1.Purpose
BlueScope China as well as its representatives and/or agents are committed to protecting your privacy.
The purpose of this Data Protection Policy ("Policy") is to inform you of how we manage Personal Data which is subject to the Applicable Data Protection Laws. Please take a moment to read this Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.
2.Scope
By interacting with us, submitting information to us, purchasing or procuring any products or services offered by us, you agree and consent to our collecting, using, disclosing and sharing amongst ourselves your Personal Data, and disclosing such Personal Data to our authorised service providers and relevant third parties in the manner set forth in this Policy.
3.References
BlueScope Global Privacy Policy
BlueScope Global Personal Information Standard
4.Definitions
In this Policy, ‘us’ ‘we’ ‘our’ ‘company” means BlueScope Steel Limited’s (ABN 16 000 011 058) subsidiaries incorporated in China.
| Applicable Data Protection Laws | applicable Chinese data protection laws, including but not limited to the Personal Information Protection Law, the PRC Civil Code, the PRC Criminal Law, the PRC Cyber Security Law and its implementation measures. |
| BlueScope China | all BlueScope Steel Limited’s subsidiaries incorporated in China. |
| Events | any events, conferences, seminars, retreats or customer trips |
| Personal Data | any information, in electronic form or other form, which is related to an identified or identifiable natural person, excluding information that has been anonymised. Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, passport or other identification number, telephone number(s), mailing address, email address and any other information relating to any individuals which you have provided us in any forms you may have submitted to us (including in the form of biometric data), or via other forms of interaction with you. |
5.Collection of Personal Data
5.1 How do we collect your Personal Data?
Depending on the specific capacity which you might interact with us, and the method that you do so, we collect Personal Data in the following ways:
Generally
(a)when you submit any forms or provide your business cards to us;
(b)when you enter into any agreement or provide other documentation or information in respect of your interactions and transactions with us, or when you procure goods or services from us;
(c)when you respond to surveys and research initiatives conducted by us or on our behalf;
(d)when you complete and submit any forms to us;
(e)when you interact with our staff, for e.g. via telephone calls (which may be recorded), letters, fax, face-to-face meetings and email;
(f)when you interact with us via our websites, WeChat or similar platform public accounts;
(g)when you respond to our request for additional Personal Data;
(h)when your images are captured by us via CCTV cameras while you are within our premises, or via photographs or videos taken by us or our representatives when you attend events hosted by us;
Marketing, customer outreach and benefits
(i)when you request that we contact you, be included in an email or other mailing list;
(j)when you enrol with a customer or marketing programme or participate in a marketing or customer relationship management programme;
(k)when you participate in or take up customer benefits; and
(l)when you submit your Personal Data to us for any other reason.
5.2 What are Cookies?
When you browse our website, you generally do so anonymously but please see the section below on the use of cookies. We do not at our website automatically collect Personal Data, including your email address unless you provide such information.
5.3 What Personal Data do we collect?
Where practicable, we will collect Personal Data directly from you. If we receive information about you from someone else, we may (where appropriate) take reasonable steps to verify the legality of such organisation or individual’s provision of Personal Data about you to us. That said, please note that if you provide us with any Personal Data relating to a third party (e.g. information of your spouse, children, parents), you should ensure and hereby represent to us that you have necessary and sufficient lawful basis (e.g. consent of such third party) before providing their Personal Data to us.
5.4 What if Personal Data is from a child under the age of 14?
If you are a child under the age of 14, you need to read this Policy under the guidance of your parents or legal guardian and we would need to obtain your parents or legal guardian’s consent before collecting your Personal Data when required by the Applicable Data Protection Laws. Please do not directly provide your Personal Data to us.
5.5 What Personal Data do we collect?
The nature of Personal Data we collect from you will depend on the circumstances in which that information is collected. It may include: your name, contact details, transaction-related information (such as may be necessary to process or administer your transactions or dealings with us). The details of the Personal Data that we may collect and the corresponding purposes are disclosed in section 3 of this Policy.
