Data Protection

Dear website visitors,

Respect for you and your data is a prime concern for us. Accordingly, when processing your data through this website/web server, we endeavor at all times to render this data processing as fair and transparent as possible for you.

Because of this respect for you and your data, we make a point of incorporating as few external services as possible in our website – services that other providers use to inform themselves about your visit. This is because we also see your visit to our website as something that you might prefer to keep for yourself or just between us …

To give you an idea of how data is processed on this website, the following information explains, among other things, which data relating to your visit or your activities on the website are received and stored. We also want to inform you how and for what purposes we process your data. Finally, we want to inform you about your rights and to share other information about our website that may be of interest to you.

Should you have any questions about any part of our explanation, we would be delighted to answer them.

The following information is based on the statutory requirements of article 13 of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”). 


1. Name of and contact details for the data controller and the company data protection officer

Responsibility for operating this website lies with:


You will find further information on our company, on its authorised representatives and further contact details in the credits of our website.

We have appointed a Data Protection Officer whom you can contact at any time with any questions regarding REAL ALLOY data protection by sending an e-mail to


2. Processing your data (purpose of usage)

In simple terms, your website visit is a communication between you (or your browser) and our web server. As with any communication, such a visit involves exchanging data – or rather, new data (known as “meta data”) are created about the circumstances of the communication.

As you are the participant in this communication, all of these data can theoretically be traced more or less directly to you and therefore constitute “personal data” – this means that we have to adhere to the data protection requirements that apply in this case.

As these data affect you more or less directly, the following information will tell you which data we (or our server) receive from you and for which purposes we process them. 

a) When visiting our website

When you call up our website,, your browser automatically sends data to our website’s web server, which you cannot prevent. The following data are stored (temporarily) by our server in a “log file” until they are automatically deleted:

The “IP address” allocated to you by an internet provider
The date and time at which our website was accessed
The name and URL of the file called up
The “referrer URL”, i.e. a website from which you may have been directed to our website
The browser you use and, in some cases, your computer’s operating system and the name of your access provider, which in turn can be derived from the IP address.
These data are processed by us for the following purposes:

To ensure a smooth connection for your browser and ease of use for our website
To maintain sufficient system security
To be able to trace any attacks and carry out legal proceedings, etc.
For other, purely administrative purposes.
The legal basis for processing your data for these purposes is Art. 6(1) page 1 c) GDPR. This is because, when we operate a website like this one, we are legally obliged to guarantee its security and the data described above are an integral part of this.

In addition, our interest in guaranteeing a sufficiently secure and stable website can be said to correspond with your interest in being able to use our website securely and without any problems. 

We would like to make it clear that we do not process these data for any purposes other than those outlined above. And, in particular, that these data are not used for marketing or similar purposes. In this connection, we comply with the strictly defined purpose under data protection law. 

In order to comply with the storage limitation requirements defined under GDPR and to pursue the purposes set out above, we do not store the data for longer than necessary. Once this time has elapsed, the data are deleted automatically. We delete the data automatically after 30 days.


Our website uses the service Navicus for presenting job vacancies in our company (e.g. This service allows us to present the vacancies available worldwide in our Group conveniently. The service and its server are hosted in the USA. This means that, when the above address is called up, your browser sends your IP address and possibly other information to the USA.

Using this service allows us to show you directly which jobs are available in our company worldwide. Accordingly, using this service can also said to be in your interest and therefore to constitute legitimate grounds in accordance with Art. 6(1) page 1 f) GDPR.


3. Recipients of your data that we process with this website

As indicated under 1.), it is a prime concern for us not to reveal data from your visit to any external third parties unless:

You give your consent to this
We are legally required to do so
It is technically implied
As indicated above, jQuery receives certain data from you through the integration of its web services.

As also indicated, service provider ATS may also receive your data.

When operating our servers and website, we enlist the assistance of qualified partners from Germany. This means that, for technical reasons, these partners are also able to access the data defined in this agreement. Access is limited to what is absolutely necessary and is subject to GDPR and the data protection obligation is contractually regulated throughout the organisation.

However, through appropriate contractual regulations and organisational measures, we have ensured that this only takes place to the extent required and for purposes that constitute legitimate legal grounds.

