back to top
×

Welcome to Tata Steel

Privacy Policy

Last updated on 15-12-2023

Privacy Policy

Tata Steel Limited (hereinafter referred to as “We”, “Us”, “Our”) owns and manages the website www.tatasteel.com and its other digital platforms and applications (“Website”).
This Privacy Policy (“Privacy Policy”) explains how We may collect, use, store, disclose or otherwise process your personal data when using our websites or through any other mean that We may employ to process your personal data.
This policy also describes the rights you have with respect to your personal data.
We are committed to providing the highest level of protection regarding the Processing of their employees’, vendors’ and clients’/customers’ personal data based on applicable data protection laws and regulations.
This Privacy Policy applies to all current and former users (collectively “You” or “Your”) accessing or using our website, or otherwise engaging with us through email or other means. By accessing or using our website or by otherwise giving us your information, You confirm that you have read and understood and agreed to the practices outlined in this Privacy Policy.

1. Information we collect

Mode of information collection

  • We collect your information either directly from you through offline documentation and/or the Website. We may also collect information when you visit any of our offices to enquire about or avail our Services or attend conferences, seminars, webinars, or other events organised by us. You agree and acknowledge that such information is collected and processed for fulfilling purposes mentioned below and Consent to Our collection thereof.
  • We may collect information about you from Third parties such as service providers to provide relevant services, offers and marketing services and the same would be used & processed with your Consent only. We, including our service providers may monitor, record and retain your conversation and/or electronic communication between you and us or otherwise as deemed approved.

Information we process about You includes

  • Personal data comprises all the details that we collect and process directly or indirectly about you as an individual, for instance personal information including but not limited to Your name, email address, mobile number
  • We may also automatically collect information about the devices you use to interact with our website. The information we automatically collect may include IP address, device identifier, web browser, and browsing information collected through cookies, web beacons, and other similar technologies (collectively “Cookies and Other Tracking Technologies”) on our Sites.

2. Use of information

We may process your personal data where such relevant personal information is required to be processed for legitimate purposes as follows, but not limited to:

  • Providing products and services,
  • Monitoring and improving our website and its content,
  • Conducting market research and surveys with the aim of improving our products and services,
  • Sending you information about our products and services for marketing purposes and promotions, for which appropriate Consent is taken,
  • Complying with applicable local or foreign law, regulation, policy, voluntary codes, directive, judgement, or court order, as well as any contractual obligation pursuant to agreements between Us and any authority, regulator or enforcement agency or body or any request coming from said entities,
  • Establishing, exercising, or defending legal rights in connection with legal proceedings (including any prospective legal proceedings) and seeking professional or legal advice in relation to such legal proceedings,
  • Surveillance of premises. (Video Recording),
  • To process your requests (such as replying to your queries)

3. Lawful basis of Processing

  1. Consent: In some cases, we ask you for your Consent to process your personal data, You can withdraw your Consent at any time, which will not affect the lawfulness of the processing before your Consent is withdrawn. If you would like to withdraw your Consent, you can do so by contacting us as provided in Section 14 of this policy below. However, your withdrawal of Consent will not impact Processing of your personal information by Us for legitimate purpose such as Processing in compliance with applicable laws or under instruction of government authorities.
  2. Legitimate Interest: We process certain data for the legitimate interests of the Company, its affiliates, partners, customers, or in compliance with applicable laws including notice from government authorities. These legitimate interests include, for example, contacting you to provide support or sending you marketing information (subject to applicable law); detecting, preventing, and investigating illegal activities and potential security issues; and maintaining and improving the Website and applications. The company will take all reasonable efforts while relying on its legitimate interests for Processing personal data only after balancing our interests and rights against the impact of the Processing on individuals.
  3. Performance of a Contract: We also process personal data on the basis of contractual necessity, where it is necessary for the performance of a contract or pre-contractual steps at your request.
  4. Other Legal Basis: In some cases, we may have a legal obligation to process your personal data, such as in response to a court or regulator order. We also may need to process your personal data to protect vital interests, or to exercise, establish, or defend legal claims.

