BlueScope Privacy Notice for California Residents

This Privacy Notice covers the following topics:

Introduction
Personal Information We Collect, From Whom We Collect It, How We Use It, And To Whom We Disclose It
Disclosing Personal Information
How Long We Keep Personal Information
Your Rights and Choices
Non-Discrimination
Changes To This Privacy Notice
Contact Information

If you have a disability that limits your ability to access this Privacy Notice, please contact us at privacy@bluescope.us to receive information on alternative formats.

INTRODUCTION

This Privacy Notice for California Residents supplements the information contained in BlueScope’s general privacy notice available at https://www.bluescope.com/privacy-policy/ and applies solely to Website visitors, users, and others who reside in the State of California (“individuals” or “you”). This Privacy Notice does not apply to the personal information of individuals in their capacity as BlueScope’s employees or contract workers or their emergency contacts, dependents, or beneficiaries. We adopt this Notice to comply with the California Privacy Rights Act (“CPRA”). Any terms defined in the CPRA have the same meaning when used in this Notice.

“Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident. Personal information does not include:

Information publicly available from government records or made publicly available by you or with your permission;
Deidentified or aggregated individual information; or
Information excluded from the CPRA’s scope, such as:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 and the California Confidentiality of Medical Information Act or clinical trial data; or
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994.

Consumers:
As a business-to-business company, we do not collect personal information from individuals in their capacity as consumers.

Children’s Online Privacy Protection Act Compliance:

We do not collect information from anyone under 13 years of age. The products and/or services we provide, together with our Website, are all directed to individuals who are at least 13 years old. If you are under the age of 13, you are not authorized to use our services or the Website.

PERSONAL INFORMATION WE COLLECT, FROM WHOM WE COLLECT IT, HOW/WHY WE USE IT, AND WITH WHOM WE DISCLOSE IT

The following table sets forth the categories of personal information the Website has collected from individuals within the last 12 months, along with the purpose for collection and use and the categories of sources for the personal information.

Category	Examples	Purpose for Which It Will Be Used	Categories of Sources from Which the Information Was Collected
Identifiers	Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address or email address.	Presenting our Website and its contents to you. Improving and managing the Website, including analytics services. Informing you about new features of the Website. Marketing our products and services to your company and sending you marketing materials that may be of interest to your company.	Directly from you (e.g., by filling in a webform). Automatically as you interact with the Website. From third parties and service providers. From social media platforms linked from the Website if you “Like,” “Follow,” or otherwise interact with our page or profile on that platform.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	A name, signature, address, telephone number, education, employment, or employment history.	Same as above.	Directly from you.
Commercial information	Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies on your company’s behalf.	Marketing our products and services to your company and sending you marketing materials that may be of interest to your company.	Directly from you. From third parties and service providers.
Internet or other similar network activity.	Browsing history, search history, information on an individual’s interaction with a website, application, or advertisement.	Presenting our Website and its contents to you. Enabling you to interact with Website features and improving the Website’s performance when you return to the Website. Improving and managing the Website.	Automatically as you interact with the Website. From third parties and service providers.

Other common categories of sources include:

Service providers, for example, analytics providers, IT, and system administration services.
Third parties, for example, lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
Government or administrative agencies, for example, law enforcement, public health officials, and other government authorities.

Other common purposes include:

To administer and protect our business and Website (including troubleshooting, analysis, testing, system maintenance, support, reporting and hosting of data, and preventing fraud and abuse).
To store, host, or backup (whether for disaster recovery or otherwise) our services or any data contained therein.
To protect the rights, property, or safety of BlueScope, you, or others.
To report suspected criminal conduct to law enforcement and cooperate in investigations.
To exercise our rights under applicable law and to support any claim, defense, or declaration in a case or before a jurisdictional and/or administrative authority, arbitration, or mediation panel.
To ensure compliance with applicable laws and regulatory obligations.
Any incidental purposes related to, or in connection with, the above.

Note on Sensitive Personal Information

BlueScope does not infer characteristics from sensitive personal information. BlueScope only uses sensitive personal information as necessary to perform the services or provide the goods the average person would reasonably expect when requesting those goods or services, to ensure security and integrity, short term transient use, to maintain the quality of our products and services, or for other purposes permitted by the CPRA without the right to opt out.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

DISCLOSING PERSONAL INFORMATION

Disclosures Generally:

BlueScope discloses personal information as necessary for the purposes described above to the following categories of external recipients:

Service providers and contractors: BlueScope discloses your personal information to service providers and contractors for the purposes above to assist us in meeting our business needs and contractual and legal obligations.
Government or administrative agencies: For example, BlueScope may report unlawful activity to law enforcement.
Required Disclosures: We may be required to disclose personal information in a court proceeding, in response to a court order, subpoena, civil discovery request, other legal process, or as otherwise required by law.
Legal Compliance and Protections: We may disclose personal information when we believe disclosure is necessary to comply with the law or to protect the rights, property, or safety of BlueScope, our users, or others.

