PRIVACY POLICY
PRIVACY POLICY
PLATFORM USERS
ArcelorMittal Distribution Solutions Europe (hereinafter "we", "our", "ours", "ArcelorMittal", and "Data Controller") considers the protection of personal data of users of its online platform (hereinafter "you", "your", "yours", and "Users") and respect for your privacy to be of utmost importance, and we are committed to giving it special attention.
Thus, this privacy policy (hereinafter the "Policy") is intended to inform you about the processing of your personal data when you use the online services (hereinafter the "Services") offered on the ArcelorMittal Distribution Solutions Europe platform (hereinafter the "Platform").
- WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?
1.1 Data Controller
We, ArcelorMittal Distribution Solutions Europe, act as the Data Controller for your personal data.
1.2 Contacting Us
To contact us or our Data Protection Officer (DPO), please refer to Section 11 of this Policy (How can you contact us?).
- WHAT PERSONAL DATA DO WE COLLECT?
When you use the Platform, we may collect the following categories of personal data about you:
2.1 Personal data that you provide to us:
- any data necessary for your identification on the Platform (e.g., name, first name, email address, postal address, phone number, login data, username, password, tax identification number);
- any personal data contained in the correspondence, including commercial correspondence, that you send to us or to another User of the Platform, if applicable;
- any personal data contained in all your purchases or sales made through our Platform (e.g., payment data, including information about bank accounts and payment cards, and details regarding the shipment and delivery of products purchased on our Platform);
- any personal data related to your location when you have expressly consented to it and for the purposes necessary for the delivery of products;
- if applicable, the reviews you have left to evaluate a sale or purchase made as part of our Services;
- if applicable, your responses to our surveys and satisfaction surveys to determine what you like about our Services and the products available on the Platform;
- if applicable, any personal data contained in any incident reports or assistance requests that you may submit regarding issues you may encounter in the use of our Platform or Services, for example, the subject of your assistance request.
In some cases, the communication of your personal data is mandatory, without which we will not be able to provide you with the services and information you request. For example, if you contact us through the Platform, you will need to provide us with your email address so that we can respond to you.
In any case, we will inform you when the communication of your personal data is mandatory.
Furthermore, if you are required to provide us with personal data of third parties, you undertake to ensure that these individuals have been duly informed of the processing of their personal data in accordance with this Policy and, if required, have given their consent to the processing of their personal data.
2.2 Personal data collected automatically during your use of the Platform
We use cookies, web beacons, and similar technologies to collect personal data as part of your use of our Platform. We collect this data from the devices you use when you use our Platform. The personal data collected automatically includes the following:
- Technical data (e.g. IP address, login and usage data of the Platform, type of browser used, content accessed or viewed, search terms used, download errors, duration of viewing certain pages, advertising identifier of your device, etc.);
- Any personal data related to your use of our Platform (including, as applicable, the number of products published or ordered, your response rate to messages from other Users, the date and time of creation and deletion of your User account, the average ratings you have received or published, etc.).
To learn more about our use of cookies and similar technologies, you can refer to our Cookie Policy accessible here:
- WHY DO WE USE YOUR PERSONAL DATA?
The table below indicates the purposes for which we process your personal data and, for each of them, the legal basis for legitimizing the processing in question. Depending on the circumstances, we rely on different legal bases to process the same personal data for different purposes.
You also have specific rights depending on the applied legal basis. You always have the right to request access, rectification or deletion of your information. We detail them in Section 9 of this Policy (What rights do you have?).
|
PURPOSES |
LEGAL BASIS |
CATEGORIES OF DATA CONCERNED |
|
Managing your User account on our Platform (e.g. Account creation, management, and deletion). |
The processing is necessary for the performance of a contract with you or for the implementation of pre-contractual measures taken at your request (e.g. acceptance of the Terms of Use). |
· Data collected from the User as detailed in Section 2 of this Policy; · Data collected automatically as detailed in Section 2 of this Policy. |
|
Manage our loyalty program if you are a member of the e-steel Club (when you are a representative of a company that is a member of the "e-steel Club") (for example, to offer you personalized discounts and benefits, conduct surveys to tailor our offers, etc.). |
The processing is necessary for the performance of a contract with you. |
· Data collected from the User as detailed in Section 2 of this Policy; · Data collected automatically as detailed in Section 2 of this Policy. |
|
Managing our contractual relationship with you and fulfilling our contractual obligations. |
The processing is necessary for the performance of a contract with you (e.g. if you wish to purchase a product, we need your professional contact information that you will need to provide during the creation of your User account to make your online purchases). |
· Data collected from the User as detailed in Section 2 of this Policy; · Data collected automatically as detailed in Section 2 of this Policy. |
|
Responding to requests and questions that you may submit on the Platform, and more broadly, managing our relationship with the Users of the Platform (e.g. providing information and advice related to the use of Services (welcome messages, new features, updates, etc.)). |
The processing is carried out based on our legitimate interest in ensuring proper communication with the Users of our Services. |
· Data collected from the User as detailed in Section 2 of this Policy; · Data collected automatically as detailed in Section 2 of this Policy. |
|
Offering, customizing, and improving our Services (e.g. verifying proper functionality, troubleshooting and resolving any issues, testing new features to ensure they work correctly, gathering feedback on our features and Services, conducting surveys and other research to determine what you appreciate about our Services and products offered for sale, and what can be improved, generating statistics). |
The processing is carried out under our legitimate interest to optimize our tools and solutions in order to best satisfy the Users of our Platform and our prospects. |
· Data collected automatically as detailed in Section 2 of this Policy. |
|
Improve the overall experience during your visit to the Platform, adapt the content and advertising based on your interests. |
The processing is based on your consent (e.g., optional use of cookies and similar technologies or marketing emails). |
|
|
Displaying your order history in your User account.
|
The processing is based on your consent. |
|
|
The processing is carried out on the basis of your consent, for example, sending personalized messages about the services we offer on the Platform. |
The processing is based on your consent.
|
· Data collected from the User as detailed in Section 2 of this Policy; · Data collected automatically as detailed in Section 2 of this Policy. |
|
Communicate information about changes to the Platform. |
The processing is necessary, as applicable, (i) to comply with legal obligations to which we are subject (e.g. necessary updates to maintain Service compliance) or (ii) for the performance of a contract with you (e.g. non-necessary updates to maintain Service compliance). |
· Data collected from the User as detailed in Section 2 of this Policy. |
|
Maintain a secure and trusted environment (e.g. prevention and detection of computer fraud (spamming, hacking)). |
The processing is carried out based on our legitimate interest to ensure compliance with applicable laws, enforcement of our Terms of Use, Terms of Purchase, and Terms of Sale, prevent fraud, improve security, and ensure proper performance of our Services (e.g. traffic and connection analysis on the Platform). |
· User data collected as detailed in Section 2 of this Policy;
|
|
To comply with applicable legal and regulatory obligations. |
The processing is necessary for compliance with legal obligations to which we are subject (e.g. responding to requests from judicial or administrative authorities, claims, and requests to exercise rights). |
· Data collected from the User as detailed in Section 2 of this Policy; · Data collected automatically as detailed in Section 2 of this Policy. |
|
Manage any potential or actual disputes with you or third parties. |
The processing is carried out under our legitimate interest to defend our interests, including through legal means. |
· User-collected data as detailed in Section 2 of this Policy; · Data collected automatically as detailed in Section 2 of this Policy. |
In any case, please note that we will refrain from processing your personal data for purposes that would be incompatible with those listed above.
- WHO DO WE SHARE YOUR PERSONAL DATA WITH?
As part of the processing of your personal data, if necessary, we may disclose your personal data to the following recipients:
- Our affiliates, i.e., companies within the ArcelorMittal group in the European Union ("Group");
- Our service providers, external service providers, payment service providers, associated insurance organizations, agents, and subcontractors, to the extent that they assist us in achieving the purposes defined in this Policy (e.g., we use IT service providers to host your personal data on our behalf);
- Competent courts, public authorities, government agencies, and law enforcement agencies (e.g., in cases where we must comply with legal or regulatory requests); and
- Third parties who may collect your personal data on our Platform through cookies, web beacons, and similar tracking technologies, subject to your prior and express consent. These cookies are used in accordance with our Cookies Policy.
Regardless of the recipient, we only disclose your personal data to them if they strictly need to know and only to the extent necessary to achieve the purposes identified in this Policy.
We do not sell your personal data.
- DO WE TRANSFER PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA?
We do not transfer the personal data collected through the Platform to recipients located in third countries outside the European Economic Area.
- HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
We retain your personal data for a duration not exceeding what is necessary in light of the purpose pursued by the relevant processing and applicable laws on the Platform.
In other words, this means that the retention periods we apply vary depending on the reason for which we process the relevant data. The table below indicates, for each purpose, the retention period that will be applied to your personal data.
