PRIVACY POLICY

The following Privacy Policy are a translation of the German version of our Privacy Policy. This translation ensues without any liability for the accuracy of the translation. Legally binding is only the German version that is also available on this Website.

We have compiled information in the following that describes how we process your personal data when providing our internet services.

 

I. CONTROLLER

NIRONIT Edelstahl GmbH & Co. KG
Am Oheberg 8, 21224 Rosengarten

Tostedt Local Court, HRB No. 5290
Personally liable partner:
NIRONIT Beteiligungsgesellschaft mbH
Managing Director: Thomas Meyer
E-Mail: info(at)nironit.de

Contact DATA PROTECTION OFFICER

We have appointed a data protection officer whom you can contact at the following address:
NIRONIT Edelstahl GmbH & Co. KG
Data Protection Officer

NIRONIT Edelstahl GmbH & Co. KG Data Protection Officer Am Oheberg 8 21224 Rosengarten datenschutz@nironit.de

 

II. WHEN WE PROCESS WHAT PERSONAL DATA

We process personal data we have obtained from you in the following cases:

  1. When you visit our website or our online shop, the browser used on your device automatically sends information to the server hosting our website. This information is temporarily stored in a so-called log file. The following information is captured without any action on your part and is stored until it is automatically erased:
    • IP address of the accessing computer
    • Date and time of the access
    • Name and URL of the accessed file
    • Website from which the access originated (referrer URL)
    • Browser you are using, possibly the operating system of your computer and the name of your access provider.

  2. In addition, we utilise cookies and analysis services during visits to our website. Additional information is available in the section “Analysis Tools”. Whenever you have questions of any nature, you can contact us using the form that is available on the website/in the online shop. This requires you to enter a valid email address so that we know who the query is from and can respond to it. Additional information can be provided voluntarily.

  3. If you want to send us a job application for an advertised position or an unsolicited application, we will process the documents and personal data you send to us. We require your name, address and other contact details, date and place of birth, nationality and qualification documents for unsolicited applications. You are also free to provide us with any other voluntary data that you think would be useful in establishing an employment relationship.

  4. Registration for our newsletter — When you subscribe to our newsletter, we collect your email address, surname, first name, company, position and city. We process the data you have provided at this time.

  5. We offer you the opportunity to register on our site. During this registration process, the data required in the input mask of the registration form — company, address, VAT ID number, contact, email address, phone number — are collected and stored solely and exclusively for your use of our services. When you register on our site, we will also store your IP address and the date and time of your registration.

 

III. PURPOSE OF THE DATA PROCESSING

We use the personal data you actively provide solely for the agreed purpose and solely to the extent necessary.

  1. a. We process the aforementioned data for the following purposes:
    • To secure the trouble-free establishment of a connection to the website
    • To secure the ease of use of our website
    • To evaluate system security and stability
    • For other administrative purposes.
    • The legal grounds for the data processing are found in point (f) of Art. 6 (1) GDPR [EU General Data Protection Regulation]. Our legitimate interest is derived from the purposes of the data collection listed above. Under no circumstances do we use the collected data for the purpose of identifying you.

  2. Data are processed for establishment of the contact to us in accordance with point (b) of Art. 6 (1) GDPR as a necessary step prior to entering a contract. If a contract is concluded, the data may be recorded in our customer care system. The data are not processed for any other purpose.

  3. Data are also processed for the purpose of establishing and implementing an employment relationship pursuant to Art. 88 GDPR in conjunction with Section 26 Federal Data Protection Act [Bundesdatenschutzgesetz; BDSG]. If we decide to hire you, the personal data will go into our personnel file and be used for the purposes of the “employee management” procedure.

  4. Data processing for the purpose of carrying out and processing orders through our online shop or contract enquiries using our online contact form is required in accordance with point (b) of Art. 6 (1) GDPR for the fulfilment of a contract with us or as a necessary step prior to entering a contract.

  5. If you have given your express consent in accordance with point (a) of Art. 6 (1) GDPR, we will use your email address to send to you our newsletter on a regular basis. Customers who have previously purchased goods or ordered services from us and have given us their email address will receive product recommendations within the limits of the legal regulations pursuant to Art. 7 (3) Act Prohibiting Unfair Competition [Gesetz gegen den unlauteren Wettbewerb; UWG] in conjunction with point (f) of Art. 6 (1) GDPR, provided that we notified them we would be doing so when the contract was concluded and they did not object.

