The protection of your personal data is very important to Buderus Edelstahl GmbH, Dillfeld 40, 35576 Wetzlar, Germany (hereinafter “we”, “us”). We comply with the applicable legal provisions on the protection, lawful handling and confidentiality of personal data and on data security, in particular the German Federal Data Protection Act (“BDSG”), the EU General Data Protection Regulation (“GDPR”) and the Telecommunications Act (“TKG”).
Personal data is information about data subjects (natural persons) whose identity is determined or at least determinable (e.g. name, e-mail address or IP address).
If you contact us by e-mail, telephone or fax, we will process the personal data you provide (e-mail, name, telephone number, fax number as well as your inquiry or the associated documents) for the purpose of processing your inquiry.
The Facebook page facebook.com/BuderusEdelstahl is operated by Buderus Edelstahl GmbH, Dillfeld 40, 35576 Wetzlar.
The European Court of Justice (ECJ) has ruled that the operator of a Facebook page is jointly responsible with Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) for the processing of personal data within the meaning of Art 26 DSGVO.
For us as operators of the Facebook pages listed above, only your public profile on Facebook is visible. You decide which information is visible here in the settings in your Facebook profile. In addition, we process the personal data you provide to us (such as your name and the content of your messages) if you contact us via our Facebook page. In this case, we process this data for the purpose of processing your request.
We receive anonymous statistics from Facebook on the use and usage of our Facebook pages (page insights data). This data is collected with the help of so-called cookies. We may expressly point out that Facebook provides us with the Page Insights data collected with the help of the cookies exclusively in anonymized form.
These anonymous statistics include the following information in particular: Total number of page views, “Like” information, page activity, followers, reach, impressions, demographics.
Facebook has agreed to assume primary responsibility under the GDPR for the processing of Insights Data and to comply with all obligations under the GDPR with respect to the processing of Insights Data and to provide you with the essence of the agreement between the joint controllers applicable thereto.
For requests to exercise your data subject rights (see below) and to withdraw your consent in connection with visiting our Facebook pages, please use the forms linked in Facebook’s Page Insights Data Privacy Notice or contact us by mail at Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
Legal basis, storage periods
Data processing is carried out on the basis of Art 6 (1) a (consent) and/or f (legitimate interest) of the DSGVO.
The processed personal data is used for statistical evaluations as well as for the purpose of the operation, security and optimization of the website (legitimate interest). Any further use of your personal data (e.g. sending newsletters) will only take place with your consent.
If no explicit storage period is specified at the time of collection (e.g. in the context of a declaration of consent), your personal data will be deleted (or anonymized) insofar as they are no longer required to fulfill the purpose of storage and no legal storage obligations (e.g. commercial and tax storage obligations) are opposed.
Transmission and forwarding of personal data
We will not pass on your personal data, which may have been collected on the basis of your use of the website, to third parties without your consent, unless it is necessary for the fulfillment of our obligations or is legally/officially obligatory.
We commission processors (service providers) to process personal data (e.g. as part of an IT support contract). These processors are contractually obligated to comply with the provisions of data protection law.
Your rights, contact details
You are generally entitled to the rights of information, correction, deletion, restriction, data portability and objection.
If the processing of your data is based on your consent, you have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. Finally, you have the possibility to lodge a complaint with the supervisory authority.
For questions on the subject of data protection as well as the assertion of your aforementioned rights, you can reach our data protection officer at
This data protection declaration will be adapted from time to time.
In the course of our business relationship with you, it is essential that we process your personal data. Personal data” means any information relating to natural persons either directly or indirectly (such as names and addresses).
The protection of personal data of our business partners (such as customers and suppliers) is very important to Buderus Edelstahl GmbH, Dillfeld 40, 35576 Wetzlar, Germany (“BUDERUS”). We are obligated to protect your data and take this obligation seriously. We expect the same from our business partners.
Please find enclosed a summary of the processing of personal data of business partners:
1. data categories, purpose of processing and legal basis
In the context of cooperation with business partners, BUDERUS processes personal data for the following purposes:
- Communication with business partners regarding products, services and projects, e.g. to process inquiries from the business partner;
- Initiation, processing and administration of (contractual) business relationships as well as maintenance of business relationships between BUDERUS and the business partner, e.g. to process orders for products and services, to collect payments, for accounting, billing and debt collection purposes and to carry out deliveries, maintenance activities or repairs;
- Conduct customer surveys, marketing campaigns, market analysis, sweepstakes, contests or similar promotions and events;
- Maintaining and protecting the security of our products and services and our websites, preventing and detecting security risks, fraudulent activity or other criminal or harmful activity;
- Comply with (i) legal requirements (e.g., tax and trade retention requirements), and (ii) BUDERUS policies; and
- Settling legal disputes, enforcing existing contracts, and asserting, exercising and defending legal claims.
