The Companhia Brasileira de Metalurgia e Mineração, a private law legal entity, registered with the Brazilian Ministry of Finance’s National Register of Legal Entities (“CPF/MF”) under the number 33.131.541/0001-08, based in Córrego da Mata, S/N, Post Box 08, Postal Code 38183-903, in the Municipality of Araxá, MG, Brazil, considers the electronic records and personal data collected from you (“Data Subject”) when using CBMM's websites and services (“Services”) to be extremely relevant, serving this Privacy Policy (“Policy”) to regulate, from simple, transparent and objective way, what personal data will be collected, as well as when and how they can be used.
This Policy applies to Services related to any of CBMM's brands and activities, understanding as such all those listed on the official CBMM websites, encompassing all its products.
This Policy is applicable to CBMM customers and the general public and covers the ways in which we process personal data. If you are an employee or supplier of CBMM, or if you are participating in a specific project or activity with CBMM, you should look for the respective privacy notice issued by CBMM, or the person responsible for your hiring with CBMM, to provide you with the applicable terms and inform you of your rights over your personal data.
In case of additional questions or requests, please contact our Data Protection Officer at the following email address: dpo@cbmm.com.
To illustrate how we process personal data, we present a summary of our Privacy and Protection of Personal Data Policy:
GENERAL PRIVACY AND DATA PROTECTION NOTICE – CBMM
This Policy may be updated, at any time, by CBMM, by means of a notice on the website and/or by email if the data subject has opted to receive communications from CBMM.
1.DEFINITIONS
If you have any questions about the terms used in this policy, we suggest consulting the table below:
2. WHAT PERSONAL DATA WE COLLECT
CBMM may collect the information actively entered by the data subject at the moment of contact or registration, and also information collected automatically when using the Services and the network, such as, for example, identification of the commercial establishment used, IP address with date and time of connection, among others.
Two types of personal data are processed: (a) provided by the data subject; and (b) collected automatically.
a) Provided by the data subject: CBMM collects all personal data entered or forwarded actively by the data subject when contacting or accessing CBMM websites, such as full name, e-mail, gender, date of birth, city and state of residence, when filling out forms by the data subject, with the addition of other personal data actively provided by the data subject when contacting CBMM. Regardless of what data the data subject actively provides to CBMM, we will only use those data that are actually relevant and necessary to achieve the purposes declared to him on a case-by-case basis.
b) Data collected automatically: CBMM also collects a series of information automatically, such as pieces of information about the access device, browser, IP address (with date and time), information about clicks, pages accessed, search terms entered on our sites, among others. For such collection, CBMM will use some standard technologies, such as cookies, pixel tags, beacons and local shared objects, which are used for the purpose of improving the navigation experience of the data subject in the Web-Services, according to his habits and preferences.
It is possible to disable, through your browser settings, automatic data collection using some technologies, such as cookies and caching, as well as on our own website. However, the data subject must be aware that, if these technologies are disabled, some features offered by the website, which depend on the treatment of said data, may not work properly.
The data subject will be able to access, update and supplement his personal data, as well as request the deletion of his data collected by CBMM, contacting our Data Protection Officer through the email address: dpo@cbmm.com. We will endeavor to respond to you in the shortest possible time, respecting the custody periods established by law.
CBMM does not process, for the general purposes set in this notice, personal data considered sensitive by The Brazilian General Data Protection Law No. 13.709 / 2019, understood as those related to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, health-related data, data concerning a person’s sex life or sexual orientation and it is certain that, in the remote and specific cases in which it does so, the data processing is based on specific terms previously made available to the data subject, through their specific consent or with based on express legal authorization.
3. WHAT WE USE YOUR PERSONAL DATA:
The personal data processed by CBMM has as its predominant purpose the establishment of a contractual link or the management, administration, provision, expansion, and improvement of our services to the data subject, adapting them to his preferences, as well as the creation of new services and products to be offered to the data subject.
CBMM may centralize the personal data collected, which may be used in other services related to all CBMM brands, with due regard for the purposes set forth and the consent of the data subject, whenever required by law.
CBMM, in some cases, may also process personal data when necessary to comply with legal or regulatory obligations.
In addition, CBMM may also process personal data based on its legitimate interest (or the legitimate interest of another group company), always within the limits of what is expected by the data subject, and never to the detriment of his fundamental interests, rights, and freedoms.
The information collected may, with the consent of the data subject, be used for advertising purposes, such as for sending information about CBMM's brands, products and promotions, as well as for the divulgation of events or for research related to their activities.
If you no longer wish to receive CBMM advertising information, at any time the data subject can contact CBMM through the email address: dpo@cbmm.com.
4. HOW WE USE HTTP COOKIE
HTTP cookies are files that can be stored on your devices when you visit websites or use CBMM's online services. Generally, a cookie contains the name of the website that originated it, its lifetime and a value, which is generated randomly.
CBMM uses HTTP cookies to improve the navigation experience and customize its websites to the interests and needs of the data subject, as well as to collect information about the use of our websites and services, helping us to improve our structures and content. HTTP cookies can also be used to speed up your future visit and navigation on our websites. You can consult them clicking here.
Essential
These cookies are essential for CBMM's web pages to load correctly and allow you to browse our websites and make use of all features.
Preferences
These cookies allow CBMM web pages to remember your choices, to provide a personalized experience. They also enable data subject to watch videos and use social tools, comment boxes, forums, among others.
