Data protection policy

(hereafter “Data protection policy“)


This Privacy Policy pertains to users (“you” or “your”) residing in the European Economic Area (EEA) who access or use this Website. If you are residing in the United States, please view our US Privacy Policy.

We are pleased that you are visiting our website and thank you for your interest in our company and our services. It is important for us to protect your privacy when you use our website.

As the controller within the meaning of European data protection legislation of the website

(hereafter also “website“),


Aleris Corporation
25825 Science Park Drive, Suite 400
Beachwood, Ohio, 44122


(hereafter also “we“ or “Aleris“)

would like to inform you below about the processing of your personal data and your rights as a data subject when you use the website.

If in individual cases subsidiaries of Aleris Corporation in the EU are the controller within the meaning of European data protection legislation for certain data processing operations, we will notify you accordingly below (see particularly 7 “Online job applications”).

Your personal data are processed solely in line with the statutory data protection provisions of the European Union, in particular the EU General Data Protection Regulation (hereafter “GDPR”), supplemented by the German Federal Data Protection Act (BDSG) as applicable as of 25 May 2018 (hereafter “BDSG”) and other statutory provisions on data protection (known collectively as “data protection legislation”).

If you would like to consult the GDPR yourself, you can find it online at:

This data protection policy applies to the website retrievable from the domain and other Aleris websites which explicitly include the following statements as their data protection policy. However, the following statements do not apply to the websites of other providers, such as those linked to by this website. The terms used, such as “personal data” or their “processing”, correspond to the definitions in Art. 4 GDPR.



  1. Object of data protection, legal foundations and sources
  2. Server logfiles
  3. Communication by email and contact form
  4. Customer log-in
  5. Cookies
  6. a) Absolutely necessary cookies
  7. b) Additional own cookies
  8. c) Cookies from third-party providers
  9. Tracking Tools
  10. Online job applications
  11. Recipients of personal data
  12. Data processing in third countries
  13. Security
  14. Storage period
  15. Your rights
  16. Changes


1. Object of data protection, legal foundations and sources

The object of data protection are personal data. Personal data means any information relating to an identified or identifiable natural person (‘data subject’). Your personal data are therefore all the data that enables you to be identified as a person, such as your name, your address, your telephone number or your email address. Personal data are also the information that is necessarily generated when you use our website, such as beginning, end and scope of use or your IP address.

We only process your data when an applicable legal provision allows it. In particular we base the processing of your data on the following legal foundations:

  • Consent (Art. 6(1)(a) GDPR): We will only process certain data on the basis of your prior specific and freely given consent. You have the right to withdraw your consent with future effect at any time.
  • Performance of a contract or pre-contractual activities (Art. 6(1)(b) GDPR): We need certain data from you to prepare and execute your contract with Aleris.
  • Compliance with a legal obligation (Art. 6(1)(c) GDPR): In addition, we process your personal data to comply with statutory obligations, such as record-keeping obligations under commercial and tax law.
  • Pursuit of legitimate interests (Art. 6(1)(f) GDPR): Aleris will process certain data to protect its interests or those of third parties. This only applies when your interests do not override them in the specific case, however.

Please note that this is not a complete or definitive list of the possible legal grounds; these are only examples intended to make the legal foundations of data protection law more transparent. Further information on the legal foundations of individual data processing activities on our website can be found below.

Your personal data comes particularly from you yourself, partly by your use of our website, from your contact requests and possibly the information you provide ahead of a contractual relationship.


2. Server logfiles

You can visit our website without providing any information about yourself. Your visit to our website may mean that the following access information is stored:

  • IP address of the requesting device,
  • file retrieved,
  • http answer code,
  • the website from which you came to our website (referrer URL),
  • date, time and time zone of the server request,
  • browser type and version,
  • operating system used by the requesting device,
  • search term with which the website was found, by Google for example.

We process these data on the basis of Art. 6(1)(f) GDPR to provide the website, to ensure its technical operation and the security of our IT systems. We do so in the interest of enabling and permanently maintaining the use of our website and its technical functionality. These data are processed automatically when the website is retrieved. Without this processing you cannot use our website. We do not use this data for the purpose of determining your identity.

The automatically collected data are not generally kept for longer than required , unless exceptionally we need them for the above purposes for a longer period. In this case we delete the data without delay when the purpose ceases to apply.

You cannot object to the collection and storage of your server logfiles, since they are absolutely necessary for the smooth operation of the website.


3. Communication by email and contact form

When you contact us by email, your freely provided contact data (e.g. name, email address) are collected, processed and used only for the purpose of recording and possibly answering your enquiry and for technical administration.