 

IV. CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Your personal data will be treated confidentially and will transmitted to third parties solely insofar as:

  • You have given your express consent to the transmission in accordance with point (a) of Art. 6 (1) GDPR;
  • The transmission is necessary pursuant to point (f) of Art. 6 (1) GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-transmission of your data;
  • In the event that a legal obligation exists for the disclosure pursuant to point (c) of Art. 6 (1) GDPR; and
  • the transmission is lawful and necessary pursuant to point (b) of Art. 6 (1) GDPR for the fulfilment of contractual relationships with you.

In addition, your personal data will be transmitted to third parties in the following categories of recipients: companies that assist us in assessing your creditworthiness (commercial credit insurers). The data processing in this case serves our legitimate interest in minimising risks of losses from payment default. We receive solely a notification of the aggregated results from the commercial credit insurers without any more specific details. You may object to processing on the basis of your legitimate interest at any time.

 

V. DURATION OF THE STORAGE OF PERSONAL DATA

  1. Cookies are stored in your browser. So-called session cookies are automatically erased by your browser when you leave the website. The duration of the storage in this case is determined by the technical functionality of the browser you are using. So-called temporary cookies remain stored for a certain period of time that is dependent on the cookie. For more information about the cookies used, the duration of storage and the options for preventing the setting of cookies, please see Section VI.

  2. Personal data that are transmitted to us in connection with a contact enquiry on our website are stored solely for the period required to process the enquiry. If you object to the data processing beforehand, the queries will not be processed and your data will be erased. If a contract is concluded, the personal data you have provided will be stored in our customer care system for the duration of the statutory retention periods and then erased; this is usually 10 years for tax-relevant documents beginning with the end of the year in which the contract was fully performed or terminated (Section 147 Fiscal Code [Abgabenordnung; AO], Section 257 Commercial Code [Handelsgesetzbuch; HGB]), provided there are no other legal obligations that obligate us to store the data for a shorter or longer period.

  3. The personal data collected during a job advertisement/application procedure will be stored:
    1. For at least three months if employment does not result. The storage period will not exceed six months;
    2. In accordance with our storage periods if employment results. The information to which you are entitled will be provided to you when you are hired.


  4. If you have given us your consent for the data processing (for example, when subscribing to our newsletter), the personal data you have provided will be stored until consent is withdrawn.

  5. Personal data that are transmitted to us in relation to registration on our website or in our online shop are stored solely as long as the account is maintained. If a contract is concluded, the data you provide will as a rule be stored in our customer care system for 10 years from the end of the year in which the contract was performed or terminated unless there is another legal obligation that obligates us to store the data for a shorter or longer period.

We want to point out that we will erase your data if their storage is unlawful (in particular if the data are incorrect and rectification is not possible). Data will be blocked instead of erased if there are legal or factual obstacles to the erasure (for example, special retention obligations pursuant to commercial and tax law requirements).

 

VI. DATA PROTECTION QUESTIONS AND RIGHTS

You have the right at any time to obtain, free of charge, information about the origin, recipients and purpose of your stored personal data. You also have the right to request the rectification , blocking or erasure of these data. You may contact us at any time (contact address shown above) to exercise your rights and to submit additional questions about data protection. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

Specifically, you as the data subject have the following rights vis-à-vis us as the controller:

  1. Right of access

    You may request a confirmation whether we process any personal data concerning you. If data are being processed, you may obtain access to the following information:
    • Processing purposes;
    • The recipients or categories of recipient to whom the personal data concerning you have been or will be disclosed;
    • If possible, the envisaged period for which the personal data concerning you will be stored or, if not possible, the criteria used to determine the storage period;
    • See below regarding further rights to which you are entitled;
    • If and when the personal data are not collected from you, any available information as to their source;
    • The existence of automated decision-making, including profiling, and, if applicable, more detailed information on this subject.

    You have the right to be informed of the appropriate safeguards in accordance with Article 46 GDPR when your data are transmitted to a third country or an international organisation.

