Privacy policy

Privacy Policy 

‍

Last updated January 14th, 2025

This privacy notice for Tata Steel Minerals Canada Limited (hereinafter referred to as “TSMCL”, “we”, “us”, “our”), describes how and why we might collect, store, use, and/or share (“process“) your information when you use our services (“Services“), such as when you:

• Visit our website at https://tatasteelcanada.com/ or any website of ours that links to this privacy notice
• Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at dataprivacy@tatasteelcanada.com.

TSMCL is committed to providing the highest level of protection regarding the processing of their  employees’, vendors’ and clients’/customers’ personal data based on applicable data protection  laws and regulations.

‍

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

‍

Definitions

For the purposes of this Privacy Policy:

• "Account" means a unique account created for You to access our Service or parts of our Service.
• "Company" (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Tatasteelcanada.com website.
• "Country" refers to Canada.
• "Cookies" are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
• "Data Controller", for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
• "Device" means any device that can access the Service such as a computer, a cell phone or a digital tablet.
• "Personal Data" is any information that relates to an identified or identifiable individual. For the purposes of GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
• "Service" refers to the Website.
• "Service Provider" means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
• "Usage Data" refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
• "Website" refers to Tatasteelcanada.com, accessible from http://www.tatasteelcanada.com.
• "You" means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.

‍

What information do we collect?

‍Personal Information You Disclose To Us

Your personal data processed by TSMCL will only be accessible by a limited list of recipients on a need-to-know basis or where required by law. Our policy does not apply to third-party websites  where our online advertisements are displayed, nor to linked third-party websites which we do not  operate or control. To the extent permitted by law, TSMCL may record and monitor your  communications with TSMCL to ensure compliance with our legal and regulatory obligations and  our internal policies.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

• Email address
• First name and last name
• Phone number
• Address, State, Province, ZIP/Postal code, City
• Usage Data

Sensitive Information. We do not process sensitive information.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

‍

Information Automatically Collected

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies. You can find out more about this in our Cookie Notice: https://tatasteelcanada.com/cookie-policy.

The information we collect includes:

• Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called “crash dumps”), and hardware settings).
• Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
• Location Data. We collect location data such as information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

‍

Purposes for Processing Your Personal Information

We process your personal information for a variety of reasons, depending on how you interact with our services. These purposes include:

1. Providing and Improving Services
   • Processing applications for products and services.
   • Delivering products and services effectively, as it is not feasible to provide them without processing personal data.
   • Monitoring and improving our website, content, and overall user experience.
   • Conducting market research and surveys to enhance our offerings.
2. User Support and Communication
   • Responding to user inquiries and resolving issues with requested services.
   • Sending administrative information, such as updates about products, services, terms, and policies.
   • Enabling user-to-user communications through specific offerings.
   • Requesting feedback on your use of our services to make improvements.
3. Marketing and Promotions
   • Sending marketing and promotional communications, if aligned with your preferences. You can opt out of marketing emails at any time.
   • Determining the effectiveness of marketing and promotional campaigns to tailor them better to your interests.
4. Safety and Security
   • Keeping our services safe and secure through fraud monitoring and prevention.
   • Conducting surveillance of premises (e.g., video recording) where necessary.
5. Usage Analysis and Trends
   • Identifying usage trends and analyzing how services are utilized to improve functionality.
   • Evaluating promotional campaign effectiveness and usage data to optimize offerings.
6. Legal Compliance and Rights Protection
   • Complying with legal obligations, such as responding to legal requests, subpoenas, court orders, or regulatory requirements.
   • Establishing, exercising, or defending legal rights in connection with legal proceedings or potential disputes.
   • Seeking professional or legal advice in relation to legal obligations.
7. Optional Data Processing
   • For optional features like personalization, processing your data enables tailored experiences. If you choose not to share personal data, these features may not function fully.

By processing your personal information, we aim to provide high-quality, secure, and legally compliant services while continuously improving your experience.

‍

What legal bases do we rely on to process your information?

We may process your personal data under the following conditions:

1. Consent: You have provided explicit consent for processing your personal data for specific purposes. This includes express consent (given directly) or implied consent (where inferred by context). You can withdraw your consent at any time.
2. Performance of a Contract: Processing is necessary to fulfill an agreement with you or to meet pre-contractual obligations.
3. Legal Obligations: Processing is required to comply with applicable laws, such as responding to legal requests, subpoenas, or court orders.
4. Vital Interests: Processing is necessary to protect your vital interests or those of another individual (e.g., in emergencies).
5. Public Interests: Processing is conducted as part of a task carried out in the public interest or in the exercise of official authority vested in the company.
6. Legitimate Interests: Processing is necessary for the legitimate interests of the company, such as fraud prevention, business operations, or improving services.

