Thank you for your interest in the internet services provided by ST Extruded Products Germany GmbH (hereinafter: “STEP-G”). STEP-G attaches great importance to protecting your personal data during its collection, processing and use in the context of your visit to our website. We comply with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the Telecommunications Digital Services Data Protection Act, the Digital Services Act and any other applicable, country-specific data protection regulations.
In principle, the website of STEP-G can be used without submitting any personal data (e.g. the visitor’s name, address, e-mail address or telephone number). However, if you wish to make use of particular services that we offer via our website, it may be necessary for your personal data to be processed by STEP-G. We always seek your consent if we need to process your personal data, unless there is already a legal basis for such processing.
The purpose of this Privacy Policy is to inform you about the nature, scope and purpose of the collection, processing and use of personal data by STEP-G. In addition, we wish to inform you about your rights under this Privacy Policy.
STEP-G has implemented a variety of technical and organisational measures to ensure that your personal data, which is processed via this website, is protected to the maximum extent possible. Nevertheless, we wish to point out that absolute protection cannot be guaranteed due to the nature of internet-based data transmission and the associated potential security vulnerabilities. You therefore have the option of providing us with your personal data by other means (e.g. by telephone or post).
Within the framework of this Privacy Policy, STEP-G uses terminology that is also used in the EU General Data Protection Regulation (GDPR). Among others, this includes the following terms:
The data controller with regard to the processing of the data collected via the websites of STEP-G is:
ST Extruded Products Germany GmbH, Schachenstraße 14, 88267 Vogt, Germany, phone: +49 7529 999-0, e-mail: vogt.office(at)step-g.com, Website: www.step-g.com.
The data controller’s data protection officer is:
White Whale Data GbR, RA Götz Sommer, Hansaring 97, 50670 Köln, Germany, e-mail: info(at)wwdata.de, phone: +49 221 9776980.
All data subjects may contact our data protection officer at any time with any queries or suggestions regarding data protection.
The websites of STEP-G use cookies. Cookies are text files that are downloaded and stored in a computer system via an internet browser. In accordance with Section 25 TDDDG, STEP-G ensures that users consent to the use of cookies before non-essential cookies are set.
Many websites and servers use cookies. Many cookies contain a so-called “cookie ID”. This consists of a character string that serves as the cookie’s unique identifier, making it possible to assign visits to internet pages and servers to the specific internet browser in which the cookie was stored. This allows the visited web pages and servers to distinguish the browser of the respective visitors from other internet browsers (if they contain other cookies). In other words, the unique cookie ID makes it possible to recognise and identify a specific internet browser.
Cookies enable STEP-G to provide the visitors to its website with services that are more user-friendly than would otherwise be possible. By using cookies, STEP-G is able to optimise its websites for the benefit of the visitors, since the cookies make it possible to identify repeat visitors to the website, which in turn allows us to make the website easier for them to use. For example, when using cookies, visitors are not required to enter their login data each time they visit the website. The login is instead performed automatically by the website via the cookie that was previously stored on the visitor’s computer. In addition, cookies enable online shops to “remember” the items that customers have placed in their virtual shopping carts.
As the data subject, the user must actively consent to the use of cookies.
Before cookies that are not absolutely necessary are set, a corresponding consent banner is displayed, which can be used to give consent. The user can withdraw this consent at any time.
As the data subject, the user can prevent the use of cookies by the STEP-G website by configuring the corresponding setting in their internet browser. In this way, they can permanently block the use of cookies. In addition, the visitor to the website can delete cookies that have already been stored at any time via their internet browser settings or other software programs. This feature is available in all popular internet browsers. Users (i.e. data subjects) who disable the saving of cookies in their internet browser may no longer be able to make full use of all the features of the STEP-G website.
The storage period for “permanent cookies” can be up to two years.
