Data protection

Salzgitter Flachstahl GmbH is delighted that you are interested in our company and have chosen to visit our website. We take the issue of protecting your personal data very seriously. This document explains how personal data is processed when using our website and outlines the rights you hold in this regard.

Controller, Data Protection Officer

The Controller pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is

Salzgitter Flachstahl GmbH
Zentralaufgaben Personal
Eisenhüttenstraße 99
38239 Salzgitter, Germany
Phone: +49 5341 21-6294

You can contact our Data Protection Officer either via post by addressing your letter to the “Data Protection Officer” or via email at:

Data processing

We specifically process the following personal data:

Server log files

Every time a user accesses our website and every time a file is downloaded, data regarding this process is temporarily stored in a log file. The stored data is analyzed anonymously and will only be used for internal statistical purposes so that we can continually improve the web content we offer. No person-related use takes place in this respect. In particular, a data set containing the following information is stored upon each user access:

  • the IP address used
  • the operating system used
  • the browser used
  • the time of access
  • the pages you visit on our site
  • the website you last visited (if transmitted)
  • the volume of data transmitted

Cookie settings

Our website uses cookies. These are small text files that are placed on your end device via your browser. We use cookies for creating a user-friendly website. Cookies remain on your end device until they expire or until you delete them. They enable us to recognize your browser on your next visit.

If you do not want this to happen, you can configure your browser to inform you, when cookies are placed and to allow this only on a case-by-case basis. Deactivating cookies may diminish the functionality of our website.


Your consent applies to the following domains:

Essential Keine Daten gefunden
Statistic Keine Daten gefunden
External media Keine Daten gefunden
Checksum Keine Daten gefunden
Consent date Keine Daten gefunden

Cookie declaration last updated on 16.11.2023


Essential cookies enable basic functions and are necessary for the proper functioning and use of the website.

Name CookieConsent
Explanation Saves the visitors' settings, which services and cookies should be allowed.
Provider Salzgitter AG
Cookies tx_cookieconsent
Privacy Policy
Name Mapbox
Explanation Mapbox provides maps and geo-functions for this website.
Provider Mapbox, Inc.
Privacy Policy
Name Favoritenfunktion Karrierebereich
Explanation Saves favorite job offers and is used to display them in the top area of the page.
Provider Salzgitter AG
Cookies tx_szagcareerfrontend_favorites
Privacy Policy
Name eService
Explanation eService provides the functionality of the product range.
Provider Salzgitter AG
Cookies sap-appcontext, sap-usercontext
Privacy Policy
Name Filter Karrierebereich
Explanation Saves the currently set filters to apply them again once you navigate back to a listing.
Provider Salzgitter AG
Cookies tx_szagcareerfrontend_filters
Privacy Policy


Statistics Cookies collect information anonymously. This information helps us to understand how our visitors use our website.

Name Siteimprove
Explanation Siteimprove is used for website analysis and stores statistical non-personal information for the subpages that the visitor views. This information is used to optimize the user experience of the visitor.
Provider Siteimprove GmbH
Cookies nmstat
Privacy Policy

External media

Content from video platforms and social media platforms is blocked by default. If cookies from external media are accepted, access to this content no longer requires manual consent.

Name YouTube
Explanation This website embeds videos from the website YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Through your consent to display the YouTube content, it can be displayed and played directly within our site.
Provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy
Name SZFG Newsletter Microsoft Dynamics 365 Marketing
Explanation Your data required for registration and personalization of the newsletter is stored on the Dynamics365 servers. In addition, Dynamics365 records your browser to record the time spent on the form pages.
Provider Microsoft Deutschland GmbH
Cookies 79f08280-5c63-4331-b04d-fb6f39afda51, 319af4c0-e197-4de9-8a9b-fe98c8a2ca04, msd365mkttr, msd365mkttrs
Privacy Policy

Web analysis

Our website uses the web analysis tool Siteimprove, provided by Siteimprove GmbH, a company based in Berlin with servers in Germany and Denmark. This tool uses information of cookies and server log files: this information is transmitted to the Siteimprove server, where it is processed to evaluate visitors’ use of our website and to compile reports for us concerning website activities. Siteimprove does not pass this information on to third parties. IP addresses are irreversibly anonymized before the collected data is made accessible by Siteimprove Analytics. We have concluded a corresponding data processing contract with Siteimprove.

