and therefore causing any damage to your legitimate rights and interests, we will bear the corresponding legal responsibilities therefor.
(4)
After any Personal Information security incident occurs, we will inform you of the following in a timely manner as required by laws and regulations: the basic situation and possible impact of the security incident, measures we have taken or will take to handle the incident, suggestions on the steps you can take independently to prevent and reduce any risks, remedies available to you, etc. We will promptly notify you of the incident-related information by email, letter, phone, push notification or other means. Where it is difficult to inform the Personal Information Subjects individually, a public announcement will be released in a reasonable and effective manner.

In the meanwhile, we will report the handling of Personal Information security incidents according to the requirements of regulatory authorities.

Your rights

We will, in accordance with the relevant Chinese laws, regulations and standards, and the common practices in other countries and regions, guarantee that you can exercise the following rights with respect to your Personal Information:

(1)
Right of access to your Personal Information

You have the right of access to your Personal Information, except as otherwise provided by laws and regulations. You can send an email to loopamid_Textracker@basf.com to request the record of your personal data.

We will respond to your request for access within 30 days.

With respect to other Personal Information generated during your use of our products or services, we will provide such information to you as long as this is not excessively onerous for us. If you want to exercise the right of access to data, please send an email to: loopamid_Textracker@basf.com

(2)
Right to correct your Personal Information

Where you find any error in your Personal Information processed by us, you have the right to require us to make corrections. You can file a request for correction by the means listed in “(1) Right of access to your Personal Information”.

We will respond to your request for correction within 30 days.

(3)
Right to delete your Personal Information

You can make a request for deletion of your Personal Information where:

1.
Our processing of your Personal Information violates any laws or regulations;
2.
We have collected or used your Personal Information without your consent;
3.
Our processing of your Personal Information violates the agreement with you;
4.
You no longer use our products or services, or you have cancelled your account;
5.
We no longer provide products or services for you.

If we decide to respond to your request for deletion, we will also notify the entities that have obtained your Personal Information from us and require them to delete such information in a promptly manner, except as otherwise provided by laws and regulations, or unless these entities have obtained consent from you separately.

Where your Personal Information has been deleted from our service system, we may not delete the corresponding information from the backup system immediately but will instead delete such information when the backup system is updated.

(4)
Right to change the scope of your consent

Each Business Function needs certain basic Personal Information to be realized. For the collection and use of additional Personal Information, you can give or withdraw your consent at any time.

You can give or withdraw your consent in the following way:.email to loopamid_Textracker@basf.com

If you withdraw your consent, we will cease processing the corresponding Personal Information. However, your decision to withdraw your consent will not affect our previous Personal Information processing activities carried out under your authorization.

(5)
Right of Personal Information Subjects to cancel their accounts

You can cancel your previously registered account at any time in the following way : email to loopamid_Textracker@basf.com

After your account has been cancelled, we will stop providing products or services for you and delete your Personal Information at your request, unless otherwise provided by laws and regulations.

(6)
Right of Personal Information Subjects to obtain copies of their Personal Information

You have the right to obtain a copy of your Personal Information in the following way: email to loopamid_Textracker@basf.com

Where technically feasible, if the data interface is matched, we can also transmit a copy of your Personal Information directly to a third party designated by your at your request.

(7)
Restrictions on automated decision-making of information systems

In some Business Functions, we may make decisions based solely on non-manual automated decision-making mechanisms including information systems, algorithms, etc. If these decisions significantly affect your lawful rights and interests, you have the right to require us to offer an explanation, and we will also provide appropriate remedies to you.

(8)
Responding to your requests

To ensure security, you may need to submit a written request or otherwise prove your identity. We may ask you to verify your identity before processing your requests.

We will respond to your requests within thirty days. If you are dissatisfied with our response, you can also lodge a complaint through the following channels: email to loopamid_Textracker@basf.com

In principle, we do not charge a fee on any reasonable requests made by you, but for repeated requests that exceed reasonable limits, we will charge a certain cost-based fee as appropriate. We may reject unreasonably repetitive requests that require excessive technical means (for example, the development of a new system or fundamental change of existing practices), pose a risk to the legitimate rights and interests of others or are extremely impractical (for example, involving any information stored on backup tapes).

We will be unable to respond to any request submitted by you if:

1.
It is related to the performance by the Personal Information Controller of the obligations provided by laws and regulations;
2.
It is directly related to national security or national defense;
3.
It is directly related to public safety, public health, and significant public interests;
4.
It is directly related to criminal investigation, prosecution, trial, enforcement of judgments and the like;
5.
The Personal Information Handler has sufficient evidence to prove that the Personal Information Subject is subjectively malicious or has engaged in the abuse of power;
6.
It is necessary for protecting the life, property or other major lawful rights and interests of the Personal Information Subject or other individuals, and it is difficult to obtain their consent;
7.
Responding to such request would seriously undermine the lawful rights and interests of the Personal Information Subject or other individuals or entities;
8.
Trade secrets are involved.
6. How is your Personal Information transferred globally

In principle, the Personal Information we collect and generate within the territory of the People’s Republic of China will also be stored within the territory of the People’s Republic of China.

