Privacy Policy

Privacy policy

Thank you for visiting our website. Compliance with data protection regulations is of particular importance to us. The aim of this privacy policy is to inform you as a user of the website about the type, scope and purpose of the processing of personal data and the rights that exist for you, insofar as you are considered a data subject within the meaning of Art. 4 No. 1 of the General Data Protection Regulation.

1. Data controller

This website and the range of services are operated by

Baustahlgewebe GmbH

Friedrichstrasse 16

69412 Eberbach

Eberbach, Germany

Phone: +49 6271 82-100

Email: mail@baustahlgewebe.com

2. Data protection officer

We have appointed a data protection officer.

Herold Unternehmensberatung GmbH

Mr Philipp Herold

Hafenstrasse 1a

23568 Lübeck

Email: datenschutz@hub24.de

3. General information

We have designed the website to collect as little data as possible from you. In doing so, we always ensure that your personal data are only processed in accordance with a legal basis or with your consent. We comply with the provisions of the General Data Protection Regulation (GDPR) in force since 25 May 2018 and the applicable national regulations, such as the Federal Data Protection Act, the Telecommunications Digital Services Data Protection Act or other more specific data protection laws.

4. Purpose and legal basis for the processing of personal data

We always process your personal data for a specific purpose.

In summary, we process your personal data for the following purposes:

a) To be able to process your request in the event of contact enquiries (e.g. email address, first name, surname);

b) To be able to provide you with a login for our customer portal (registration request).

c) For the technical realisation of our website and to be able to provide you with our information on this website (e.g. IP address, cookies, browser information)

d) To be able to receive and process an application from you for one of our job vacancies.

The following applies with regard to the legal basis for the processing of your personal data:

We process personal data that are required for the establishment, implementation or processing of our range of services (contract processing) on the legal basis of Art. 6 para. 1 lit. b GDPR. Insofar as we obtain your consent for the processing of your personal data, the consent pursuant to Art. 6 para. 1 lit. a GDPR forms the legal basis for data processing. Data processing is also permitted if we process your data to protect our legitimate interests and your interests or fundamental rights and freedoms with regard to the processing of personal data do not outweigh this (Art. 6 para. 1 lit. f GDPR). Insofar as we use external service providers within the framework of commissioned data processing, the processing is carried out on the legal basis of Art. 28 GDPR.

5. Collection of personal data when visiting our website

When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

IP address
Date and time of the enquiry
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request originates
Browser
Operating system and its interface
Language and version of the browser software.

This website is hosted by an external service provider (hosting service). The personal data collected on this website are stored on the servers of the hosting service.

We use the following hosting service:

Strato AG

Otto-Ostrowski-Strasse 7

10249 Berlin

We have concluded a data processing agreement (DPA) with the aforementioned provider. This is a contract required by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Further information on this can be found under ‘Cookies’ in this privacy policy and in the consent management tool used.

6. Integration of services from other providers

Our website uses content and services from other providers. These are, for example, services for the statistical analysis of the use of and visits to our website. In order for these data to be accessed and displayed in the user's browser, it is necessary to transmit the user's IP address to the third-party providers used.

Even if we endeavour to only use third-party providers who only need the IP address to be able to deliver content or even work with anonymised IP addresses, we have no influence on whether the IP address may be stored. Information on the third-party providers used can be found below in this privacy policy.

Usercentrics Consent Management

Type and scope of processing

We have integrated Usercentrics on our website. Usercentrics is a consent solution from Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, with which consent to the storage of cookies can be obtained and documented. Usercentrics uses cookies or other web technologies to recognise users and store the consent given or revoked.

Purpose and legal basis

The use of the service is based on the legally required consent to the use of cookies in accordance with Art. 6 para. 1 lit. c. GDPR.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Usercentrics GmbH. Further information can be found in the privacy policy for Usercentrics: https://usercentrics.com/privacy-policy/.

