Legal Notes

Data Protection

thyssenkrupp Infrastructure appreciates your interest in our companies and their products. We take the protection of your privacy when using our websites very seriously. In the following we are pleased to inform you about the collection of anonymous and personal data.

Anonymous data collection

In general, you can visit the websites of thyssenkrupp Infrastructure on an anonymous basis, i.e. without informing us of who you are. When you visit our website, our web servers in Germany save as standard the IP address of your internet service provider via which you access our website, the site from which you access our site and the files you access from us, as well as the date of your visit and general information about your browser. These data are only analysed in anonymized form for statistical purposes.

This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website is generally transmitted to and stored on Google servers in the United States. Within EU Member States or in other member states of the European Economic Area, Google will shorten your IP address before transmitting it if IP anonymization is activated on this website. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services for the website operator relating to website activity and internet usage. Google will not associate your browser's IP address, transmitted for Google Analytics purposes, with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you can prevent the collection of data generated by the cookie about your use of the website (including your IP address) and its processing by Google by downloading and installing the browser plug-in provided under the following link: http://tools.google.com/dlpage/gaoptout?hl=en

Cookies

We use cookies only to make our sites easier for you to use. Personal data may be saved in cookies on individual pages if you have expressly agreed to this in advance in order e.g. to save you from having to re-enter access data. You can in principle also access all information on our websites if you have deactivated cookies in your internet browser. However, if you reject cookies, the functionality of our offerings may be restricted.

Collection and processing of personal data

We save and process personal data only if you provide us with this information voluntarily, e.g. by completing a contact form or registering for personalized services. You will be informed of the intended purpose on the corresponding sites and, if necessary, asked for your consent to the saving and processing of the data. Data will only be forwarded to service providers connected with us e.g. in order to send requested written information to you. All service providers are of course obligated to maintain data secrecy and confidentiality. If you visit our career websites and make use of services offered there or complete an online application, your data may also be passed on to other companies of the thyssenkrupp Group. No data will be passed on to other third parties. In general, your data will be encrypted before transfer and processing to protect them from unauthorized access.

Rights of persons concerned

On request, we will naturally inform you in writing whether we have stored personal data about you and, if so, which data. Your rights to notification, correction, blocking and deletion expressly stated in the Information Technology Act will be observed. You can also view your data yourself and amend or delete them if necessary in our applicant portal or certain other websites e.g. for the newsletter/reminder. You can retract your consent to the saving of your personal data given on the relevant page at any time by sending us a brief notification.

Other information

As a global company, thyssenkrupp AG operates a number of websites worldwide. All information which you send to one of our websites in any country can be transferred electronically to a server for one of these sites in another country. This information may be used, saved or processed in a country other than the one in which it was entered. Your personal data will be saved and processed in accordance with the data protection provisions of the Information Technology Act.

Questions and suggestions on data protection

If you have any questions or suggestions on the subject of data protection, please contact our Group data protection officer at thyssenkrupp AG, 45143 Essen, Germany or e-mail: datenschutzbeauftragter@thyssenkrupp.com.

Copyrights

Copyright 2018 thyssenkrupp AG. All rights reserved. The content including pictures and the design of the thyssenkrupp Infrastructure website are subject to copyright protection and other laws for the protection of intellectual property. No dissemination or alteration of the content of these pages or of the frames or similar measures are permitted. Moreover, these contents may not be copied, disseminated, modified or made available to third parties for commercial purposes.

Liability

The information that thyssenkrupp Infrastructure presents to you on this website is compiled and updated periodically. It is impossible to guarantee freedom from all errors. For this reason, thyssenkrupp Australia disclaims and excludes all liability or warranty with regard to the accuracy, completeness and up-to-dateness of the information provided on this website. There is no warranty of merchantability, no warranty of fitness for a particular use, and no other warranty of any kind, express or implied, regarding the information or any aspect of this website.

This website provides links to other websites. thyssenkrupp Infrastructure disclaims all liability and warranty with respect to any information obtained from and your interaction with any website that you reach by means of a link from this website. These websites are operated by separate companies. thyssenkrupp Infrastructure is also not responsible for the data protection precautions of the operators of such websites. thyssenkrupp Infrastructure urges you to check the privacy policy, terms and conditions disclaimers on such websites before using such websites.

