The information below is intended to give you an overview of how we process your personal data and your rights under the data protection law. Which data are specifically processed depends mainly on the type and scope of the existing business relationship.
Please relay this information to current and future persons authorized to represent your company and to contact persons in your company.
The Controller (party responsible) for data processing:
38239 Salzgitter, Germany
Telephone: +49 (0)5341 / 21-01
You can contact our Data Protection Officer at the aforementioned address and telephone number, as well as by email:
As part of informing about our business development and the initiating and conducting of business relations, we process the following data categories of our business partners and their contacts in particular. We obtain this data directly from these partners or from other Salzgitter Group companies or from other parties within the scope permissible (e.g. for the performance of contracts or based on consent granted). Furthermore, data that we have obtained from sources in the public domain (e.g. commercial registers, press, Internet) within the scope permissible is also processed:
interested parties, analysts, investors, shareholders
Customers, suppliers, service providers
Supervisory board members, general managers and other contact persons of subsidiaries and associates of the Salzgitter Group
Data is processed by Salzgitter AG for the purpose of performing the tasks of the management holding within the Salzgitter Group pursuant to the provisions defined under the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) as well as all other pertinent laws (e.g. German Commercial Code – HGB), German Fiscal Code (Abgabenordnung – AO) etc.).
a. For the performance of a contract or for pre-contractual measures (Art. 6 (1b)) GDPR)
Personal data are processed for the purpose of performing contracts with our customers, suppliers and service providers. This also includes the performance of pre-contractual measures upon request by the business partner.
b. In the context of the balancing of interests (Art. 6 (1 f)) GDPR)
If necessary, we process your data beyond the actual performance of the contract with a view to safeguarding the justifiable interests of ourselves or of third parties. Examples:
c. On the basis of consent (Art. 6 (1 a)) GDPR)
If you have given us your consent to the processing of personal data for certain purposes (e.g. Newsletters), this processing complies with the requirement of lawfulness. Consent once granted can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent that we were granted before the GDPR took effect, i.e. before May 25, 2018. Please note that any revocation applies just to the future. Processing that took place before the revocation remains unaffected.
d. Based on statutory requirements (Art. 6 (1 c)) GDPR) or in the public interest (Art. 6 (1 e)) GDPR)
Moreover, we are subject to various legal obligations, i.e. statutory requirements, e.g. tax regulations.
The departments in our company that require your data for the purpose of fulfilling our contractual and legal obligations and for the aforementioned purposes are provided with your data. Service providers and agents used by us may be given data for this purpose.
Data is only relayed outside the company if this is required by statutory provisions or if you have given your consent.
In turn, all recipients are themselves obligated to comply with data protection.
Assuming these preconditions, recipients of personal data may be the following:
No data is transferred to recipients in countries outside the EU or the EEA (so-called non-Member States). If, in the individual case, data is to be transferred to non-Member States, this is either necessary for performing a contract, takes place in the context of processing a contract, is mandatory under the law or is based on consent that you have granted to us. If service providers in a non-Member State are used, an appropriate level of data protection is guaranteed.
We process and store your personal data only as long as it is required for the fulfillment of the purposes cited under Item 3. It should be noted here that many of our business relationships are long term. If the data is no longer required for the performance of contractual or statutory obligations, it will regularly be erased unless this data is necessary for further temporary processing for the following purposes:
All persons affected (data subjects) have the right to information pursuant to Art. 15 GDPR , the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction on the processing pursuant to Art. 18 GDPR, the right to objection based on Art. 21 GDPR and the right to data portability pursuant to Art. 20 GDPR. The restrictions under Sections 34 and 35 of the German Federal Data Protection Act apply to the right to information and the right to erasure. Moreover, there is a right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 of the German Federal Data Protection Act).
You can revoke any consent granted for the processing of personal data at any time. This also applies to the revocation of declarations of consent that we were granted before the GDPR took effect, i.e. before May 25, 2018. Please note that any revocation applies just to the future. Processing that took place before the revocation remains unaffected.
Within the scope of our business relationship, you must provide personal data required for the initiation and conducting of a business relationship and compliance with the associated contractual obligations, or data which we are required to collect under the law.
No use is made of automatic decision-making or profiling.
1. Case-by-case right to object
You have the right to object at any time for reasons arising from your particular situation against the processing of your personal data that is carried out based on Art. 6 (1 e) GDPR (data processing in the public interest) and Art. 6 (1 f) GDPR (data processing on the basis of balancing of interests). If you lodge an objection, we will no longer process your personal data unless we can provide proof of compelling legitimate grounds for processing that override your interests, rights and freedoms, or if the processing serves the purpose of the establishment, exercise or defense of legal claims.
2. Right to object against the processing of data for advertising purposes
In specific cases we process your personal data for the purpose of direct marketing. You have the right to object at any time against the processing of your personal data for the purpose of this kind of advertising. If you object to the processing for the purpose of direct advertising we will no longer process your personal data for these purposes. There objection that can be sent via email to firstname.lastname@example.org does not have to follow any specific form.