Controller, Data Protection Officer

The Controller pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is

Mannesmann Stainless Tubes
Wiesenstraße 36
45473 Mülheim an der Ruhr, Germany

You can contact our Data Protection Officer either via post by addressing your letter to the “Data Protection Officer” or via email at: 

Data collection

We specifically process the following personal data:



Every time a user accesses our web site and every time a file is downloaded, data is temporarily stored in a log file via this process. Stored data is evaluated anonymously and for internal purposes only for the purpose of continuously improving our web content. No personal evaluation is carried out. In particular, a data set containing the following information is stored upon each user access:

  • IP address used
  • Operating system used
  • Browser used
  • Access time
  • The web sites that you visit when on our site
  • The web sites from which you visit our site (where conveyed)
  • Data volume transmitted



Our web site uses cookies. These are small text files that are sent to your device via the browser. They don’t cause any damage. We use cookies to make our content user friendly. Cookies are stored on your device until they expire or until you delete them. They enable us to recognize your browser on your next visit.

If you do not wish this to happen, you can configure your browser to inform you of the placement of cookies and only allow this in individual cases. Deactivating cookies could restrict the functionality of our web site.


Web analysis

Our web site uses Matomo (formerly Piwik) - open-source software for the statistical evaluation of user visits. Cookies are used for this, which are text files stored on your PC. Usage information generated by the cookies is sent to our server and stored for user analysis purposes, helping us to optimize the web site. This procedure immediately renders your IP address anonymous, ensuring that you remain an anonymous user as far as we are concerned. The server on which the statistical data is stored belongs to a German provider and is also physically located in Germany.

If you do not agree to the data arising from your visit being stored and processed, you can prevent subsequent storage or usage with a single mouse click at any time. An opt-out cookie is placed in your browser and will Matomo will be unable to collect any session data. Please note: if you delete your cookies, your opt-out cookie will also be deleted and you will have to be reactivate it as required.


Contact forms

Your contact details will only be collected if you use the contact form to send us a notification or an enquiry, if you send us an order via the order form on our web site or send us an on-line application. Your details will only be collected to the extent required and to fulfil the stated purpose. Further information about on-line applications is available here...

Mannesmann Stainless Tubes GmbH is delighted that you are interested in our company and have chosen to visit our website. We take the issue of protecting your personal data very seriously. This document explains how personal data is processed when using our website and outlines the rights you hold in this regard.


Controller, Data Protection Officer

Mannesmann Stainless Tubes GmbH 
Data protection officer
Wiesenstraße 36
45473 Mülheim an der Ruhr, Germany

You can contact our Data Protection Officer either via post by addressing your letter to the “Data Protection Officer” or via email at:



Areas of our web site contain links to other web sites. We make reasonable efforts to check these links. The company is not responsible for the content or the assurance of data protection on the sites linked by us.


SSL encryption

For reasons of security and for protecting the transfer of confidential content that you send us, this site uses SSL encryption. An encrypted connection is recognizable by the fact that the address line in the browser changes from "http://" to "https://" and by the padlock icon in your browser line.

Third parties are unable to read the data that you send us if SSL encryption is activated.


Further information according to the General Data Protection Regulations (GDPR)


Deletion and storage periods of data

If we have stored personal data related to you, we will only process this data for the time period required to serve the purpose it was stored for, or for the time period required by law.

