Principles of data processing
You have arrived at this website via a link because you wanted to receive information about how we handle (your) personal data. To fulfil our information obligations pursuant to Art. 12 et seq. of the General Data Protection Regulation (GDPR), we are happy to provide you with the following information regarding data protection.
The controller within the meaning of data protection law is
Theo Steil GmbH Schrott- und Metallgroßhandel
Theo Steil GmbH Schrott- und Metallgroßhandel is represented by the management.
You can find more information about our company, details about the authorised representatives and other options for establishing contact in the legal information section of our website: https://www.steil.de/impressum
Data protection officer
Im Hollerstück 14
Source of personal data
We process personal data that we have obtained from our customers, suppliers and interested parties in the course of our business relationships or that we have generated ourselves in this context. Furthermore, if necessary for fulfilling our services, we process personal data that is transmitted lawfully to us by other companies within the Steil Group or other third parties (e.g. a credit agency).
Categories of personal data that are processed
We process the following categories of personal data: Master data (e.g. customer number, name, date and place of birth), verification data (e.g. ID data) and authentication data (e.g. signature sample), communication and contact data (e.g. address, phone, fax, email), company data (e.g. company name, tax number, operating site, contacts), vehicle license plate, data to fulfil our contractual obligations (e.g. revenue data for payment transactions), data to fulfil statutory requirements (e.g. weighing slip or disposal certificate), payment and credit data (e.g. bank, IBAN, BIC), data associated with establishing or implementing contracts (e.g. contract data, correspondence, payment data and terms, conditions, terms of delivery and service as well as logistics and delivery data), statistical data along with other data comparable to the categories mentioned.
Purposes for which personal data is processed
If we have received personal data from you, in principle, we only process this data according to the intended purposes for which it was obtained or collected.
These purposes include in particular:
- scrap and metal trade, waste disposal and recycling as well as transport and logistics. We use your personal data to provide you with advice, accept and handle orders, manage payments or communicate with you regarding offers, orders or services.
- Compliance with legal obligations. In specific cases we are subject to legal obligations to collect and process your personal data.
- Communication. We use your personal data to communicate with you via various channels (including phone, email, mail) regarding our services.
- Fraud prevention and credit risks. We process personal data to prevent or detect fraud and abuse in order to protect the security of the Steil group and third parties.
- Purposes for which we obtain your consent. In specific cases, we will ask for your consent to process your personal data for a concrete purpose which we will communicate to you specifically. If you consent to the processing of your personal data for a specific purpose, you may withdraw your consent to our use at any time with future effect.
Data processing for other purposes is only considered if the required statutory provisions apply according with Art. 6 (4) GDPR. Of course, we will observe any obligations to provide information pursuant to Art. 13 (3) GDPR and Art. 14 (4) GDPR.
Legal bases for processing
We process your personal data in compliance with the relevant applicable legal data protection requirements. The legal basis for processing of personal data is generally Art. 6 GDPR, unless there are other specific legal provisions. Processing is considered lawful if at least one of the following conditions is met:
- Consent (Art. 6 (1)(a) GDPR)
The processing of personal data is lawful when consent has been given for specific purposes and in the scope agreed upon. Consent to our use may be withdrawn at any time with future effect.
- To fulfil contractual obligations or to take steps prior to entering into a contract (Art. 6 (1)(a) GDPR).
To fulfil our contractual obligation to provide services for our customers and/or to take steps prior to entering into a contract if requested to do so, we process personal data. The purposes of data processing are primarily derived from the concrete service. You can find further details about the purposes of data processing in the currently valid contract documents and terms and conditions.
- Based on statutory provisions (Art. 6 (1)(c) GDPR) or in the public interest (Art. 6 (1)(e) GDPR)
We are subject to various legal obligations, that is, statutory requirements (e.g. retention rules under trade law and tax law according to the Commercial Code and Fiscal Code or Recycling and Waste Management Act). The purposes of processing include the fulfilment of monitoring and reporting obligations under customs law and tax law, as well as risk assessment and control in the company and within the Steil group.
- Based on legitimate interest (Art. 6 (1)(f) GDPR).
As far as necessary, we will continue to process your personal data after the normal fulfilment of the contract in order to pursue our own legitimate interests or the interests of the Steil group or third parties, unless such interests are overridden by the interests of the data subject.
Our legitimate interests include:
- Reviewing and improving processes of general business management and ongoing development of our services and production processes
- Evaluation of sales data
- Assertion of legal claims and defence in legal disputes
- Determent, investigation or prevention of crimes
- Video monitoring to safeguard the premises, to collect evidence in case of break-ins and fraud or as proof of payment (see also Section 4 BDSG-neu).
- Measures for building and plant security (e.g. access controls)
- Measures to safeguard the premises
- Safeguarding of IT operation as well as IT security in the Steil group
- Data exchange with credit agencies to determine creditworthiness or risk of default
If personal data is processed based on consent which you have given, you have the right to withdraw this consent to our use at any time with future effect.
If we process data based on our legitimate interests , as a data subject, you have the right to object to the processing of your personal data taking into account the provisions of Art. 21 GDPR.