Statistic
These cookies help us understand how visitors interact with CBMM websites, providing information about the pages visited, the time they visited the website and any problems encountered, such as error messages.
Marketing
These cookies are used to provide relevant content and of interest to the data subject. Are used to present targeted advertising or to limit the number that is shown on CBMM web pages. They also measure the effectiveness of a CBMM advertising campaign.
Also, these cookies can be used to indicate to CBMM the websites that the data subject has visited and CBMM can share this information with third parties, such as advertising agencies.
After the data subject consents to the use of cookies, when using the CBMM pages, the site will temporarily store a cookie on his device to remember this choice in the next session.
At any time, the data subject may revoke his consent to the stored cookies, just clearing the browsing data in his internet browser.
Finally, we remind you that, if the data subject does not accept some cookies from the CBMM pages, some services may not work properly.
5. WITH WHO WE SHARE THE DATA
CBMM is an economic group, working in partnership with many companies in Brazil and worldwide, whose listing is available here. In this way, we can share the information collected through the webpages or by contacting the data subject, in these cases:
i. With other CBMM Group Companies, incorporated or operating in any country, that commit to using the information for the same purposes indicated in this Policy;
ii. With partner companies and suppliers, for the development of Services aimed at the data subject;
iii. With authorities, governmental entities or other third parties, for the protection of CBMM's interests in any type of conflict, including lawsuits and administrative proceedings;
iv. In the case of transactions and corporate changes involving CBMM, in which case the transfer of information will be necessary for the continuity of services; or,
v. Upon court order or at the request of administrative authorities that have legal competence for the requisition.
It is possible that some of the transfers indicated above occur outside of Brazil, notably to the countries in which the company operates, when CBMM undertakes to do so only for countries on that provide adequate protection of personal data applicable in law; or by using guarantees and safeguards such as specific clauses, standard clauses, global corporate standards, among others; as well as through the specific consent of the data subject or the observance of other hypotheses authorized by law.
6. HOW WE PROTECT DATA
CBMM uses reasonable and legally required means to preserve the privacy of the personal data collected. In this way, we take several precautions, in compliance with legal and normative guidelines on information security standards, such as:
I. CBMM has protection against unauthorized access to its systems;
II. CBMM only authorizes the access of previously authorized persons to the place where the collected information is stored;
III. Those who have contact with personal data must undertake to maintain absolute confidentiality. Breach of confidentiality will result in civil liability and the person responsible will be held responsible according to the applicable legislation; and
IV. Maintenance of logs indicating time, duration, identity of the employee, or the person responsible for access and the object file, based on the connection and application access records.
In addition to technical efforts, CBMM also adopts institutional measures aimed at protecting personal data, so that it maintains an information security and privacy governance program applied to its activities and governance structure, which is constantly updated.
Although CBMM takes best efforts to preserve privacy and protect data subject information, any transmission of information is completely secure, so CBMM cannot fully guarantee that all information it receives or sends is not subject to unauthorized accesses perpetrated through methods developed to obtain information unlawfully. For this reason, we encourage data subject to take appropriate measures to protect themselves, such as, for example, keeping all access accounts and passwords confidential, being certain that such information is personal, non-transferable, and the data subject sole responsibility.
7. RETENTION OF COLLECTED DATA
In order to protect the privacy of the data subject, all personal data processed by CBMM will be automatically deleted when they are no longer useful for the purposes for which they were collected, or when the data subject requests their elimination unless their storage is expressly authorized by applicable law or regulation.
However, the information may be kept for compliance with legal or regulatory obligation, transfer to a third party - as long as the data processing requirements are respected - and exclusive use for CBMM, including for the exercise of its rights in judicial or administrative proceedings.
8. YOUR RIGHTS
In compliance with the applicable laws, regarding the processing of personal data, CBMM respects and guarantees to the data subject, the possibility of submitting requests based on the following rights:
I. confirmation of the existence of processing of your personal data;
II. access to your personal data;
III. correction of incomplete, inaccurate or outdated data;
IV. anonymizing, blocking or deleting unnecessary, excessive or non-compliant data;
V. the portability of your data to another service or product provider, upon express request by the data subject;
VI. the elimination of data processed with the consent of the data subject;
VII. obtaining information about public or private entities with which CBMM shared its data;
VIII. information about the possibility of not giving your consent, as well as being informed about the consequences, if not;
IX. revocation of consent.
These rights can be exercised by sending a request to our Data Protection Officer through the email address: dpo@cbmm.com, for further evaluation and adoption of other measures by CBMM.
The data subject is aware that the exclusion of essential information for the management of his account with CBMM will result in the termination of his registration, with the consequent cancellation of the services then provided.
CBMM will make every effort to fulfill such requests in the shortest possible time, however, justifiable factors, such as the complexity of the requested action, may delay or prevent its prompt fulfillment.
Finally, the data subject must be aware that his request may be legally rejected, whether for formal reasons (such as his inability to prove his identity) or legal reasons (such as the request for deletion of data whose maintenance is a free exercise of rights by CBMM).
9. LEGISLATION AND JURISDICTION
This Policy will be governed, interpreted and executed in accordance with the Laws of the Federative Republic of Brazil, especially Law No. 13,709/2018, regardless of the Laws of other States or countries, with the data subject domicile jurisdiction being competent to resolve any doubts arising from this document.