This portal informs about the processing of personal data by companies belonging to SSAB group ("SSAB"). It provides information on what personal data SSAB collects, processes or shares, for what purposes the data is processed, and what privacy rights individuals have. On this page, SSAB informs of its general privacy notice information about personal data processing. This information applies to all sublevel privacy notices found below.
Last updated: January 2025
SSAB is bound by the privacy legislation within each jurisdiction in which it operates. Sometimes the privacy legislation and the data subject’s rights in relation to privacy differs from one jurisdiction to another. In addition, specific privacy practices may be adopted to address the specific privacy requirements of particular jurisdictions. Therefore, if the privacy notices are in conflict with the law of the jurisdiction in question, the local law takes precedence to the extent applicable.
SSAB has nominated a Group Data Protection Officer (DPO), who can be contacted for additional information or any inquiries or requests on personal data processing by SSAB. More information can be found in section nr. 2.
The employee privacy notice is found on SSAB’s intranet page.
The data controller responsible for the SSAB group’s personal data processing activities is SSAB AB (registration number: 556016-3429, address: P.O. Box 70, SE-101 21 Stockholm, Sweden). This includes accountability for all data processing on a corporate level. SSAB is responsible for ensuring that personal data is processed in compliance with these notices and applicable data protection laws.
In addition, other SSAB group companies can be regarded as the data controller in separate contractual or other cooperation relationship or in connection with certain statutory personal data processing and compliance with local legal requirements of an individual legal entity part of the SSAB group. SSAB group companies also share personal data for administrative purposes and to facilitate the business operations of the group and the individual legal entities. The information of SSAB group companies and affiliates can be found in the latest Annual Report. Regardless of the data controller in a specific situation, the primary contact for privacy matters at SSAB is the SSAB Group Data Protection Officer.
SSAB’s global Data Privacy Organization supports with any data protection and data privacy related requests or any other questions, concerns, comments or complaints.
SSAB has also nominated a Group Data Protection Officer (DPO) who performs the following tasks:
The DPO also co-operates with the supervisory authority and acts as the contact point for the supervisory authority on issues relating to processing, and to consult, where appropriate, regarding any other matter.
SSAB’s Data Privacy Organization and the Group Data Protection Officer (DPO) can be contacted at data . privacy (at) ssab . com.
SSAB may transfer or disclose individuals' personal data to the following third parties:
Third parties may act as independent data controllers, or data processors, depending on the case.
As some SSAB group companies are located outside of the EU/EEA, individuals' personal data may be transferred outside of EU/EEA. In these circumstances, SSAB will use the required established mechanisms for the transfer outside of the EU/EEA, such as the Standard Contractual Clauses approved by the European Commission.
SSAB may use service providers for the personal data processing and personal data may be transferred to countries outside of the EU/EEA. SSAB will use the required established mechanisms that allow the transfer of personal data to third countries, such as the Standard Contractual Clauses approved by the European Commission and additional safeguards.
SSAB maintains adequate physical, technical and organizational security measures to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, SSAB limits access to this information to authorized employees and contractors who need to know that information in the course of their work or assignment and to third party service providers who may only process data in accordance with instructions provided by SSAB.
Please be aware that although SSAB endeavors to provide adequate security measures for personal data, no security system can prevent all potential security breaches.
Based on the applicable data protection laws, you may be entitled to exercise privacy rights in relation to your personal data to which SSAB acts as a data controller. You may have, subject to applicable laws, the right to:
Please note that in certain circumstances, local laws and legislations may limit the exercise of specific privacy rights. For exercising your rights, please contact the SSAB’s Data Privacy Organization at [email protected]. In addition, you always have the right to approach, make a request or file a complaint to the competent data protection authority.
From time to time, SSAB may amend privacy notices and SSAB recommends you to regularly access them to find about the latest version. Please note that these privacy notices are for information purposes only. When required, SSAB will inform individuals of any substantial changes by using reasonable and available channels.