Thank you for your interest in our Group and all our companies’ products.
In the following Data Protection Notice, Klöckner & Co Deutschland GmbH (also referred to in the following as “Klöckner”, “we”, “us” or “our”) provides you with various information about the processing of your personal data in the course of our general business activities and specifically in contract fulfillment. Personal data is all information relating to an identified or identifiable natural person (such as your first name and surname, your mailing address, your phone number or your e-mail address).
In the following, we would like to inform you in particular about what personal data is processed, for what purpose in each case, as well as your rights in this regard.
Kloeckner Metals Austria GmbH & Co KG
Group Data Protection Office
Kloeckner Metals Austria GmbH & Co KG
- The connection data of the requesting device, including the IP address;
- The web pages accessed, including the referring page;
- The date and time of your visit;
- The type and version of the requesting browser and the operating system;
- The volume of data transferred in connection with your visit.
a) Data and data categories affected:
We process the following data in the course of our general business activities: title, first name, surname, business e-mail address, date of birth, company name, business mailing address, form of company, billing address, delivery address and details, payment method, credit card information (truncated), business telephone number, tax number, Klöckner customer number, and details of customer-specific prices (agreed rebates and terms), contracts and orders placed (including, for example, order number, call-off quantity unit, article number, quantity required, date and time).
In our online shop, we additionally process user data on the users assigned to your account, comprising name, e-mail address and password (encrypted), your account identifier and usage data associated with use of the online shop.
b) Purposes of processing and legal basis
We process the aforementioned data in the course of our general business activities and in particular to fulfill our contractual obligations and in order to take the steps required prior to entering into a contract pursuant to Article 6(1)(b) of the GDPR (in the case of data concerning contractual partners) or Article 6(1)(f) of the GDPR (in the case of data concerning the contact persons of contractual partners). In the latter case, our legitimate interest consists in being able to conduct correspondence with our contractual partners. The fulfillment of our contractual obligations and the taking of steps required prior to entering into a contract include preparing and making quotations, order fulfillment including logistics, payment processing and invoicing, and general customer support such as assistance with questions about products. We also use your contact data in the course of the business relationship (such as to contact you regarding customer satisfaction, customer loyalty and after-sales support) on the basis of Article 6(1)(f) of the GDPR. Our legitimate interest here consists in managing and enhancing the customer relationship.
In addition, we collect and process data on the creditworthiness of the requested person/company including other creditworthiness-related data such as information on shareholdings, overdue receivables or enforcement. The legal basis for this processing is Article 6(1)(f) of the GDPR. Our legitimate interest consists in identifying and reducing default risk.
For refinancing purposes, we regularly sell receivables to banks via our trust company (under an asset-backed securitization (ABS) program). Where necessary for this purpose, parts of your personal data referred to under III a) Data and data categories affected may be communicated to the banks concerned. The legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR in managing our corporate finances.
Pursuant to Article 6(1)(c) of the GDPR, we are required under the European anti-terrorism regulations 2580/2001 and 881/2002, as well as under international law, to screen your contact data (company name and address) in order to ensure that no funds or other economic resources are made available in the future for the purposes of terrorism. We collect the data either directly from you or via other Klöckner systems such as our online shop as the case may be.
In addition, we process your personal data to analyze general customer behavior. The purpose of processing is to gain an understanding of customer-specific differences with regard to ordering frequency, ordering medium, quantities, prices, etc. in order to provide you with personalized service. The basis for this is our legitimate interest pursuant to Article 6(1)(f) of the GDPR in promoting sales by making targeted offers as well as through customer support.
We additionally use the data collected to send out general newsletters (product recommendations, information on Klöckner, campaigns, surveys, etc.) on the basis of Article 6(1)(f) GDPR. Our legitimate interest is that of sales promotion by advertising. If you have additionally consented to personalized direct marketing, we also process your data in order to send you personalized newsletters. For further details, please see IV d) Supplementary information on personalized direct marketing.
In some cases, we also use past order communications to improve our digital systems, such as for automated scanning and answering of quote requests using algorithms. This type of system development (artificial intelligence/machine learning) generally requires large quantities of known datasets – such as old quote requests – in order to “train” the system. The legal basis for this is our legitimate interest pursuant to Article 6(1)(f) of the GDPR in system optimization for the purpose of improved customer support.
c) Supplementary information for web shop users:
In addition, we process your data from the web shop in pseudonymous form on the basis of Article 6(1)(f) of the GDPR in order to create statistical analyses of general customer behavior in the web shop. Our legitimate interest here consists in pursuing the aforementioned purposes.
If you place items in a shopping basket and quit the order process by closing your browser window or save your basket without placing an order, we process your shopping basket data and your phone number or your e-mail address on the basis of Article 6(1)(f) of the GDPR for the purpose of direct marketing to contact you by phone or e-mail and bring your attention to the items left in your shopping basket or ask if there were technical reasons why you did not proceed with your order. On this legal basis, we also process your e-mail address and data on the branch office responsible for you in order to send you offers by e-mail and to provide technical support with your order as necessary.
d) Supplementary information on personalized direct marketing:
In order to provide you with information tailored to your interests, the personal data referred to below is processed as follows for the purpose of target group formation and assignment, on the basis of your consent pursuant to Article 6(1)(a) of the GDPR:
 Personal data
Title; first name and surname; e-mail address; age; marital status; income; occupation; company name, address, customer number, industry classification and classification of the company associated with me on the basis of an analysis as referred to under subheading ; my function and department in the company; information on the creditworthiness, payment behavior and competitive behavior of my company within the market between different providers; date of first contact with Klöckner; contact person number assigned to me; my language; purchase behavior and purchase history (online/offline), contact points used and services that have been activated and that I have used; my communication and interaction behavior during advertising campaigns, quote requests, orders and use of services, including movements within the online shop, click behavior, entry, source and target pages visited, IP addresses used, dwell time and bounce rate during online visits, number of visits, status as new or returning customer, average loading and visit time; my responses and movements within marketing channels; chat and customer service logs, my communication history and records and results logs from phone calls and face-to-face meetings; market research survey findings; details of my account managers and of the sales organization at Klöckner.