Disclosures of Personal Information for a Business Purpose

In the preceding 12 months, we have disclosed the categories of personal information listed above for a “business purpose,” as that term is defined by the CPRA:

Service providers: For the business purpose of performing services on BlueScope’s behalf and, in particular, for the specific purposes described above.
Auditors, lawyers, consultants, and accountants engaged by BlueScope: For the business purpose of auditing compliance with policies and applicable laws, in addition to performing services on BlueScope’s behalf.

No Sales or Sharing of Personal Information

In the preceding 12 months, we have not sold or “shared” personal information (disclosed personal information to third parties for behavioral advertising). We will not sell or “share” your personal information without providing you with an opportunity to opt-out of such sales. Without limiting the foregoing, we have no actual knowledge that we sell or “share” the personal information of any individuals, including individuals under 16 years of age.

HOW LONG WE KEEP PERSONAL INFORMATION

We retain personal information for the duration of your customer relationship with BlueScope and for as long thereafter as permitted or required by applicable law.

For Applicants:

If BlueScope hires you, the information collected about you during the job application process may become part of your personnel file and may be used to administer the employment relationship and for related reporting and recordkeeping purposes. BlueScope will retain this application information for the entire duration of your employment relationship with BlueScope and for as long thereafter as permitted or required by applicable law.

BlueScope will retain information of applicants who are not hired for four (4) years after the record is collected. These records will be retained for our internal recordkeeping and reporting purposes in compliance with California Government Code § 12946. During that time, we may use your information to consider you for positions in addition to the position(s) for which you initially applied.

YOUR RIGHTS AND CHOICES

The CPRA provides California residents with specific rights regarding their personal information. This section describes your CPRA rights and explains how to exercise them.

Right to Know

California residents have the right to request certain information about our collection, use, and disclosure of your personal information. Once we receive and confirm your verifiable request (the process for submitting “verifiable requests” is addressed below), you have the right to obtain:

The categories of personal information we collected about you.
The categories of sources for the personal information we collected about you.
Our business or commercial purpose for collecting that personal information.
The categories of third parties to which we disclosed that personal information.
The specific pieces of personal information we obtained from you. Please note that the CPRA’s right to obtain “specific pieces” does not grant a right to the whole of any document that contains personal information, but only to discrete items of personal information.

California residents generally just have a right to know categories, for example, categories of third parties to which personal information is disclosed, but not the individual third parties.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete—and direct our service providers to delete—your personal information from our records, unless an exception applies.

Correction Request Rights

You have the right to submit a verifiable request for the correction of inaccurate personal information maintained by us, taking into account the nature of the personal information and the purposes of processing the personal information.

Exercising Your Rights

To exercise your rights described above, please submit a verifiable request to us by either:

Calling us at 816-968-3000 or 888-285-7717
Submitting a request through the following webform: https://bluescopebuildings.com/contact-us/
Email: privacy@bluescope.us

Making a verifiable request does not require you to create an account with us. We do, however, consider requests made through your password-protected account sufficiently verified when the request relates to personal information associated with that specific account. Otherwise, we match personal information that you provide us against personal information we maintain in our files.

Only you, or someone legally authorized to act on your behalf, may make a verifiable request related to your personal information – and you may make a verifiable request to exercise your right to know only twice within a 12-month period.

If an authorized agent submits a request on your behalf, the authorized agent must submit with the request another document signed by you that authorizes the authorized agent to submit the request on your behalf. In addition, we may ask you or your authorized agent to follow the applicable process described above for verifying your identity. In the alternative, you can provide a power of attorney compliant with the California Probate Code.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Regardless of how you submit your request, we will use personal information provided in a verifiable request only to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We will use reasonable efforts to initially respond to a verifiable request within 10 days of its receipt – with a substantive response within 45 days of receipt. If we require more time (not to exceed 90 days from receipt), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

CHANGES TO THIS PRIVACY NOTICE

We reserve the right to amend this Privacy Notice at our discretion and at any time. When we make changes to this Privacy Notice, we will post the updated Notice on the Website and update the notice’s “Last Modified” date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

CONTACT INFORMATION

If you have any questions or comments about this Notice, the ways in which we collect and use your information, your choices and rights regarding such use, or wish to exercise your rights under California law, please contact us at:

Phone: 816-968-3000 or 888-285-7717

Email: privacy@bluescope.us

Postal Address:
BlueScope North America
1540 Genessee St
Kansas City, MO 64102

Last Modified: June 28, 2023

Last Reviewed on: June 28, 2023