  2. Right to rectification

    You have the right to request from us the rectification without undue delay of any inaccurate or incomplete personal data concerning you.

  3. Right to restriction of processing

    You have the right to request from us the restriction of processing if one of the following prerequisites has been met:

    • You contest the accuracy of the personal data;
    • The processing of the data is unlawful and you refuse the erasure of the personal data and request instead the restriction of their use;
    • We no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
    • you have objected to the processing (see below) and it is not yet clear whether our legitimate grounds override yours.


  4. Right to erasure

    You have the right to request that we erase any personal data concerning you without undue delay and we are obligated to erase these data without undue delay insofar as one of the following grounds applies:

    • Your personal data are no longer required for the purposes for which they were collected or otherwise processed;
    • You withdraw the consent you have given and there are no other legal grounds for the processing;
    • You object to the processing (see below);
    • Your personal data have been unlawfully processed;
    • We must erase your personal data in compliance with a legal obligation in EU law or the law of the member states;
    • We have collected the personal data on the basis of a child’s consent.

  5.  

  6. Right to notification

    If you have exercised the right to rectification, erasure or restriction of processing vis-à-vis us, we are obligated to communicate any rectification or erasure of personal data or restriction of processing to each and every recipient to whom the personal data concerning you have been disclosed unless this proves impossible or involves disproportionate effort. You have the right to request information about those recipients.
  7.  

  8. Right to data portability

    You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. Moreover, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided insofar as:
    • The processing is based on consent pursuant to point (a) of Art. 6 (1) GDPR or on a contract pursuant to point (b) of Art. 6 (1) GDPR; and
    • the processing is carried out by automated means.

    In exercising this right, you may also have the personal data transmitted directly from one controller to another, insofar as this is technically feasible. The exercise of this right must not adversely affect the rights and freedoms of others. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

  9.  

  10. Right to object

    You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is based on one of the following grounds:
    • Our processing of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; or
    • The processing is necessary for the purposes of protecting our legitimate interests or those of a third party, insofar as such interests are not overridden by your interests or fundamental freedoms that require the protection of your personal data.


    You also have the right to object to profiling based on these processing operations. If and when we process personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes, including any profiling to the extent that it is related to such direct marketing.

  11.  

  12. Right to lodge a complaint with a supervisory authority

    In the event of infringements on data protection law, you as the data subject have the right to lodge a complaint with the competent supervisory authority. A list of data protection officers and their contact details can be found at the following Landesdatenschutzbehörden

 

VII. AUTOMATED DECISION-MAKING, INCLUDING PROFILING

Under certain circumstances, automated profiling with the goal of analysing personal aspects may occur. We use these profiling measures whenever we are obligated by legal and regulatory requirements to combat money laundering, terrorism financing and criminal offences that are a threat to assets. Data analyses (including online comparison with legally prescribed lists) are also carried out at this time.

 

VIII. COOKIES AND ANALYSIS TOOLS

  1. Description of data processing, purpose and legal grounds

  2. We use cookies on our site. Cookies are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone etc.) when you visit our site. Cookies do not cause any harm to your device and do not contain any viruses, Trojans or other malware.The information stored in the cookie is related to the specific device that is in use. This does not mean, however, that we obtain direct information regarding your identity from it.

    The use of cookies serves to make the use of our service more convenient for you. For instance, we use so-called session cookies to recognise when you have previously visited specific pages of our website. These cookies are automatically erased when you leave our site.

    In addition, we use temporary cookies to optimise the user friendliness of the site; they are stored for a defined period of time on your device. If you visit our site again to take advantage of our services, the site automatically recognises that you have previously visited the site and remembers what entries and settings you made at that time, so you do not have to go through this process again

    Another reason for our use of cookies is the tracking of the use of our website statistically and the analysis of the statistics for the optimisation of our service for you. These cookies enable us to determine automatically that you have previously visited our site when you return for another visit. These cookies are automatically erased after a specifically defined time.

    Legal regulations generally permit the storage of information on your device — e.g. by setting cookies or retrieving information (tracking) — solely if and when you have given your prior consent. However, consent is not required if this storage/retrieval is necessary for the website to function (e.g. technically necessary cookies).

