Data Protection Notice

The protection of your personal data is very important to voestalpine BÖHLER Bleche GmbH & Co KG (hereinafter “we”, “us”). We comply with the applicable legal provisions on the protection, lawful handling and confidentiality of personal data and on data security, in particular the European General Data Protection Regulation (“GDPR”) and the applicable national data protection regulations. 

This data protection notice informs you about the type, scope and purpose of the collection and use of your personal data by us in connection with your visit to and the use of our website. 

In addition, you will find separate data protection notices for individual areas: 

• General Data Protection Notice for Business Partners
• General Data Protection Notice for Participants in Events
• Data Protection Notice for the Social Media Presence on LinkedIn

1) Who is responsible for data processing?

The Controller for the operation of this website is 

voestalpine BÖHLER Bleche GmbH & Co KG 

Böhler-Gasse 1, 8680 Mürzzuschlag, Austria 

2) What is personal data?

‘Personal data’ (“data”) means any information relating to an identified or identifiable natural person (“data subject”). This includes, for example, the name, email address, date of birth, any contact details or IP address.

3) Processing of data in the context of the use of our website

3.1) Operation and protection of the website

Purpose: You can visit our website without actively providing any personal data. However, when you visit our website, your end device sends data to our web servers. This data is processed by our web servers and automatically stored in so-called “log files”. The processing of your data is necessary in order to provide you with our website. Storage in log files is necessary to ensure the security and functionality of our website. 

Data categories: IT log and detection data (IP address, HTTP header fields, browser, operating system, website from which you were redirected to our website (‘referrer’), date and time of access, URL accessed) 

Legal basis:  

• Art 6 (1) (f) GDPR – legitimate interests: Provision of a secure, functional and user-friendly website  

Storage period: The aforementioned data will be stored for 90 days and deleted after this period has expired, unless this data is still required to subsequently clarify a security incident (e.g. hacking attack) on our website and for the purpose of preserving evidence. 

Recipient categories: Processors (IT service providers); in the event of a security incident, your data may also be transmitted to the police, legal representatives, courts and administrative authorities.  

3.2) Use of cookies and other services

For data protection-related information on the use and application of cookies and other services, please refer to the cookie banner, which you can access at any time via “My privacy settings” in the footer of this website. In the cookie banner we inform you, among other things, about the type, scope, purposes, processed data and recipient categories, legal bases and storage duration of the cookies used and of other services. 

3.3 Processing of data in the context of the use of our customer portal

We offer you the use of a customer portal on our website. 

Should you decide to register in our customer portal, we can assure you that careful and sensitive handling of customer data is of the utmost importance to us. We would also like to draw your attention to our “General Data Protection Notice for Business Partners”. 

Below we inform you about the type, scope and purpose of the collection and use of your data by us in connection with the use of our customer portal.

3.3.1 Opening an account in the customer portal

Purpose: You can create a customer account on our website in order to be able to use extended functions (e.g. retrieval of information regarding your order). If you create an account, it is necessary to enter and subsequently process your data in order to be able to activate all the functions of the customer portal for you. 

Data categories: Basic data of the data subject (e.g. title, first name and surname); professional contact details (e.g. company name, address, postcode, city, country, telephone number, e-mail address), assigned identity data (e.g. customer number); tax data (e.g. value added tax number), general data on the business relationship (e.g. existence of a current customer relationship), IT log and detection data (e.g. log-in data); IT data on access, admission and authorisation permissions (e.g. account activation) 

Legal basis:  

• Art 6 (1) (a) GDPR – Consent: You are neither contractually nor legally obliged to provide us with the data required to open such an account. However, if you do not do this, you will not be able to register for our customer portal – and subsequently retrieve business information. 

Storage period: We store your data for as long as your account exists with us. If you delete your account, we will also delete your data for the registration. 

Categories of recipients: Processor (IT service provider)

3.3.2 Retrieving information in the customer portal

Purpose: If you have ordered goods from us, you can view and download information on the status of the orders and all associated order documents (e.g. order confirmation, delivery note, invoice, works certificate). 

Data categories: Basic data of the data subject (e.g. salutation, name, title etc), assigned identity data (e.g. user name, UID number, customer number), professional contact details (e.g. company name, address, e-mail address, telephone number), IT log and detection data (e.g. IP address, log-in data (time stamp)), IT data on access, admission and authorisation permissions (e.g. activation and deactivation of the account); general data on the business relationship (e.g. products ordered, agreed purchase conditions, billing data); correspondence data (e.g. written contact between the customer and us (free text field)) 

Legal basis:  

• Art 6 (1) (f) GDPR – legitimate interests: Providing business-relevant documents in the customer portal for the respective customer; service for the customer. 