5.6 How must you provide Personal Data to the Company?
You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. If there is a change to your Personal Data, please promptly update us. Failure on your part to do so may result in our inability to provide you with products and services you have requested or to process your applications or requests.
5.7 What if you refuse to provide us with your Personal Data?
For the Personal Data we collect, we do so where we are either entitled to do so under applicable law or where we must do so in order to facilitate and support our interactions with you and/or the transactions which you engage us in. Where so, we are entitled to and need your Personal Data to perform our roles or fulfil the purposes stated further in this Policy.
If you refuse to provide us with such Personal Data or withdraw your consent to our use of such Personal Data, we may not be able to perform our role or fulfil the applicable purposes and functions for which we use your Personal Data, and we may be entitled to cancel or cease proceeding further in our interactions and transactions. We would be entitled to apply the legal consequences of this, and would reserve our rights in such situations.
6.Purposes for Collection, Use and Disclosure of Personal Data
Generally, we collect, use and disclose your Personal Data for the following purposes:
6.1Communicating and handling your requests
(a)responding to, processing and handling your queries, complaints, feedback, suggestions and requests;
(b)verifying your identity by carrying out security / due-diligence checks;
(c)matching any Personal Data held which relates to you for any of the purposes listed in the DPP;
The Personal Data we collect from you for above-mentioned purpose include: name, email address, phone number, company name and position.
6.2Compliance and Managing Incidents / Investigations
To comply with the law and manage incidents or investigations, doing the following:
(a)preventing, detecting and investigating crime, including fraud and money-laundering or terrorist financing, and analysing and managing commercial risks;
(b)managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
(c)in connection with any claims, investigations, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
(d)monitoring or recording phone calls and customer-facing interactions for administering legal rights, and identity verification purposes;
(e)managing and preparing reports on incidents;
(f)complying with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (including but not limited to disclosures to regulatory bodies, conducting audit checks, surveillance and investigation or conducting customer due diligence);
The Personal Data we collect from you for above-mentioned purpose include: name, position, information on company hardware and email account, other categories of data that may be generated and/or stored in our company properties (e.g. usage of network, URL visited, emails). Your images (feature, actions and behaviour) will be captured by us via CCTV cameras while you are within our premises, especially at manufacturing sites.
6.3Carrying out our Business Operations
(g)managing the administrative and business operations of BlueScope and complying with our internal policies and procedures;
(h)facilitating business asset transactions (which may extend to any merger, acquisition or asset sale) involving BlueScope;
(i)requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to design and improve our goods and services, understand preferences and market trends, and to review, develop and improve the quality of our goods and services;
(j)promote our products and/or services, or promote products and/or services of third parties which we think may be of interest to you;
(k)administering, managing and facilitating participation in customer engagement programmes (e.g. loyalty and reward programmes, customer relationship management programmes) (collectively, “Customer Engagement Programmes”);
(l)any purposes which are reasonably related to any of the above.
The Personal Data we collect from you for above-mentioned purpose include: name, residential address, residential telephone number, mobile number, email address, date of birth, marital status, ID number and/or passport number, nationality, household registration (Hu Kou), political party affiliation, ethnic group, income tax registration number, social security details, bank account details (including account number, the name of the bank, the address of the bank), certain personal data of Employee’s relatives (such as parents, siblings, spouse and/or children), certain personal data of employee’s emergency contact person, photos, record of qualification or disqualification (to the extent necessary for Employees to perform the duties under employment), working experience, educational qualifications which have been provided to the Company during the job application process prior to Employee’s employment with the Company, any information which relates to Employee’s health check record, financial information, physical features (to the extent relevant to employee’s carrying out of duties such as eye sight, height and weight).
