The Sustainable STEEL Principles Association – Privacy Notice

We want to make sure you understand what personal information we may collect about you when you interact with the Sustainable STEEL Principles Association (the Association, we, us and our), how we use your personal information, and how we keep it safe.
This privacy notice explains:

  • how we obtain your personal information;
  • what personal information we collect about you;
  • how we use your personal information;
  • on what basis we use your personal information;
  • how long we keep your personal information;
  • with whom we share your personal information;
  • how we protect your personal information; and
  • your rights regarding your personal information.

We may change this privacy notice from time to time. We encourage you to review this privacy notice periodically. If you have any questions, feel free to get in touch via one of the methods set out in the Contact Us section below.

How do we obtain your personal information?

We gather information about you when you or your employing organisation provides it to us, or interacts with us directly, for example, when:

  • you or your employing organisation submits a signatory application form that contains your details,
  • listing you as one of your organisation’s intended points of contact with the Association;
  • you or your employing organisation submits through the Association’s website;
  • you or your employing organisation emails or calls us with any questions.

What personal information do we collect about you?

The personal information that we process includes:

  • your basic information – such as name, personal title;
  • contact information – such as email address, phone number(s), role, office address, including all information provided in your signatory application;
  • Other information you provide to us – such as information you provide in your email communications with the Association or submissions through the Association’s website.

How do we use your personal information?

We use your personal information for the following purposes:

  • to contact and provide you with information relating to the administration and management of the Association, including to contact you in relation to any meetings that are convened;
  • to assist with coordinating the signatories of the Association; and
  • to otherwise operate the Association, including to comply with applicable laws, rules, regulations, guidance, codes and industry and professional rules and regulations.

On what basis do we use your personal information?

Data protection law sets out a number of different bases on which we may rely to collect and use your
personal information. We use your personal information for the following reasons:

  • For our legitimate business purposes. We may use your personal information to help us to operate the Association, including:
    • to provide information to other participating signatories of the Association; and
    • to schedule meetings with representatives of other signatories of the Association.
  • To comply with legal and regulatory obligations.
  • Because you have given your consent. At times we may ask for your consent to allow us to use your personal information for one or more purposes.

How long will we keep your personal information?

We will always keep your personal information for the period required by law. We will also keep your personal information where we need to do so in connection with legal action or an investigation involving the Association.
Otherwise, we keep your personal information:

  • for as long as needed to provide you with access to services you have requested;
  • where you have contacted us with a question or request, for as long as necessary to allow us to respond your question or request; or
  • for as long as it is necessary and relevant for the administration and management of the Association.

With whom do we share your personal information?

We may share certain of your personal information with:

  • other participating organisations that are signatories with the Association; and
  • industry, regulatory or legal authorities where we receive a request for information.

Transfers of your personal information outside of your home country

Your personal information may be processed by the Association anywhere in the world, including in countries where data privacy laws may not be equivalent to, or as protective as, the laws in your home country. These countries include but are not limited to the United Kingdom, the United States of America, the Netherlands, France, Italy, Spain, Germany, other EU Member States, India and Japan.
We will implement appropriate measures to ensure that your personal information remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws. These measures include a variety of security measures and technologies to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction.
The transmission to us of information via the internet or a mobile phone network connection may not be
completely secure and any transmission is at your own risk.

Websites that we do not own or control

From time to time we may provide links to websites or mobile applications that are not owned or controlled by us. This Privacy Notice does not apply to those websites or mobile applications. If you choose to use those websites or mobile applications, please check the legal and privacy statements posted on each website or mobile application you access to understand their privacy practices.

Your rights

Data privacy laws provide you with a number of rights over your personal information.
You may be entitled to:

  • opt out from processing of your personal information for direct marketing purposes;
  • ask us about the processing of your personal information, including to be provided with a copy of your personal information;
  • request the correction and/or deletion of your personal information;
  • request the restriction of the processing of your personal information, or object to that processing;
  • withdraw your consent to the processing of your personal information (where the Association is processing your personal information based on your consent);
  • request receipt or transmission to another organisation, in a machine-readable form, of the personal information that you have provided to the Association; and
  • complain to the UK Information Commissioner’s Office if your privacy rights are violated, or if you have suffered as a result of unlawful processing of your personal information.

Where you are given the option to share your personal information with us, you can always choose not to do so.
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
This could mean that we are unable to perform the actions necessary to achieve the purposes of processing described (see the section ‘How do we use your personal information?’) or that you are unable to make use of the services and products offered by us.

Contact us

If you have questions or requests about the processing of your personal information, or need additional
information, you can contact us at: www.steelprinciples.org.

Data controller

The Sustainable STEEL Principles Association is the controller of your personal information.
This Privacy Notice was last updated in September 2022.