PRIVACY NOTICE

ASSAB Steels (HK) Ltd. (“we”, “our”) care about the privacy of our customers and busines partners, thus, we provide this Privacy Notice to inform our customers and business partners of our policy in relation to the collection, use and disclosure of your personal data in accordance with Personal Data (Privacy) Ordinance (“PDP Ordinance”) and relevant regulations. This Privacy Notice informs you of how we collect, use, or disclose your personal data, what and why we collect, use, or disclose your personal data, how long we hold it, who we disclose it to, your rights, what measures we will take to make sure your personal data stays private and secure, and how you may contact us.

This Privacy Notice applies to:

(1)  Our Customers

 Individual Customers:our past and present customers who are individuals.
Corporate Customers:directors, shareholders, ultimate beneficial owners, employees, guarantors, security providers, and legal representatives of our past and present Corporate Customers and other individuals authorized to act on their behalf. Our Corporate Customers shall ensure that their authorized persons and their relevant individuals have acknowledged our Privacy Notice.

(2) Business Partners

In some other circumstances, we may need to collect, use or disclose your personal data for other business purposes (e.g. suppliers, contractors, professional service providers such as auditors etc.).

1.  Purposes of Personal Data Collection

We will collect, use and disclose your personal data for business, management and administrative purposes in order to ensure that we are able to run the business with you appropriately, effectively, and lawfully in order to fulfil any and all obligations under contracts, perform transactions, provide suitable products and services, respond to orders, queries, requests, improve the quality of our products and services, or pursue other legitimate interests of ours.

You are free to decide whether you will allow us to collect your personal data. However, kindly note that if you decide not to provide your personal data to us, you may not be able to enjoy certain benefits, e.g.  we may have insufficient information to enter into a contract with you or perform our obligations or commitments in some circumstances.

Therefore, we would like to explain the purposes of collecting, using and disclosing your personal data as follows:

  • To know your identity
  • To offer our products and services
  • To deliver the purchased products and/or services, and tax invoice to you
  • To process payment
  • To conduct surveys related to our products and services
  • To improve our website to better serve our users
  • To send communications and advertisements to you
  • To maintain security in our designated areas, e.g., CCTV recording
  • To ensure compliance related to the implications of PDP Ordinance and other relevant laws and regulations
  • To establish, exercise or defend our legal rights or claims as necessary
  • To comply with laws and regulations or lawful requests by public authorities or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities, whether regional or international
  • To pursue or protect our legitimate interests, e.g. to prevent fraud or report potential crimes

2.  Collected Personal Data

For the purposes specified above, we may collect, use and disclose your personal data. The type of personal data collected will depend on the interaction between you and us, including but not limited to the following information:

  • Personal details, such as name, surname, gender, job title.
  • Contact information, such as address, e-mail address, contact number, social media accounts.
  • Office address, office e-mail address, office phone number.
  • Payment information, such as bank account details.
  • Technical information, such as IP address, cookies, accessed devices, location while using our website.
  • Customer satisfaction surveys and feedback as provided by you.
  • Information about you which is obtained from the internet or public domain or persons related to you.
  • Any other information provided by you to us willingly.

3.  Sources of Personal Data

Usually, we will collect your personal data directly from you, but sometimes we may obtain it from other sources; in such cases, we will ensure compliance with the PDP Ordinance. Personal data that we collect from other sources may include but is not limited to:

  • Personal data obtained by us from companies in voestalpine group, business partners and/or any other persons / businesses whom we have business relationships with.
  • Personal data obtained by us from persons related to you (e.g. your family, friends, referees).
  • Personal data obtained by us from corporate customers and business partners where you are the director, authorized person, attorney, representative or contact person.
  • Personal data obtained by us from governmental authorities, regulatory authorities, financial institutions and/or third-party service providers.

In the event that you have given any personal data of any other person to us, for executing transactions with us or any other purposes, you shall notify such person of the details relating to our collection, use and disclosure of personal data and rights in accordance with this Privacy Notice. In addition, you shall obtain consent from such person (if necessary) or rely on any other legal basis to provide personal data to us.

4.  Retention of Personal Data

Your personal data will be retained for as long as it is necessary to satisfy the purposes for which your personal data has been collected. For example, if you have ordered our products and/or services, we would collect personal data related to your transaction and will keep such information for as long as it is necessary to achieve the objective of that particular transaction. If you have subscribed to our newsletter, your personal data will be collected and used until you unsubscribe or notify us in writing that you no longer wish to receive the newsletter.