You can prevent Siteimprove from collecting your data at any time by adjusting your current selection under "Data protection settings". Doing so places an opt-out cookie that prevents your data from being collected when you visit our website in future. Please note that web analysis will only be prevented as long as the opt-out cookie is stored in your browser; if you delete the cookie, web analysis will not be prevented in future.

Opt-out - Disable Siteimprove Analytics: Adjust privacy settings


We use the services of Mapbox Inc. (Mapbox) to display interactive maps on some pages of our website. Using our website may lead to information about your use of this website, including your IP address, being transmitted to Mapbox in the USA.

When you access a page that contains Mapbox maps, your browser establishes a direct connection with Mapbox servers. The map content is directly transmitted by Mapbox to your browser, which integrates the content into the website. We therefore cannot influence the amount of data, which is collected by Mapbox in this manner.

If you do not want Mapbox to process your data via our website, you can deactivate JavaScript in your browser settings. However, if you choose to do so, you will not be able to view the maps on our site.

You can find further information about the purpose and scope of data processing by Mapbox, your rights in this regard, and the configuration options available to protect your privacy in the Mapbox privacy policy at:

You can prevent Mapbox from placing cookies on your device by deactivating third-party cookies in your browser settings.

Google Maps

On this website we use the offer of Google Maps. This allows us to show you interactive maps directly on the website and enables you to conveniently use the map function such as displaying global location or planning a route to the location.

Google Maps is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The legal basis for the processing results from Art 6 I lit a, f DSGVO due to your voluntary information for the search and, when used, for the creation of a map and our legitimate interests in the presentation of our location as well as an easy findability of the places we indicate on the website.

By using Google Maps, information about your use of this website (including your IP address) may be transmitted to and stored by Google on servers in the United States. Google may transfer the information obtained through Maps to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. Nevertheless, it would be technically possible for Google to identify at least individual users on the basis of the data received, especially if the user is logged in to Google. It would be possible that personal data and personality profiles of users of the website could be processed by Google for other purposes over which we have and can have no influence.

The Google Maps service is deactivated until the user gives his or her consent and can be revoked at any time via the cookie settings even after consent has been given. We would like to point out that a map display and use of the associated comfort functions is not possible without consent.

The Google privacy policy and additional terms of use for Google Maps can be found at
You can also change the loading of Google plugins in your privacy settings at Google uses cookies and other data to provide, manage and improve services. The use of Google services may also be analysed by Google partners. You can also find out more about Google privacy tools at Help page with further information on Google Maps:


We have integrated YouTube videos on our website that are stored at and can be viewed directly from our website.

They are all integrated in “privacy-enhanced mode”, which means that no data about you as a user is transmitted to YouTube, if you do not watch these videos. Data is only transmitted to the YouTube server when you play the videos. If you are logged into your YouTube account at the same time, this information is attributed to your YouTube user account. You can prevent this by logging out of your YouTube user account before visiting our website.

YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can find more information about how YouTube (Google) handles user data at:


We have included a Twitter widget on our Group websites to display tweets of our Twitter account. Therefore, the server is simply connected to Twitter and the content is then processed by our server before it is displayed on our Group pages. This excludes a direct and unknowable communication between the user of the Group websites and Twitter in the first place.

