Jamshedpur Continuous Annealing & Processing Company Private Limited (hereinafter referred to as “We,” “Us,” and “Our”) owns and manages the website www.jcapcpl.com and its other digital platforms and applications (“Website”). This Privacy Policy (“Privacy Policy”) explains how We may collect, use, store, disclose, or otherwise process your personal data when you use our websites or through any other means that We may employ to process your personal data.

This policy underscores the rights you hold over your personal data, empowering you to dictate its usage and storage, thereby ensuring your security and control.

We are unwaveringly committed to protecting the personal data of our employees, vendors, and clients/customers. This commitment aims to foster your trust and confidence in us in accordance with applicable data protection laws and regulations. This Privacy Policy applies to all current and former users (collectively “You” or “Your”) accessing or using our website or otherwise engaging with us through email or other means. By accessing or using our website or by otherwise giving us your information, you confirm that you have read, understood, and agreed to the practices outlined in this Privacy Policy.

1. Information we collect

Mode of information collection

We collect your information directly from you through offline documentation and/or the Website. We may also collect information when you visit any of our offices to enquire about or avail of our services or attend conferences, seminars, webinars, or other events we organise. You agree and acknowledge that such information is collected and processed for fulfilling the purposes mentioned below and Consent to our collection thereof.

We may collect information about you from Third parties, such as service providers, to provide relevant services, offers and marketing services. This information will only be used and processed with your explicit consent, which you can provide or withdraw at any time. We, including our service providers, may monitor, record and retain your conversation and/or electronic communication between you and us or otherwise as deemed approved.

Information we process about You includes-

  • Personal data comprises all the details that we collect and process directly or indirectly about you as an individual, such as personal information such as your name, email address, and mobile number.
  • We may also automatically collect information about the devices you use to interact with our website. This information may include IP address, device identifier, web browser, and browsing information collected through cookies, web beacons, and other similar technologies (collectively, “Cookies and Other Tracking Technologies”) on our Sites.

2. Use of information

We may process your personal data where such relevant personal information is required to be processed for legitimate purposes as follows, but not limited to:

  • Providing products and services,
  • Monitoring and improving our website and its content,
  • Conducting market research and surveys with the aim of improving our products and services,
  • Sending you information about our products and services for marketing purposes and promotions, for which appropriate Consent is taken,
  • Complying with applicable local or foreign law, regulation, policy, voluntary codes, directive, judgement, or court order, as well as any contractual obligation pursuant to agreements between Us and any authority, regulator enforcement agency or body or any request coming from said entities,
  • Establishing, exercising, or defending legal rights in connection with legal proceedings (including any prospective legal proceedings) and seeking professional or legal advice in relation to such legal proceedings,
  • Surveillance of premises. (Video Recording),
  • To process your requests (such as replying to your queries)

3. Lawful basis of Processing

  • i. Consent: In some cases, we ask you for your Consent to process your personal data; you can withdraw your consent at any time, which will not affect the lawfulness of the processing before your consent is withdrawn. If you would like to withdraw your consent, you can do so by contacting us as provided in Section 14 of this policy below. However, your withdrawal of Consent will not impact the Processing of your personal information by Us for legitimate purposes, such as Processing in compliance with applicable laws or under the instruction of government authorities.
  • ii. Legitimate Interest: We process certain data for the legitimate interests of the Company, its affiliates, partners, customers, or in compliance with applicable laws, including notice from government authorities. These legitimate interests include, for example, contacting you to provide support or sending you marketing information (subject to applicable law); detecting, preventing, and investigating illegal activities and potential security issues; and maintaining and improving the Website and applications. The company will make all reasonable efforts while relying on its legitimate interests for Processing personal data only after balancing our interests and rights against the impact of the Processing on individuals.
  • iii. Performance of a Contract: We also process personal data on the basis of contractual necessity, where it is necessary for the performance of a contract or pre-contractual steps at your request.
  • iv. Other Legal Basis: In some cases, we may have a legal obligation to process your personal data, such as in response to a court or regulator order. We also may need to process your personal data to protect vital interests or to exercise, establish, or defend legal claims.

