Buderus Edelstahl GmbH
Contact us
Contact us

Privacy

The protection of your personal data is very important to Buderus Edelstahl GmbH, Dillfeld 40, 35576 Wetzlar, Germany (hereinafter “we”, “us”). We comply with the applicable legal provisions on the protection, lawful handling and confidentiality of personal data and on data security, in particular the Federal Data Protection Act (“BDSG”), the EU General Data Protection Regulation (“GDPR”) and the Telecommunications Act (“TKG”).

This privacy policy informs you about the nature, scope and purpose of the collection and use of your personal data by us in connection with your visit to and use of our website

https://www.buderus-steel.com/

In addition, you will find the General Data Protection Declaration for Business Partners separately.

Personal Data

Personal data is information about data subjects (natural persons) whose identity is determined or at least determinable (e.g. name, e-mail address or IP address).

Contacting us

If you contact us by e-mail, telephone or fax, we will process the personal data you provide (e-mail, name, telephone number, fax number and your request or the associated documents) for the purpose of processing your request.

Cookies

Our website uses so-called “cookies”, which allow the website to recognize your browser on subsequent visits. These are small text files that are stored on your end device with the help of the browser. This allows the website to be optimally adapted to your interests. If you do not agree to the storage of cookies on your computer, you can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases. You can also deactivate the use of cookies in your browser. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

Legal basis, storage periods

Data processing is carried out on the basis of Art. 6 para. 1 lit. a (consent) and/or lit. f (legitimate interest) of the GDPR and the processed personal data is used for statistical evaluations as well as for the purpose of operation, security and optimization of the website (legitimate interest). Any further use of your personal data (e.g. sending newsletters) will only take place with your consent.

If no explicit storage period is specified at the time of collection (e.g. as part of a declaration of consent), your personal data will be deleted (or anonymized) if it is no longer required for the purpose for which it was stored and there are no statutory retention obligations (e.g. retention obligations under commercial and tax law) to the contrary.

Transmission and disclosure of personal data

We will not pass on any personal data collected on the basis of your use of the website to third parties without your consent, unless this is necessary to fulfill our obligations or is required by law/authorities.

We commission processors (service providers) with the processing of personal data (e.g. as part of an IT support contract). These processors are contractually obliged to comply with data protection regulations.

Your rights, contact details

In principle, you have the rights to information, rectification, erasure, restriction, data portability and objection.

If your data is processed on the basis of your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Finally, you have the option of lodging a complaint with the supervisory authority.

If you have any questions about data protection and the assertion of your aforementioned rights, you can contact our data protection officer at

datenschutz@buderus-steel.com

This privacy policy will be updated from time to time.

General privacy policy for business partners

In the course of our business relationship with you, it is essential that we process your personal data. Personal data” means any information that relates to natural persons either directly or indirectly (such as names and addresses).

The protection of personal data of our business partners (such as customers and suppliers) is very important to Buderus Edelstahl GmbH, Dillfeld 40, 35576 Wetzlar, Germany (“BUDERUS”). We are obliged to protect your data and take this duty seriously. We expect the same from our business partners.

Please find below a summary of the processing of personal data of business partners:

1. Data categories, purpose of processing and legal basis

We process personal data for the following purposes in the context of cooperation with business partners:

  • Communication with business partners about products, services and projects, e.g. to process inquiries from the business partner;
  • Initiating, processing and managing (contractual) business relationships and maintaining business relationships between BUDERUS and the business partner, e.g. to process orders for products and services, to collect payments, for accounting, billing and debt collection purposes and to carry out deliveries, maintenance activities or repairs;
  • To conduct customer surveys, marketing campaigns, market analysis, sweepstakes, contests or similar promotions and events;
  • Maintaining and protecting the security of our products and services and our websites, preventing and detecting security risks, fraudulent activity or other criminal or malicious activity;
  • Complying with (i) legal requirements (e.g. tax and commercial retention obligations), and (ii) BUDERUS policies; and
  • Settlement of legal disputes, enforcement of existing contracts and for the assertion, exercise and defense of legal claims.

We may process the following categories of personal data for the aforementioned purposes:

  • Professional contact information, such as name, professional contact address, professional telephone number or e-mail address;
  • payment information, such as information required to process payment transactions or prevent fraud, including credit card information and card verification numbers;
  • information collected from publicly available sources, information databases or credit reference agencies; and
  • other personal data whose processing is necessary for the initiation, processing and administration of (contractual) business relationships and the maintenance of business relationships or which is voluntarily provided by you, such as orders placed, order details, inquiries made or project details, correspondence, other data on cooperation

The processing of personal data is necessary to achieve the above-mentioned purposes, including the fulfillment of a contractual relationship or a pre-contractual activity with the business partner.

