General Privacy Policy Business Partners

The protection of personal data of our business partners (such as customers, suppliers, contractors and service providers commissioned by us) is very important to EDRO Specialty Steels GmbH (hereinafter referred to as “we” or “us”). We are obliged to process your personal data in accordance with the relevant legal provisions and take this obligation very seriously. We expect the same from our business partners.

In the course of our business relationship with you, it is essential that we process your personal data (hereinafter referred to as “data”) or the data of your employees. In doing so, we comply with the applicable legal provisions on the protection, lawful handling and confidentiality of data as well as data security, in particular the European General Data Protection Regulation (“GDPR”) and the applicable national data protection regulations.

This data protection notice informs you about the nature, scope and purposes of the collection and use of your data and the data of your employees by us in the context of our business relationship.

Who is responsible for data processing and who can you contact?

The controller for the following data processing is

EDRO Specialty Steels GmbH Industriestraße 5c, 77767 Appenweier, Germany

What is personal data?

“Personal data” means any information relating to an identified or identifiable natural person (e.g. name, address, email address, company affiliation).

Processing of data in the context of the business relationship

Communication and correspondence with (potential) business partners

Purpose: In the context of communication and correspondence with you as a (potential) business partner, we process your data in order to process inquiries about products, services and projects and to be able to offer appropriate support. However, we also process your data if we obtain information from you about your products or services (e.g. as a supplier, consulting company or craftsman).

Data categories: Personal master data (e.g. name, salutation, language), professional contact details (e.g. address, e-mail address, telephone number), documentation of appointments and agreements (e.g. telephone logs, file notes, visit reports); Correspondence data (e-mails, correspondence, exchange via collaboration platforms), general data on the business relationship (e.g. inquiries about various products)

Legal basis: Article 6 (1) (f) GDPR – legitimate interests: Communication and correspondence in order to be able to process and respond to your business enquiries.

Storage period: We store your data until the purpose has been fulfilled. After fulfilling the purpose, your data will only be stored if there is a legal obligation to retain it or if another essential reason for further storage can be cited. This may be the case, for example, if we need your data for the assertion, exercise, defense, but also defense of legal claims.

Recipient categories: Your data may be transmitted to other voestalpine Group companies (www.voestalpine.com/standorte) in compliance with data protection regulations. In the context of communication and correspondence, depending on the type of contact chosen, your data may also be transmitted to processors (IT service providers).

Initiation, processing and management of business transactions

Purpose: We process your data for the initiation, processing and administration of business transactions. This includes, in particular, the processing of orders and their invoicing, the associated (legally required) accounting, invoicing and balancing, as well as the delivery of the goods and the agreed performance of maintenance activities or other agreed services. In addition, we also process your data for the purpose of processing complaints and for our dunning process.

Data categories: Personal master data (e.g. name, salutation, language), professional contact details (e.g. address, telephone number, fax), organisational assignment (e.g. professional position, power of representation), data on the company (e.g. company name, company register number, industry, creditworthiness data), general data on the business relationship (e.g. information on the product offered, turnover data, billing data, terms of service, handling of complaints), bank data (e.g. bank details, account number, receipt data), Contract data (e.g. concluded contracts, draft contracts and offers as well as associated correspondence), tax data (e.g. VAT, other tax numbers), correspondence data (e.g. e-mails, chat histories), documentation of appointments and agreements (e.g. telephone logs, file notes)

Legal basis:

Article 6 (1) (b) GDPR – Performance of contract and implementation of pre-contractual measures: if the business partner is a natural person.

Article 6 (1) (f) GDPR – legitimate interests: if the business partner is not a natural person, we process the data received from employees of the business partner for the purpose of fulfilling the contract with the business partner.

Article 6 (1) (c) GDPR – Compliance with legal obligations: such as regulatory requirements as well as tax and corporate documentation obligations.

Recipient categories: Your data may be transmitted to other voestalpine Group companies (www.voestalpine.com/standorte) in compliance with data protection regulations. The data collected for this purpose may also be transmitted to other business partners (such as shipping or logistics partners for the execution and processing of orders), but also to tax consultants, auditors, credit reference agencies, state authorities (e.g. tax office) and, in the event of a legal dispute, also to courts, administrative authorities and legal representatives.