In addition, we wish to state quite clearly that there may always be people/organisations who can intercept communication in the internet or via e-mail and that we have no influence on this. Nonetheless, we have endeavoured to prevent this (unauthorised) access as effectively as possible by using an encrypted connection (see also point 7 of this declaration).


4. Cookies

Cookies are small files that are downloaded automatically by your browser and stored on your terminal device (laptop, tablet, smartphone, etc.) for a certain period of time. Cookies store information about the end device (computer, smartphone, etc.) that you used to visit the website.

As indicated above, we do not use any external services, which in turn means that we also do not use any third-party cookies through which you can be tracked online.

As well as this, in the interests of protecting your privacy as much as possible while you visit our website, we ourselves do not use any persistent (permanent) cookies either.

In order to make the time that you spend on our website as agreeable as possible, we use “session cookies” that store certain data from your browser, rendering you “identifiable” during your visit to our website. However, these cookies are automatically deleted as soon you end your visit or close your browser. Our interest in this regard results from Art. 6(1) page 1 f) GDPR and ties in with your interest in our website being easy to use.

Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies can be stored on your computer or so that a message appears before a new cookie is created. It is also possible to delete cookies manually or to configure your browser so that it deletes cookies on being closed. However, deleting our cookies means that your browser forgets certain things, which in turn means, for example, that the campaign window is shown again at your next visit.


5. Your rights as a “person affected”

Given that, as indicated above, we process “your” data with your visit, you are granted specific rights by law in this connection insofar as these are not limited or excluded by other laws. This applies in particular to the right:

To request, in accordance with Art. 15 GDPR, information on the personal data of yours being processed by us;
To request, in accordance with Art. 16 GDPR, that any incorrect or incomplete personal data of yours that are stored with us be corrected without delay;
To request, in accordance with Art. 17 GDPR, that any personal data of yours that are stored with us be deleted;
To request, in accordance with Art. 18 GDPR, that the processing of any personal data of yours be limited;
To request, in accordance with Art. 20 GDPR, that your personal data provided to us be made available to you or another authorised party in a structured, standard and machine-readable format;
To revoke, in accordance with Art. 7(3) GDPR, the consent that you previously provided to us, at any time. However, this revocation applies only to future data processing. This shall not affect the legality of the processing undertaken on this legal basis;
To lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. For this purpose, you can generally contact the supervisory authority in your usual place of residence or work or that of our company headquarters. The supervisory authority responsible for data protection in our company is:
The Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW) 
Postfach 20 04 44, 
40102 Düsseldorf, Germany


6. Right of objection

Insofar as your personal data are processed based on legitimate interests as defined under Article 6(1) page 1 f) GDPR, you have the right – in accordance with Art. 21 GDPR – to object to your personal data being processed, provided that there are grounds for this pertaining to your special circumstances or that the objection is geared towards direct advertising. In the latter case, you have a general right to objection that is implemented by us without special circumstances being indicated.

Should you wish to exercise your right of revocation or objection, all you need to do is send an e-mail to


7. Data security

As indicated at the outset, it is a prime concern for us to protect you and your data as effectively as possible. For this reason, we have taken extensive measures for protecting your data as effectively as possible from unauthorised access.

For instance, we have developed a “referrer policy” that prevents external providers from identifying which website you are currently visiting or that you have arrived at the website in question via the REAL ALLOY website.

To avoid external third parties “listening in” on communication, we use for our website the established SSL (Secure Socket Layer) procedure in connection with the highest encryption level supported by your browser, usually 256-bit encryption. You can see that communication with our website is encrypted by the closed key/lock symbol that is usually found on the lower status bar of your browser.

In addition, we use what we deem to be suitable technical and organisational security measures to protect your data from accidental or intentional manipulations, partial or complete loss, destruction or access by unauthorised third parties. Our security measures are tested and improved on an ongoing basis in keeping with technological progress.


8. Currentness of and modifications to this data protection notice

This data protection notice is currently valid and was last amended in May 2020.

However, it may become necessary to modify this data protection notice owing to enhancements to our website or to new legal or regulatory requirements.

Any changes to the data protection notice will be communicated on a prominent position on our website. As well as this, any changes in the new data protection notice will be highlighted.

The currently valid data protection notice can be called up online and printed out at any time on our website at