DATA PROTECTION & PRIVACY
Your privacy and the associated protection of personal data are important to us. For this reason, our business activities are conducted in compliance with the applicable data protection and data security laws. It is very important to us that you feel secure with us. For this reason, we and our data protection officer ensure compliance with data protection regulations. We are aware of the importance of the data entrusted to us and would like to inform you about it in the following:
- for which purposes your (personal) data is collected, processed and used,
- how we handle your data and protect it,
- to whom we make the data available, and
- how to exercise your rights.
- Please read the following information carefully. If you have any questions, please contact our data protection officer. The contact details can be found further below in this data protection declaration.
Data protection is a complex issue. In order to facilitate your understanding of this privacy statement, we have compiled a few basic meanings for you.
Order processing within the meaning of Article 28 of the general data protection regulation (GDPR) is simply understood as a service in which personal data is collected, processed and / or used by a service provider (contract processor in accordance with GDPR) on behalf of and under the instructions of the so-called controller. Before such a contract is awarded to a service provider, we conclude a special contract with the service provider and ensure further measures to protect your personal data.
Cookies are small text files that are stored on your terminal device (e.g. computer or smartphone) and that store certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the website visited, from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier. Cookies enable the systems to recognize the user’s device and to make possible presettings available immediately.
A third party is any natural or legal person or body other than the data subject, the data controller, the data processor and the persons authorised to process the personal data under the direct responsibility of the data controller or the data processor, see Article 4 No. 10 GDPR. It is therefore not, for example, a third party if personal data are given to a service provider in the course of order processing in accordance with Article 28 GDPR.
IP addresses are sequences of digits that can be assigned to individual IT devices or a group. The IP is used, similar to postal addresses, to assign data to the correct recipient.
Personal data means all information relating to an identified or identifiable natural person, in particular first and last name, date of birth, e-mail address, home address, bank and payment data, but also health data, cf. Article 4 No. 1 GDPR. “According to Article 4 No. 7 GDPR, “controller” is any person or entity that alone or together with others decides on the purposes and means of processing personal data. (present: the website operator).
The controller responsible for your personal data on this website is:
VOL Steel Middle East FZCO
Dubai Silicon Oasis, DDP, Building A1, Dubai, United Arab Emirates
Telephone: +971 50 2146037
E-Mail: [email protected]
If another – than the aforementioned – body is “responsible” within the meaning of the general data protection regulation, you will be explicitly and separately informed, unless this is obvious.
Use of the website / log files
Every time you access this website, data is automatically logged, which also applies to calling up files (log data). We collect and use the technically necessary data to make the website available to you. The technically necessary data transmitted to our web server by your browser includes, for example: Browser type/version, operating system used, referrer URL, pages accessed, IP address, date and time of the request. We need this data to ensure the functionality of the website and to make your visit to this website as pleasant as possible. We reserve the right to analyse the logged data for data security reasons. We do not create an individual profile that provides information about your personalised usage behavior based on the technically necessary data. The log data is not linked or merged with other data sources. The legal basis for the processing of the described data – insofar as they are personal – is Article 6 (1) (f) GDPR. Our legitimate interest is to offer you an attractive, user-friendly and technically functional website.
Contact us by e-mail, fax, telephone or postal mail
If you contact us by e-mail, fax, telephone or postal mail, we will use your details to contact you and to process and reply to your enquiry for the purpose for which it is intended. Your data will not be passed on to third parties. Unless otherwise provided by law and your request does not serve to prepare for the conclusion of a contract, your details will be deleted by us within a reasonable period after completion of processing. The legal basis for processing is Article 6(1)(f) GDPR. It is in our legitimate interest to answer and process your request appropriately. If your request to prepare/initiate a contract with you is made, Article 6 (1) (b) GDPR is an alternative legal basis.
Disclosure of your data, use of service providers
We collect and use your data according to legal requirements and only for our own purposes. A transfer to so-called third parties does not take place, unless there is a legal obligation to do so, you have consented to the transfer or the transfer is necessary to fulfil a contract between you and us.
Passing on your data for processing
We will only pass on your data to third parties if this is necessary for the fulfilment of our contractual obligations towards you. This includes passing on your data to the shipping service provider (e.g. Deutsche Post) for delivery of the orders placed or passing on the necessary payment data to the payment service provider for processing the payment. We only pass on the data required for the respective task fulfilment to the service provider used. The service provider will not use your data for any other purpose. The legal basis for the transfer of data is Article 6 (1) (b) GDPR .