Under the “Contact” heading you can also get in touch with us by means of a contact form. If you use this contact form, we collect and store the following data:

  • First name,
  • Surname,
  • Email address,
  • Reason for contact,
  • Message.

You can also voluntarily provide:

  • Academic title,
  • Company,
  • Telephone,
  • Town,
  • Sector

Your browser sends the data you provide to our server, where it is converted into an email and sent to us.

Data transferred in the course of communication by contact form or email is processed on the basis of Art. 6(1)(b) GDPR, if it relates to pre-contractual activity, or of Art. 6(1)(f) GDPR. In the latter case we have a legitimate interest in processing contact enquiries addressed to us voluntarily.

We delete the data you provide as soon as the purpose for which it was collected ceases to exist, subject to compliance with ongoing legally required record-keeping obligations.

To the extent that your data are processed on the basis of legitimate interests, you can object to the storage of your personal data at any time. In this case we will no longer process your data to the extent that we cannot demonstrate a legitimate interest for doing so, and are not otherwise obliged by law to store them. To exercise your right to object to the storage of data, please contact us in writing, by fax or email.

Please note that we cannot guarantee complete data security, however, especially for communication by contact form and email. You should therefore refrain from sending us confidential information, such as bank or credit card details, via these channels. To send confidential information we recommend that you use a secure means of communication, such as the postal service.


4. Customer log-in

We set up direct, password-protected access for all customers who register with us. As a customer you can receive information about our products (e.g. Surplus Stock Lists) here, view any contract details and manage your master/contact data.

Processing takes place for the purpose of providing contractual services and additional customer services on the basis of Art. 6(1)(b) GDPR (performance of a contract to which the data subject is party) or Art. 6(1)(c) to the extent that the storage is to comply with statutory record-keeping obligations. The information designated as obligatory is required to use the customer log-in. You can also provide additional information voluntarily. Your voluntary disclosures are stored on the basis of Art. 6(1)(f) GDPR, since we have a legitimate interest in processing the data you provide voluntarily. You can object to the processing of voluntarily provided data at any time.

With the function “stay logged-in” we would like to make your visit to our website as convenient as possible. This function enables you to use our website without having to log in again every time. For security reasons you are nonetheless asked to enter your password again when you change your personal data or wish to place an order. We recommend that you do not use this function if your device is accessible to more than one user. We should point out that the “stay logged-in” function is not available if you have set your browser so that cookies are deleted automatically after every session or you have otherwise deactivated cookies (see Point 5).


5. Cookies

The website uses cookies and similar technologies such as HTML5 storage (hereafter known collectively as “cookies”) to optimise the design of the website. They facilitate navigation and enable the website to be as user-friendly as possible.

Cookies are small identifiers that our webserver sends to your browser and that your device stores, if the default settings are unchanged. They can be used to determine whether your device has already communicated with us. This means they help to make website use more convenient for you and to optimise our offering. We make a distinction between cookies that are absolutely necessary for technical reasons, those set by our website and those set by third parties. Detailed information on the type, function, purposes, legal grounds and options for objecting to data processing when cookies are used can be found in the following section:

When you use our website we notify you of the use of cookies. You can object to the storage of cookies at any time by selecting “accept no cookies” in your browser settings. Please refer to the help function of your browser for how to manage and delete cookies in your browser settings. You can also deactivate all cookies by means of free browser add-ons, such as “Adblock Plus“ ( in combination with the “EasyPrivacy“ list( or ”Ghostery“ ( If you do not accept any cookies, this may limit the functionality of the website, however.


a) Absolutely necessary cookies

On our website we use the following cookies which are absolutely necessary for the functioning of our website and which we have a legitimate interest in storing, since we could otherwise not provide our website with certain elementary functions.

Description Function/purpose Storage period
isEnabled=true Tracks whether users’s browser can execute Javascript to decide whether to provide the searchable dropdown interface or use a plain HTML dropdown. Session
iFrame Height Stores the iFrame height that was computed to reuse later on when displaying again in iFrame.  Session

Data processing takes place to further our legitimate interests on the basis of Art. 6(1)(f) GDPR. Our legitimate interest is therefore derived from the purposes described.


b) Additional own cookies

Additional own cookies that are not absolutely necessary for the use of the website (also known as “first-party cookies”) perform important tasks. They enable convenient surfing on our website, by completing forms in advance, for example Furthermore they enable us to approach you with individual offers. We use the following additional own cookies on our website.

