• EN
  • Privacy Statement

    Protection of data privacy: Your right – our obligation

    We attach great importance to protecting personal data. Therefore, STEAG GmbH processes your data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the other applicable statutory provisions on the protection of personal data and data security.

    The following information applies to our Internet presence (hereinafter referred to as “Website”) and provides you with an overview of what personal data we collect from you through our Website and for what purposes and in what way we use such data. In addition, we provide you with information about the rights you have in relation to your personal data.


    STEAG GmbH
    Rüttenscheider Str. 1-3
    45128 Essen


    STEAG GmbH
    Group Data Protection Officer
    Rüttenscheider Str. 1–3
    45128 Essen


    3.1 Purposes
    You can use virtually the whole of the Internet service of STEAG without us requiring personal data from you. Only a small number of services which you can find on our web pages require the provision of personal data in order for you to be able to use them.

    3.2 Legal basis
    The legal basis is our legitimate interest in publishing our own information about our company, in making our Website content attractive and usable, and in identifying and rectifying possible technical issues (Art. 6 para 1 first sentence lit. f) GDPR).

    When contacting us via a contact form, you consent to the data you provide (e.g. your e-mail address, name, telephone number) being stored by us in order to answer your questions. Your data will be deleted after processing your request (Art. 6 para 1 first sentence lit. a) GDPR).


    4.1 Logging in and using the Website
    When you visit the STEAG Website, technical access data is automatically recorded and evaluated by the Internet server (web server) of STEAG. However, this data cannot be allocated to a specific person; rather, the individual user remains anonymous. Data recorded includes:

    • IP address
    • Date and time of enquiry
    • Time zone difference to Greenwich Mean Time (GMT)
    • Content of the request (concrete page)
    • Access status/HTTP status code
    • Amount of data transferred
    • Website from which the request originates
    • Browser
    • Operating system and its user interface
    • Language and version of the browser software

    4.2 Cookies
    In certain areas of our Website, we also use cookies. Cookies are small data elements which an Internet server can send to your computer. For the duration of your stay on our website, your computer can be identified by such cookies, or the use of our Internet pages can be made easier for you. We do not use cookies in order to collect personal data.

    4.3 Google Analytics
    If you have given your consent, this Website uses Google Analytics, a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

    Scope of processing
    Google Analytics uses cookies. This are text files placed on your computer, to help the Website analyze how users interact with the site. The information gathered by means of the cookies about your use of this Website is usually transmitted to a Google server in the USA and stored there.

    Use of the analytics service includes the Universal Analytics mode. This makes it possible to link data, sessions, and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices.

    We use the ‘anonymizeIP’ function (so-called IP masking): Due to the activation of IP anonymization on this Website, your IP address will be truncated by Google within EU member states or in other states party to the Agreement on the European Economic Area. The IP address transmitted by your browser as part of Google Analytics will not be aggregated with other data of Google.

    During your stay on the Website, the following data is captured, among other things:

    • achievement of “website goals” (conversions, e.g. newsletter sign-ups, downloads)
    • your user behavior (for example, clicks, length of stay, bounce rates)
    • your approximate location (city, country)
    • your IP address (in truncated form)
    • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
    • your Internet provider
    • the referrer URL (via which website/advertising medium you came to this Website)

    Purposes of processing
    On behalf of the operator of this Website, Google will use this information for the purpose of evaluating your use of the Website and compiling reports on Website activity. The reports provided by Google Analytics are used to analyze the performance of our app and the success of our marketing campaigns.

    The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as a data processor. For this purpose, we have concluded a data processing agreement with Google. Google LLC, based in California, USA, and US authorities may access the data stored by Google.

    Storage period
    The data is automatically deleted after 14 months. The deletion of data whose retention period has expired takes place automatically once a month.

    Legal basis and withdrawal of consent
    Your consent, Art.6 para.1 first sentence lit. a GDPR is a prerequisite for such processing of data. You can withdraw your consent at any time with effect for the future; to do so, you can follow the link provided under point 4.2 "Cookies".

    You can find more information on the terms of use of Google Analytics and on Google's data protection policy at https://marketingplatform.google.com/about/analytics/terms/de  and at https://policies.google.com/?hl=en 

    4.4 SalesViewer® technology
    Using the SalesViewer® technology provided by SalesViewer® GmbH, we collect and store data for marketing, market research and optimization purposes on the basis of legitimate interests (Art. 6 para. 1 lit. f GDPR).