The legal basis for our use of cookies may vary depending on the circumstances. The legal basis on which we process your personal data always depends on the specific individual case. If we ask for your consent and you agree to the use of cookies, this consent provides the legal basis for the processing of your data (Art. 6 (1) (a) GDPR). Should the use of cookies become necessary in order to fulfil our (pre-)contractual obligations towards you, the data processing by STEP-G is based on Art. 6 (1) (b) GDPR. In all other cases, we base the processing of your data by means of cookies on our legitimate interest pursuant to Art. 6 (1) (f) GDPR (e.g. operation of the website and its improvement).
Whenever a data subject or automated system accesses the STEP-G website, general information about the nature of the access is periodically stored in our server’s log files. This information may include the browser type and version, the operating system, as well as the website via which the data subject or automated system accessed our website. Other recorded information may include the subpages accessed on our website, the date and time of access, the visitor’s IP address, the internet service provider of the accessing system and any other security-related data we need in the context of preventing attacks against our IT systems.
STEP-G does not use this data for the purpose of identifying data subjects. Instead, this data is necessary to ensure that the contents of our website are properly transmitted, as well as to optimise our website, to ensure its functionality, and to provide information required by law enforcement agencies in the event of a cyberattack. We therefore evaluate this data solely for statistical purposes and also to improve data protection and data security within our company. The goal here is to ensure that the personal data we process is safeguarded to the maximum extent possible. The personal data which data subjects submit to us is stored separately from the anonymous data that our server collects via its log files.
You have the opportunity to register on our website by submitting personal data. For details about which personal data is transmitted to the data controller, please refer to the input screen shown to users during registration. The personal data you provide is collected and stored by STEP-G solely for internal use and for statistical purposes. We may also transfer your personal data to one or more data processors, e.g. postal operators, which also use personal data exclusively for internal order processing.
If you register on our website, the data saved there is also transmitted by the respective internet service providers (ISP). This includes the IP address as well as the date and time of registration. We store this data as a necessary means to prevent misuse of our services and, if necessary, this information can be used at a later time to investigate previous criminal activity. The storage of the data is therefore necessary to safeguard the data controller’s systems. As a rule, we do not disclose this data to third parties, unless we are legally obliged to do so or the disclosure serves the purpose of law enforcement.
STEP-G requires users to register – and in so doing to submit personal data – in order to offer them content and services which, due to their nature, can only be offered to registered users. At any time, registered users are entitled to modify the personal data that they submitted during registration, or to have such data removed from STEP-G’s database entirely.
They also have the right, at any time, to ask STEP-G which personal data has been stored. STEP-G will respond to such requests as soon as possible. To the extent that we are not prevented from doing so due to statutory retention periods, STEP-G will comply with any requests from data subjects for the rectification or deletion of their personal data. In this context, all employees of STEP-G as well as any data protection officers named in this Privacy Policy are available as a point of contact.
Due to statutory regulations, the websites of STEP-G contains features and information which enable fast electronic contact with our company as well as direct communication with us. This includes our e-mail address.
When you contact STEP-G via e-mail or our contact form, your personal data is automatically stored. This data, which you voluntarily submit to STEP-G, is stored for the purpose of processing or contacting you (as the data subject).
On this website STEP-G uses the product Google Maps service provided by the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google Inc. (hereinafter: “Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for the purpose of displaying a map and enabling users to calculate and display travel directions to our company’s locations.
On its website (policies.google.com/privacy/frameworks?hl=en), Google also provides assurance that, when transferring data to the USA, it complies with legal framework conditions that guarantee a level of protection equivalent to EU law and also relies on the standard contractual clauses of the EU Commission. The company has also been certified in accordance with the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active), but no longer relies on this as of 16 July 2020.
If you use the Google Maps component, a cookie is stored on your computer via your internet browser. Your user settings and data are processed to enable the STEP-G locations to be displayed and a route to them to be calculated. We cannot rule out the possibility that Google also stores and processes this data on servers in the USA.
