In the course of our business relationship with you, it is necessary for us to process your personal data. “Personal data” is any information that relates to an identified or identifiable natural person (e.g. names and addresses).
Protecting the security and privacy of personal data of our business partners (such as customers and suppliers) is very important to voestalpine group-IT GmbH, voestalpine-Straße 3, 4020 Linz and its subsidiaries (together voestalpine group-IT Group). We are obligated to protect your data and take this duty very seriously. We expect the same from our business partners.
Please find enclosed a summary of the processing of personal data of business partners:
1. Categories of personal data processed, purpose of the processing and legal basis
In the context of the business relationship with business partners, voestalpine group-IT Group may process personal data for the following purposes:
For the aforementioned purposes, voestalpine group-IT Group may process the following categories of personal data:
The processing of personal data is necessary to meet the aforementioned purposes including the performance of a contractual relationship or a pre-contractual activity with the business partner.
Unless indicated otherwise, the legal basis for the processing of personal data is Article 6 (1) (a) (if consent has been given) or Article 6 (1) (b) or (f) of the General Data Protection Regulation (GDPR).
If aforementioned personal data is not provided or is insufficient or if voestalpine group-IT Group cannot collect the respective personal data the purposes described may not be met or the received inquiry/inquiries could not be processed. Note that this would not be considered failure to fulfill our obligations under a contract.
2. Transfer and disclosure of personal data
If legally permitted to do so, voestalpine group-IT Group may transfer personal data to other voestalpine Group companies (www.voestalpine.com/locations) or courts, authorities, attorneys, or other business partners (for example shipping and logistics partners for executing and processing orders).
Furthermore voestalpine group-IT Group engages processors (service providers) to process personal data (within the scope of an IT support contract, for example). These processors are contractually bound to act in compliance with applicable data protection regulations.
Recipients of personal data may be located in countries outside of the European Union (“third countries”), in which applicable laws do not offer the same level of data protection as the laws of the respective individual’s home country. In this case, according to the legal requirements personal data is only transferred if the European Commission has adopted an adequacy decision for the third country, if adequate safeguards have been agreed (e.g. EU Standard Contractual Clauses were concluded), the recipient participates in an approved certification system, binding corporate rules are implemented in accordance with Art. 47 of the General Data Protection Regulation or there is a derogation for specific situations in accordance with Art. 49 of the General Data Protection Regulation (e.g. because you explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards). Further information and a copy of the implemented measures can be obtained from the contact listed under 6.
3. Retention periods
Unless explicitly indicated otherwise at the time of the collection of your personal data (e.g. in a declaration of consent), your personal data will be erased if the retention of the personal data is no longer necessary to fulfill the purposes for which they were collected and if no statutory retention obligations (such as tax or commercial law) or establishment, exercise or defence of legal claims require us to further retain the data.
4. Right of access to and rectification or erasure of personal data, restriction of processing, Right to object to processing, right to data portability and right to withdraw explicitly granted consent
In order for us to efficiently respond to such a request, we ask you to contact us using the contact data listed below and to provide us with confirmation of your identity, for example, by sending us an electronic copy of your ID.
5. Protection of your personal data
The security of your personal data is extremely important to us. We take specific measures to protect your personal data against loss, misuse, unauthorized access, manipulation or disclosure, including the following:
All processors engaged by us are bound by our security concept and are obligated to adhere to similar or equal security measures.
For any questions related to data protection and asserting the rights as listed, please contact the voestalpine data protection organization at:
This General Data Protection Notice for business partners will be revised from time to time.