Privacy at Vale
-
Who we are
-
What we doGå tillbaka
What we do
access-the-page What we do
access-the-page Mining
Gå tillbakaaccess-the-page Where are we
Gå tillbakaWhere are we
access-the-page Brazil
-
Our peopleGå tillbaka
Our people
access-the-page Our people
access-the-page Proud to be Vale
Gå tillbakaaccess-the-page Opportunities for professionals
Gå tillbakaaccess-the-page Opportunities for students
Gå tillbaka -
InvestorsGå tillbaka
-
SuppliersGå tillbaka
Suppliers
access-the-page Suppliers
access-the-page I'm a Supplier
Gå tillbaka -
Our FutureGå tillbaka
Our Future
access-the-page Our Future
access-the-page Culture
Gå tillbakaaccess-the-page Sustainability
Gå tillbakaaccess-the-page Innovation
Gå tillbaka -
Reparation
recent-searches
Snabblänkar
Privacy at Vale
Protecting your privacy is very important to us.
On this page you will find our External Privacy Notice and Privacy Communication Channel.
The purpose of the External Privacy Notice is to clarify how Vale processes the personal data of third parties, whether this involves the provision of services, access to our physical or digital environments, or other interactions with the company.
The Privacy Communication Channel is the means by which data owners can contact Vale’s Privacy Area in order to uphold their rights and ask questions about the processing of their personal data and the External Privacy Notice.
The protection of privacy and personal data reflects our values and commitments to people, as well as our vision of security and transparency in data processing.
The purpose of this notice is to clarify how Vale processes the Personal Data of third parties, in this case, You, during the provision of services or access to our environments, whether physical or digital, hereinafter referred to together as “Our Environments”
Privacy communication Channel
Your message will be analyzed by Vale's Privacy Area and you will receive our contact at privacy@vale.com.
External privacy notice
We are constantly looking to offer services and features as efficiently as possible. For this reason, this notice may be amended at any time and it is up to you to check it whenever possible.
Vale process personal data, which are those that can identify or allow a natural person identifiable.
The company collects personal data to carry out regular activities with users of Vale’s services. The list of collected data typically includes: identification data, contact data, financial data, navigation data (cookies, IP address), health data, biometric data and other data that may be needed to perform these services. The list of collected data may vary according to the relationship with the data subject.
More information regarding the use of this data can be found in the specific terms of each service, available on their respective platforms.
- Passenger Train Services;
- Newsroom;
- Aerovale;
- Visiting Vale;
- Ethics and Conduct Office;
- Access to Vale’s sites;
- On-site help centers;
- Assistance to communities.
In addition to the performance of services, the company collects personal data from its employees, suppliers and contracted parties. The processing of such personal data is regulated through specific documents.
The collection and processing of personal data within Vale are carried out to legitimate, explicit and specific purposes. Most of the personal information is provided directly by the data subjects, for one of the following reasons:
- Get in touch when offering our services;
- Browsing our websites and applications safely;
- To better target the content of our sites;
- To be able to perform our services, receive and make payments and aid; or
- For carrying out regular activities with users of Vale’s services.
More information on the purposes and legal basis for collecting and processing personal data can be found in the specific terms of each service, available on their respective platforms.
The company stores the evidence of opt-in (express) consent, when such consent is considered, by the applicable personal data protection laws, indispensable for the data processing activity. Likewise, if consent is revoked, evidence of such revocation will also be stored.
- Sharing with third-parties:
In some circumstances, Vale may be legally required to share personal data in order to respond to inquiries or investigations.
- International data transfer:
It is possible to use one of the following safeguards: (i) contractual clauses approved by the supervisory authorities, according to the applicable personal data protection laws; or (ii) binding corporate rules.
Data subjects have the following rights related to its personal data, to the extent that such rights are recognized by applicable laws:
- Processing confirmation: confirmation as to whether or not Personal Data concerning the relevant data subject are being processed;
- Access to data: access to data collected by Vale, except for cases of trade secret protection and industry;
- Data rectification: request to correct incomplete, outdated or erroneous information;
- Anonymization and suspension: anonymization and suspension of personal data considered unnecessary, excessive or processed in non-compliance with the provisions of the applicable legislation. Anonymization will take place considering the use of reasonable and available technical means when processing data;
- Portability: portability of personal data to another product supplier or service provider upon express request. Vale and its subsidiaries reserve the right to deny portability in case of personal data that could compromise their commercial and industrial secrets.
- Information on data sharing: information to the data subject about personal data that is shared with public and private entities;
- Consent Revocation: revocation of the consent given, at any time, upon the express request of the data subject. The revocation procedure will always free and facilitated.
- Elimination: personal data will be eliminated at the end of its purpose or if the data subject expresses its intent to revoke its consent to carry out that processing. Subject to local legal requirements, Vale may keep personal data if: (i) it is legally obliged to keep them, (ii) for compliance with laws and / or regulations that so determine; (iii) needs the data to establish, exercise or defend legal claims; and (iii) need to maintain control of the data for public health reasons.
It is possible to exercise these rights by contacting us using the form found at the bottom of this page.
Personal data is protected against unauthorized access, illegal processing or disclosure, as well as accidental loss, modification or destruction. This applies regardless of whether such data is processed electronically or on paper.
The company has appropriate technical and organizational measures to protect personal data, such as information classification, data backup and restoration and identity and access management. These measures are based on security analysis and data protection risks.
In the event of deletion of personal data, the process is carried out safely, in line with the appropriate technical measures, in order to ensure that the deleted personal data cannot be recovered.
All personal data collected will be processed and preserved as long as necessary for the fulfillment of the purposes described in the section “What is the purpose of collection and processing of personal data?”.
The data may be kept in our files in compliance with and observance of the deadlines defined in the legal system in question. This justifies, therefore, the retention of personal data in our databases, under the same security and protection mechanisms.
We may process the following categories of Personal Data about you:
- Personal details: given name(s); preferred name; photograph; details of representative; curriculum vitae / résumés and/or applications; passport number (where applicable); and work permit or visa number (where applicable).
- Demographic information: gender; date of birth / age; nationality; salutation; title; and language preferences.
- Contact details: correspondence address; shipping address; telephone number; email address; details of personal assistants, where applicable; messenger app details; online messaging details; and social media details.
- Expertise: records of your expertise, curriculum vitae / résumés, professional history, education history, practising details and qualification details; information about your experience, participation in meetings, seminars, advisory boards and conferences; salary expectations; referrals and references; information about your professional relationship with other individuals or institutions; and language abilities and other professional skills.
- Background checks: details revealed by background checks conducted in accordance with applicable law and subject to your prior express written consent (where required, including details of past employment, details of residence, credit reference information, and criminal records checks.
- Consthe date and time, means of consent and any related information (e.g., the subject matter of the consent).
- Purchase details: records of purchases and prices; and consignee name, address, contact telephone number and email ent records: records of any consents you have given, together with address.
- Payment details: invoice records; payment records; billing address; payment method; bank account number or credit card number; cardholder or accountholder name; card or account security details; card ‘valid from’ date; card expiry date; BACS details; SWIFT details; IBAN details; payment amount; payment date; and records of cheques.
- Data relating to our websites and apps: device type; operating system; browser type; browser settings; IP address; language settings; dates and times of connecting to a website; app usage statistics; app settings; dates and times of connecting to an app; location data, and other technical communications information (some of which may constitute Personal Data); password; security login details; usage data; and aggregate statistical information.
- Employer details: where you interact with us in your capacity as an employee of a third party, the name, address, telephone number and email address of your employer, to the extent relevant.
- Content and advertising data: records of your interactions with our online advertising and content; and records of advertising and content displayed on pages or app screens displayed to you.
- Views and opinions: any views and opinions that you choose to send to us, or publicly post about us on social media platforms.
- Biometric and health data: biometric data and data about your health (including health information to monitor the spread of infectious diseases in the workplace and biological sampling data); and (if disclosed) any special needs or health condition and information relating to accommodations that you may request during the recruitment process.
We collect or obtain Personal Data about you from the following sources:
- Data provided to us: We obtain Personal Data when those data are provided to us (e.g., where you contact us via email or telephone, or by any other means, or when you provide us with your business card, or when you submit a job application).
- Data we obtain in person: We obtain Personal Data during meetings, at trade shows, during visits from sales or marketing representatives, or at events we attend.
- Collaborations: We obtain Personal Data when you collaborate with us in research or in an advisory / consultancy capacity.
- Relationship data: We collect or obtain Personal Data in the ordinary course of our relationship with you (e.g., we provide a service to you, or to your employer).
- Data you make public: We collect or obtain Personal Data that you manifestly choose to make public, including via social media (e.g., we may collect information from your social media profile(s), if you make a public post about us).
- App data: We collect or obtain Personal Data when you download or use any of our apps.
- Website data: We collect or obtain Personal Data when you visit any of our websites or use any features or resources available on or through a website.
- Registration details: We collect or obtain Personal Data when you use, or register to use, any of our websites, apps, products, or services.
- Content and advertising information: If you interact with any third party content or advertising on a website or in an app (including third party plugins and Cookies) we receive Personal Data from the relevant third party provider of that content or advertising.
- Third party information: We collect or obtain Personal Data from third parties who provide it to us (e.g., credit reference agencies; law enforcement authorities; recruiters; previous employers, referees, entities conducting background checks etc.).
Creation of Personal Data
We also create Personal Data about you in certain circumstances, such as records of your interactions with us, and details of your past interactions with us. We may also combine Personal Data from any of our websites, apps, products, or services, including where those data are collected from different devices.
More information regarding the use of this data can be found in the specific terms of each service, available on their respective platforms.
The purposes for which we Process Personal Data, and the legal bases on which we perform such Processing, within Vale, where the law applicable to our Processing requires a legal basis, are as follows:
Processing activity | Legal basis for Processing |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1. Sharing with third-parties:
Vale shares Personal Data with other entities within the Vale group, to suppliers, if necessary, for legitimate business purpose, and for the provision of our services, products, apps and websites, in accordance with applicable law. In addition, we disclose Personal Data to:
- you and, where appropriate, your appointed representatives;
- legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- accountants, auditors, consultants, lawyers and other outside professional advisors to Vale, subject to binding contractual obligations of confidentiality;
- third-party Processors (such as payment services providers; recruiters; pre-employment screenings services etc.), located anywhere in the world (subject to the requirements noted below);
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal claims;
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
- any relevant third party acquirer(s) or successor(s) in title, in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); andany relevant third party provider, where our websites and our apps use third party advertising, plugins or content. If you choose to interact with any such advertising, plugins or content, your Personal Data may be shared with the relevant third party provider. We recommend that you review that third party’s privacy policy before interacting with its advertising, plugins or content.