    The SalesViewer® uses a javascript-based tracking code on our Website, which is used to acquire the following information (hereinafter referred to as company data) through the process described in more detail here (https://www.salesviewer.com/en/privacy):

    • Name, origin and industry of the visiting company
    • Source/referrer of the visiting company
    • Keyword
    • Visitor behavior (e.g. (sub)pages accesses, time of access, duration of visit)

    This means that only company data is collected and processed.

    Any data stored in connection with SalesViewer will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.

    You can object to the collection and storage of data at any time with effect for the future by clicking on this link https://www.salesviewer.com/en/opt-out  to prevent the collection of data by SalesViewer® through this Website in the future. When you do this, an opt-out cookie for this Website will be placed on your device. If you delete your cookies in this browser, you must click this link again.

    4.5 HubSpot
    We use HubSpot for our online marketing activities. This is a communication tool that complements our CRM system and covers various aspects. Of course, the tool uses the double-opt-in process, which complies with data protection requirements. This includes, among other features:

    • Newsletter management
    • Download services incl. documentation and evaluation
    • Social media publications and their evaluation (e.g. traffic sources, accesses, etc. ...)

    For the services you select, HubSpot requests a double-opt-in in compliance with data protection regulations.

    Our contact forms allow you, as a user of our Website, to learn more about our company, download content, and provide us with your contact information and other demographic information. This information and the content of our Website are processed and stored on servers of our software partner HubSpot. We use this information for getting in touch with you. We also use cookies to find out which of our company's services are of interest to you. For this purpose, we store information about your interaction with our Website, such as documents downloaded, pages visited, date and time of retrieval (“usage data”), and whether and when you have opened marketing e-mails from STEAG.

    The recipient of the data is HubSpot, Inc. as order processor. For this purpose, we have concluded a data processing agreement with Hubspot, Inc., 25 First Street, Cambridge, Massachusetts A 02141 USA, and US authorities may access the data stored byHubSpot.

    Where can I learn more about HubSpot?
    HubSpot is a software company from the USA with a branch office in Berlin.

    HubSpot Germany GmbH
    Unter den Linden 26
    10117 Berlin

    • More information about the Privacy policy of HubSpot
    • More information from HubSpot regarding the EU data protection regulations
    • You can find more information about the cookies used by HubSpot here and here

    How can I object to the collection of this data?
    In addition to the option to withdraw at any time your consent to the use of your data, which we provide in each of our mails, you can technically prevent the collection of your user data by adjusting the cookie settings of your browser and deleting the respective cookies. You can find more information about the cookies used by HubSpot here.

    4.6. Use of social plug-ins
    Our Website does not use social plug-ins of social networks. With the integration of the icons of social networks such as Facebook, Twitter, Xing and LinkedIn, we only refer to these networks with an external link. In some cases, the link refers to a share functionality of the respective network. This means that you can share our accessed web page directly with other users via the page of the social network that is associated with the sharing button.

    4.7. Newsletter
    On our Website you have the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the registration form will be transmitted to us.

    • Salutation
    • First name
    • Last name
    • E-mail

    During the registration process, your consent is obtained for the processing of the data and reference is made to this Privacy Statement. No data will be passed on to third parties in connection with the data processing for sending out newsletters.

    The data will be used exclusively for sending out newsletters. The legal basis for the processing of data after subscription to the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given his consent.

    The collection of the user's e-mail address serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

    The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's e-mail address is stored as long as the subscription to the newsletter is active.

    The newsletter subscription can be cancelled by the user concerned at any time. For this purpose, a corresponding link is provided in each newsletter. This also enables withdrawal of consent to the storage of personal data collected during the registration process.

    4.8. Web seminars
    Through our Website, you have the possibility to participate in free web seminars. When you register for a web seminar, we collect the following data (registration data):

    • First name and last name
    • E-mail address
    • Company
    • Job title (optional)

    Before you participate in the seminar, we will ask you as a participant for your consent (start window in the edudip software used). During the web seminar, the following data is collected (data resulting from the implementation of the seminar) and processed for further customer service:

    • First name and last name
    • E-mail address
    • IP address (but only in standard server logs and not combinable with other data)
    • Questions you may ask and other content from your chat messages to the moderators

    Legal basis and purpose
    We collect and process your data in accordance with the legal requirements, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), as well as other legal bases such as the German Telemedia Act (TMG) in the field of electronic communication for the purpose of conducting the web seminar based on your consent, Art. 6 (1) (a) GDPR for the following purposes:

    • Organization and implementation of the seminar
    • Marketing and customer service (chat content only)

    If necessary, we process your data to protect our legitimate interests or those of third parties (Art. 6 (1) (f) GDPR):

    • Ensuring IT security and IT operations
    • Legal obligations to provide evidence

    Our goal is to provide you with a web seminar experience that comes as close as possible to a face-to-face seminar. Therefore you can ask your questions in the chat in private to our moderators, other participants will not see this. To enable such a professional and real exchange, the administrator and moderators will see your participant names, while the other participants will not.