    Whenever you start to use the website, you will be notified about the use of cookies in the form of a cookie consent platform, including a reference to this privacy policy, and your consent to the storage of the cookie (with the exception of the technically necessary cookies) and the associated processing of the personal data will be obtained.

    You may withdraw your consent, effective for the future, at any time by changing your settings on the cookie consent platform you can access on the website. Moreover, you have the option of preventing the storage of cookies by making the appropriate settings in your browser (see VIII. 3.).

    If and when consent must be obtained for the setting of cookies, cookies are set on the consent platform for the purpose of obtaining the legally required consent to the use of cookies, point (c) of Art. 6 (1) GDPR.

    The processing of personal data using technically necessary cookies is based on point (f) of Art. 6 (1) GDPR. We have a legitimate interest in storing cookies for the technically error-free and optimised provision of the services because this enables us to adapt our site technically in line with requirements and simplifies your access to our sites. Cookies for statistical analysis of the website and cookies from third-party providers are used to improve the quality of our website and to optimise our services. We use the data collected at this time solely in pseudonymised user profiles. In particular, we use the services of the third-party providers described below to draw attention to our products and services with their help and to make it easier for you to reach our locations. We carry out this processing solely if and when you have given us your consent to the use of these cookies for analysis and statistics (point (a) of Art. 6 (1) GDPR).

  3. Cookies and social media sites on third-party platforms

    If you have given your consent, cookies from partner companies may also be stored on your device when you visit our website (third-party cookies). This is done to make our internet services more interesting for you. The use of these cookies and the scope of the data collected in each case are explained in more detail below.

    The cookies we use from third party providers may in some cases result in data processing in the USA. In this case as well, we set cookies solely with your consent (point (a) of Art. 6 (1) GDPR). In addition, we maintain social media sites on social networks, some of which may lead to data processing in the USA. These providers (e.g. Google, YouTube) have committed to comply with the data protection provisions of the EU-US Privacy Shield, the legal framework for transatlantic data transmissions agreed between the European Commission and the United States (COMMISSION IMPLEMENTING DECISION (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection provided by the EU-US Privacy Shield (notified under document number C(2016) 4176)). Furthermore, these providers are registered with the US Department of Commerce’s Privacy Shield programme. However, the European Court of Justice has declared this agreement invalid and determined that the USA does not have a level of data protection comparable to that of the EU (ECJ, decision of 16/07/2020 — C-311/18, margin note 200, Facebook/Schrems II). In the meantime, the third-party providers with whom we work have accepted the EU standard contractual clauses and made them part of the user contracts to ensure compliance with the European data protection standard. The laws of the USA give various security agencies surveillance authority, including the use of surveillance programmes that are able to collect and analyse data. USA providers are obligated under national laws to give security authorities access to the data they process, even if they are processed at an overseas company. When you give your consent, there is a risk that the data collected via cookies will become part of surveillance operations in the USA. No legal remedy or effective judicial process against such surveillance is available in the USA.

    Users can avoid this by not agreeing to the setting of cookies from third-party providers in the USA.

  4. Duration of storage and possibility to object

    “Session cookies” are erased automatically at the end of your browser session. Other cookies (“so-called "temporary cookies”) remain stored on your device for a certain period of time or until you erase them. These cookies enable us or our partner companies (third-party cookies) to recognise your browser on your next visit. Temporary cookies are erased automatically after a set period of time that can differ from one cookie to the next.

    You can set your browser to notify you whenever cookies are set and allow cookies solely in specific cases; preclude the acceptance of cookies for certain cases or in general; and activate the automatic erasure of cookies when the browser is closed. The disabling of cookies may restrict the available functions on our website.

    Detailed instructions for these settings can be found in the help information of your browser.

    You can find these instructions for your browser under the following links:

    Alternatively, you will find information about the placement of cookies and making the desired settings at the internet address www.aboutads.info of the Digital Advertising Alliance.

 

IX. MATOMO

We use the open-source web analysis tool Matomo (formerly Piwik; see also www.matamo.org) on our website. This provides us with anonymised reports on the use and the visitors to our online services, in particular the search engines and keywords used, the languages used, the pages viewed and the files downloaded.

