SSAB’s global Data Privacy Organization supports with any data protection and data privacy related requests or any other questions, concerns, comments or complaints.
SSAB has also nominated a Group Data Protection Officer (DPO) who performs the following tasks:

  • Informs and advises SSAB organization and its employees about obligations pursuant to the EU General Data Protection Regulation (GDPR) and to other Union or Member State data protection provisions in relation to the data processing carried out by SSAB,
  • Monitors compliance with the GDPR and with other Union or Member State data protection provisions and with SSAB’s policies related to the protection of personal data,
  • Takes care of assignment of responsibilities, data protection awareness and training of employees involved in processing operations, and the related audits, and
  • Provides advice on data protection impact assessments and monitoring their performance.

The DPO also co-operates with the supervisory authority and acts as the contact point for the supervisory authority on issues relating to processing, and to consult, where appropriate, regarding any other matter.

SSAB’s Data Privacy Organization and the Group Data Protection Officer (DPO) can be contacted at data . privacy (at) ssab . com.

3. Transfer or disclosure of personal data

SSAB may transfer or disclose individuals' personal data to the following third parties:

  • other SSAB group companies for internal processing;
  • when permitted or required by law to comply with requests by competent public authorities such as subpoenas or similarly binding acts;
  • trusted service providers or SSAB partners, such as suppliers, agents, distributors and marketing service providers. 
  • if SSAB is involved in a merger, acquisition, or sale of all or a portion of its assets; and
  • when SSAB believes in good faith that disclosure is necessary to protect SSAB's rights, protect individuals' safety or the safety of others, investigate fraud, or respond to a government request.

Third parties may act as independent data controllers, or data processors, depending on the case.

4. Transfer of personal data outside of the EU/EEA

4.1 Intra - group transfers

As some SSAB group companies are located outside of the EU/EEA, individuals' personal data may be transferred outside of EU/EEA. In these circumstances, SSAB will use the required established mechanisms for the transfer outside of the EU/EEA, such as the Standard Contractual Clauses approved by the European Commission.

4.2 Service providers and other data recipients located outside of the EU/EEA

SSAB may use service providers for the personal data processing and personal data may be transferred to countries outside of the EU/EEA. SSAB will use the required established mechanisms that allow the transfer of personal data to third countries, such as the Standard Contractual Clauses approved by the European Commission and additional safeguards.

5. Security

SSAB maintains adequate physical, technical and organizational security measures to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, SSAB limits access to this information to authorized employees and contractors who need to know that information in the course of their work or assignment and to third party service providers who may only process data in accordance with instructions provided by SSAB. 

Please be aware that although SSAB endeavors to provide adequate security measures for personal data, no security system can prevent all potential security breaches.

6. Your privacy rights

Based on the applicable data protection laws, you may be entitled to exercise privacy rights in relation to your personal data to which SSAB acts as a data controller. You may have, subject to applicable laws, the right to:

  • receive confirmation on whether your personal data is being processed, and if so, obtain access to that personal data;
  • request correction of any inaccuracies regarding your personal data;
  • request deletion of your personal data;
  • request restriction of processing of your personal data;
  • data portability of your actively provided personal data;
  • object processing of your personal data based on reasons specific to your situation;
  • withdraw your previously given consent for processing your personal data.

Please note that in certain circumstances, local laws and legislations may limit the exercise of specific privacy rights. For exercising your rights, please contact the SSAB’s Data Privacy Organization at data.privacy(at)ssab.com. In addition, you always have the right to approach, make a request or file a complaint to the competent data protection authority.

7. Changes to privacy notices

From time to time, SSAB may amend privacy notices and SSAB recommends you to regularly access them to find about the latest version. Please note that these privacy notices are for information purposes only. When required, SSAB will inform individuals of any substantial changes by using reasonable and available channels.