(Personal) data is only transmitted when the user clicks on one of the links within the Twitter post. Regardless of the registration status, data will be transmitted to Twitter from this point on. For this, a connection to Twitter is established, log data is transmitted to Twitter and, if necessary, a cookie is set on the user's computer. According to its own information, Twitter begins to delete, remove the identification or the record of data after a maximum of 10 days; this should normally take place immediately, but can take up to a week. Further information can be found at

Contact forms

If you wish to use the contact forms on our website to communicate with us, you will be required to enter your forename, surname and email address. We will not be able to process the issue you enter in the contact form without this information. Entering your postal address is optional; it enables us to process your issue and reply via post, if you wish. In addition, our system collects the IP address of the computer you use to submit the form as well as the date and time the form is submitted. The information you provide is collected to the required extent and is used exclusively for the purpose of processing your inquiry.

You can find information about online applications here.

Google Webfonts (local)

We have only integrated Google fonts locally on our website, i.e. no data is transferred to Google servers through their use.

Newsletter (Microsoft Dynamics 365 Marketing)

To subscribe to and receive our newsletter, we use the Microsoft Dynamics 365 Marketing service provided by Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich, Germany (hereinafter referred to as "Dynamics"). Your data required for registration and personalization of the newsletter is stored on the Dynamics servers.

Dynamics uses special functions to make newsletter registration, dispatch and subscriber management efficient. This system also allows us to track your interactions with our newsletters in order to improve the quality and relevance of our communication.

To use the online version of the newsletter, the newsletter archive and the subscription and unsubscription forms, we redirect you to the Dynamics servers. You can find the Microsoft Dynamics privacy policy here: Data protection and privacy. (

By subscribing to our newsletter, you agree to receive it and to the procedures described.

Career blog's comment function

You can use the comment function to add your own comments. To use the comment function, a user must enter a name; users may choose to enter a pseudonym, if they wish. They must also enter their email address. Entry of an email address is required so that we can pass on any complaints relating to your comments on the blog and ask you to make a statement in this regard. It is not possible to use the comment function without entering this information. In publishing your comment, we save the email address you enter but do not publish it. We also save your IP address. Your name is only published, if you write a comment using your real name rather than a pseudonym. Comments are not reviewed prior to publication. We reserve the right to delete comments that third parties claim to be illegal.

Share-Buttons/Social Plug-Ins

On our career-related blog "Karriereblog", we use secure Shariff interfaces to provide social media plugins from Facebook, Twitter and Xing to our website’s users. Where data from social networks – such as the number of likes – is shown to the user, these queries are submitted to the website by our server. The user remains anonymous during this process until they become active by clicking on the respective button.

You can find more information on the Shariff Project at:

Only when you click on the marked field and thereby activate it, the plugin provider is informed that you have accessed the corresponding page of our web content and can then attribute the action (share or like) to your IP address or, if applicable, to a user account on the respective platform, if you are logged in at the time. By activating the button, personal data is therefore transmitted to the respective provider and stored here.

We cannot influence the collected data or data processing operations, nor are we aware of the full scope of data collection, the purposes of data processing or the retention periods of the data.

The plugin provider stores the data collected about you as a user profile and uses this profile for the purposes of advertising, market research, and/or to tailor their website according to your needs. An evaluation of this type is conducted in particular (including for users who are not logged in) to display tailored advertisements and to inform other social network users about your activities on our website. You have the right to object to the creation of this user profile; to exercise this right, you should contact the respective plugin provider directly. The purpose of integrating plugins is, to enable our users to share our website’s content and to make this content more interesting.

You can find more information about the purpose and scope of data collection and the processing of this data by the plugin provider in the providers’ data privacy policies listed below. These documents also provide further information regarding your rights in this regard and configuration options to protect your privacy.

Data processing by social networks

We – Salzgitter Flachstahl GmbH - maintain publicly accessible profiles on social networks. We have listed the specific social networks that we use for you below.

Social networks are usually able to analyze user behavior in detail when their sites are visited.

If you are logged into your social media account and you visit our social media sites, the operator of the social media portal can match this visit to your user account. However, in certain circumstances, it may also be possible to capture your personal data even if you are not logged in or you have no account with the relevant social media portal. In this case, such data capture is performed by cookies, for example, which are stored on your device, or by registering your IP address.

