The information below explains how we will process your personal data and what rights you have as a result. Which specific data will be processed and how this data will be used mainly depends on how the websites are used and their respective options. That means not all of the statements contained in this document may apply to you.
Name and contact information of the person responsible in accordance with Art. 4 (7) GDPR
GABO STAHL GmbH
D- 73457 Essingen
Phone: +49 7365 / 9238 0
Fax: +49 7365 / 9238 308
HAPU Industrievertretungen GmbH
Streichhoffeld 1 D- 73457 Essingen
DROSTE Stahlhandel GmbH
Hellweg 8 D- 44787 Bochum
OWZ Ostalb-Warmbehandlungszentrum GmbH
Ulmer Straße 82-84 D- 73431 Aalen
GABO Werkstofftechnik GmbH
Streichhoffeld 3 D- 73457 Essingen
At times, we will jointly process your data in order to meet contractual requirements of the companies. That means all of the specified companies are responsible for the processing of the data (Art. 26 GDPR).
Our managers and employees are obligated to comply with this corporate guideline on data protection and the respective data protection laws. The company's data protection officer ensures that the GABO STAHL GmbH Group complies with statutory provisions and principles relating to data protection.
Corporate data protection officer of GABO STAHL GmbH
D- 73457 Essingen
Phone: +49 7365 / 9237 110
Thank you for your interest in our company and for visiting our websites. Data protection is extremely important to us. This Data protection notice regarding the use of our websites explains how we collect your personal data, what we do with it and for which purposes it is collected, the legal basis for the collection and processing, and your associated rights.
We also refer you to the Data protection notice (PDF) of the GABO STAHL GmbH Group.
The data protection notices regarding the use of our websites and the data protection notice of the GABO STAHL GmbH Group do not apply to your activities on the websites of other providers or social networks that you access via links on our websites. To find out more about their respective data protection provisions you should consult the information provided on the websites of these providers.
Permissibility of data processing
The collection, processing and use of personal data is only permissible if a permission has been issued. Such a permission is also required if the purpose of the collection, processing and use of the personal data is supposed to be changed compared to the original purpose. In particular, these permissions, in accordance with Article 6 (1) a-f GDPR may be:
I. the data subject has consented to the processing of his or her personal data for one or more specific purposes;
II. processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
III. processing is necessary for compliance with a legal obligation to which the controller is subject;
IV. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
V. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
VI. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular when the data subject is a child.
Collection and processing of your personal data
Below, we will provide information on the collection of personal data resulting from the use of our websites. Personal data refers to information such as your name, address, email address, IP address and user behaviour.
I. When you reach out to us via email or a contact form, we save the information you provided (your email address, possibly your name and phone number) to be able to process your question or inquiry. The data collected in this context will be deleted once its storage is no longer required or we limit how it is processed if legal retention obligations prohibit us from deleting the information.
II. If you only use our websites to get information, i.e. if you do not register or supply information in another manner, we will only collect the personal data that your browser transmits to our server. If you want to view our website, we will collect the following data, which are technologically required to display our websites and to ensure their stability and security (the legal basis for this collection is Art. 6 (1) 1f GDPR):
· IP address
· Time and date of the request
· Time difference to Greenwich Mean Time (GMT)
· Content of the request (specific page)
· Access status/HTTP status code
· The amount of data transmitted in each case
· Website from where the request originates
· Operating system and its interface
· Language and version of the browser software
· Directory protection user
(directory with a user/password combination)
· Status code
· User agent
· Elected host name
III. The only information required to sign up for the newsletter is your email address. Providing additional, especially marked data is voluntary. The information is used to personalize the newsletter, for example by allowing us to address you personally. Upon your confirmation, we save the information for the purpose of sending you the newsletter (Art. 6 (1) 1a GDPR).
· Email address (mandatory)
· First name
· Job title
· Phone number
· Industry field
· Customer number
Purposes of use
I. The personal data we collect when you visit our websites is used to ensure that we can operate the sites in a manner that is convenient to you and to protect our IT systems from attacks and other illegal actions.
II. If you submitted additional personal data, e.g. as part of a registration, through a contact form, a survey, a newsletter or in the process of performing a contract, then we will use that data for the specified purposes, for customer administration purposes and, if necessary, for processing and billing business transactions. In each case, this is done in the respectively appropriate scope.
Transmission of personal data to third parties, social plugins and use of service providers
I. Our websites may also contain offers from other companies that make up the GABO STAHL GmbH Group as well as from third parties. If you click on one such offer, we will transmit the required data to the respective provider (e.g. the information that you found this offer on our website and possibly related information that you already provided on our websites).
II. If we use so-called "social plugins" of social networks such as Facebook and XING on our website, then we will integrate them as follows:
When you visit our websites, the social plugins are deactivated, which means no data is transmitted to the operators of these networks. If you would like to use one of these networks, you can click on the respective social plugin to establish a direct connection to the server of the respective network.
If you have a user account for the network and are logged into it when you activate the social plugin, then the network can assign the visit of our websites to your account. If you want to prevent this from happening, please log out of the network prior to activating the social plugin.
