We set out more details below under How we collect your personal data.
Who is responsible for your personal data?
For the purposes of the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), the data controller for the data you provide or that we collect in connection with our website or our apps is Steel City Re, LLC.
Are you required to provide your personal data?
You do not have to give us any personal data in order to use most of our websites, and in most instances you will provide us with your personal data voluntarily. However, there are circumstances in which we may not be able to assist you, or an organization with which you are associated, unless you provide us with your personal data. In these cases, without the relevant personal data, we may be unable to assist you or your organization, and we would inform you or your organization that this is the case. We also may collect some personal data about you automatically – further details below.
Which personal data do we collect?
When you use our website or when we interact with you, the personal data we collect, may include:
- Contact information, such as your name, job title, telephone number, mobile phone number, and email address
- Professional information, such as job titles, previous roles, and professional experience and qualifications
- If you connect to us from a social network, such as LinkedIn, we will collect personal information from the social network in accordance with your privacy settings on that social network. The connected social network may provide us with information such as your name, profile picture, network, gender, username, user ID, age or age range, language, country, friends list, follower list, and any other information you have agreed it can share or that the social network provides to us
- Special categories of personal data. In connection with the registration for and provision of access to an event or seminar, we or a third-party event host may ask for information about your health for the purpose of identifying and being considerate of any disabilities or special dietary requirements you may have. Any use of such information is based on your consent
For our professional reputation risk management and insurance services we may collect
- In addition to all or some of the information listed above, information collected from publicly available sources or data sites for client due diligence purposes
- Identification information from you or from your organization or other third parties for compliance with our legal and professional duties
- Payment data, such as data necessary for processing payments and fraud prevention, and other related billing information
- Other personal data regarding your preferences, opinions and comments where it is relevant to our services
For our recruitment
Steel City Re allows you to submit by email your resume that we will store in a third-party cloud storage environment. We believe the environment meets current standards for cybersecurity but we have no independent means of verification. Where the information you voluntarily provide is defined as special category data (or sensitive personal data) (such as your racial background or your state of health), we may use this to advance our diversity initiatives or assess your suitability for a position. But in any event, we will use such information only as permitted by law. In addition to some or all of the personal information set out above, we may receive information concerning you from third parties (for example, referees).
How we collect your personal data
We may collect personal data about you in a number of circumstances and ways, including:
- When you or your organization seek advice from us or when you are engaged by us on behalf of our clients
- When you make an enquiry about our services or otherwise interact on our website
- When you attend a seminar or event or sign up to receive publications from us
- When you or your organization provide services to us or seek to provide such
- When you apply to join us or express an interest in joining us
- When you interact with us by telephone, email and other electronic communication
- From third parties, such as government agencies, a credit reporting agency, information service providers, or from publicly available records
- From social media sites
- By making enquiries from your organization, other organizations with whom you have dealings such as former employers and educational institutions, or from third-party sources
- Automatically in the ways we describe below.
Using cookies and other tracking software, we automatically collect personal data about you when you access and use our websites, blogs, mobile sites, applications, sponsored content on social media sites (the “Online Information”), and information about the device you use to access the Online Information. For example, we may collect:
- Information about how you view the Online Information (such as the pages you view, the links you click)
- Information about your browser and usage patterns (e.g. your IP address, browser type and language)
- Information about the device you use to access the Online Information
- Your access via a social media site
We use this information to determine news, alerts, and other products and services that may be of interest to you for marketing purposes; to monitor and improve our Online Information and business; and to help us develop new products and services.
Using email tracking software, we collect email traffic headers (“from”, “to” and timestamp fields) for analyzing patterns of network traffic and managing our relationships.
Use of your personal information
We will use the personal data listed above if and to the extent necessary to achieve the following purposes:
- To provide reputation risk management advice or other services as instructed or requested by you or your organization.
- To manage and administer you or your organization’s relationship with us, including billing and collection, marketing and support services, and taking other steps linked to the performance of our business relationship
- To comply with our legal and regulatory obligations such as for anti-money laundering, financial and credit checks, audit requirements, fraud and crime prevention and detection, and record keeping. This may include automated checks of personal data you or your organization provide about your identity against relevant databases, and contacting you to confirm your identity, or making records of our communications with you for compliance purposes
- To analyze and improve our services and promote our business, such as by sending you publications and invites
- To protect the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities
- For insurance purposes
- Where applicable, and only as permitted by law with respect to the specific category of personal data, to assess your application to join us
- To comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies
- To comply with court orders and to exercise and/or defend our legal rights
- To assist or enhance your experience at an event; for example, details of your dietary requirements
- To personalize and foster the quality of our communications and interaction with you
- If you use our risk management or insurance services, we may share your contact details and limited information about our services to you or your organization with promotional publications or communications, in order to promote our business. We will only share your name and contact details. We may, where permitted by our professional confidentiality obligations, disclose information about our clients to third parties in connection with all or a portion of our business.