- If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data, together with any additional requirements under applicable law.
2. International data transfer:
- Because of the international nature of our business, we transfer Personal Data within the Vale group, and to the third-parties set out above under the sub-heading entitled “Sharing with third-parties”. Recipients of Personal Data we transfer may be located in all countries where the Vale group is present but in other countries globally as well. For this reason, we transfer Personal Data to other countries that may have different legal requirements and data protection compliance requirements to those that apply in the country in which you are located or in which you disclosed your Personal Data to us. We may transfer your Personal Data to the following jurisdictions in particular but also other jurisdictions globally where third-party recipients or their service providers are located:
- Argentina;
- Australia;
- Brazil;
- Canada;
- Chile;
- China;
- India;
- Indonesia;
- Japa;
- Malaysia;
- Oman;
- Peru; and
- Singapore.
For the international transfer of Personal Data related to individuals located in the EU or UK or Switzerland, if an exemption or derogation applies (e.g., where a transfer is necessary to establish, exercise or defend a legal claim, based on explicit consent, or where the transfer is necessary for the performance of a contract with the data subject or pre-contractual measures at the data subject’s request.) we may rely on that exemption or derogation, as appropriate. Where no exemption or derogation applies, and we transfer your Personal Data from the EEA or UK or Switzerland to recipients located outside the EEA or UK or Switzerland who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses. You are entitled to request a copy of our Standard Contractual Clauses using the contact details provided below.
Subject to applicable law, data subjects may have the following rights regarding the Processing of their Personal Data:
- the right to request access to, or copies of, Personal Data, together with information regarding the nature, Processing and disclosure of Personal Data;
- the right to request rectification to any inaccuracies in Personal Data;
- the right to request, on legitimate grounds erasure of Personal Data or restriction of Processing of Personal Data;
- the right to request portability of Personal Data to another controller, in a structured, commonly used and machine-readable format, to the extent applicable;
- where we Process Personal Data on the basis of your consent, the right to withdraw consent given, at any time, upon the express request of the data subject (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Data in reliance upon any other available legal bases); and
- the right to lodge complaints regarding the Processing of Personal Data with a Data Protection Authority.
Subject to applicable law, you may also have the following additional rights regarding the Processing of your Personal Data:
- the right to object, on grounds relating to your particular situation, to the Processing of your Personal Data by us or on our behalf, where such Processing is based on Articles 6(1)(e) (public interest) or 6(1)(f) (legitimate interests) of the GDPR / UK GDPR; and
- the right to object to the Processing of your Personal Data by us or on our behalf for direct marketing purposes.
This does not affect your statutory rights.
To exercise one of these rights, or to ask a question about these rights or any other provision of this Privacy Notice, or about the Processing of your Personal Data, please use the contact details found at the bottom of this page.
Please note that:
- in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights; and
- where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
Personal Data is protected against unauthorized access, illegal Processing or disclosure, as well as accidental loss, modification or destruction. This applies regardless of whether such data is Processed electronically or on paper.
Vale has appropriate technical and organizational measures to protect Personal Data, such as information classification, data backup and restoration and identity and access management. These measures are based on security analysis and data protection risks.
In the event of deletion of Personal Data, the process is carried out safely, in line with the appropriate technical measures, in order to ensure that the deleted Personal Data cannot be recovered.
Data accuracy
We take every reasonable step to ensure that:
- your Personal Data that we Process is accurate and, where necessary, kept up to date; and
- any of your Personal Data that we Process that is inaccurate (having regard to the purposes for which such Personal Data is Processed) is erased or rectified without delay.
From time to time we may ask you to confirm the accuracy of your Personal Data.
Data minimization
We take every reasonable step to ensure that your Personal Data that we Process is limited to the Personal Data reasonably necessary in connection with the purposes set out in this Privacy Notice.
We take every reasonable step to ensure that all Personal Data collected will be Processed and retained for the minimum period necessary for the fulfilment of the purposes described under the heading entitled “What is the purpose of collection and Processing of Personal Data?”.
The data may be kept in our files in compliance with and observance of the deadlines defined in the legal system in question. This justifies, therefore, the retention of Personal Data in our databases, under the same security and protection mechanisms.
We do not seek to collect or otherwise Process Sensitive Personal Data in the ordinary course of our business. Where it becomes necessary to Process your Sensitive Personal Data for any reason, we rely on one of the following legal bases, where the law applicable to our Processing requires a legal basis:
- Compliance with applicable law: We may Process your Sensitive Personal Data where the Processing is required or permitted by applicable law (e.g., to comply with our diversity reporting obligations);
- Employment law: We may Process your Sensitive Personal Data where the Processing is necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment, social security and social protection law;
- Detection and prevention of crime: We may Process your Sensitive Personal Data where the Processing is necessary for the detection or prevention of crime (e.g., the prevention of fraud);
- Vital interests: We may Process your Sensitive Personal Data where the Processing is necessary to protect the vital interests of any individual; or
- Vital interests: We may Process your Sensitive Personal Data where the Processing is necessary to protect the vital interests of any individual; or
- Public health: We may Process your Sensitive Personal Data where the Processing is necessary for reasons of public interest in the area of public health (e.g., protecting against serious cross-border threats to health); or
- Establishment, exercise or defence of legal claims: We may Process your Sensitive Personal Data where the Processing is necessary for the establishment, exercise or defence of legal claims; or
- Consent: We may Process your Sensitive Personal Data where we have, in accordance with applicable law, obtained your express consent prior to Processing your Sensitive Personal Data (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
If you provide Sensitive Personal Data to us, you must ensure that it is lawful for you to disclose such data to us, and you must ensure a valid legal basis applies to the Processing of those Sensitive Personal Data.
To contact Vale's privacy team and Vale’s Data Protection Officer (“DPO”), use the form below or send an email to dpo@vale.com or to breach@logicdocument.com (if you are located in UK).
The purpose of this form, the dpo@vale.com and of the breach@logicdocument.com (for UK) emails address is to establish a channel for contacting the DPO and for the exercise of data subjects’ rights. For matters not related to privacy, access Contact Us.
For the purposes of this Privacy Notice, the relevant Controllers are:
Controller entity | Contact details | |
---|---|---|
Vale S.A.
|
|
|
Vale Europe Limited
|
Vale Europe Limited – Suite 1, 3rd Floor, 11-12 St. Jame´s Square, London, United Kingdom, SW1Y 4LB; Data Privacy Department / breach@logicdocument.com
|
|
Vale Holdings B.V.
|
Piet Heinkade 55, 1019 GM, Amsterdam, the Netherlands; Data Privacy Department / privacy@vale.com
|
|
Vale International SA
|
Route de Pallatex 29, 1162 Saint-Prex, Switzerland; Data Privacy Department / privacy@vale.com
|
“Adequate Jurisdiction” means a jurisdiction that has been formally designated by the European Commission, or the UK Government, or other competent local authority, as providing an adequate level of protection for Personal Data;
- “Cookie” means a small file that is placed on your device when you visit a website (including our websites). In this Privacy Notice, a reference to a “cookie” includes analogous technologies such as web beacons and clear GIFs;
- “Controller” means the entity that decides how and why Personal Data is Processed. In many jurisdictions, the controller has primary responsibility for complying with applicable data protection laws;
- “Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws;
- “EEA” means the European Economic Area;
- “GDPR” means the General Data Protection Regulation (EU) 2016/679;
- “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual; provided, however, that where applicable data protection law protects legal entities as data subjects “Personal Data” will be deemed to include information relating to legal entities;
- “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller);
- “Sensitive Personal Data” means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, biometric data, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that are deemed to be sensitive under applicable law;
- “Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission, or the UK Government; and
- “UK GDPR” means the UK’s equivalent of the GDPR.
We may process the following categories of Personal Data about you:
- Personal details: given name(s); preferred name; photograph; details of representative; curriculum vitae / résumés and/or applications; passport number (where applicable); and work permit or visa number (where applicable).
- Demographic information: gender; date of birth / age; nationality; salutation; title; and language preferences.
- Contact details: correspondence address; shipping address; telephone number; email address; details of personal assistants, where applicable; messenger app details; online messaging details; and social media details.
- Expertise: records of your expertise, curriculum vitae / résumés, professional history, education history, practising details and qualification details; information about your experience, participation in meetings, seminars, advisory boards and conferences; salary expectations; referrals and references; information about your professional relationship with other individuals or institutions; and language abilities and other professional skills.
- Background checks: details revealed by background checks conducted in accordance with applicable law and subject to your prior express written consent (where required, including details of past employment, details of residence, credit reference information, and criminal records checks.
- Consthe date and time, means of consent and any related information (e.g., the subject matter of the consent).
- Purchase details: records of purchases and prices; and consignee name, address, contact telephone number and email ent records: records of any consents you have given, together with address.
- Payment details: invoice records; payment records; billing address; payment method; bank account number or credit card number; cardholder or accountholder name; card or account security details; card ‘valid from’ date; card expiry date; BACS details; SWIFT details; IBAN details; payment amount; payment date; and records of cheques.
- Data relating to our websites and apps: device type; operating system; browser type; browser settings; IP address; language settings; dates and times of connecting to a website; app usage statistics; app settings; dates and times of connecting to an app; location data, and other technical communications information (some of which may constitute Personal Data); password; security login details; usage data; and aggregate statistical information.
- Employer details: where you interact with us in your capacity as an employee of a third party, the name, address, telephone number and email address of your employer, to the extent relevant.
- Content and advertising data: records of your interactions with our online advertising and content; and records of advertising and content displayed on pages or app screens displayed to you.
- Views and opinions: any views and opinions that you choose to send to us, or publicly post about us on social media platforms.
- Biometric and health data: biometric data and data about your health (including health information to monitor the spread of infectious diseases in the workplace and biological sampling data); and (if disclosed) any special needs or health condition and information relating to accommodations that you may request during the recruitment process.
We collect or obtain Personal Data about you from the following sources:
- Data provided to us: We obtain Personal Data when those data are provided to us (e.g., where you contact us via email or telephone, or by any other means, or when you provide us with your business card, or when you submit a job application).
- Data we obtain in person: We obtain Personal Data during meetings, at trade shows, during visits from sales or marketing representatives, or at events we attend.
- Collaborations: We obtain Personal Data when you collaborate with us in research or in an advisory / consultancy capacity.
- Relationship data: We collect or obtain Personal Data in the ordinary course of our relationship with you (e.g., we provide a service to you, or to your employer).
- Data you make public: We collect or obtain Personal Data that you manifestly choose to make public, including via social media (e.g., we may collect information from your social media profile(s), if you make a public post about us).
- App data: We collect or obtain Personal Data when you download or use any of our apps.
- Website data: We collect or obtain Personal Data when you visit any of our websites or use any features or resources available on or through a website.
- Registration details: We collect or obtain Personal Data when you use, or register to use, any of our websites, apps, products, or services.
- Content and advertising information: If you interact with any third party content or advertising on a website or in an app (including third party plugins and Cookies) we receive Personal Data from the relevant third party provider of that content or advertising.
- Third party information: We collect or obtain Personal Data from third parties who provide it to us (e.g., credit reference agencies; law enforcement authorities; recruiters; previous employers, referees, entities conducting background checks etc.).
Creation of Personal Data
We also create Personal Data about you in certain circumstances, such as records of your interactions with us, and details of your past interactions with us. We may also combine Personal Data from any of our websites, apps, products, or services, including where those data are collected from different devices.
More information regarding the use of this data can be found in the specific terms of each service, available on their respective platforms.
The purposes for which we Process Personal Data, and the legal bases on which we perform such Processing, within Vale, where the law applicable to our Processing requires a legal basis, are as follows:
Processing activity | Legal basis for Processing |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1. Sharing with third-parties:
Vale shares Personal Data with other entities within the Vale group, to suppliers, if necessary, for legitimate business purpose, and for the provision of our services, products, apps and websites, in accordance with applicable law. In addition, we disclose Personal Data to:
- you and, where appropriate, your appointed representatives;
- legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- accountants, auditors, consultants, lawyers and other outside professional advisors to Vale, subject to binding contractual obligations of confidentiality;
- third-party Processors (such as payment services providers; recruiters; pre-employment screenings services etc.), located anywhere in the world (subject to the requirements noted below);
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal claims;
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
- any relevant third party acquirer(s) or successor(s) in title, in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); andany relevant third party provider, where our websites and our apps use third party advertising, plugins or content. If you choose to interact with any such advertising, plugins or content, your Personal Data may be shared with the relevant third party provider. We recommend that you review that third party’s privacy policy before interacting with its advertising, plugins or content.
- If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data, together with any additional requirements under applicable law.
2. International data transfer:
- Because of the international nature of our business, we transfer Personal Data within the Vale group, and to the third-parties set out above under the sub-heading entitled “Sharing with third-parties”. Recipients of Personal Data we transfer may be located in all countries where the Vale group is present but in other countries globally as well. For this reason, we transfer Personal Data to other countries that may have different legal requirements and data protection compliance requirements to those that apply in the country in which you are located or in which you disclosed your Personal Data to us. We may transfer your Personal Data to the following jurisdictions in particular but also other jurisdictions globally where third-party recipients or their service providers are located:
- Argentina;
- Australia;
- Brazil;
- Canada;
- Chile;
- China;
- India;
- Indonesia;
- Japa;
- Malaysia;
- Oman;
- Peru; and
- Singapore.
For the international transfer of Personal Data related to individuals located in the EU or UK or Switzerland, if an exemption or derogation applies (e.g., where a transfer is necessary to establish, exercise or defend a legal claim, based on explicit consent, or where the transfer is necessary for the performance of a contract with the data subject or pre-contractual measures at the data subject’s request.) we may rely on that exemption or derogation, as appropriate. Where no exemption or derogation applies, and we transfer your Personal Data from the EEA or UK or Switzerland to recipients located outside the EEA or UK or Switzerland who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses. You are entitled to request a copy of our Standard Contractual Clauses using the contact details provided below.
Subject to applicable law, data subjects may have the following rights regarding the Processing of their Personal Data:
- the right to request access to, or copies of, Personal Data, together with information regarding the nature, Processing and disclosure of Personal Data;
- the right to request rectification to any inaccuracies in Personal Data;
- the right to request, on legitimate grounds erasure of Personal Data or restriction of Processing of Personal Data;
- the right to request portability of Personal Data to another controller, in a structured, commonly used and machine-readable format, to the extent applicable;
- where we Process Personal Data on the basis of your consent, the right to withdraw consent given, at any time, upon the express request of the data subject (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Data in reliance upon any other available legal bases); and
- the right to lodge complaints regarding the Processing of Personal Data with a Data Protection Authority.
Subject to applicable law, you may also have the following additional rights regarding the Processing of your Personal Data:
- the right to object, on grounds relating to your particular situation, to the Processing of your Personal Data by us or on our behalf, where such Processing is based on Articles 6(1)(e) (public interest) or 6(1)(f) (legitimate interests) of the GDPR / UK GDPR; and
- the right to object to the Processing of your Personal Data by us or on our behalf for direct marketing purposes.
This does not affect your statutory rights.
To exercise one of these rights, or to ask a question about these rights or any other provision of this Privacy Notice, or about the Processing of your Personal Data, please use the contact details found at the bottom of this page.
Please note that:
- in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights; and
- where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
Personal Data is protected against unauthorized access, illegal Processing or disclosure, as well as accidental loss, modification or destruction. This applies regardless of whether such data is Processed electronically or on paper.
Vale has appropriate technical and organizational measures to protect Personal Data, such as information classification, data backup and restoration and identity and access management. These measures are based on security analysis and data protection risks.
In the event of deletion of Personal Data, the process is carried out safely, in line with the appropriate technical measures, in order to ensure that the deleted Personal Data cannot be recovered.
Data accuracy
We take every reasonable step to ensure that:
- your Personal Data that we Process is accurate and, where necessary, kept up to date; and
- any of your Personal Data that we Process that is inaccurate (having regard to the purposes for which such Personal Data is Processed) is erased or rectified without delay.
From time to time we may ask you to confirm the accuracy of your Personal Data.
Data minimization
We take every reasonable step to ensure that your Personal Data that we Process is limited to the Personal Data reasonably necessary in connection with the purposes set out in this Privacy Notice.
We take every reasonable step to ensure that all Personal Data collected will be Processed and retained for the minimum period necessary for the fulfilment of the purposes described under the heading entitled “What is the purpose of collection and Processing of Personal Data?”.
The data may be kept in our files in compliance with and observance of the deadlines defined in the legal system in question. This justifies, therefore, the retention of Personal Data in our databases, under the same security and protection mechanisms.
We do not seek to collect or otherwise Process Sensitive Personal Data in the ordinary course of our business. Where it becomes necessary to Process your Sensitive Personal Data for any reason, we rely on one of the following legal bases, where the law applicable to our Processing requires a legal basis:
- Compliance with applicable law: We may Process your Sensitive Personal Data where the Processing is required or permitted by applicable law (e.g., to comply with our diversity reporting obligations);
- Employment law: We may Process your Sensitive Personal Data where the Processing is necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment, social security and social protection law;
- Detection and prevention of crime: We may Process your Sensitive Personal Data where the Processing is necessary for the detection or prevention of crime (e.g., the prevention of fraud);
- Vital interests: We may Process your Sensitive Personal Data where the Processing is necessary to protect the vital interests of any individual; or
- Vital interests: We may Process your Sensitive Personal Data where the Processing is necessary to protect the vital interests of any individual; or
- Public health: We may Process your Sensitive Personal Data where the Processing is necessary for reasons of public interest in the area of public health (e.g., protecting against serious cross-border threats to health); or
- Establishment, exercise or defence of legal claims: We may Process your Sensitive Personal Data where the Processing is necessary for the establishment, exercise or defence of legal claims; or
- Consent: We may Process your Sensitive Personal Data where we have, in accordance with applicable law, obtained your express consent prior to Processing your Sensitive Personal Data (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
If you provide Sensitive Personal Data to us, you must ensure that it is lawful for you to disclose such data to us, and you must ensure a valid legal basis applies to the Processing of those Sensitive Personal Data.
To contact Vale's privacy team and Vale’s Data Protection Officer (“DPO”), use the form below or send an email to dpo@vale.com or to breach@logicdocument.com (if you are located in UK).
The purpose of this form, the dpo@vale.com and of the breach@logicdocument.com (for UK) emails address is to establish a channel for contacting the DPO and for the exercise of data subjects’ rights. For matters not related to privacy, access Contact Us.
For the purposes of this Privacy Notice, the relevant Controllers are:
Controller entity | Contact details | |
---|---|---|
Vale S.A.
|
|
|
Vale Europe Limited
|
Vale Europe Limited – Suite 1, 3rd Floor, 11-12 St. Jame´s Square, London, United Kingdom, SW1Y 4LB; Data Privacy Department / breach@logicdocument.com
|
|
Vale Holdings B.V.
|
Piet Heinkade 55, 1019 GM, Amsterdam, the Netherlands; Data Privacy Department / privacy@vale.com
|
|
Vale International SA
|
Route de Pallatex 29, 1162 Saint-Prex, Switzerland; Data Privacy Department / privacy@vale.com
|
“Adequate Jurisdiction” means a jurisdiction that has been formally designated by the European Commission, or the UK Government, or other competent local authority, as providing an adequate level of protection for Personal Data;
- “Cookie” means a small file that is placed on your device when you visit a website (including our websites). In this Privacy Notice, a reference to a “cookie” includes analogous technologies such as web beacons and clear GIFs;
- “Controller” means the entity that decides how and why Personal Data is Processed. In many jurisdictions, the controller has primary responsibility for complying with applicable data protection laws;
- “Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws;
- “EEA” means the European Economic Area;
- “GDPR” means the General Data Protection Regulation (EU) 2016/679;
- “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual; provided, however, that where applicable data protection law protects legal entities as data subjects “Personal Data” will be deemed to include information relating to legal entities;
- “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller);
- “Sensitive Personal Data” means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, biometric data, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that are deemed to be sensitive under applicable law;
- “Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission, or the UK Government; and
- “UK GDPR” means the UK’s equivalent of the GDPR.
We may process the following categories of Personal Data about you:
- Personal details: given name(s); preferred name; photograph; details of representative; curriculum vitae / résumés and/or applications; passport number (where applicable); and work permit or visa number (where applicable).
- Demographic information: gender; date of birth / age; nationality; salutation; title; and language preferences.
- Contact details: correspondence address; shipping address; telephone number; email address; details of personal assistants, where applicable; messenger app details; online messaging details; and social media details.
- Expertise: records of your expertise, curriculum vitae / résumés, professional history, education history, practising details and qualification details; information about your experience, participation in meetings, seminars, advisory boards and conferences; salary expectations; referrals and references; information about your professional relationship with other individuals or institutions; and language abilities and other professional skills.
- Background checks: details revealed by background checks conducted in accordance with applicable law and subject to your prior express written consent (where required, including details of past employment, details of residence, credit reference information, and criminal records checks.
- Consthe date and time, means of consent and any related information (e.g., the subject matter of the consent).
- Purchase details: records of purchases and prices; and consignee name, address, contact telephone number and email ent records: records of any consents you have given, together with address.
- Payment details: invoice records; payment records; billing address; payment method; bank account number or credit card number; cardholder or accountholder name; card or account security details; card ‘valid from’ date; card expiry date; BACS details; SWIFT details; IBAN details; payment amount; payment date; and records of cheques.
- Data relating to our websites and apps: device type; operating system; browser type; browser settings; IP address; language settings; dates and times of connecting to a website; app usage statistics; app settings; dates and times of connecting to an app; location data, and other technical communications information (some of which may constitute Personal Data); password; security login details; usage data; and aggregate statistical information.
- Employer details: where you interact with us in your capacity as an employee of a third party, the name, address, telephone number and email address of your employer, to the extent relevant.
- Content and advertising data: records of your interactions with our online advertising and content; and records of advertising and content displayed on pages or app screens displayed to you.
- Views and opinions: any views and opinions that you choose to send to us, or publicly post about us on social media platforms.
- Biometric and health data: biometric data and data about your health (including health information to monitor the spread of infectious diseases in the workplace and biological sampling data); and (if disclosed) any special needs or health condition and information relating to accommodations that you may request during the recruitment process.
We collect or obtain Personal Data about you from the following sources:
- Data provided to us: We obtain Personal Data when those data are provided to us (e.g., where you contact us via email or telephone, or by any other means, or when you provide us with your business card, or when you submit a job application).
- Data we obtain in person: We obtain Personal Data during meetings, at trade shows, during visits from sales or marketing representatives, or at events we attend.
- Collaborations: We obtain Personal Data when you collaborate with us in research or in an advisory / consultancy capacity.
- Relationship data: We collect or obtain Personal Data in the ordinary course of our relationship with you (e.g., we provide a service to you, or to your employer).
- Data you make public: We collect or obtain Personal Data that you manifestly choose to make public, including via social media (e.g., we may collect information from your social media profile(s), if you make a public post about us).
- App data: We collect or obtain Personal Data when you download or use any of our apps.
- Website data: We collect or obtain Personal Data when you visit any of our websites or use any features or resources available on or through a website.
- Registration details: We collect or obtain Personal Data when you use, or register to use, any of our websites, apps, products, or services.
- Content and advertising information: If you interact with any third party content or advertising on a website or in an app (including third party plugins and Cookies) we receive Personal Data from the relevant third party provider of that content or advertising.
- Third party information: We collect or obtain Personal Data from third parties who provide it to us (e.g., credit reference agencies; law enforcement authorities; recruiters; previous employers, referees, entities conducting background checks etc.).
Creation of Personal Data
We also create Personal Data about you in certain circumstances, such as records of your interactions with us, and details of your past interactions with us. We may also combine Personal Data from any of our websites, apps, products, or services, including where those data are collected from different devices.
More information regarding the use of this data can be found in the specific terms of each service, available on their respective platforms.
Processing activity | Legal basis for Processing |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1. Sharing with third-parties:
Vale shares Personal Data with other entities within the Vale group, to suppliers, if necessary, for legitimate business purpose, and for the provision of our services, products, apps and websites, in accordance with applicable law. In addition, we disclose Personal Data to:
- you and, where appropriate, your appointed representatives;
- legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- accountants, auditors, consultants, lawyers and other outside professional advisors to Vale, subject to binding contractual obligations of confidentiality;
- third-party Processors (such as payment services providers; recruiters; pre-employment screenings services etc.), located anywhere in the world (subject to the requirements noted below);
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal claims;
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
- any relevant third party acquirer(s) or successor(s) in title, in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); andany relevant third party provider, where our websites and our apps use third party advertising, plugins or content. If you choose to interact with any such advertising, plugins or content, your Personal Data may be shared with the relevant third party provider. We recommend that you review that third party’s privacy policy before interacting with its advertising, plugins or content.
- If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data, together with any additional requirements under applicable law.
2. International data transfer:
- Because of the international nature of our business, we transfer Personal Data within the Vale group, and to the third-parties set out above under the sub-heading entitled “Sharing with third-parties”. Recipients of Personal Data we transfer may be located in all countries where the Vale group is present but in other countries globally as well. For this reason, we transfer Personal Data to other countries that may have different legal requirements and data protection compliance requirements to those that apply in the country in which you are located or in which you disclosed your Personal Data to us. We may transfer your Personal Data to the following jurisdictions in particular but also other jurisdictions globally where third-party recipients or their service providers are located:
- Argentina;
- Australia;
- Brazil;
- Canada;
- Chile;
- China;
- India;
- Indonesia;
- Japa;
- Malaysia;
- Oman;
- Peru; and
- Singapore.
For the international transfer of Personal Data related to individuals located in the EU or UK or Switzerland, if an exemption or derogation applies (e.g., where a transfer is necessary to establish, exercise or defend a legal claim, based on explicit consent, or where the transfer is necessary for the performance of a contract with the data subject or pre-contractual measures at the data subject’s request.) we may rely on that exemption or derogation, as appropriate. Where no exemption or derogation applies, and we transfer your Personal Data from the EEA or UK or Switzerland to recipients located outside the EEA or UK or Switzerland who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses. You are entitled to request a copy of our Standard Contractual Clauses using the contact details provided below.
Subject to applicable law, data subjects may have the following rights regarding the Processing of their Personal Data:
- the right to request access to, or copies of, Personal Data, together with information regarding the nature, Processing and disclosure of Personal Data;
- the right to request rectification to any inaccuracies in Personal Data;
- the right to request, on legitimate grounds erasure of Personal Data or restriction of Processing of Personal Data;
- the right to request portability of Personal Data to another controller, in a structured, commonly used and machine-readable format, to the extent applicable;
- where we Process Personal Data on the basis of your consent, the right to withdraw consent given, at any time, upon the express request of the data subject (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Data in reliance upon any other available legal bases); and
- the right to lodge complaints regarding the Processing of Personal Data with a Data Protection Authority.
Subject to applicable law, you may also have the following additional rights regarding the Processing of your Personal Data:
- the right to object, on grounds relating to your particular situation, to the Processing of your Personal Data by us or on our behalf, where such Processing is based on Articles 6(1)(e) (public interest) or 6(1)(f) (legitimate interests) of the GDPR / UK GDPR; and
- the right to object to the Processing of your Personal Data by us or on our behalf for direct marketing purposes.
This does not affect your statutory rights.
To exercise one of these rights, or to ask a question about these rights or any other provision of this Privacy Notice, or about the Processing of your Personal Data, please use the contact details found at the bottom of this page.
Please note that:
- in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights; and
- where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
Personal Data is protected against unauthorized access, illegal Processing or disclosure, as well as accidental loss, modification or destruction. This applies regardless of whether such data is Processed electronically or on paper.
Vale has appropriate technical and organizational measures to protect Personal Data, such as information classification, data backup and restoration and identity and access management. These measures are based on security analysis and data protection risks.
In the event of deletion of Personal Data, the process is carried out safely, in line with the appropriate technical measures, in order to ensure that the deleted Personal Data cannot be recovered.
Data accuracy
We take every reasonable step to ensure that:
- your Personal Data that we Process is accurate and, where necessary, kept up to date; and
- any of your Personal Data that we Process that is inaccurate (having regard to the purposes for which such Personal Data is Processed) is erased or rectified without delay.
From time to time we may ask you to confirm the accuracy of your Personal Data.
Data minimization
We take every reasonable step to ensure that your Personal Data that we Process is limited to the Personal Data reasonably necessary in connection with the purposes set out in this Privacy Notice.
We take every reasonable step to ensure that all Personal Data collected will be Processed and retained for the minimum period necessary for the fulfilment of the purposes described under the heading entitled “What is the purpose of collection and Processing of Personal Data?”.
The data may be kept in our files in compliance with and observance of the deadlines defined in the legal system in question. This justifies, therefore, the retention of Personal Data in our databases, under the same security and protection mechanisms.
We do not seek to collect or otherwise Process Sensitive Personal Data in the ordinary course of our business. Where it becomes necessary to Process your Sensitive Personal Data for any reason, we rely on one of the following legal bases, where the law applicable to our Processing requires a legal basis:
- Compliance with applicable law: We may Process your Sensitive Personal Data where the Processing is required or permitted by applicable law (e.g., to comply with our diversity reporting obligations);
- Employment law: We may Process your Sensitive Personal Data where the Processing is necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment, social security and social protection law;
- Detection and prevention of crime: We may Process your Sensitive Personal Data where the Processing is necessary for the detection or prevention of crime (e.g., the prevention of fraud);
- Vital interests: We may Process your Sensitive Personal Data where the Processing is necessary to protect the vital interests of any individual; or
- Vital interests: We may Process your Sensitive Personal Data where the Processing is necessary to protect the vital interests of any individual; or
- Public health: We may Process your Sensitive Personal Data where the Processing is necessary for reasons of public interest in the area of public health (e.g., protecting against serious cross-border threats to health); or
- Establishment, exercise or defence of legal claims: We may Process your Sensitive Personal Data where the Processing is necessary for the establishment, exercise or defence of legal claims; or
- Consent: We may Process your Sensitive Personal Data where we have, in accordance with applicable law, obtained your express consent prior to Processing your Sensitive Personal Data (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
If you provide Sensitive Personal Data to us, you must ensure that it is lawful for you to disclose such data to us, and you must ensure a valid legal basis applies to the Processing of those Sensitive Personal Data.
To contact Vale's privacy team and Vale’s Data Protection Officer (“DPO”), use the form below or send an email to dpo@vale.com or to breach@logicdocument.com (if you are located in UK).
The purpose of this form, the dpo@vale.com and of the breach@logicdocument.com (for UK) emails address is to establish a channel for contacting the DPO and for the exercise of data subjects’ rights. For matters not related to privacy, access Contact Us.
Controller entity | Contact details | |
---|---|---|
Vale S.A.
|
|
|
Vale Europe Limited
|
Vale Europe Limited – Suite 1, 3rd Floor, 11-12 St. Jame´s Square, London, United Kingdom, SW1Y 4LB; Data Privacy Department / breach@logicdocument.com
|
|
Vale Holdings B.V.
|
Piet Heinkade 55, 1019 GM, Amsterdam, the Netherlands; Data Privacy Department / privacy@vale.com
|
|
Vale International SA
|
Route de Pallatex 29, 1162 Saint-Prex, Switzerland; Data Privacy Department / privacy@vale.com
|
“Adequate Jurisdiction” means a jurisdiction that has been formally designated by the European Commission, or the UK Government, or other competent local authority, as providing an adequate level of protection for Personal Data;
- “Cookie” means a small file that is placed on your device when you visit a website (including our websites). In this Privacy Notice, a reference to a “cookie” includes analogous technologies such as web beacons and clear GIFs;
- “Controller” means the entity that decides how and why Personal Data is Processed. In many jurisdictions, the controller has primary responsibility for complying with applicable data protection laws;
- “Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws;
- “EEA” means the European Economic Area;
- “GDPR” means the General Data Protection Regulation (EU) 2016/679;
- “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual; provided, however, that where applicable data protection law protects legal entities as data subjects “Personal Data” will be deemed to include information relating to legal entities;
- “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller);
- “Sensitive Personal Data” means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, biometric data, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that are deemed to be sensitive under applicable law;
- “Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission, or the UK Government; and
- “UK GDPR” means the UK’s equivalent of the GDPR.
Privacy communication Channel
Your message will be analyzed by Vale’s Privacy Area and we will email you from privacy@vale.com.
For subjects not related to personal data privacy, use our Contact Us channel.
External privacy notice
We are constantly looking to offer services and features as efficiently as possible. For this reason, this notice may be amended at any time and it is up to you to check it whenever possible.
Vale process personal data, which are those that can identify or allow a natural person identifiable.
The company collects personal data to carry out regular activities with users of Vale’s services. The list of collected data typically includes: identification data, contact data, financial data, navigation data (cookies, IP address), health data, biometric data and other data that may be needed to perform these services. The list of collected data may vary according to the relationship with the data subject.
More information regarding the use of this data can be found in the specific terms of each service, available on their respective platforms.
- Passenger Train Services;
- Newsroom;
- Aerovale;
- Visiting Vale;
- Ethics and Conduct Office;
- Access to Vale’s sites;
- On-site help centers;
- Assistance to communities.
In addition to the performance of services, the company collects personal data from its employees, suppliers and contracted parties. The processing of such personal data is regulated through specific documents.
The collection and processing of personal data within Vale are carried out to legitimate, explicit and specific purposes. Most of the personal information is provided directly by the data subjects, for one of the following reasons:
- Get in touch when offering our services;
- Browsing our websites and applications safely;
- To better target the content of our sites;
- To be able to perform our services, receive and make payments and aid; or
- For carrying out regular activities with users of Vale’s services.
More information on the purposes and legal basis for collecting and processing personal data can be found in the specific terms of each service, available on their respective platforms.
The company stores the evidence of opt-in (express) consent, when such consent is considered, by the applicable personal data protection laws, indispensable for the data processing activity. Likewise, if consent is revoked, evidence of such revocation will also be stored.
- Sharing with third-parties:
In some circumstances, Vale may be legally required to share personal data in order to respond to inquiries or investigations.
- International data transfer:
It is possible to use one of the following safeguards: (i) contractual clauses approved by the supervisory authorities, according to the applicable personal data protection laws; or (ii) binding corporate rules.
Data subjects have the following rights related to its personal data, to the extent that such rights are recognized by applicable laws:
- Processing confirmation: confirmation as to whether or not Personal Data concerning the relevant data subject are being processed;
- Access to data: access to data collected by Vale, except for cases of trade secret protection and industry;
- Data rectification: request to correct incomplete, outdated or erroneous information;
- Anonymization and suspension: anonymization and suspension of personal data considered unnecessary, excessive or processed in non-compliance with the provisions of the applicable legislation. Anonymization will take place considering the use of reasonable and available technical means when processing data;
- Portability: portability of personal data to another product supplier or service provider upon express request. Vale and its subsidiaries reserve the right to deny portability in case of personal data that could compromise their commercial and industrial secrets.
- Information on data sharing: information to the data subject about personal data that is shared with public and private entities;
- Consent Revocation: revocation of the consent given, at any time, upon the express request of the data subject. The revocation procedure will always free and facilitated.
- Elimination: personal data will be eliminated at the end of its purpose or if the data subject expresses its intent to revoke its consent to carry out that processing. Subject to local legal requirements, Vale may keep personal data if: (i) it is legally obliged to keep them, (ii) for compliance with laws and / or regulations that so determine; (iii) needs the data to establish, exercise or defend legal claims; and (iii) need to maintain control of the data for public health reasons.
It is possible to exercise these rights by contacting us using the form found at the bottom of this page.
Personal data is protected against unauthorized access, illegal processing or disclosure, as well as accidental loss, modification or destruction. This applies regardless of whether such data is processed electronically or on paper.
The company has appropriate technical and organizational measures to protect personal data, such as information classification, data backup and restoration and identity and access management. These measures are based on security analysis and data protection risks.
In the event of deletion of personal data, the process is carried out safely, in line with the appropriate technical measures, in order to ensure that the deleted personal data cannot be recovered.
All personal data collected will be processed and preserved as long as necessary for the fulfillment of the purposes described in the section “What is the purpose of collection and processing of personal data?”.
The data may be kept in our files in compliance with and observance of the deadlines defined in the legal system in question. This justifies, therefore, the retention of personal data in our databases, under the same security and protection mechanisms.
We may process the following categories of Personal Data about you:
- Personal details: given name(s); preferred name; photograph; details of representative; curriculum vitae / résumés and/or applications; passport number (where applicable); and work permit or visa number (where applicable).
- Demographic information: gender; date of birth / age; nationality; salutation; title; and language preferences.
- Contact details: correspondence address; shipping address; telephone number; email address; details of personal assistants, where applicable; messenger app details; online messaging details; and social media details.
- Expertise: records of your expertise, curriculum vitae / résumés, professional history, education history, practising details and qualification details; information about your experience, participation in meetings, seminars, advisory boards and conferences; salary expectations; referrals and references; information about your professional relationship with other individuals or institutions; and language abilities and other professional skills.
- Background checks: details revealed by background checks conducted in accordance with applicable law and subject to your prior express written consent (where required, including details of past employment, details of residence, credit reference information, and criminal records checks.
- Consthe date and time, means of consent and any related information (e.g., the subject matter of the consent).
- Purchase details: records of purchases and prices; and consignee name, address, contact telephone number and email ent records: records of any consents you have given, together with address.
- Payment details: invoice records; payment records; billing address; payment method; bank account number or credit card number; cardholder or accountholder name; card or account security details; card ‘valid from’ date; card expiry date; BACS details; SWIFT details; IBAN details; payment amount; payment date; and records of cheques.
- Data relating to our websites and apps: device type; operating system; browser type; browser settings; IP address; language settings; dates and times of connecting to a website; app usage statistics; app settings; dates and times of connecting to an app; location data, and other technical communications information (some of which may constitute Personal Data); password; security login details; usage data; and aggregate statistical information.
- Employer details: where you interact with us in your capacity as an employee of a third party, the name, address, telephone number and email address of your employer, to the extent relevant.
- Content and advertising data: records of your interactions with our online advertising and content; and records of advertising and content displayed on pages or app screens displayed to you.
- Views and opinions: any views and opinions that you choose to send to us, or publicly post about us on social media platforms.
- Biometric and health data: biometric data and data about your health (including health information to monitor the spread of infectious diseases in the workplace and biological sampling data); and (if disclosed) any special needs or health condition and information relating to accommodations that you may request during the recruitment process.
We collect or obtain Personal Data about you from the following sources:
- Data provided to us: We obtain Personal Data when those data are provided to us (e.g., where you contact us via email or telephone, or by any other means, or when you provide us with your business card, or when you submit a job application).
- Data we obtain in person: We obtain Personal Data during meetings, at trade shows, during visits from sales or marketing representatives, or at events we attend.
- Collaborations: We obtain Personal Data when you collaborate with us in research or in an advisory / consultancy capacity.
- Relationship data: We collect or obtain Personal Data in the ordinary course of our relationship with you (e.g., we provide a service to you, or to your employer).
- Data you make public: We collect or obtain Personal Data that you manifestly choose to make public, including via social media (e.g., we may collect information from your social media profile(s), if you make a public post about us).
- App data: We collect or obtain Personal Data when you download or use any of our apps.
- Website data: We collect or obtain Personal Data when you visit any of our websites or use any features or resources available on or through a website.
- Registration details: We collect or obtain Personal Data when you use, or register to use, any of our websites, apps, products, or services.
- Content and advertising information: If you interact with any third party content or advertising on a website or in an app (including third party plugins and Cookies) we receive Personal Data from the relevant third party provider of that content or advertising.
- Third party information: We collect or obtain Personal Data from third parties who provide it to us (e.g., credit reference agencies; law enforcement authorities; recruiters; previous employers, referees, entities conducting background checks etc.).
Creation of Personal Data
We also create Personal Data about you in certain circumstances, such as records of your interactions with us, and details of your past interactions with us. We may also combine Personal Data from any of our websites, apps, products, or services, including where those data are collected from different devices.
More information regarding the use of this data can be found in the specific terms of each service, available on their respective platforms.
The purposes for which we Process Personal Data, and the legal bases on which we perform such Processing, within Vale, where the law applicable to our Processing requires a legal basis, are as follows:
Processing activity | Legal basis for Processing |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1. Sharing with third-parties:
Vale shares Personal Data with other entities within the Vale group, to suppliers, if necessary, for legitimate business purpose, and for the provision of our services, products, apps and websites, in accordance with applicable law. In addition, we disclose Personal Data to:
- you and, where appropriate, your appointed representatives;
- legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- accountants, auditors, consultants, lawyers and other outside professional advisors to Vale, subject to binding contractual obligations of confidentiality;
- third-party Processors (such as payment services providers; recruiters; pre-employment screenings services etc.), located anywhere in the world (subject to the requirements noted below);
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal claims;
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
- any relevant third party acquirer(s) or successor(s) in title, in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); andany relevant third party provider, where our websites and our apps use third party advertising, plugins or content. If you choose to interact with any such advertising, plugins or content, your Personal Data may be shared with the relevant third party provider. We recommend that you review that third party’s privacy policy before interacting with its advertising, plugins or content.
- If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data, together with any additional requirements under applicable law.
2. International data transfer:
- Because of the international nature of our business, we transfer Personal Data within the Vale group, and to the third-parties set out above under the sub-heading entitled “Sharing with third-parties”. Recipients of Personal Data we transfer may be located in all countries where the Vale group is present but in other countries globally as well. For this reason, we transfer Personal Data to other countries that may have different legal requirements and data protection compliance requirements to those that apply in the country in which you are located or in which you disclosed your Personal Data to us. We may transfer your Personal Data to the following jurisdictions in particular but also other jurisdictions globally where third-party recipients or their service providers are located:
- Argentina;
- Australia;
- Brazil;
- Canada;
- Chile;
- China;
- India;
- Indonesia;
- Japa;
- Malaysia;
- Oman;
- Peru; and
- Singapore.