Description Function/purpose Storage period
Identify a user’s session while interacting with the website.  2 hours

Data processing takes place to further our legitimate interests on the basis of Art. 6(1)(f) GDPR. Our legitimate interest is therefore derived from the purposes described.


c) Cookies from third-party providers

To integrate contents or functions from third-party providers (see the points below) we set cookies from third-party providers (also known as “third-party cookies”), which provide information that you have accessed this website, for example. Please visit the websites of the third-party providers for more information about their use of cookies. We use the following

third-party cookies:

Description Function/purpose Third-party provider Storage period
No user identifiable content is used.
Google Analytics sets a cookie on Portal to monitor user behaviour when interacting with the site, and other aggregate statistics. Google Analytics 2 years (Decided by Google)
Google Authentication Token
Included by Google to store an authentication token to distinguish the user. Google Decided by Google
Cryptographic hash of candidate LinkedIn MemberID
Included by LinkedIn to identify the logged in LinkedIn User. LinkedIn Decided by LinkedIn
Used in some performance metrics it retrieves (if necessary).
New Relic Decided by New Relic

Data processing takes place to further our legitimate interests on the basis of Art. 6(1)(f) GDPR. Our legitimate interest is therefore derived from the purposes described.

Further details and opt-outs from data processing when third-party cookies are used can be found in the following descriptions of the individual functions based on the use of such cookies and similar technologies.



LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.


If you want to use single sign-on, you’ll be redirected to LinkedIn when you log in. There, you will be asked to log in with username and password, unless you are already logged in to LinkedIn. Of course, Aleris does not take note of your login details.


Then you confirm to LinkedIn the transmission of your data to Aleris. The following data is transmitted to Aleris during single sign-on:


  • LinkedIn: First and last name, e-mail address, …


Aleris creates your user account with the submitted data. There is no permanent link between your user account and your LinkedIn account. For login on the website via LinkedIn a LinkedIn-generated unique token (string of letters and numbers) is saved and exchanged with LinkedIn during the login process for secure authentication. The legal basis for the processing of your personal data in this context is in particular Article 6 (1) sentence 1 (f) GDPR, as we have a legitimate interest in facilitating the login process for interested users.


The link from LinkedIn to the website can be removed at any time. You’ll need to delete the connection to “Aleris” in your profile on LinkedIn within the account settings. If you subsequently wish to continue using the website, you may be required to re-register on the website.


The purpose and scope of the data collection, as well as the further processing and use of your data by LinkedIn as well as the related rights and setting options for the protection of your privacy can be found in the privacy policy of LinkedIn ( privacy policy).

New relic

We are using a plug-in of the web analysis service New Relic on this website. This service is provided by New Relic Inc., 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA.


This makes it possible to collect statistical reports on the use and speed of the website. The plug-in gives New Relic among others the information that a user has accessed the corresponding website of the offer. In addition to your IP address, cookie-generated information about your use of our Web site is generally transmitted to and stored on a New Relic server in the United States. Data processing takes place on the basis of our legitimate interests within the meaning of Art. 6 (1) (f) GDPR, namely our interest in the analysis, optimization and economical operation of our online offer.


On our behalf, New Relic will use this information to evaluate your use of the website, to compile reports on website activity, and to provide us with other services related to website activity and internet usage. The purpose and scope of the data collection, as well as information about the processing and use of the data by New Relic can be found in the New Relic privacy policy:


The data will be deleted as soon as they are no longer needed for our recording purposes.


You can prevent the storage and use of cookies by New Relic in the settings of your browser or browser add-ons.


New Relic has obtained EU-US Privacy Shield certification from the U.S. Department of Commerce for compliance with the EU-US Privacy Shield Agreement between the EU and the U.S. on the collection, use and storage of personal information from member states of the EU.

Optionally, you can register with your existing LinkedIn profile by a single sign-on.


6. Tracking Tools

This website uses Google Analytics, a web analytics service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“). Google Analytics uses third-party cookies to identify preferences and how often certain areas of our website are used. The information generated by the cookie about your use of our website (including your abbreviated IP address) is generally sent to a Google Server in the USA and stored there. Data is processed on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR, namely our interest in analysing, optimising and operating our online offering economically. Google is certified under the Privacy Shield and so provides a guarantee of its compliance with European data protection legislation.

Google will use this information on our behalf and on the basis of a data processing agreement to analyse your use of our website, to compile reports on website activities for us and to provide us with other services related to use of the website and the internet.

We only use Google Analytics with activated IP anonymisation. This means that Google will abbreviate users’ IP address within the member states of the European Union (EU) or other signatories of the treaty creating the European Economic Area (EEA). Only in exceptional cases will the full IP address be sent to a Google server in the USA and abbreviated there. The IP address sent by your browser will not be merged with other Google data.

The data are deleted as soon as they are no longer needed for the purpose for which they were recorded. In our case this is generally after 14 months.

