Thank you for your interest in the internet services provided by ST Extruded Products Germany GmbH, for short STEP-G. STEP-G attaches great importance to protecting your personal data during its collection, processing and use in the context of your visit to our website. We comply with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (Telemediengesetz) and any other applicable, country-specific data protection regulations.
In principle, the website of www.step-g.com can be used without submitting any personal data (e.g. the visitor’s name, address, e-mail address or telephone number). However, if you wish to make use of particular services that we offer via our website, it may be necessary for your personal data to be processed by STEP-G. We always seek your consent if we need to process your personal data, unless there is already a legal basis for such processing.
STEP-G has implemented a variety of technical and organisational measures to ensure that your personal data, which is processed via this website, is protected to the maximum extent possible. Nevertheless, we wish to point out that absolute protection cannot be guaranteed due to the nature of internet-based data transmission and the associated potential security vulnerabilities. You therefore have the option of providing us with your personal data by other means (e.g. by telephone or post).
/ Personal data
“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered to be identifiable if they can be identified either directly or indirectly, and in particular by association with an identifier such as a name, identification number, location data, an online identifier or one or more special characteristics that are specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
/ Data subject
“Data subject” means any identified or identifiable natural person whose personal data is processed by the data controller.
“Processing” means any process or series of operations performed with or without the aid of automated processes in connection with personal data, such as its collection, recording, organising, ordering, storage, adaptation or modification, read-out, querying, use, disclosure by transmission, dissemination or other form of disclosure, matching or linking, restriction, deletion or destruction.
/ Restriction of processing
“Restriction of processing” means the marking of stored personal data in order to restrict its future processing.
“Profiling” refers to any type of automated processing of personal data undertaken for the purpose of evaluating certain personal aspects relating to a natural person, in particular with the aim of assessing or predicting the person’s job performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or future change of location.
“Pseudonymisation” refers to the processing of personal data in such a way that ensures it can no longer be assigned to a specific data subject without additional information, provided that this additional information is stored separately and subjected to technical and organisational measures designed to ensure that the personal data is not assigned to an identified or identifiable natural person.
/ File system
A “file system” means any structured collection of personal data that is accessible via specific criteria, whether that collection is centralised, decentralised or organised on the basis of functional or geographical factors.
/ Data controller
The “data controller” is the natural or legal person, public authority, agency or other body which, either alone or in collaboration with others, decides on the purpose and means of the processing of personal data. Where the purpose and means of such processing are determined by European Union law or the law of the Member States, the data controller (or the specific criteria governing his/her appointment) may be determined by EU or national law.
/ Data processor
The “data processor” refers to a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.
The “recipient” means a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not they are a third party. However, authorities which receive personal data under EU or national law in connection with a particular investigation order are not considered to be recipients.
/ Third parties
A “third party” refers to a natural or legal person, public authority, agency or body other than the data subject, data controller, data processor and the individuals authorised to process the personal data under the direct responsibility of the data controller or data processor.
“Consent” means any unambiguous and voluntary expression of will on the part of the data subject in the form of a statement or other unambiguous confirmatory act, whereby the data subject indicates their agreement to the processing of their personal data.
2. Name and address of the data controller
The data controller with regard to the processing of the data collected via the website of www.step-g.com is:
3. Name and address of the data protection officer
The data controller’s data protection officer is:
All data subjects may contact our data protection officer at any time with any queries or suggestions regarding data protection.
Cookies enable STEP-G to provide the visitors to its website with services that are more user-friendly than would otherwise be possible. By using cookies, STEP-G is able to optimise its websites for the benefit of the visitors, since the cookies make it possible to identify repeat visitors to the website, which in turn allows us to make the website easier for them to use. For example, when using cookies, visitors are not required to enter their login data each time they visit the website. The login is instead performed automatically by the website via the cookie that was previously stored on the visitor’s computer. In addition, cookies enable online shops to “remember” the items that a customers have placed in their virtual shopping carts.
5. Collection of general data and information
Whenever a data subject or automated system accesses the STEP-G website, general information about the nature of the access is periodically stored in our server’s log files. This information may include the respective browser type and version, the operating system, as well as the website via which the data subject or automated system accessed our website. Other recorded information may include the subpages accessed on our website, the date and time of access, the visitor’s IP address, the internet service provider of the accessing system and any other security-related data we need in the context of preventing attacks against our IT systems.