Please note that the retention periods indicated in the table are indicative and may be subject to change in accordance with legal requirements or operational needs. Once the retention period expires, we will delete or anonymize your personal data in accordance with applicable laws.
|
PURPOSES |
CATEGORIES OF DATA INVOLVED |
RETENTION PERIOD |
|
Managing your User account on our Platform (e.g., User account creation, management, and deletion). |
· Data collected from the User as detailed in Section 2 of this Policy; · Data collected automatically as detailed in Section 2 of this Policy. |
We will retain your personal data for a maximum period of 3 years from your last use of our Platform, if you have not closed your User account. OR We will retain your personal data until the closure of your User account, including deletion requests from the User. |
|
Managing our loyalty program if you are a member of the e-steel Club (when you are a representative of a company that is a member of the 'e-steel Club') (e.g. to offer you personalized discounts and benefits, conduct surveys to tailor our offerings, etc.). |
· Data collected from the User as detailed in Section 2 of this Policy; · automatically collected data as detailed in Section 2 of this Policy. |
We will retain your personal data for a maximum of 3 years from your last use of our Platform, if you have not unsubscribed from our loyalty programme. OR We will retain your personal data until the end of your loyalty programme, including if you have requested to have your account deleted. |
|
To manage our contractual relationship with you and fulfil our contractual obligations. |
· data collected from the User as detailed in Section 2 of this Policy;
· data collected automatically as detailed in Section 2 of this Policy. |
We will retain your personal data for a maximum of 3 years from your last use of our Platform, if you have not closed your User account. OR We will retain your personal data until your User account is closed including the User's request for deletion. OR Content created by you on our Platform is anonymised after the above mentioned time periods but remains visible on our Platform. |
|
Responding to requests and questions you may submit on the Platform, and, more broadly, managing our relationship with Platform Users (e.g. providing information and advice on the use of the Services (welcome message, new features, developments, etc.)). |
· data collected from the User as detailed in Section 2 of this Policy;
|
We will retain your personal data for a maximum of 6 months from the last contact at your initiative or earlier if you exercise your right to object. |
|
To provide, customise and improve our Services (e.g. to check that they are working properly, to fix and correct any problems, to test our new features to check that they are working properly, to gather feedback on our features and services, to carry out surveys and other research to find out what you like about our Services and the products we offer for sale, and what can be improved, to produce statistics) |
|
We will retain your personal data for a maximum of 6 months, although in most cases your data will be aggregated shortly after collection into non-personally identifiable statistics. OR We will retain your personal data until you exercise your right to object before the expiry of the 6 month period mentioned above. |
|
To improve your overall experience of visiting the Platform, tailoring content and advertising to your interests. |
|
We will retain your personal data for a maximum of 6 months, although in most cases your data will be aggregated shortly after collection into non-personally identifiable statistics. OR We will retain your personal data until you exercise your right to object before the expiry of the 6 month period mentioned above. |
|
View the order history in the User account. |
|
We will retain your personal data for 3 years after your last contact with our Services. OR We will retain your personal data until you withdraw your consent via your User account. |
|
To carry out commercial prospecting actions (e.g. sending personalised messages concerning the services we offer on the Platform). |
|
We will retain your personal data for 3 years after your last contact with our Services. OR We will retain your personal data until you withdraw your consent via your User account. |
|
Communicate information about changes to the Platform. |
|
We will retain your personal data for as long as we are subject to the relevant legal or regulatory obligations. OR We will retain your personal data for a maximum of 3 years from your last use of our Platform, if you have not closed your User account. OR We will retain your personal data until the User account is closed including the User's request for deletion. |
|
Maintain a secure environment (e.g. prevention and fight against computer fraud (spamming, hacking)). |
|
We will retain your personal data for a maximum of 6 months, although in most cases your data will be aggregated shortly after collection into non-personally identifiable statistics. |
|
To comply with legal and regulatory obligations applicable to us. |
· data collected automatically as detailed in Section 2 of this Policy. |
We will retain your personal data for as long as we are subject to the relevant legal or regulatory obligations. |
|
To manage any potential or actual disputes with you or third parties. |
|
In the event that your User account has received a negative review or report, we will retain your personal data for a period of 2 years after the closure of your account including your request for deletion or for a period of 3 years in the absence of such a request. OR If your account has been suspended or blocked, we will retain your personal data for a period of 2 or 10 years depending on the severity of the breach from the time of suspension in order to prevent you from circumventing the rules of our Platform. |
We also have an archiving policy. This policy ensures that we do not keep personal data about you in an active database unnecessarily, while at the same time complying with our legal obligations and managing possible disputes. Your personal data will not be stored for more than five (5) years.
In any event, at the end of the applicable retention period, we will delete your personal data or make it irrevocably anonymous so that you can no longer be identified.
- DO WE USE COOKIES?
We use cookies on our Platform. However, in accordance with the applicable regulations on the deposit of cookies and other tracers, please note that we will ensure that we have obtained, where necessary, your prior consent before placing them on your equipment.
To find out more about the cookies we use and the purposes for which we use them, please see our Cookies Policy which can be found here:
- WHAT SAFEGUARDS ARE IN PLACE FOR YOUR PERSONAL DATA?
