Privacy Notice for Business partners
JFE Engineering Corporation (hereinafter "the Company") collects the personal data of customers and business partners (hereinafter the "Principal") located within the EEA or UK who provide personal data to the Company through business interactions. Protection of the personal data collected from the Principals is a very important issue for the Company and its affiliates (collectively, "the Company Group"). In this Privacy Notice, the Company, as a data controller, will explain to the Principals how personal data that is provided or disclosed to the Company by the Principals is collected and processed.
When the Company processes personal data of a Principal that the Company has received or obtained from a third party, the Company also will be the data controller. The Company will process personal data in accordance with regulations concerning personal data protection in each country (including Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and the domestic law in the UK, which will be enforced by adding necessary amendments to the General Data Protection Regulation, so that the same contents in the General Data Protection Regulation, which previously were enforceable in the UK as part of EU law prior to its departure from the EU, will apply to the UK post-Brexit, hereinafter referred to as "Data Protection Laws").
Purpose of processing
The Company collects and processes the personal data of Principals for the purposes described below.
- To offer Company products and services
- To ensure continuity of the Company’s business
- To provide, improve, and develop the Company’s products, services, and advertising
- To make the Company's policies and terms known
- To enhance safety and security
- For business management, data analysis, surveys, audits, and similar purposes of the Company
- In order for the Company to comply with legal obligations and to protect the legal rights of the Company or third parties
- To make changes in the Company's goods and services known
The Company will process the data of the Principal for the clear and legitimate purposes identified above, and will not process that data further in a way that does not fit those purposes.
If the Company intends to process the collected data for other purposes, the Company will inform the Principal of that fact.
The personal data is stored for the time strictly necessary to comply with the legal obligations of the Company, to provide sufficient services to the Principal, and to maintain the Company's business activities. After that time, all relevant personal data will be deleted or anonymized, unless further retention is justified by a necessity to establish, exercise, or defend against a legal claim or to comply with a legal obligation in accordance with applicable statutory retention periods.
The Company does not collect personal information from the Principal if the Principal is a minor (meaning under 16 years old). If you are a minor, please do not send personal information through this website without the clear consent and involvement of a parent.
Legal basis for processing
The Company collects and processes personal data of Principals on the following legal basis.
- Performance of contractual obligations
- Legitimate interests (e.g., improvement of services or enhancement of security)
- The Principal’s consent
- Compliance with legal obligations
For further details about legitimate interests, please contact the Company.
Types of personal data collected
In order to achieve the purposes listed in this Privacy Notice, the Company may collect the following types of personal data.
Name, address, phone number, e-mail address, company name, department name, position title, cookies, IP address, and similar information
Sharing of personal data
The Company may share personal data with the Company Group, including employees and local subsidiaries abroad, and with third parties, such as IT service providers and other service providers, public authorities (where sharing is required by law) and business transferees.
When the Company shares personal data with data processors, it will take steps to ensure that the transfer and processing of the data is carried out properly and lawfully.
If the data of the Principal within the EEA or the UK is shared between entities within the Company Group or with a third party outside the EEA or the UK, in countries/regions that are not subject to an adequacy decision by the European Commission or similar specification in the UK, the Company will enter into the standard contractual clauses approved by the European Commission or UK government appropriately.
For further details about the protection afforded where personal data is transferred outside the EEA or the UK (including a copy of the standard contractual clauses), please contact the Company.
Records on data processing
The Company preserves records concerning the processing of personal data as required by Data Protection Laws.
Security control measures
The Company endeavors to maintain the accuracy of the acquired personal data and to take necessary and appropriate security measures to prevent unauthorized access to personal data, and/or leakage, loss, falsification of, or damage to personal data.
If by any chance the Company is aware of a personal data breach, the Company will evaluate the breach, notify the supervisor as requested, and notify affected data subjects as necessary.
Rights of the Principal
The Principal has the following rights regarding personal data collected and processed by the Company.
If the Principal wishes to exercise the rights listed below, the Principal should contact the personal data inquiry counter identified below.
The Company will respond appropriately and in compliance with Data Protection Laws.
-
Right to obtain information regarding the processing of the personal data and to access the personal data;
-
Right to request rectification of the personal data if it is inaccurate or incomplete;
-
Right to request erasure of the personal data in certain circumstances, including the following circumstances:
-
It is no longer necessary for the Company to retain the personal data for the purposes for which the Company collected it;
-
The Company only is entitled to process the personal data with the Principal’s consent, and the Principal withdraws such consent;
-
The Principal objects to the processing of the personal data for the Company’s legitimate interests, and such legitimate interests do not override the Principal’s interests, rights, or freedoms; and
-
The personal data has been unlawfully processed by the Company;
-
-
Right to request that the Company restrict the processing of the personal data in certain circumstances, including the following circumstances:
-
The Principal disputes the accuracy of the personal data (but only for the period of time necessary for the Company to verify its accuracy);
-
The Company only is entitled to process the personal data with the Principal’s consent, and the Principal withdraws such consent;
-
The Company no longer needs to use the personal data except to establish, exercise, or defend legal claims;
-
The Principal objects to the processing of the personal data for the Company’s legitimate interests (but only for the period of time necessary for the Company to assess whether such legitimate interests override the Principal’s interests, rights, or freedoms); and
-
-
Right to receive personal data provided by the Principal that the Company processes on the basis of the Principal’s consent or performance of contractual obligations (as opposed to any other legal basis), where such processing is carried out by automated means in a structured, commonly used, and machine-readable format and/or to request that the Company transmit such personal data to a recipient where this is technically feasible;
-
Right to object to the Company’s processing of personal data based on legitimate interests;
-
Right to withdraw the consent to the processing of personal data at any time (however, such withdrawal does not affect the lawfulness of the processing of personal data based on consent prior to such withdrawal).
Please be aware that the Company will request that you submit confirmation documents and complete a process to confirm that you are a Principal or an agent.
In order to prevent falsification or leakage of the personal data of the Principal by a third party, the Company will reply by mail or e-mail only if the Company can identify the Principal or agent using the documents submitted.
The Company will respond as soon as possible, but it may take some time to answer in order to confirm the content of the applicable registered personal data and ensure the accuracy of the answer.
The application form and the confirmation documents received from the Principal or the agent will not be returned.
Please note that the application forms are maintained appropriately at each company, and confirmation documents will be disposed of by appropriate means at each company when the purpose thereof has been accomplished.
The Principal has the right to make a complaint to the competent supervisory authority at any time.
Contact
The Company will respond to all legitimate inquiries concerning processing of personal data.
If you would like to make an inquiry, please use the "inquiries" page to send questions or suggestions.
Postal address: 2-1 Suehiro-cho, Tsurumi-ku, Yokohama