Using the data captured in this manner, operators of social media portals can create user profiles in which your preferences and interests are stored. In this way, advertising relating to your interests can be displayed to you inside and outside the relevant social media website. If you have an account with the particular social network, such advertising relating to your interests can be displayed on all devices in which you are or were logged in.

Please also remember that we cannot trace all the processing sequences on social media portals. Depending on the provider, operators of social media portals may therefore be able to carry out further processing. You can find details of such processing in the terms of use and data protection provisions of each social media portal. We have provided the corresponding links in our comments on each provider below.

We have no control over the length of time for which your data are stored by operators of social media portals for their own purposes. For details, please refer again directly to the operators (e.g. in their data privacy policy, see below).

1. Controllers

As operators of social media websites, we are joint controllers with the relevant network operators

  • Instagram: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland
  • LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

as defined by Art. 4 No. 7 of the General Data Protection Regulation (GDPR).

As joint controllers of these sites, we have reached agreements with the network operators which, among other things, also govern the terms and conditions for using websites and similar offerings. These include duties to inform data subjects, obligations regarding data security and requirements to report data protection breaches. 

The following agreements are definitive in each case:
Instagram: Data processing Meta
LinkedIn:Data processing agreement LinkedIn

When an individual visits our social media websites, the personal data of the website visitor are processed by the controllers as follows.

2. Insights, analyses and cookies

In operating our Instagram presence, we use the Instagram insights function to obtain anonymized statistical data on visitors to our Instagram profile. You can obtain information on these insights and Instagram sites in Meta’s data protection policies. 

When you visit our own and other Instagram accounts, Instagram will also deploy cookies and other storage technologies. You can obtain further information in Meta’s Data Privacy Policy.

When running our LinkedIn presence, we make use of LinkedIn Page Analytics. In this way, we can obtain information on the use of our content. You can obtain more detailed information on data protection on the LinkedIn platform in LinkedIn’s Data Privacy Policy.

3. Purposes of the processing

The information generated gives us insights into the typical profile and conduct of visitors to our social media sites, thus enabling us to align our offering with your interests. This information is only provided to us in aggregated and anonymized form. We have no access to the underlying personal data in each case.

We also use our social media presence to enter into a dialog with interested users. In this context, we may obtain further information, e.g. due to users’ comments, private messages or because you follow us or share our content. Such data are processed purely for the purpose of communicating and interacting with you.

4. Legal basis

We operate our social media presence to present ourselves to interested parties and to communicate with them. Personal data are therefore processed on the basis of Art. 6 (1) Sentence 1 (f) GDPR to safeguard our legitimate interests.

5. Transfer of data

In the case of Instagram and LinkedIn, there is a possibility that some of the information captured will also be processed outside the European Union in the USA.

If the European Commission has decided that the third country ensures an adequate level of protection (cf. Art. 45 (3) GDPR), no additional steps are required for the transfer of data. If data are transferred to recipients based in the USA, such a transfer will be performed on the basis of the Transatlantic Data Privacy Framework (DPF) dated 07/10/2023 provided the recipient possesses the requisite certification. A list of currently certified companies can be called up here. In other cases and in the case of data transfers to other, unsafe third countries, data will only be transferred if the conditions of Art. 46 ff. GDPR are met.

The social media platforms used here are headquartered in the USA and are certified accordingly. An adequate level of protection, comparable with that of the GDPR, can therefore be assumed.

6. Data subjects’ rights

Every data subject has the right of access pursuant to Art. 15 GDPR. If we are to process your personal data, you have a right to rectification under Article 16 GDPR, a right to erasure under Article 17 GDPR, a right to restrict processing under Article 18 GDPR, a right of objection under Article 21 GDPR as well as a right to data portability under Article 20 GDPR. The restrictions defined in Secs. 34 and 35 of the Federal Data Protection Act (BDSG) apply to the right of access and right of erasure. In addition, there is a right of complaint to the responsible data protection supervisory authority (Art. 77 GDPR in conjunction with Sec. 19 BDSG).