We use a variant of Matomo that does not set cookies. The data generated by Matomo make it possible to analyse the use of our online services for marketing and optimisation purposes. The information generated about the use of our online services during the use of Matomo is stored on our own server in Germany and analysed internally only.

IP addresses are recorded solely in truncated form. We anonymise the last three bytes of each visitor’s IP so that it cannot be attributed personally to specific visitors to our online site. The data collected with Matomo are used solely for the statistical evaluation of user access to improve our online services and are not merged with personal data at a later date. We do not transmit these data to third parties.

You may object to the Matomo analysis by installing the following opt-out. If you change your mind later, you can always return to this page and change your settings.

Click for Opt-Out

 

X. GOOGLE FONTS

We use “Google Fonts” on our website. The provider of the fonts in the EU, EEA and Switzerland is Google Ireland, Limited, Gordon House, Barrow Street, Dublin 4. Ireland, and in the USA Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google fonts are fonts that Google makes available to its users free of charge. We use Google fonts so that our website can be loaded as smoothly and clearly as possible.

A connection is established between your browser and the Google server for presentation. The IP address is the content of this communication. Legal grounds justifying our legitimate interest in the above-mentioned processing operations to secure a uniform presentation of the site are found in point (f) of Art. 6 (1) GDPR.

The possibility to opt out can be found at: adssettings.google.com/authenticated. You may also send us your objection at any time. You will find more information on Google’s privacy policy at

www.google.com/policies/privacy/

 

XI. SOCIAL MEDIA SITES

  1. General
  2. We do not use social plug-ins as active buttons on our website. We refer solely to our services on the following social networks via icons:

    • LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
    • Xing: New Work SE, Dammtorstraße 30, 20354 Hamburg, Deutschland
    • Whats App: WhatsApp Ireland Limited, Attn: Privacy Policy, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland



    We merely display the social media icons on our site. They are designed as inactive icons. We ensure data protection by utilising a solution that transmits solely the address of our server to these services and not your IP address if you have activated a social media icon by clicking on it.

    When you click on one of these social media icons on our site, it is activated with your consent and a connection to these third-party providers is established via your web browser in a separate tab. This enables the third-party providers to track the visit to our pages. If you are a member of one of the social networks, you can share the content of our site with other members from your social network by activating the button.

    Your participation in social networks or a visit or access to our social media sites may result in your data being processed outside the EU. This may entail risks such as greater difficulty in asserting your rights.

    When you access a social network, cookies for the recording of user behaviour are usually stored on your device. If you have a user account on the accessed network and are logged in, your use behaviour can be attributed to your user account and saved. The social networks may analyse use behaviour and use it for market research and marketing purposes. This may result in advertisements being displayed to you inside and outside of social networks. We have no control over this.

    We have no control over the data concerning you that social networks collect and store. Our above-mentioned social media sites provide us with analyses of user data so that can address users with advertising based on their interests. If users interact with our social media site and are logged in with a user account, we can also recognise the user profile and see the content of comments or postings on our site. This data processing is carried out in joint responsibility with the provider of the particular social network. We have concluded a joint responsibility agreement with each of the providers for the analysis of data relating to our social media sites (Art. 26 GDPR) in which we have covenanted to provide this privacy information to you. You will find more detailed information in the privacy policy provisions of the specific social network. You may also assert the rights to which you are entitled against us. However, the social network provider can satisfy your rights more comprehensively because that is also where the data for use and analysis are stored.

  3. LinkedIn

    We operate a social media site at https://www.linkedin.com/company/nironitedelstahl/mycompany/ where we present photos and posts about our company, provide information about our services, publish job advertisements where applicable and communicate with customers. When our LinkedIn site is used and accessed, user data are also processed by the Irish-based company LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland and the US-based LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085 (hereinafter “LinkedIn”). A system via LinkedIn becomes possible from LinkedIn’s distribution of advertising via its network.

    We analyse the views and interactions on our LinkedIn site. For this purpose, LinkedIn creates use profiles, but provides us in this case solely with anonymous data, so-called page analyses, aggregated data that enable us to draw conclusions concerning how users interact with our LinkedIn site. The compiled statistics are transmitted to us exclusively in anonymised form. We do not have access to the underlying data. With respect to this analysis service, we process your personal data jointly with LinkedIn. For this reason, we have concluded an agreement between joint controllers with LinkedIn (Art. 26 GDPR).