For the international transfer of Personal Data related to individuals located in the EU or UK or Switzerland, if an exemption or derogation applies (e.g., where a transfer is necessary to establish, exercise or defend a legal claim, based on explicit consent, or where the transfer is necessary for the performance of a contract with the data subject or pre-contractual measures at the data subject’s request.) we may rely on that exemption or derogation, as appropriate. Where no exemption or derogation applies, and we transfer your Personal Data from the EEA or UK or Switzerland to recipients located outside the EEA or UK or Switzerland who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses. You are entitled to request a copy of our Standard Contractual Clauses using the contact details provided below.
Subject to applicable law, data subjects may have the following rights regarding the Processing of their Personal Data:
- the right to request access to, or copies of, Personal Data, together with information regarding the nature, Processing and disclosure of Personal Data;
- the right to request rectification to any inaccuracies in Personal Data;
- the right to request, on legitimate grounds erasure of Personal Data or restriction of Processing of Personal Data;
- the right to request portability of Personal Data to another controller, in a structured, commonly used and machine-readable format, to the extent applicable;
- where we Process Personal Data on the basis of your consent, the right to withdraw consent given, at any time, upon the express request of the data subject (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Data in reliance upon any other available legal bases); and
- the right to lodge complaints regarding the Processing of Personal Data with a Data Protection Authority.
Subject to applicable law, you may also have the following additional rights regarding the Processing of your Personal Data:
- the right to object, on grounds relating to your particular situation, to the Processing of your Personal Data by us or on our behalf, where such Processing is based on Articles 6(1)(e) (public interest) or 6(1)(f) (legitimate interests) of the GDPR / UK GDPR; and
- the right to object to the Processing of your Personal Data by us or on our behalf for direct marketing purposes.
This does not affect your statutory rights.
To exercise one of these rights, or to ask a question about these rights or any other provision of this Privacy Notice, or about the Processing of your Personal Data, please use the contact details found at the bottom of this page.
Please note that:
- in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights; and
- where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
Personal Data is protected against unauthorized access, illegal Processing or disclosure, as well as accidental loss, modification or destruction. This applies regardless of whether such data is Processed electronically or on paper.
Vale has appropriate technical and organizational measures to protect Personal Data, such as information classification, data backup and restoration and identity and access management. These measures are based on security analysis and data protection risks.
In the event of deletion of Personal Data, the process is carried out safely, in line with the appropriate technical measures, in order to ensure that the deleted Personal Data cannot be recovered.
Data accuracy
We take every reasonable step to ensure that:
- your Personal Data that we Process is accurate and, where necessary, kept up to date; and
- any of your Personal Data that we Process that is inaccurate (having regard to the purposes for which such Personal Data is Processed) is erased or rectified without delay.
From time to time we may ask you to confirm the accuracy of your Personal Data.
Data minimization
We take every reasonable step to ensure that your Personal Data that we Process is limited to the Personal Data reasonably necessary in connection with the purposes set out in this Privacy Notice.
We take every reasonable step to ensure that all Personal Data collected will be Processed and retained for the minimum period necessary for the fulfilment of the purposes described under the heading entitled “What is the purpose of collection and Processing of Personal Data?”.
The data may be kept in our files in compliance with and observance of the deadlines defined in the legal system in question. This justifies, therefore, the retention of Personal Data in our databases, under the same security and protection mechanisms.
We do not seek to collect or otherwise Process Sensitive Personal Data in the ordinary course of our business. Where it becomes necessary to Process your Sensitive Personal Data for any reason, we rely on one of the following legal bases, where the law applicable to our Processing requires a legal basis:
- Compliance with applicable law: We may Process your Sensitive Personal Data where the Processing is required or permitted by applicable law (e.g., to comply with our diversity reporting obligations);
- Employment law: We may Process your Sensitive Personal Data where the Processing is necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment, social security and social protection law;
- Detection and prevention of crime: We may Process your Sensitive Personal Data where the Processing is necessary for the detection or prevention of crime (e.g., the prevention of fraud);
- Vital interests: We may Process your Sensitive Personal Data where the Processing is necessary to protect the vital interests of any individual; or
- Vital interests: We may Process your Sensitive Personal Data where the Processing is necessary to protect the vital interests of any individual; or
- Public health: We may Process your Sensitive Personal Data where the Processing is necessary for reasons of public interest in the area of public health (e.g., protecting against serious cross-border threats to health); or
- Establishment, exercise or defence of legal claims: We may Process your Sensitive Personal Data where the Processing is necessary for the establishment, exercise or defence of legal claims; or
- Consent: We may Process your Sensitive Personal Data where we have, in accordance with applicable law, obtained your express consent prior to Processing your Sensitive Personal Data (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
If you provide Sensitive Personal Data to us, you must ensure that it is lawful for you to disclose such data to us, and you must ensure a valid legal basis applies to the Processing of those Sensitive Personal Data.
To contact Vale's privacy team and Vale’s Data Protection Officer (“DPO”), use the form below or send an email to dpo@vale.com or to breach@logicdocument.com (if you are located in UK).
The purpose of this form, the dpo@vale.com and of the breach@logicdocument.com (for UK) emails address is to establish a channel for contacting the DPO and for the exercise of data subjects’ rights. For matters not related to privacy, access Contact Us.
For the purposes of this Privacy Notice, the relevant Controllers are:
Controller entity | Contact details | |
---|---|---|
Vale S.A.
|
|
|
Vale Europe Limited
|
Vale Europe Limited – Suite 1, 3rd Floor, 11-12 St. Jame´s Square, London, United Kingdom, SW1Y 4LB; Data Privacy Department / breach@logicdocument.com
|
|
Vale Holdings B.V.
|
Piet Heinkade 55, 1019 GM, Amsterdam, the Netherlands; Data Privacy Department / privacy@vale.com
|
|
Vale International SA
|
Route de Pallatex 29, 1162 Saint-Prex, Switzerland; Data Privacy Department / privacy@vale.com
|
“Adequate Jurisdiction” means a jurisdiction that has been formally designated by the European Commission, or the UK Government, or other competent local authority, as providing an adequate level of protection for Personal Data;
- “Cookie” means a small file that is placed on your device when you visit a website (including our websites). In this Privacy Notice, a reference to a “cookie” includes analogous technologies such as web beacons and clear GIFs;
- “Controller” means the entity that decides how and why Personal Data is Processed. In many jurisdictions, the controller has primary responsibility for complying with applicable data protection laws;
- “Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws;
- “EEA” means the European Economic Area;
- “GDPR” means the General Data Protection Regulation (EU) 2016/679;
- “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual; provided, however, that where applicable data protection law protects legal entities as data subjects “Personal Data” will be deemed to include information relating to legal entities;
- “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller);
- “Sensitive Personal Data” means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, biometric data, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that are deemed to be sensitive under applicable law;
- “Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission, or the UK Government; and
- “UK GDPR” means the UK’s equivalent of the GDPR.
We may process the following categories of Personal Data about you:
- Personal details: given name(s); preferred name; photograph; details of representative; curriculum vitae / résumés and/or applications; passport number (where applicable); and work permit or visa number (where applicable).
- Demographic information: gender; date of birth / age; nationality; salutation; title; and language preferences.
- Contact details: correspondence address; shipping address; telephone number; email address; details of personal assistants, where applicable; messenger app details; online messaging details; and social media details.
- Expertise: records of your expertise, curriculum vitae / résumés, professional history, education history, practising details and qualification details; information about your experience, participation in meetings, seminars, advisory boards and conferences; salary expectations; referrals and references; information about your professional relationship with other individuals or institutions; and language abilities and other professional skills.
- Background checks: details revealed by background checks conducted in accordance with applicable law and subject to your prior express written consent (where required, including details of past employment, details of residence, credit reference information, and criminal records checks.
- Consthe date and time, means of consent and any related information (e.g., the subject matter of the consent).
- Purchase details: records of purchases and prices; and consignee name, address, contact telephone number and email ent records: records of any consents you have given, together with address.
- Payment details: invoice records; payment records; billing address; payment method; bank account number or credit card number; cardholder or accountholder name; card or account security details; card ‘valid from’ date; card expiry date; BACS details; SWIFT details; IBAN details; payment amount; payment date; and records of cheques.
- Data relating to our websites and apps: device type; operating system; browser type; browser settings; IP address; language settings; dates and times of connecting to a website; app usage statistics; app settings; dates and times of connecting to an app; location data, and other technical communications information (some of which may constitute Personal Data); password; security login details; usage data; and aggregate statistical information.
- Employer details: where you interact with us in your capacity as an employee of a third party, the name, address, telephone number and email address of your employer, to the extent relevant.
- Content and advertising data: records of your interactions with our online advertising and content; and records of advertising and content displayed on pages or app screens displayed to you.
- Views and opinions: any views and opinions that you choose to send to us, or publicly post about us on social media platforms.
- Biometric and health data: biometric data and data about your health (including health information to monitor the spread of infectious diseases in the workplace and biological sampling data); and (if disclosed) any special needs or health condition and information relating to accommodations that you may request during the recruitment process.
We collect or obtain Personal Data about you from the following sources:
- Data provided to us: We obtain Personal Data when those data are provided to us (e.g., where you contact us via email or telephone, or by any other means, or when you provide us with your business card, or when you submit a job application).
- Data we obtain in person: We obtain Personal Data during meetings, at trade shows, during visits from sales or marketing representatives, or at events we attend.
- Collaborations: We obtain Personal Data when you collaborate with us in research or in an advisory / consultancy capacity.
- Relationship data: We collect or obtain Personal Data in the ordinary course of our relationship with you (e.g., we provide a service to you, or to your employer).
- Data you make public: We collect or obtain Personal Data that you manifestly choose to make public, including via social media (e.g., we may collect information from your social media profile(s), if you make a public post about us).
- App data: We collect or obtain Personal Data when you download or use any of our apps.
- Website data: We collect or obtain Personal Data when you visit any of our websites or use any features or resources available on or through a website.
- Registration details: We collect or obtain Personal Data when you use, or register to use, any of our websites, apps, products, or services.
- Content and advertising information: If you interact with any third party content or advertising on a website or in an app (including third party plugins and Cookies) we receive Personal Data from the relevant third party provider of that content or advertising.
- Third party information: We collect or obtain Personal Data from third parties who provide it to us (e.g., credit reference agencies; law enforcement authorities; recruiters; previous employers, referees, entities conducting background checks etc.).
Creation of Personal Data
We also create Personal Data about you in certain circumstances, such as records of your interactions with us, and details of your past interactions with us. We may also combine Personal Data from any of our websites, apps, products, or services, including where those data are collected from different devices.
More information regarding the use of this data can be found in the specific terms of each service, available on their respective platforms.