In no event will thyssenkrupp Infrastructure or other companies mentioned at this site be liable for any damages whatsoever arising out of the use, inability to use, or the results of use of this site, any websites linked to this site, or the content contained at any or all such sites, including but not limited to damages to computer system, data or any personal objects resulting from the downloading of material and/or data from this website or from websites reached by links from this website.

thyssenkrupp Infrastructure reserves the right to undertake alterations or additions to the information or data provided at all times without further notice. Insofar as our Internet pages contain forward-looking statements, these statements are based on opinions and estimations of thyssenkrupp Australia Management and are subject to risks and uncertainties. thyssenkrupp Infrastructure is not obliged to update such forward-looking statements. All liability for such statements is expressly excluded.

Trademarks

Unless otherwise indicated, all trademarks used on thyssenkrupp Infrastructure Internet pages are protected by trademark law. The same applies to company logos and signs.

Licensing rights

The intellectual property contained on this website is legally protected through patents, trademarks and copyrights. This website does not grant any license to use the intellectual property owned by companies of the thyssenkrupp Infrastructure. Duplication, dissemination, reproduction and further transmission and other use are prohibited without the written consent of thyssenkrupp Infrastructure.

Agreements to terms

Use of this website shall constitute acceptance of the Legal Notes (under the Legal Notes link at the bottom right foot of this page) (“the Agreement”), and the interpretation of this Disclaimer shall be governed by and construed in accordance with the laws of Australia, without regard to conflict of law provisions. Any dispute arising out of the Agreement shall be resolved in the courts in Australia. Through your continued use of this website, you agree to submit to the jurisdiction of the courts of Australia. thyssenkrupp Infrastructure and you agree that service of process may be made by electronic mail to your electronic mail address that was used when accessing this website.

thyssenkrupp Infrastructure may change this Disclaimer at any time without notice to you and without liability to you or any other party. It is your responsibility to periodically check this Disclaimer for changes. If you do not agree to any changes made to the Disclaimer, you should cease use of this website. Continued use of this website signifies acceptance of any changes made to the Disclaimer.

Information for Business Partners

Information about the processing of personal data in the context of business relationships with customers, suppliers and other business contacts

1. What information does this document contain for you?

The thyssenkrupp Infrastructure GmbH ("We") is in a business relationship with you or your employer/client, e.g. the initiation or execution of a contractual relationship as part of our business activities.

We make sure that we comply with the requirements of the applicable Data Protection Acts. Below is a detailed overview of how we handle your data and your rights.

2. Who is responsible for the data processing and who is the data protection officer (DPO)?

The controller for the data processing is

thyssenkrupp Infrastructure GmbH
Hollestr. 7A, 45127 Essen
Telephone: +49 201844563861
Fax: +49 201844563974
Email: info.tkinfrastructure@thyssenkrupp.com

Our data protection officer can be reached at Data protection officer

thyssenkrupp Infrastructure GmbH
Hollestr. 7A, 45127 Essen
Email: gdpr.tkinfrastructure@thyssenkrupp.com

3. Which data categories do we process and where do they come from?

We process personal data that you provide to us as part of the business relationship. If our business relationship is with your employer or client, we also collect the personal data from you or your employer or client. This includes the following data or categories of data:

• Master data (e.g. name and salutation, title, job title/description)
• Contact details (e.g. telephone number, fax number, email address, address)
• Communication data (e.g. content of personal, telephone or written communication)
• Payment data (e.g. payment history, information on payment history, creditworthiness)

Moreover, we process the following categories of personal data that we generate inde-pendently:

• Master data (e.g. customer number)
• Contract data (e.g. contract ID, contract history)
• Communication data (e.g. consulting protocols)

4. For what purposes and on what legal basis is data processed?

We process your data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and all other applicable laws.

We primarily process personal data for the fulfillment of contractual obligations (Article 6 paragraph 1 lit. b GDPR), more precisely for the purpose of initiating, executing or fulfilling a contract. This includes, for example, placing orders, internal sales, shipping and payment of merchandise or contract negotiations.

Unless you are not yourself a contracting party (for example, you are an employee of a business partner), processing for the same purposes takes place as a legitimate interest in accordance with Article 6 paragraph 1 lit. f GDPR. With your employer/client, we are in the initiation or execution phase of a contractual relationship as part of our business activities. We are processing your personal data due to your activity for your employer/client.