    Please note that we reserve the right to record certain events. The recording (stream) will be from an attendee perspective and cover the moderator. We do not collect any personal data in the stream. We will inform you in advance of any recording. Chats are recorded separately.

    We use the service provider (data processor) Edudip GmbH, Jülicher Str. 306, 52070 Aachen, Germany, to implement our web seminars. We have concluded a data processing agreement with Edudip. The service provider uses the subcontractor Hetzner for hosting.

    We will delete your data resulting from the implementation of the seminar no later than four weeks after the seminar has taken place; your registration data will be deleted if we have not had any customer contact with you for more than one year or if you have objected to further processing.

    4.9 OpenStreetMap / uMap
    On our Website we use the services of the uMap open source project to provide individual maps with markers via an API (programming interface) of the OpenStreetMap map service. The purpose of this is to display interactive maps directly on the Website, to make it easy to find the places we indicate on the Website, and to enable you to use the map function conveniently. The service provider is the OpenStreetMap Foundation (OSMF for short), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.

    Each time a user accesses a corresponding page, data for uMap is requested from OSM caching servers (usually the one closest to their location, list available at hardware.openstreetmap.org/#tile-caches) and servers in France and displayed in the browser. At the same time, data is also sent to these servers and temporarily processed in a log file. Specifically, the following data is stored for each access/request:

    • date and time of the request (timestamp) as well as the IP address of the accessing device or server,
    • request details and destination address (protocol version, HTTP method, referrer, UserAgent string),
    • name of the retrieved file and transferred data volume (requested URL incl. query string, size in bytes), and
    • message indicating whether the request was successful (HTTP status code).

    This log data is stored for a certain period of time. It is used for statistical evaluation, error analysis and defense against attacks. The processing of the IP address is necessary to enable communication on the Internet. OpenStreetMap’s privacy policy can be found at wiki.osmfoundation.org/wiki/Privacy_Policy and wiki.osmfoundation.org/wiki/Services_and_tile_users_privacy_FAQ.

    4.10 Our Website
    We use IT and support service providers to provide the Website. These service providers are carefully selected by us and act as processors for us.

    Our hosting provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

    Our website agency is:
    Hofaue 63
    42103 Wuppertal

    4.3.3  HubSpot
    Für unsere Online-Marketing-Aktivitäten setzen wir HubSpot ein. Wir bieten Ihnen über spezifisch zugeschnittene Formulare Informationsmaterial an.

    Umfang der Verarbeitung
    Bei HubSpot handelt es sich um ein Tool, das Ihre Kontaktdaten, natürlich nur mit Ihrer Einwilligung, über Masken erhebt und in unser CRM-System überträgt. Dabei werden bei der Anmeldung zum Newsletter die Daten aus der Eingabemaske an uns übermittelt.

    • Vorname
    • Nachname
    • E-Mail )

    Für die Verarbeitung der Daten wird im Rahmen des Anmeldevorgangs Ihre Einwilligung eingeholt und auf diese Datenschutzerklärung verwiesen. Sie erhalten sodann eine Bestätigungsanfrage per E-Mail (double opt-in). Ihre Kontaktdaten benötigen wir etwa um Ihnen

    • Newsletter
    • Downloadangebote inkl. Dokumentation und Auswertung
    • Social Media Publikationen und deren Auswertung (z. B. Traffic-Quellen, Zugriffe etc. ...)

    zur Verfügung zu stellen.

    Zwecke der Verarbeitung
    Unsere spezifischen Kontaktformulare ermöglichen es Ihnen als Besucher unserer Website, mehr über unser Unternehmen zu erfahren, Inhalte herunterzuladen und uns Ihre Kontaktinformationen sowie weitere demografische Informationen zur Verfügung zu stellen. Diese Informationen sowie die Inhalte unserer Website werden auf Servern unseres Softwarepartners HubSpot verarbeitet und gespeichert. Wir nutzen diese, um mit Ihnen in Kontakt zu treten. Außerdem erfahren wir mit Hilfe von Cookies, welche Leistungen unseres Unternehmens für Sie interessant sind. Dazu speichern wir Informationen über Ihre Interaktion mit unserer Webseite wie heruntergeladene Dokumente, besuchte Seiten, Datum und Zeitpunkt des Abrufs („Nutzungsdaten“) sowie ob und wann Sie Marketing-E-Mails von STEAG geöffnet haben.

