Thank you for your interest in our website.
Protecting your privacy is important to us. On the following pages, we would like to provide you with an overview of the processing of your personal data when using our website, and inform you about your rights – derived from the GDPR.
1. The contact data of those responsible for processing, and the data protection officer
This information on data protection applies for data processed by:
Responsible: the German Steel Federation and the Steel Institute VDEh, Sohnstrasse 65, D-40237 Düsseldorf, Germany.
Tel.: +49 (0)211 6707-0
Fax: +49 (0)211 6707-310
Data protection officer
icast Project Sales Consulting & Services GmbH,
2. The collection and storage of personal data and its use
a) On visiting the website
When you access our website www.stahl-online.de (and en.stahl-online.de) the browser used on your end-device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:
the IP address of the accessing computer,
the data and time of access,
the name and URL of the requested file,
the website from which access has taken place (the referrer URL), and
the browser used and, if relevant, your computer’s operating system, as well as the name of your access provider.
We process these data for the following reasons:
to ensure smooth initiation of the connection to the website,
to ensure user-friendly use of our website,
to evaluate system security and stability, and
for further administrative purposes.
The legal basis for this data processing is Art. 6 Para. 1(f) GDPR.
3. The transmission of data
There is no transmission of your personal data to third parties except for the purposes listed below. We only pass on your personal data to third parties if:
you have provided your express consent for this in accordance with Art. 6 Para 1(a) GDPR,
such transmission is necessary according to Art. 6 Para. 1(f) GDPR to enforce, exercise or protect legal rights and there is no reason to assume that you have an overriding legitimate interest in the non-transmission of your data,
there is a legal obligation for transmission according to Art. 6 Para 1 (c) GDPR, and
it is legally permissible and necessary for processing contractual relationships with you according to Art. 6 Para 1 (b) GDPR.
4. The rights of the data subject
You have the right:
according to Art. 15 GDPR, to demand information on your personal data that we process. In particular, you can demand information on the purpose of such processing; the categories of personal data; the categories of recipients who have or will obtain your data; the planned storage duration; the existence of a right to correction, deletion, restriction of the processing, or the withdrawal of consent; the existence of a right to complain; the origin of your data (insofar that we did not collect them); and the existence of automated decision-making, including profiling and, if necessary, meaningful information about its details;
according to Art. 16 GDPR, to demand the immediate correction of incorrect data, or the completion of incomplete personal data that we store;
according to Art. 17 GDPR, to demand the deletion of your personal data that we store if processing is not necessary in order to exercise the right to freedom of expression and information; to comply with a legal requirement; for reasons of public interest; or to assert, exercise or defend legal rights;
according to Art. 18 GDPR, to demand the restriction of the processing of your personal data if you dispute the correctness of the data, if the processing is unlawful but you decline to demand its deletion, if and we no longer need the data but require them to assert, exercise or defend legal rights, or if you have lodged an objection to its processing in accordance with Art. 21 GDPR;
according to Art. 20 GDPR, to demand that you receive the personal data that you provided for us in a structured, common and machine-readable format or its transmission to another responsible party;
according to Art. 7 Para. 3 GDPR, to withdraw your previously granted consent at any time. This results in us no longer being permitted to continue processing the personal data that was the subject of such consent; and
according to Art. 77 GDPR, to complain to a supervisory authority. In general, you can turn to the supervisory authority in your usual place of domicile or workplace, or to the particular site of the organisation.
5. Your right to object
Insofar that your personal data are being processed on the basis of legitimate interests according to Art. 6 Para. 1(f) GDPR you have the right, according to Art. 21 GDPR, to object to the processing of your personal data if there are reasons resulting from your special situation or the objection is against direct advertising. In the latter case you have a general right to object, that we will implement without your having to disclose a special situation. If you would like to make use of your right to object, or revoke your consent, you only need to send an e-mail to:
for the German Steel Federation: dsb_at_wvstahl.de
for the Steel Institute VDEh: dsb_at_vdeh.de
6. Data security
During your visit to our website we use the widespread Secure Socket Layer process in combination with the particular maximum encryption level that your browser supports. This is generally a 256-bit encryption. We use 128-bit v3 technology instead if your browser does not support 256-bit encryption. You can see whether an individual page of our website is transmitted in encrypted form from the picture of the closed padlock or key symbol shown in your browser’s status bar at the bottom of the screen. We use other appropriate technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss or destruction, or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
7. Validity and changes to the Data Protection Declaration
This Data Protection Declaration of 24 May 2018 is currently valid. As a result of the further development of our website and offerings, or because of changed legal or official requirements, it may become necessary to amend this Data Protection Declaration. The currently valid Data Protection Declaration can be called up at the website and printed at any time at http://en.stahl-online.de/index.php/data-protection/.