4. Our Policy concerning children and their data

  • We are committed to protecting the privacy and safety of children. In certain circumstances, we may process personal data of children for associated services and social service initiatives. However, we take utmost care to comply with applicable laws and regulations regarding the Processing of children's personal data.
  • When processing such data, we take reasonable efforts to obtain appropriate Consent from parents or legal guardians, in accordance with the relevant legal requirements. We ensure that the collection, use, and Disclosure of children's personal data is limited to what is necessary for the intended purposes and is done in a secure manner.
  • If you believe that We may have inadvertently collected personal data from a child without proper Consent or have any concerns regarding the Processing of children's data, please contact us using the Email ID under Section 14 and We will take reasonable endeavours to promptly address the issue. We encourage parents and guardians to actively participate in and supervise their children's online activities to ensure their privacy and safety

5. Our Policy concerning people with disability and their data

  • We may collect and process personal data of person with disability for the purpose specified in the policy.
  • Lawful guardian shall provide the Consent on behalf of person with disability to process their personal information.

We shall take reasonable endeavour to ensure that adequate measures are implemented to the Processing the personal data of the person with disability in compliance with the applicable privacy regulations.

6. Recipients of data

Your personal data processed by Us will only be accessible by a limited list of recipients on a need-to-know basis or where required by law.

  1. Within our organization:

    Within our organization, access to your data is limited to those persons who as per company’s internal policies and procedures are authorized and require access in order to provide you with the Products and Services, and to respond to your inquiries.

  2. Third party(ies):

    We may use service providers & Third parties for operating and improving the function of website and services being offered. We endeavour to ensure that these service providers access, process, and store information about you only for the purposes we authorize, through the execution of relevant instrument in this regard.

  3. Authorities:

    We may access, preserve, and disclose information about you to government authorities, if we believe Disclosure is in accordance with or required by, applicable law, regulation, legal process, or audits. We may also disclose information about you if we believe that your actions are grossly inconsistent with our policies, and/or it affects the rights, property and reputation of the Company or others.

  4. Transfer of business:

    If we (or our assets) are merged, amalgamated, acquired, transferred or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a Third party.

7. Retention of Personal Information

Your personal data is processed and retained securely for no longer than is necessary for the purposes for which the personal data was collected or unless required as per the applicable laws. At the expiry of such periods, your personal data will be deleted or archived to comply with legal retention obligations or in accordance with applicable statutory limitation periods.

8. Your rights

Subject to applicable law, regulations that may apply to your jurisdiction, and/or industry guidelines, you may have the right to invoke Data Subject Rights in relation to your personal data being processed by Us.

You have the following rights regarding Our use of your personal data:

  • You can access any of your data held by Us.
  • You can correct any inaccurate data We hold.
  • You can ask Us to erase any of your data held by Us.
  • You can restrict the types of data We hold.
  • You can object to Our Processing any of your personal data.
  • You can ask that your data be copied or transferred to a Third party.
  • You can withdraw the Consent that we may have sought from you earlier (wherever applicable).
  • You have the right to grievance redressal mechanisms, ensuring prompt resolution of grievances related to your personal data Processing
  • You possess the right to establish guidelines for the handling of your data after your passing, ensuring your preferences are respected and adhered to by authorized entities. (Wherever applicable)

To invoke your Data Subject Rights, please use the Data Subject Right request form or send an email to data protection officer at privacy.governance@tatasteel.com.
TSL may be allowed by law, particularly in case of excessive or manifestly unfounded request, to charge a fee for fulfilling your request, subject to applicable conditions.
TSL shall provide information on action taken on a request pertaining to the Data Subject Rights without undue delay and within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
TSL shall inform the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay.
Finally, note that you are entitled to lodge a complaint with a competent Data Protection Authority or similar entity as per your country of residence, concerning TSL’s compliance with the applicable data protection laws and regulation.

9. Data Security

The security and confidentiality of your Personal Data is important to Us, and We have invested significant resources to safeguard your personal information. When using external service providers acting as processors, we require that they adhere to substantially similar standards of confidentiality and security as Ours. Regardless of where your personal information is transferred or stored, we take all steps reasonably necessary to ensure that personal data is kept secure. If you suspect any misuse or loss or unauthorised access to your data, please let us know immediately by contacting us via information provided under Section 14 of this policy.