By connecting your internet browser to Google’s servers, the company can determine which website your request was sent from and to which IP address the directions should be sent. If you do not agree to this processing, you can prevent cookies from being installed by Google by changing the corresponding settings in your browser. You can find out more about this in the “Cookies” section of this Privacy Policy.
You can read the Google Maps Terms of Use at https://www.google.com/intl/de_de/help/terms_maps.html and https://policies.google.com/terms?gl=DE&hl=de informieren.
The legal basis for the collection and processing of the aforementioned data is Art. 6 (1) (f) GDPR. We have a legitimate interest in optimising the features of our website in order to offer you the best possible service.
STEP-G only processes and stores personal data for the period of time necessary to achieve the purpose of the storage, or if STEP-G is bound by statutory provisions that require such storage.
If the purpose of the storage is omitted or if a legally prescribed retention period expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.
Due to the regulations of the GDPR, data subjects have the following rights:
In connection with the career portal, STEP-G collects and processes applicants’ personal data for the purpose of processing their applications. Such processing may be carried out by electronic means. In particular, this applies in cases where applicants submit their application documents to STEP-G by e-mail, via a web form on our website, or by other electronic means.
If an application is successful and the applicant is hired, STEP-G stores the data submitted by the applicant for the purpose of facilitating the employment relationship. This data is stored in accordance with the statutory regulations.
If an application is unsuccessful, i.e. if no employment contract is concluded, STEP-G automatically deletes the submitted documents two months from the date on which the respective applicants were notified of their unsuccessful application. The data is only kept beyond this time if its deletion conflicts with other justified interests of STEP-G – for example, in the event that STEP-G is required to give evidence in proceedings under the German General Equal Treatment Act (AGG).
Components provided by the social network Facebook are integrated into the websites of STEP-G.
A social network is an online service that allows users to communicate and interact in virtual space. This online social meeting point (online community) can be used to exchange views and experiences and provide personal or business information to other users within the online community. Among other things, Facebook users can create personal profiles, upload photos and network with other users via friend requests.
The operator of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For data subjects who live outside the US or Canada, the data controller for Facebook is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
STEP-G shares responsibility with Facebook Ireland Ltd. for the collection of data that Facebook receives via the components embedded on STEP-G’s websites. The same applies to the transmission of any data to Facebook in connection with content and advertising information that is tailored to the presumed interests of users. Similarly, it is possible that Facebook will use information to target users via Facebook Messenger and improve its ability to identify content and/or promotional information that is likely to be of interest to users.
If a visitor to the websites of STEP-G accesses an individual subpage containing a Facebook component (Facebook plug-in), their IT system is automatically instructed by the component in question to download a version of the corresponding Facebook component from Facebook. All Facebook plug-ins are described in an overview which is available at developers.facebook.com/docs/plugins/. Via this technical process, Facebook is able to determine which specific subpage the user is visiting.
If the user (as the data subject) is also logged in to Facebook, during each visit to the websites of STEP-G by the user – and for the entire duration of the respective visits – Facebook is able to identify which specific subpages were viewed. The installed Facebook plug-in collects this information and Facebook assigns it to the user’s Facebook account. If the user clicks on one of the Facebook buttons integrated into our website or submits a comment, this information is assigned by Facebook to the data subject’s personal user account and this personal data is subsequently stored.
If a data subject is logged in to Facebook when they visit the websites of STEP-G, Facebook is notified about the visit via the respective plug-ins – regardless of whether or not the user clicks on the Facebook buttons. As a user and data subject, if you do not agree to such a transfer of your data to Facebook, you can prevent this by making sure that you are logged out of your Facebook account before visiting the websites of STEP-G.
Information about Facebook’s data policy, including the personal data that is collected, processed and used by Facebook, is available at https://de-de.facebook.com/about/privacy/. In addition, you will find information there about settings provided by Facebook to protect the data subject’s privacy. Various applications which make it possible to prevent or limit the transmission of personal data to Facebook are also available. The user (as the data subject) can therefore prevent the transmission of their data to Facebook by means of these applications.