- For any other purposes related and/or ancillary to any of the above, or any other purposes for which your personal data was provided to us
- For our recruitment
Legal justification for our use of your personal data
We may process your personal data in connection with any of the purposes set out above on one or more of the following legal grounds:
- Because it is necessary for us to do so to perform your instructions or another contract with you or your organization.
- To comply with our legal obligations, as well as to keep records of our compliance processes or tax records
- Because our legitimate interests, or those of a third-party recipient of your personal data, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms
- Because you have expressly given us your consent to process your personal data in that manner
Legal basis in detail
Marketing. We will only provide you with marketing-related information after you have, where legally required to do so, opted-in to receive those communications. If you have not opted-in to our providing you with information promoting our business, we will use your personal information for our legitimate interests, provided that those interests are not overridden by your interests or fundamental rights and freedoms (e.g. if you are a client for news and updates on reputation risk and insurance matters). We will give you the opportunity to opt out at any time.
Professional Services. If we are providing you (or your organization) with services, our processing will be necessary for the performance of a contract between you or your organization and us. Prior to entering into a contract and/or to taking steps at your request or at the request of your organization before we provide services, the processing is necessary for our legitimate interests and those of our clients or prospective clients to assist us in providing the services. Our processing is for our legitimate interests in ensuring compliance with our legal and professional obligations or to protect our business. In all cases in which our legal basis for processing is due to our legitimate interests or those of our clients or prospective clients, we will use your personal information for our legitimate interests, provided that those interests are not overridden by your interests or fundamental rights and freedoms.
Recruitment. Where you apply to join us, we will only process your personal data based on your consent as part of the assessment of your suitability for any position for which you may apply at Steel City Re.
Business partners. If you are engaged by us to provide services or supplies, or if you wish to be, our processing your personal data will be necessary for the performance of a contract, or for our legitimate interests.
We will not use your personal data for making any automated decisions affecting or creating profiles other than as described above.
Sharing and transferring your personal information
As a global business, Steel City Re shares information, including personal information, with our business partners). We set out below further details of the ways we may share your personal data with:
- Third parties, including certain service providers we have retained in connection with the risk management and insurance services we provide, such as other brokers, underwriters, actuaries, consultants, mediators, or translators, couriers, or other necessary entities
- A client, if we have collected your personal data in the course of providing services to that client, and where permitted by law to others for the purpose of providing those services
- Third parties, on a confidential basis, to help us measure our performance and to improve and promote our services
- Companies providing services for money laundering and terrorist financing checks, credit risk reduction, and other fraud and crime prevention purposes, and companies providing similar services, including financial institutions, credit reference agencies, and regulatory bodies with whom such personal data is shared
- Courts, law enforcement authorities, regulators, government officials or other parties where it is reasonably necessary for the establishment, exercise or defense of a legal or equitable claim
- Service providers which we engage to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only
The personal information we collect may therefore be collected, transferred to and stored in countries outside of the jurisdiction you are in. Any international transfers of your personal information are made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission. If you wish to enquire further about these safeguards used, please contact us using the details set out on our Home Page.
We do not sell, rent or otherwise make personal information commercially available to any third party.
How long do we keep your personal data?
Your personal information will be retained in accordance with our data retention policy which categorizes all of the information held by Steel City Re, and specifies the appropriate retention period for each category of data. Those periods are determined by the purpose for which the information is collected and used, taking into account applicable data protection laws, legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, and Steel City Re’s business requirements.
You agree that if we hold your personal data for the purposes of compliance with our anti-money-laundering legal obligations, we may retain that information for a period beyond the time period specified by applicable laws.
The GDPR and other applicable data protection laws provide certain rights for data subjects. You may have the following rights:
- To request details of the information we hold about you and how we process it
- To have the personal data we hold rectified or deleted, to restrict our processing of that information, to stop unauthorized transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to another organization.
- To lodge a complaint in relation to Steel City Re’s processing of your personal information with a local supervisory authority
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see ‘How we use your personal information’) or that you may not be able to make use of the services and products offered by Steel City Re. Please note that even after you have chosen to withdraw your consent, we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations. If you have provided your consent and wish to withdraw your consent, please follow the opt-out links on any marketing message sent to you, or contact Steel City Re.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our legal services.
We must ensure that your personal information is accurate and up to date, where relevant. Therefore, please advise us of any changes to your information by emailing us.
California privacy rights
If you are a resident of the state of California, you have, under the California Civil Code, you have the right to request information on how to exercise your disclosure choice options from companies conducting business in California. To do so, send a request for information indicating your preference as to how you would like us to respond to your request (i.e., email or postal mail). To request such information, either send an email via the address on our Home Page or contact us via postal mail, proper postage pre-paid, at:
Steel City Re LLC
One Oxford Centre
301 Grant Street
Pittsburgh, PA 15219
Attn: Your California Privacy Rights
All requests sent via postal mail must be labelled “Your California Privacy Rights” on the envelope or post card and must be clearly stated on the actual request. For all requests, please include your name, street address (if you would like a response via postal mail), city, state, and zip code. We will not accept requests via telephone or fax. We are not responsible for notices that are not labelled or sent properly, or do not have complete information.