If the storage purpose ceases to exist or if the storage period required by law expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

Logfiles are deleted according to provider specifications:

  • The access logs of the Web servers log which page views took place at which time. They contain the following data: IP, directory protection user, date, time, pages viewed, protocols, status code, data volume, referer, user agent, host name viewed.
  • The IP addresses are stored anonymously. The last three digits are removed, i.e. becomes 127.0.0.*. IPv6 addresses are also anonymized. The anonymous IP addresses are kept for 60 days. Information about the directory protection user used is anonymized after one day.  
  • Error logs, which log incorrect page views, are deleted after seven days. In addition to error messages, these include the IP address accessing the page and, depending on the error, the website accessed. 
  • Access via FTP is logged with anonymous information on user name and IP address and stored for 60 days. 
  • The mail logs for sending e-mails from the web environment are anonymized after one day and then kept for 60 days. During anonymization, all data concerning the sender/recipient etc. is removed. Only the data at the time of sending and the information on how the e-mail was processed (queue ID or not sent) are retained.
  • Mail logs for sending via our mail server are deleted after four weeks. The longer retention period is necessary to ensure the functionality of the mail services and to combat spam.
  • It is not possible to individually define the storage period.

A storage going beyond this is exceptionally possible. In this case, however, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

Your data from the input mask of the contact form will be deleted when the respective conversation with you has ended. The conversation is terminated when it can be seen from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process (e.g. IP address) will also be deleted according to the aforementioned provider specifications.


Categories of recipient

Within Salzgitter AG, access to your data is only afforded to people and departments that require access to perform their duties within Salzgitter AG, to pursue our legitimate interests, or to fulfill contractual and legal obligations.

To enable us to offer you the best possible service and remain competitive, we also exchange data with other allied companies of Salzgitter AG where necessary to pursue our legitimate interests, provided that your interests or your basic rights or freedoms do not outweigh our interest. Whenever we exchange information with allied companies, we guarantee that data is transmitted in accordance with data privacy requirements and that your personal data is protected.

As a fundamental rule, if you provide your personal data to us, we will not pass this data on to third parties. Such data will only be disclosed

  • in order to fulfill legal obligations to authorized authorities,
  • in accordance with consent you provided, and
  • to IT service providers, e.g. in relation to administration and hosting of our website.


Data transfer to third countries

Data is only transferred to countries outside of the EU or the EEA (so-called third countries) in the event that this is stated in the present data privacy statement, is necessary to perform contracts, or is legally required, or in the event that you have given us your consent to do so.


Rights of data subjects

All data subjects have a right of access in accordance with Art. 15 GDPR. If we process your personal data, you have the right to rectification in accordance with Art. 16 GDPR, the right to erasure in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR, the right to object pursuant to Art. 21 GDPR and the right to data portability pursuant to Art. 20 GDPR. Restrictions to the right of access and the right to erasure apply pursuant to Sections 34 and 35 of the German Federal Data Protection Act (BDSG). Furthermore, data subjects have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).

If you have given us consent to process your personal data, you can also revoke this consent at any time by the same method you first provided it. You can revoke your consent without completing a form, e.g. by emailing or by sending a message to the contact address listed above. Revoking your consent does not affect the legality of the processing performed on the basis of your previously issued consent.


Right to object to data processing

Pursuant to Art. 21 para. 1 GDPR, you have the right to object at any time to the processing of your personal data performed on the basis of Art. 6 para. 1 lit. f) GDPR (data processing for the purposes of legitimate interests).

If you do raise an objection, we will no longer process your personal data for the purposes to which you have objected, unless

  • we can demonstrate overriding legitimate grounds that outweigh the interests, rights and freedoms of the data subject, or
  • the processing serves to assert, exercise or defend legal claims.

In the event that the objection only or also relates to data processing for the purpose of direct marketing, we will no longer process your personal data for this purpose.

You can raise an objection without completing a form, e.g. by emailing or by sending a message to the contact address listed above.


Legal basis for processing

Personal data processing relating to the use of contact forms is performed on the basis of Art. 6 para. 1 lit. b) GDPR, provided that the purpose of making contact serves to fulfill a contract or perform pre-contractual measures.

If our company is subject to a legal obligation which necessitates the processing of personal data, this processing is based on Art. 6 para. 1 lit. c) GDPR.

If we obtain your consent for personal data processing operations, this consent serves as the legal basis for processing pursuant to Art. 6 para. 1 lit. a) GDPR.