 Target group formation and assignment
For target group formation in each e-mail campaign, different groups of users to be targeted with regard to special offers, special events, trade shows, products and services are first identified. Users are then assigned to the target groups. For this purpose, the personal data referred to under subheading  is analyzed as explained under subheading . On the basis of that analysis, the system automatically decides for each e-mail campaign the target group I am assigned to and the special offers, special events, trade shows, products and services offered to me.
In the analysis, we create a profile of you and your company in order to examine and rate the personal data referred to under subheading  with regard to your prior behavior as customer and the behavior of your company. This makes it possible to identify preferences in terms of products, time of purchase and other behavior-relevant information. By incorporating additional statistical experience data, Klöckner makes inferences about my probable future behavior and computes probabilities for my affinity to specific special offers, special events, trade shows, products and services.
 Right to revoke consent
YOU MAY REVOKE YOUR CONSENT AT ANY TIME, EITHER IN FULL OR WITH RESPECT TO SPECIFIC DATA PROCESSING PURPOSES, AT NO CHARGE AND WITH FUTURE EFFECT.
e) Duration of data storage:
We store your data only for as long as is necessary for the purposes of the processing (generally meaning contract and order fulfillment including any warranty obligations) or for as long as any statutory retention requirements apply. Notable statutory requirements include tax law and commercial law stipulations that mostly require a six- to ten-year retention period.
Data we use for improvement of our systems is expressly not stored for longer than required in any case due to tax-related or other statutory retention requirements.
If you revoke your consent to the processing of personal data, we will erase your stored personal data unless we have the right to continue processing it on another legal basis. Such other legal basis may, in particular, include statutory requirements – such as retention requirements – or safeguarding our legitimate interests.
f) Need for your cooperation in data collection/consequences of refusal:
Except where otherwise indicated, the provision of personal data is necessary for the business relationship. Failure to provide necessary data means that the service concerned cannot be provided. Failure to provide data may also mean that we are unable to provide our services in the same form and quality.
g) Automated individual decision making, including profiling:
There is no automated individual decision making, including profiling, within the meaning of Article 22 of the GDPR, in connection with the use of our services.
Internal recipients: Access to your personal data is restricted, to the extent needed, to those persons at Klöckner who require such access in order to fulfill the purposes mentioned above.
External recipients: We pass on your personal data to external recipients only if it is necessary to do so in order to process and respond to your inquiries and orders, it is expressly allowed by law or you have given us your consent to doing so.
External recipients may be the following:
Klöckner Group companies or external service providers that we use to provide services, such as in connection with technical infrastructure and maintenance and with the provision of content under contract.
b) Public bodies
Public authorities and government institutions, such as prosecutors, courts or tax authorities, to which we are under a binding obligation to disclose personal data by law.
c) Other recipients
We pass on your personal data to other recipients only if it is necessary for contract fulfillment, you have given your consent or it is expressly allowed by law. Other recipients may notably include Group companies, payment service providers, credit reporting agencies, banks or debt collection agencies.
Your rights as a data subject under the General Data Protection Regulation (GDPR) – subject to the applicable legal requirements being met – are as follows:
Access: You have the right of access to personal data concerning you that we process.
Rectification: You have the right to obtain rectification of your personal data. You also have the right to have incomplete personal data completed.
Erasure: In certain instances, you have the right to obtain erasure of your personal data.
Restriction of processing: In certain instances, you have the right to have us restrict the processing of your personal data.
Data portability: If you have provided us with data on the basis of a contract or consent, you have the right to receive the data you have provided in a structured, commonly used and machine-readable format or to have us transmit it to another controller.
Revocation of consent: If you have given us consent to the processing of your data, you can revoke it at any time with effect for the future. This does not affect the lawfulness of the processing of your data prior to the revocation.
Right to object
Right to object in individual cases:
Where we process your personal data on the basis of our legitimate interests pursuant to Article 6(1)(f) of the GDPR, you have the right at any time to object to processing of your personal data, on grounds relating to your particular situation; this includes profiling based on those provisions. We will then no longer process the personal data for the stated purposes unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing is for the purpose of establishing, exercising or defending legal claims.
Right to object to processing of data for direct marketing purposes:
You have the right to object at any time to the processing of your personal data for direct marketing purposes. If you object to processing, your personal data will no longer be processed for those purposes. This includes profiling to the extent that it is related to such direct marketing.
Exercising your rights: To exercise any or all of your rights as described above, please contact your customer service representative or contact us using the contact details provided under heading I above. Alternatively, you can also contact the Data Protection Officer (see heading II for contact details). Please make sure that we can clearly identify you.
Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority – in particular, in the Member State of your habitual residence, place of work or place of the alleged infringement – if you consider that the processing of personal data concerning you is unlawful.
As of September 2021