Data Protection Notice for Customers
Thank you for your interest in our Group and all our companies’ products.
In the following Data Protection Notice, Kloeckner Metals Austria GmbH & Co KG (also referred to in the following as “Kloeckner”, “we”, “us” or “our”) provides you with various information about the processing of your personal data in the course of our general business activities and specifically in contract fulfillment. Personal data is all information relating to an identified or identifiable natural person (such as your first name and surname, your mailing address, your phone number or your e-mail address).
In the following, we would like to inform you in particular about what personal data is processed, for what purpose in each case, as well as your rights in this regard.
I. Controller
The controller for the purposes of data protection law is
Kloeckner Metals Austria GmbH & Co KG
Percostraße 12
A-1220 Wien
Phone: +43 (0)1 259-46-36-0
E-mail: wien@kloeckner.com
II. Processing of your personal data when you visit our web pages
a) Data categories affected
Each time you visit our web pages, we process the following data:
- the connection data of the requesting device, including the IP address,
- the web pages accessed, including the referring page,
- the date and time of your visit,
- the type and version of the requesting browser and the operating system,
- the volume of data transferred in connection with your visit.
b) Purposes of processing, legal basis and any legitimate interests
We process this data for the purpose of making our website available and to ensure its technical operation on the basis of Article 6(1)(b) of the GDPR as well as to identify and eliminate faults on the basis of Article 6(1)(f) of the GDPR. In this connection, we pursue the interest of fault-free use of the website.
c) Duration of data storage
We erase the data after 30 days unless, in exceptional instances, we need it for a longer period for the purposes mentioned above. In such instances, we erase the data as soon as the purpose no longer applies.
d) Need for your cooperation in data collection/consequences of refusal
This data is processed automatically when you visit our web pages. You cannot use our website unless this data is provided.
III. Processing of your personal data in the course of our general business activities
a) Data and data categories affected
We process your personal data in the course of our general business activities. Specifically, this can include the following: title, first name, surname, business e-mail address, date of birth, company name, business mailing address, form of company, billing address, delivery address and details, payment method, credit card information (truncated), business telephone number, tax number, Kloeckner customer number, details of customer-specific prices (agreed rebates and terms), contracts and orders placed (including, for example, order number, call-off quantity unit, article number, quantity required, date and time), correspondence, and delivery notes including address data and signature.
Supplementary information for web shop users:
In our web shop, we additionally process user data on the users assigned to your account, comprising name, e-mail address and password (encrypted), your account identifier and usage data associated with use of the web shop.
b) Purposes of processing and legal basis
We process the aforementioned data in the course of our general business activities and in particular to fulfill our contractual obligations and in order to take the steps required prior to entering into a contract pursuant to Article 6(1)(b) of the GDPR (in the case of data concerning contractual partners) or Article 6(1)(f) of the GDPR (in the case of data concerning the contact persons of contractual partners). In the latter case, our legitimate interest consists in being able to conduct correspondence with our contractual partners. The fulfillment of our contractual obligations and the taking of steps required prior to entering into a contract include preparing and making quotations, order fulfillment including logistics and signature on receipt of goods, payment processing and invoicing as well as general customer support such as assistance with questions about products. We also use your contact data in the course of the business relationship (such as to contact you regarding customer satisfaction, customer loyalty and after-sales support) on the basis of Article 6(1)(f) of the GDPR. Our legitimate interest here consists in managing and enhancing the customer relationship.
In addition, we collect and process data on the creditworthiness of the requested person/company including other creditworthiness-related data such as information on shareholdings, overdue receivables or enforcement. The legal basis for this processing is Article 6(1)(f) of the GDPR. Our legitimate interest consists in identifying and reducing default risk.
For refinancing purposes, we regularly sell trade receivables to a special-purpose entity under an asset-based securitization (ABS) program. The special-purpose entity is refinanced by debt instruments for which the trade receivables serve as collateral. Under the ABS program, your personal data may where necessary be communicated to external recipients (the Kloeckner special-purpose entity, service providers, as well as banks and their special-purpose entities). The legal basis is our legitimate interest pursuant to Article 6(1)(f) of the GDPR in managing our corporate finances.
Pursuant to Article 6(1)(c) of the GDPR, we are required under the European anti-terrorism regulations 2580/2001 and 881/2002, as well as under international law, to screen your contact data (company name and address) in order to ensure that no funds or other economic resources are made available in the future for the purposes of terrorism. We collect the data either directly from you or via other Kloeckner systems such as our online shop as the case may be.
In addition, we process your personal data to analyze general customer behavior. The purpose of processing is to gain an understanding of customer-specific differences with regard to ordering frequency, ordering medium, quantities, prices, etc. in order to provide you with personalized service. The basis for this is our legitimate interest pursuant to Article 6(1)(f) of the GDPR in promoting sales by making targeted offers as well as through customer support.
We additionally use the data collected to send out general newsletters (product recommendations, information on Kloeckner, campaigns, surveys, etc.) on the basis of Article 6(1)(f) of the GDPR. Our legitimate interest is that of sales promotion by advertising.