STEP-G has concluded a special agreement with Facebook (“Addendum for Data Controllers”). This agreement, which is available at https://www.facebook.com/legal/controller_addendum, sets out the security measures that Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and explains how it complies with the rights of data subjects under the GDPR.
STEP-G has integrated the component Google Analytics (with anonymisation feature) into this website. Google Analytics is a web analytics service. Web analytics is the process of collecting and analysing of data about the behaviour of visitors to websites. Among other things, the web analytics service collects data about the website from which you (as the data subject) accessed our website (so-called “referrers”), which subpages of our website you accessed and how often and for what length of time you viewed a subpage. The web analytics service is primarily used for the purpose of optimising our website and carrying out cost-benefit analyses of online advertising activities.
The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
STEP-G uses the parameter “_gat._anonymizeIp” for its web analytics via Google Analytics. This parameter allows the IP address of the data subject’s internet connection to be shortened and anonymised by Google if the data subject accesses our website from a Member State of the European Union or from another contracting state to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse visitor flows on our website. Among other things, Google uses the acquired data to evaluate the use of our website, to compile online reports for us which show activities on our websites, and to provide other services related to the use of our website.
Google Analytics stores a cookie in the respective data subjects’ IT system. Cookies are text files that are downloaded and stored in a computer system via an internet browser. Many websites and servers use cookies. Many cookies contain a so-called “cookie ID”, which is a unique identifier for the cookie. It consists of a character string via which web pages and servers can be assigned to the specific internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual’s browser from other internet browsers that contain other cookies. A particular web browser can therefore be recognised and identified via the unique cookie ID. By using this cookie, Google is able to analyse the visitor’s usage of our website.
Each time an individual page of the STEP-G website that contains a Google Analytics component is accessed, the internet browser on the data subject’s IT system is automatically instructed by the corresponding Google Analytics component to transmit data to Google for the purpose of online analytics. As part of this technical process, Google obtains knowledge of the data subject’s personal data, including their IP address, which Google uses to track the origin of visitors and clicks, and subsequently to generate commission invoices.
The cookie stores personal data, such as the time of access, the location from which access was made and the frequency of the data subject’s visits to our website. Each time the data subject visits our website, their personal data, including the IP address of their internet connection, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer the personal data collected via this technical process to third parties.
As previously mentioned, the data subject can prevent the use of cookies by our website at any time by configuring the relevant settings in their internet browser, and can thus permanently disable the storage of cookies. Configuring an internet browser in this way would also prevent Google from storing a cookie in the data subject’s IT system. In addition, a cookie already stored by Google Analytics can be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the option of objecting to – and preventing the collection of – the data generated by Google Analytics regarding their use of this website, as well as the processing of this data by Google. To do so, the data subject must download and install a browser add-on via this link: https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about visits to the website may be transmitted to Google Analytics. If the data subject installs the browser add-on, Google acknowledges their objection to its use of their web analytics data. If the data subject’s IT system is later deleted, formatted or reinstalled, they must reinstall the browser add-on in order to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or another person within their sphere of control, it remains possible to reinstall or reactivate the browser add-on.
On its website (policies.google.com/privacy/frameworks?hl=en), Google also provides assurance that, when transferring data to the USA, it complies with legal framework conditions that guarantee a level of protection equivalent to EU law and also relies on the standard contractual clauses of the EU Commission. The company has also been certified in accordance with the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active), but no longer relies on this as of 16 July 2020.
Additional information and Google’s privacy policy are available at https://policies.google.com/privacy?hl=de&gl=de and https://marketingplatform.google.com/about/analytics/terms/de/. Detailed information about Google Analytics is available via this link: https://marketingplatform.google.com/about/.