‍

Exceptional Cases for Processing Without Consent

In some instances, we may process your personal data without your consent, as allowed by applicable law, including but not limited to:

• When it is clearly in the individual’s interest, and consent cannot be obtained in a timely manner.
• For fraud detection, investigations, or prevention.
• During business transactions, such as mergers or acquisitions, provided certain conditions are met.
• To assess, process, or settle an insurance claim using witness statements.
• For identifying injured, ill, or deceased individuals and communicating with next of kin.
• When there are reasonable grounds to believe an individual may be a victim of financial abuse.
• If collecting consent would compromise the availability or accuracy of the information, such as during legal investigations or breaches.
• For journalistic, artistic, or literary purposes.
• If the data is publicly available and permitted by regulations.

‍

Your Rights Under GDPR

You have the following rights concerning your personal data:

1. Access: You can request access to the personal data we hold about you, including updates or deletion.
2. Correction: You have the right to have incomplete or inaccurate information corrected.
3. Objection: You can object to processing based on legitimate interests, particularly if it impacts your rights, or for direct marketing purposes.
4. Erasure: You can request the deletion of your data when there is no legitimate reason to continue processing it.
5. Data Portability: You may request your data in a structured, commonly used, machine-readable format for transfer to another entity, where applicable.
6. Withdraw Consent: If processing is based on your consent, you can withdraw it at any time. Withdrawal may limit access to certain services but does not affect the lawfulness of processing before withdrawal.

‍

What are your privacy rights?

In some regions (like Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?“ below.

We will consider and act upon any request in accordance with applicable data protection laws.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?“ below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, replying “STOP” or “UNSUBSCRIBE” to the SMS messages that we send, or by contacting us using the details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?“ below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. For further information, please see our Cookie Notice: https://tatasteelcanada.com/cookie-policy.

If you have questions or comments about your privacy rights, you may email us at dataprivacy@tatasteelcanada.com.

‍

When and with whom do we share your personal information?

Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents (“third parties“) who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct.

The categories of third parties we may share personal information with are as follows:

• Data Analytics Services
• Data Storage Service Providers
• Performance Monitoring Tools
• Sales & Marketing Tools
• Testing Tools
• Website Hosting Service Providers

We also may need to share your personal information in the following situations:

• Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• Business Partners. We may share your information with our business partners to offer you certain products, services, or promotions.

‍

Do we use cookies and other tracking technologies?

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences). The third parties and service providers use their technology to provide advertising about products and services tailored to your interests which may appear either on our Services or on other websites.

Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice: https://tatasteelcanada.com/cookie-policy.

Type of cookies used at TSMCL

We may use cookies of four categories: Session cookies, Functionality cookies,  Analytical/Customization cookies and Advertising cookies.

• Session Cookies: Session cookies enable the website you are visiting to keep track of your movement from page to page, so you don't get asked for the same information you've already given to the site. Cookies allow you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new area you visit. These only last for as long as the session (usually the current visit to a website or a browser session).
• Functionality cookies: These cookies allow our services to remember choices you make, such as:
  • remembering your username, preferences, and settings.
  • remembering if you've filled in a survey or taken part in a poll or contest or  otherwise reacted to something on through the services, so you're not asked to do  it again.
  • remembering if you've used any of our services before; restricting the number of  times you are shown a particular advertisement.
  • remembering your location; and ✓ enabling social media components like  Facebook or Twitter.
  • The aim of these cookies is to provide you with a more personal experience so that you don't have  to reset your preferences each time you use our services
• Analytical/Customization cookies: These cookies collect information about how visitors use and interact with our services, for instance which pages they go to most often. These cookies also enable us to personalize content and remember your preferences (e.g., your choice of language, country, or region). These cookies help us improve the way our websites work and provide a better, personalized user experience.
• Advertising cookies: These cookies record your visit to our websites, the pages you have visited, and the links you have clicked. They gather information about your browsing habits and remember that you have visited a website. We (and third-party advertising platforms or networks) may use this information to make our websites, content, and advertisements displayed on them more relevant to your interests (this is sometimes called "behavioural"  or "targeted" advertising). These types of cookies are also used to limit the number of  times you see an advertisement as well as to help measure the effectiveness of advertising  campaigns.

How can you block cookies?

You can control whether to accept cookies or not. If you decide to not accept cookies, some  features and services on our websites will not function properly.

If you would prefer not to accept cookies, you can either:

• Change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; or
• Set your browser to automatically not accept any cookies. You can manage cookies in the privacy settings of the web browser you are using. Please note that if you use your browser settings to block all cookies, you may not be able to access parts of our or others' websites. The following pointers provide information on how to modify the cookies’ settings on some popular browsers:
  • Apple Safari: https://support.apple.com/en-in/guide/safari/manage-cookies-and-website-data-sfri11471/mac
  • Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
  • Microsoft Internet Explorer: https://support.microsoft.com/en-in/help/17442/windows-internet-explorer-delete-manage cookies
  • Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

For more information about the cookies, we use and your choices regarding cookies, please visit our Cookie Policy.