We may use data to obtain an aggregated overview. Such an overview does not enable any personal identification. Such use could serve to create user statistics. Potential consolidated data could include the user’s occupation or sector, the number of clicks, or demographic information.
The data processed by cookies are necessary for the stated purpose to safeguard our legitimate interests, as well as those of third parties, according to Art. 6 Para. 1(f) GDPR.
Most browsers accept cookies automatically. You can, however, configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is laid down. The complete deactivation of cookies may, however, lead to you not being able to use all the functions of our website.
9. Tracking tools
The tracking measures that we use and that are listed below are implemented on the basis of Art. 6 Para. 1(f). The tracking measures that we use are intended to ensure the needs-oriented design and continuous optimisation of our website. We also use the tracking measures to statistically analyse the use of our website and evaluate the optimisation of our offerings to you. These interests are legitimate within the sense of the above-mentioned regulation. A description of the particular data processing purposes and data categories can be found under the particular tracking tool.
a) Google Analytics
We use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; known as ‘Google’ in the following) for the purpose of the needs-oriented design and continuous optimisation of our website. In this connection, pseudonymised use profiles are created and cookies (see Section 8) are used. The information on your use of this website created by the cookie, such as:
the browser type/version,
the operating system used,
the referrer URL (the website previously visited),
the host name of the accessing computer (IP address), and
the time of the server request,
are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of our website, to compile reports on website activities, and to provide other services connected to use of the website and the internet, and for the purposes of market research and the needs-oriented design of this website. This information may also be transferred to third parties if this is legally required or if we have commissioned third parties to process these data. Google never combines your IP address with other data. The IP addresses are anonymised so that it is not possible to assign an identity to it (IP masking).
You can prevent the installation of cookies by making an appropriate setting in your browser software, though we must point out that in this case it is possible that you will not be able to make full use of all the functions on this website. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of these data by Google by downloading and installing a browser add-on. As an alternative to the browser add-on, particularly for browsers on mobile end-devices, you can also prevent collection of data by Google Analytics by clicking on this link. An opt-out cookie that will prevent the future collection of your data on visiting this website will be set. The opt-out cookie only applies for this browser and only for our website and is stored on your device. If you delete the cookies in this browser you will have to re-set the opt-out cookie.
You can obtain further information on data protection in relation to Google Analytics here: Google Analytics Help.
10. Social media plug-ins
Our website uses social media plug-ins for the social networks Facebook, Twitter, YouTube, Xing and Google+, on the basis of Art. 6 Para. 1(f) GDPR, in order to increase familiarity with the German Steel Federation and the Steel Institute VDEh and their topics. The underlying purpose is considered a legitimate interest within the sense of the GDPR. Each particular social media provider is itself responsible for operating in conformity with data protection legislation. Our integration of these plug-ins takes place using the so-called two-click method in order to provide optimum protection for the users of our website.
Our website offers social media plug-ins from Facebook to make its use more personal. For this purpose, we use LIKE or SHARE buttons. These are offered by Facebook. When you access a page of our website that contains such a plug-in, you browser builds up a direct connection with Facebook’s servers. The content of the plug-in is directly transferred from Facebook to your browser, which integrates it in the website.
On integration of the plug-in, Facebook receives the information that your browser has called up the particular page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transferred directly from your browser to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can directly assign the visit to our website to your Facebook account. When you interact with the plug-in, for example to use the LIKE or SHARE buttons, the appropriate information is also transferred directly to a Facebook server and stored there. The information is also published on Facebook and shown to your Facebook friends.
Facebook can use this information for the purposes of advertising, market research and the needs-oriented design of Facebook pages. For this purpose, Facebook creates use, interest and relationship profiles, e.g. to evaluate your use of our website regarding the advertising inserted by Facebook, to inform other Facebook users about your activities on our website, and to provide other services connected with the use of Facebook.
If you do not want Facebook to assign the data collected via our website to your Facebook account you must log out of Facebook before visiting our website. The purpose and extent of data collection, and the further processing and use of the data by Facebook, as well as your rights in this regard and the settings that you can use to protect your privacy, can be found in the data protection information provided by Facebook.
