We attach great importance to protecting personal data. Therefore, STEAG GmbH processes your data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the other applicable statutory provisions on the protection of personal data and data security.
The following information applies to our Internet presence (hereinafter referred to as “Website”) and provides you with an overview of what personal data we collect from you through our Website and for what purposes and in what way we use such data. In addition, we provide you with information about the rights you have in relation to your personal data.
1. CONTROLLER UNDER DATA PROTECTION LAW
2. CONTACT DETAILS OF OUR DATA PROTECTION OFFICER
Group Data Protection Officer
Rüttenscheider Str. 1–3
3. PURPOSES AND LEGAL BASES OF PROCESSING
You can use virtually the whole of the Internet service of STEAG without us requiring personal data from you. Only a small number of services which you can find on our web pages require the provision of personal data in order for you to be able to use them.
3.2 Legal basis
The legal basis is our legitimate interest in publishing our own information about our company, in making our Website content attractive and usable, and in identifying and rectifying possible technical issues (Art. 6 para 1 first sentence lit. f) GDPR).
When contacting us via a contact form, you consent to the data you provide (e.g. your e-mail address, name, telephone number) being stored by us in order to answer your questions. Your data will be deleted after processing your request (Art. 6 para 1 first sentence lit. a) GDPR).
4.1 Logging in and using the Website
When you visit the STEAG Website, technical access data is automatically recorded and evaluated by the Internet server (web server) of STEAG. However, this data cannot be allocated to a specific person; rather, the individual user remains anonymous. Data recorded includes:
- IP address
- Date and time of enquiry
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access status/HTTP status code
- Amount of data transferred
- Website from which the request originates
- Operating system and its user interface
- Language and version of the browser software
4.3 Google Analytics
If you have given your consent, this Website uses Google Analytics, a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Scope of processing
Use of the analytics service includes the Universal Analytics mode. This makes it possible to link data, sessions, and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices.
We use the ‘anonymizeIP’ function (so-called IP masking): Due to the activation of IP anonymization on this Website, your IP address will be truncated by Google within EU member states or in other states party to the Agreement on the European Economic Area. The IP address transmitted by your browser as part of Google Analytics will not be aggregated with other data of Google.
During your stay on the Website, the following data is captured, among other things:
- achievement of “website goals” (conversions, e.g. newsletter sign-ups, downloads)
- your user behavior (for example, clicks, length of stay, bounce rates)
- your approximate location (city, country)
- your IP address (in truncated form)
- technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- your Internet provider
- the referrer URL (via which website/advertising medium you came to this Website)
Purposes of processing
On behalf of the operator of this Website, Google will use this information for the purpose of evaluating your use of the Website and compiling reports on Website activity. The reports provided by Google Analytics are used to analyze the performance of our app and the success of our marketing campaigns.
The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as a data processor. For this purpose, we have concluded a data processing agreement with Google. Google LLC, based in California, USA, and US authorities may access the data stored by Google.
The data is automatically deleted after 14 months. The deletion of data whose retention period has expired takes place automatically once a month.
Legal basis and withdrawal of consent
Your consent, Art.6 para.1 first sentence lit. a GDPR is a prerequisite for such processing of data. You can withdraw your consent at any time with effect for the future; to do so, you can follow the link provided under point 4.2 "Cookies".
4.4 SalesViewer® technology
Using the SalesViewer® technology provided by SalesViewer® GmbH, we collect and store data for marketing, market research and optimization purposes on the basis of legitimate interests (Art. 6 para. 1 lit. f GDPR).
- Name, origin and industry of the visiting company
- Source/referrer of the visiting company
- Visitor behavior (e.g. (sub)pages accesses, time of access, duration of visit)
This means that only company data is collected and processed.
Any data stored in connection with SalesViewer will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.
You can object to the collection and storage of data at any time with effect for the future by clicking on this link https://www.salesviewer.com/en/opt-out to prevent the collection of data by SalesViewer® through this Website in the future. When you do this, an opt-out cookie for this Website will be placed on your device. If you delete your cookies in this browser, you must click this link again.
We use HubSpot for our online marketing activities. This is a communication tool that complements our CRM system and covers various aspects. Of course, the tool uses the double-opt-in process, which complies with data protection requirements. This includes, among other features:
- Newsletter management
- Download services incl. documentation and evaluation
- Social media publications and their evaluation (e.g. traffic sources, accesses, etc. ...)
For the services you select, HubSpot requests a double-opt-in in compliance with data protection regulations.
The recipient of the data is HubSpot, Inc. as order processor. For this purpose, we have concluded a data processing agreement with Hubspot, Inc., 25 First Street, Cambridge, Massachusetts A 02141 USA, and US authorities may access the data stored byHubSpot.
Where can I learn more about HubSpot?
HubSpot is a software company from the USA with a branch office in Berlin.
HubSpot Germany GmbH
Unter den Linden 26
- More information from HubSpot regarding the EU data protection regulations
- You can find more information about the cookies used by HubSpot here and here
How can I object to the collection of this data?
In addition to the option to withdraw at any time your consent to the use of your data, which we provide in each of our mails, you can technically prevent the collection of your user data by adjusting the cookie settings of your browser and deleting the respective cookies. You can find more information about the cookies used by HubSpot here.
