Data Protection Statement for Customers and Suppliers

In this Privacy Policy, you will learn how Steinmeyer Mechatronik GmbH (hereinafter “STM,” “we”) processes your personal data. In doing so, Steinmeyer Mechatronik GmbH fulfills its statutory information obligations pursuant to Articles 12–14 of the EU General Data Protection Regulation (GDPR).

In addition, we inform you below about the processing of your personal data in connection

  • with the contractual relationship between your employer and us, or
  • with our contractual relationship, if you are, for example, a sole proprietor and our direct contractual partner.

1. Data Controller within the Meaning of Data Protection Laws

The data controller within the meaning of the General Data Protection Regulation (GDPR) is

Steinmeyer Mechatronik GmbH / Fritz-Schreiter-Str. 32 / 01259 Dresden, Germany, represented by Dr. Ing. Manfred Münch and Dr. Markus Czanta.

You may contact our data protection officer at the above contact details as well as by email at: D3 Datenschutz UG (limited liability) / Nico Villing / datenschutzbeauftragter(at)steinmeyer.com

2. For What Purposes Do We Process Your Data (Purpose of Processing) and on What Legal Basis?

We collect, use, and store your personal data for the purposes listed below.

A. Processing of Your Data for the Establishment, Performance, and Termination of a Contractual Relationship (Art. 6(1)(b) GDPR)

We process your data in order to enter into, perform, or terminate a contract with you or your employer. These data include, in particular:

  • Your name,
  • Your business address,
  • Your business contact details, such as telephone number and email address, as well as correspondence and contractual agreements with us,
  • Performance metrics, e.g., information that enables us to assess the performance of a supplier, including supplier personnel.

If you are our direct contractual partner, we collect additional data from you, such as:

  • Your bank details.

If we have not received the above-mentioned data directly from you, they originate from publicly accessible sources. We do not sell your personal data to third parties, nor do we otherwise market them.

B. Processing of Your Data Based on Legitimate Interests (Art. 6(1)(f) GDPR), Provided That Your Interests Worthy of Protection Do Not Outweigh Our Legitimate Business Interests

If you are our direct contractual partner, we may conduct a prequalification procedure under certain conditions when establishing contractual relationships.

In doing so, we determine whether we are permitted to enter into a business relationship with you, taking into account the provisions of the German Anti-Money Laundering Act as well as EU sanctions lists pursuant to EU Regulations 2580/2001 and 881/2002.

For the purpose of consulting and exchanging data with credit agencies and for assessing creditworthiness or default risks in our procurement processes, we obtain information on credit-relevant characteristics from credit agencies prior to concluding the contract.

In addition, we process your data to safeguard legitimate interests of ourselves or third parties, including but not limited to:

  • Protection of our legitimate business interests and legal rights, including use in connection with legal claims, compliance, regulatory, audit-related, and investigative purposes (including disclosure of such information in connection with legal proceedings or litigation) and compliance reporting obligations,
  • Management of performance and ensuring the security of our devices, facilities, and electronic platforms, including data backup and data protection controls,
  • Prevention and investigation of criminal offenses,
  • Video surveillance to safeguard domiciliary rights and to collect evidence,
  • Building and facility security (e.g., access controls),
  • Enforcement of domiciliary rights,
  • Business management,
  • Providing you, as our business partner, with information about our products, services, offers, or technical developments (direct marketing) that you request from us or that we believe may be of interest to you, insofar as legally permissible,
  • Storage of certain personal data if you have purchased products or indicated a preference regarding marketing communications or other correspondence, for example, in order to process follow-up inquiries or to improve our service.

For internal administrative purposes, personal data may also be disclosed to other companies within the Steinmeyer Group insofar as this is necessary.

3. Is There an Obligation for Me to Provide Data?

You must provide those personal data that are necessary for the initiation and performance of the contract and for fulfilling the associated contractual obligations, or that we are legally required to collect. Without these data, we will generally have to refuse to conclude a contract or will no longer be able to perform an existing contract and may have to terminate it.

4. To Whom Are Your Data Disclosed?

Within the Steinmeyer Group, those departments receive access to your data that require them to fulfill contractual and legal obligations, such as central purchasing or for internal coordination of your services.

Service providers and agents engaged by us may also receive data for these purposes. These include companies in the categories of IT services, logistics, printing services, telecommunications, billing, and debt collection.