Categories of recipients of personal data
Within Theo Steil GmbH Schrott- und Metallgroßhandel as well as the Steil group, different entities have access to personal data as required for the purposes of data processing pursued by Theo Steil GmbH Schrott- und Metallgroßhandel or the Steil group, or in order to fulfil contractual and statutory obligations. Theo Steil GmbH Schrott- und Metallgroßhandel also engages carefully selected service providers located within the EU and commissioned in compliance with data protection law to conduct some of the abovementioned processes.
With respect to the transmission of data to additional recipients, we may only forward information concerning you if we are authorised to do so. In these cases, the recipients of personal data could include:
- Public entities and institutions (e.g. customs, financial authorities or waste management authorities) if there is a statutory or official obligation
- Other companies or comparable institutions to whom we transfer personal data to conduct our business relationship with you (e.g. banks, credit agencies, forwarding companies, service providers as long as they are not processors and there is a legitimate interest in this transfer)
- Other companies within the Steil group
In addition, other entities could be data recipients if you have given us your consent to the transfer of data.
Duration for which personal data is processed
We process your personal data as long as this is required for the intended purpose. If legal retention obligations apply, the personal data in question will be stored for the duration of the retention obligation in order to fulfil the following purposes:
- Fulfilment of retention obligations under trade law and tax law: In this regard it is worth mentioning the Commercial Code (HGB) and the Fiscal Code (AO). According to these laws, the retention or documentation periods extend up to 10 years.
- Conservation of evidence in the framework of statutory limitation periods: Pursuant to Section 195 et seq. of the Civil Code (BGB), the regular limitation period is 3 years, though this can extend up to 30 years given particular circumstances.
- Compliance with storage obligations under telecommunications law, pursuant to the current Telecommunications Act (TKG) and other laws
After the expiry of the retention obligation it will be reviewed whether processing is still necessary. If it is no longer necessary, the data will be deleted.
In principle, we conduct an audit of data at the end of each calendar year with respect to the necessity of further processing. Due to the quantity of data, this audit concentrates on specific data types or purposes of processing.
Of course, you can request information at any time about the personal data we have stored concerning you, and if this is no longer necessary you can request that the data be deleted or that processing be restricted.
Transfer to third parties
As a rule, your personal data will only be transferred to third parties if this is required in order to implement the contract with you, if transfer is permitted based on legitimate interests within the meaning of Art. 6 (1)(f) GDPR, if we are legally obligated to transfer the data or if you have given us your consent.
Place of data processing
We will exclusively process your personal data in data centres in the Federal Republic of Germany.
Rights of natural data subjects
According to the federal data protection law, you have the right to receive information according to Article 15 GDPR, the right to rectification according to Article 16 GDPR, the right to erasure according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR as well as the right to data portability according to Article 20 GDPR. For the right to receive information and the right to erasure, the restrictions of Sections 34 and 35 GDPR apply. Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR in conjunction with 19 BDSG). A list of data protection officers and their contact data can be found in the following link:
If you consent to the processing of your personal data, you may withdraw your consent to our use at any time with future effect. The lawfulness of the data processing that has occurred up until withdrawal will be unaffected by this withdrawal. This also applies for the withdrawal of declarations of consent granted to us before the GDPR entered into force, that is, before 25 May 2018.
Obligation to provide data
Within the framework of our business relationship, you are only required to provide personal data that is necessary for establishing, implementing and terminating a business relationship and to fulfil the associated contractual obligations, or which we are legally obligated to collect. Without this data, we will generally not be able to conclude, perform or terminate a contract with you.
Existence of automated decision-making, including profiling
As a rule, we do not use any automated decision-making for the establishment, performance of termination of the business relationship pursuant to Article 22 GDPR. If we use this procedure in individual cases, we will inform you separately of this fact insofar as this is prescribed by law.
Right to object
Information regarding your right to object pursuant to Art. 21 GDPR
Right to object depending on the individual case
You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data which is based on points Art. 6 (1) (e) GDPR (data processing in the public interest) and Art. 6 (1) GDPR (f) (data processing based on legitimate interest), including profiling based on Article 4 (4) GDPR.
If you object, we will not continue to process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if processing is necessary for the assertion, exercise or defence of legal claims.
Right to object against the processing of data for direct advertising
In specific cases, we will process your personal data in order to send direct advertising (e.g. price lists or price information notices). You can object to the processing of your personal data for the purposes of such advertising at any time. This also applies for profiling insofar as it is connected with such direct advertising.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
There is no formal requirement for making an objection, and it should be addressed to:
Theo Steil GmbH Schrott- und Metallgroßhandel
In case of requests for information that are not made in writing or without sufficient options of identification, please understand that we may request proof to demonstrate that you are the person you say you are.
Privacy and data protection, communication by email
Your personal data will be protected against access by unauthorised third parties by technical and organisational security measures during collection, storage and processing. We cannot guarantee complete data security on transmission channels to our IT systems during unencrypted communication via email. Accordingly, we recommend you to send highly confidential information to us by mail.