Storage period: We store your data until the purpose has been fulfilled. After fulfilment of the purpose, your data will only be stored if there is a legal obligation to retain it or another significant reason for further storage can be cited. This may be the case, for example, if we need your data to establish, exercise or defend legal claims. 

Categories of recipients: Processors (IT service providers) 

3.4 Contact us

Purpose: You can contact us with enquiries about our company, our products and services using the contact form on this website, but also by e-mail, telephone or fax. In these cases, we process your data for the purpose of dealing with your enquiry. 

Data categories: Basic data of the data subject (e.g. salutation, title, first name and surname); contact details (e.g. address, telephone number, e-mail address); correspondence data (e.g. free text field on website, e-mails); documentation of appointments and agreements (e.g. in the course of a telephone enquiry) and, if applicable, data that you make available to us by uploading or attaching documents. 

Legal basis:  

• Art 6 (1) (f) GDPR – legitimate interests: Contacting customers and interested parties to process their enquiries  

Storage period: We store your data until the purpose has been fulfilled. After fulfilment of the purpose, your data will only be stored if there is a legal obligation to retain it or another significant reason for further storage can be cited. This may be the case, for example, if we need your data to establish, exercise or defend legal claims. 

Categories of recipients: Processors (IT service providers). In order to achieve the intended purposes, it may also be necessary in some cases for us to forward your data to other voestalpine Group companies (www.voestalpine.com/locations) in order to ensure that your enquiry is processed quickly.

3.5 Subscription to the newsletter

Purpose: Information about our products and events for our business partners and interested parties  

Data categories: Contact details (e-mail address) 

Legal basis:  

• Art 6 (1) (a) GDPR – Consent: You are neither contractually nor legally obliged to provide us with your data required for subscribing to a newsletter. However, if you do not do so, we will not be able to send you a newsletter.  

You can withdraw your consent at any time (e.g. by sending an e-mail to the e-mail address of the data protection organisation listed at the end of this data protection notice or by clicking on the unsubscribe link directly in the footer of the newsletter sent to you).  

Storage period: We store your data for the purpose of sending the newsletter as long as you do not withdraw your consent to receive the newsletter.  

Categories of recipients: Processor (IT service provider)

4) Data transfers to third countries

Due to the complexity of today’s data processing processes, we engage processors to process your data. As far as possible, we only use processors that are based within the European Union or the European Economic Area and are therefore subject to the GDPR. 

In exceptional cases, however, we may transfer data to third countries (i.e. outside the European Union or the European Economic Area) and have it processed there. If we transfer data to third countries, the transfer takes place exclusively in compliance with the required conditions of admissibility (in particular the existence of an adequacy decision by the EU Commission, conclusion of standard data protection clauses including – if necessary – additional agreement of further technical and organisational as well as contractual measures). If your data is transferred to a third country, you can request a copy of the appropriate or suitable safeguards from our data protection organisation. 

5) Rights of data subjects and the right to lodge a complaint

In accordance with Art 15 GDPR, you have the right to obtain confirmation from us as the controller as to whether or not personal data concerning you are being processed, and, where that is the case, you have the right of access to your personal data. 

• In accordance with Art 16 GDPR, you have the right to request the rectification of inaccurate data concerning you and/or the completion of incomplete personal data without undue delay. 

• In accordance with Art 17 GDPR, you have the right to obtain the erasure of your personal data. 

• In accordance with Art 18 GDPR, you have the right to obtain the restriction of processing of your personal data. 

• In accordance with Art 20 GDPR, you have a right to data portability. 

• In accordance with Art 21 GDPR, you have the right to object to the processing of your personal data. 

• If your data is processed on the basis of your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 

6) Contact Details

For questions on the subject of data protection and to assert your aforementioned rights, please contact our data protection organisation by e-mail at datenschutz.bohler-bleche@voestalpine.com or by post at voestalpine BÖHLER Bleche GmbH & Co KG, Böhler-Gasse 1, A-8680 Mürzzuschlag with the subject “Data Protection”. 

Parts of this Data Protection Notice may be changed or updated by us for technical or legal reasons without prior notice to you. Please always check the current version of the Data Protection Notice to ensure that you are up to date with any changes or updates.