Thank you for visiting our website and your interest in our company as well as in our services and solutions.
Data protection and data security have a high priority in our company – we take the protection of your personal data very seriously. For this purpose, we have implemented technical and organizational measures to ensure that the requirements of the relevant data protection laws, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), are met. The compliance with high security standards when using our website is a central concern for us in order to be able to guarantee that your personal data is handled in a data protection compliant manner.
We use the following terms in this privacy statement:
(1) Personal data
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(2) Data Subject
A data subject is any identified or identifiable natural person whose personal data are processed by the controller.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
(4) Restriction of Processing
‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.
‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
‘Pseudonymization’ means the processing of personal data in such a manner that the personal data can no longer be allocated to a specific data subject without the use of additional information. It is provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
(7) Controller or person responsible for the processing
‘Controller’ or ‘person responsible for the processing’ describes the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. If the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The ‘recipient’ is a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether or not that person is a third party. However, any authority, which may receive personal data under a particular investigation mandate in accordance with Union law or the law of the Member States, shall not be considered a recipient.
(10) Third party
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
‘Consent’ shall mean any voluntary, informed and unambiguous expression by the data subject of his or her will in the particular case, in the form of a statement or other unequivocal confirmatory act, indicating that he or she consents to the processing of his or her personal data.
(1) In the following we inform you about the processing of personal data when using this website.
(2) Service provider according to § 13 Telemediengesetz (TMG) and responsible body according to the EU data protection regulation is steep GmbH, see our imprint.
We maintain current technical measures to ensure data security, in particular to protect your personal data from the dangers of data transmission and from third parties gaining knowledge. These are adapted to the current state of the art.
(1) The use of this website is for informational purposes only. We do not process any personal data, with the exception of data transmitted by your browser to enable you to visit the website.
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Contents of the request (concrete page)
- Access Status/HTTP Status Code
- Amount of data transferred in each case
- Website from which the request originates
- Operating system and its interface
- Language and version of the browser software
(2) When you contact us by e-mail or via a contact form, the data you provide us with (your e-mail address, possibly your name and telephone number) will be stored by us in order to answer your enquiry. We will delete the data in this context in accordance with the legal requirements, if the storage is no longer necessary, or limit processing, if there are legal storage obligations.
(3) Cookies are also stored on your computer when you use the website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective.
- Persistent Cookies
- Third Party Cookies
b) Persistent cookies are automatically deleted after a specified time period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
c) You can configure your browser settings according to your wishes and, for example, reject the acceptance of all cookies. However, we would like to point out that you may then not be able to use all the functions of this Website.
(4) This stored information will be collected separately from any other data you may provide to us. In particular, data from cookies will not be linked to your other data.
(1) As far as you have given us your consent for the processing of your personal data, this was the legal basis for the processing (Art. 6 para. 1 letter a GDPR).
(2) 6 para. 1 letter b GDPR provides the legal basis for the processing of personal data for the purposes of initiating or fulfilling a contract with you.
(3) If the processing of your personal data is necessary for the fulfilment of our legal obligations (e.g. for the storage of data), we are entitled to do so in accordance with Art. 6 Para. 1 Letter. c GDPR.
(4) In addition, we process personal data for the purposes of asserting our legitimate interests and the legitimate interests of third parties in accordance with Art. 6 Para. 1 Letter f GDPR.. Die Maintaining the functionality of our IT systems, but also the marketing of our own and third-party products and services as well as the legally required documentation of business contacts are such legitimate interests.
Your IP address, which we only store for security reasons, will be deleted after fourteen days. We will also delete your personal data as soon as the purpose for which we have collected and processed the data no longer applies. Beyond this time the data will only be stored if this is necessary in accordance with the laws, regulations or other legal provisions of the European Union or a member state of the European Union to which we are subject.
(1) Access to personal data
You have the right to request the following information from the responsible person:
- the purposes for which the personal data will be processed;
- the categories in which personal data are processed;
- the recipients or categories of recipients to whom the personal information about you has been or will be disclosed;
- the planned duration of the storage of your personal data or, if this is not possible, criteria for determining the storage duration;
- You have the right to request information as to whether your personal data will be transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees according to Art. 46 GDPR in connection with the transmission.
(2) Right to correction
You have the right to demand the correction and/or completion of any inaccurate or incomplete personal data concerning you from the data controller. The data controller is responsible for correcting the data immediately.
(3) Right to deletion
a) You may request the data controller to delete your personal data immediately and the data controller is obliged to delete such data without delay if one of the following reasons applies:
- Your personal data are no longer required by the purposes for which they were collected or otherwise processed..
- You revoke the consent upon which the processing was based in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
- You object to the processing in accordance with Art. 21 para. 1 GDPR and there are no legitimate predominant reasons for the processing, or you object to the processing in accordance with Art. 21 para. 2 GDPR.
- Your personal data has been processed unlawfully.