Maintaining the business relationship Purpose:

In order to maintain and maintain the business relationship with you as a business partner, we arrange customer visits with you, conduct customer and supplier surveys, marketing campaigns, sweepstakes, competitions and similar activities and events from time to time, and also provide you with further education and special training for business partners. For this purpose, we process your data beyond the actual fulfilment of the contract in a customer/supplier management system or in a comparable IT system serving this purpose.

Data categories: Personal master data (e.g. name, salutation, language), professional contact data (e.g. address, telephone number, fax), organisational assignment (e.g. professional position, power of representation), data on the company (company name, company register number, industry), general data on the business relationship (e.g. information on the product offered, sales data, purchasing power classification, purchasing behaviour and demand interests, participation in marketing campaigns), correspondence data (e.g. e-mail content, Comments on portals, answers to written customer and supplier surveys), documentation of appointments and agreements (e.g. visit reports, answers to telephone surveys), data on training participation (e.g. certificates, training content)

Legal basis:

Article 6 (1) (a) GDPR – Consent: Participation in competitions, training courses, customer and supplier surveys

Article 6 (1) (f) GDPR – legitimate interests: Management of a customer/supplier management system to maintain and maintain the business relationship; Processing your feedback about our business relationship

Recipient categories: Your data may be transmitted to other voestalpine Group companies (www.voestalpine.com/standorte) in compliance with data protection regulations. In addition, we may transmit your data to processors (e.g. IT service providers for customer/supplier management systems, survey tools) and third parties required for the holding of training courses or other events (e.g. seminar organisers, trainers

Compliance with legal obligations and compliance requirements (in particular comparison of sanction lists)

Purpose: The fulfilment of legal obligations (such as requirements from data protection, export or antitrust law), the verification of compliance with agreed voestalpine guidelines (especially in the area of compliance), but also the comparison of business contact data for matches with names noted on sanctions lists, may make it necessary for your personal data to be processed for these purposes.

Data categories: personal master data (e.g. name, nationality), professional contact details (e.g. address, e-mail address); Data that indicates or proves a violation of a compliance requirement or legal obligation.

Legal basis:

Art 6 (1) (c) GDPR – Compliance with legal obligations

Article 6 (1) (f) GDPR – legitimate interests: detection of violations of compliance requirements as well as the assertion, exercise or defence of resulting legal claims; Compliance with prohibition norms (in particular sanctions lists to avoid high fines).

Recipient categories: Processors (IT service providers); if necessary, the data collected for this purpose will also be transmitted to courts, administrative authorities and legal representatives. International data transfers Due to the complexity of today’s data processing processes, we commission processors to process your data. As far as possible, we only use processors that are based within the European Union or within the European Economic Area and are therefore subject to the GDPR.

However, it may exceptionally happen that we transfer data to third countries (i.e. outside the European Union or the European Economic Area) and have it processed there. If we transfer data to third countries, the transfer will only take place in compliance with the legally regulated admissibility requirements (in particular, the existence of an adequacy decision by the EU Commission, the conclusion of standard data protection clauses, including – if necessary – additional agreement on further technical, organisational and contractual measures). In the event of a transfer of your data to a third country, it is possible to request a copy of the appropriate or adequate safeguards from our data protection organisation.

Rights of data subjects and possibility of complaint

In accordance with Article 15 of the GDPR, you have the right to request confirmation as to whether personal data is being processed by the controller and the right to information about this data.

In accordance with Article 16 of the GDPR, you have the right to request the rectification of incorrect data concerning you and/or the completion of incomplete personal data without undue delay.

In accordance with Article 17 of the GDPR, you have the right to have your personal data deleted. In accordance with Article 18 of the GDPR, you have the right to restriction of processing.

In accordance with Article 20 of the GDPR, you have a right to data portability.

In accordance with Article 21 of the GDPR, you have the right to object to data processing.

If your data is processed on the basis of your consent, you have the right to revoke your consent at any time, without affecting the lawfulness of the processing carried out on the basis of your consent before its withdrawal.

Finally, you have the option of filing a complaint with the supervisory authority responsible for you.

Contact Details

If you have any questions about data protection or how to assert your aforementioned rights, you can reach our data protection organization by e-mail at datenschutz@edro.com or by post at EDRO Specialty Steels GmbH Industriestraße 5c, 77767 Appenweier with the subject “Data protection”.

Portions of this Privacy Notice may be changed or updated by us for technical or legal reasons without prior notice to you. Please review the current Privacy Notice to stay informed of any changes or updates.