If you have consented to personalized direct marketing, we process your data in order to send you personalized newsletters. The basis for this is your consent (Article 6(1)(a) of the GDPR). For further details, please see IV c) Supplementary information on personalized direct marketing.
In some cases, we also use past order communications to improve our digital systems, such as for automated scanning and answering of quote requests using algorithms. This type of system development (artificial intelligence/machine learning) generally requires large quantities of known datasets – such as old quote requests – in order to “train” the system. The legal basis for this is our legitimate interest pursuant to Article 6(1)(f) of the GDPR in system optimization for the purpose of improved customer support.
Supplementary information for web shop users
If you place items in a shopping basket and quit the order process by closing your browser window or save your basket without placing an order, we process your shopping basket data and your phone number or your e-mail address on the basis of Article 6(1)(f) of the GDPR for the purpose of direct marketing to contact you by phone or e-mail and bring your attention to the items left in your shopping basket or ask if there were technical reasons why you did not proceed with your order.
We likewise process user data to identify and eliminate faults on the basis of Article 6(1)(f) of the GDPR. In this connection, we pursue the interest of fault-free use of the website.
c) Supplementary information on personalized direct marketing
In order to provide you with information tailored to your interests, the personal data referred to below is processed as follows for the purpose of target group formation and assignment, on the basis of your consent pursuant to Article 6(1)(a) of the GDPR:
[1] Personal data
Title; first name and surname; e-mail address; age; marital status; income; occupation; company name, address, customer number, industry classification and classification of the company associated with me on the basis of an analysis as referred to under subheading [3]; my function and department in the company; information on the creditworthiness, payment behavior and competitive behavior of my company within the market between different providers; date of first contact with Kloeckner; contact person number assigned to me; my language; purchase behavior and purchase history (online/offline), contact points used and services that have been activated and that I have used; my communication and interaction behavior during advertising campaigns, quote requests, orders and use of services, including movements within the online shop, click behavior, entry, source and target pages visited, IP addresses used, dwell time and bounce rate during online visits, number of visits, status as new or returning customer, average loading and visit time; my responses and movements within marketing channels; chat and customer service logs, my communication history and records and results logs from phone calls and face-to-face meetings; market research survey findings; details of my account managers and of the sales organization at Kloeckner.
[2] Target group formation and assignment
For target group formation in each e-mail campaign, different groups of users to be targeted with regard to special offers, special events, trade shows, products and services are first identified. Users are then assigned to the target groups. For this purpose, the personal data referred to under subheading [1] is analyzed as explained under subheading [3]. On the basis of that analysis, the system automatically decides for each e-mail campaign the target group I am assigned to and the special offers, special events, trade shows, products and services offered to me.
[3] Analysis
In the analysis, we create a profile of you and your company in order to examine and rate the personal data referred to under subheading [1] with regard to your prior behavior as customer and the behavior of your company. This makes it possible to identify preferences in terms of products, time of purchase and other behavior-relevant information. By incorporating additional statistical experience data, Kloeckner makes inferences about my probable future behavior and computes probabilities for my affinity to specific special offers, special events, trade shows, products and services..
[4] Right to revoke consent
YOU MAY REVOKE YOUR CONSENT AT ANY TIME, EITHER IN FULL OR WITH RESPECT TO SPECIFIC DATA PROCESSING PURPOSES, IN EACH CASE WITH EFFECT FOR THE FUTURE; THIS HAS NO EFFECT ON THE LAWFULNESS OF PROCESSING CARRIED OUT ON THE BASIS OF YOUR CONSENT UP TO THE TIME AND DATE OF REVOCATION. You can revoke your consent, for example, by clicking the unsubscribe link in any newsletter or by changing your settings accordingly in the Preference Center.
If you have given your consent, we also process your personal data for the purpose of demonstrating that you have consented, on the basis of Article 6(1)(c) in conjunction with Article 5(1)(a), Article 5(2) and Article 7(1) of the GDPR.
d) Duration of data storage
We store your data only for as long as is necessary for the purposes of the processing (generally meaning contract and order fulfillment including any warranty obligations) or for as long as any statutory retention requirements apply. Notable statutory requirements include tax law and commercial law stipulations that mostly require a six- to ten-year retention period. We keep online shop user data for 14 days and then delete it.
If you revoke your consent to the processing of personal data, we will erase your stored personal data unless we have the right to continue processing it on another legal basis. Such other legal basis may, in particular, include statutory requirements such as retention requirements. We delete your personal data that we process to demonstrate your consent three years after the end of the year in which you revoked your consent or in which it expired.
e) Need for your cooperation in data collection/consequences of refusal
Except where otherwise indicated, the provision of personal data is necessary for the business relationship. Failure to provide necessary data means that the service concerned cannot be provided. Failure to provide data may also mean that we are unable to provide our services in the same form and quality.
f) Supplementary information on the contract portal and the order overview
[1] Use of the contract portal
Data categories affected:
We process the following data when you use our contract portal: Kloeckner customer number, business e-mail address, user name, password, and information on your contracts (such as duration, quantity, order number, responsible contact person, quantity unit, delivery address, article number, date and time).