    You can access our LinkedIn site regardless of whether or not you yourself have a user account with LinkedIn. We process your personal data when you interact with our LinkedIn page, e.g. by posting a comment, clicking a Like button or sending us a message. We do not disclose the data to other third parties. The terms of service of LinkedIn at: https://ch.linkedin.com/legal/user-agreement?trk=hb_ft_userag are also authoritative.

    Legal grounds for this data processing are, depending on the nature of your activity, your consent (point (a) of Art. 6 (1) GDPR) or our legitimate interest (point (f) of Art. 6 (1) GDPR) in customer-oriented marketing. LinkedIn users may withdraw their consent to the publication of their comments or Likes at any time with effect for the future by erasing the specific comment or content. The withdrawal is without prejudice to the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

    LinkedIn offers the opportunity to object to certain data processing; information and opt-out options for this subject can be found at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy.

    LinkedIn users can control the extent to which their use behaviour may be recorded when visiting our LinkedIn site at https://www.linkedin.com/psettings/advertising.

    Data processing via cookies set by LinkedIn can also be prevented by adjusting the settings in the browser.

    LinkedIn transmits user data solely to countries for which an adequacy decision has been issued by the European Commission in accordance with Article 45 GDPR or on the basis of appropriate guarantees in accordance with Article 46 GDPR. LinkedIn Corporation is certified under the EU-US Privacy Shield, but this does not provide an adequate level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

  4. Xing

    We operate a social media site at https://www.xing.com/pages/nironitedelstahlhandelgmbh-co-kg where we present photos and posts about our company, provide information about our services, publish job advertisements where applicable and communicate with customers. When using and accessing our XING page, user data are also collected by the German-based company New Work SE, Dammtorstrasse 30, 20354 Hamburg (hereinafter “XING”). A system via XING becomes possible from XING’s distribution of advertising via its network.

    We analyse the views and interactions on our XING site. For this purpose, XING creates use profiles, but provides us in this case solely with anonymous data, so-called visitor and subscriber analyses, aggregated data that enable us to draw conclusions concerning how users interact with our XING site. The compiled statistics are transmitted to us exclusively in anonymised form. We do not have access to the underlying data. With respect to this analysis service, we process your personal data jointly with XING. For this reason, we have concluded an agreement between joint controllers with XING (Art. 26 GDPR).

    You can access our XING site regardless of whether or not you yourself have a user account with XING. We process your personal data when you interact with our XING site, e.g. by posting a comment, clicking a Like button or sending us a message. We do not disclose the data to other third parties. The terms of service of XING at: https://www.xing.com/terms are also authoritative. https://www.xing.com/terms

    Legal grounds for this data processing are, depending on the nature of your activity, your consent (point (a) of Art. 6 (1) GDPR) or our legitimate interest (point (f) of Art. 6 (1) GDPR) in customer-oriented marketing. XING users may withdraw their consent to the publication of their comments or Likes at any time with effect for the future by erasing the specific comment or content. The withdrawal is without prejudice to the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

    XING offers the opportunity to object to certain data processing; information and opt-out options for this subject can be found at https://privacy.xing.com/en/privacy-policy.

    XING users can control the extent to which their use behaviour may be recorded when visiting our XING site at https://privacy.xing.com/en/privacy-policy/information-we-automatically-receive-through-your-use-of-xing/determination-of-statistics/tracking-in-embedded-external-content and https://privacy.xing.com/en/privacy-policy/information-we-automatically-receive-through-your-use-of-xing/measurement-and-optimisation-of-advertising

    Data processing via cookies set by XING can also be prevented by adjusting the settings in your browser.

    To our knowledge, XING uses service providers located in the USA to provide its services. The European Court of Justice has determined that the USA does not have a level of data protection comparable to that of the EU (ECJ, decision of 16/07/2020 — C-311/18, margin note 200, Facebook/Schrems II).

    If personal data are transferred there, there is a risk that surveillance authorities will access and analyse them on a massive scale There is no effective legal protection from this.

