Data Protection Notice
Thank you for visiting our website and your interest in our company and our services. Data protection and data security have a high priority in our company – we take the protection of your personal data very seriously. To this end, we have implemented technical and organizational measures to ensure that the requirements of the relevant data protection laws, in particular the General Data Protection Regulation (“GDPR”) and the Federal Data Protection Act (“BDSG”), are met. Adherence to high security standards when using our website is a key concern for us in order to ensure that your personal data are handled in accordance with data protection law.
DThe definitions listed here are derived from the GDPR; its definitions also apply for those terms not specifically mentioned here.
(1) Personal Data
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(2) Data Subject
Data subject is any identified or identifiable natural person whose personal data are processed by the controller.
(3) Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
(4) Controller
Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
(5) Processor
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
(6) Recipient
Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed. This is regardless of whether it is a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered recipients.
(7) Third Party
Third party means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data.
(8) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Controller according to the GDPR and service provider according to the German Telemedia Law is:
steep GmbH
Justus-von-Liebig-Straße 18
53121 Bonn
You can reach our data protection officer at any times:
Datenschutz@steep.de
(1) Technical Necessity
Each access to our website inevitably requires the processing of some personal data in order to provide you with our services:
• IP address
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status / HTTP status code
• Amount of data transferred
• Website from which the request comes
• Browser type
• Operating system and interface
• Language and version of the browser software
(2) Contact
When you contact us via E-Mail or a contact form, the data you provide (your E-Mail address, possibly your name and your telephone number) will be stored by us to respond to your inquiry. We delete any of your data in accordance with the legal requirements if storage is no longer necessary, or restrict the processing insofar as there are legal obligations to retain the data.
(3) Cookies
Furthermore, we use cookies which process personal data. You can find more information about this in our Cookie Policy.
(4) Legal Bases
If you have granted your consent for the processing of your personal data, this constitutes the legal basis for the processing (Art. 6 I lit. a) GDPR). When processing personal data in order to enter into or perform a contract with you, Art. 6 I lit. b) GDPR is the legal basis. Insofar as the processing of your personal data is necessary for the fulfilment of our legal obligations (e.g., for the required storage of data), we are authorized to do so in accordance with Art. 6 I lit. c) GDPR. In addition, we process personal data for the purposes of protecting our legitimate interests as well as third parties’ legitimate interests in accordance with Art. 6 I lit. f) GDPR. Maintenance of our IT systems, marketing of our own and third-party products and services and the legally required documentation of business contacts are such legitimate interests.
(1) Personal Data
Of course, you can send us your application via our online application form. We process the information you send us with your application, i.e. your name, contact details, resume, etc. Within our company, only those employees in charge of evaluating your application will have access to your data.
(2) Disclosure
For the organization and conducting of the application process, it may be necessary for us to forward your personal data to our customers (companies or authorities) for the purpose of evaluating the application. In addition, we use a contractually bound service provider for the transmission of your information. This provider may also occasionally access your documents as part of its obligations towards us.
(3) Storage
In order to carry out and properly complete the application process, we will keep your application documents for six months. After this period, your documents will be destroyed and your personal data irrevocably deleted.
(4) Pool of Applicants
Provided you give us your consent, we will continue to store your personal data to inform you in the future about job offers that may be of interest to you. In this case, your data will be irrevocably deleted after 18 months, unless you give us a renewed consent to continue storing your documents.
(5) Data Subjects Rights
As the data subject you have all the rights described under § 6, in particular the right to withdraw your consent at any time with effect for the future. You can contact us as described in § 2.
We delete your IP address, which we only store for security reasons, after fourteen days. Otherwise, we delete your personal data as soon as the purpose for which we collected and processed the data ceases to apply. Beyond this, storage only takes place if required in accordance with the laws, regulations or other legal provisions of the European Union or a member state of the European Union to which we are subject.
Visitors to this website may exercise their rights as data subjects at any time.
(1) Right of Access
In accordance with Art. 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the nature of your personal data and the nature of the processing.
(2) Right to Rectification
In accordance with Art. 16 GDPR, you have the right to request rectification of incorrect or incomplete personal data processed by us.
(3) Right to Erasure
In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary for exercising the right to freedom of speech and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
(4) Right to Restriction of Processing
In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims, or you have objected to the processing in accordance with Art. 21 GDPR.