STEP-G does not use this data for the purpose of identifying data subjects. Instead, this data is necessary to ensure that the contents of our website are properly transmitted, as well as to optimise our website, to ensure its functionality, and to provide information required by law enforcement agencies in the event of a cyberattack. We therefore evaluate this data solely for statistical purposes and also to improve data protection and data security within our company. The goal here is to ensure that the personal data we process is safeguarded to the maximum extent possible. The personal data which data subjects submit to us is stored separately from the anonymous data that our server collects via its log files.
6. Registration on our website
You have the opportunity to register on our website by submitting personal data. For details about which personal data is transmitted to the data controller, please refer to the respective input screen during registration. The personal data you provide is collected and stored by STEP-G solely for internal use and for statistical purposes. We may also transfer your personal data to one or more data processors, e.g. postal operators, which also use personal data exclusively for internal order processing.
If you register on our website, the data saved there is also transmitted by the respective internet service provider (ISP). This includes the IP address as well as the date and time of registration. We store this data as a necessary means to prevent misuse of our services and, if necessary, this information can be used at a later time to investigate previous criminal activity. The storage of the data is therefore necessary to safeguard the data controller’s systems. As a rule, we do not disclose this data to third parties, unless we are legally obliged to do so or the disclosure serves the purpose of law enforcement.
STEP-G requires users to register – and in so doing to submit personal data – in order to offer them content and services which, due to their nature, can only be offered to registered users. At any time, registered users are entitled to modify the personal data that they submitted during registration, or to have such data removed from STEP-G’s database entirely.
7. Contact via the website
Due to statutory regulations, the website www.step-g.com contains features and information which enable fast electronic contact with our company as well as direct communication with us. This includes our e-mail address.
When you contact STEP-G via e-mail or our contact form, your personal data is automatically stored. This data, which you voluntarily submit to STEP-G, is stored for the purpose of processing or contacting you (as the data subject). STEP-G does not share this data with third parties.
8. Routine deletion and blocking of personal data
STEP-G only processes and stores personal data for the period of time necessary to achieve the purpose of the storage, or if STEP-G is bound by statutory provisions that require such storage.
If the purpose of the storage is omitted or if a legally prescribed retention period expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.
9. Rights of data subjects
Due to the regulations of the GDPR, data subjects have the following rights:
/ Right to confirmation
/ Right to information
As the data subject, you have the right, at any time, to receive information from STEP-G free of charge regarding the personal data stored about you, and to receive a copy of this data. You also have the right to receive the following information:
a) the purpose of the data processing
b) the categories of personal data being processed
c) the recipients or categories of recipients to whom the personal data has been disclosed, or is yet to be disclosed, in particular recipients in third countries or international organisations
d) if possible, the planned storage duration for the personal data or, where this is not possible, the criteria used to determine the storage duration
e) the existence of a right to rectification or deletion of your personal data, or to request a restriction of its processing by the data controller, or to object to such processing
f) the existence of a right of appeal to a supervisory authority
g) if the personal data is not collected from you (as the data subject): all available information about the source of the data
h) the existence of an automated decision-making process, including profiling, in accordance with Article 22 (1) and (4) GDPR and – at least where such processes exist – meaningful information about the logic involved and the scope and intended impact of such processing with regard to you (as the data subject)
If personal data is transmitted to a third country or an international organisation, as the data subject you have the right to be informed about the appropriate safeguards in connection with the transfer under Article 46 EU GDPR.
/ Right to rectification
As the data subject, you have the right to demand that STEP-G immediately correct any incorrect personal data concerning you. Taking into account the purposes of the processing, as the data subject you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
/ Right to deletion (“right to be forgotten”)
As the data subject, you have the right to require STEP-G to delete your personal data without delay, provided that one of the following reasons applies and that the processing of your data is not mandatory:
a) The personal data is no longer required for the purpose for which it was collected or otherwise processed.
b) The data subject revokes the consent on which the processing was based in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing.
c) The data subject raises an objection to the processing in accordance with Article 21 (1) GDPR, and there are overriding, legitimate reasons for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR.
d) The personal data was processed unlawfully.
e) The deletion of personal data is necessary to fulfil a legal obligation under EU or national laws by which the data controller is bound.
f) The personal data was collected in relation to information society services pursuant to Article 8 (1) GDPR.