  5. WhatsApp

    We offer the possibility on our sites to contact us using the messenger service WhatsApp. This service is operated in the EU and EEA by WhatsApp Ireland Limited, Attn: Privacy Policy, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“WhatsApp”), a member company of the Facebook group. The icon on our sites is inactive; you will see merely the mobile phone number you can use to contact us on WhatsApp.

    The offer on our website to contact us using WhatsApp is based on our legitimate interest in marketing, customer loyalty and customer service (point (f) of Art. 6 (1) GDPR). You are free to decide whether you want to send us messages via WhatsApp. For you, the use of WhatsApp is based solely on the consent you give to WhatsApp (point (a) of Art. 6 (1) GDPR). We process solely the content of the messages you send to us and your associated mobile phone number and name. In addition to the aforementioned legitimate interests, this exchange with you via WhatsApp also serves to initiate or conduct business transactions with you (point (b) of Art. 6 (1) GDPR).

    We receive statistical analyses from WhatsApp for measurement of the interaction with us. All interactions with us are automatically available to the service.

    When you use the service, WhatsApp collects data about you, your account, your messages, network, use (especially payment services), log information, device and connection data and location information. Cookies are also installed on your device. WhatsApp transmits user data solely to countries for which an adequacy decision has been issued by the European Commission in accordance with Article 45 GDPR or on the basis of appropriate guarantees in accordance with Article 46 GDPR. WhatsApp Inc. and all affiliated companies are certified under the EU-US Privacy Shield, but this does not provide an adequate level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). For more details, please refer to WhatsApp’s privacy policy https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

    You can delete or manage your personal information on WhatsApp yourself at any time by adjusting the settings for the service, changing the profile data or deleting your account on WhatsApp. You will find more detailed information at: https://www.whatsapp.com/legal/#privacy-policy-managing-and-deleting-your-information.

 

XII. REGISTRATION OF A CUSTOMER ACCOUNT AND ORDERS VIA OUR ONLINE SHOP

  1. Description of the data processing

    Corporate customers can purchase products from us in our online shop in the conduct of their commercial activity. You must create a customer account if you want to make purchases. Personal data are collected and stored for the creation of the customer account. The following data will be transmitted to us and processed by us: Company name, address, contact, email address, phone number, VAT ID and a required password.

    After your registration, you will receive a confirmation email about the activation of the customer account. You cannot order any products from our online shop without registration as a customer. .

  2. Purpose and legal grounds for data processing

    The data are processed solely if the customer registers a customer account and orders products from our online shop. The personal data collected during registration will be used solely and exclusively for the creation and maintenance of a customer account and for the fulfilment and processing of the purchase contract, not for any other purposes. The data that must be provided during registration are required to create a customer account and/or to process the contract whenever products are ordered.

    The processing of personal data is carried out during creation of the customer account for the conclusion, processing and performance of the use agreement and, whenever products are ordered, for the conclusion, processing and fulfilment of the sales contract. Legal grounds for the processing are found in point (b) of Art. 6 (1) GDPR.

  3. Duration of the storage

    When you have created a customer account, you have the option of requesting the deletion of the customer account at any time (contact under Section I).

    We store personal data for the duration of the existence of the customer account. The data are subsequently erased insofar as that there are no legal obligations to retain data or you have expressly consented to the use of your personal data beyond this time.

    Information and data on individual orders dating back more than three years are blocked in the customer account and erased at the latest 10 years after the order date. You may give your consent for data concerning orders placed more than three years ago, but no more than 10 years ago, to be shown to you.

    Your personal data are erased or blocked as soon as the purpose of the storage ceases to exist. Storage of data may continue beyond this time if provision has been made by European or national legislatures in EU regulations, laws, or other statutes to which we are subject. Blocking or erasure of the data also occurs whenever the storage period required by the specified norm expires unless the continued storage of the data is required for the conclusion or performance of a contract..

  4. Possibility of objection

    You have the option of requesting the updating or erasure of the data stored in your customer account at any time (contact under Section I.).

    There are legal obligations to retain certain data concerning the performance of contracts (for example, for invoices, Section 147 (3) AO, Section 57 HGB); the data retained in accordance with these periods will be erased after expiry of the legal retention period obligation. When products have been ordered, the data are required for the processing of the contract. To this extent, you do not have a right of objection to the data processing.