- The deletion of your personal data is necessary to fulfil a legal obligation according to Union law or the law of the Member States to which the data controller is subject..
- Your personal data have been collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
b) Information to third parties
If the responsible entity discloses your personal data and is obliged to delete them in accordance with Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, under consideration of the available technology and the implementation costs, to inform the data controllers processing the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
The right to deletion shall not apply if the processing is necessary.
- for exercising freedom of expression and information;
- to fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject or to perform a task inherent in the public interest or performed in the exercise of official authority entrusted to the controller;
- for reasons of public interest in the interest of public health according to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;
- for archive purposes in the public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 para. 1 GDPR, to the extent that the law referred to under section a) is likely to prevent or seriously impair the attainment of the objectives of such processing, or
- for the assertion, exercise or defence of legal claims.
(4) Right to limitation of processing
Under the following conditions, you may request the processing of your personal data to be limited:
- if you dispute the accuracy of your personal data for a period of time that allows the data processor to verify the accuracy of your personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the usage of personal data;
- the data controller no longer requires the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
- if you have objected to the processing in accordance with Art. 21 para. 1 GDPR and it has not yet been determined whether the justified reasons of the data processor outweigh your reasons.
If the processing of your personal data has been restricted, such data – with the exception of their storage – may be processed only with your consent or for the assertion, exercise or defence of legal rights or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.
If the processing restriction has been limited in accordance with the aforementioned conditions, you will be informed by the data processor before the restriction is withdrawn.
(5) Right to restriction of processing
At any time, you have the right to object to the processing of your personal data for reasons arising from your particular situation, including profiling based on these provisions, in accordance with Art. 6 para. 1 lit. e or f GDPR.
The responsible party will no longer process your personal data unless he can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling in so far as it is connected with such direct advertising.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
(6) Right to revoke the data protection consent declaration
You have the right to revoke your data protection declaration of consent at any time, without special justification. The revocation of your consent does not affect the legality of the processing performed on the basis of your consent until you revoke it. The affected party is aware that such a revocation can have effects on the continuation of the contractual relationship.
(7) Right to data transferability
You have the right to receive your personal data in a structured, common and machine-readable format, which you have provided to the responsible person.
(8) Right to complain to the supervisory authority
You have the right to complain to a data protection supervisory authority about the processing of your personal data by the responsible party.
(1) We deliberately decided against the use of social media plug-ins. This means that when you visit our website, your user data is not automatically transferred to the servers of social networks such as Xing, LinkedIn, Facebook or similar.
(2) Instead of the social media plug-ins, we have decided to implement links so that data is not passed on to social media services in advance.
(3) Via our website you can, if you wish, connect to social networks such as Xing, LinkedIn or Facebook via the link. However, this only happens if you consciously click on this link.
(1) As the provider of our website, we are responsible for the content of our own online offering. We may have to distinguish between these own contents and links to contents provided by other parties, for which we cannot assume any responsibility and do not adopt their contents as our own. However, we have no influence on whether the website operators linked to us comply with the relevant data protection regulations. This privacy statement does not apply to the websites of other providers. Not even if they are accessed via links on the steep GmbH website.
(2) For this reason, please observe the respective data protection regulations of the other providers. We therefore accept no liability for the content of external websites. Only the respective third party provider is liable for damages caused by erroneous or illegal contents of his website.
(1) steep GmbH operates a Facebook fan page together with Facebook to communicate with users and to point out interesting offers around our range of services.
The visitor to our Facebook page uses the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland for the information service offered here.
Please note that you use this Facebook page and its features at your own risk. In particular, this applies to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access the information offered on this page on our website via: www.steep.de.
When visiting our Facebook page, among other things, Facebook collects your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us, as operators of Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more detailed information on this subject can be found via the following link: https://de-de.facebook.com/help/pages/insights
The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. The information Facebook receives, and how it is used, is described in general terms by Facebook in its data use guidelines. There, you will also find information on how to contact Facebook and how to set up advertisements. The Data Usage Guidelines are available at the following link: https://de-de.facebook.com/about/privacy
The complete Facebook data guidelines can be found here: https://de-de.facebook.com/full_data_use_policy
How Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and is therefore not available to us.
When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for “German” IP addresses) and deleted after 90 days. In addition, Facebook stores information about its users’ devices (e.g. as part of the “registration notification” function); Facebook can thus assign IP addresses to individual users if necessary.
If you are currently logged in to Facebook as a user, there is a cookie with your Facebook identification on your device. This enables Facebook to track that you have visited this page and how you have used it. This also applies to all other Facebook pages. Facebook buttons integrated into web pages enable Facebook to record your visits to these web pages and assign them to your Facebook profile. This information can be used to tailor content or advertising to you.
If you want to avoid this, you should log out of Facebook or deactivate the function “stay logged in”, delete the cookies on your device and close and restart your browser. This deletes Facebook information that immediately identifies you. This allows you to use our Facebook page without revealing your Facebook identifier. When you access the interactive features of the page (like, comment, share, message, etc.), a Facebook login screen appears. Once you have logged in, Facebook will recognize you again as a specific user.