With regard to the transfer of data to recipients outside the Steinmeyer Group, it should be noted that we only disclose necessary personal data in compliance with applicable data protection regulations. As a rule, we may only disclose personal data of our business partners if legal provisions require this, the data subject has given consent, or we are otherwise authorized to do so. Under these conditions, recipients of personal data may include, for example:

  • Public authorities and institutions (e.g., tax authorities, law enforcement agencies) in the presence of a legal or official obligation,
  • Creditors or insolvency administrators making inquiries in the context of enforcement proceedings,
  • Auditors,
  • Service providers engaged by us within the framework of data processing agreements,
  • Business partners.

In all of the above cases, we ensure that recipients only receive access to your personal data to the extent necessary to perform specific tasks.

If you have given us consent to process your personal data for specific purposes (e.g., sending our newsletter), the lawfulness of this processing is based on your consent. We send customer newsletters by email containing information about new products, events, and offers from our company. We only send newsletters to email addresses for which explicit subscription confirmations exist or that may receive electronic advertising in accordance with Section 7(3) of the German Act Against Unfair Competition (UWG), provided that the use of the email address has not been objected to.

Your data are transmitted to and processed by the service provider named below.

Newsletter software service provider:

Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, support(at)sendinblue.com
Privacy overview: de.sendinblue.com/datenschutz-uebersicht/

The service provider is a German certified provider selected in accordance with the requirements of the GDPR and the German Federal Data Protection Act. Disclosure of your data to third parties is prohibited.

You may revoke your consent by clicking the link provided in each newsletter email, via the website form, by email to mechatronik(at)steinmeyer.com, or by sending a message to the contact details listed in the legal notice.

5. Data Transfers to Third Countries

Data transfers to countries without an adequate level of data protection (“third countries”) occur in the context of administration, development, and operation of IT systems, and only insofar as (a) the transfer is generally permissible and (b) the special requirements for a transfer to a third country are met, in particular that the data importer ensures an adequate level of data protection in accordance with the EU Standard Contractual Clauses for the transfer of personal data to processors in third countries.
The EU Standard Contractual Clauses are available at the following link: eur-lex.europa.eu

6. How Long Do We Store Your Data?

For employees of our contractual partners:
The personal data provided to us by your employer are stored and used by us for the purpose of possible further orders by your employer or with your employer until either your employer or we are no longer interested in a further business relationship.

If you are our direct contractual partner:
After termination of the contractual relationship, we store the data relevant to this contractual relationship for the duration of statutory retention obligations and delete them after their expiration. Excluded are personal data provided by you that we store and use for the purpose of possible further orders (e.g., inspection cycles, inspection, maintenance, servicing, repair) until either you or we are no longer interested in a further business relationship. You will inform us if you are no longer interested in a further business relationship with us.

7. Automated Decision-Making

In some cases, we process personal data in an automated manner with the aim of evaluating certain personal aspects (profiling). We use profiling, for example, in the following cases:

  • Due to legal and regulatory requirements, we are obliged to combat terrorist financing. This also involves data analyses relating to your person. These measures also serve to protect you.
  • As part of assessing the creditworthiness of our contractual partners, we use scoring. This involves calculating the probability that a contractual partner will fulfill contractual obligations as agreed. Factors such as income, expenses, existing liabilities, profession, employer, experience from previous business relationships, contractual repayment of previous loans, and information from credit agencies may be included. The scoring is based on a mathematically and statistically recognized and proven procedure. The calculated score values support us in decision-making when concluding contracts and are incorporated into ongoing risk management.

8. What Rights Do You Have?

You have the right to information pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR, and the right to data portability pursuant to Article 20 GDPR with regard to the processing of your personal data by us. The rights to information and erasure are subject to the restrictions of Sections 34 and 35 of the German Federal Data Protection Act (BDSG). In addition, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR in conjunction with Section 19 BDSG.
These rights may be restricted, for example, if your request would disclose personal data about another person or if you request deletion of information that we are legally required to retain or for which we have compelling legitimate interests.

Information on Your Right to Object Pursuant to Article 21 GDPR

1. Case-by-Case Right to Object

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(e) GDPR (processing in the public interest) and Article 6(1)(f) GDPR (processing based on a balancing of interests); this also applies to profiling based on these provisions within the meaning of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

2. Right to Object to Processing of Data for Advertising Purposes

In individual cases, we process your personal data for the purpose of direct marketing. You have the right to object at any time to the processing of personal data concerning you for such advertising purposes; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

You may object to data processing for advertising purposes at any time free of charge, separately for each communication channel, and with effect for the future. An email or written notice to the contact details listed above is sufficient.

9. Contact

If you have any questions about this Privacy Policy, please contact our data protection officer.

You can reach our corporate data protection officer by email at datenschutzbeauftragter(at)steinmeyer.com.

Last updated: January 1, 2026