Google Analytics

Type and scope of processing

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of visits to our website, subpages visited and the time spent by visitors.

Google Analytics uses cookies and other browser technologies to analyse user behaviour and recognise users.

This information is used, among other things, to compile reports on website activity.

Purpose and legal basis

The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular to the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.

Google Tag Manager

Type and scope of processing

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website.

This allows us to flexibly integrate additional services in order to analyse user access to our website.

Purpose and legal basis

The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Storage period

eRecht24 CDN

Type and scope of processing

We use eRecht24 CDN for the proper provision of the content of our website. eRecht24 CDN is a service of eRecht24 GmbH & Co. KG, which acts as a content delivery network (CDN) on our website.

A CDN helps to make the content of our online offer, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to the servers of eRecht24 GmbH & Co. KG, Lietzenburger Str. 94, 10719 Berlin, Germany, whereby your IP address and possibly browser data such as your user agent are transmitted. These data are processed exclusively for the above-mentioned purposes and to maintain the security and functionality of eRecht24 CDN.

Purpose and legal basis

The Content Delivery Network is used on the basis of our legitimate interests, i.e. interest in the secure and efficient provision and optimisation of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by eRecht24 GmbH & Co. KG. Further information can be found in the privacy policy for eRecht24 CDN: https://www.e-recht24.de/datenschutzerklaerung.html.

7. Cookies

Cookies are small text files that are stored on your data carrier and save certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent as well as information about the age of the cookie and an alphanumeric identifier.

Cookies enable our systems to recognise the user's device and make any default settings immediately available. As soon as a user accesses the platform, a cookie is transferred to the hard drive of the user's computer. Cookies help us to improve our website and offer you a better and more personalised service. They enable us to recognise your computer or (mobile) device when you return to our website and thereby:

Store information about your favourite activities on the website and thus tailor our website to your individual interests.
Speed up the processing of your enquiries.

We work together with third-party services that help us to make the Internet offer and the website more interesting for you. Cookies from these partner companies (third-party providers) are therefore also stored on your hard drive when you visit the website. These are cookies that are automatically deleted after the specified time.

For more information on the individual third-party providers, please refer to the Cookie Consent Tool and the data protection information contained therein.

If you do not wish to use browser cookies, you can set your browser so that the storage of cookies is not accepted. Please note that in this case you may only be able to use our website to a limited extent or not at all. If you only wish to accept our own cookies, but not the cookies of our service providers and partners, you can select the ‘Block third-party cookies’ setting in your browser. We accept no responsibility for the use of third-party cookies.

8. Contacting us (contact form, registration request)

You can contact us by email or via our contact form or the registration application. In this case, we store the personal data you provide in order to process your request and to contact you to process your request. If we request information via our contact form, we have marked the mandatory fields required for contacting you accordingly (asterisk). The voluntary information is used to specify your enquiry and to improve the processing of your request. The requested data are transmitted to us by you on a purely voluntary basis.

Depending on the type of enquiry, the legal basis for this processing is Art. 6 para. 1 lit. b GDPR for enquiries that you make yourself as part of a pre-contractual measure or Art. 6 para. 1 sentence 1 lit. f GDPR if your enquiry is of a different nature. The legitimate interest follows from the purposes mentioned under point 4. If personal data are requested that we do not need for the fulfilment of a contract or to protect legitimate interests, they will be transmitted to us on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Registration on the website

If you would like to receive a login for our customer portal, it is necessary for the registration that you provide your personal data, which we require for the processing of your registration application. Mandatory information required for processing your registration application is marked separately, other information is voluntary.

The controller may arrange for the data to be passed on to one or more processors, who will also use the personal data exclusively for internal purposes attributable to the controller.

By registering on the controller's website, the IP address assigned by the data subject's Internet service provider (ISP), the date and time of registration are also stored. These data are stored against the background that this is the only way to prevent the misuse of our services and, if necessary, to enable criminal offences to be investigated. In this respect, the storage of these data is necessary to safeguard the controller. These data will not be passed on to third parties unless there is a legal obligation to pass them on or it serves the purpose of criminal prosecution.