6.4Additional Purposes
In addition, BlueScope collects, uses and discloses your Personal Data for the following purposes:
If you are customer or an employee, officer or director of our customers
(a)verifying and processing your personal particulars to maintain accurate records;
(b)communicating with you to inform you of changes and developments to BlueScope's policies, terms and conditions and other administrative information;
(c)creating and maintaining profiles of our customers in our system database;
(d)administering, managing and facilitating customer engagement (e.g. loyalty and reward programmes, customer relationship management programmes) (collectively, “Customer Engagement Programmes”);
(e)fulfilling your requests or transactions relating to customer outreach and communications (e.g. direct mailing or advertisement programmes, etc);
(f)analysing your profile, transactions or history of dealings with us to determine ways in which we can improve our support or interactions with you, including enhancing our relationship with you as our customer;
(g)organising and facilitating customer meetings;
(h)conducting internal analysis for segmentations in potential rollout of training events, customer gatherings, invitation for store launches, marketing communications, and related activities;
(i)dealing with service requests and following up on any arrangements or engagement with us;
(j)and any purposes which are reasonably related to any of the above.
Do note further that any Customer Engagement Programmes may be subject to terms & conditions and may include privacy policies or data protection policies of their own. If so, such policies will apply in conjunction with, and in addition to the Policy here though any conflict between the two will be resolved in favour of the Customer Engagement Programme policy.
The Personal Data we collect from you for above-mentioned purpose include: mobile phone, email address, name, and position/title.
If you are an employee, officer or owner of an external service provider or vendor providing services to us
(a)assessing your organisation's suitability as an external service provider or vendor;
(b)managing project tenders and quotations, processing orders or managing the supply of goods and services;
(c)creating and maintaining profiles of our service providers and vendors in our system database;
(d)communicating with you to inform you of changes and developments to our policies, terms and conditions and other administrative information;
(e)processing and payment of vendor invoices and bills;
(f)facilities management (including but not limited to issuing visitor access passes and facilitating security clearance);
(g)and any purposes which are reasonably related to any of the above.
The Personal Data we collect from you for above-mentioned purpose include: mobile phone, email address, name, and position/title.
If you are attending any Events
(a)organising and facilitating Events which you have chosen to attend, enrol or join;
(b)arranging for travel and accommodation in connection with the Events;
(c)taking or filming photographs and videos for corporate publicity or marketing purposes, and including photographs and videos featuring you in our publications and videos in such Events (subject to appropriate notifications at the Events);
(d)executing, administering and facilitating any Event-specific programme agenda and activities;
(e)handling your queries or arranging for communications in connection with the Event;
(f)and any purposes which are reasonably related to any of the above.
Do note further that any Events may be subject to terms & conditions and may include privacy policies or data protection policies of their own. If so, such policies will apply in conjunction with, and in addition to this Policy here though any conflict between the two will be resolved in favour of the Event policy. In such Events, the Personal Data of any travelling companions or persons who attend with you may also be collected, used or disclosed and handled under this Policy.
The Personal Data we collect from you for above-mentioned purpose include: name, gender, province, city of residence, phone number, diet preference, company information, company industry and position.
In relation to the procurement of particular products or services, or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data and obtain your consent. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
7.Disclosure of Personal Data
7.1 Protection of Personal Data
We will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any Applicable Data Protection Laws, your Personal Data may be provided, for the purposes listed above (where applicable), to the following entities or parties, whether they are located in China or overseas:
(a)our related corporations, subsidiaries and affiliates;
(b)companies providing services relating to insurance;
(c)agents, contractors, sub-contractors or third party service providers who provide operational services to us, such as courier services, telecommunications, information technology, payment, printing, billing, debt recovery, processing, technical services, transportation, training, travel, market research, call centre, security, or other services to us;
(d)vendors or third party service providers in connection with products and services offered by us;
(e)vendors or third party service providers and our marketing and business partners in connection with marketing promotions, products and services;
(f)our business partners including but not limited to pre-engineered building providers, roll formers, distributors and nominated installers;
(g)credit reporting agencies;
(h)any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving us;
(i)our business partners;
(j)external banks, credit card companies, other financial institutions and their respective service providers;
(k)external business and charity partners in relation to corporate promotional events;
(l)our professional advisers such as our auditors and lawyers;
(m)relevant government regulators or authority or law enforcement agency to comply with any laws, rules and regulations or schemes imposed by any governmental authority; and
(n)any other party to whom you authorise us to disclose your Personal Data to.