10. Third party websites

Our website may contain links to another website that are not operated by us. If you click on a third-party link, you will be directed to that Third party’s site. We do not control the third-party sites that may be accessible through our website. Thus, this Privacy Policy does not apply to information you provide to third-party sites or gathered by the Third parties that operate them.

11. Cookies

We use cookies and similar technologies to analyse and understand how you access, use, and interact with our website and our consumer’s preferences (such as country and language choices), as well as to assess, secure, protect, optimize, and improve the performance of our website. To know more on our use of cookies, please refer to our cookie policy.

12. Social Media

We operate channels, pages, and accounts on some social media sites to inform, assist and engage with employees, vendors, clients/customers, and public at large. We monitor and record comments and posts made on these channels about Us in order to improve its products and services.

It is advisable to use official and authorized channel only for communication purposes. Please be aware of communicating with Us through publicly accessible social media sites with the following information:

  • Confidential, personal data, including any information regarding your financial situation, bank account details, transactions, etc.
  • sensitive personal data including (i) Special categories of personal data meaning any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the Processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation and (ii) other sensitive personal data such as criminal convictions and offences and national identification number; and
  • inappropriate, offensive, or insulting information towards individuals.
  • transmit any content, data or information that is unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libellous, invasive of another's privacy or right of publicity, hateful, or racially, ethnically, or otherwise objectionable.
  • Any information that infringes, violates, or impacts the rights including intellectual property rights of others.
  • TSL is not responsible for any information posted on those sites other than the information posted by the employees authorized to publicise the information on its behalf. Our responsibility is limited to the utilization of personal data we obtain from these sites for our own purposes.

13. Changes to this Privacy Policy

We may be required to update or change our Privacy Policy from time to time. We will upload an updated Privacy Policy on the website. We encourage you to periodically visit the page for the latest information on our privacy compliance.

If any court or competent authority finds that any provision of this privacy policy (or part of any provision) is invalid, illegal, or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.

14. Who to Contact

If you have any questions regarding this privacy policy or the protection of your personal data, you may reach out to DPO at privacy.governance@tatasteel.com

15. Definitions

Associate- means an employee, officer, director, Third Party, contractual employees, intern, job – candidate, end customer or any representative of the organization.

Breach- a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized Disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Consent - of the Data Subject means any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which they, through a statement or using a clear affirmative action, signify agreement to the specific Processing of personal information relating to them.

Cross-border Processing- means either:

  1. Processing of personal information which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State: or
  2. Processing of personal information which takes place in the context of the activities of a single establishment of a controller or processor in the Union, but which substantially affects or is likely to substantially affect Data Subjects in more than one Member State.

Data Controller/Data Fiduciary - means individual, organization, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of personal information. In some cases, the purpose and means of Processing are determined by Union or Member State law.

Data Processor - in relation to personal information, means any person (other than an employee of the Data Controller) who processes the personal information on behalf of the data controller.

Data Subject/ Data Principal - means a natural person is an individual who is the subject of certain personal information or whose information is being collected.

Data Subject Right - any request received by the firm from a Data Subject or other individual or legal entity who wishes to receive a copy of all the personal information related to it or him the firm is Processing about it/him.

Disclosure - means rendering personal information accessible, for example by allowing access to personal information either transferring, distributing, or publishing the personal information.

European Economic Area (EEA) - the European Union plus Norway, Liechtenstein, and Iceland.

Personal Identifiable Information (PII) - means any information relating to an identified or identifiable living person (‘Data Subject’). An identifiable living person is one who can be identified, directly or indirectly, from the data items. Using a common identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing – means any operation or set of operations which is performed on personal information or on sets of personal information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, combination, restriction, erasure or destruction.

Profiling - means any form of automated Processing of personal information consisting of the use of personal information to evaluate certain personal aspects relating to a person, in particular to analyse or predict aspects concerning that person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Personal profile - means a collection of data that allows the appraisal of fundamental characteristics of the personality of an individual.

Special categories of personal data/ Sensitive Personal Information (SPI) - personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the Processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

Third party- means a natural or legal person, public authority, agency, or body other than the Data Subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal information.