Your registration with voluntary provision of personal data serves the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have them completely deleted from the controller's database. The processing of the aforementioned personal data for the purposes stated here takes place on the legal basis of Art. 6 para. 1 lit. b GDPR. Due to commercial and tax law requirements, we are obliged to store your personal data for a period of ten years.

The controller will provide any data subject with information on which personal data relating to the data subject are stored at any time upon request. Furthermore, the controller shall correct or delete personal data at the request or notice of the data subject, provided that this does not conflict with any statutory retention obligations.

We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you emails with technical information.

9. Application procedure

We publish job vacancies on our website for which you can apply using an application form. If you decide to apply for an open position, we and Badische Stahlwerke GmbH will process the personal data you provide there and transmit to us exclusively for the purpose of carrying out the application process.

The legal basis for the processing of your personal data as part of the application process is Section 26 (1) in conjunction with (2) BDSG.

In the event of a rejection, we will delete your data as soon as a retention period of 6 months required by labour law has expired. The period begins with the sending of the cancellation. If you have expressly consented to the further use of your data for subsequent contact regarding positions that may be of interest to you, we will continue to store your data in accordance with your consent.

If an employment relationship is established following the application process, the data will initially continue to be stored to the extent necessary and permissible and then transferred to the personnel file.

Your personal data may be processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the General Data Protection Regulation.

Otherwise, data will only be transferred to recipients outside the company if this is permitted or required by law, if the transfer is necessary to fulfil legal obligations or if you have given your consent. A transfer to a third country is not intended.

The provision of personal data as part of the application process is not required by law or contract. You are therefore not obliged to provide the personal data. However, the provision of personal data is necessary for the decision on an application or the conclusion of a contract of employment with us. However, you should only provide the personal data that are necessary for the acceptance and realisation of your application. If you do not provide us with any personal data in an application, we cannot make a decision on the establishment of an employment relationship.

Further information on data processing in the application process can be found at: https://karriere.bsw-kehl.de/Vacancies/DataProtection.

10. Social media icons

Social media icons are used on our website. To improve the protection of your data when you visit our website, these buttons are not fully integrated as plugins, but in the form of HTML links. This type of integration ensures that no connection is established with the servers of social media operators when a page of our website on which such buttons are available is accessed. When you click on such a button, the page of e.g. Facebook opens in a new browser window. You can interact with the plugins there (if necessary after logging in). The purpose and scope of the data collection, the further processing and use of the data by the social media as well as your rights in this regard and setting options for protecting your privacy can be found in the privacy information of the social media operators.

11. Presence in social media

In order to present our company in the best possible way and to communicate with you as a user, customer or interested party and to inform you about the services we offer, we make use of our presence on social media. When using social media, data are processed outside the European Union (EU) and the European Economic Area (EEA). An equivalent level of data protection as exists in the EU cannot be guaranteed in all countries outside the EU. In this context, it can lead to risks for you as a user if the transferred data are processed in so-called third countries with an inadequate level of data protection.

This makes it more difficult to enforce known user rights. In addition, your data may not be processed in your interest by the provider in the third country. We only transfer personal data to third countries for which an adequate level of protection has been confirmed or if the transfer of personal data can be ensured by contractual agreements or other suitable guarantees.

In addition to the respective provider of a social media site, we also collect and process personal user data on so-called ‘fan pages’. This notice informs you which data we collect from you on our social media sites, how we use them and how you can object to the use of your data. The respective data processing purposes and data categories can be found in the respective offer listed in more detail below. The activities in social media operated by us and described in more detail below are carried out on the basis of a balancing of interests in accordance with Art. 6 para. 1 lit. f) GDPR.

