SSAB’s Recruitment privacy statement

Last revision date: 2023-11-30

This Privacy Statement informs why and how SSAB AB including its affiliates, and partners ("SSAB") collects, uses or shares personal data in connection with the recruitment process of a job applicant indicating his/her interest and applying a position through SSAB’s online recruitment system or otherwise. SSAB encourages the job applicant to read this Privacy Statement prior submitting any of the personal data to SSAB.

SSAB is bound by the privacy legislation within each jurisdiction in which it operates. Sometimes the privacy legislation and applicants’ rights in relation to privacy differs from one jurisdiction to another. In addition, specific privacy practices may be adopted to address the specific privacy requirements of particular jurisdictions. Therefore, if this Privacy Statement is in conflict with the law of the jurisdiction in question, the local law takes precedence to the extent applicable.

SSAB has nominated a Group Data Protection Officer (DPO), who can be contacted for additional information or any inquiries or requests on personal data processing by SSAB. The SSAB Data Protection Officer can be contacted at: data.privacy(at)ssab.com. 

 

1. DATA CONTROLLER

SSAB is responsible for handling applicants’ personal data in compliance with this Statement and applicable data protection laws. For the recruitment purposes SSAB AB or another recruiting entity within SSAB is the controller of personal data. The information of SSAB group companies and affiliates can be found in the latest Annual Report at https://www.ssab.com/en/company/investors/reports-and-presentations and at https://www.ssab.com/en/company/about-ssab/our-business

 

2. LEGAL BASIS AND PURPOSE OF PROCESSING PERSONAL DATA

SSAB processes personal data of job applicant for the following purposes, which are explained below.

2.1 Recruitment

SSAB processes personal data of job applicants in order to recruit new employees and to manage other administrative duties related to the recruitment process. The legal basis for the processing is primarily based on job applicant’s consent. Job applicant may at any time revoke the consent. Note however, that revoking the consent may lead to cancellation of the recruitment process.

2.2 Security

SSAB uses access control and camera monitoring at SSAB's premises for the purposes of protecting SSAB's property, preventing unauthorized access to SSAB offices and production facilities and increasing SSAB personnel's and other persons' safety. SSAB bases this processing on SSAB's legitimate interest to ensure the safety of SSAB premises, employees, contractors and job applicants. SSAB does not use access control systems and camera monitoring to monitor the behavior of individuals, and cameras are in no circumstances targeted at a particular individuals. SSAB maintains information security measures (such as automated filtering of email and internet traffic, maintenance and retention of log data) for information security purposes to safeguard business information and business assets, to avoid criminal activities and ensure availability of the services. SSAB bases this processing on SSAB's legitimate interest to ensure network and information security and to safeguard SSAB's important business information and assets. The information security measures are not used for the purpose of monitoring of individuals. 

 

3. COLLECTION OF DATA

3.1 Necessary personal data collected for the recruitment purposes includes among others

  • Basic personal data, such as name, postal address, phone number, e-mail address, date of birth;
  • log-in and password and other such information used in connection with the proper authentication
  • Job application, CV, education background, examinations taken, skills profiles and other relevant qualification or certificate attached
  • Aptitude and personality tests, health checks and security clearances, where applicable;
  • Photograph when provided by the applicant or if applicant gives a consent to take a picture in connection to an interview and video interview recordings when applicable;
  • preferred country/countries and/or sites of employment, willingness to relocate, desired salary
  • References, which can be retrieved from previous employers. These contacts are provided by the applicant. In such case, the job applicant is responsible to obtain consent form the third party

As a rule, this personal data is collected directly from the job applicant. If SSAB uses an external service provider in the recruitment process, personal data related to an employee's professional competence and qualification may be processed by that service provider. Subject to applicable national legislation, SSAB or its third party service providers may also collect personal data from public sources, and conduct background checks and assessments and store information from those during the recruitment process.

SSAB does not generally collect information about job applicants that is particularly personal or private (sensitive information). If sensitive information will be collected and processed at some stage of the recruitment process, such collection is based on the applicable local legislation, and the job applicant will be informed thereof, and consent will separately asked. SSAB is an equal opportunity employer and SSAB offers equal treatment to all job applicants. 

3.2. Necessary personal data for setting up an employment contract

If recruitment leads to employment, SSAB needs to receive some additional personal information from the applicant. This information is directly collected from the individual in question.