The purposes for which we Process Personal Data, and the legal bases on which we perform such Processing, within Vale, where the law applicable to our Processing requires a legal basis, are as follows:
Processing activity | Legal basis for Processing |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1. Sharing with third-parties:
Vale shares Personal Data with other entities within the Vale group, to suppliers, if necessary, for legitimate business purpose, and for the provision of our services, products, apps and websites, in accordance with applicable law. In addition, we disclose Personal Data to:
- you and, where appropriate, your appointed representatives;
- legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- accountants, auditors, consultants, lawyers and other outside professional advisors to Vale, subject to binding contractual obligations of confidentiality;
- third-party Processors (such as payment services providers; recruiters; pre-employment screenings services etc.), located anywhere in the world (subject to the requirements noted below);
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal claims;
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
- any relevant third party acquirer(s) or successor(s) in title, in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); andany relevant third party provider, where our websites and our apps use third party advertising, plugins or content. If you choose to interact with any such advertising, plugins or content, your Personal Data may be shared with the relevant third party provider. We recommend that you review that third party’s privacy policy before interacting with its advertising, plugins or content.
- If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data, together with any additional requirements under applicable law.
2. International data transfer:
- Because of the international nature of our business, we transfer Personal Data within the Vale group, and to the third-parties set out above under the sub-heading entitled “Sharing with third-parties”. Recipients of Personal Data we transfer may be located in all countries where the Vale group is present but in other countries globally as well. For this reason, we transfer Personal Data to other countries that may have different legal requirements and data protection compliance requirements to those that apply in the country in which you are located or in which you disclosed your Personal Data to us. We may transfer your Personal Data to the following jurisdictions in particular but also other jurisdictions globally where third-party recipients or their service providers are located:
- Argentina;
- Australia;
- Brazil;
- Canada;
- Chile;
- China;
- India;
- Indonesia;
- Japa;
- Malaysia;
- Oman;
- Peru; and
- Singapore.
For the international transfer of Personal Data related to individuals located in the EU or UK or Switzerland, if an exemption or derogation applies (e.g., where a transfer is necessary to establish, exercise or defend a legal claim, based on explicit consent, or where the transfer is necessary for the performance of a contract with the data subject or pre-contractual measures at the data subject’s request.) we may rely on that exemption or derogation, as appropriate. Where no exemption or derogation applies, and we transfer your Personal Data from the EEA or UK or Switzerland to recipients located outside the EEA or UK or Switzerland who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses. You are entitled to request a copy of our Standard Contractual Clauses using the contact details provided below.
Subject to applicable law, data subjects may have the following rights regarding the Processing of their Personal Data:
- the right to request access to, or copies of, Personal Data, together with information regarding the nature, Processing and disclosure of Personal Data;
- the right to request rectification to any inaccuracies in Personal Data;
- the right to request, on legitimate grounds erasure of Personal Data or restriction of Processing of Personal Data;
- the right to request portability of Personal Data to another controller, in a structured, commonly used and machine-readable format, to the extent applicable;
- where we Process Personal Data on the basis of your consent, the right to withdraw consent given, at any time, upon the express request of the data subject (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Data in reliance upon any other available legal bases); and
- the right to lodge complaints regarding the Processing of Personal Data with a Data Protection Authority.
Subject to applicable law, you may also have the following additional rights regarding the Processing of your Personal Data:
- the right to object, on grounds relating to your particular situation, to the Processing of your Personal Data by us or on our behalf, where such Processing is based on Articles 6(1)(e) (public interest) or 6(1)(f) (legitimate interests) of the GDPR / UK GDPR; and
- the right to object to the Processing of your Personal Data by us or on our behalf for direct marketing purposes.
This does not affect your statutory rights.
To exercise one of these rights, or to ask a question about these rights or any other provision of this Privacy Notice, or about the Processing of your Personal Data, please use the contact details found at the bottom of this page.
Please note that:
- in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights; and
- where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
Personal Data is protected against unauthorized access, illegal Processing or disclosure, as well as accidental loss, modification or destruction. This applies regardless of whether such data is Processed electronically or on paper.
Vale has appropriate technical and organizational measures to protect Personal Data, such as information classification, data backup and restoration and identity and access management. These measures are based on security analysis and data protection risks.
In the event of deletion of Personal Data, the process is carried out safely, in line with the appropriate technical measures, in order to ensure that the deleted Personal Data cannot be recovered.
Data accuracy
We take every reasonable step to ensure that:
- your Personal Data that we Process is accurate and, where necessary, kept up to date; and
- any of your Personal Data that we Process that is inaccurate (having regard to the purposes for which such Personal Data is Processed) is erased or rectified without delay.
From time to time we may ask you to confirm the accuracy of your Personal Data.
Data minimization
We take every reasonable step to ensure that your Personal Data that we Process is limited to the Personal Data reasonably necessary in connection with the purposes set out in this Privacy Notice.
We take every reasonable step to ensure that all Personal Data collected will be Processed and retained for the minimum period necessary for the fulfilment of the purposes described under the heading entitled “What is the purpose of collection and Processing of Personal Data?”.
The data may be kept in our files in compliance with and observance of the deadlines defined in the legal system in question. This justifies, therefore, the retention of Personal Data in our databases, under the same security and protection mechanisms.
We do not seek to collect or otherwise Process Sensitive Personal Data in the ordinary course of our business. Where it becomes necessary to Process your Sensitive Personal Data for any reason, we rely on one of the following legal bases, where the law applicable to our Processing requires a legal basis:
- Compliance with applicable law: We may Process your Sensitive Personal Data where the Processing is required or permitted by applicable law (e.g., to comply with our diversity reporting obligations);
- Employment law: We may Process your Sensitive Personal Data where the Processing is necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment, social security and social protection law;
- Detection and prevention of crime: We may Process your Sensitive Personal Data where the Processing is necessary for the detection or prevention of crime (e.g., the prevention of fraud);
- Vital interests: We may Process your Sensitive Personal Data where the Processing is necessary to protect the vital interests of any individual; or
- Vital interests: We may Process your Sensitive Personal Data where the Processing is necessary to protect the vital interests of any individual; or
- Public health: We may Process your Sensitive Personal Data where the Processing is necessary for reasons of public interest in the area of public health (e.g., protecting against serious cross-border threats to health); or
- Establishment, exercise or defence of legal claims: We may Process your Sensitive Personal Data where the Processing is necessary for the establishment, exercise or defence of legal claims; or
- Consent: We may Process your Sensitive Personal Data where we have, in accordance with applicable law, obtained your express consent prior to Processing your Sensitive Personal Data (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
If you provide Sensitive Personal Data to us, you must ensure that it is lawful for you to disclose such data to us, and you must ensure a valid legal basis applies to the Processing of those Sensitive Personal Data.
To contact Vale's privacy team and Vale’s Data Protection Officer (“DPO”), use the form below or send an email to dpo@vale.com or to breach@logicdocument.com (if you are located in UK).
The purpose of this form, the dpo@vale.com and of the breach@logicdocument.com (for UK) emails address is to establish a channel for contacting the DPO and for the exercise of data subjects’ rights. For matters not related to privacy, access Contact Us.
For the purposes of this Privacy Notice, the relevant Controllers are:
Controller entity | Contact details | |
---|---|---|
Vale S.A.
|
|
|
Vale Europe Limited
|
Vale Europe Limited – Suite 1, 3rd Floor, 11-12 St. Jame´s Square, London, United Kingdom, SW1Y 4LB; Data Privacy Department / breach@logicdocument.com
|
|
Vale Holdings B.V.
|
Piet Heinkade 55, 1019 GM, Amsterdam, the Netherlands; Data Privacy Department / privacy@vale.com
|
|
Vale International SA
|
Route de Pallatex 29, 1162 Saint-Prex, Switzerland; Data Privacy Department / privacy@vale.com
|
“Adequate Jurisdiction” means a jurisdiction that has been formally designated by the European Commission, or the UK Government, or other competent local authority, as providing an adequate level of protection for Personal Data;
- “Cookie” means a small file that is placed on your device when you visit a website (including our websites). In this Privacy Notice, a reference to a “cookie” includes analogous technologies such as web beacons and clear GIFs;
- “Controller” means the entity that decides how and why Personal Data is Processed. In many jurisdictions, the controller has primary responsibility for complying with applicable data protection laws;
- “Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws;
- “EEA” means the European Economic Area;
- “GDPR” means the General Data Protection Regulation (EU) 2016/679;
- “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual; provided, however, that where applicable data protection law protects legal entities as data subjects “Personal Data” will be deemed to include information relating to legal entities;
- “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller);
- “Sensitive Personal Data” means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, biometric data, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that are deemed to be sensitive under applicable law;
- “Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission, or the UK Government; and
- “UK GDPR” means the UK’s equivalent of the GDPR.
We may process the following categories of Personal Data about you:
- Personal details: given name(s); preferred name; photograph; details of representative; curriculum vitae / résumés and/or applications; passport number (where applicable); and work permit or visa number (where applicable).
- Demographic information: gender; date of birth / age; nationality; salutation; title; and language preferences.
- Contact details: correspondence address; shipping address; telephone number; email address; details of personal assistants, where applicable; messenger app details; online messaging details; and social media details.
- Expertise: records of your expertise, curriculum vitae / résumés, professional history, education history, practising details and qualification details; information about your experience, participation in meetings, seminars, advisory boards and conferences; salary expectations; referrals and references; information about your professional relationship with other individuals or institutions; and language abilities and other professional skills.
- Background checks: details revealed by background checks conducted in accordance with applicable law and subject to your prior express written consent (where required, including details of past employment, details of residence, credit reference information, and criminal records checks.
- Consthe date and time, means of consent and any related information (e.g., the subject matter of the consent).
- Purchase details: records of purchases and prices; and consignee name, address, contact telephone number and email ent records: records of any consents you have given, together with address.
- Payment details: invoice records; payment records; billing address; payment method; bank account number or credit card number; cardholder or accountholder name; card or account security details; card ‘valid from’ date; card expiry date; BACS details; SWIFT details; IBAN details; payment amount; payment date; and records of cheques.
- Data relating to our websites and apps: device type; operating system; browser type; browser settings; IP address; language settings; dates and times of connecting to a website; app usage statistics; app settings; dates and times of connecting to an app; location data, and other technical communications information (some of which may constitute Personal Data); password; security login details; usage data; and aggregate statistical information.
- Employer details: where you interact with us in your capacity as an employee of a third party, the name, address, telephone number and email address of your employer, to the extent relevant.
- Content and advertising data: records of your interactions with our online advertising and content; and records of advertising and content displayed on pages or app screens displayed to you.
- Views and opinions: any views and opinions that you choose to send to us, or publicly post about us on social media platforms.