Plug-ins for the short messaging system of Twitter Inc. (‘Twitter’) are integrated in our website. You will recognise the Twitter plug-in (Tweet button) from the Twitter logo on our pages. An overview of information on Tweet buttons can be found here: https://about.twitter.com/resources/buttons. A direct connection is created between your browser and the Twitter server when you call up a page of our website that contains such a plug-in. Twitter thus receives the information that you have visited our website with your IP address. If you click on the Twitter ‘Tweet button’ while you are logged in to your Twitter account you can link the content of our website to your Twitter profile. As a result, Twitter can assign the visit to our website to your user account. We must point out that we, as the provider of this website, obtain no knowledge of the content of the data transferred or its use by Twitter.
Please log out of your Twitter user account before visiting our website if you do not want Twitter to be able to assign a visit to our website to you personally.
Further information on this topic can be found in the Data Protection Declaration of Twitter.
Our website uses so-called social plug-ins (‘plug-ins’) for YouTube, operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. (‘YouTube’). The plug-ins are labelled with a YouTube logo, for example in the form of a ‘YouTube camera’.
Your browser creates a direct connection to the servers of YouTube when you call up a page of our website that contains such a plug-in. The content of the plug-in is directly transferred from YouTube to your browser and integrated in the pages. This connection allows YouTube to obtain the information that your browser has called up the corresponding page of our website, even if you do not have a YouTube profile or are not currently logged in to YouTube.
The information (including your IP address) is directly transmitted from your browser to a YouTube server in the USA and stored there. If you are logged in to YouTube, YouTube can directly assign your visit to our website to your YouTube account. When you interact with the plug-ins, for example use the YouTube button, this information is also directly transferred to a YouTube server and stored there. The information is also published on your YouTube account and shown to your contacts.
You must log out of YouTube before you visit our website if you do not want YouTube to directly assign the data collected via our website to your YouTube account.
Further information on this topic can be found in the Data Protection Declaration of YouTube.
Our website uses social media plug-ins from Google+ in order to make its use more personal. For this reason we use, among other things, the ‘SHARE’ button. This is a service provided by Google+. Your browser makes a direct connection with the Google+ servers when you call up a page of our website that contains such a plug-in. The content of the plug-in is directly transferred from Google+ to your browser and it is integrated in the website.
As a result of the integration of the plug-in, Google+ obtains the information that your browser has called up the corresponding page of our website, even if you do not have a Google+ account or are not currently logged in to Google+. This information (including your IP address) is directly transferred to a Google+ server in the USA, or a country in which you do not live, and stored there.
If you are logged in to Google+, Google+ can directly assign the visit to our website to your Google+ account. If you interact with the plug-ins, for example use the ‘SHARE’ button, the corresponding information is also directly transferred to a Google+ server and stored there. The information is also published on Google+ and shown to your Google+ friends.
Google+ can use this information for the purposes of advertising, market research and needs-oriented design of the Google+ pages. For this purpose, Google+ creates use, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements inserted by Google+, to inform other Google+ users about your activities on our website, and to provide services connected to the use of Google+.
You must log out from Google+ before visiting our website if you do not want Google+ to assign the data collected via our website to your Google+ account. The purpose and extent of data collection and the further processing and use of the data by Google+, as well as your rights in this regard and the settings that you can use to protect your privacy, can be found in the data protection information provided by Google+.
f) Google reCAPTCHA
We use Google reCAPTCHA (‘reCAPTCHA’ in the following) on our website. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).
reCAPTCHA is intended to check whether the data input on our website (e.g. in a contact form) is being made by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the visitor to the website on the basis of a variety of features. This analysis starts automatically as soon as the website visitor accesses the website. reCAPTCHA evaluates a variety of information (e.g. IP address, the duration of your visit to the website, or mouse movements carried out by the user). The data collected for the analysis is passed on to Google.
All reCAPTCHA analyses take place in the background. Website visitors are not informed that an analysis is taking place.
Data processing takes place on the basis of Art. 6 Para. 1(f) GDPR. The website operator has a legitimate interest in protecting their web presence against improper automated espionage and against spam.
You can obtain further information on Google reCAPTCHA and Google’s Data Protection Declaration by using the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html
11. The use of web fonts
External fonts, Google fonts, are used on the website www.stahl-online.de. Google Fonts is a service provided by Google Inc. (‚Google‘). The integration of these web fonts takes place via a server call, generally a Google server in the USA. Consequently, the server is informed about which internet pages you are visiting. The IP address of the end-device browser of the visitor to these internet pages is stored by Google. More detailed information is available in the data protection information provided by Google.