(5) Right to Data Portability
In accordance with Art. 20 GDPR, you have the right to data portability. You can receive the personal data you have provided to us in a structured, standard and machine-readable format. You can also request its transfer to another controller.
(6) Right of Objection
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 I lit. f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR on grounds of your particular situation.
(7) Right to Withdraw Consent
In accordance with Art. 7 III GDPR, you have the right to withdraw your consent at any time. In this case we may no longer process your personal data based on this consent in the future. However, the lawfulness of previous data processing remains unaffected.
(8) Right to Complain
In accordance with Art. 77 GDPR, you have the right to complain to the competent supervisory authority if you are of the opinion that we are not processing your personal data in accordance with data protection laws.
If you wish to exercise one or more rights, please contact us as indicated in § 2.
(1) Links
As the provider of our website, we are only responsible for the content of our own online offer. Our own contents must be distinguished from links to contents provided by other entities, for which we cannot assume any responsibility and do not adopt their contents as our own. We have no influence on whether the linked website operators adhere to the relevant data protection regulations. Therefore, this declaration does not apply to websites of other providers.
(2) Disclaimer
Please observe the data protection notices and regulations of the other providers. We assume no liability for third-party websites’ content. The respective provider alone is liable for damages caused by erroneous or illegal contents of its website.
We operate a Facebook fan page as joint controllers with Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), to communicate with users and highlight interesting offers relating to our range of services.
For the information service offered on our Facebook page, visitors access the Facebook platform and services.
Please note that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of interactive functions (e.g., commenting, sharing, liking). When you visit our Facebook page, Facebook collects, among other things, your IP address and possibly other information. This is used to provide us as the Facebook page operator with statistical information. Facebook provides more detailed information on this via the following link:
https://de-de.facebook.com/help/pages/insights
Facebook processes data collected about you in this context which may be transferred to countries outside the European Union. In the Facebook data protection framework, there is a general description of what information Facebook receives and how it is used. There you will also find information on how to contact Facebook and how to adjust the advertisement settings. The information is available via the following link:
https://de-de.facebook.com/about/privacy
Facebook’s full data protection policy can be found here:
https://de-de.facebook.com/full_data_use_policy
How Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties, is not conclusively and clearly stated by Facebook and is not known to us.
When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymized and will be deleted after 90 days. Facebook also stores information about the devices of its users (e.g., as part of the “login notification” function); this may enable Facebook to assign IP addresses to individual users.
If you are logged into Facebook, a cookie with your Facebook ID is stored on your device. This enables Facebook to record that you have visited this page and how you used it. This also applies to all other Facebook pages. Facebook buttons embedded in websites allow Facebook to record your visits to these website pages and assign them to your Facebook profile. Based on this data, content or advertising can be tailored to you.
If you want to avoid this, you should log out of Facebook or disable the “stay logged in” feature, delete the cookies stored on your device, and exit and restart your browser. This way, Facebook information through which you can be directly identified will be deleted. This will allow you to use our Facebook page without revealing your Facebook identifier. When you access interactive features of the site, a Facebook login screen will appear. After login, you will be recognizable to Facebook again.
For information on how to manage or delete information about you, please visit the following Facebook support pages:
https://de-de.facebook.com/about/privacy
We, as the provider of the information service, do not process any further data from your use of this service.
(1) Embedding of YouTube videos
Our online services include YouTube videos, which are available on YouTube by Google and can be played directly from our website.
These are all embedded in extended data protection mode. This means that no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the video will the data be transmitted. We have no influence on this data transmission. YouTube receives the information that you have accessed the corresponding subpage of our website and may process further of your personal data. If you are logged into Google, your data will be linked directly to your account. If you do not want association with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research and / or the needs-based presentation of the YouTube website.
For more information on the purpose and scope of data collection and processing by YouTube, please see its privacy policy.
(2) Google Maps
On this website we use the Google Maps service, which allows you to search for our locations. You will be shown interactive maps directly on the website, which enables you to easily access the maps. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website and may process further of your personal data. If you are logged into Google, your data will be linked directly to your account. If you do not want the association with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising and market research purposes.
For more information about the purpose and scope of data collection and processing by Google, please see its privacy policy.
This privacy policy is updated periodically. In each case, it applies in the version published here.