You can prevent the storage of cookies for Google Analytics by adjusting your browser settings accordingly or by means of browser add-ons. In addition you can prevent the data generated by the cookie relating to your use of the website (including your IP address) being sent to Google and the processing of this data by Google by downloading and installing the browser plug-in from the link below:

Further information on the use of data by Google, settings and opt-outs can be found on the Google websites under the following links:


7. Online job applications (Career Portal)

You can apply for vacant positions via the Career Portal on our website. Please see our specific privacy policy for the Online Application Portal under (insert the link)

Recipients of personal data

Your personal data are only transferred by us to external recipients to the extent necessary to handle or process your request, you have given us your consent or other lawful authorisation exists.

External recipients may particularly include:

  • Processors: These are service providers that we use to provide services, including in the areas of technical infrastructure and maintenance of our website. Such processors are carefully selected and regularly audited by us to ensure that your privacy is maintained. They may only use the data for the purposes determined by us and on our instructions. Subject to compliance with the conditions of Art. 28 GDPR, we are authorised to use such processors.
  • Public bodies: These are public authorities, state institutions and other public-law entities, such as supervisory authorities, courts of law, public prosecution services or tax authorities. Personal data are only transferred to such public bodies for binding statutory reasons. The legal basis for any such transfer is Art. 6(1)(c) GDPR.
  • Non-public bodies: Other Aleris companies, external service providers and ancillaries to which data are transferred on the basis of a statutory obligation or to further legitimate interests, e.g. tax advisors or auditors. In this case the transfer takes place on the basis of Art. 6(1)(c) and/or (f) GDPR.


Data processing in third countries

To the extent that we transfer your data to third countries outside the EU or EEA, we ensure beforehand either that the recipient has an appropriate level of data protection or that you consent to the data transfer. This does not apply to exceptional cases allowed by law. An appropriate level of data protection is guaranteed, for example, by the recipient’s certification under the EU-US Privacy Shield, by means of standard EU contractual clauses or by binding corporate rules (BCR).


10. Security

We take technical and organisational security measures to protect your personal data against intentional or chance manipulation, loss, destruction or unauthorised access. Our security measures are adapted in line with the current state of technological knowledge.

Your personal data transferred to us when you use our website are transferred securely in encrypted form. We use the encryption protocol Transport Layer Security (TLS), more widely known under its previous name of Secure Sockets Layer (SSL). Our employees have given a commitment to respect data secrecy.


11. Storage period

We only store your personal data for as long as necessary to fulfil its purpose or if you have given your consent, until you withdraw this consent. If you withdraw your consent we will no longer process your personal data, unless we are allowed or even obliged to so by applicable statutory provisions (e.g. by record-keeping obligations under commercial and tax law). We will also delete your personal data when we are obliged by law to do so.

Otherwise, please see the comments in the sections above for details on the retention periods for your personal data.


12. Your rights

You have numerous rights as a data subject. Specifically, these are:

  • Right of access (Art. 15 GDPR): You have the right to information about your personal data stored by us.
  • Right to rectification and erasure (Art. 16 and 17 GDPR): You can require us to rectify incorrect data and erase your data – insofar as the statutory conditions are met.
  • Right to restriction of processing (Art. 18 GDPR): Insofar as the statutory conditions are met, you can require us to restrict the processing of your data.
  • Right to data portability (Art. 20 GDPR): If you have provided us with data on the basis of a contract or consent, you have the right to receive the personal data provided concerning you, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
  • Right to object to data processing based on legitimate interests (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data which is based on point (f) of Article 6(1) GDPR. If you exercise your right to object we will cease processing of your data, unless we can demonstrate compelling legitimate grounds for the processing which override your rights.
  • Opt-out for cookies: You can object to the use of cookies at any time. If you want to opt out from certain cookies, please see our comments under Point 5.
  • Withdrawal of consent (Art. 7 GDPR): If you have consented to the processing of your data, you can withdraw this consent at any time with future effect. This does not affect the validity of the processing of your data until you withdraw consent.
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR). You can also lodge a complaint with the competent supervisory authority if you consider that the processing of your data infringes applicable legislation. You can either approach the supervisory authority responsible for your place of residence or employment or the place of the alleged infringement, or the supervisory authority responsible for us.

If you have any questions about the processing of your personal data, your rights as a data subject and any consent you have granted, we will be happy to answer them. We can be reached by the communications channels mentioned at the beginning of this document.


13. Changes

From time to time it may become necessary to amend this data protection policy. We therefore reserve the right to change it at any time. We will also publish the amended version of the data protection policy in the same place. If you return to our website, you should therefore read the data protection statement again.


As of:                 May 2018