‍

Google Analytics

We may share your information with Google Analytics to track and analyze the use of the Services. The Google Analytics Advertising Features that we may use include: Google Display Network Impressions Reporting and Google Analytics Demographics and Interests Reporting. To opt out of being tracked by Google Analytics across the Services, visit https://tools.google.com/dlpage/gaoptout. You can opt out of Google Analytics Advertising Features through Ads Settings and Ad Settings for mobile apps. Other opt out means include http://optout.networkadvertising.org/ and http://www.networkadvertising.org/mobile-choice. For more information on the privacy practices of Google, please visit the Google Privacy & Terms page.

‍

How long do we keep your information?

We will retain your personal information only as long as necessary to fulfill the purposes outlined in this privacy notice or as required by law (e.g., tax, accounting, or other legal obligations). No purpose stated in this notice will require us to keep your personal information for longer than two years unless otherwise mandated by legal or regulatory requirements.

When there is no ongoing legitimate business need to process your personal information, we will either delete or anonymize the data. If deletion or anonymization is not possible (e.g., if stored in backup archives), we will securely store your personal information and isolate it from further processing until deletion becomes feasible.

At the end of the applicable retention period, your personal information will be deleted or archived in compliance with legal retention obligations or statutory limitation periods.

‍

How do we keep your information safe?

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

‍

Controls for do-not-track features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

‍

How to access and control your personal data?

Subject to applicable law, regulations and/or industry guidelines, you may have the right to invoke  a data subject right in relation to your personal data being processed by TSMCL.

TSMCL may be allowed by law, in particular in case of excessive or manifestly unfounded request,  to charge a fee for fulfilling your request, subject to applicable conditions.

TSMCL shall provide information on action taken on a request pertaining to the Data Subject  Rights without undue delay and in any event within one month of receipt of the request. That  period may be extended by two further months where necessary, taking into account the  complexity and number of the requests.

TSMCL shall inform the data subject of any such extension within one month of receipt of the  request, together with the reasons for the delay.

To invoke your data subject rights, please use the data subject right request form, or send an  email to data protection officer (for contact details refer to the last section of this policy).

Finally, note that you are entitled to lodge a complaint with a competent Data Protection Authority  where existing, concerning TSMCL’s compliance with the applicable data protection laws and  regulation.

‍

Security

The security and confidentiality of your Personal Data is important to us and TSMCL has invested  significant resources to protect the safekeeping and confidentiality of your personal data. When  using external service providers acting as processors, we require that they adhere to the same  standards as TSMCL. Regardless of where your personal information is transferred or stored, we  take all steps reasonably necessary to ensure that personal data is kept secure.

‍

Social Media

TSMCL operates channels, pages and accounts on some social media sites to inform, assist and  engage with employees, vendors and clients/customers. TSMCL monitors and records comments  and posts made on these channels about TSMCL in order to improve its products and services. Please note that you must not communicate to TSMCL through such social media sites the  following information:

• confidential personal data, including any information regarding your financial situation, bank account details, transactions, etc.
• sensitive personal data including (i) special categories of personal data meaning any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation and (ii) other sensitive personal data such as criminal convictions and offences and national identification number; and • excessive, inappropriate, offensive or insulting information towards individuals.

TSMCL is not responsible for any information posted on those sites other than the information  posted by its employees on its behalf. TSMCL is only responsible for its own use of the personal  data received through such sites.

‍

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect  personally identifiable information from anyone under the age of 13. If You are a parent or  guardian and You are aware that Your child has provided Us with Personal Data, please contact  Us. If We become aware that We have collected Personal Data from anyone under the age of  13 without verification of parental consent, we take steps to remove that information from Our  servers.

If We need to rely on consent as a legal basis for processing Your information and Your country  requires consent from a parent, we may require Your parent's consent before We collect and  use that information.

‍

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a  third-party link, you will be directed to that third party's site. We strongly advise You to review  the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or  practices of any third-party sites or services.

‍

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by  posting the new Privacy Policy on this page.

We will notify you via email and/or a prominent notice on Our Service, prior to the change  becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this  Privacy Policy are effective when they are posted on this page.

‍

Contact Us

If you have any questions about this Privacy Policy, you can contact us: by Mail

Data Privacy Officer,

Tata Steel Minerals Canada Ltd.

1000 Sherbrooke West, Bureau 1120,

Montreal, Quebec, H3A 3G4, Canada

Or:

• By visiting this page on our website: http://www.tatasteelcanada.com
• By sending us an email: dataprivacy@tatasteelcanada.com
• By phone: +1 (514) 764-6700 Ex. 730

‍