5.  Consent

We may seek your consent to collect, use and disclose your personal data for the following purposes, which include but are not limited to:

  • Collect and use your specific personal data as necessary.
  • Send or transfer your personal data to another country.

If it is necessary for compliance with the applicable laws, we may process your personal data without your consent. In this regard, we will strictly comply with the relevant laws regarding your personal data.

 6. Disclosure of Personal Data

We may be required to disclose your personal data internally and may need to disclose your personal data to a third party, both within Hong Kong and in other countries which have appropriate personal data protection standards. In this regard, we will provide appropriate contract(s) to protect your personal data.

The types of third parties that may receive your personal data include:

  • Contractual parties who provide services to us, such as data analysis service providers, or marketing agencies.
  • Other agencies who operate or have an agreement with us.
  • Business partners.
  • Professional service providers, including but not limited to our auditors and lawyers.
  • Any third party who has legitimate rights to access your personal data.
  • Our group of companies, including but not limited to our parent company.

7.  Cookies

Our website uses cookies that allow the website to recognize your browser when you visit the website again. Cookies are small text files that the browser stores on your device. This allows the website to be optimally adapted to your interests. If you do not want cookies to be stored on your computer, you can set up your browser to inform you when cookies are set, so that you can decide whether to allow them on a case-by-case basis. You can also deactivate the use of cookies in your browser. Please note that in this case, you will not be able to use all of the website functions to their full extent.

8.  Google Analytics

This website uses Google Analytics, a Google Inc. (Google) web analysis service. Google Analytics uses cookies, which are text files stored on your computer to be able to analyze your use of the website. The information generated by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. We only use Google Analytics with activated IP address anonymization. This means that within the member states of the European Union or in other states parties to the agreement within the European Economic Area, Google truncates your IP address before it is transferred. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the website operator, Google will use this information to evaluate your website use and compile reports on website activity and to provide the website operator other services related to website use and Internet use. The IP address transmitted by your browser during Google analytics will not be combined with other Google data. You can refuse the use of cookies by selecting the appropriate settings on your browser, but note that in this case, you will not be able to use all of the website functions to their fullest extent. You can also prevent Google from collecting and processing the data generated by the cookies based on your website use (including your IP address) by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

For more information on the terms of service and data protection, see:
http://www.google.com/analytics/terms/us.html and https://support.google.com/analytics/answer/6004245?hl=us.

9.  Openstreet Maps

Our website includes Openstreet maps functions. These functions are offered by Openstreet Map Foundation, St. John’s Innovation Centre. Data is also transferred to Openstreet Map. Note that we, as the site provider, do not receive any information about the content of the transferred data or its use by Openstreet Map. For more information, see Openstreet Map’s privacy policy at https://wiki.osmfoundation.org/wiki/Privacy_Policy.

10. Your Rights

As a data subject, you have the following rights:

  • To withdraw consent for the collection, use or disclosure of your personal data.
  • To request access to and obtain a copy of, your personal data or to request the disclosure of the acquisition of your personal data obtained without consent.
  • To request for a copy of your personal data and request for the transfer of personal data to a third party if it can be done automatically.
  • To withdraw your consent to the collection, use or disclosure of your personal data.
  • To request to erase or destroy your personal data, or to anonymize your personal data.
  • To request to restrict the use of your personal data.
  • To request to update or rectify your personal data.

You can exercise your rights by sending an e-mail or a written notice to us. We will process such request in accordance with, and to the extent permitted by, applicable laws.

Please note that we shall retain our rights under the appliable laws to reject your request in certain circumstances. If we decide to reject your request, you will be notified of the reason for such rejection. We will try our best, also with considering technical capabilities, to answer your request on how we process your personal data. However, if you have any unresolved concerns, you may send your complaint to us.

11. Protection of Personal Data

We are committed to protecting your personal data under our security standards and will provide appropriate measures to protect your personal data, in order to ensure that your personal data will be legally and appropriately collected, used or disclosed.

12.  Revisions to Privacy Notice

We reserve the right to revise this Privacy Notice from time to time to ensure compliance with the applicable laws and regulations. Please frequently check to see if there are any updates or changes to our Privacy Notice.

13. Contact Us

If you have any enquiries or would like to exercise your rights or need any help regarding your personal data, please send an e-mail to: pdpo.asc@assab.com.cn and provide us with your personal data, together with evidence to verify your identity. However, we may ask for additional relevant documents or may reject your request if we have received insufficient information.