Data protection declaration for the use of steelshop.net

Responsible in terms of data protection laws, in particular the EU General Data Protection Regulation (GDPR) is Pauly Stahlhandel GmbH & Co. KG

Your rights as a data subject

You can exercise the following rights at any time using the contact details provided:

If you have given us your consent, you can revoke it at any time with future effect.

You can contact a supervisory authority at any time with a complaint, e.g. B. to the responsible supervisory authority of the state of your residence or to the authority responsible for us as the responsible body.

A list of the supervisory authorities (for the non-public area) with address can be found at: https://www.bfdi.bund.de/EN/Home/home_node.html.

Collection of general information when visiting our website

Type and purpose of processing:

If you access our website, i.e. if you do not register or otherwise provide information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and the like.

They are processed in particular for the following purposes:

We do not use your data to draw conclusions about you personally. Information of this type may be statistically evaluated by us in order to optimize our website and the technology behind it.

Legal basis:

Processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website.

Receiver:

The recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Storage Time:

The data will be deleted as soon as it is no longer required for the purpose of the collection. This is generally the case for the data used to provide the website when the respective session has ended.

Provision required or required:

The provision of the aforementioned personal data is neither legally nor contractually required. Without the IP address, however, the service and functionality of our website is not guaranteed. In addition, individual services and services may not be available or restricted. For this reason, an objection is excluded.

Cookies

Type and purpose of processing:

Like many other websites, we also use so-called "cookies". Cookies are small text files that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website.

This gives us certain data such as B. IP address, browser used and operating system.

Cookies cannot be used to start programs or transfer viruses to a computer. Based on the information contained in cookies, we can make navigation easier for you and enable our websites to be displayed correctly.

Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.

You can of course also view our website without cookies. Internet browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time via the settings of your browser. Please use the help functions of your internet browser to find out how you can change these settings. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

Storage period and cookies used:

If you allow us to use cookies through your browser settings or consent, the following cookies can be used on our websites:

As far as these cookies can (also) relate to personal data, we will inform you in the following sections.

You can delete individual cookies or the entire cookie inventory via your browser settings. You will also receive information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you will find the necessary information under the following links:

Registration on our website

Type and purpose of processing:

When registering for the use of our personalized services, some personal data are collected, such as name, address, contact and communication data (e.g. telephone number and email address). If you are registered with us, you can access content and services that we only offer to registered users. Registered users also have the option of changing or deleting the data provided when registering at any time. Of course, we will also provide you with information about the personal data we have stored about you at any time.

Legal basis:

The data entered during registration is processed on the basis of the user's consent (Art. 6 Para. 1 lit. a GDPR).

If the registration serves to fulfill a contract to which the data subject is a party or to carry out pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 Para. 1 lit. b GDPR.

Receiver:

The recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Storage time:

Data will only be processed in this context as long as the corresponding consent is available. After that, they will be deleted unless there are legal retention requirements. To contact us in this context, please use the contact details provided at the end of this data protection declaration.

Provision required or required:

The provision of your personal data is voluntary, solely on the basis of your consent. Without the provision of your personal data, we cannot grant you access to the content and services we offer.

Provision of chargeable services

Type and purpose of processing:

We will ask for additional data to provide services that are subject to a charge, e.g. Payment details to process your order.

Legal basis:

The processing of the data required for the conclusion of the contract is based on Art. 6 Para. 1 lit. b GDPR.

Receiver:

The recipients of the data may be processors.

Storage time:

We store this data in our systems until the statutory retention periods have expired. These are generally 6 or 10 years for reasons of proper bookkeeping and tax law requirements.

Provision required or required:

The provision of your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to the content and services we offer.

Comment function

Type and purpose of processing:

If users leave comments on our website, the time of their creation and the user name previously selected by the website visitor are saved in addition to this information. This serves our security as we can be prosecuted for illegal content on our website, even if it was created by users.

Legal basis:

The data entered as a comment is processed on the basis of a legitimate interest (Art. 6 Para. 1 lit.f GDPR).

By providing the comment function, we want to make it easy for you to interact. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions.

Receiver:

The recipients of the data may be processors.

Storage time:

The data will be deleted as soon as it is no longer required for the purpose of the collection. This is generally the case when communication with the user has been completed and the company can see from the circumstances that the matter in question has been finally clarified.

Provision prescribed or required:

The provision of your personal data is voluntary. Without providing your personal data, we cannot grant you access to our comment function.

Newsletter

Provision required or required:

Your data will only be used to send you the subscribed newsletter by email. Your name is given so that you can address you personally in the newsletter and, if necessary, identify it if you want to exercise your rights as a data subject.

To receive the newsletter, it is sufficient to enter your email address. When you register to receive our newsletter, the data you provide will only be used for this purpose. Subscribers can also be informed via email about circumstances that are relevant to the service or registration (e.g. changes to the newsletter offer or technical conditions).

For an effective registration, we need a valid email address. In order to check that a registration is actually made by the owner of an e-mail address, we use the "double opt-in" procedure. For this purpose, we log the order of the newsletter, the sending of a confirmation email and the receipt of the response requested. Further data is not collected. The data will only be used for sending the newsletter and will not be passed on to third parties.

Legal basis:

On the basis of your expressly granted consent (Art. 6 Para. 1 lit. a GDPR), we will regularly send you our newsletter or comparable information by email to your specified email address.

You can revoke your consent to the storage of your personal data and its use for sending the newsletter at any time with future effect. There is a corresponding link in every newsletter. You can also unsubscribe directly from this website at any time or inform us of your revocation using the contact option at the end of this data protection notice.

