You are using Internet Explorer 11 or earlier, this browser is no longer supported by this website. We suggest to use a modern browser.

  • Home
  • Privacy information for business p...

Data Protection Information for Business Partners

Information about the processing of personal data in the context of business relationships with customers, suppliers and other business contacts

1. What information does this document contain for you?

thyssenkrupp Materials Processing Europe GmbH (“we”) is in a business relationship with you or your employer/client, e.g. the initiation or execution of a contractual relationship as part of our business activities (steel and aluminium service centres with thirteen locations in six countries, which supply many branches of industry with their many years of expertise in procurement, consulting and prefabrication across Europe, thereby providing tailor-made services in every area of flat steel and non-ferrous metals).

We make sure that we comply with the requirements of the applicable Data Protection Acts. Below is a detailed overview of how we handle your data and your rights.

2. Who is responsible for the processing and who is the data protection officer?

The controller of processing is

thyssenkrupp Materials Processing Europe GmbH 

Heidbergsweg 102

47809 Krefeld

Telephone: +49 2151 6168-0

Fax: +49 2151 6168-199


Our data protection officer can be reached at 

Data Protection Officer

thyssenkrupp Materials Processing Europe GmbH 

Heidbergsweg 102

47809 Krefeld

Telephone: +49 2151 6168-0


3. Which data categories do we process and where do they come from?

We process personal data that you provide to us as part of the business relationship. If our business relationship exists with your employer or client, we also collect the personal data from you or your employer or client. This includes the following data or categories of data:

  • Master data (e.g. name, form of address, title, function title/position designation)
  • Contact data (e.g. telephone number, fax number, e-Mail address, postal address)
  • Communication data (e.g. content of personal, phone or written communications, language of contact)
  • Multimedia (e.g. Photos and Videos)

If you voluntarily decide to give up your anonymity in customer surveys, we will also gain personal knowledge about your opinions and answers.

If you participate in customer events or receive benefits in kind from us, we process the following personal data or category of data:

  • Type of donation (e.g. date, location, event, type of material donation, value)

4. For what purposes and on what legal basis is data processed?

We process your data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and all other applicable laws. 

We primarily process personal data for the fulfilment of contractual obligations (Article 6 paragraph 1 lit. b GDPR), more precisely for the purpose of initiating, executing or fulfilling a contract. This includes, for example, placing orders, internal sales, shipping and payment of merchandise or contract negotiations and customer surveys. 

Unless you are not yourself a contracting party (for example, you are an employee of a business partner), processing for the same purposes takes place as a legitimate interest in accordance with Article 6 paragraph 1 lit. f GDPR. With your employer/client, we are in the initiation or execution phase of a contractual relationship as part of our business activities. We are processing your personal data due to your activity for your employer/client.

Furthermore, we process personal data in order to safeguard the following legitimate interests (Article 6 paragraph 1 lit. f GDPR):

  • Maintenance of the business relationship with existing customers
  • Organization of events (for example, admission control)
  • Asserting legal claims and defense in legal disputes
  • Inclusion in our contact database, human relations after business contact (e.g. after leaving your business card)
  • Direct marketing to customers or employees of customers (e.g. information about products and events, newsletters)
  • Publication of situation photos

In addition, we potentially process personal data for which we received consent (Article 6 paragraph 1 lit. a GDPR). We will collect them separately and in the following cases:

  • Direct marketing to interested parties/other business contacts (e.g. information about products and events, newsletters)
  • Publication of portraits, explicit personal photos, anniversary dates

If necessary, we also process personal data to fulfill statutory requirements (Article 6 paragraph 1 lit. c GDPR) for the following purposes:

  • Application for and approval of events, purchase of tickets and benefits in kind
  • and their recording for taxation in accordance with § 37b EStG

5. Who receives your data?

Your data will be processed within thyssenkrupp Materials Processing Europe GmbH by the employees involved in initiation/implementation the business relationship and execution of the respective business processes.

Within our group of companies your data will be transmitted to certain companies when they perform centralized data processing tasks for the group's affiliated companies (e.g. centralized contact data management, centralized contract management, file disposal).

In addition, to fulfill our contractual and legal obligations, we sometimes use different external service providers who are required by data processing agreements to observe data protection laws, Article 4 No. 8 GDPR. These are service providers in the following areas:

thyssenkrupp Business Services GmbH

Global Shared Services IT

Altendorferstraße 103

45143 Essen

Germany GmbH

P.O. Box 

Kernserstrasse 15

6056 Kägiswil (Obwalden)


Further contract processors

Agencies, graphic designers and similar contract processors that we use to provide services, e.g. the creation of publications, presentations and similar marketing material. The service providers may use the data exclusively for the purposes specified by us.

In addition, we transmit your data to other recipients outside the company who process your data at their own responsibility, Article 4 No. 7 GDPR. For example, this may include the following categories of responsible persons:


Further information on this subject can be found on our web site:

6. How long will your data be stored?

We process your personal data as long as it is necessary for the above referenced purposes. After completion of the business relationship your data will be stored as long as we are legally obligated to do so. This is regularly the result of legal proof and retention obligations, which are regulated in the Commercial Code and the Tax Code. According to these codes, the storage periods are up to ten years. In addition, it may be necessary to retain personal data for the time during which claims can be asserted against us (statutory limitation period of up to thirty years).

7. Are you required to provide your data?

There is no contractual or legal obligation to provide personal data. However, without processing your personal data, we are not in a position to carry out the necessary pre-contractual measures or execute the contractual relationship with you or your employer/client.

8. Which data protection rights can you claim as the person affected?

You have the right to request information about the data stored about you, Art. 15 GDPR. In addition, you may request the rectification or erasure of your data, Art. 16, 17 GDPR. You may also be entitled to restrict the processing of your data and a right to release the data you provided in a structured, common, machine-readable format, provided this does not affect the rights and freedoms of others, Art. 18, 20 GDPR. 

If you have given us consent to the processing of your personal data, you can revoke this consent at any time. The legality of the processing carried out based on the consent until the revocation remains unaffected. 

To exercise your rights, please contact the responsible body or data protection officer listed under section 2.

In addition, you have a right of objection, which is explained in more detail at the end of this privacy policy.

You also have the option to file a complaint with a data protection authority, Art. 77 GDPR. The right of appeal is without prejudice to any other administrative or judicial remedy. The data protection authority responsible for us is:

The State Commissioner for the Protection of Data and Freedom of Information for North Rhine-Westphalia

P.O. Box 20 04 44, 40102 Düsseldorf

Information on your right of objection pursuant to Art. 21 of the General Data Protection Regulation (GDPR)

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Article 6 Para. 1 Letter f GDPR (data processing on the basis of a weighing of interests); the same applies to any profiling based on these provisions in the sense of Article 4 No. 4 GDPR. 

If you lodge an objection, we will no longer process your personal data, unless we can demonstrate compelling grounds in need of protection for processing, which override your interests, rights and freedoms, or processing serves the pursuit, exercise or defence against legal claims. 

In individual cases, we process your personal data to operate direct advertising. You have the right to lodge an objection to the processing of personal data affecting you for the purpose of such advertising at any time; this also applies to profiling, insofar as it is connected with such direct advertising. 

If you object to processing for the purpose of direct advertising, your personal data will no longer be processed for this purpose.

An objection can be lodged without any particular form and should preferably be submitted to the responsible office or the Data Protection Officer stated in the Declaration of Data Protection under Item 2.

As at: January 2020