We provide products or services with resources and servers deployed across the world, which means that with your consent, your Personal Information may be transferred to the overseas jurisdictions (countries/regions) where you use our products or services, or be accessed from such jurisdictions.

Such jurisdictions may have different data protection laws, or even have no relevant laws. In such cases, we will ensure that your Personal Information is adequately protected to the same degree it is protected in the People’s Republic of China. For example, we will seek your consent for cross-border transfer of Personal Information, or implement de-identification and other security measures prior to cross-border data transfer.

7. Use of Third-Party SDKs and Libraries

In order to provide certain functionalities, loopamid® TexTracker integrates several open-source and third-party SDKs (Software Development Kits) and Flutter packages. These components are used to enable QR code scanning, device detection, connectivity management, secure data storage, and camera functions, etc.

7.1 mobile_scanner (Google ML Kit Barcode Scanning)
  • Package: mobile_scanner (https://pub.dev/packages/mobile_scanner)
  • Purpose: Used for scanning QR codes and barcodes of recyclable items.
  • Data Accessed: Camera image frames are processed locally on the device. However, barcode detection relies on Google ML Kit, which integrates Google Play Services and uses its module to upload anonymized telemetry (SIM operator, OS version, usage statistics) to Google servers.
  • The underlying technology used by ML Kit in the plugin can be found in the documentation: https://pub.dev/packages/mobile_scanner
  • Official documentation: https://developers.google.com/ml-kit/vision/barcode-scanning/android#5.-get-information-from-barcodes
  • ML Kit terms: https://developers.google.com/ml-kit/terms
  • Google privacy policy for ML Kit terms: https://policies.google.com/privacy
  • Details about collected info: https://support.google.com/android/answer/9021432
  • Retention policy: https://policies.google.com/technologies/retention
7.2 package_info_plus
  • Package: package_info_plus (https://pub.dev/packages/package_info_plus)
  • Purpose: Used to retrieve app metadata (package name, version, build number) for display within the user interface.
  • Data Accessed: Calls the standard Android API getPackageInfo(); no data is sent externally.
  • Notes: This API belongs to the core Android framework and does not rely on Google Play Services or any analytics SDKs.
7.3 device_info_plus
  • Package: device_info_plus (https://pub.dev/packages/device_info_plus)
  • Purpose: Used to detect the type of device in order to configure specific features (e.g. compatibility with SUNMI handheld printers).
  • Data Accessed: Device manufacturer, model, system version, and — in some Android versions — hardware serial number via android.os.Build.getSerial() or READ_PHONE_STATE.
  • Notes: The app only uses this information for device compatibility checks, not for profiling or advertising purposes.
  • Retention Period: Data is used at runtime and not retained after session termination.
  • User Rights:
  • Users may revoke device permission access in system settings.
  • Data is not transmitted externally and is deleted automatically once the app session ends.
7.4 geolocator
  • Package: geolocator (https://pub.dev/packages/geolocator)
  • Purpose: Used to obtain GPS coordinates of recyclable items for mapping and traceability.
  • Data Accessed: Device location (latitude and longitude) with user permission.
  • Retention Period: Stored securely on BASF China servers as long as required for business purposes or as mandated by applicable law.
  • User Rights: Users can disable GPS permissions at any time in device settings. Users may request deletion or access to location records by emailing loopamid_Textracker@basf.com
7.5 webview_flutter
  • Package: webview_flutter
  • Purpose: Enables in-app web content rendering.
  • Data Accessed: May use the underlying Android WebView component, which can communicate with Google servers for safe browsing, crash reporting, or component updates.
  • Notes: Used for proper user login by loopamid® TexTracker.
  • Retention Period: BASF China does not retain any related data; telemetry retention follows Google's privacy policy.
  • User Rights: Users may opt out of personalized services via their Google account settings.
  • For more information: https://policies.google.com/privacy
7.6 connectivity_plus
  • Package: connectivity_plus (https://pub.dev/packages/connectivity_plus)
  • Purpose: Detects current network status (Wi-Fi, mobile data, or offline) to manage synchronization and error handling.
  • Data Accessed: Network type and connectivity state (no personal data).
  • Notes: Uses Android's native ConnectivityManager APIs
8. Updates to This Policy

We may revise this Policy to reflect changes in legal, operational, or technological requirements. If significant changes occur, we will notify you via in-app notice before they take effect.

Summary
  • loopamid® TexTracker collects limited data (email, GPS, camera, IP, Sim operator, device serial number) strictly to provide its recycling traceability purpose functions.
  • Personal data is handled mainly by BASF China and affiliated companies.
  • Some embedded SDKs (e.g., Google libraries) may run background processes that send device or diagnostic data to Google.
  • BASF China does not control these transmissions but monitors them and applies restrictions to reduce unnecessary data sharing.
  • The company ensures compliance with privacy regulations and user rights under Chinese law.