 

4. SHARING OF PERSONAL DATA

SSAB may disclose personal data to trusted third parties as part of SSAB’s recruitment process

  • when permitted or required by law, such as to tax authorities, social security authorities, insurance companies, pension institutions, occupational health care institutions, and trade unions and to occupational health and safety institutions and other equivalent authorities;
  • to trusted services providers, which act on SSAB's behalf and SSAB will control and be responsible for the use of personal data in connection to recruitment and employment, including recruitment partners and system providers;
  • if SSAB is involved in a merger, acquisition, or sale of all or a portion of its assets;
  • when SSAB believes in good faith that disclosure is necessary to protect SSAB's rights, protect employees' safety or the safety of others, investigate fraud, or respond to a government request

 

5. TRANSFER OF PERSONAL DATA OUTSIDE EU/EEA

5.1 Intra-group transfers

As some of the group companies are located outside of the EU/EEA, personal data in relation to the recruitment process may be transferred outside of EU/EEA, such as to the United States. SSAB's personnel may also have role-based access to personal data of job applicants from one of SSAB's group companies located outside the EU/EEA. In this case, these persons are required to access employees' personal data because of their work-related duties, and access to personal data is managed with limited access rights.

SSAB provides appropriate safeguard mechanisms for international data transfers as required by applicable data protection laws. For intra-group transfers, SSAB has ensured appropriate safeguards for the protection of personal data inter alia by using Standard Contractual Clauses as approved by the European Commission. Please contact data.privacy@ssab.com for more information about the applicable safeguards for international data transfer in question.

5.2 Trusted service providers located outside of EU/EEA

SSAB's trusted service providers may process personal data outside of EU/EEA, as certain supporting resources and servers may locate in various countries. Thus your personal data may be transferred outside the country where you access and use the recruitment web site. To the extent personal data is transferred to a country outside of the EU/EEA, SSAB will use the required established mechanisms for the transfer to service providers in those thirds countries, including the Standard Contractual Clauses approved by the European Commission. Please contact data.privacy@ssab.com for more information about the applicable safeguards for international data transfer in question. 

 

6. RETENTION OF PERSONAL DATA

Personal data related to non-chosen job applicants shall be retained for up to one year from the announcement of recruitment decision. If the recruitment process leads to an employment with SSAB, relevant Personal data will be retained during and after the course of the employment as required by retention period provided in the applicable law.

 

7. PRIVACY RIGHTS

Job applicants have a right to access and data portability of personal data SSAB holds about them. However, there may be some restrictions in this respect.
Job applicant may correct, update, change or remove their personal data at any time. 
However, please note that certain information is strictly necessary in order to fulfil the purposes defined in this Statement. Therefore, the deletion of such data may not be allowed under the applicable law, which prescribes mandatory retention periods or if there is an overriding interest to keep processing the data for the intended purpose.
Please send above-mentioned requests to SSAB at data.privacy@ssab.com. Any requests related to the exercise of privacy rights will be responded within one month or within the applicable regulatory time limit.

Job applicant has a right to file in a complaint to the national data protection authority in the EU/EEA.

 

8. SECURITY

SSAB maintains reasonable security measures, including physical, electronic and procedural measures, to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, SSAB limits the access to this information to authorized employees and contractors who need to know that information in the course of their job description and third party service providers who may only process data in accordance with SSAB provided instructions. Please be aware that, although SSAB endeavors to provide reasonable security measures for personal data, no security system can prevent all potential security breaches.

 

9. DATA PROTECTION OFFICER’S CONTACT DETAILS

SSAB’s global Data Privacy Organization supports with any data protection and data privacy related requests or any other questions, concerns, comments or complaints.

SSAB has also nominated a Group Data Protection Officer (DPO) who performs the following tasks:

  • informs and advises SSAB organization and its employees about obligations pursuant to the EU General Data Protection Regulation (GDPR) and to other Union or Member State data protection provisions in relation to the data processing carried out by SSAB,
  • monitors compliance with the GDPR and with other Union or Member State data protection provisions and with SSAB’s policies related to the protection of personal data, 
  • takes care of assignment of responsibilities, data protection awareness and training of employees involved in processing operations, and the related audits, and
  • provides advice on data protection impact assessments and monitoring their performance

The DPO also co-operates with the supervisory authority and acts as the contact point for the supervisory authority on issues relating to processing, and to consult, where appropriate, regarding any other matter.

SSAB’s Data Privacy Organization and the Group Data Protection Officer (DPO) can be contacted at data.privacy@ssab.com.

 

10. CHANGES TO THIS PRIVACY STATEMENT

SSAB may amend this Privacy Statement and the related information. SSAB recommends that job applicants regularly access the Privacy Statement to find out about any changes to it. SSAB will always provide the date of the Privacy Statement to allow the job applicants to see changes. Please note that this Privacy Statement is for information purposes only. SSAB will inform job applicants of any substantial changes by using reasonable and available channels.