(2) Use of Facebook Insights
When operating this Facebook page, Facebook provides us with so-called page insights. The Insights data is processed on the basis of an agreement on the joint processing of personal data that we have concluded with Facebook Ireland Limited (“Facebook”).
a) Purpose for processing
The processing of personal data generated by Insights is intended to enable us to obtain statistics that Facebook generates based on visits to our Facebook page. This enables us to know the profiles of visitors who like our Facebook Page or who use our applications to provide them with relevant content and develop features that may be of greater interest to them.
In particular, we may receive demographic and geographic information about our target audience that may, for example, tell us where to conduct specific promotions and generally enable us to target our information offering as effectively as possible. The visitor statistics compiled by Facebook are transmitted to us exclusively in anonymous form. We also use the Facebook page to communicate with Facebook users or interested parties and to inform them about offers and activities. If we receive personal data in this context, it is processed exclusively for the purpose of communication and interaction.
b) Legal basis of the processing
Our legitimate interest in data processing on the basis of Article 6 paragraph 1 lit. f GDPR also lies in the purposes mentioned above.
c) Processing of data outside the EU
It is possible that user data may also be processed outside the European Union by Facebook Inc. based in the USA. However, Facebook Inc. has submitted to the conditions of the EU-US Privacy Shields and is thus committed to comply with European data protection regulations.
d) Right of objection
Under Advertising Preference Settings, Facebook users can control the extent to which their user behavior is recorded when they visit our Facebook page. Other options include the Facebook Settings or the Right of Objection form. General information can be found in Facebook’s data policy.
e) Rights of data subjects
As only Facebook has full access to your user data, we recommend that you contact Facebook directly in case of requests for information or other concerns regarding your rights. If you no longer wish to participate in the data processing described herein, please remove the link between your user profile and our site by using the “I no longer like this page” and/or “Do not subscribe to this page” options.
For information on how to manage or delete existing information about you, visit the following Facebook Support pages:
As the provider of the information service, we do not process any other data from your use of our service.
(1) Integration of YouTube videos
We have integrated YouTube videos into our online service, which are stored on http://www.YouTube.com and can be played directly from our website.
These are all integrated in the “extended data protection mode”, i.e. no data about you as a user is transferred to YouTube if you do not play the videos.
The data specified in the following paragraph will not be transmitted until you play the videos. We have no influence on this data transfer.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data specified under “Visiting the website and purpose of data use” of this declaration will be transmitted. This information is transmitted regardless of whether YouTube provides a user account that you are logged in to or whether there is no user account.
When you are logged in to Google, your information will be directly associated with your account. If you do not want your profile to be associated with YouTube, you will need to log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or the need-based design of the YouTube website.
Such an evaluation is conducted in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
(2) Google Maps
(1) This website uses the web analysis service software Matomo (matomo.org), a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, (“Matomo”) to process data on the basis of our legitimate interest in statistical analysis of user behaviour for optimisation and marketing purposes in accordance with Art. 6 para. 1 lit. f DS-GVO. From this data, pseudonymised user profiles can be generated and evaluated for the same purpose. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of the Internet browser of the page visitor. Among other things, cookies permit the recognition of the Internet browser. The data collected with Matomo technology (including your pseudonymised IP address) is processed on our Servers.
(2) The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not combined with personal data about the bearer of the pseudonym. For this purpose we use the PrivacyManager Plugin in Matomo, which anonymizes your IP address.
(3) If you do not agree with the storage and evaluation of this user data from your visit, you can object to its storage and use at any time. In this case a so-called opt-out cookie is stored in your browser, which means that Matomo does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie is also deleted and may have to be reactivated by you.
steep uses the plugin “Antispam Bee”, an open source software, developed in Germany and Switzerland The plug-in is used to prevent spam in comments below posts. The plug-in filters which comments were posted by a real person or a spam bot and automatically blocks spam comments. The plug-in does not collect any user data (e.g. IP address).
Further information about the plug-in “Antispam Bee” can be found here:
(1) It is possible to send us your applications via our online application form. If you send us an application via our online application form, you consent to its storage and use for the purpose of the contact and to its storage and use as part of our talent pool for consideration in future application procedures. The information will of course be treated confidentially and will only be stored and used for a specific purpose. An objection, deletion or correction of your data is possible at any time.
(2) For the organization and execution of the application process it may be necessary for the steep GmbH to pass on the applicant’s personal data to customers (companies or authorities) for the evaluation of the application or within the scope of order data processing.
(3) For the purpose of carrying out and completing the application procedure properly, we will keep your application documents for 6 months (after rejection) (Art. 6 para. 1 letter b GDPR). At the end of this period, your documents will be shredded according to regulations and your personal data will be irrevocably deleted.
For questions concerning data protection, please contact our data protection officer via: