Privacy Notice – CSP

Privacy Notice

Last updated: February 05, 2021.

This privacy notice is intended to reinforce Companhia Siderúrgica do Pecém’s commitment to security and transparency in handling personal data, as provided for in the current personal data protection laws.
The purpose of this page is to provide information about how the CSP collects, uses, shares, stores and protects users’ personal data, as well as the existing alternatives for handling that data.

CSP is the controller of your personal data for all purposes of the LGPD. If CSP appoints third parties to process your data on our behalf, which will always be done with due regard to the total security of your data, we will inform you in this Notice. In any case, we will be responsible for responding to your requests, questions and complaints.

WHAT IS PERSONAL DATA AND SENSITIVE PERSONAL DATA?
Personal data:
It is data that allows to identify a natural person or makes them identifiable, such as identification data, contact data, financial data, navigation data (cookies, IP addresses), among others.

Sensitive personal data:
It is personal information about your racial or ethnic origin, religious belief, political opinion, membership in a union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person.

IMPORTANT
Photos, videos and voice recordings are only considered sensitive data when used for biometric purposes.

HOW DO WE COLLECT AND PROCESS THIS DATA?
The collection and processing of data may vary according to the relationship between the CSP and the data subject.

CSP may collect data about you that is publicly available or that has been made public by you, such as content published in press vehicles – digital or printed -, yearbooks, public profiles on social networks, among others. When applicable, these sources will be used to manage relationships, develop CSP business strategies and respond to your requests, comments and questions.

The data collected through public sources is usually identification data, such as name, profession, age, the company you work for, contact details, photos, among others.

We may also collect information about mentions or interactions with CSP in an online environment, and testimonials about CSP published voluntarily, along with your name and image (photos).

IN WHICH SITUATIONS DO WE COLLECT PERSONAL DATA?
The personal data collected is used to enable services and assistance, such as:
• Ombudsman’s Office
• Access to CSP facilities
• Visiting Program
• Community Relations
• Recruitment and selection processes
• Communication and promotion of the company

Personal data from employees, suppliers and contractors is also collected, and its handling is regulated in specific documents.

Your personal information is necessary so that we can enter you into our systems, according to your relationship with CSP.

IMPORTANT
CSP processes the personal data of minors (people under the age of 18) with the consent of at least one parent or legal guardian, for use in carrying out Community Relations projects or for the Visiting Programs.

WHAT IS THE PURPOSE OF COLLECTING AND PROCESSING PERSONAL DATA?
CSP may collect and process personal data in order to comply with legal obligations applicable to customs areas and for legitimate purposes, specified on their respective platforms.

Most personal information is provided directly by the holders, for reasons such as:

  • Access to CSP facilities
  • Contact during negotiations of partnerships, sponsorships, projects
  • Community Relations Projects
  • Recruitment and selection processes
  • Company Communication and Promotion
  • Browsing our website and applications safely

You can find more information on the purposes and legal bases for collecting and processing this data in the specific terms of each service, available on their respective platforms.

CSP stores evidence of consent when such consent is considered, by applicable privacy laws, to be essential for data processing. Likewise, if consent is revoked, evidence of such revocation is also stored.

HOW DO WE SHARE PERSONAL DATA?
Part of the activities carried out by CSP requires that personal data be shared with suppliers and government authorities. In cases where third parties hired by CSP process your data, rights and duties are established between the parties, aiming to prevent the use of personal data in a different way from that established by CSP and/or that violate the applicable privacy laws.

Your personal data may also be shared with partners located outside Brazil, who may not have the same level of protection of personal data. In such cases, the processing, handling, use and sharing of data will be done in accordance with the applicable legislation, especially the LGPD, and this Privacy Notice, ensuring the security measures provided here.

In addition to the assumptions provided for above, CSP may share personal data with credit protection entities, to prevent fraud situations, and also by court order and/or legal or regulatory determination.

WHAT ARE THE RIGHTS OF HOLDERS IN RELATION TO THEIR PERSONAL DATA?
As the holder of your personal data and sensitive personal data, you can exercise the following rights at any time and free of charge:

  • Processing confirmation: confirmation that data maintained by CSP is being handled
  • Data access: access to your data collected and processed by CSP
  • Data correction: requesting the correction of data containing incomplete, outdated or inaccurate information
  • Anonymization, blocking or deletion: the anonymization, blocking or elimination of unnecessary data, excessive data, or data handled in non-compliance with the provisions of the applicable legislation. This right will be given considering the use of reasonable and available technical means when handling data.
  • Portability: portability of personal data upon express request, in accordance with current regulations. CSP reserves the right to deny portability in case of personal data that could compromise its commercial and industrial secrets.
  • Information on data sharing: information on personal data that is shared by CSP with public and private entities.
  • Revocation of consent: revocation of your consent given to CSP, at any time, upon your express request. Revoking your consent does not automatically delete your personal information from our database, nor does it harm or invalidate acts that have already been performed by CSP.
  • Deletion of personal data: your personal data will be deleted at the end of the purpose for which it was collected and handled, or when you express your desire to revoke your consent. You can request the deletion of your data. Subject to local legal requirements, CSP may retain personal data if it is legally obliged to keep them:
    • For compliance with laws and/or regulations that determine that, or to fulfill a contract with you
    • If it needs the data to establish, exercise or defend legal claims
    • If it needs to keep track of data for public health reasons

You can learn your rights by contacting us through the email dpo@cspecem.com or using the form at the bottom of this page.

WHAT ARE YOUR DUTIES?
You have a responsibility to share true information with CSP. You must protect the confidentiality of your data by not sharing it with third parties or by allowing others to use your data on your behalf.

Your access credentials to CSP systems and portals are personal and non-transferable, and must be kept confidential. Damage caused by the improper sharing of information will be the sole responsibility of the user.

You must read all documents signed with the CSP in full, as they may contain clauses on the collection, handling and sharing of personal data.

HOW DO WE ENSURE DATA SECURITY?
CSP handles and stores the personal data collected in a safe place, seeking continuous improvements in its processes. Personal data will be stored as long as necessary for the fulfillment of the purposes described in this notice.

To ensure the security of personal data, CSP invests in:

  • Controls for accessing stored information, limiting permissions and privileges
  • Security measures appropriate to the risks, such as: against accidental or illegal destruction, accidental loss, alteration, disclosure or unauthorized access
  • Appropriate technical solutions and security measures to ensure the confidentiality, integrity and inviolability of data, such as: antivirus, firewall, network protection, and other technical and process measures minimally compatible with international standards and the use of good market practices

IMPORTANT
CSP is not responsible for security breaches in data holders’ devices, such as computers, cell phones or tablets, or for damage caused by viruses, malware, spyware and other types of software that may affect data holders’ devices or compromise their data due to a failure to protect their devices.

CSP is also not responsible for damages or problems arising from the delay, interruption or blocking of data transmissions on the Internet on data holders’ devices.

CHANGES TO THE PRIVACY NOTICE
Seeking continuous improvement, CSP may change this privacy notice at any time. You must remain aware of the terms of this notice in effect on the date of use, and it should be checked beforehand in future relations with CSP.

 

CONTACT US
According to Law No. 13,709/2018, Companhia Siderúrgica do Pecém (CSP), a legal entity governed by private law, registered with the CNPJ under No. 09.509.535/0001-67, headquartered at Rodovia CE 155, Km 11.5, SN, São Gonçalo do Amarante, Ceará, CEP 62674-000, is considered “Controller” of personal data.

If, after reading this Privacy Notice, you still have questions, or for any reason need to communicate with us for matters involving your personal data, you can contact us by email or form below:
Person in charge (DPO): dpo@cspecem.com