If you have given your consent to the data processing, you can revoke this consent at any time by the same means you used to give your consent. Revocation of consent will not affect the lawfulness of the data already processed on the basis of such consent.

According to the agreements, the network operators are the first point of contact in safeguarding data subjects’ rights. As providers of the social network, they have the opportunity to access the required information and can thus take the necessary steps and provide you with information. Should you nevertheless require our support, we can also be contacted. You can find our contact details at the end of this data protection policy.

7. Right of objection

You have the right to object to the processing of your personal data carried out on the basis of Art. 6 (1) (e) GDPR (data processing in the public interest) and Art. 6 (1) (f) GDPR (data processing on the basis of the balance of interests) for reasons arising from your particular situation.

In particular, you have the following opportunities to lodge an objection:

Instagram: Instagram users can control the extent to which their user behavior may be registered when visiting our Instagram profile under Settings for advertising preferences

Instagram settings or the form provided by Instagram setting out your right of objection offer further options for lodging an objection.

LinkedIn: You can object to the processing of LinkedIn here. Further settings can be adjusted via the objection form.

Please refer to our Data protection information for comments on social media plug-ins on the website of Salgitter Flachstahl GmbH.


Our website contains links to other websites in some places. We take all reasonable care to check these links. The company is not responsible for the content of linked pages or for ensuring data privacy on these pages. You can find further information about the social media presences accessible from our site by clicking here.

SSL encryption

For security reasons and in order to safeguard the transmission of confidential data you send to us, this website uses SSL encryption. You can recognize an encrypted connection by your browser’s address bar, which changes from “http://” to “https://” and displays a lock symbol.

When SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Further information according to the General Data Protection Regulations (GDPR)

Deletion and storage periods of data

If we have stored personal-related data of you, we will only process this data for the time period required to serve the purpose it was stored for or for the time period required by law.

If the storage purpose ceases to exist or if the storage period required by law expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

Logfiles are deleted according to provider specifications:

  • The access logs of the Web servers capture, which page views took place at which time. They contain the following data: IP, directory protection user, date, time, pages viewed, protocols, status code, data volume, referer, user agent, host name viewed.
  • The IP addresses are stored anonymously. The last three digits are removed, i.e. becomes 127.0.0.*. IPv6 addresses are also anonymized. The anonymous IP addresses are kept for 60 days. Information about the directory protection user used is anonymized after one day.  
  • Error logs, which log incorrect page views, are deleted after seven days. Those include, in addition to error messages, the IP address accessing the page and, depending on the error, the website accessed. 
  • Access via FTP is logged with anonymous information on user name and IP address and stored for 60 days. 
  • The mail logs for sending e-mails from the web environment are anonymized after one day and then kept for 60 days. During anonymization, all data concerning the sender/recipient etc. is removed. Only the data at the time of sending and the information on how the e-mail was processed (queue ID or not sent) are retained.
  • Mail logs for sending via our mail server are deleted after four weeks. The longer retention period is necessary to ensure the functionality of the mail services and to combat spam.
  • It is not possible to individually define the storage period.

A storage going beyond this is exceptionally possible. In this case, however, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

Your data from the input mask of the contact form will be deleted when the respective conversation with you has ended. The conversation is terminated when it can be seen from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process (e.g. IP address) will also be deleted according to the aforementioned provider specifications.

Categories of recipient

Within Salzgitter AG, access to your data is only afforded to people and departments that require access to perform their duties within Salzgitter AG, to pursue our legitimate interests or to fulfill contractual and legal obligations.

To enable us to offer you the best possible service and remain competitive, we also exchange data with other allied companies of Salzgitter AG where necessary to pursue our legitimate interests, provided that your interests or your basic rights or freedoms do not outweigh our interest. Whenever we exchange information with allied companies, we guarantee that data is transmitted in accordance with data privacy requirements and that your personal data is protected.

