DATA PROTECTION
Privacy policy
The operator of these pages (the data controller) takes the protection of your personal data seriously. We treat your personal data confidentially and in accordance with the current statutory data protection regulations and this privacy policy. The use of our website is generally possible without providing personal data. If personal data (such as name, address or e-mail address) are collected on our pages, this is done on a voluntary basis.
I. Name and address of the data controller
The data controller within the meaning of the General Data Protection Regulation and other national and European data protection laws as well as other provisions of data protection law is:
Westfälische Stahlgesellschaft F.W. Krummenerl GmbH & Co. KG
Herscheider Straße 93
58840 Plettenberg
GERMANY
Phone: +49 2391 813-0
Fax: +49 2391 813-165
E-mail: wsplettenberg@ws-stahl.eu
II. Name and address of the data protection officer
The data protection officer of the data controller is:
Westfälische Stahlgesellschaft F.W. Krummenerl GmbH & Co. KG
Herscheider Straße 93
58840 Plettenberg
GERMANY
Phone: +49 2391 813-0
Fax: +49 2391 813-165
E-mail: wsplettenberg@ws-stahl.de
III. General information on data processing
1. Scope of the processing of personal data
We process the personal data of our users only to the extent necessary to provide a functioning website as well as our content and operations. The processing of personal data of our users takes place normally only after consent of the user. An exception applies in those cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by statutory provisions.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 para. 1(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
Art. 6 para. 1(b) GDPR serves as a legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This shall also apply to processing operations necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1(c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1(d) GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1(f) GDPR serves as the legal basis for the processing.
3. Data deletion and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if the European or national legislator has provided for this in EU regulations, laws or other provisions to which the data controller is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion or performance of a contract.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. The following data will be collected:
(1) Information about the browser type and the version used
(2) Information about the browser type and the version used
(3) The user’s operating system
(4) The user’s internet service provider
(5) The IP address of the user
(6) Date and time of access
(7) Referrer URL
These data are temporarily stored in the log files of our web server. These data will not be stored together with personal data of the user. We reserve the right to subsequently check these data if we become aware of concrete indications of illegal use.
2. Legal basis for the data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1(f) GDPR. Abs. 1 lit. f DSGVO.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session. The data are stored in log files in order to ensure the functionality of the website. The data are also used to optimize the website and to ensure the security of our information technology systems. The data are not evaluated for marketing purposes in this context.
Our legitimate interest in data processing pursuant to Art. 6 Para. 1(f) GDPR lies in these purposes.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data necessary for the provision of the website, this is the case when the respective session has ended. If the data are stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
5. Possibility of objection and removal
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user..
V. Use of cookies
A. Verwendung von technisch notwendigen Cookies
1. Use of technically necessary cookies
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data are stored and transmitted in the cookies:
(1) Language settings
(2) Selection of the page display (e.g. desktop or smartphone display)
(3) Actions carried out (e.g. search or completion of contact forms)
(4) Log-in information
The user data collected in this way is pseudonymized by technical measures. Therefore it is not possible to assign the data to the calling user. The data are not stored together with other personal data of the users. b) Legal basis for data processing
The legal basis for processing personal data using technically necessary cookies is Art. 6 para. 1(f) GDPR.
2. 2. Purpose of the data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be provided without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The use of cookies is necessary for the following applications:
(1) Accepting language settings
(2) Adaptation of the display to the respective output device
(3) Memorizing search terms and form entries
(4) Use of a protected area
The user data collected by technically necessary cookies is not used to create user profiles.
3. Duration of storage, possibility of objection and removal
Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to the full extent.
B. Use of cookies for analysis purposes
Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offering. For the purpose of analysis, the website uses the functions of the Google Analytics web analysis service:
Privacy policy for the use of Google Analytics
This website uses functions of the Google Analytics web analysis service. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses what are called „cookies“. These are text files which are stored on your computer and which allow an analysis of your use of the website. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in the United States.
However, if IP anonymization is enabled on this website, Google will previously truncate your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google.You may refuse the use of cookies by selecting the appropriate settings on your browser; however please note that if you do this you may not be able to use the full functionality of this website. You may also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address), moreover you may prevent Google from processing these data by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en
VI. Newsletter
1. Description and scope of data processing
You can subscribe to a free-of-charge newsletter on our website. When you register for the newsletter, the data from the input screen are transmitted to us. In order to enable the service, the following data are collected during registration:
(1) IP address of the calling computer
(2) Date and time of the registration
(3) The e-mail address of the user
(4) Name of the user in case of voluntary transmission
Your consent will be obtained for the processing of the data within the framework of the registration process in the double opt-in procedure and reference will be made to this privacy policy.
No data will be passed on to third parties in connection with data processing for the dispatch of newsletters. The data will be used exclusively for sending the newsletter.
2. Legal basis for the data processing
The legal basis for the processing of data after the user’s registration for the newsletter is Art. 6 para. 1(a) GDPR if the user has given his/her consent.
3. Purpose of the data processing
The user’s e-mail address is collected for the purpose of delivering the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or of the e-mail address used.
4. Duration of storage
The data will be deleted as soon as it they are no longer necessary to achieve the purpose for which they were collected. The user’s e-mail address will therefore be stored as long as the newsletter subscription is active. The other personal data collected in the course of the registration process are usually deleted after a period of seven days.
5. Possibility of objection and removal
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter. This also enables the revocation of the consent to the storage of personal data collected during the registration process.