4. Our Policy concerning children and their data

  • We are committed to protecting the privacy and safety of children. In certain circumstances, we may process the personal data of children for associated services and social service initiatives. However, we take utmost care to comply with applicable laws and regulations regarding the Processing of children's personal data.
  • When processing such data, we make reasonable efforts to obtain appropriate Consent from parents or legal guardians in accordance with the relevant legal requirements. We ensure that the collection, use, and Disclosure of children's personal data is limited to what is necessary for the intended purposes and is done in a secure manner.
  • If you believe that we may have inadvertently collected personal data from a child without proper Consent or have any concerns regarding the Processing of children's data, don't hesitate to get in touch with us using the Email ID under Section 14. We will take reasonable endeavours to address the issue promptly. We encourage parents and guardians to actively participate in and supervise their children's online activities to ensure their privacy and safety.

5. Our Policy concerning people with disability and their data

  • We may collect and process the personal data of persons with a disability for the purpose specified in the policy.
  • The lawful guardians shall provide Consent on behalf of a person with a disability to process their personal information.

We shall make reasonable endeavours to ensure that adequate measures are implemented to process the personal data of the person with a disability in compliance with the applicable privacy regulations.

6. Recipients of data

Your personal data processed by us will be accessible to a limited list of recipients on a need-to-know basis or where required by law.

a. Within our organisation:

Within our organisation, access to your data is limited to those persons who are authorized and require access, as per the company’s internal policies and procedures, to provide you with the Products and Services and respond to your inquiries.

b. Third party(ies):

We may use service providers & Third parties for operating and improving the function of the website and services being offered. We endeavour to ensure that these service providers access, process, and store information about you only for the purposes we authorise through the execution of relevant instruments in this regard.

c. Authorities:

We may access, preserve, and disclose information about you to government authorities if we believe disclosure is in accordance with or required by applicable law, regulation, legal process, or audits. We may also disclose information about you if we believe that your actions are grossly inconsistent with our policies and/or affect the rights, property and reputation of the Company or others.

d. Transfer of business:

If we (or our assets) are merged, amalgamated, acquired, or transferred or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a Third party.

7. Retention of Personal Information

Your personal data is processed and retained securely for no longer than necessary for the purposes for which it was collected or unless required by applicable laws. At the expiry of such periods, your personal data will be deleted or archived to comply with legal retention obligations or in accordance with applicable statutory limitation periods.

8. Your rights

Subject to applicable law, regulations that may apply to your jurisdiction, and/or industry guidelines, you may have the right to invoke Data Subject Rights in relation to your personal data being processed by Us.

You have the following rights regarding Our use of your personal data:

  • You can access any of your data held by Us.
  • You can correct any inaccurate data We hold.
  • You can ask us to erase any of your data that we hold.
  • You can restrict the types of data We hold.
  • You can object to Our Processing of any of your personal data.
  • You can ask that your data be copied or transferred to a Third party.
  • You can withdraw the Consent that we may have sought from you earlier (wherever applicable).
  • You have the right to grievance redressal mechanisms, ensuring prompt resolution of grievances related to your personal data Processing
  • You possess the right to establish guidelines for the handling of your data after your passing, ensuring your preferences are respected and adhered to by authorised entities. (Wherever applicable)

JCAPCPL may be allowed by law, subject to applicable conditions, to charge a fee for fulfilling your request, particularly in case of excessive or manifestly unfounded requests.

JCAPCPL shall provide information on action taken on a request pertaining to the Data Subject Rights without undue delay and within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

JCAPCPL shall inform the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

Finally, note that you are entitled to lodge a complaint with a competent Data Protection Authority or similar entity, as per your country of residence, concerning JCAPCPL’s compliance with the applicable data protection laws and regulations.

9. Data Security

The security and confidentiality of your Personal Data are important to Us, and We have invested significant resources to safeguard your personal information. When using external service providers acting as processors, we require that they adhere to substantially similar standards of confidentiality and security as Ours. Regardless of where your personal information is transferred or stored, we take all steps reasonably necessary to ensure that personal data is kept secure. If you suspect any misuse/loss/unauthorised access to your data, please let us know immediately by contacting us via the information provided under Section 14 of this policy.