Where STEP-G has made personal data public which we are obliged to delete pursuant to Article 17 (1) GDPR, STEP-G will take appropriate measures (including of a technical nature) – taking into account the available technology and the costs of implementation – to notify other data controllers processing the published personal data that you (as the data subject) have requested the deletion of all links to such personal data as well as all copies or reproductions thereof by those other data controllers, unless such processing is mandatory. Any data protection officer or other employee of STEP-G will arrange everything necessary in individual cases.
/ Right to restriction of processing
As the data subject, you have the right to require STEP-G to restrict its processing of your personal data if any of the following conditions are met:
a) The accuracy of the personal data is contested by the data subject for a period of time that enables the data controller to verify the accuracy of the personal data.
b) The processing is unlawful and, as the data subject, you request the restriction of the use of your personal data rather than its deletion.
c) STEP-G no longer needs your personal data for processing purposes, however, as the data subject, you need it to assert, exercise or defend your rights.
d) As the data subject, you have objected to the processing pursuant to Article 21 (1) GDPR, and it is not yet clear whether STEP-G’s legitimate reasons for processing the data take precedence over your reasons for restricting its processing.
If one or more of these conditions exists and you (as the data subject) wish to request the restriction of the personal data stored by STEP-G, you can contact our data protection officer or any other STEP-G employee at any time. Any data protection officer or another employee of STEP-G will then arrange for the data processing to be restricted.
/ Right to data portability
/ Right to object
As the data subject, you have the right, for reasons based on your particular situation, to object at any time to the processing of your personal data pursuant to Article 6 (1) (e) or (f) GDPR. This also applies to profiling carried out on the basis of these provisions.
In case of an objection, STEP-G will cease processing the personal data, unless we can prove that there are compelling legitimate grounds for its processing, which outweigh your interests, rights and freedoms as the data subject, or unless the purpose of the processing is to assert, exercise or defend against legal claims.
Where STEP-G processes personal data for the purpose of direct advertising, as the data subject you have the right, at any time, to object to the processing of your personal data for the purpose of such advertising. The same applies in the case of profiling, to the extent that it is associated with such direct advertising. As the data subject, if you object to the processing of your personal data by STEP-G for direct advertising purposes, STEP-G will no longer process your personal data for these purposes.
In addition, as the data subject you have the right, for reasons based on your particular situation, to object to the processing of your personal data by STEP-G for scientific or historical research purposes, or for statistical purposes pursuant to Article 89 (1) GDPR, unless such processing is necessary in the public interest.
/ Automated decisions in individual cases, including profiling
As the data subject, you have the right to request that decisions concerning you (including profiling), which may produce legal effects or negatively affect you, are not based solely on automated processing, unless the decision
a) is required for the conclusion or performance of a contract between you (as the data subject) and STEP-G, or
b) is permitted under European Union or Member State legislation to which STEP-G is bound, whereby the legislation contains adequate measures to safeguard your rights, freedoms and legitimate interests as the data subject, or
c) with the express consent of you as the data subject.
If the decision is necessary for the conclusion or performance of a contract between you (as the data subject) and STEP-G, or if it is made with your explicit consent as the data subject, STEP-G will take appropriate measures to guarantee your rights, freedoms and legitimate interests as the data subject, including at least the right to request that a STEP-G employee intervene on your behalf, and to express your own position, and to contest the decision.
/ Right to revoke your consent relating to data privacy
As the data subject, you have the right to revoke your consent to the processing of your personal data at any time.
10. Privacy with regard to applications and during the application process
In connection with the career portal, STEP-G collects and processes applicants’ personal data for the purpose of processing their applications. Such processing may be carried out by electronic means. In particular, this applies in cases where applicants submit their application documents to STEP-G by e-mail, via a web form on our website, or by other electronic means.
If an application is successful and the applicant is hired, STEP-G stores the data submitted by the applicant for the purpose of facilitating the employment relationship. This data is stored in accordance with the statutory regulations.
If an application is unsuccessful, i.e. if no employment contract is concluded, STEP-G automatically deletes the submitted documents two months from the date on which the respective applicant was notified of their unsuccessful application. The data is only kept beyond this time if its deletion conflicts with other justified interests of STEP-G – for example, in the event that STEP-G is required to give evidence in proceedings under the German General Equal Treatment Act (AGG).
Components provided by the social network Facebook are integrated into the website www.step-g.com.