We protect your personal data with physical, electronic and administrative security measures to reduce the risk of loss, unauthorised access, disclosure or unauthorised modification in the collection, storage and communication of users' personal information.
To this end, we also use personal data encryption protocols (SSL/TLS, HTTPS), network security measures (firewalls, WAF) and protective software (backups and replication).
- WHAT RIGHTS DO YOU HAVE?
In accordance with the legal framework applicable to the protection of personal data, and in particular the RGPD, you have the following rights: right of access, rectification, deletion, opposition, limitation of processing, portability of your personal data and the right to give instructions concerning the fate of your personal data after your death.
Where processing of your personal data is based on your consent, you may withdraw it at any time.
- Right of access
You may request access to your personal data at any time. If you exercise your right of access, we will provide you with a copy of the data in our possession as well as all the information relating to its processing.
- Right of rectification
You have the right to ask us to rectify or complete any personal data in our possession that are inaccurate or incomplete.
- Right to erasure
You have the right to ask us to delete your personal data, for example if these data are no longer necessary for the processing operations we carry out.
We will endeavour to comply with your request. Please note, however, that we may be required to retain all or part of your personal data if we are required to do so by law or if the data is necessary for the establishment, exercise or defence of legal claims.
- Right to object
You may object at any time, for reasons relating to your particular situation, to our use of your personal data. We will then stop processing your personal data unless there are compelling legitimate grounds for continuing to process your personal data (for example, if your data is necessary for the establishment, exercise or defence of our rights or the rights of third parties in a court of law). If we are unable to comply with your request to object, we will inform you of the reasons for our refusal.
You may also object at any time to our processing of your personal data for commercial prospecting purposes.
- Right of restriction
You may also request the restriction of the processing of your personal data for reasons relating to your particular situation. For example, if you dispute the accuracy of your personal data or object to the processing of your personal data, you may also request that we do not process your personal data for the time necessary to verify and investigate your claims.
In this case, we will temporarily refrain from processing your personal data until the necessary checks have been carried out or until we comply with your requests.
- Right to portability
You may request the portability of the personal data you have provided to us during your visit to the Platform. If you so request, we will provide you with your personal data in a readable and structured format so that you can easily re-use it.
Please note that the portability of your personal data applies only to personal data that you have provided to us or that result from your activity on our Platform, provided that the disclosure of your personal data does not infringe the rights of third parties. If we are unable to comply with your request, we will inform you of the reasons for our refusal.
- Right to withdraw your consent
Where a processing of your personal data is based on your consent, you may withdraw it at any time. Withdrawing your consent will prevent us from processing your personal data but will not affect the lawfulness of any processing carried out before the withdrawal.
- Right to specify instructions for the use of your personal data after your death
You have the opportunity to provide us with instructions on how your personal data will be used after your death. For example, you can ask us to retain, delete or disclose your personal data to a third party that you have designated.
- HOW TO EXERCISE YOUR RIGHTS?
To exercise your rights, please contact our DPO using the contact details provided in Section 11 of this Policy (How can you contact us?). In order to best process your request, we may ask you for certain additional information to confirm your identity and/or facilitate the location of the personal data concerned by your request.
Please note that some of these rights are subject to specific conditions dictated by the applicable legal framework for the protection of personal data. Therefore, if your particular situation does not meet these conditions, we will unfortunately not be able to respond to your request. We will inform you of the reasons for our refusal if necessary.
In any event, please note that you may lodge a complaint with the la Commission Nationale de l’Informatique et des Libertés (« CNIL »).
- HOW CAN YOU CONTACT US?
If you have any questions or requests regarding the processing we carry out with your personal data under this Policy, including the exercise of your rights as detailed above, you may contact us (i) by email at the dpo.distributionsolutionsfrance@arcelormittal.com ; or (ii) by using the contact form provided for this purpose and referred to in Section 1.2 of this Policy (Contact Us); or (iii) by post, at the following address Data Protection Officer, Délégué à la Protection des Données, ArcelorMittal Distribution Solutions France, 16 avenue de la Malle, 51370 Saint Brice Courcelles.
- WHEN AND HOW WILL YOU BE INFORMED IF THIS POLICY CHANGES?
We periodically review this Policy to ensure compliance and to keep it up to date with applicable data protection regulations.
You will be notified of any material changes to this Policy (for example, if the changes relate to the categories of personal data processed or the purposes of processing), and we will provide you with a hyperlink to the updated Privacy Policy within 30 days of its posting. This information will be sent to you by email and/or will be available via a pop-up window when you return to our Platform. You will thus have the opportunity to read the amended Policy before choosing whether you wish to continue using our Platform.
Current version: ArcelorMittal Distribution Solutions Europe - Platform Users Privacy Policy – v.1
Date of last update: 19/06/2023