Privacy Notice

This Privacy Notice is to inform you of the processing of your personal data by Salzgitter Maschinenbau AG and your personal rights as per the new EU General Data Protection Regulation (GDPR) and the new Federal Data Protection Law [Bundesdatenschutzgesetz -BDSG] starting 25th May 2018.

Responsible party for the processing of your personal data

Salzgitter Maschinenbau AG
Windmühlenbergstraße 20-22
38259 Salzgitter
Tel: +49 5341 302-0
Fax: +49 5341 302-304
E-Mail: contactsmagde

Data protection officer

Our person responsible for data protection can be reached at:
Tobias Lau
c/o BEL NET GmbH
Christian-Pommer-Str. 23
38112 Braunschweig
E-Mail: tobias.laubelnetde

 

Purposes and legal basis of the data processing

We process your personal data only in accordance with the legal provisions stated in the EU General Data Protection Regulation (GDPR), the new Federal Data Protection Law (BDSG) and other laws which may be applicable. We therefore only process your data in as far as a contractual basis exists, we have your permission to process your data or the law allows or requires us to process your data.

Data processing in order to fulfil a contract or perform prerequisite services

We process the personal data which you provide us in the registration sheet / order form to the extent to which it is necessary to conclude the contract, perform the duties of the contract and to terminate the contractual relationship. In addition to the data for the services you have requested or goods you have ordered, it includes your forename, your surname, your customer number and your address.

In order to enable proper performance of the contract and to be able to contact you as quickly as possible to respond to queries or problems, we process your address and/or your telephone/mobile number and/or your e-mail address should you have provided us with these for this purpose.

The legal basis for the data processing for fulfilment of a contract and the performance of prerequisite services is generally Art. 6 Sec. 1 lit. b GDPR.

Data processing for the purposes of the protection of legitimate interests of the responsible party or a third Party

We also process your data where it is necessary to protect our legitimate interests or the legitimate interests of a third party. Processing which we may perform based on a legitimate interest include direct marketing of our products, generating internal statistics, investigation of crimes or measures to ensure the proper operation of our IT infrastructure.

The legal basis for data processing to protect our legitimate interests as the responsible party or the legitimate interests of a third party is Art. 6 Sec. 1 lit. f GDPR.

Data processing to fulfil legal requirements

We also process your data where it is necessary to fulfil the legal duties to which we are subject. The duties which we have to fulfil include archiving requirements for tax law or commercial law purposes.

The legal basis for the processing in order to fulfil a legal duty is Art. 6 Sec. 1 lit. c GDPR plus the additionally relevant legal standards.

Data processing on the basis of a permission for other purposes

We also may process your personal data in cases where you have granted your express permission (cf. Art. 6 Sec. 1 lit. a GDPR). In such cases we provide you with additional data protection legal information as part of the permission process. You can revoke your permission at any time via the above-mentioned contact details.

Should we process your personal data in future for other purposes which are not listed in this Privacy Notice, we will inform you of this and the associated legal requirements.


Categories of recipients of the personal data

Data processing in the company Group

As part of our administrative activities and the performance of the contract, it may be necessary for us to transmit your personal data to the company in our Group which handles the task of processing the data.

External service Providers

Our external service providers which process data in our name are contractually obliged as per Art. 28 GDPR to handle the personal data in accordance with the applicable laws. If these companies come into contact with your personal data, we have ensured by legal, technical and organisational means and by regular checks that these companies adhere to the requirements of the data protection laws.

Authorities

We may make your personal data available to government authorities in cases where required by our legal duty to provide information.

Transmission of data to a third country

We generally do not transmit your personal data to a third country or an international organisation outside the European Economic Area (EEA). Should such a transmission occur in a specific case, this will only involve countries covered by the European Commission’s adequacy decision or where suitable or appropriate guarantees of this level of data protection are confirmed (e.g. binding corporate rules or EU standard contractual clauses).


Duration of the data storage

We store your personal data only for as long as necessary to achieve the purposes mentioned above and for the time period during which we may potentially be subject to legal claims. The period of legal limitation for such claims can range from three to thirty years depending on the case.

We also store your personal data to the extent to which we are subject to legal documentation and archiving requirements (e.g. commercial laws, fiscal code or money laundering laws). The archiving durations required by law can be up to ten years. In certain cases, there can also be special documentation requirements which necessitate storage of your personal data for a longer period.


Rights of the persons concerned

As the person concerned, you are entitled to the following rights in accordance with Art. 15 ff. GDPR:

Right of information

You have the right to demand information from us on whether we process personal data referring to you. If this is the case, you have the right to demand information from us concerning this personal data.

Right to correction

You have the right to demand that we correct any personal data which we hold on you which is incorrect.

Right to deletion

In certain cases, you have the right to demand from us that personal data which we hold on you be deleted promptly.

Right to restriction of processing

In certain cases, you have the right to demand from us that we restrict the processing of data.

Right to data portability

You have the right to receive from us the personal data which we hold on you and which you provided to us in a structured, usual and machine-readable format.

Right to objection against the processing

You have the right to object to the processing of your personal data on the basis of Art. 6 Sec. 1 lit. e or f GDPR at any time for reasons resulting from your personal situation. If we use your data for direct marketing, you can raise objection at any time.

Right of revocation

If you have granted us permission to use your personal data, you can revoke this at any time.

Data Protection Supervisory Authority

You also have the possibility to make a complaint to the Data Protection Supervisory Authority regarding our processing of your personal data. The Data Protection Supervisory Authority which is responsible is:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover

Should you have any further questions or comments, please contact us or our Data Protection Officer at any time.

 

 


back to top