A social network is an online service that allows users to communicate and interact in virtual space. This online social meeting point (online community) can be used to exchange views and experiences and provide personal or business information to other users within the online community. Among other things, Facebook users can create personal profiles, upload photos and network with other users via friend requests.
The operator of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For data subjects who live outside the US or Canada, the data controller for Facebook is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
If a visitor to the website www.step-g.com accesses an individual subpage containing a Facebook component (Facebook plug-in), their IT system is automatically instructed by the respective component to download a version of the corresponding Facebook component from Facebook. All Facebook plug-ins are described in an overview which is available at https://developers.facebook.com/docs/plugins/?locale=de_DE Via this technical process, Facebook is able to determine which specific subpage of www.step-g.com the user is visiting.
If the user (as the data subject) is also logged in to Facebook, during each visit to the website www.step-g.com by the user (and for the entire duration of the respective visit), Facebook is able to identify which specific subpage was visited. The installed Facebook plug-in collects this information and Facebook assigns it to the user’s Facebook account. If the user clicks on one of the Facebook buttons integrated into our website or submits a comment, this information is assigned by Facebook to the data subject’s personal user account and this personal data is subsequently stored.
If a data subject is logged in to Facebook when they visit the website www.step-g.com, Facebook is notified about the visit via the respective plug-in – regardless of whether or not the user clicks on the Facebook buttons. As a user and data subject, if you do not agree to such a transfer of your data to Facebook, you can prevent this by making sure that you are logged out of your Facebook account before visiting the website www.step-g.com.
Information about Facebook’s data policy, including the personal data that is collected, processed and used by Facebook, is available from https://www.facebook.com/about/privacy/ In addition, you will find information there about settings provided by Facebook to protect the data subject’s privacy. Various applications which make it possible to prevent or limit the transmission of personal data to Facebook are also available. The user (as the data subject) can therefore prevent the transmission of their data to Facebook by means of these applications.
STEP-G has integrated the component Google Analytics (with anonymisation feature) into this website. Google Analytics is a web analytics service. Web analytics is the process of collecting and analysing of data about the behaviour of visitors to websites. Among other things, the web analytics service collects data about the website from which you (as the data subject) accessed our website (so-called “referrers”), which subpages of our website you accessed and how often and for what length of time you viewed a subpage. The web analytics service is primarily used for the purpose of optimising our website and carrying out cost-benefit analyses of online advertising activities.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
STEP-G uses the parameter “_gat._anonymizeIp” for its web analytics via Google Analytics. This parameter allows the IP address of the data subject’s internet connection to be shortened and anonymised by Google if the data subject accesses our website from a Member State of the European Union or from another contracting state to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse visitor flows on our website. Among other things, Google uses the acquired data to evaluate the use of our website, to compile online reports for us which show activities on our websites, and to provide other services related to the use of our website.
Each time an individual page of the STEP-G website that contains a Google Analytics component is accessed, the internet browser on the data subject’s IT system is automatically instructed by the respective Google Analytics component to transmit data to Google for the purpose of online analytics. As part of this technical process, Google obtains knowledge of the data subject’s personal data, including their IP address, which Google uses to track the origin of visitors and clicks, and subsequently to generate commission invoices.
The cookie stores personal data, such as the time of access, the location from which access was made and the frequency of the data subject’s visits to our website. Each time the data subject visits our website, their personal data, including the IP address of their internet connection, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer the personal data collected via this technical process to third parties.
You can prevent collection of your data by Google Analytics by clicking on the following link: An opt-out cookie is set which will prevent the collection of your data when you visit this website in future:
Disable Google Analytics
STEP-G has integrated components provided by the LinkedIn Corporation into its website www.step-g.com.
LinkedIn is a web-based social network for maintaining existing – and establishing new – business contacts. With over 500 million registered users in more than two hundred countries, the platform is currently the largest of its kind and one of the world’s most frequently visited internet sites.
Each time you visit an area of our website www.step-g.com that contains a LinkedIn component (LinkedIn plug-in), this component instructs the browser you are using to download a version of the LinkedIn component. More information about the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. Via this technical process, LinkedIn is able to determine which specific subpage of our website you are viewing (as the data subject).
If you are logged in to LinkedIn when you visit our website, the social network is able to identify which specific subpage of www.step-g.com you are viewing, as well as the duration of your visit. The LinkedIn plug-in collects this information, which is then assigned to your LinkedIn account by LinkedIn. If you click on a LinkedIn button on our website, LinkedIn assigns this information to your user account and subsequently stores this personal data.