    Empfänger der Daten ist HubSpot, Inc. als Auftragsverarbeiter. Hierfür haben wir mit HubSpot, Inc. einen Auftragsverarbeitungsvertrag abgeschlossen. Weiter haben wir mit dem Anbieter vereinbart, dass Ihre Daten ausschließlich auf Servern in der EU gespeicherte werden und der E-Mail Service für die Newsletter über diese Server abgewickelt wird.

    Wir können jedoch nicht sicher ausschließen, dass die HubSpot, Inc, Adresse: 25 First Street, Cambridge, Massachusettes A 02141 USA, und ggf. US-amerikanische Behörden auf die bei HubSpot gespeicherten Daten zugreifen können. Lesen Sie hierzu auch unseren Risiko-Hinweis zur Kapitel 5 „Empfänger Ihrer Daten“.

    Wo kann ich mehr über HubSpot erfahren?
    HubSpot ist ein Software-Unternehmen aus den USA mit Niederlassung in Berlin (HubSpot Germany GmbH, Unter den Linden 26, 10117 Berlin)

    Mehr Informationen zu den Datenschutzbestimmungen von HubSpot

    Mehr Informationen von HubSpot hinsichtlich der EU-Datenschutzbestimmungen

    Ihre Daten werden nach 90 Tagen gelöscht.

    Rechtsgrundlage und Widerrufsmöglichkeit
    Für diese Datenverarbeitung ist Ihre individuelle Einwilligung, Art. 6 Abs.1 S.1 lit. a) DSGVO, Voraussetzung. Für die von Ihnen ausgewählten Services fragt HubSpot datenschutzkonform ein double-opt-in ab. Sie können Ihre Einwilligung jederzeit mit Wirkung für die Zukunft widerrufen. Dazu stellen wir in jeder Benachrichtigungsmail einen Link zur Verfügung. Weitere Details finden Sie im Kapitel 6 „Ihre Rechte“.

    4.3.4 soziale Netzwerke und Medien

    Unsere Website hat die Icons sozialer Netzwerke von Youtube, LinkedIn, Instagram und Twitter eingebunden. Darüber gelangen Sie nur mit einem externen Link auf diese Netzwerke. Es handelt sich nicht um share-buttons sondern lediglich um Hyperlinks.

    Das Icon zum Podcast führt auf eine interne Seite mit unserem Podcast Angebot.

    Unsere Podcasts hosten wir in Deutschland bei dem Anbieter Podigee GmbH, Schlesische Straße 20, 10997 Berlin). Hierfür haben wir mit Podigee einen Auftragsverarbeitungsvertrag abgeschlossen.

    Die Podcasts werden bei Anklicken von Podigee geladen und via iFrame auf der STEAG-Website ausgegeben. Sie können die Podcasts in verschiedenen Formaten auch herunterladen. Wenn Sie diese Option wählen, werden Sie direkt zu Podigee weiter geleitet.

    Podigee verarbeitet IP-Adressen und Geräteinformationen, um Podcast-Downloads/Wiedergaben zu ermöglichen und statistische Daten, wie z.B. Abrufzahlen zu ermitteln. Diese Daten werden vor der Speicherung in der Datenbank von Podigee anonymisiert oder pseudonymisiert, sofern sie für die Bereitstellung der Podcasts nicht erforderlich sind. Weitere Informationen und Widerspruchsmöglichkeiten finden sich in der Datenschutzerklärung von Podigee: https://www.podigee.com/de/about/privacy/

    YouTube embeds
    Weiter setzen wir für Videos, die Sie auf unserer Website finden, sog. Einbettungen oder Embeds der Plattform Youtube ein. Youtube ist ein Dienst der Google Ireland Limited Gordon House, Barrow Street Dublin 4 Irland. Die Einbettung erfolgt durch das technische Verfahren des sogenannten Framings. Beim Framing wird durch das bloße Einfügen eines von Youtube bereitgestellten HTML-Links in den Code einer Website ein Wiedergaberahmen (Englisch: frame) auf unserer Website (sog. Drittpräsenz) erzeugt und so ein Abspielen des auf Youtube-Servern gespeicherten Videos ermöglicht. Wir setzen die von Youtube erzeugten Framing-Codes im sogenannten „erweiterten Datenschutzmodus“ ein. Gemäß den Angaben von Youtube werden Nutzungsdaten erst dann übertragen, wenn der Nutzer auf den play-button klickt und das Video startet. Wenn Sie unsere Seiten besuchen, ohne das Videoangebot zu nutzen, werden keine Daten an Youtobe übertragen Wir bieten Videos in unserem berechtigten Interesse an, Ihnen lebendige Einblicke in unser Unternehmen zu ermöglichen und unsere Produkte zu erklären (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).

