SSAB privacy statement

Last updated July 2022

This Privacy Statement informs about the processing of personal data by SSAB group companies including SSAB AB and its affiliates Tibnor and Ruukki, among others ("SSAB"). It answers the questions of what personal data SSAB collects, uses or shares, for what purposes the data is collected and what rights persons have. The persons whose information is processed can be SSAB’s customers, representatives of corporate customers or potential customers, supplier representatives, other intermediaries and business partners, shareholders, site visitors or internet and digital users visiting the website or other digital service platforms or other persons having a connection to SSAB ("Users").

SSAB also processes personal data of its consumer customers and contacts in the course of Ruukki and Plannja business activities. For this purpose, we have a separate B2C Privacy Statement which you can find at  

SSAB's website may contain links to websites and services of third parties. These websites or services are subject to their own privacy statements. SSAB does not take any responsibility of third parties’ privacy statements or the processing of personal data in third parties’ operations. Please pay attention to their respective privacy statements and subsequent changes to them.



The data controller responsible for the SSAB group’s personal data processing activities is SSAB AB (registration number: 556016-3429, address: P.O. Box 70, SE-101 21 Stockholm, Sweden). This includes accountability for all data processing on a corporate level, for example for marketing and digital service tools provided in SSAB group companies. SSAB is responsible for ensuring that personal data is processed in compliance with this Statement and applicable data protection laws. 

In addition, SSAB affiliate can be regarded as the data controller in separate contractual or other cooperation relationship or in connection with certain statutory personal data processing and compliance with local legal requirements of an individual legal entity part of the SSAB group. SSAB group companies also share personal data for administrative purposes and to facilitate the business operations of the group and the individual legal entities. The information of SSAB group companies and affiliates can be found in the latest Annual Report at and at Regardless of the data controller in a specific situation, the primary contact for privacy matters in SSAB is: email: data.privacy(at)



SSAB processes the personal data of Users for various purposes, which are explained below.

2.1 Contractual and other interaction with customers, suppliers and other business partners

The main purpose of processing personal data is to deliver SSAB's products and services, as well as to source services and material for SSAB’s business needs, and provide website and other digital services. The processing of personal data is primarily based on contract, including processing needed prior to entering into a contractual relationship with the company or organization the User is representing, or in some cases also with the User directly.

2.2 Marketing and communications

Users' personal data is used to manage communication with Users and for marketing purposes. In this respect, processing can be based on SSAB's legitimate interest to provide Users with relevant and up-to-date information as part of the website as well as through other digital platforms and services. Processing can also be based on SSAB's legitimate interest to promote SSAB's latest products and services as well as to personalize the User experience and to evaluate customer satisfaction.
In certain regions, marketing via electronic means is based on Users' prior consent, for example for sending marketing messages. Users should refer to section 6 below for further information about marketing communications and Users' rights in this respect.

2.3 Product and services development purposes

SSAB aims to provide high-quality products and services and to give Users relevant information about those products and services. Therefore, SSAB may use personal data to analyze the market and the use of websites or services for the purpose of developing and improving the quality of the website and SSAB's products and services. This processing is based on SSAB's legitimate interest to grow and develop. This can also include building User group profiles and profiles of individual customers or contacts by combining personal data collected by cookies or similar techniques, upon User’s consent for measurement and targeting purposes, with other existing information about the Users. This type of information can be used to improve our service offering and for marketing purposes as long as there is a valid legitimate interest or, if required, a User has provided a consent for use of personal data for marketing. SSAB uses cookies and other similar techniques inter alia for statistical purposes, for example to compile aggregated statistics that allow SSAB to understand how Users use the website and increase user-friendliness. Please see SSAB's Cookie Statement for further information related to statistical and other purposes of using cookies and the legal basis thereof.

2.4 Information and facility security

SSAB may process technical data, including some personal data for information security and access surveillance purposes and fraud prevention. SSAB maintains also information and facility security measures to safeguard health and safety as well as business information and business assets in order to avoid injuries at its facilities, to prevent property damage and criminal activities and to ensure the availability of the websites and services. This processing is based on SSAB's legitimate interest to ensure an appropriate level of network, facility and information security and the safety of others. SSAB also processes information about visitors to its facilities. This processing of visitor information is based on SSAB’s legitimate interest to enable external visits to its facilities and business premises.

