Privacy Policy Statement

This Privacy Policy Statement was updated on March 2020 

  1. Identity and contact details of the Data Controller
  2. Categories of Personal Data, Purposes and Legal Basis of the processing
  3. Data recipients
  4. Personal data transfer
  5. Your rights
  6. Contact details of the Data Protection Officer

Through our website (metinvestholding.com, hereinafter the “Site”) we can collect some of your personal data in the manner and for the purposes described below.

We care about the privacy of the Site visitors and we will process your personal data in accordance with the Law of Ukraine “On Personal Data Protection” and the European General Data Protection Regulation (Regulation (UE) 2016/679 or the "GDPR").

This Privacy Policy Statement ("Statement") describes the types of information we collect through the Site, including information relating to identified or identifiable natural persons ("Personal Data"), for which purposes we process such Personal Data, to whom we may communicate the Personal Data, and your rights in relation to the Personal Data collected. This Statement also describes how you can contact us in order to exercise your rights.

The Statement is provided only for the Site and not for other websites possibly visited by the visitors through links. The Data Controller (as defined below) shall not be deemed liable for the personal information provided by the visitors to external parties or to any website connected to the Site.

Please read this Statement carefully: it applies when you access the Site and simply decide to browse it by using our services without filling out any form, and when you decide to request us to receive certain information concerning, for example, our activities.

As further detailed in Section 2 below, we will process the Personal Data for the purposes of:

  • maintaining and upgrading of the Site
  • providing information about the company's activities;
  • keeping the data on the Site users’ personal preferences and settings;
  • improving the products and (or) services and developing the new ones;
  • gathering statistics about users; and
  • monitoring the status of the user's session (access).

 

1. Identity and contact details of the Data Controller

In relation to the Personal Data, the company METINVEST HOLDING, LLC (the “Data Controller” or) acts as data controller, according to Article 4(7) of the GDPR.

You can contact the Data Controller at the following address:

METINVEST HOLDING, LLC

Ukraine, 87534, Mariupol, Nakhimova av., 116-A

+380 44 251 83 05, ext. 1610

https://metinvestholding.com

 

2. Categories of Personal Data, Purposes and Legal Basis of the processing

a) Personal Data collected through the Site forms

By filling in the Site forms, you can provide us certain personal and contact details (i.e., name, e-mail address and phone number).

Such Personal Data are processed in order to provide you with the information requested (e.g., news, announcements, etc.) and to communicate with you.

The above-mentioned Personal Data will be stored for 36 months. At the end of this period, such Personal Data will be deleted or anonymised.

The legal basis for the processing is your consent, according to Article 6(1), let. A) of the GDPR. We inform you that your consent can be freely withdraw at any time by sending an e-mail to: DPO@metinvestholding.com and your Personal Data will be immediately deleted or anonymized.

b) Automatically collected data

Whenever the visitor accesses the Site, certain information about his/her device are automatically collected. In particular:

  • the type and version of the browser
  • the operating system
  • the IP address

The processing of such information is necessary in order to allow the view of the Site contents. Such information will be deleted once the purposes for which they were collected have been pursued and, in any case, at the end of the session (when the user leaves the Site).

The information automatically collected by the Site are not matched with other information about the Site visitors.

The legal basis for such processing is the Data Controller’s legitimate interest in ensuring the proper technical working of the Site.

c) Cookies

A cookie is a small text file that is sent to the visitor’s terminal equipment (i.e., visitor´s browser) by the Site; the cookie is stored in the visitor’s terminal equipment to be then re-transmitted to the Site on the user’s subsequent visits to the Site.

We inform you that the cookies placed by the Site (the “Cookies”) may be “session cookies” (i.e., cookies that expire at the end of a browser session) or “permanent cookies” (i.e., cookies stored also after the end of the visitor’s browser session). Further, Cookies may be set directly by the Site (so-called “first party cookies”) or by other website (so-called “third party cookies”).

 

Cookies used by the Site:

Browsing or session technical Cookies

The Site places browsing or session technical Cookies in order to allow a normal and efficient browsing and use of the Site. Such Cookies do not require your prior and express consent. You may disable these Cookies by changing your browser settings (as specified below), but this may affect how the Site works.