When you activate a social plugin, the network transmits the contents that are thereby made available straight to your browser, which will integrate them into our websites. In this situation, data transmissions may also take place that were initiated and controlled by the respective social network. The connection to a social network, the data transmission between the network and your system as well as all of your interactions with that platform are covered exclusively by the data protection provisions of the respective platform provider. You can reach the aforementioned providers using the following links:
· Facebook Inc.
1601 S California Ave, Palo Alto, California 94304, USA
· XING AG
Gänsemarkt 43, 20354 Hamburg, DE
The social plugin remains active until you deactivate it or delete your cookies.
III. If you click on the link for an offer or activate a plugin, it is possible that your personal data will reach providers in countries outside of the European Economic Area that, in the views of the European Union (EU), cannot guarantee an "adequate level of protection" for the processing of personal data in accordance with EU standards. Please take this into account prior to clicking on a link or activating a plugin – and thereby triggering the transmission of your data.
IV. For the operation, optimisation and security of our websites, we also use qualified service providers (IT service providers and possibly marketing agencies). We only transmit your personal data to them if doing so is necessary for making available and using the websites and their functionalities, for the pursuit of legitimate interest or if you have allowed us to do so.
With your consent, you can subscribe to our newsletter through which we notify you of current offers. The advertised goods and services are specified in the consent agreement.
i We are using the so-called "double opt-in process" for newsletter subscriptions. That means that, following your registration, we will send an email to the specified email address in which we ask you to confirm that you want to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we will save the IP addresses that you used as well as the time of registration and confirmation. The purpose of this process is to verify your registration and to detect a possible misuse of your personal data.
ii You can revoke your subscription at any time and thereby stop receiving the newsletter. You can revoke your consent by clicking on the link included in every newsletter email or by sending an email to info(at)gabo-stahl.dehttp://info(at)gabo-stahl.de .
iii We would like to point out that we are analysing your user behaviour when we send out the newsletter. For this analysis, the sent emails contain so-called web beacons or tracking pixels, which are one-pixel image files that are saved on our website. For these analyses, we link the aforementioned data and the web beacons to your emails address and an individual ID. The data is collected in a way that is pseudo anonymous, which means the IDs are not linked to your other personal data and it is not possible to identify individuals directly. You can object to this kind of tracking at any time by clicking on the link included in each email or by contacting us in another manner. This information will be stored for as long as you have subscribed to the newsletter. Once you have cancelled the subscription, the data is stored anonymously for statistical purposes.
iv We are using an external service provider for sending out the newsletters. We reached a separate contract data processing agreement with the service provider to guarantee that your personal data is protected. We are currently working with the following service provider:
CleverReach GmbH & Co. KG
D- 26180 Rastede
Phone: +49 4402 / 97390 00
The privacy statement of CleverReach, which you can find at https://www.cleverreach.com/de/datenschutz/, will provide you with additional information.
Analysis of usage data; use of analytical tools
I. Google Analytics
If you have given your consent, Google Analytics, a web analysis service provided by Google LLC, will be utilised on this website. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
i. Scope of processing
While you are using the website, the following data (amongst others) will be recorded:
· The pages you visit, i.e. your “click path”
· The achievement of “website goals” (conversions, e.g. newsletter subscriptions, downloads, purchases)
· Your user behaviour (e.g. clicks, dwelling times, bounce rates)
· Your approximate location (region)
· Your IP address (in shortened form)
· Technical information regarding your browser and any terminal devices used by you (e.g. language setting, screen resolution)
· Your Internet provider
· The referrer URL (via which website/advertising media you arrived at this website)
ii. Purpose of the processing
On behalf of the operator of this website, Google shall use this information to evaluate your (pseudonyms [NOT IF A USER ID IS USED]) use of the website and compile reports regarding website activities. The reports compiled by Google Analytics are used to analyse the performance of our website [OPTIONAL] and the success of our marketing campaigns.
The recipient of the data is: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor). We have thereby agreed upon an order processing contract with Google. The California-based Google LLC and, if required, the US authorities, may both access the data stored at Google.
iv. Transmission to third countries
The transmission of data to the USA cannot be ruled out.
v. Storage duration
The data linked to the cookies and sent by us will be automatically deleted after 14 months. Data that has reached the end of its storage duration is automatically deleted once a month.
vi. You can also prevent the recording of any data generated by the cookies and related to your website usage (incl. your IP address) at Google as well as the processing of this data by Google by not granting.
· consent when setting the cookies or
· downloading and installing the browser add-on for the deactivation of Google Analytics HERE.
II. Below you will find information on the providers of the tools we use and the respective opt-out options:
I. Our websites may contain Google Inc. plugins
The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
ii. Google Maps
The operator of Google Maps is Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.
