With this data protection information, we would like to inform you in accordance with Art. 13 and 14 of the General Data Protection Regulation (GDPR) about how we process your personal data. Please take a moment to familiarize yourself with the information.
The controller for processing for your personal data in accordance with Art. 4 No. 7 GDPR is:
Baosteel Europe GmbH
Wilhelm-Wagenfeld-Straße 26
80807 Munich
Germany
0049-89-32709090/3270909120
info@baosteel.eu
(hereinafter also "we" or "us")
We have appointed a data protection officer. You can contact him under:
0049-89-3270909152 / ticheng.zhao@baosteel.eu
We process the following categories of personal data about you:
• Contact information (Name, address, telephone number, organisation details, e.g. place of work, job title and organisation contact information)
• Identity and other regulatory information (Date of birth, identification information, e.g. passport, utility bill and/or bank statement)
• Business and billing information (Details relating to your business or enquiries, including business related communications with you, information about other people (e.g. your customers and/or staff) that you share with us in connection with your business, information you provide to us when you come into an Baosteel office (e.g. for a meeting), user IDs and passwords used by you in relation to our platforms and services, you/your organisation’s billing, payment and banking details)
• Marketing preferences (Practice area interests, business industry sector interests, marketing communications preferences)
We process your personal data to the extent necessary to achieve the following purposes:
• Responding to your enquiries
• Entering into a contract or performing a contract with you
• Resolving any complaints from or disputes with you
• Reviewing and improving our products and services
• Complying with our general regulatory and statutory obligations (including complying with instructions, orders and requests from law enforcement agencies, any court or otherwise as required by law)
• Obtaining legal advice, and establishing, defending and enforcing our legal rights and obligations
• Maintaining the security and integrity of our systems, platforms, premises and communications
• Identifying, recording, and preventing illegal activity
• Managing the proposed sale, restructuring, transfer or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation
• Training our staff
We process your personal data only in accordance with European and German data protection regulations, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). In concrete terms, this means that we process your personal data in particular if, insofar and for as long as
• you have given your consent (Art. 6 (1) (a) GDPR),
• it is necessary for the performance of a contract with you or for the implementation of pre-contractual measures taken at your request (Art. 6 (1) (b) GDPR),
• it is necessary for the fulfilment of legal obligations to which we are subject (Art. 6 (1) (c) GDPR), or
• it is necessary to protect the legitimate interests of ourselves or third parties (Art. 6 (1) (f) GDPR).
If, in exceptional cases, we process so-called special categories of personal data (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data uniquely identifying a person, health data or data concerning sexual life or sexual orientation) relating to you, this is done in particular if, to the extent and for as long as
• you have given your explicit consent (Art. 9 (2) (a) GDPR),
• the processing relates to personal data which you have manifestly made public (Article 9 (2) (e) GDPR),
• processing is necessary for the establishment, exercise or defence of legal claims (Art. 9 (2) (f) GDPR), or
• processing is necessary for reasons of substantial public interest claims (Art. 9 (2) (g) GDPR).
We only disclose your personal data to third parties if this is necessary to fulfil the purposes described, if you have given us your consent to do so or if we are obliged to do so by law or by a court or official order.
• Recipients not related to our group of companies (within the framework of the regular commencement, implementation, and termination of our legal relationship), in particular
o IT service providers
o Marketing service provider
o Print service provider
o Logistics service provider
o Consulting
o Debt collection
o Sales Partner
o Disposal of files and data carriers
o State bodies (e.g. tax authorities)
• Recipients not related to our group of companies (special cases), in particular
o State authorities (e.g. courts and public prosecutors)
o Potential and actual acquirers of the company
• Recipients related to our group of companies:
We are part of Baoshan Iron & Steel Co., Ltd. And Baowu Group, and work together with other group companies. Personal data will only be transferred to other group companies if there is a legal basis for this and if this is necessary for one of the purposes listed above.
For more information regarding how we use cookies and similar technologies in connection with your use of our platforms, please read our Cookies Policy.
In principle, your personal data is processed in Germany and in other European countries. If, in exceptional cases, your personal data is processed in countries outside the European Union or the European Economic Area (so-called third countries), this will only take place if certain protective measures ensure that an adequate level of data protection is in place. Typically, we take the following protective measures:
• Adequacy decision of the EU Commission: Recipients in Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay (For further information see https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en)
• Standard contractual clauses: Other beneficiaries (For further information see https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en)
• Exemptions under Art. 49 GDPR: Other recipients.
Further information on third country transfers or copies of these measures can be obtained at the contact addresses mentioned above.
We only store your personal data for as long as is necessary to fulfil the purposes described. The retention periods required for these purposes are carefully weighed up, during which we closely examine the requirement for data processing:
• If we process your personal data on the basis of your consent, this will be done at the latest until you withdraw your consent.
• If we process your personal data on the basis of our legitimate interests, this will be done at the latest until your justified objection.
• Otherwise, we will only store your personal data to the extent necessary to fulfil our contractual and legal obligations or to preserve evidence within the framework of the statutory limitation regulations. The most important legal storage obligations result from Sec. 257 of the German Commercial Code (HGB) and Sec. 147 of the German Fiscal Code (AO) and are for six and ten years, respectively. The statutory limitation periods may be up to thirty years in accordance with Sec. 195 et seq. of the German Civil Code (BGB), with the regular limitation period being three years.
After expiry of the applicable retention periods, we will securely delete or anonymise your personal data.
Within the scope of our contractual relationship, you only need to provide us with those personal data that are necessary for the initiation, implementation and termination of our contractual relationship and the fulfilment of the associated contractual obligations or that we are legally obliged to collect. If you do not provide us with this data, we will regularly be unable to initiate, carry out or terminate the contractual relationship with you.
We process mainly personal data that we obtain directly from you within the context of our contractual relationship.
In some cases, we also process personal data that we have not obtained directly from you. This applies to data that we are permitted to obtain from publicly accessible sources (e.g. Internet, press, commercial and association registers) or that is legitimately transmitted to us by other group companies or other third parties (e.g. a credit agency).
Under the General Data Protection Regulation, you are entitled to various rights of data subjects. Please understand that individual rights may be restricted in certain cases. Should this be the case, we will inform you of the reason for this:
• Right to withdraw consent (Article 7 (3) GDPR)
• Right of access (Article 15 GDPR)
• Right to rectification (Article 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
To exercise these rights (for further information, please visit https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights_de), please contact the above-mentioned contact addresses. If you believe that we have failed to comply with data protection regulations when processing your personal data, you can lodge a complaint with the competent supervisory authority in accordance with Art. 77 of the GDPR.
We do not use automated decision making in the sense of Art. 22 GDPR.