Data protection declaration of Lech-Stahlwerke GmbH

We take data protection seriously

Protecting your privacy when processing personal data is a matter of great importance to us. When you visit our website, our web servers automatically record the IP address of your internet service provider, the website from which you are visiting us, the pages you visit on our site, and the date and duration of your visit. This information is essential for the technical transmission of the web pages and the secure operation of the server. This data is not analysed on a personal basis.

If you send us data via the contact form, this data will be stored on our servers as part of our data backup procedures. We will use your data exclusively to process your enquiry. Your data will be treated as strictly confidential. It will not be passed on to third parties.

Data controller:

Lech-Stahlwerke GmbH
Industriestrasse 1
D-86405 Meitingen
Tel.: +49 (0) 82 71/ 82 - 0

Personal data

Personal data is data relating to you as an individual. This includes your name, address and email address. You do not need to disclose any personal data in order to visit our website. In some cases, we require your name and address, as well as further information, in order to provide you with the service you have requested.

The same applies if we supply you with information material at your request or when we respond to your enquiries. In such cases, we will always inform you accordingly. Furthermore, we only store the data that you have provided to us automatically or voluntarily.

When you use one of our services, we generally collect only the data necessary to provide you with our service. We may ask you for further information, but this is voluntary. Whenever we process personal data, we do so to provide you with our service or to pursue our commercial objectives.

Automatically stored data

Server log files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Date and time of the request
• Name of the requested file
• Page from which the file was requested
• Access status (file transferred, file not found, etc.)
• Web browser and operating system used
• Full IP address of the requesting computer
• Amount of data transferred

This data is not combined with other data sources. Processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.  
For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data temporarily. It is not possible for us to identify individual persons on the basis of this data. After seven days at the latest, the data is anonymised by truncating the IP address to the domain level, so that it is no longer possible to establish a link to the individual user. In anonymised form, the data is also processed for statistical purposes; no comparison with other data sets or disclosure to third parties, even in part, takes place. The number of page views is only presented as part of our server statistics, which we publish every two years in our annual report.

Applications

On our website, we offer applicants the opportunity to apply online for advertised vacancies or to submit unsolicited applications. The data is entered into an input form or uploaded and is thus transmitted to and stored in our systems.

We process your application data for the purpose of processing your application and contacting you. The legal basis for the processing of your data is your consent. (Art. 6(1)(a) GDPR, where applicable in conjunction with Art. 9(2)(a) GDPR, provided that your application contains special categories of personal data).
Your application data will not, as a rule, be passed on to third parties.
Exceptions may be necessary in cases required by law, e.g. for the purposes of criminal prosecution. The legal basis for this in such cases is Article 6(1)(c) of the GDPR.

We will delete the application data you have provided from our systems if you expressly withdraw your application or 6 months after the conclusion of the application process.
Deletion cannot take place if the data is required for the performance of a contract or for the implementation of pre-contractual measures. Early deletion of the data is only possible insofar as no contractual or legal obligations preclude such deletion. Furthermore, we process your data until the conclusion of any legal disputes in which the data is required as evidence.

Security

We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working on our behalf are bound by the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before being transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process and our privacy policies are constantly reviewed. Please ensure that you have the latest version.

Data subject rights

You have the right at any time to access, rectify, erase or restrict the processing of your stored data, the right to object to processing, as well as the right to data portability and the right to lodge a complaint in accordance with the provisions of data protection law.

Right of access:
You may request information from us as to whether and to what extent we process your data.

Right to rectification:
If we process your data and it is incomplete or inaccurate, you may request that we rectify or complete it at any time.

Right to erasure:
You may request that we erase your data if we are processing it unlawfully or if the processing disproportionately infringes upon your legitimate interests. Please note that there may be reasons preventing immediate erasure, e.g. in the case of statutory retention obligations.
Irrespective of whether you exercise your right to erasure, we will erase your data immediately and in full, provided that no contractual or statutory retention obligations prevent this.

Right to restriction of processing:

• You may request that we restrict the processing of your data if
• you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data.
• the processing of the data is unlawful, but you object to erasure and instead request a restriction on the use of the data,
• we no longer require the data for the intended purpose, but you still need it to assert or defend legal claims, or
• you have objected to the processing of the data.

Right to data portability:
You may request that we provide you with the data you have supplied to us in a structured, commonly used and machine-readable format, and that you may transmit this data to another controller without hindrance from us, provided that

• we process this data on the basis of consent given by you (which may be withdrawn) or to fulfil a contract between us, and
• this processing is carried out using automated means.