If necessary, we also process personal data to fulfill statutory requirements (Article 6 para-graph 1 lit. c GDPR) for the following purposes:

• Preservation of statutory storage requirements
• Preservation of legal reporting obligations

Furthermore, we process personal data in order to safeguard the following legitimate inter-ests (Article 6 paragraph 1 lit. f GDPR):

• Maintenance of the business relationship with existing customers
• Organization of events (for example, admission control)
• Asserting legal claims and defense in legal disputes
• Inclusion in our contact database, human relations after business contact (e.g. after leaving your business card)
• Direct marketing to customers or employees of customers (e.g. information about prod-ucts and events, newsletters)

In addition, we potentially process personal data for which we received consent (Article 6 paragraph 1 lit. a GDPR). We will collect them separately and in the following cases:

• Direct marketing to interested parties/other business contacts (e.g. information about products and events, newsletters)

5. Who receives your data?

Your data will be processed within the #company name by the employees involved in the initiation/implementation of the business relationship and the execution of the respective business processes.

Within our group of companies your data will be transmitted to certain companies when they perform centralized data processing tasks for the group's affiliated companies (e.g. centralized contact data management, centralized contract management, file disposal).

In addition, to fulfill our contractual and legal obligations, we sometimes use different exter-nal service providers who are required by data processing agreements to observe data protection laws, Article 4 No. 8 GDPR. These are service providers in the following areas

• IT services
• Logistics
• Marketing
• Legal advice

In addition, we transmit your data to other recipients outside the company who process your data at their own responsibility, Article 4 No. 7 GDPR. For example, this may include the following categories of responsible persons:

• Public institutions due to statutory provisions (e.g. tax authorities)
• Third parties such as credit institutions, credit bureaus - if a transfer of legitimate inter-est is permissible

6. How long will your data be stored?

We process your personal data as long as it is necessary for the above referenced purposes. After completion of the business relationship your data will be stored as long as we are legally obligated to do so. This is regularly the result of legal proof and retention obligations, which are regulated in the Commercial Code and the Tax Code. According to these codes, the storage periods are up to ten years. In addition, it may be necessary to retain personal data for the time during which claims can be asserted against us (statutory limitation period of up to thirty years)

7. Are you required to provide your data?

There is no contractual or legal obligation to provide personal data. However, without processing your personal data, we are not in a position to carry out the necessary pre-con-tractual measures or execute the contractual relationship with you or your employer/client.

8. Which data protection rights can you claim as the person affected?

You have the right to request information about the data stored about you, Art. 15 GDPR. In addition, you may request the rectification or erasure of your data, Art. 16, 17 GDPR. You may also be entitled to restrict the processing of your data and a right to release the data you provided in a structured, common, machine-readable format, provided this does not affect the rights and freedoms of others, Art. 18, 20 GDPR.

If you have given us consent to the processing of your personal data, you can revoke this consent at any time. The legality of the processing carried out based on the consent until the revocation remains unaffected.

To exercise your rights, please contact the responsible body or data protection officer listed under section 2.

In addition, you have a right of objection, which is explained in more detail at the end of this privacy policy.

You also have the option to file a complaint with a data protection authority, Art. 77 GDPR. The right of appeal is without prejudice to any other administrative or judicial remedy. The data protection authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Deutschland

30. August 2018

Information about your right of objection according to Art. 21 of the General Data Protection Regulation (GDPR)

"For reasons that arise from your particular situation, you have the right to object to the processing of your personal data at any time pursuant to Article 6 para. 1 f of the GDPR (data processing on the basis of a balance of interests); this also applies to any profiling based on this provision as defined in Article 4 No. 4 GDPR.

If you file your objection, we will no longer process your personal data unless we can estab¬lish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.

In individual cases, we may also process your personal data in order to generate direct mail. You have the right to object to the processing of your personal data used for such advertising at any time; this also applies to profiling insofar as it is associated with such direct mail advertising.

If you object to the processing for direct marketing, we will no longer process your personal data for these purposes.

The objection can be informal and should ideally be addressed with the responsible body or data protection officer listed in the privacy statement under section 2."

Terms and Conditions