We will take relevant measures as necessary to ensure the disclosure is in compliance with the Applicable Data Protection Laws, including but not limited to inform you of the identity and contact details of the third party, the purpose and means of the processing, the type of Personal Data involved, and to obtain your separate consent if required by the Applicable Data Protection Laws.
7.2 Overseas Transfers of your Personal Data
Personal Data collected in China may be disclosed or transferred to another country. In the conduct of our business, we transfer to hold or access Personal Data from various countries including but not limited to Australia, United States of America and Singapore.
The data protection laws in these countries may not be comparable to those in China. However, when we transfer your Personal Data to another country, we will take appropriate steps to protect that Personal Data, for example by imposing appropriate contractual obligations of security and confidentiality on the recipient of your Personal Data.
We will take relevant measures as necessary to ensure the transfer is in compliance with the Applicable Data Protection Laws, including but not limited to inform you of the identity and contact details of the overseas recipient, the purpose and means of the processing, the type of Personal Data involved, the way for you to exercise your Data Subject Rights against the overseas recipient etc., and to obtain your separate consent if required by the Applicable Data Protection Laws.
8.IT Matters
8.1Use of Cookies
When you interact with us on our websites, we automatically receive and record information on our server logs from your browser. We may employ cookies in order for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor's IP address, and a visitor's click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
Cookies are small text files placed in the 'Cookies' folder on your computing or other electronic devices which allow us to remember you. The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on an electronic device.
Cookies can be disabled or removed by tools that are available in most commercial browsers. The preferences for each browser you use will need to be set separately and different browsers offer different functionality and options. Should you wish to disable the cookies associated with these technologies, you may do so by changing the settings on your browser. However, you may not be able to enter certain part(s) of our website.
8.2Third Party Sites
Our website may contain links to other websites operated by third parties, including for example, our business partners. We are not responsible for the data protection practices of websites operated by third parties that are linked to our website. We encourage you to learn about the data protection practices of such third party websites. Some of these third party websites may be co-branded with our logo or trademark, even though they are not operated or maintained by us. Once you have left our website, you should check the applicable data protection policy of the third party website to determine how they will handle any information they collect from you.
9.Retention of Personal Data
Personal Data that we collect will be retained for as long as it is necessary for the purpose for which it was collected or processed, subject to applicable legal and/or regulatory requirements.
When the information is no longer required, it will be destroyed or permanently deleted (unless otherwise required by law) within a reasonable time period.
10.Lawful Basis for Processing Personal Data
Our lawful basis for collecting and using the Personal Data described in this Policy will depend on the Personal Data concerned and the specific context in which we collect it. The specific lawful basis on which we rely for each of the purposes which we process your Personal Data for is set forth below:
| # | Main Purposes of Data Processing | Lawful Basis (if applicable) |
| 1. | Administering, managing and facilitating customer/vendor engagement and business relationship with you and your institution assessing qualifications for a particular task or role; | If the collection, use and disclosure of your Personal Data relate to the employment relationship between us, or the execution of our human resource policy, Contract Performance and Engagement and Human Resource Management Necessity. |
| 2. | Contact you with voluntarily provided information to respond to your inquiry, complaints, feedback, suggestion and requests | |
| 3. | Contact you to inform you of changes and developments to our policies, terms and conditions and other administrative information | |
| 4. | Contact you to provide promotion and marketing information of our products, or to determine whether you would like to initiate a business relationship with us | In all other cases, Consent |