2.5 Compliance with statutory obligations

Sometimes personal data may be used to comply with a legal obligation. In SSAB’s business operations, this means for example that personal data processing may be needed in order to be in compliance, with i.a. the following statutory requirements: (i) reporting and audit, (ii) Market Abuse Regulation, (iii) sanctions and other compliance screening, (iv) whistleblowing procedures, (v) corporate governance requirements and (vi) share and shareholder registers (incl. attendance at shareholders’ meetings). In addition, certain personal data may be stored for dispute resolution purposes to be able to establish and defend legal claims. 

2.6 Processing of personal data internally within SSAB group

Users' personal data may be processed in other SSAB group companies. In this case, the processing of personal data can be based on contractual obligation or SSAB's legitimate interest for internal administrative purposes to organize and manage e.g. customer and supplier relationships, marketing as well as information security measures and other business functions within the group in an appropriate and practical way.



SSAB may collect personal data through different means, which are explained below.

3.1 Business relationship

SSAB processes personal data for the purpose of maintaining a good business relationship, for example when providing and delivering products or services, maintaining customer communications, sourcing material, products and services for its business needs, or otherwise interacting with business partners or other stakeholders. This personal data is mostly collected directly from Users.
Depending on the Users' interaction, SSAB may collect the following personal data:

  • Basic information about the User or the company or organization the User is representing, such as name, email address and phone number;
  • Basic information about the User's employer such as, company name, business address, business email address and business phone number;
  • Information relating to the business relationship, such as products and services sourced or delivered, the starting and end time of the business relationship;
  • Billing and credit information, such as account numbers, payments made and outstanding and bills delivered; and
  • Customer communications, including feedback, marketing and campaign history information.

3.2 User's interaction with SSAB on website or otherwise

SSAB may collect personal data when Users contact SSAB's customer service, use website chat, deploy SSAB’s digital service platforms, contact SSAB otherwise, order SSAB's newsletter or participate in surveys or competitions on websites or elsewhere. This personal data is collected directly from the Users.
SSAB may collect personal data that the User has shared with SSAB, such as

  • Basic information about the User, such as name, email address and phone number;
  • Basic information about the User's employer, company name, address, email address and phone number;
  • Reasons for contacting SSAB and details related to contact; and
  • Surveys and competitions participated in.

3.3 Automatically collected data of the use of website and services

SSAB collects and processes the following technical data about the User and the use of the website, products and services provided by SSAB:

  • IP address, device ID, device type, operating system used and application settings;
  • User activity such as pages viewed and items ‘clicked’ on;
  • timestamps and log data relating to the use of the service; and
  • location/country of origin.

This technical data is collected through the use of website and services. SSAB asks for User’s consent for using other than strictly necessary cookies. More information about the use of cookies and similar technologies on SSAB websites can be found in the SSAB Cookie Statement .

3.4 Data collected from other sources

SSAB may, from time to time, also collect information from publicly available sources and third parties, such as social networks and marketing companies. For example, SSAB may receive basic information about the User's social network profile, if the User login to SSAB's website or services using a social network account.



SSAB may disclose Users' personal data to the following third parties:

  • other SSAB group companies for the purposes listed above;
  • trusted service providers or SSAB partners, such as suppliers, agents, distributors and marketing service providers for the purposes listed above. To the extent that these trusted service providers act on SSAB's behalf, SSAB remains responsible for the use of Users' personal data;
  • when permitted or required by law to comply with requests by competent public authorities such as subpoenas or similarly binding acts;
  • if SSAB is involved in a merger, acquisition, or sale of all or a portion of its assets; and
  • when SSAB believes in good faith that disclosure is necessary to protect SSAB's rights, protect Users' safety or the safety of others, investigate fraud, or respond to a government request.



5.1 Intra-group transfers

As some SSAB group companies are located outside of the EU/EEA, Users' personal data may be transferred outside of EU/EEA, such as to the United States. In these circumstances , SSAB will use the required established mechanisms for the transfer outside of the EU/EEA, including the Standard Contractual Clauses approved by the European Commission. Please contact data.privacy(at) for more information about the applicable safeguards for international data transfer in question. 

5.2 Service providers located outside of the EU/EEA

SSAB may use subcontractors for the personal data processing set out above. When necessary and to the extent required, personal data may be transferred to a country outside of the EU/EEA. In this case, SSAB will use the required established mechanisms that allow the transfer to subcontractors in those third countries, such as the Standard Contractual Clauses approved by the European Commission and additional safeguards to protect the transferred personal data.  Please contact data.privacy(at) for more information about the applicable safeguards for international data transfer in question.