Unless expressly stated otherwise, the legal basis for data processing is Article 6(1)(a) (if consent has been given) or Article 6(1)(b) and (f) of the General Data Protection Regulation (GDPR):

  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

If the aforementioned personal data are not provided or not provided to the extent required or if BUDERUS is unable to collect them, it may not be possible to fulfill the individual purposes described or to process the request(s) made. Please note that this would not be considered a contractual non-fulfillment on our part.

2. Transmission and disclosure of personal data

We may transfer personal data to other companies, courts, authorities or law firms or other business partners (such as shipping or logistics partners for the execution and processing of orders) to the extent permitted by law.

In addition, we also commission processors (service providers) with the processing of personal data (for example as part of an IT support contract). These processors are contractually obliged to comply with the provisions of data protection law.

The recipients described in this section 2 may be located in countries outside the European Union (“third countries”) in which the applicable law does not guarantee the same level of data protection as in your home country. In this case, a transfer will only take place in accordance with the legal requirements if an adequacy decision has been issued by the European Commission for the third country, appropriate guarantees have been agreed with the recipient (e.g. EU standard contractual clauses have been concluded), the recipient participates in an approved certification system (e.g. EU-US Privacy Shield), binding internal data protection rules pursuant to Art 47 GDPR exist or an exception pursuant to Art 49 GDPR exists (e.g. because you have expressly consented to the proposed data transfer after having been informed of the potential risks of such data transfers for you without an adequacy decision and without appropriate safeguards).For further information and a copy of the measures implemented, please contact us using the contact details provided in section 6.

3. Storage periods

If no explicit storage period is specified at the time of collection (e.g. as part of a declaration of consent), your personal data will be deleted if it is no longer required to fulfill the purpose for which it was stored and no statutory retention obligations (e.g. retention obligations under commercial and tax law) or the assertion of legal claims prevent deletion.

4. Right to information, correction, deletion or restriction of your personal data, right of objection, right to data portability and revocation of a given consent

  • In accordance with Art. 15 GDPR, you have the right to request confirmation as to whether personal data is being processed by the controller and the right to information about this data. This right does not apply in the case of Section 34 (1) BDSG.
  • In accordance with Art. 16 GDPR, you have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data.
  • In accordance with Art. 17 GDPR, you have the right to erasure of your personal data. This right does not apply in the case of Section 35 (1) BDSG; this is replaced by the right to restriction of processing.
  • According to Art. 18, you have the right to restriction of processing. This right is supplemented by Section 35 (2) BDSG.
  • According to Art. 20 GDPR, you have the right to data portability.
  • In accordance with Art. 21 GDPR, you have the right to object to data processing.
  • Finally, you have the right to lodge a complaint with the supervisory authority.
  • If your data is processed on the basis of your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal

In order to ensure an efficient response to such requests, we ask you to contact us using the contact details below, whereby we will always ask you to provide proof of your identity, for example by sending a copy of your electronic ID.

5. Protection of you personal data

The security of your personal data is of particular concern to us. To protect your personal data from misuse and loss as well as from unauthorized access, modification or disclosure, we take the following measures, among others:

We also transfer our understanding of security to the processors we use, which we have obliged to comply with similar or equivalent security measures.Die Sicherheit Ihrer personenbezogenen Daten ist uns ein besonderes Anliegen. Um Ihre personenbezogenen Daten vor Missbrauch und Verlust sowie vor unberechtigtem Zugriff, Abänderungen oder Offenlegung zu schützen, ergreifen wir unter anderem die folgenden Maßnahmen:

  • Restricting access to our premises (access control)
  • Implementation of access authorizations and protection of data carriers (access and disclosure control)
  • Use of network security measures such as anti-virus software, firewall, security updates, etc. (network control)

We also transfer our understanding of security to the processors we use, which we have obliged to comply with similar or equivalent security measures.

6. Contact person

For questions regarding data protection and the assertion of your aforementioned rights, you can contact the data protection organization at Data protection

Buderus Edelstahl GmbH

Datenschutzbeauftragter
Dillfeld 40
D-35576 Wetzlar
Tel:  +49 (0)6441-374-0
Datenschutz@buderus-steel.com

This General Privacy Policy for Business Partners is updated from time to time.