Furthermore, processing operations can be performed on the basis of Art. 6 para. 1 lit. f) GDPR, whereby processing is necessary to pursue a legitimate interest held either by our company or a third party, provided that the data subject’s interests, basic rights, or basic freedoms do not override our interest.

We use server log files, cookies, web fonts, Mapbox, embedded YouTube videos and web analysis tools so that you can use all of our website’s functions to their full extent and in order to structure and optimize our website in accordance with its users’ requirements. If you contact us via our contact form or using the functions in our Career blog, we will use your data for the purpose of interacting with you and for corporate communications.


Obligation to provide personal data

As a fundamental rule, there is no obligation to provide personal data when visiting our website. Contractual regulations may provide otherwise. If the specified personal data is not provided, in some circumstances, it may not be possible to achieve the individual described purposes.


No automated decision-making

We do not use fully automated decision-making within the meaning of Art. 22 GDPR.


Amendments to the data privacy statement

As the internet continues to develop, it will be necessary to make periodic amendments to the data privacy statement. Reviewing the data privacy statement at regular intervals will give you the opportunity to stay apprised of amendments.


Additional data protection information

For additional information concerning data protection for our business partners and their contacts according to the General Data Protection Regulations (GDPR), please click here.

Data Privacy Information for Applicants

Thank you for your interest in working for Salzgitter AG and its subsidiaries. Ensuring that we handle the personal data of our applicants*, employees and other third parties associated with us in a responsible manner is very important to us.
In the following information, and in accordance with Articles 12-14 of the EU General Data Protection Regulation (GDPR), we would like to give you an overview of how we process your personal data, your rights under data privacy law and details of how we handle the applications we receive online, via email and by mail.


Who is responsible for processing my personal data and who can I contact in this regard?

Salzgitter AG also operates the electronic application page for other companies in the Salzgitter Group. As a basic rule, the responsible body is the Salzgitter Group company specified in the respective job description.
The contact details of the company’s Data Protection Officer can be found in the “Data protection” section of the respective company’s website.


What purpose does data processing?

We need your personal data in order to process your application.
The data you provide as part of your application is processed and used exclusively for the purpose of applicant selection. In processing your application, we restrict ourselves to information you have directly provided. This could also include information that you have provided in online professional networks or job forums.
We only disclose your application – including to other companies in the Group or personnel consultants – if you have issued your corresponding consent to this disclosure.


What data do we process, why do we collect it, and what is the legal basis for doing so?

We process your personal data, if necessary, to examine the basis for establishing an employment relationship. The legal basis for this is, in principle, Article 6 Para. 1b of the GDPR within the meaning of Section 26 of the German Federal Data Protection Act (BDSG).
We only collect the personal data (more specifically your forename, surname, address, email address, the job you are applying for, and details from your application) that we require for the application procedure. In order to examine your application in full, we also need you to provide information on your professional experience to date.
In an online application, you enter this information yourself in the online form; for other application methods, we capture the relevant information from your application and scan in application documents where necessary.
As a fundamental rule, in the context of your application we only use the data provided directly by you or a person you have authorized to do so. In the course of the application procedure, further personal data relating to you may be collected from generally accessible sources or from former employers, teachers or trainers. This could also include data you make available online in the context of professional profiles (e.g. in business networks). We do not conduct further research into you as a person, e.g. using online search engines. When filling certain posts, in particular management positions – and subject to the condition that you give us your express consent to do so – we engage personnel consultants to hold assessment centers or conduct potential analyses.
If, in the course of the application procedure, we ask your gender by requesting your desired form of address, this is justifiable: we simply want to address you and write to you in the correct manner. Asking you to state your age or enter your date of birth is also justifiable as our activities are subject to statutory minimum age requirements.


Who will find out about your application?

Your data will, of course, be treated confidentially and only made accessible to people in the company involved in the appointment decision process (e.g. the HR department, the specialist area, the Works Council).
If, in the course of your application, you give your consent to the disclosure of your documents to other Group companies, your application data may be included in a corresponding Group-wide applicant pool if it is appropriate to do so.