When a User provides SSAB with contact details, for example, in connection with the sale of a product or service, contacts SSAB's customer service, orders a handbook or other materials on the website or participates in competitions or surveys, SSAB may use the User's personal data for marketing purposes and to promote SSAB's latest products and services as well as to personalize the User experience. Pursuant to applicable laws, Users are given the opportunity to give their prior consent or are allowed the opportunity to opt-out of receiving marketing communications from SSAB or other group companies.

6.1 eMarketing

SSAB may provide a User with product and service updates, newsletters and other communications about existing or new products and services by email and text message (SMS) if the User has given prior consent or if SSAB is otherwise permitted to do so under applicable law.
A User may unsubscribe from marketing communications at any time by clicking on the "unsubscribe" link located at the bottom of emails.

6.2 Statistics and segregation

SSAB may create User group profiles or segment data for the purpose of creating aggregated statistics about the use of SSAB's websites, products and services, such as to estimate the number of Users, viewed pages, email reads and detect which parts of the website Users find the most useful, to identify features that could be improved and to provide context based advertising to User groups. Data collected for these purposes is not used to identify a particular User but to analyze how Users in general or User groups use the website or services.

6.3 Targeted advertising

SSAB or SSAB's advertising partners may display content or advertisements to a User, for example, the User might see an advertisement for a recently viewed product on SSAB's website. SSAB uses cookies and other similar technologies to display personalized adverts based on, for example, the User's browsing, purchase history or log-in information.

When SSAB collects or uses information about a User's web browsing for e-marketing purposes, this will be based either on User’s consent or SSAB’s legitimate interest. If the processing of information about User is based on a legitimate interest, the User has the right to object to this at any time by contacting SSAB. Regarding the right to object, please refer to section 8 below for further information.



The personal data will be retained only for as long as necessary to fulfill the purposes defined in this Privacy Statement. After that, personal data will be removed except when personal data retention is required by law or rights or obligations by either party.
Here are the main rules for the retention periods:

  • Personal data regarding e.g. customers and suppliers will be retained during the business relationship and after that for as long as necessary or required by law or rights or obligations by either party, for example for billing purposes;
  • Data collected in connection with customer service, other interaction with SSAB, surveys and competitions will be retained for as long as necessary to manage and handle the matter in question. 
  • SSAB will delete or anonymize data used for marketing purposes after a reasonable period of time has lapsed from last contact between the User and SSAB, unless data retention is required by law or rights or obligations by either party.
  • Should a User have a concern about data retention for marketing purposes, the User should refer to section 8 below for further information about Users' rights in this respect.



A User has the right to access personal data that SSAB holds about him or her. 

A User has the right to request their personal data to be corrected, updated or removed at any time. However, please note that certain information is strictly necessary in order to fulfil the purposes defined in this Statement and may also be required by law. Therefore, the deletion of such data may not be allowed by applicable law which prescribes mandatory retention periods or if there is an overriding interest to keep processing the data for the intended purpose. 

A User has a right to object to processing that is based on a legitimate interest of SSAB on grounds relating to their particular situation at any time. In addition, whenever the processing of personal data is based on User’s consent, a User has the right to withdraw the consent at any time. The way in which Users can exercise their right to object or withdraw their consent depends on the processing purpose and activity in question. These rights can be at all times exercised also by contacting SSAB by email at [email protected].  To the extent required by applicable data protection law, Users have a right to restrict data processing.

A user has a right to data portability, i.e. the right to receive the personal data in a structured, commonly used machine-readable format and transmit the personal data to another data controller, to the extent required by applicable law. This applies only to personal data provided by the User based on customer contract or the User's consent.

Please send any requests regarding the above-mentioned rights to SSAB at data.privacy(at) Any requests related to the exercise of privacy rights will be responded within one month or within the applicable regulatory time limit. 

If a User thinks there is a problem with the way SSAB is processing the User's personal data, the User has a right to file a complaint to the national data protection authority in the EU/EEA.



SSAB maintains reasonable security measures, including physical, electronic and procedural measures, to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, SSAB limits access to this information to authorized employees and contractors who need to know that information in the course of their work or assignment and to third party service providers who may only process data in accordance with instructions provided by SSAB.

Please be aware that although SSAB endeavors to provide reasonable security measures for personal data, no security system can prevent all potential security breaches.



SSAB may amend this Privacy Statement and the related information. SSAB recommends that Users regularly access the Privacy Statement to find out about any changes to it. SSAB will always provide the date of the Privacy Statement to allow the Users to see changes. Please note that this Privacy Statement is for information purposes only.
SSAB will inform Users of any substantial changes by using reasonable and available channels.



For requests regarding SSAB’s Privacy Statement or personal data SSAB holds about the User in question, please contact SSAB by email at data.privacy(at)