Protecting the security and privacy of your personal data is very important to voestalpine High Performance Metals GmbH, Donau-City-Straße 7, 1220 Vienna, Austria and its subsidiaries (hereinafter “we” and “us”). We observe the applicable legal regulations for the protection, proper handling, and confidentiality of personal data, especially the Austrian Data Protection Act (DSG), the EU General Data Protection Regulation (GDPR) and the Austrian Telecommunications Act (TKG).
This data protection policy explains the nature, scope, and purpose of us collecting and using your personal data when you visit and use our website .
There is also a separate general data protection policy for business partners.
Personal data is any information relating to the data subject (natural person), who can be identified, directly or indirectly (e.g. name, e-mail address, or IP address).
When you contact us by e-mail, phone, or fax, we will process the personal data you submit (e-mail, name, phone number, fax number, your inquiry, associated documents) for the purpose of handling your inquiry.
Data processing takes place on the basis of Article 6(1)(a) (consent) and/or (f) (legitimate interest) GDPR.
The processed personal data is used for statistical analysis and for the purpose of operating, safeguarding, and optimizing the website (legitimate interest). Any other use of your personal data (e.g. sending of newsletters) only takes place with your consent.
Unless explicitly indicated otherwise at the time of the collection of your personal data (e.g. in a declaration of consent), your personal data will be erased (or anonymized) if the retention of the personal data is no longer necessary to fulfill the purposes for which they were collected and if no statutory retention obligations (such as tax or commercial law) require us to further retain the data.
Without your consent, we will not transfer your personal data collected based on your website use to third parties unless it is required to perform our duties or required by law/authorities.
We engage processors (service providers) to process personal data (within the scope of an IT support contract, for example). These processors are contractually bound to comply with the applicable data protection regulations.
Generally, you have the right of access, the right to rectification, erasure, restriction of processing, data portability, and the right to object. If processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Finally, you are entitled to file a complaint with a supervisory authority.
For any questions related to data privacy and asserting the rights listed above, please contact the data protection organization at HPMfirstname.lastname@example.org.
This data protection policy will be revised from time to time.
Please check if there is even a possibility to order a newsletter on the website. If not, this paragraph should be deleted.
In the course of our business relationship with you, it is necessary for us to process your personal data. “Personal data” is any information that relates to an identified or identifiable natural person (e.g. names and email addresses).
Protecting the security and privacy of personal data of our business partners (such as customers and suppliers) is very important to voestalpine High Performance Metals GmbH, Donau-City-Straße 7, 1220 Vienna, Austria and its subsidiaries (together “we” and “us”). We are obligated to protect your data and take this duty very seriously. We expect the same from our business partners.
Please find enclosed a summary of the processing of personal data of business partners:
In the context of the business relationship with business partners, we may process personal data for the following purposes:
For the aforementioned purposes, we may process the following categories of personal data:
The processing of personal data is necessary to meet the aforementioned purposes including the performance of a contractual relationship or a pre-contractual activity with the business partner.
Unless indicated otherwise, the legal basis for the processing of personal data is Article 6 (1) (a) (if consent has been given) or Article 6 (1) (b) or (f) of the General Data Protection Regulation (GDPR):
If aforementioned personal data is not provided or is insufficient or if we cannot collect the respective personal data the purposes described may not be met or the received inquiry/inquiries could not be processed. Note that this would not be considered failure to fulfill our obligations under a contract.
If legally permitted to do so, we may transfer personal data to other voestalpine Group companies (www.voestalpine.com/locations) or courts, authorities, attorneys, or other business partners (for example shipping and logistics partners for executing and processing orders).
Furthermore we engage processors (service providers) to process personal data (within the scope of an IT support contract, for example). These processors are contractually bound to act in compliance with applicable data protection regulations.
Recipients of personal data may be located in countries outside of the European Union (“third countries”), in which applicable laws do not offer the same level of data protection as the laws of the respective individual’s home country. In this case, according to the legal requirements personal data is only transferred if the European Commission has adopted an adequacy decision for the third country, if adequate safeguards have been agreed (e.g. EU Standard Contractual Clauses were concluded), the recipient participates in an approved certification system (e.g. EU-US Privacy Shield), binding corporate rules are implemented in accordance with Art. 47 of the General Data Protection Regulation or there is a derogation for specific situations in accordance with Art. 49 of the General Data Protection Regulation (e.g. because you explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards). Further information and a copy of the implemented measures can be obtained from the contact listed under 6.
Unless explicitly indicated otherwise at the time of the collection of your personal data (e.g. in a declaration of consent), your personal data will be erased if the retention of the personal data is no longer necessary to fulfill the purposes for which they were collected and if no statutory retention obligations (such as tax or commercial law) or establishment, exercise or defence of legal claims require us to further retain the data.
In order for us to efficiently respond to such a request, we ask you to contact us using the contact data listed below and to provide us with confirmation of your identity, for example, by sending us an electronic copy of your ID.
The security of your personal data is extremely important to us. We take specific measures to protect your personal data against loss, misuse, unauthorized access, manipulation or disclosure, including the following:
All processors engaged by us are bound by our security concept and are obligated to adhere to similar or equal security measures.
For any questions related to data protection and asserting the rights as listed, please contact our data protection organization at HPMemail@example.com.
This General Data Protection Notice for business partners will be revised from time to time. The date of the last revision is in the footer.