STEP-G uses the HubSpot marketing automation system from HubSpot Inc. for the purposes of statistics, marketing, content management, web analysis and search engine optimisation. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA). HubSpot operates offices in Ireland (One Dockland Central, Dublin 1, Ireland) and Germany (Am Postbahnhof 17, 10243 Berlin). The software uses cookies (see Sec. 4).
The legal basis for the use of the software is the consent of the user according to. Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by changing the cookie settings using our Content Management platform.
It is possible that HubSpot may pass on or transfer the data collected to another country (e.g. Ireland, the USA or other countries in which HubSpot partners operate), or countries outside the European Union and the European Economic Area which do not have an appropriate data protection level. If the data is transferred to the USA, there is a risk that it will be used by US authorities for control and surveillance purposes without data subjects having the right to legal recourse.
A contractual relationship exists between STEP-G and HubSpot on the basis of “standard contractual clauses” that have been approved by the EU Commission. In this agreement, HubSpot undertakes only to process user data in accordance with the instructions of STEP-G and to maintain the same level of data protection as that found in the EU member states. HubSpot’s privacy policy is available at https://legal.hubspot.com/de/privacy-policy. More information about data protection at HubSpot is available at https://legal.hubspot.com/de/dpa.
STEP-G has integrated components provided by the LinkedIn Corporation into the websites of STEP-G.
LinkedIn is a web-based social network for maintaining existing – and establishing new – business contacts. With over 500 million registered users in more than two hundred countries, the platform is currently the largest of its kind and one of the world’s most frequently visited internet sites.
LinkedIn’s operating company is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. Outside the United States, issues relating to the company’s Privacy Policy are handled by LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Each time you visit an area of the websites of STEP-G that contains a LinkedIn component (LinkedIn plug-in), this component instructs the browser you are using to download a version of the LinkedIn component. More information about the LinkedIn plug-ins can be found at https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/plugins?context=linkedin/consumer/context. Via this technical process, LinkedIn gains knowledge about which specific subpage of our website you are viewing (as the data subject).
If you are logged in to LinkedIn when you visit our website, the social network is able to identify which specific subpage of our website you are viewing, as well as the duration of your visit. The LinkedIn plug-in collects this information, which is then assigned to your LinkedIn account by LinkedIn. If you click on a LinkedIn button on our website, LinkedIn assigns this information to your user account and subsequently stores this personal data.
If the data subject is logged in to LinkedIn when they visit the websites of STEP-G, LinkedIn is notified about this visit via the respective plug-ins – regardless of whether or not the user clicks on the LinkedIn component. As a user and data subject, if you do not agree to such a transfer of your data to LinkedIn, you can prevent this by making sure that you are logged out of your LinkedIn account before visiting the websites of STEP-G.
Via the URL www.linkedin.com/psettings/guest-controls, you can unsubscribe from e-mails, text messages, targeted ads, and manage your ad settings. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which may also store cookies on your IT system. LinkedIn makes its current privacy policy available at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy is available at https://www.linkedin.com/legal/cookie-policy.
STEP-G has integrated components provided by Xing into the websites of STEP-G.
Xing is a social network in which members primarily manage their professional contacts, and to a lesser extent their private contacts, and also establish new contacts. Xing primarily offers a platform for business networks in German-speaking countries, which allows individual users to create a personal profile and companies to create company profiles and publish job advertisements.
The operating company of Xing is XING AG, Dammtorstraße 30, 20354 Hamburg, Germany.
Each time you visit an area of the websites of STEP-G that contains a Xing component (Xing plug-in), this component instructs the browser you are using to download a version of the Xing component. More information about the Xing plug-ins can be found at dev.xing.com/plugins. Via this technical process, Xing gains knowledge about which specific subpage of our website you are viewing (as the data subject).