If the data subject is logged in to LinkedIn when they visit the website www.step-g.com, LinkedIn is notified about this visit via the respective plug-in – regardless of whether or not the user clicks on the LinkedIn component. As the user and data subject, if you do not agree to such a transfer of your data to LinkedIn, you can prevent this by making sure that you are logged out of your LinkedIn account before visiting the website www.step-g.com.
STEP-G has integrated components provided by Xing into its website www.step-g.com.
Xing is a social network in which members primarily manage their professional contacts, and to a lesser extent their private contacts, and also establish new contacts. Xing primarily offers a platform for business networks in German-speaking countries, which allows individual users to create a personal profile and companies to create company profiles and publish job advertisements.
The operating company of Xing is XING AG, Dammtorstraße 30, 20354 Hamburg, Germany.
Each time you visit an area of our website www.step-g.com that contains a Xing component (Xing plug-in), this component instructs your browser to download a version of the Xing component. More information about the Xing plug-ins can be found at https://dev.xing.com/plugins. Via this technical process, Xing gains knowledge about which specific subpage of our website you are viewing (as the data subject).
If you are logged in to Xing when you visit our website, the social network is able to identify which specific subpage of www.step-g.com you are viewing, as well as the duration of your visit. The Xing plug-in collects this information, which is then assigned to your Xing account by Xing. If you click on a Xing button on our website, Xing assigns this information to your user account and subsequently stores this personal data.
If the data subject is logged in to Xing when they visit the website www.step-g.com, Xing is notified about this visit via the respective plug-in – regardless of whether or not the user clicks on the Xing component. As the user and data subject, if you do not agree to such a transfer of your data to Xing, you can prevent this by making sure that you are logged out of your Xing account before visiting the website www.step-g.com.
15. Legal basis of the processing
Pursuant to Article 6 (1) GDPR, the processing of personal data by STEP-G is lawful provided that at least one of the following conditions is met:
a) The data subject has given their consent to the processing of their personal data for one or more specific purposes
b) The processing is necessary for the performance of a contract to which the data subject is a party, or for the performance of pre-contractual measures at the data subject’s request (e.g. product enquiries)
c) The processing is required to fulfil a legal obligation on the part of the data controller (e.g. tax obligations)
d) The processing is necessary to protect the vital interests of the data subject or any other natural person (e.g. a visitor’s health insurance data in the event of an accident on our premises)
e) The processing is necessary for the performance of a task which is in the public interest or in the exercise of official authority vested in the data controller
f) The processing is necessary to safeguard the legitimate interests of the data controller or a third party, unless these are secondary to the interests or fundamental rights and freedoms of the data subject in the context of data protection, and in particular if the data subject is a child.
16. Legitimate interests in the processing pursued by the data controller or a third party
Where the processing of personal data is based on Article 6 (1) (f) GDPR, we have a legitimate interest in conducting our business for the benefit of all of our employees and shareholders.
17. Duration for which the personal data is stored
STEP-G stores personal data for the duration of the respective statutory retention period. At the end of this period, the corresponding data is routinely deleted, unless it is required for performance of the contract or for contract initiation.
18. Legal or contractual regulations governing the provision of personal data; its necessity for the purpose of concluding of the contract; obligations of the data subject to provide their personal data; possible consequences of non-provision
We wish to explicitly point out that the provision of your personal data may be required by law (e.g. due to tax regulations) or may result from contractual arrangements (e.g. details of the contracting party). For the purpose of concluding a contract it may be necessary for you, as the data subject, to provide us with personal data that must be subsequently be processed by us. For example, as the data subject, you will be required to provide us with personal data if our company signs a contract with you. Refusal to provide your personal data would mean that we would not be able to conclude the contract with you (as the data subject). Before you submit your personal data to us, we advise you to contact our data protection officer or one of our employees. They will inform you (as the data subject) on a case-by-case basis whether the provision of your personal data is required by law, or contractually required, or required for the conclusion of the contract, or whether you are obliged to provide the personal data, as well as the consequences of refusing to provide it.
19. Existence of an automated decision-making process
As a responsible and conscientious company we do not carry out automated decision-making or profiling.
20. External data protection officer of ST Extruded Products Germany GmbH (STEP-G)
Harald Riebold, data protection officer AMD TÜV Arbeitsmedizinische Dienste GmbH