Where technically feasible, you may request that we transfer your data directly to another controller.

Right to object:
If we process your data on the basis of a legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims. You may object to the processing of your data for the purposes of direct marketing at any time without giving reasons.

Right to lodge a complaint:
If you believe that we are in breach of German or European data protection law when processing your data, please contact us so that we can clarify any issues. You also, of course, have the right to contact the supervisory authority responsible for you, namely the relevant State Office for Data Protection Supervision.
If you wish to exercise any of the aforementioned rights against us, please contact our Data Protection Officer. In case of doubt, we may request additional information to verify your identity.

Changes to this Privacy Policy

We reserve the right to amend our privacy policy should this be necessary due to new technologies. Please ensure that you have the latest version. Should any fundamental changes be made to this privacy policy, we will announce them on our website.

All interested parties and visitors to our website can contact us regarding data protection matters at:

Mr Robert Heindl
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg

Tel.:  0941 2986930
Fax:  0941 29869316
Email: rh@projekt29.de
Website: www.projekt29.de

Google Maps

This website uses Google Maps to display maps and create route plans.
Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
By using Google Maps on this website, you consent to the collection, processing and use of automatically collected data and data entered by you by Google, one of its representatives or third-party providers.
The terms of use for Google Maps can be found here.
You can view the Google Maps privacy policy here.

Cookies

When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from a web server to your browser and stored on your hard drive. Only the IP address is stored in this process – no personal data. The information stored in the cookies allows us to automatically recognise you on your next visit to our website, thereby making your use of the site easier. The legal basis for the use of cookies is the legitimate interest pursuant to Article 6(1)(f) of the GDPR.

Of course, you can also visit our website without accepting cookies. If you do not wish your computer to be recognised on your next visit, you can also refuse the use of cookies by changing the settings in your browser to ‘Refuse cookies’. You can find the relevant procedure in the user guide for your browser. However, if you refuse the use of cookies, this may result in restrictions on the use of certain areas of our website.

 

The protection of your personal data is of particular importance to us. We therefore process your personal data (hereinafter referred to as “data”) exclusively in accordance with the relevant legal provisions. The purpose of this privacy policy is to provide you with comprehensive information, in accordance with Article 13 of the European General Data Protection Regulation (EU GDPR), regarding the processing of your data within our organisation and the data protection rights and entitlements to which you are entitled.

1. Who is responsible for data processing and who can you contact?

The controller is

Lech-Stahlwerke GmbH
Industriestrasse 1
D-86405 Meitingen
Tel.: +49 (0) 82 71/ 82 - 0

The company data protection officer is

Robert Heindl
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
Email: anfrage@projekt29.de
Tel.: 0941-2986930

2. What data is processed and from which sources does this data originate?

We process the data that we have received from you in the context of contract initiation or fulfilment, on the basis of your consent, or in the context of your application to us or your employment with us.

Personal data includes:

Your master/contact data; for customers, this includes, for example, first name and surname, address, contact details (email address, telephone number, fax), and bank details.

For applicants and employees, this includes, for example, first name and surname, address, contact details (email address, telephone number, fax), date of birth, data from CVs and employment references, bank details, religious affiliation, and photographs.

For business partners, this includes, for example, the names of their legal representatives, company name, commercial register number, VAT number, business registration number, address, contact details of the contact person (email address, telephone number, fax), and bank details.

For visitors to our company, this includes name and signature.

For journalists, this includes first name and surname, email address and fax number.

In addition, we also process the following other personal data:

• Information regarding the nature and content of contract data, order data, sales and document data, customer and supplier history, as well as consultancy documents,
• advertising and sales data,
• Information from your electronic communications with us (e.g. IP address, login details),
• other data that we have received from you in the course of our business relationship (e.g. during customer discussions),
• data that we generate ourselves from master/contact data and other data, such as through customer needs and potential analyses,
• documentation of your declaration of consent to receive, for example, newsletters.
• Photographs taken during events.

3. For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, as amended:

• To fulfil (pre-)contractual obligations (Art. 6(1)(b) GDPR):
  Your data is processed for the purpose of contract fulfilment online or in one of our branches, and for the contract fulfilment of your staff within our company. In particular, the data is processed during the initiation of business relations and during the performance of contracts with you.
• To comply with legal obligations (Art. 6(1)(c) GDPR):
  We need to process your data in order to comply with various legal obligations, for example those set out in the German Commercial Code or the German Fiscal Code.
• To safeguard legitimate interests (Article 6(1)(f) of the GDPR):
  Following a balancing of interests, data processing may take place beyond the actual performance of the contract to safeguard the legitimate interests of us or third parties. Data processing to safeguard legitimate interests takes place, for example, in the following cases:
  - Measures for business management and the further development of services and products;
  - Maintaining a group-wide customer database to improve customer service
  - for the purposes of legal proceedings
  - Sending non-promotional information and press releases.
• in accordance with your consent (Article 6(1)(a) GDPR):
  If you have given us your consent to process your data, e.g. for sending our newsletter, publishing photos, competitions, etc.