    Angaben darüber, welche Daten durch YouTube verarbeitet und zu welchen Zwecken diese Daten genutzt werden, finden Sie in der Datenschutzrichtlinie von YouTube.

    Präsenz in sozialen Medien
    Wir unterhalten Auftritte in den „sozialen Medien". Weitere Informationen hierzu finden Sie hier.

    4.3.5 OpenStreetMap / uMap
    Auf unserer Website nutzen wir das Angebot des Open-Source-Projekts uMap, um über eine API (Programmierungsschnittstelle) des Kartendiensts OpenStreetMap individuelle Karten mit Markierungen anzubieten. Dies dient dem Zweck, Ihnen interaktive Karten direkt in der Website anzeigen, eine leichte Auffindbarkeit der von uns auf der Website angegebenen Orte und die komfortable Nutzung der Karten-Funktion zu ermöglichen. Anbieter ist die OpenStreetMap Foundation (kurz OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.

    Bei jedem Zugriff eines Nutzenden auf eine entsprechende Seite werden Daten von OSM-Caching-Servern (in der Regel der ihrem Standort am nächsten liegende, Liste abrufbar über hardware.openstreetmap.org/#tile-caches) sowie Servern in Frankreich für uMap abgerufen und im Browser dargestellt. Gleichzeitig werden auch Daten an diese Server gesendet und vorübergehend in einer Protokolldatei verarbeitet. Im Einzelnen werden über jeden Zugriff/Abruf folgende Daten gespeichert:

    • Datum und Uhrzeit des Abrufs (Zeitstempel) sowie die IP-Adresse des zugreifenden Geräts bzw. Servers,
    • Anfragedetails und Zieladresse (Protokollversion, HTTP-Methode, Referer, UserAgent-String),
    • Name der abgerufenen Datei und übertragene Datenmenge (angefragte URL inkl. Query-String, Größe in Byte) sowie
    • Meldung, ob der Abruf erfolgreich war (HTTP Status Code).

    Diese Protokolldaten werden für einen gewissen Zeitraum gespeichert. Sie dienen dabei der statistischen Auswertung, der Fehleranalyse und Abwehr von Angriffen. Die Verarbeitung der IP-Adresse ist notwendig, um Kommunikation im Internet zu ermöglichen. Die Datenschutzerklärung von OpenStreetMap finden Sie unter wiki.osmfoundation.org/wiki/Privacy_Policy und wiki.osmfoundation.org/wiki/Services_and_tile_users_privacy_FAQ.

    4.3.6 unsere Website
    Wir setzen zur Bereitstellung der Website IT- und Support-Dienstleister ein. Diese Dienstleister werden von uns sorgfältig ausgewählt und sind für uns als Auftragsverarbeiter tätig. Unser hosting-Anbieter ist Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen.

    Unsere Website-Agentur ist BOROS, Hofaue 63, 42103 Wuppertal.


    The processing of data will be carried out generally within a member state of the European Union (EU) or within a member state of the European Economic Area (EEA). Transfer of personal data to a third country or access to such data from a third country shall only take place if the special requirements of Art. 44 ff. GDPR are satisfied (e.g., by agreement of Standard Contractual Clauses or if the recipient acts on a legal basis adopted by the European Commission pursuant to Art. 45 (1) GDPR (so-called “adequacy decision”)). For more details, please refer to the individual service providers mentioned in section 4 hereinabove.


    You have a right of access, i.e. you may request that we disclose to you all your personal information that we have collected and hold for a certain period of time (Art. 15 GDPR). Furthermore, you may also request rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR) and have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).

    If we process your personal data on the basis of your consent, you may withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to your withdrawal of consent, but prevents future processing.

    Notices of withdrawal of consent and other requests can be addressed to our Group Data Protection Officer.

    Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your objection to advertising using the following contact details: info@steag.com 

    We take your inquiries and concerns very seriously and always endeavor to address them.

    Furthermore, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR in conjunction with Section 19 BDSG. In North Rhine-Westphalia, the competent data protection supervisory authority is: Landesbeauftragte für Datenschutz und Informationsfreiheit (State Commissioner for Data Protection and Freedom of Information), North Rhine-Westphalia Kavalleriestr. 2 – 4, 40213 Düsseldorf, Germany.


    Last updated: June 2021