If you are logged in to Xing when you visit our website, the social network is able to identify which specific subpage of our website you are viewing, as well as the duration of your visit. The Xing plug-in collects this information, which is then assigned to your Xing account by Xing. If you click on a Xing button on our website, Xing assigns this information to your user account and subsequently stores this personal data.
If the data subject is logged in to Xing when they visit the websites of STEP-G, Xing is notified about this visit via the respective plug-ins – regardless of whether or not the user clicks on the Xing component. As a user and data subject, if you do not agree to such a transfer of your data to Xing, you can prevent this by making sure that you are logged out of your Xing account before visiting the websites of STEP-G.
Xing’s current privacy policy is available via the URL www.xing.com/privacy. This includes information about which personal data Xing collects, processes and uses. Furthermore, at https://www.xing.com/app/share?op=data_protection you can find privacy information regarding the XING share button.
STEP-G is represented via company accounts on the social media networks YouTube, Instagram, Facebook, Xing and LinkedIn. In this context, STEP-G collects and processes data in order to exchange information with other users of these services and to provide company information.
In doing so, there is a possibility that these social networks may process users’ data outside the European Union. In certain cases, this may make it more difficult to assert the users’ rights.
As a rule, user data is also processed within social networks for the purpose of market research and advertising; for example, by evaluating user behaviour in terms of the users’ interests. These usage profiles may then be used both within and outside these networks to serve advertisements that correspond to the presumed interests of the respective users. This is made possible, for example, by storing cookies on each user’s computer.
With regard to the individual social networks, we refer to the above statements regarding Facebook (also applies to Instagram), LinkedIn, Xing and Google products (applies to YouTube).
The social network Instagram is operated by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Its privacy policy is available at https://help.instagram.com/519522125107875.
The operator of LinkedIn is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Its privacy policy is available at https://www.linkedin.com/legal/privacy-policy.
The operating company of Xing is XING AG, Dammtorstraße 30, 20354 Hamburg, Germany. Xing’s current privacy policy is available via the URL www.xing.com/privacy.
Pursuant to Article 6 (1) GDPR, the processing of personal data by STEP-G is lawful provided that at least one of the following conditions is met:
a) The data subject has given their consent to the processing of their personal data for one or more specific purposes
b) The processing is necessary for the performance of a contract to which the data subject is a party, or for the performance of pre-contractual measures at the data subject’s request (e.g. product enquiries)
c) The processing is required to fulfil a legal obligation on the part of the data controller (e.g. tax obligations)
d) The processing is necessary to protect the vital interests of the data subject or any other natural person (e.g. a visitor’s health insurance data in the event of an accident on our premises)
e) The processing is necessary for the performance of a task which is in the public interest or in the exercise of official authority vested in the data controller
f) The processing is necessary to safeguard the legitimate interests of the data controller or a third party, unless these are secondary to the interests or fundamental rights and freedoms of the data subject in the context of data protection, and in particular if the data subject is a child.
Where the processing of personal data is based on Article 6 (1) (f) GDPR, we have a legitimate interest in conducting our business for the benefit of all of our employees and shareholders.
STEP-G stores personal data for the duration of the respective statutory retention periods. At the end of this period, the corresponding data is routinely deleted, unless it is required for performance of the contract or for contract initiation.
We wish to explicitly point out that the provision of your personal data may be required by law (e.g. due to tax regulations) or may result from contractual arrangements (e.g. details of the contracting party). For the purpose of concluding a contract it may be necessary for you, as the data subject, to provide us with personal data that must subsequently be processed by us. For example, as the data subject, you will be required to provide us with personal data if our company signs a contract with you. Refusal to provide your personal data would mean that we would not be able to conclude the contract with you (as the data subject). Before you submit your personal data to us, we advise you to contact our data protection officer or one of our employees. They will inform you (as the data subject) on a case-by-case basis whether the provision of your personal data is required by law, or contractually required, or required for the conclusion of the contract, or whether you are obliged to provide the personal data, as well as the consequences of refusing to provide it.