To achieve this, cookies are used that record user behaviour and enable the user to be profiled. A specific list of the purposes for which user data are processed can be found in the privacy policies of the respective providers. By making the appropriate settings in your user account, you can restrict profiling, at least to a certain extent. For the exact procedure, please read the corresponding privacy policy of the respective provider.

The relevant platforms are

Platform controller Privacy information of the platform operators

Instagram Meta Platforms Ireland Ltd

4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

https://privacycenter.instagram.com/policy/

We operate a profile on the listed platform in order to draw attention to products and service offers and to interact with customers, interested parties and other users of the platform.

In this context, the platform operators also use certain data that they have collected from users of the platform (e.g. whether a photo on a profile has been ‘liked’ or commented on) to compile aggregated usage statistics and make them available to the respective operators of the profile (so-called ‘insights’ or ‘analytics’). As the profile operator, we also receive such usage statistics. The information we receive as profile operators does not allow us to draw any conclusions about individual users. The profile operator itself has no access to personal data that the platform operator processes for the creation of usage statistics. Only the respective platform operator determines which data are processed for these purposes and how. As the profile operator, we have no legal or actual influence on the processing by the platform operators.

For processing in connection with the creation of usage statistics, we are considered joint controllers with the respective platform operator within the meaning of Art. 26 GDPR. Where possible, joint controllership agreements are in place with the respective platform operators.

Beyond this, data processing by us as the profile operator only takes place to a very limited extent:

Processing of usernames and comments that are deleted due to a breach of netiquette. These are retained within the limitation period to provide any necessary evidence in the event of legal disputes.
Processing of usernames and individual messages when you contact us via messenger services
Processing of usernames and postings in the context of enquiries and, if necessary, obtaining consent for the re-posting of images

For these purposes, we generally only process your name, message content, comment content and the profile information you provide ‘publicly’.

12. Rights of the data subject

You have the right:

to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if they were not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us
in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims
in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete them and we no longer need the data, but you need them for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that they be transmitted to another controller (data portability)
in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future and
to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
Right to object

If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

If you wish to exercise your right of cancellation or objection, simply send an email to datenschutz@hub24.de.

13. Disclosure of your personal data

Your personal data will be passed on as described below.

Data will also be passed on if we are authorised or obliged to pass on data due to legal provisions and/or official or court orders. In particular, this may involve the provision of information for the purposes of criminal prosecution, security or the enforcement of intellectual property rights.

If your data are passed on to service providers to the extent necessary, they will only have access to your personal data to the extent necessary to fulfil their tasks. These service providers are obliged to treat your personal data in accordance with the applicable data protection laws, in particular the GDPR. Insofar as your personal data are processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR, we ensure that the processing of personal data is carried out in accordance with the General Data Protection Regulation.

We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient before your personal data are transferred. This can be achieved, for example, by means of EU standard contracts or binding corporate rules or special agreements to which the company may be subject.

14. Data security

We use technical and organisational measures to secure our website against loss, destruction, access, modification or dissemination of your data by unauthorised persons.

In particular, your personal data are transmitted to us in encrypted form. We use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) coding system. Our security measures are continuously improved in line with technological developments.

15. Storage period for personal data

With regard to the storage period, we delete personal data as soon as their storage is no longer necessary for the fulfilment of the original purpose and there are no longer any statutory retention periods. The statutory retention periods form the criterion for the final duration of the storage of personal data. Once the period has expired, the corresponding data are routinely deleted. If retention periods exist, processing is restricted by blocking the data.

16. References and links

When accessing Internet pages to which reference is made on our website, you may again be asked for information such as your name, address, email address, browser properties, etc. This privacy policy does not regulate the collection, disclosure or handling of personal data by third parties

Third-party service providers may have different and separate provisions regarding the collection, processing and use of personal data. It is therefore advisable to inform yourself on the websites of third parties about their practices regarding the handling of personal data before entering personal data.

Last updated: 12.2024