For the above purposes, BUDERUS may process the following categories of personal data:
- Professional contact information, such as name, professional contact address, professional telephone number or email address;
- Payment data, such as information required to process payment transactions or fraud prevention, including credit card information and card verification numbers;
- Information collected from publicly available sources, information databases or credit reporting agencies; and
- other personal data, the processing of which is necessary for the initiation, processing and administration of (contractual) business relationships as well as maintenance of business relationships or which is voluntarily provided by you, such as orders placed, order details, inquiries made or project details, correspondence, other data on cooperation;
The processing of personal data is necessary to achieve the above purposes, including fulfillment of a contractual relationship or a pre-contractual activity with the business partner.
The legal basis for the data processing is – unless expressly stated otherwise – Article 6 para 1 lit a (if consent has been given) or Art 6 para 1 lit b and f of the General Data Protection Regulation (DSGVO):
- the processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures;
- the processing is necessary to protect the legitimate interests of the controller or a third party.
If the aforementioned personal data are not provided or not provided to the required extent or if BUDERUS is unable to collect them, the individual purposes described may not be fulfilled or the request(s) made may not be processed. Please note that this would not be considered a contractual non-performance on our part.
2. transmission and disclosure of personal data
BUDERUS may transfer personal data to other voestalpine Group companies ( www.voestalpine.com/standorte) or courts, authorities or law firms or other business partners (such as shipping or logistics partners for the execution and processing of orders) as permitted by law.
In addition, BUDERUS commissions processors (service providers) to process personal data (for example, as part of an IT support contract). These order processors are contractually obligated to comply with the provisions of data protection law.
The recipients described in this Section 2 may be located in countries outside the European Union (“Third Countries”), in which the applicable law does not ensure the same level of data protection as in your home country. In this case, a transfer will only take place in accordance with the legal requirements if an adequacy decision has been issued by the European Commission for the third country, appropriate safeguards have been agreed with the recipient (e.g. EU standard contractual clauses have been concluded), the recipient participates in an approved certification system (e.g. EU-US Privacy Shield), binding internal data protection rules pursuant to Art 47 GDPR are in place, or an exemption pursuant to Art 49 GDPR is in place (e.g., because you have expressly consented to the proposed data transfer after having been informed about the potential risks to you of such data transfers without the existence of an adequacy decision and without appropriate safeguards). For more information, as well as a copy of the measures implemented, please contact the contact indicated in point 6.
3. storage periods
Unless an explicit storage period is specified at the time of collection (e.g. in the context of a declaration of consent), your personal data will be deleted insofar as it is no longer required to fulfill the purpose for which it was stored and no legal storage obligations (e.g. obligations under commercial and tax law) or the assertion of legal claims stand in the way of deletion.
4. right to information, correction, deletion or restriction of your personal data, right of objection, right to data portability as well as revocation of a granted consent
- In accordance with Art 15 DSGVO, you have the right to request confirmation as to whether personal data is being processed by the controller and the right to information about this data. This right does not exist in the case of Art 34 (1) BDSG
- Pursuant to Art 16 DSGVO, you have the right to demand the correction of inaccurate data relating to you and/or the completion of incomplete personal data without undue delay.
- According to Art 17 DSGVO, you have the right to have your personal data deleted. This right does not exist in the case of Art 35 (1) BDSG; it is then replaced by the right to restriction of processing
- According to Art 18, you have the right to restriction of processing. This right is supplemented by Section 35 (2) BDSG
- According to Art 20 DSGVO, you have a right to data transfer
- According to Art 21 DSGVO, you have a right to object to data processing
- Finally, you have the possibility to lodge a complaint with the supervisory authority
If the processing of your data is based on your consent, you have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation
In order to ensure an efficient response to such requests, we ask you to contact us at the contact details below, whereby we always ask you to provide proof of your identity, for example by sending an electronic copy of your ID.
5. Protection of your personal data
The security of your personal data is of particular concern to us. In order to protect your personal data from misuse and loss as well as from unauthorized access, modification or disclosure, we take the following measures, among others:
Limiting access to our premises (access control).
Implementation of access authorizations and protection of data media (access and disclosure control)
Use of network security measures such as anti-virus software, firewall, security updates, etc. (network control)
We also transfer our understanding of security to the processors we use, who we have obligated to comply with similar or equivalent security measures.
6. contact person
For questions on the subject of data protection and the assertion of your aforementioned rights, you can reach the data protection organization at firstname.lastname@example.org.
Buderus Stainless Steel GmbH
Data Protection Officer