Effective as of 25 May 2018
In this Privacy Statement, “Personally Identifiable Information” or “PII” means any information, set of information, whether alone, or in combination with other Personally Identifiable Information, processed by EVRAZ, which is sufficient to identify an individual directly or indirectly.
“GDPR” means the General Data Protection Regulation, applicable in the EEA as from May 25, 2018.
Unless we specifically state otherwise, EVRAZ is the data controller of the PII we process, and is therefore responsible for ensuring that the systems and processes we use are compliant with data protection laws, to the extent applicable to us.
EVRAZ personnel are required to comply with this Privacy Statement and associated EVRAZ data privacy policies when dealing with PII and must also complete data protection training where appropriate to their role.
This information may either be directly provided by the above individuals or provided by the legal entity for whom they work (e.g. if they are the contact person designated by their employer to manage the commercial relations with EVRAZ).
If you have questions about the parties with which we share PII, please contact us as specified below.
When your personal information is processed by EVRAZ that means you are a data subject and you have different rights defined in the GDPR. Additional information is provided on the
Right of access
You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed. Where that is the case you may obtain access to the personal data and the pieces of information detailed in the article 15 of the GDPR.
Right to rectification
In case the personal data concerning you is inaccurate or incomplete you have the right to obtain rectification or completion from us without undue delay.
Right to erasure (‘right to be forgotten’)
You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the specific grounds applies and the processing is not necessary according to Art. 17 paragraph 3 GDPR.
Right to restriction of processing
Under certain circumstances you have the right to obtain the restriction of processing from us.
Right to data portability
Under the conditions defined in the GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6(1) GDPR. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Right to lodge a complaint with a supervisory authority
If you consider that the processing of personal data relating to you infringes the GDPR, you will have the right — without prejudice to any other administrative or judicial remedy — to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
We have implemented technical and organizational measures in an effort to safeguard the PII in our custody and control from unauthorized access, use or disclosure.
While we endeavour to always protect our systems, sites, operations and information against unauthorized access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others.
You also have an important role in protecting PII. You should not share any username, password or other authentication data provided to you with anyone, and we recommend that you do not re-use passwords across more than one website or application. If you have any reason to believe that your username or password has been compromised, please contact us as detailed below.
Our website may contain links to websites owned and operated by an independent party over which Evraz has no control (“3rd Party Website”). Any link you make to or from the 3rd Party Website will be at your own risk. Any use of the 3rd Party Website will be subject to and any information you provide will be governed by the terms of the 3rd Party Website, including those relating to confidentiality, data privacy and security.
Unless otherwise expressly agreed in writing, Evraz and its affiliates (collectively “Evraz”) are not in any way associated with the owner or operator of the 3rd Party Website or responsible or liable for the goods and services offered by them or for anything in connection with such 3rd Party Website. Evraz does not endorse or approve and makes no warranties, representations or undertakings relating to the content of the 3rd Party Website.
In addition to the terms stated in Evraz’s
By accessing any 3rd Party Websites you confirm that you have read and agreed to the terms herein and in the Evraz’s
We transfer PII to jurisdictions as necessary for the purposes described above, including to jurisdictions that may not provide the same level of data protection as your home country. In particular, some our Sites are hosted on servers in Russia. If you are located not in Russia, the transfer of PII is necessary to provide you with the requested information and/or to perform any requested transaction. To the extent permitted by law, such submission also constitutes your consent for the cross-border transfer.
With respect to transfers originating from the European Economic Area (“EEA”) to Russia and other non-EEA jurisdictions, we implement appropriate solutions to address cross-border transfers as required or permitted by Articles 46 and 49 of the GDPR. Where required by such laws, you may request a copy of the suitable mechanisms we have in place by contacting us as detailed below.
We will retain your PII for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The criteria we use to determine retention periods for PII include: the purposes for which the PII is collected, legal statutory limitation periods, retention periods imposed by law, applicable contractual requirements and relevant industry standards.
If you have questions regarding this Privacy Statement or our handling of your personal information, you can contact our Group Data Protection Officer at
13, avenue Monterey, L-2163 Luxembourg, Grand Duchy of Luxembourg
If you wish to exercise your data protection rights, please
We may occasionally update this Privacy Statement. When we do, we will revise the effective date at the top of the Privacy Statement and take such additional steps as may be required by law.
This may be a copy of the document, for example, an identification card or passport. The document must contain an identification number, country of issue, expiration date, your name, place and date of birth. We recommend darkening any other data contained in the copy of the identification document, such as a photograph or any personal characteristics.