Receiver:

The recipients of the data may be processors.

Storage time:

In this context, the data will only be processed as long as the corresponding consent is available. Then they will be deleted.

Provision required or required:

The provision of your personal data is voluntary, solely on the basis of your consent. Unfortunately, we cannot send you our newsletter without existing consent.

Contact Form

Type and purpose of processing:

The data you have entered will be stored for the purpose of individual communication with you. To do this, you must provide a valid email address and your name. This is used to assign the request and then answer it. The specification of further data is optional.

Legal basis:

The data entered in the contact form is processed on the basis of a legitimate interest (Article 6 (1) (f) GDPR).

By providing the contact form, we would like to make it easy for you to contact us. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions.

If you contact us to request an offer, the data entered in the contact form will be processed to carry out pre-contractual measures (Art. 6 Para. 1 b GDPR).

Receiver:

The recipients of the data may be processors.

Storage time:

Data will be deleted no later than 6 months after processing the request.

If there is a contractual relationship, we are subject to the statutory retention periods according to HGB and delete your data after these periods.

Provision required or required:

The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, your email address and the reason for the request.

Use of Google Analytics

Type and purpose of processing:

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA (hereinafter: "Google"). Google Analytics uses so-called “cookies”, which are text files that are saved on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. Due to the activation of IP anonymization on these websites, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transferred to a Google server in the USA and abbreviated there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

The purposes of data processing are to evaluate the use of the website and to compile reports on activities on the website. Based on the use of the website and the Internet, other related services are then to be provided.

Legal basis:

The processing of the data is based on the legitimate interest according to Art. 6 Para. 1 lit. f GDPR.

Receiver:

Google is the recipient of the data as a processor. For this we have concluded the corresponding order processing contract with Google.

Storage time:

The data will be deleted as soon as it is no longer required for our recording purposes.

Third country transfer:

Google processes your data in the USA and has submitted to the EU_US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Provision required or required:

The provision of your personal data is voluntary, solely on the basis of your consent. If you prevent access, this may result in functional restrictions on the website.

Withdrawal of consent:

You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: Browser add-on for deactivating of Google Analytics.

In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics by disabling Google Analytics on our privacy-settings-page. A JavaScript variable and or a cookie is set in your browser, which prevents further tracking of the user.

Profiling:

With the help of the Google Analytics tracking tool, the behavior of visitors to the website can be assessed and interests analyzed. For this we create a pseudonymous user profile.

Use of Google Maps

Type and purpose of processing:

We use Google Maps on this website. Google Maps is operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function.

You can find more information about data processing by Google in the Google data protection information. There you can also change your personal data protection settings in the data protection center.

Detailed instructions on how to manage your own data in connection with Google products you can find here.

Legal basis:

The legal basis for the integration of Google Maps and the associated data transfer to Google is your consent (Art. 6 Para. 1 lit. a GDPR).

Receiver:

When you visit the website, Google receives information that you have accessed the corresponding subpage of our website. This takes place regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account.

If you do not want your Google profile to be assigned, you must log out of Google before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and / or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, but you must contact Google to exercise them.

Storage time:

We do not collect personal data by integrating Google Maps.

Third country transfer:

Google processes your data in the USA and has submitted to the EU_US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Withdrawal of consent:

If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you cannot use our website or only use it to a limited extent.

Provision required or required:

The provision of your personal data is voluntary, solely on the basis of your consent. If you prevent access, this may result in functional restrictions on the website.

Embedded YouTube Videos

Type and purpose of processing:

We embed YouTube videos on some of our websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter "YouTube"). When you visit a page with the YouTube plugin, a connection to YouTube servers is established. YouTube is informed which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand.

If a YouTube video is started, the provider uses cookies that collect information about user behavior.

Further information on the purpose and scope of data collection and processing by YouTube can be found in the provider's data protection declaration, where you will also find further information on your rights and setting options to protect your privacy (https://policies.google.com/privacy). Google processes your data in the USA and has submitted to the EU_US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework

Legal basis:

The legal basis for the integration of YouTube and the associated data transfer to Google is your consent (Art. 6 Para. 1 lit. a GDPR).

Receiver:

Calling YouTube automatically triggers a connection to Google.

Storage period and revocation of consent:

If you have deactivated the storage of cookies for the Google ad program, you will not have to expect such cookies when watching YouTube videos. YouTube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in the browser.

Further information on data protection at "YouTube" can be found in the provider's data protection declaration at: https://www.google.de/intl/de/policies/privacy/

Third country transfer:

Google processes your data in the USA and has submitted to the EU_US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Provision prescribed or required:

The provision of your personal data is voluntary, solely on the basis of your consent. If you prevent access, this may result in functional restrictions on the website.

SSL/TLS Encryption

In order to protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL / TLS) via HTTPS. Our offers can only be accessed via encrypted connections. We send headers (HSTS) which ensure that an unencrypted connection doesn't even try. In addition, steelshop.net is entered in the HSTS preload list (watch: https://hstspreload.org). This entry ensures that the most common browsers choose an encrypted connection when they are accessed for the first time and do not attempt to reach the page unencrypted. In addition, unencrypted requests are canceled and forwarded to the encrypted equivalent of the website using a 301 permanent redirect header.

Changes to our privacy policy

We reserve the right to adapt this data protection declaration so that it always corresponds to the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration then applies to your next visit.

Questions to the data protection officer

If you have any questions about data protection, please send us an email: datenschutz@pauly-stahlhandel.de

The data protection declaration was created with the help of activeMind AG, the experts for external data protection (Version #2019-04-10).