How long will my data be stored?

If your application is unsuccessful, we will delete your data within 6 months, providing there are no legal grounds to oppose this deletion.

If an application procedure results in a job offer, we will retain your application documents in your personnel file on the basis of Art. 6 para. 1 sentence 2 letter b) of the GDPR and Section 26 para. 1 of the Federal Data Protection Act (BDSG) for the purpose of performing the employment relationship. In this case, we will provide specific data privacy information relating to the processing of this data in the context of the employment relationship.


How can I revoke my consent to disclosure of my application?

If you have given your consent to your application being disclosed in order to check other possible applications in the Salzgitter Group and would like to revoke this consent, please send an email to this effect to the contact person at the company to which you applied.
As a matter of precaution, we would like to make you aware that revoking your consent to disclosure of your application will prevent your application being considered again for other positions.


Reminder list (in the online application tool)

The career portal features an integrated reminder list that allows you to mark a job advertisement in the online application tool and then retrieve it quickly and easily at any time. You can add or remove a job advertisement from the reminder list using the star symbol. The reminder list can be called up from top right of each page within the career portal. The reminder data is stored in the user’s browser in the form of a cookie. The information saved has a lifespan of 14 days. The user can delete the cookies at any time or deactivate the use of cookies in the settings of their respective end device. However, doing so renders the reminder list function unavailable. None of the user’s personal data is stored on the servers of Salzgitter AG or a subcontracted data processor at any time, nor is such data disclosed to third parties. A user’s individual reminder list is specific to the individual end device and cannot be accessed from other end devices.


How is your data transferred?

Our Internet servers comply with the highest security standards and thereby ensure the best possible protection for your data against loss, misuse as well as unwarranted and unauthorized access, publication, amendment and deletion. Your data is transferred to our Internet server with appropriate encryption by means of the SSL procedure, which offers a high standard of security.


What does data security mean to us?

It is important to us that we protect our data and your data as best we can, in accordance with data protection provisions currently in force and using state-of-the-art technology (e.g. virus scanners, firewalls). Unfortunately, it is not possible to exclude the inherent risk of data misuse. For this reason, we recommend that you make backup copies of documents that are important to you.


Are the websites accessible at all times?

The Salzgitter Group cannot offer any guarantee that its webpages will be available at all times. Naturally, we strive to prevent malfunctions and remedy them quickly if they occur.


What are my rights under data protection law?

Each data subject has the right of access in accordance with Article 15 of the GDPR, the right to rectification in accordance with Article 16 of the GDPR, the right to erasure in accordance with Article 17 of the GDPR, the right to restriction of processing in accordance with Article 18 of the GDPR, the right to object in accordance with Article 21 of the GDPR, and the right to data portability as set down in Article 20 of the GDPR. Restrictions apply to the right of access and right to erasure pursuant to Sections 34 and 35 of the German Federal Data Protection Act (BDSG). Furthermore, the data subject has the right to lodge a complaint with a supervisory authority (Article 77 of the GDPR within the meaning of Section 19 of the German Federal Data Protection Act (BDSG)).
If you have given us consent to process your personal data, you can also revoke this consent at any time. This also applies to the revocation of declarations of consent issued to us prior to the GDPR’s entry into force, i.e. before May 24 2018. Please note that this revocation only applies to the future. Any processing that occurred prior to revocation of consent would not be affected.


Am I obligated to provide personal data?

In the course of the application procedure, you must provide the personal data required to establish, implement and terminate an employment relationship and to fulfill the associated contractual obligations.


Do you have any questions or comments regarding data privacy?

If you have any questions or comments on the topic of data privacy, please contact the company’s Data Protection Officer.

* For reasons of legibility, this text may not make explicit reference to both masculine and feminine pronouns. However, all content applies equally to people of all genders.