- Biometric and health data: biometric data and data about your health (including health information to monitor the spread of infectious diseases in the workplace and biological sampling data); and (if disclosed) any special needs or health condition and information relating to accommodations that you may request during the recruitment process.
We collect or obtain Personal Data about you from the following sources:
- Data provided to us: We obtain Personal Data when those data are provided to us (e.g., where you contact us via email or telephone, or by any other means, or when you provide us with your business card, or when you submit a job application).
- Data we obtain in person: We obtain Personal Data during meetings, at trade shows, during visits from sales or marketing representatives, or at events we attend.
- Collaborations: We obtain Personal Data when you collaborate with us in research or in an advisory / consultancy capacity.
- Relationship data: We collect or obtain Personal Data in the ordinary course of our relationship with you (e.g., we provide a service to you, or to your employer).
- Data you make public: We collect or obtain Personal Data that you manifestly choose to make public, including via social media (e.g., we may collect information from your social media profile(s), if you make a public post about us).
- App data: We collect or obtain Personal Data when you download or use any of our apps.
- Website data: We collect or obtain Personal Data when you visit any of our websites or use any features or resources available on or through a website.
- Registration details: We collect or obtain Personal Data when you use, or register to use, any of our websites, apps, products, or services.
- Content and advertising information: If you interact with any third party content or advertising on a website or in an app (including third party plugins and Cookies) we receive Personal Data from the relevant third party provider of that content or advertising.
- Third party information: We collect or obtain Personal Data from third parties who provide it to us (e.g., credit reference agencies; law enforcement authorities; recruiters; previous employers, referees, entities conducting background checks etc.).
Creation of Personal Data
We also create Personal Data about you in certain circumstances, such as records of your interactions with us, and details of your past interactions with us. We may also combine Personal Data from any of our websites, apps, products, or services, including where those data are collected from different devices.
More information regarding the use of this data can be found in the specific terms of each service, available on their respective platforms.
Processing activity | Legal basis for Processing |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1. Sharing with third-parties:
Vale shares Personal Data with other entities within the Vale group, to suppliers, if necessary, for legitimate business purpose, and for the provision of our services, products, apps and websites, in accordance with applicable law. In addition, we disclose Personal Data to:
- you and, where appropriate, your appointed representatives;
- legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- accountants, auditors, consultants, lawyers and other outside professional advisors to Vale, subject to binding contractual obligations of confidentiality;
- third-party Processors (such as payment services providers; recruiters; pre-employment screenings services etc.), located anywhere in the world (subject to the requirements noted below);
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal claims;
- any relevant party, regulatory body, governmental authority, law enforcement agency or court, for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
- any relevant third party acquirer(s) or successor(s) in title, in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); andany relevant third party provider, where our websites and our apps use third party advertising, plugins or content. If you choose to interact with any such advertising, plugins or content, your Personal Data may be shared with the relevant third party provider. We recommend that you review that third party’s privacy policy before interacting with its advertising, plugins or content.
- If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data, together with any additional requirements under applicable law.
2. International data transfer:
- Because of the international nature of our business, we transfer Personal Data within the Vale group, and to the third-parties set out above under the sub-heading entitled “Sharing with third-parties”. Recipients of Personal Data we transfer may be located in all countries where the Vale group is present but in other countries globally as well. For this reason, we transfer Personal Data to other countries that may have different legal requirements and data protection compliance requirements to those that apply in the country in which you are located or in which you disclosed your Personal Data to us. We may transfer your Personal Data to the following jurisdictions in particular but also other jurisdictions globally where third-party recipients or their service providers are located:
- Argentina;
- Australia;
- Brazil;
- Canada;
- Chile;
- China;
- India;
- Indonesia;
- Japa;
- Malaysia;
- Oman;
- Peru; and
- Singapore.
For the international transfer of Personal Data related to individuals located in the EU or UK or Switzerland, if an exemption or derogation applies (e.g., where a transfer is necessary to establish, exercise or defend a legal claim, based on explicit consent, or where the transfer is necessary for the performance of a contract with the data subject or pre-contractual measures at the data subject’s request.) we may rely on that exemption or derogation, as appropriate. Where no exemption or derogation applies, and we transfer your Personal Data from the EEA or UK or Switzerland to recipients located outside the EEA or UK or Switzerland who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses. You are entitled to request a copy of our Standard Contractual Clauses using the contact details provided below.
Subject to applicable law, data subjects may have the following rights regarding the Processing of their Personal Data:
- the right to request access to, or copies of, Personal Data, together with information regarding the nature, Processing and disclosure of Personal Data;
- the right to request rectification to any inaccuracies in Personal Data;
- the right to request, on legitimate grounds erasure of Personal Data or restriction of Processing of Personal Data;
- the right to request portability of Personal Data to another controller, in a structured, commonly used and machine-readable format, to the extent applicable;
- where we Process Personal Data on the basis of your consent, the right to withdraw consent given, at any time, upon the express request of the data subject (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Data in reliance upon any other available legal bases); and
- the right to lodge complaints regarding the Processing of Personal Data with a Data Protection Authority.
Subject to applicable law, you may also have the following additional rights regarding the Processing of your Personal Data:
- the right to object, on grounds relating to your particular situation, to the Processing of your Personal Data by us or on our behalf, where such Processing is based on Articles 6(1)(e) (public interest) or 6(1)(f) (legitimate interests) of the GDPR / UK GDPR; and
- the right to object to the Processing of your Personal Data by us or on our behalf for direct marketing purposes.
This does not affect your statutory rights.
To exercise one of these rights, or to ask a question about these rights or any other provision of this Privacy Notice, or about the Processing of your Personal Data, please use the contact details found at the bottom of this page.
Please note that:
- in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights; and
- where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
Personal Data is protected against unauthorized access, illegal Processing or disclosure, as well as accidental loss, modification or destruction. This applies regardless of whether such data is Processed electronically or on paper.
Vale has appropriate technical and organizational measures to protect Personal Data, such as information classification, data backup and restoration and identity and access management. These measures are based on security analysis and data protection risks.
In the event of deletion of Personal Data, the process is carried out safely, in line with the appropriate technical measures, in order to ensure that the deleted Personal Data cannot be recovered.
Data accuracy
We take every reasonable step to ensure that:
- your Personal Data that we Process is accurate and, where necessary, kept up to date; and
- any of your Personal Data that we Process that is inaccurate (having regard to the purposes for which such Personal Data is Processed) is erased or rectified without delay.
From time to time we may ask you to confirm the accuracy of your Personal Data.
Data minimization
We take every reasonable step to ensure that your Personal Data that we Process is limited to the Personal Data reasonably necessary in connection with the purposes set out in this Privacy Notice.
We take every reasonable step to ensure that all Personal Data collected will be Processed and retained for the minimum period necessary for the fulfilment of the purposes described under the heading entitled “What is the purpose of collection and Processing of Personal Data?”.
The data may be kept in our files in compliance with and observance of the deadlines defined in the legal system in question. This justifies, therefore, the retention of Personal Data in our databases, under the same security and protection mechanisms.
We do not seek to collect or otherwise Process Sensitive Personal Data in the ordinary course of our business. Where it becomes necessary to Process your Sensitive Personal Data for any reason, we rely on one of the following legal bases, where the law applicable to our Processing requires a legal basis:
- Compliance with applicable law: We may Process your Sensitive Personal Data where the Processing is required or permitted by applicable law (e.g., to comply with our diversity reporting obligations);
- Employment law: We may Process your Sensitive Personal Data where the Processing is necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment, social security and social protection law;
- Detection and prevention of crime: We may Process your Sensitive Personal Data where the Processing is necessary for the detection or prevention of crime (e.g., the prevention of fraud);
- Vital interests: We may Process your Sensitive Personal Data where the Processing is necessary to protect the vital interests of any individual; or
- Vital interests: We may Process your Sensitive Personal Data where the Processing is necessary to protect the vital interests of any individual; or
- Public health: We may Process your Sensitive Personal Data where the Processing is necessary for reasons of public interest in the area of public health (e.g., protecting against serious cross-border threats to health); or
- Establishment, exercise or defence of legal claims: We may Process your Sensitive Personal Data where the Processing is necessary for the establishment, exercise or defence of legal claims; or
- Consent: We may Process your Sensitive Personal Data where we have, in accordance with applicable law, obtained your express consent prior to Processing your Sensitive Personal Data (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
If you provide Sensitive Personal Data to us, you must ensure that it is lawful for you to disclose such data to us, and you must ensure a valid legal basis applies to the Processing of those Sensitive Personal Data.
To contact Vale's privacy team and Vale’s Data Protection Officer (“DPO”), use the form below or send an email to dpo@vale.com or to breach@logicdocument.com (if you are located in UK).
The purpose of this form, the dpo@vale.com and of the breach@logicdocument.com (for UK) emails address is to establish a channel for contacting the DPO and for the exercise of data subjects’ rights. For matters not related to privacy, access Contact Us.
Controller entity | Contact details | |
---|---|---|
Vale S.A.
|
|
|
Vale Europe Limited
|
Vale Europe Limited – Suite 1, 3rd Floor, 11-12 St. Jame´s Square, London, United Kingdom, SW1Y 4LB; Data Privacy Department / breach@logicdocument.com
|
|
Vale Holdings B.V.
|
Piet Heinkade 55, 1019 GM, Amsterdam, the Netherlands; Data Privacy Department / privacy@vale.com
|
|
Vale International SA
|
Route de Pallatex 29, 1162 Saint-Prex, Switzerland; Data Privacy Department / privacy@vale.com
|
“Adequate Jurisdiction” means a jurisdiction that has been formally designated by the European Commission, or the UK Government, or other competent local authority, as providing an adequate level of protection for Personal Data;
- “Cookie” means a small file that is placed on your device when you visit a website (including our websites). In this Privacy Notice, a reference to a “cookie” includes analogous technologies such as web beacons and clear GIFs;
- “Controller” means the entity that decides how and why Personal Data is Processed. In many jurisdictions, the controller has primary responsibility for complying with applicable data protection laws;
- “Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws;
- “EEA” means the European Economic Area;
- “GDPR” means the General Data Protection Regulation (EU) 2016/679;
- “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual; provided, however, that where applicable data protection law protects legal entities as data subjects “Personal Data” will be deemed to include information relating to legal entities;
- “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller);
- “Sensitive Personal Data” means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, biometric data, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that are deemed to be sensitive under applicable law;
- “Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission, or the UK Government; and
- “UK GDPR” means the UK’s equivalent of the GDPR.
Communication Channel
Contact us
Vale
Initiatives
Anda mengakses pengalaman:
IP Address: 18.217.10.200
Iniciativas