This Data Protection Policy (hereafter “Policy”) accounts for the personal information collected, processed and used by “Piraiki Metals S.A.”(hereafter “Company” or “We”).

Our Company as a Data Controller

Our Company processes personal data as an employer, prospective employer, as a supplier of products, for marketing related purposes and in the course of its operations.


How we collect personal data

The Company collects personal information:
(i) directly from the data subject; or
(ii) indirectly, either from internal sources, including the Departments of the Company or external third parties, suppliers, business partners etc.

What kind of data we process

We process personal data that includes but is not limited to:

(a) information referring to a subject’s name, contact details (full address, email address, phone number), birth date and place, gender, bank details, marital and family status, passport, visas and ID numbers, tax and social security numbers, as well as information on previous experience, references and professional certificates, correspondence with or about the data subject, the contract of employment and any amendments to it and all information needed for the execution of a contract of employment .

(b) information referring to a subject’s name, contact details (full address, email address, phone number) and emergency contact details, birth date and place, gender, bank details, marital and family status, passport, visas and ID numbers, tax and social security numbers, qualifications and certificates, the respective contract of employment and any amendments to it, correspondence with or about the data subject, and, where appropriate, disciplinary and complaint records

(c) information referring to a subject’s name, gender, identity card number or passport number, birth date and place, mailing address, telephone numbers, email address and other contact details, resume, educational qualifications, professional qualifications and certifications and employment references, as well as employment and training history maybe included in an application, as is the case with job applicants;

(d) information referring to a subject’s name, contact details (mailing address, email address, phone numbers), tax ID, payment details, job title and role/function; delivery information; scanned version of invoices, billing and similar documents, as is the case with our suppliers and our suppliers’ personnel and representatives, including trainers, technicians, lawyers, accountants, auditors and other service providers;

Special categories of data

Where necessary, we may keep information relating to a subject’s health, which could include reasons for absence and /or accident reports and notes, as well as medical records
.
This information is used in order to comply with our health and safety and occupational health obligations, including in order to consider how a subject’s health affects the ability to work and fulfil the respective employment obligations, as well as to comply with our statutory obligations and applicable legislation with regard to recruitment and employment .

All above data and any other data that constitutes special category of data, including references to a subject’s ethnic origin /nationality etc. are lawfully collected and processed by the Company and, unless this is not authorized or required by law or such information is required to protect the subject in an emergency, we obtain the subject’s explicit consent.

Why we process personal data

We process personal data in order to pursue the legitimate interests of the Company and protect our legal position in the event of legal proceedings.
When we need to process personal data to pursue our legitimate business interests, for example to prevent fraud or potential crimes, for administrative purposes or to protect the Company’s assets and to improve our efficiency, we try to never process a subject’s data where these interests are overridden by the subject’s own interests and we use only methods and technologies which are necessary, proportionate and implemented in the least intrusive manner, by appropriate means that ensure a balance with the subject’s fundamental rights and freedoms.

How we use and protect personal data

We do not collect more information than we need to fulfil the purposes for which we process personal data.

We hold accurate and up to date data in manners that reasonably ensure appropriate security thereof, protection against unauthorized or unlawful processing, accidental loss, destruction or damage.

We restrict physical access to authorized persons and maintain and use appropriate technical and organizational measures and specified technological solutions and IT systems to protect the integrity, safety, security and availability of the personal data we process.


E-mail correspondence

Our Company uses the personal data contained therein and any attachments thereto lawfully, fairly and in a transparent manner; for specified, explicit and legitimate purposes.

Our correspondence recipients are duly informed that they have all rights provided for by respective legislation regarding their personal data.

Who has access to personal data

A subject’s information is disclosed, as the case may be, only to appropriate Company’s personnel .

Disclosure to tax authorities and to internal and/or external auditors is included.

In all such cases, we do so where appropriate and only in accordance with local laws and requirements and we try to at all times ensure that such third parties have undertaken appropriate data processing obligations to ensure the security and confidentiality of the subject’s data.

We might also transfer a subject’s personal data to companies affiliated with the Company, if any, for purposes connected with the management of the Company’s business.

Duration of retaining

Personal data is stored for no more than it is necessary for the purposes for which it is processed for.

For so long as personal data is retained by the Company, we implement and at all times have in force appropriate technical and organizational measures as required by law, in order to safeguard the rights of the data subjects

When we process personal data based on the subject’s consent, this consent remains valid until such time it is withdrawn by the subject, as the case may be.

Future use and update

If in the future we intend to process personal data for a purpose other than that which it has been collected for we make sure to provide the subject with information on that purpose and any other relevant information if such purpose is not compatible with the initial.

The subject’s rights

If and to the extent we process a subject’s personal data based on his/her consent, the subject may withdraw consent and request us to stop using and/or disclosing such personal data for any or all of the purposes for which consent has been granted to the Company. This may be done by submitting a request in writing or via email to our authorized person in charge.

Upon receipt of such written request to withdraw the consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with the subject) for the subject’s request to be processed and for us to notify him/her of the consequences of our acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we seek to process and effect a subject’s respective request within 30 days of receiving it.

A subject is also entitled to request access to his/her personal data, as well as rectification, erasure or restriction of processing, as the case may be, to object to our processing, if and as the case may be, as well as to receive the data in machine-readable format.