The thyssenkrupp Materials Services GmbH ("We") is in a business relationship with you or your employer/client, e.g. the initiation or execution of a contractual relationship as part of our business activities (#description of business activity).
We make sure that we comply with the requirements of the applicable Data Protection Acts. Below is a detailed overview of how we handle your data and your rights.
The controller for the data processing is
thyssenkrupp Materials Services GmbH
thyssenkrupp Allee 1
45143 Essen
Telephone: +49 201 844 0
Email: materials.services@thyssenkrupp-materials.com
Our data protection officer can be reached at Data protection officer
thyssenkrupp Materials Services GmbH
thyssenkrupp Allee 1
45143 Essen
Email: dataprotection.bamx@thyssenkrupp-materials.com
We process personal data that you provide to us as part of the business relationship. If our business relationship is with your employer or client, we also collect the personal data from you or your employer or client. This includes the following data or categories of data:
Master data (e.g. name and salutation, title, job title/description)
Contact details (e.g. telephone number, fax number, email address, address)
Communication data (e.g. content of personal, telephone or written communication)
Moreover, we process the following categories of personal data that we generate independently:
Master data (e.g. customer number)
Contract data (e.g. contract ID, contract history)
Communication data (e.g. consulting protocols)
Payment data (e.g. payment details, account data, invoice information)
We process your data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and all other applicable laws.
We primarily process personal data for the fulfillment of contractual obligations (Article 6 paragraph 1 lit. b GDPR), more precisely for the purpose of initiating, executing or fulfilling a contract. This includes, for example, placing orders, internal sales, shipping and payment of merchandise or contract negotiations.
Unless you are not yourself a contracting party (for example, you are an employee of a business partner), processing for the same purposes takes place as a legitimate interest in accordance with Article 6 paragraph 1 lit. f GDPR. With your employer/client, we are in the initiation or execution phase of a contractual relationship as part of our business activities. We are processing your personal data due to your activity for your employer/client.
If necessary, we also process personal data to fulfill statutory requirements (Article 6 para- graph 1 lit. c GDPR) for the following purposes:
Preservation of statutory storage requirements
Preservation of legal reporting obligations
Furthermore, we process personal data in order to safeguard the following legitimate interests (Article 6 paragraph 1 lit. f GDPR):
Maintenance of the business relationship with existing customers
Inclusion in our contact database, human relations after business contact (e.g. after leaving your business card)
Organization of events (for example, admission control, exchange of participant lists with event partners, photo coverage, publications, press releases)
Asserting legal claims and defense in legal disputes
Direct marketing towards current customers resp. employees of current customer with regard to existing or previous business relations via mail, e-mail, phone (e.g. Information about products and events, newsletter)
payments management and receivables management (e.g. debt collection, factoring)
In addition, we potentially process personal data for which we received consent (Article 6 paragraph 1 lit. a GDPR). We will collect them separately and in the following cases:
Direct marketing towards prospective customers / business partners / other business contacts (e.g. information about products and events, newsletter via mail, e-mail, phone)
Your data will be processed within the thyssenkrupp Materials Services GmbH by the employees involved in the initiation/implementation of the business relationship and the execution of the respective business processes.
Within our group of companies your data will be transmitted to certain companies when they perform centralized data processing tasks for the group's affiliated companies (e.g. centralized contact data management, centralized contract management, file disposal, payments management and receivables management).
In addition, to fulfill our contractual and legal obligations, we sometimes use different external service providers who are required by data processing agreements to observe data protection laws, Article 4 No. 8 GDPR. These are service providers in the following areas
IT services
Logistics
Accounts receivable management
Marketing
Legal Consulting
In addition, we transmit your data to other recipients outside the company who process your data at their own responsibility, Article 4 No. 7 GDPR. For example, this may include the following categories of responsible persons:
Public institutions due to statutory provisions (e.g. tax authorities)
Third parties such as credit institutions, credit bureaus - if a transfer of legitimate interest is permissible
We process your personal data as long as it is necessary for the above referenced purposes. After completion of the business relationship your data will be stored as long as we are legally obligated to do so. This is regularly the result of legal proof and retention obligations, which are regulated in the Commercial Code and the Tax Code. According to these codes, the storage periods are up to ten years. In addition, it may be necessary to retain personal data for the time during which claims can be asserted against us (statutory limitation period of up to thirty years).
We process your personal data as long as it is necessary for the above referenced purposes. After completion of the business relationship your data will be stored as long as we are legally obligated to do so. This is regularly the result of legal proof and retention obligations, which are regulated in the Commercial Code and the Tax Code. According to these codes, the storage periods are up to ten years. In addition, it may be necessary to retain personal data for the time during which claims can be asserted against us (statutory limitation period of up to thirty years).
There is no contractual or legal obligation to provide personal data. However, without processing your personal data, we are not in a position to carry out the necessary pre-contractual measures or execute the contractual relationship with you or your employer/client.
To the extent necessary for the above purposes, we also transmit data to group companies or service providers outside the European Economic Area (EEA). This is done in compliance with data protection requirements, in particular the assurance of an adequate level of data protection. The assurance is provided by a suitable guarantee (e.g. in the form of a standard data protection clause according to Article 46 paragraph 2 lit. c GDPR, which is agreed with the respective recipient). You may request additional information, in particular copies of these appropriate guarantees, by using the contact details mentioned in section 2 below.