4. Processing of personal data for marketing purposes

You may object at any time to the use of your personal data for advertising purposes, either in full or in relation to specific measures, without incurring any costs other than the transmission costs in accordance with standard rates.

We are entitled, subject to the legal requirements of Section 7(3) of the German Unfair Competition Act (UWG), to use the email address you provided when concluding the contract for direct marketing of our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations from us by email, you may object to the use of your address for this purpose at any time, without incurring any costs other than the transmission costs in accordance with the standard rates. A written notification is sufficient for this purpose. Naturally, every email also contains an unsubscribe link.

5. Who receives my data?

If we engage a service provider for the purposes of data processing, we remain responsible for the protection of your data. All data processors are contractually obliged to treat your data confidentially and to process it only within the scope of providing the service. The data processors commissioned by us receive your data insofar as they require it to fulfil their respective services. These include, for example, IT service providers required for the operation and security of our IT system, as well as advertising and address publishers for our own promotional campaigns.

This data is made available to group companies where necessary for the performance of the contract. Customer data is stored on a company-by-company basis and separately, with our parent company acting as a service provider for the individual participating companies.

Where there is a legal obligation, or in the context of legal proceedings, public authorities, courts and external auditors may be recipients of your data.

In addition, insurance companies, banks, credit reference agencies and service providers may be recipients of your data for the purposes of initiating and fulfilling contracts.

6. How long will my data be stored?

We process your data until the business relationship ends or until the applicable statutory retention periods expire (e.g. under the German Commercial Code, the German Fiscal Code or the Working Hours Act); furthermore, until the conclusion of any legal disputes in which the data is required as evidence.

7. Is personal data transferred to a third country?

As a general rule, we do not transfer any data to a third country. In individual cases, a transfer will only take place on the basis of an adequacy decision by the European Commission, standard contractual clauses, appropriate safeguards or your express consent.

8. What data protection rights do I have?

You have the right at any time to access, rectify, erase or restrict the processing of your stored data, the right to object to processing, as well as the right to data portability and the right to lodge a complaint in accordance with the provisions of data protection law.

Right of access:
You may request information from us as to whether and to what extent we process your data.

Right to rectification:
If we process your data and it is incomplete or inaccurate, you may request that we rectify or complete it at any time.

Right to erasure:
You may request that we erase your data if we are processing it unlawfully or if the processing disproportionately infringes upon your legitimate interests. Please note that there may be reasons preventing immediate erasure, e.g. in the case of statutory retention obligations.
Irrespective of whether you exercise your right to erasure, we will erase your data immediately and in full, provided that no contractual or statutory retention obligations prevent this.

Right to restriction of processing:
You may request that we restrict the processing of your data if

• you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data.
• the processing of the data is unlawful, but you object to its erasure and instead request a restriction on the use of the data,
• we no longer require the data for the intended purpose, but you still need it to establish, exercise or defend legal claims, or
• you have objected to the processing of your data.
• Right to data portability:
• You may request that we provide you with the data you have supplied to us in a structured, commonly used and machine-readable format, and that you may transmit this data to another controller without hindrance from us, provided that
• we process this data on the basis of consent given by you, which is revocable, or for the performance of a contract between us, and
• this processing is carried out using automated means.

Where technically feasible, you may request that we transfer your data directly to another controller.

Right to object:
If we process your data on the basis of a legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims. You may object to the processing of your data for the purposes of direct marketing at any time without giving reasons.

Right to lodge a complaint:
If you believe that we are in breach of German or European data protection law when processing your data, please contact us so that we can clarify any issues. You also, of course, have the right to contact the supervisory authority responsible for you, namely the relevant State Office for Data Protection Supervision.

If you wish to exercise any of the aforementioned rights against us, please contact our Data Protection Officer. In case of doubt, we may request additional information to verify your identity.

9. Am I obliged to provide data?

The processing of your data is necessary for the conclusion or performance of the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract and will consequently have to terminate it. However, you are not obliged to give your consent to the processing of data that is not relevant to the performance of the contract or not required by law.