VII. Contact form and e-mail contact
1. Description and scope of the data processing
A contact form is available on our website, which can be used for electronic contact. If a user makes use of this option, the data entered in the input screen will be transmitted to us and stored. These data are:
(1) Name
(2) E-mail address
(3) Content of the message
(4) If further information is transmitted, these data are entered on a voluntary basis and are also transmitted to us and stored.
At the time the message is sent, the following data will also be stored:
(1) The IP address of the user
(2) Date and time of the registration
Your consent will be obtained for the processing of the data as part of the sending process and reference will be made to this privacy policy. Alternatively, you can contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored.
The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the request/conversation.
2. Legal basis for the data processing
We process the personal data from the input screen exclusively in order to set up the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
3. Purpose of the data processing
We process the personal data from the input screen exclusively in order to set up the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input screen of the contact form and that sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the facts in question have been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Possibility of objection and removal
The user has the possibility to revoke his/her consent to the processing of personal data at any time. If the user contacts us by e-mail, he/she can object to the storage of his/her personal data at any time. In such a case, the request/conversation cannot be continued.
VIII. Rights of the data subject
If personal data about you is processed, you are the data subject in the sense of the GDPR and you are entitled to the following rights with regard to the data controller:
1. Right to notification
You can request confirmation from the data controller as to whether personal data relating to you will be processed by us. In the event of such processing, you may request the following information from the data controller:
(1) The purposes for which the personal data are processed;
(2) The categories of the personal data processed
(3) The recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed;
(4) The planned duration of storage of the personal data relating to you or, if this is not possible, criteria for determining the duration of storage;
(5) The existence of a right to rectify or delete personal data concerning you, a right to limit the processing by the controller or a right to object to such processing;
(6) The existence of a right of appeal to a supervisory authority;
(7) All available information on the source of the data, if the personal data are not collected from the data subject;
(8) The existence of automated decision-making, including profiling, in accordance with Article 22 paras. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
2. Right to rectification
You have a right of rectification and/or completion vis-à-vis the data controller if the processed personal data concerning you is inaccurate or incomplete. The data controller must carry out the correction immediately.
3. Right to restriction of processing
Under the following conditions, you may request that the processing of your personal data be restricted:
(1) if you dispute the accuracy of the personal data concerning you for a period of time which enables the data controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to have the personal data deleted and instead request the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or(4) if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate reasons of the data controller outweigh your reasons.
Where the processing of personal data concerning you has been restricted, such data are not allowed to be processed, with the exception of being stored, without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the EU or of a member state. If the processing restriction has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to deletion
a) Obligation to deletion
You may request the data controller to delete the personal data concerning you immediately and the data controller is obliged to erase these data immediately if one of the following reasons applies:
(1) The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing pursuant to Art. 6 para. 1(a) or Art. 9 para. 2(a) GDPR was based and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 para. 2 GDPR.
(4) The personal data concerning you has been processed unlawfully.
(5) The deletion of personal data concerning you is necessary to fulfil a legal obligation under EU law or the law of the member states to which the data controller is subject.
(6) The personal data relating to you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.
b) Information to third parties
If the data controller has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 (1) GDPR, the data controller shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the persons responsible for data processing who process the personal data that you, as the data subject, have requested them to delete all links to these personal data or copies or replications of these personal data.
c) Exceptions
The right to deletion does not exist if the processing is necessary
(1) in the exercise of freedom of expression and information;
(2) to fulfil a legal obligation which the processing requires under the law of the EU or of the member states to which the controller is subject or to carry out a task implemented in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2(h) and (i) and Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to in section a) can be expected to make attaining the objectives of such processing impossible or to seriously impair them, or
(5) to assert, exercise or defend legal claims.
5. Right to notification
If you have exercised your right to rectification, deletion or restriction of the processing of your personal data vis-à-vis the controller, the latter is obliged to notify all recipients to whom the personal data concerning you has been disclosed about such rectification, cancellation or restriction, unless this proves impossible or involves a disproportionate outlay. You shall have the right vis-à-vis the data controller to be informed of such recipients.
6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, commonly used and machine-readable format. In addition, you have the right to communicate these data to another data controller without being hindered by the data controller to whom the personal data was provided, to the extent that
(1) the processing is based on a consent pursuant to Art. 6 para. 1(a) GDPR or Art. 9 para. 2(a) GDPR or on a contract pursuant to Art. 6 para. 1(b) GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly by one data controller to another data controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
7. Right to objection
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 para. 1(e) or (f) GDPR; this also applies to profiling based on these provisions. The data controller will no longer process the personal data relating to you unless the data controller can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for the purpose of direct advertising, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is connected with such direct advertising.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility to exercise your right of objection in relation to the use of information society services – notwithstanding Directive 2002/58/EC – by means of automated procedures using technical specifications.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.
9. Automated decision in individual cases including profiling
You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This shall not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the data controller,
(2) is authorized by legislation of the EU or of the member states to which the data controller is subject and contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
(3) is taken with your express consent.
However, these decisions are not allowed to be based on special categories of personal data under Art. 9 para. 1 GDPR, unless Art. 9 para. 2(a) or (g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
In the cases referred to in (1) and (3), the data controller shall take reasonable steps to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person in relation to the data controller, to present the own point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the member state of your residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is in breach of the GDPR. The supervisory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
Valid as from 25 May 2018
Do you have any questions? Send us an e-mail to wsplettenberg@ws-stahl.de
General Data Protection Regulation (EU-GDPR) as a well-structured websit