| 5. | Request feedback or participation in surveys, as well as conduct market research and/or analysis for statistical, profiling, service improvement or related purposes | |
| 6. | Conduct internal analysis for segmentations in potential rollout of training events, customer gatherings, invitation for store launches, marketing communications, and related activities | |
| 7. | Execute, administer and facilitate event-specific program agenda and activities | |
| 8. | Verify your identity by carrying out security / due-diligence checks | |
| 9. | Monitor or record phone calls and customer-facing interactions for quality assurance, fulfilment of requests, administering legal rights, and identity verification purposes | |
| 10. | Manage the safety and security of our premises and services | |
| 11. | Facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving BlueScope, and manage corporate social responsibility projects | |
| 12. | Take or film photographs and videos for corporate publicity or marketing purposes | |
| 13. | Comply with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities | Necessary for Legal Compliance |
11.Your Rights in Collected Personal Data (Data Subject Rights)
11.1 Your Entitlement to Data Subject Rights
You are entitled to:
(a)withdraw your consent to any use or disclosure of any Personal Data (where our use and disclosure is based on your consent),
(b)(object to any collection, use, processing or disclosure of any Personal Data
(c)request a suspension of the use of any Personal Data
(d)request an access to, or a provision, correction, updating or deletion of any Personal Data,
(e)make a complaint regarding any violation or non-compliance of the Policy and the Applicable Data Protection Laws by BlueScope; and
(f)any other statutory rights conferred by PRC law.
If at any time you would like to do so, please contact us at address provided in section 12 below. We will respond to your requests according to the Applicable Data Protection Laws. Before we are able to provide you with any information or correct any inaccuracies, we may ask you to verify your identity and/or provide other details to help us respond to your request.
11.2 When it is Impractical to Comply with Your Data Subject Right Request
Where it is permitted by the Applicable Data Protection Laws, if it is not possible or practical for us to comply with your request to exercise your Data Subject Rights such as right to access, rectify and delete your Personal Data that we process, we are entitled to refuse to comply with your request in whole or in part by only providing you with a reason of refusal, within a reasonable time.
Specifically in the following circumstances, we are entitled to refuse your request to exercise such rights:
(a)If the information requested is directly related to:
(i)our compliance with relevant laws and regulations;
(ii)national security and national defence;
(iii)public security, public health and safety, and major public interests;
(iv)criminal investigation, prosecution, trial and execution of judgement;
(v)the protection of the vital interests (e.g. life, property) of you or another natural person while it is hard to obtain your consent;
(vi)the infringement of lawful right and interest of you or other individuals, organizations;
(vii)trade secret; and
(b)If we have reasonable evidence to prove that you have malicious intent or intends to abuse your Data Subject’s Rights.
12.Contact Us
If you:
(a)have any questions or feedback relating to your Personal Data or the Policy;
(b)would like to withdraw your consent to any use of your Personal Data as set out in the Policy;
(c)would like to obtain access to and make corrections to your Personal Data records; or
(d)would like to exercise any other rights under section 11 above,
Please contact Human Resources Department as set out on the China’s intranet under [or]:
| Business | Butler and Lysaght | Coated Suzhou |
| Name | Elena Fu | Tony Li |
| elena.fu@bluescope.com | tony.li@bluescopesteel.com | |
| Call | 021 2059 1616 | |
| Write | 12/F Hang Seng Bank Tower, 1000 LuJiazui Ring Road, Shanghai, PRC200120 | |
We may from time to time update this Policy to ensure that this Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of this Policy as updated from time to time on our website https://www.bluescope.com.cn. Please check back regularly for updated information on the processing of your Personal Data.
Roof SystemWall SystemStructural SystemDecoration SystemAccessories SystemRaw Materials
Re-roofing SolutionPublic Buildings SolutionIndustrial Buildings SolutionHigh-Rise Buildings SolutionGreen Buildings SolutionResidential Solutions
Public BuildingsIndustrial BuildingPower StationHigh-rise BuildingResidential BuildingProject Show
Lysaght StoryAchievementsCertification & QualificationSafetyBusiness ConductCustomer Service
021-58120138
沪公网安备 31011502014075号