10. Third party websites

Our website may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third-party’s site. We do not control the third-party sites that may be accessible through our website. Thus, this Privacy Policy does not apply to information you provide to third-party sites or gathered by the Third parties that operate them.

11. Cookies

We use cookies and similar technologies to analyse and understand how you access, use, and interact with our website and our consumer’s preferences (such as country and language choices), as well as to assess, secure, protect, optimise, and improve the performance of our website. To know more about our use of cookies, please refer to our cookie policy.

12. Social Media

We operate channels, pages, and accounts on some social media sites to inform, assist and engage with employees, vendors, clients/customers, and the public at large. We monitor and record comments and posts made on these channels about Us in order to improve its products and services.

It is advisable to use official and authorised channels only for communication purposes. Please be aware of communicating with Us through publicly accessible social media sites with the following information:

  • Confidential, personal data, including any information regarding your financial situation, bank account details, transactions, etc.
  • Sensitive personal data including (i) Special categories of personal data, meaning any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the Processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation and (ii) other sensitive personal data such as criminal convictions and offences and national identification number; and
  • inappropriate, offensive, or insulting information towards individuals.
  • transmit any content, data or information that is unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libellous, invasive of another's privacy or right of publicity, hateful, or racially, ethnically, or otherwise objectionable.
  • Any information that infringes, violates, or impacts the rights, including intellectual property rights of others.
  • JCAPCPL is not responsible for any information posted on those sites other than that posted by the employees authorised to publicise the information on its behalf. Our responsibility is limited to using personal data we obtain from these sites for our own purposes.

13. Changes to this Privacy Policy

We may be required to update or change our Privacy Policy from time to time. We will upload an updated Privacy Policy on the website. We encourage you to periodically visit the page for the latest information on our privacy compliance. If any court or competent authority finds that any provision of this privacy policy (or part of any provision) is invalid, illegal, or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.

15. Definitions

Associate- means an employee, officer, director, Third Party, contractual employee, intern, job – candidate, end customer or any representative of the organisation.

Breach—a security breach leading to the accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed. Consent - of the Data Subject means any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which they, through a statement or using a clear affirmative action, signify agreement to the specific Processing of personal information relating to them.

Cross-border Processing- means either:

Processing of personal information which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State or Processing of personal information that takes place in the context of the activities of a single establishment of a controller or processor in the Union but that substantially affects or is likely to affect Data Subjects in more than one Member State.

Data Controller/Data Fiduciary—means an individual, organisation, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of Processing personal information. In some cases, the purpose and means of Processing are determined by Union or Member State law.

Data Processor - in relation to personal information, means any person (other than an employee of the Data Controller) who processes the personal information on behalf of the data controller.

Data Subject/ Data Principal - means a natural person is an individual who is the subject of certain personal information or whose information is being collected.

Data Subject Right—any request received by the firm from a Data Subject or other individual or legal entity who wishes to receive a copy of all the personal information related to it or him that the firm is Processing about it/him.

Disclosure means rendering personal information accessible, for example, by allowing access to personal information by transferring, distributing, or publishing it.

Personal Identifiable Information (PII) - means any information relating to an identified or identifiable living person (‘Data Subject’). An identifiable living person is one who can be identified, directly or indirectly, from the data items. Using a common identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing means any operation or set of operations performed on personal information or on sets of personal information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, combination, restriction, erasure or destruction.

Profiling means any form of automated Processing of personal information consisting of using personal information to evaluate certain personal aspects relating to a person, in particular, to analyse or predict aspects concerning that person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

A personal profile is a collection of data that allows the appraisal of an individual's fundamental personality characteristics.

Special categories of personal data/ Sensitive Personal Information (SPI) include personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, the Processing of genetic data and biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation.

Third-party- means a natural or legal person, public authority, agency, or body other than the Data Subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal information.