Purposes of processing and legal basis:
We process this data for fulfillment and to provide the contract portal on the basis of Article 6(1)(b) of the GDPR (in the case of data concerning contractual partners) or Article 6(1)(f) of the GDPR (in the case of data concerning the contact persons of contractual partners).
Duration of data storage
We erase your personal data from the contract portal upon your request or after contract fulfillment and the expiration of tax and commercial law retention requirements.
Need for your cooperation in data collection/consequences of refusal
The provision of data when using the contract portal is necessary for registration and fulfillment. You cannot use the contract portal unless this data is provided.
Data categories affected:
We process the following data when you use the order overview: Kloeckner customer number, business e-mail address, user name, password, and information on your orders (such as duration, quantity, order number, contact person, quantity unit, delivery address, article number, date and time).
Purposes of processing and legal basis:
We process this data for fulfillment and to provide the order overview on the basis of Article 6(1)(b) of the GDPR (in the case of data concerning contractual partners) or Article 6(1)(f) of the GDPR (in the case of data concerning the contact persons of contractual partners).
Duration of data storage:
We erase your personal data from the order overview upon your request or after order fulfillment and the expiration of tax and commercial law retention requirements.
Need for your cooperation in data collection/consequences of refusal:
The provision of data when using the order overview is necessary for operation and provision of the order overview. You cannot use the order overview unless this data is provided.
g) Automated individual decision making, including profiling
There is no automated individual decision making, including profiling, within the meaning of Article 22 of the GDPR, in connection with the use of our services.
IV. Use of cookies
V. Recipients
Internal recipients:
Access to your personal data is restricted, to the extent needed, to those persons at Kloeckner who require such access in order to fulfill the purposes mentioned above.
External recipients:
We pass on your personal data to external recipients only if it is necessary to do so in order to process and respond to your inquiries and orders, it is expressly allowed by law or you have given us your consent to doing so.
External recipients may be the following:
a) Processors
Kloeckner Group companies or external service providers that we use to provide services, such as in connection with technical infrastructure and maintenance and with the provision of content under contract.
b) Public bodies
Public authorities and government institutions, such as prosecutors, courts or tax authorities, to which we are under a binding obligation to disclose personal data by law.
c) Other recipients
We pass on your personal data to other recipients only if it is necessary for contract fulfillment, you have given your consent or it is expressly allowed by law. Other recipients may notably include Group companies, payment service providers, credit reporting agencies, banks, debt collection agencies or special-purpose entities and service providers (ABS).
VI. Transfer to countries outside of the EU/EEA
Where applicable, we also transfer personal data processed in connection with the processes described above to recipients who are domiciled, or who process your personal data, outside the territory of the European Union/the European Economic Area. If the European Commission has not adopted an adequacy decision for the countries concerned, we ensure adequate protection of your personal data with the recipients by means of appropriate safeguards as stipulated in the GDPR. You can request a copy of the safeguards from us (see heading I for contact details).
VII. Your rights
Your rights as a data subject under the General Data Protection Regulation (GDPR) – subject to the applicable legal requirements being met – are as follows:
Access:
You have the right of access to personal data concerning you that we process.
Rectification:
You have the right to obtain rectification of your personal data. You also have the right to have incomplete personal data completed.
Erasure:
In certain instances, you have the right to obtain erasure of your personal data.
Restriction of processing:
In certain instances, you have the right to have us restrict the processing of your personal data.
Data portability:
If you have provided us with data on the basis of a contract or consent, you have the right to receive the data you have provided in a structured, commonly used and machine-readable format or to have us transmit it to another controller.
Revocation of consent:
If you have given us consent to the processing of your data, you can revoke it at any time with effect for the future. This does not affect the lawfulness of the processing of your data prior to the revocation.
Right to object
Right to object in individual cases:
Where we process your personal data on the basis of our legitimate interests pursuant to Article 6(1)(f) of the GDPR, you have the right at any time to object to processing of your personal data, on grounds relating to your particular situation.
We will then no longer process the personal data for the stated purposes unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing is for the purpose of establishing, exercising or defending legal claims.
Right to object to the processing of data for direct marketing purposes:
You have the right to object at any time to the processing of your personal data for direct marketing purposes. If you object to processing, your personal data will no longer be processed for those purposes.
Exercising your rights:
To exercise any or all of your rights as described above, please contact your customer service representative or contact us using the contact details provided under heading I above. Please make sure that we can clearly identify you. Alternatively, you can also contact the Data Protection Officer (see heading II for contact details).
Right to lodge a complaint with a supervisory authority:
You have the right to lodge a complaint with a supervisory authority – in particular, in the Member State of your habitual residence, place of work or place of the alleged infringement – if you consider that the processing of personal data concerning you is unlawful.
As of September 2022