By using Google plugins, information on the use of our websites, including your IP address and the (start) address entered as part of the routing function, may be transmitted to Google in the USA. When you open a page on our website that contains these plugins, your browser establishes a direct link to Google's servers. That is why we cannot influence the scope of the data Google collects in this way. If you are logged into the account of the respective provider, you allow them to assign your web surfing behaviour directly to your personal profile. You can prevent this by logging out of the respective account. As far as we know, these are at least the following data:
· Date and time of the visit to the specific website
· Web address or URL of the accessed website
· IP address through the (start) address entered as part of routing.
The aforementioned plugins are used to present our online offers in a more appealing way. This constitutes a legitimate interest pursuant to (Art. 6 (1) 1f GDPR).
Deletion of your personal data
We anonymise or delete your IP address and the name of your internet service provider, which we save for safety reasons, after 1 day. Depending on the website that was used, error logs, which document faulty page views, may be deleted after 7 days. Anonymised data will be deleted after a maximum of 60 days. Otherwise, we delete your personal data as soon as the purpose for which it has been collected and processed has been fulfilled. Beyond that time, the data will only be stored if doing so is required by the laws, regulations or other legal provisions that we are subject to, both in the EU or in third countries if these have an adequate level of protection.
If a deletion is not possible in individual cases, the corresponding personal data is marked with the goal of limiting its future processing.
Making data available
Within the framework of the employment relationship, you have to make personal data available that is required for initiating, maintaining and ending a contractual relationship and required for fulfilling the associated contractual obligations or for whose collection we are legally obligated. Without this data we will generally not be able to conclude the contract with you, or be able to execute it.
We do not process your data with the goal of the automated evaluation of certain personal aspects.
Rights of the data subject
Pursuant to the General Data Protection Regulation, you have the following rights:
I. If your personal data is processed, you have the right to know what type of personal data about you is stored. (Art. 15 GDPR)
II. If inaccurate personal data has been processed, you have the right to the rectification of that data.
III. If the legal requirements have been met, you can demand the deletion of the data or the restriction of processing as well as the right to object to the processing (Art. 17, 18, 21 GDPR)
IV. If you have consented to the processing of your data or if there is a contract regarding the processing of data and if this is conducted using automated processes, you also have a right to data portability. (Art. 20 GDPR)
Should you make use of the aforementioned rights, the controller checks whether the legal requirements have been met. Send your claims or explanations to the Group's data protection officer if possible. In addition, you have the right of appeal to the state data protection officer of the state of Baden-Württemberg (Art. 77 GDPR).
Right of revocation following consent
At any time, for reasons arising from your particular situation, you can object to the processing of your personal data based on Art. 6 (1) f GDPR (data processing on the basis of balancing interests); this also applies to profiling based on this provision according to Art. 4 (4) GDPR.
At any time, you can revoke the consent you have given us to process your personal data. This also applies to the revocation of declarations of consent that were granted to us prior to the General Data Protection Regulation going into effect on 25 May 2018. Please note that this revocation is only effective going forward. Any data processing that preceded the revocation is not affected.
The objection can be sent in an informal email with the subject line "Objection" and the provision of your name, address and data of birth. It should be addressed to the data protection officer.
If you object, your personal data will no longer be processed unless we can prove there are compelling, legitimate reasons for processing the data that outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims.
Data processing security
Taking into account the state of technology and the art of processing, the scope, the conditions and the purposes of the processing as well as the different probabilities of occurrence and the seriousness of the risks for the rights and liberties of natural persons, the GABO STAHL GmbH Group and their processors will take suitable technical and organisational measures to provide a level of protection appropriate for the risk.
When assessing the appropriate level of protection, the risks that primarily have to be taken into account are those that were processed with the processing, loss or alteration. The GABO STAHL GmbH Group takes steps to ensure that natural persons subordinate to it and who have access to the personal data will only process the data based on the direction of the data protection officer, unless they are required to do so to comply with the laws of the EU or its member states.
Data transmission to recipients outside of the European Economic Area
When using service providers and tools such as those specified above, personal data may be transmitted to recipients in countries outside of the European Union (EU) and processed there, especially the USA.
In addition to the aforementioned data, we will story cookies on your computer when you use our websites. Cookies are small text files that are saved on your hard drive by the browser you use and which will allow the entity that places the cookie to obtain certain information. Cookies cannot run programs or transmit viruses onto your computer. Their purpose is to make the internet service user friendlier and more effective overall.
This website uses the following types of cookies, whose scope and functionality is explained below:
· Transient cookies,
which are deleted automatically when you close your browser. In particular, these include session cookies. These save a so-called Session ID, with which the different request of your browser can be assigned to a joint session. That allows your computer to be recognises when you return to our website. Session cookies are deleted when you log out or close the browser.
· Persistent cookies,
which are automated and will be deleted after a specified time that can vary by cookie. You can delete these cookies at any time in the security settings of your browser.
You can configure your browser settings according to your wishes and, for example, reject third-party cookies or all cookies. So-called third-party cookies are cookies placed by third parties, i.e. not the actual website the user currently uses. We would like to note that the deactivation of all cookies may mean that you cannot use all functions of this website. You can revoke your settings with effect for the future at any time by deleting the website’s set cookies in your browser and reloading the page in order to apply new settings for cookie authorisations.