4.6. Use of social plug-ins
Our Website does not use social plug-ins of social networks. With the integration of the icons of social networks such as Facebook, Twitter, Xing and LinkedIn, we only refer to these networks with an external link. In some cases, the link refers to a share functionality of the respective network. This means that you can share our accessed web page directly with other users via the page of the social network that is associated with the sharing button.
On our Website you have the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the registration form will be transmitted to us.
- First name
- Last name
During the registration process, your consent is obtained for the processing of the data and reference is made to this Privacy Statement. No data will be passed on to third parties in connection with the data processing for sending out newsletters.
The data will be used exclusively for sending out newsletters. The legal basis for the processing of data after subscription to the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
The collection of the user's e-mail address serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's e-mail address is stored as long as the subscription to the newsletter is active.
The newsletter subscription can be cancelled by the user concerned at any time. For this purpose, a corresponding link is provided in each newsletter. This also enables withdrawal of consent to the storage of personal data collected during the registration process.
4.8. Web seminars
Through our Website, you have the possibility to participate in free web seminars. When you register for a web seminar, we collect the following data (registration data):
- First name and last name
- E-mail address
- Job title (optional)
Before you participate in the seminar, we will ask you as a participant for your consent (start window in the edudip software used). During the web seminar, the following data is collected (data resulting from the implementation of the seminar) and processed for further customer service:
- First name and last name
- E-mail address
- IP address (but only in standard server logs and not combinable with other data)
- Questions you may ask and other content from your chat messages to the moderators
Legal basis and purpose
We collect and process your data in accordance with the legal requirements, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), as well as other legal bases such as the German Telemedia Act (TMG) in the field of electronic communication for the purpose of conducting the web seminar based on your consent, Art. 6 (1) (a) GDPR for the following purposes:
- Organization and implementation of the seminar
- Marketing and customer service (chat content only)
If necessary, we process your data to protect our legitimate interests or those of third parties (Art. 6 (1) (f) GDPR):
- Ensuring IT security and IT operations
- Legal obligations to provide evidence
Our goal is to provide you with a web seminar experience that comes as close as possible to a face-to-face seminar. Therefore you can ask your questions in the chat in private to our moderators, other participants will not see this. To enable such a professional and real exchange, the administrator and moderators will see your participant names, while the other participants will not.
Please note that we reserve the right to record certain events. The recording (stream) will be from an attendee perspective and cover the moderator. We do not collect any personal data in the stream. We will inform you in advance of any recording. Chats are recorded separately.
We use the service provider (data processor) Edudip GmbH, Jülicher Str. 306, 52070 Aachen, Germany, to implement our web seminars. We have concluded a data processing agreement with Edudip. The service provider uses the subcontractor Hetzner for hosting.
We will delete your data resulting from the implementation of the seminar no later than four weeks after the seminar has taken place; your registration data will be deleted if we have not had any customer contact with you for more than one year or if you have objected to further processing.
4.9 OpenStreetMap / uMap
On our Website we use the services of the uMap open source project to provide individual maps with markers via an API (programming interface) of the OpenStreetMap map service. The purpose of this is to display interactive maps directly on the Website, to make it easy to find the places we indicate on the Website, and to enable you to use the map function conveniently. The service provider is the OpenStreetMap Foundation (OSMF for short), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.
Each time a user accesses a corresponding page, data for uMap is requested from OSM caching servers (usually the one closest to their location, list available at hardware.openstreetmap.org/#tile-caches) and servers in France and displayed in the browser. At the same time, data is also sent to these servers and temporarily processed in a log file. Specifically, the following data is stored for each access/request:
- date and time of the request (timestamp) as well as the IP address of the accessing device or server,
- request details and destination address (protocol version, HTTP method, referrer, UserAgent string),
- name of the retrieved file and transferred data volume (requested URL incl. query string, size in bytes), and
- message indicating whether the request was successful (HTTP status code).
4.10 Our Website
We use IT and support service providers to provide the Website. These service providers are carefully selected by us and act as processors for us.
Our hosting provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.
Our website agency is:
5. RECIPIENTS OF YOUR DATA / TRANSFER TO THIRD COUNTRIES
The processing of data will be carried out generally within a member state of the European Union (EU) or within a member state of the European Economic Area (EEA). Transfer of personal data to a third country or access to such data from a third country shall only take place if the special requirements of Art. 44 ff. GDPR are satisfied (e.g., by agreement of Standard Contractual Clauses or if the recipient acts on a legal basis adopted by the European Commission pursuant to Art. 45 (1) GDPR (so-called “adequacy decision”)). For more details, please refer to the individual service providers mentioned in section 4 hereinabove.
6. YOUR RIGHTS
You have a right of access, i.e. you may request that we disclose to you all your personal information that we have collected and hold for a certain period of time (Art. 15 GDPR). Furthermore, you may also request rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR) and have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).
If we process your personal data on the basis of your consent, you may withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to your withdrawal of consent, but prevents future processing.
Notices of withdrawal of consent and other requests can be addressed to our Group Data Protection Officer.
Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your objection to advertising using the following contact details: firstname.lastname@example.org
We take your inquiries and concerns very seriously and always endeavor to address them.
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR in conjunction with Section 19 BDSG. In North Rhine-Westphalia, the competent data protection supervisory authority is: Landesbeauftragte für Datenschutz und Informationsfreiheit (State Commissioner for Data Protection and Freedom of Information), North Rhine-Westphalia Kavalleriestr. 2 – 4, 40213 Düsseldorf, Germany.
Last updated: June 2021