Functional technical Cookies

The Site uses functional technical cookies which allow to remember your preferences (i.e. the language selected) in order to improve the services provided by the Site. Functional cookies improve browsing quality and experience. Please note that your consent is not required in order to set the functional technical Cookies.

Analytical Cookies

These third party Cookies are used to collect information about how visitors use the Site (e.g., number of visitors, visited pages, permanence on the Site, etc.), in order to carry out statistical analysis and improve our Site. The Cookies collect information in a way that does not directly identify anyone.

By providing your authorisation through the banner which displays accessing the Site, you consent to the use of analytics Cookies. We inform you that your consent will be required only upon your first access to the Site and we use of a technical Cookie in order to track the consent obtained. As specified below, you may withdraw your consent at any time.


We use the following categories of Cookies:

Name of the cookie

Description

Storage

CookieConsentAccepted

The file to identify the user who gave consent to the personal data collection.

36 months

_ga

Creates a unique identifier in the Google Analytics system that is randomly generated and used to gather statistics about how a visitor uses the Site. Read Google overview on privacy and data protection

2 years

_gid

A file to identify a user of the Site in the Google Analytics system. Read Google overview on privacy and data protection

24 hours

_gat

Uses Google Analytics to limit the frequency of demands. Read Google overview on privacy and data protection

1 minute

.ASPXAUTH

Identifies the user during authentication

During the session

ASP.NET_SessionId

Keeps the status of the visitor's session when he navigates through the pages of the Site

During the session

ARRAffinity

Used to disperse traffic between multiple servers in order to optimize the response time

During the session

_rl

This is a Vimeo cookies used to save language preferences. Read the Vimeo cookies policy

1 year

You can change your Cookies preferences at any time by clicking on and opt out of being tracked by Google Analytics across all websites, visiting http://tools.google.com/dlpage/gaoptout.

Please note that most web browsers allow some control of most cookies through the browser settings. . Find out how to manage cookies on popular browsers:

Internet Explorer  |  Edge  |  Safari  |  Chrome  |  Firefox   | Opera

 

3. Data recipients

The Personal Data will not be disseminated and may be accessible (limited, and some content may not displayed incorrectly to the respective field of competence) to the employees and/or collaborators of the Data Controller authorized to process them.

The Personal Data recipients will act as autonomous data controllers, according to Article 4(7) of the GDPR or as data processors appointed by the Data Controller, according to Article 28 of the GDPR.  

The Personal Data may be communicated to companies, which provides certain services to the Data Controller and to the others companies of the Metinvest Group, including the company LLC «METINVEST DIGITAL» (“Metinvest Digital”).

Metinvest Digital provides certain services related to the management and the technical maintenance of the Site and processes the Personal Data only on documented instructions from the Data Controller, ensuring the adoption of all the necessary measures in order to comply with the applicable data protection law and protect the visitors’ rights.

Further to that, we provide you with the following information:


a)   Google Analytics

Google Analytics (i.e., the company Google LLC (“Google”), 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) sets certain Cookies, which collect information about how you visit the Site.

Google can distinguish the individual visitors; limit the frequency of demands; remember the number and time of your previous visits; record the traffic source; determine the beginning and end of the session; remember the values of the visitor level user-declared variables. Information about your device (i.e., about your browser and your operating system) may be accessible for Google.

Please note that we use a mechanism that automatically masks your IP address and the information processed by Google will not be combined with other Google data.

Google will use the received information for statistical analysis and reporting, which will help to optimize the Site making it more comfortable for the visitors. Your Personal data will be stored for 36 months.

b)  Google Maps

This site uses Google Maps, a service of maps fruition provided by Google. Google may receive your IP address and know the Site page you are visiting.

If you are logged in to your Google Account, Google may combine the information collected through the Site with your Google profile information.

As specified above, the Statement is provided only for the Site and the Data Controller shall not be deemed liable for the personal information provided by the visitors to external parties. For further information, we invite you to read the Google overview on privacy and data protection.

d) Vimeo

We use Vimeo video player (service provided by the company Vimeo, Inc. 555 West 18th Street, New York, New York 10011). Vimeo sets Cookies which are necessary in order to enable certain features and remember your preferences (i.e., , language or volume settings). For further information, please read the Vimeo cookies policy.