  5. Disclosure of personal data to service providers for completion of the order, purpose and legal grounds; possibility to object

    DWe treat the personal data concerned confidentially, and they will not be transmitted to third parties unless this is necessary to process the order or you have consented to the data processing or we are legally obligated to do so.

    For our financial security, we ask commercial credit insurers whether they would insure the customer for orders with payment on account before the products are delivered. This requires that we disclose the company name and address to companies that assist us in assessing your creditworthiness (commercial credit insurers).

    The data processing in this case serves our legitimate interest in minimising risks of losses from payment default. We receive solely a notification of the aggregated results from the commercial credit insurers without any more specific details. The disclosure of data in this case is based on point (f) of Art. 6 (1) GDPR. We have a legitimate interest in financial security in the event that we provide delivery of the products in advance of receiving payment. These companies receive solely the data that are necessary for the performance of the requested service. They are obligated to handle your data confidentially. You may object to processing on the basis of your legitimate interest at any time. You will find more details on this subject under “Your rights” in this privacy policy (under section VI. 7.).

    Moreover, we cooperate with service providers who support us in whole or in part in the performance of concluded contracts when processing your orders. These companies are service providers who support us in the shipping of the products. We transmit your personal data to these service providers solely for the purpose of shipping the products to you and solely to the extent that is absolutely necessary in each case. They are obligated to treat your data confidentially.

    We disclose the name and shipping address you have provided to our chosen shipping partner so that the products can be shipped to you, point (b) of Art. 6 (1) GDPR.

 

XIII. REGISTRATION FOR THE NEWSLETTER AND PRODUCT RECOMMENDATION BY EMAIL TO CURRENT CUSTOMERS

There is an opportunity on the website to subscribe to a free newsletter sent by email. When subscribing, you use the input mask to provide to us your personal data of first name, surname and email address, which are stored and processed by us. In addition, the IP address of your device and the date and time of registration are collected.

If you purchase products or services from us and have provided your email address, we take the liberty, insofar as permitted by legal regulations, of sending to you product recommendations for similar products we offer if we notified you of this when the contract was concluded and you did not object.

The personal data we process for sending the newsletter will not be transmitted to third-party companies. The data are used solely and exclusively for sending the newsletter or the product recommendations.

Legal grounds for the processing of personal data when users subscribe to a newsletter, provided that the users have given their consent to the processing, are found in point (a) of Art. 6 (1) GDPR. The legal grounds for product recommendations subsequent to the sale of products are found in point (f) of Art. 6 (1) GDPR in conjunction with Section 7 (3) UWG. The collection of the personal data for the newsletter is necessary for the delivery of the newsletter. The same applies to product recommendations to customers who have purchased products.

Users’ names and email addresses are stored as long as the users subscribe to the newsletter or until the users unsubscribe from the newsletter. Any other data collected during the registration process are erased as a rule after seven days.

Users may unsubscribe from the newsletter at any time and object to receiving product recommendations by email by clicking on a separate link at the end of every newsletter. In addition, it is possible to unsubscribe or withdraw from receipt of the newsletter by sending an email to datenschutz(at)nironit.de

 

XIV. DATA SECURITY

We use the widespread SSL (Secure Socket Layer) protocol in conjunction with the highest encryption level supported by your browser during your website visit. As a rule, 256-bit encryption is used. If your browser does not support 256-bit encryption, we fall back on 128-bit v3 technology instead. You can see whether a page of our internet site is transferred in encrypted form by the display of the key or a closed padlock icon in your browser’s status or address bar..

In other respects, we use appropriate technical and organisational security measures to protect your data from accidental or intentional manipulations, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in step with technological development.

 

XV. CURRENTNESS AND MODIFICATION OF THIS PRIVACY POLICY

This privacy policy is currently valid and was most recently revised in August 2021. It may become necessary to modify or amend this privacy policy as a consequence of the continued development of our website and portfolio or because of changes in legal or official requirements. The most recently revised privacy policy can be accessed and printed out from the website at any time.

Download this Information as PDF!

NIRONIT Edelstahl GmbH & Co. KG