Use of service providers for service processing
As far as we access other service providers to make our offer possible and grant them possibly a necessary access to your data, we have of course concluded a contract for order processing according to Article 28 GDPR with our service providers for order processing (short processor). We also remain responsible for the protection of your data. Through the conclusion of the contract, the service providers used are not regarded as so-called third parties.
Integration of third-party services and content
It may happen that contents of third parties or graphics from other websites are integrated within this online offer. This always presupposes that the providers of this content (hereinafter referred to as “third-party providers”) perceive the IP address of the user. Without the IP address, they would generally not be able to send the content to the browser of the respective user. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. However, we have no influence on whether the third party providers store the IP address for statistical purposes, for example. As far as we know, we inform the users about this.
Use of Google Maps
Use of ajax.googleapis.com for jQuery
Duration of data usage / storage
Your personal data will be deleted if this does not conflict with legal storage obligations and if you have asserted a claim for deletion, if the data is no longer required for the purpose for which it was stored or if storage is inadmissible for other legal reasons.
Place of data use
Your data will generally be processed in Germany. In exceptional cases, information that you transmit to us may be stored on servers within the European Union (EU). Should we as the “responsible party” deviate from this, we will inform you of this.
Data security / secure data transmission
We would like to inform you that security gaps can occur during data transmission on the Internet (e.g. via e-mail). A complete protection against access by third parties is therefore not possible for us. We secure our IT systems (including the website(s)) against unwanted access by means of so-called technical and organisational measures (TOM for short): access, disclosure, input, loss and distribution as well as destruction and alteration by unauthorized persons. For the purpose of data security, your IP address and the date and time of your visit will also be logged.
Rights of data subjects / Data protection officer
The contact person for the protection of your rights is our external data protection officer (see below for contact details).
Right to information
Subject to the legal requirements of Art. 15 GDPR, you may of course request information at any time as to whether we process your personal data. If we process personal data from you, you can also request information about the circumstances and structure of the processing and more detailed information about the data processed.
Right to rectification
Pursuant to Art. 16 GDPR, you can demand that incorrect personal data be corrected if you are unable to make a change yourself.
Right to deletion
Under the legal requirements of Art. 17 GDPR, you are entitled to demand that we delete personal data concerning you immediately. The right to deletion does not exist, among other things, if the processing of personal data is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation to which we are subject (e.g. statutory storage obligations) or for the assertion, exercise or defence of legal claims.
Right to limitation of processing
According to Art. 18 DS-GVO, you can request the restriction of the processing of your personal data.
Right to data transferability
You are entitled, subject to the requirements of Art. 20 GDPR, to demand that we provide you with the personal data concerning you that are processed by us in a structured, common and machine-readable format.
Right of objection
Under the conditions of Art. 21 GDPR, you have the right to object to the processing of your personal data and to demand that we cease processing. The right of objection exists only to the extent provided by law. Your objection may be opposed by legitimate interests which make further processing necessary.
Right of withdrawal
You may revoke your consent to the processing of your personal data at any time and with effect for the future in accordance with Art. 7 (3) GDPR, without incurring any costs in excess of the transmission costs in accordance with the basic tariffs.
Pursuant to Art. 19 GDPR, we are obliged to inform all recipients to whom personal data has been disclosed about corrections, deletions and restrictions to the processing of your personal data. Exceptions may exist if this is impossible or involves disproportionate effort. We will be happy to inform you about these recipients upon request.
Automated decision in individual cases including profiling
We also secure your rights according to art. 22 GDPR. You or your data are therefore not the subject of decisions on our website that are based exclusively on automated processing – including profiling.
Right of appeal/supervisory authority
Pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority or a competent body if you have a reason for complaint, in particular if you are of the opinion that the processing of your personal data is not carried out in accordance with the statutory provisions and the provisions of this data protection declaration.
Data protection officer
If you wish to make use of your rights affected, including your right to deletion or blocking, please contact our data protection officer with sufficient legitimation and – preferably in writing -.
Data protection officer – personal –
VOL Steel Middle East FZCO
54998, Dubai Silicon Oasis, DDP, Building A1, Dubai, United Arab Emirates
External links and information on the website
We assume no liability for external links and the offers of third parties made accessible through them. We would also like to point out that the information on this website is solely for the purpose of obtaining information and is not legally binding.
Advancing technology, legal requirements or even changed processes can have an effect, among other things, on this data protection declaration. We therefore reserve the right to change this data protection declaration at any time with effect for the future. You will find the current version of the data protection declaration on this website. Please visit this page regularly to find out about the applicable regulations.
Last update: 20.04.2023