 

4. Personal Data transfers

The recipients identified in Section 3 above may be located in extra-UE countries. All the transfer of your Personal Data will take place in accordance with the GDPR and the applicable data protection law, including the transfer to the extra-UE companies of the Metinvest Group. As specified above, certain Personal Data collected by the Cookies may be transfer to Google. Google complies with the EU-US Privacy Shield Framework as designed by the US Department of Commerce and the European Commission and Swiss Administration (the “Privacy Shield”), providing an adequate level of protection, according to the GDPR and the applicable data protection law The Privacy Shield is available at the link: privacyshield.gov.

 

5. Your rights

According to the GDPR, the Data Controller ensure the exercise of the following rights:

a) Your right to access your personal data (Article 15 of the GDPR).

You have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to such Personal Data and the information referred to in Article 15 of the GDPR (e.g. the purposes of the processing; the categories of Personal Data concerned; the recipients to whom the Personal Data have been or will be disclosed, etc.).  

b)  Your right to rectification (Article 16 of the GDPR):

You have the right to obtain from the Data Controller the rectification of inaccurate Personal Data concerning you. Taking into account the purposes of the processing, you have also the right to have incomplete Personal Data completed. .

In order to exercise the right referred to in Article 16, your request should include a clear indication of the inaccurate and/or incomplete Personal Data.

c)  Your right to erasure or "the right to be forgotten" (Article 17 of the GDPR)

You have the right to obtain from the Data Controller the erasure of your Personal Data in accordance with Article 17 of the GDPR (e.g., when the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; when withdraw your consent or object to the processing and there are no overriding legitimate grounds for the processing, etc.).

d)  Your right to restriction of processing (Article 18 of the GDPR):

You have the right to obtain from us restriction of processing where one of the grounds referred to in Article 18 of the GDPR applies (e.g., you contest the accuracy of the Personal data, for a period enabling the Data Controller to verify the accuracy of the Personal Data; the processing is unlawful and you oppose the erasure of the Personal Data and requests the restriction of their use instead; we no longer need the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, etc.).

e)   Your right to data portability (Article 20 of the GDPR):

According to Article 20 of the GDPR, you have the right to receive certain Personal Data in a structured, commonly used and machine-readable format and to transmit those Personal Data to another data controller, without hindrance from us, where: (i) the Personal Data processing is based on your consent; and (ii) it is carried out by automated means.. f)  Your right to object to the processing (Article 21 of the GDPR):

You have the right to object, on grounds relating to your particular situation, at any time, to your Personal Data processing that is based on our legitimate interests, according to Article 6(1), lett. f) of the GDPR. We will no longer process the Personal Data concerned unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. You have the right to object, at any time, to the processing of your Personal Data for direct marketing purposes.

g)  The right to withdraw your consent (Art. 7(3) of the GDPR):

 By contacting us at the address below (Section 6), you may, at any time, withdraw your consent. The withdrawal of your consent will not affect the lawfulness of the processing carried out before such withdrawal.

h)  Right to lodge a complaint with the competent supervisory authority:

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the country where you live, work or place of the alleged infringement, if you consider that the processing of your Personal Data infringes the applicable data protection law.

If you are in one of the Member States of the EU, you can lodge a complaint with one of the European supervisory authorities

If you are in Ukraine, you can lodge a complaint with the Human Rights Commissioner of the Verkhovna Rada.

Please note that we will provide information on action taken on a request under Articles from 15 to 21 of the GDPR as quickly as possible and, in any case, within one month of receipt your request. Where strictly necessary, that period may be extended by two further months. The exercise of your rights is free of charge unless your request is manifestly unfounded or excessive.

 

6.  Contact details of the Data Protection Officer

If you have any question on this Statement or if you wish to exercise your rights listed in Section 5 above, you may contact the data protection officer appointed by the Data Controller according to Article 37 of the GDPR at the following addresses and specifying “at the attention of the Legal Department”:

Please indicate “For the Legal Department” on the envelope.