As a fundamental rule, if you provide your personal data to us, we will not pass this data on to third parties. Such data will only be disclosed

  • in order to fulfill legal obligations to authorized authorities,
  • in accordance with consent you provided and
  • to IT service providers, e.g. in relation to administration and hosting of our website.

Data transfer to third countries

Data is only transferred to countries outside of the EU or the EEA (so-called third countries) insofar as this is stated in the present data privacy statement, is necessary to perform contracts, or is legally required, or in the case you have given us your consent to do so.

Rights of data subjects

All data subjects have a right of access in accordance with Art. 15 GDPR. If we process your personal data, you have the right of rectification in accordance with Art. 16 GDPR, the right to erasure in accordance with Art. 17 GDPR, the right to restrict the processing in accordance with Art. 18 GDPR, the right to object pursuant to Art. 21 GDPR and the right of data portability pursuant to Art. 20 GDPR. Restrictions to the right of access and the right to erasure apply pursuant to Sections 34 and 35 of the German Federal Data Protection Act (BDSG). Furthermore, data subjects have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).

If you have given us consent to process your personal data, you can also revoke this consent at any time by the same method you first provided it. You can revoke your consent without completing a form, e.g. by emailing datenschutz.holding(at) or by sending a message to the contact address listed above. Revoking your consent does not affect the legality of the processing performed on the basis of your previously issued consent.

Right to object to data processing

Pursuant to Art. 21 para. 1 GDPR, you have the right to object at any time to the processing of your personal data performed on the basis of Art. 6 para. 1 lit. f) GDPR (data processing for the purposes of legitimate interests).

If you do raise an objection, we will no longer process your personal data for the purposes to which you have objected, unless

  • we can demonstrate overriding legitimate grounds that outweigh the interests, rights and freedoms of the data subject, or
  • the processing serves to assert, exercise or defend legal claims.

In the case that the objection only or also relates to data processing for the purpose of direct marketing, we will no longer process your personal data for this purpose.

You can raise an objection without completing a form, e.g. by emailing datenschutz.holding(at) or by sending a message to the contact address listed above.

Legal basis for processing

Personal data processing relating to the use of contact forms is performed on the basis of Art. 6 para. 1 lit. b) GDPR, provided that the purpose of making contact serves to fulfill a contract or perform pre-contractual measures.

If our company is subject to a legal obligation which necessitates the processing of personal data, this processing is based on Art. 6 para. 1 lit. c) GDPR.

If we obtain your consent for personal data processing operations, this consent serves as the legal basis for processing pursuant to Art. 6 para. 1 lit. a) GDPR.

Furthermore, processing operations can be performed on the basis of Art. 6 para. 1 lit. f) GDPR, whereby processing is necessary to pursue a legitimate interest held either by our company or a third party, provided that the data subject’s interests, basic rights, or basic freedoms do not override our interest.

We use server log files, cookies, web fonts, Mapbox, embedded YouTube videos and web analysis tools so that you can use all of our website’s functions to their full extent and in order to structure and optimize our website in accordance with its users’ requirements. If you contact us via our contact form or using the functions in our Career blog, we will use your data for the purpose of interacting with you and for corporate communications.

Obligation to provide personal data

As a fundamental rule, there is no obligation to provide personal data when visiting our website. Contractual regulations may provide otherwise. If the specified personal data is not provided, in some circumstances, it may not be possible to achieve the individual described purposes.

No automated decision-making

We do not use fully automated decision-making within the meaning of Art. 22 GDPR.

Amendments to the data privacy statement

As the internet continues to develop, it will be necessary to make periodic amendments to the data privacy statement. Reviewing the data privacy statement at regular intervals will give you the opportunity to stay apprised of amendments.

Additional data protection information

For additional information concerning data protection for our business partners and their contacts according to the General Data Protection Regulations (GDPR), please click here.