Kobelco Group Privacy Policy
1. Introduction
This Global Privacy Policy (“Policy”) describes how we, Kobelco Group (Kobe Steel Ltd. and each of its group companies), collect, use, disclose, and otherwise process personal data in connection with our business activities.
This Policy applies globally. Additional information required by local law is provided in country‑ or region‑specific Addenda, which form an integral part of this Policy. If there is any inconsistency between this Policy and any of the Addenda, the applicable Addendum shall prevail to the extent required by law.
Addenda (links):
EEA — Notice on Processing of Personal Information Collected within the EEA
California — Notice for California Residents
China — Notice on Processing of Personal Information Collected within China
2. Scope
This Policy applies to the processing of personal data relating to:
- Customers and users of our products and services;
- Business partners, suppliers, and other counterparties;
- Representatives of corporate customers and partners; and
- Job applicants, officers, and employees (to the extent applicable).
3. Categories
Depending on the nature of our relationship with you, we may process the following categories of personal data:
- Identification and contact information (e.g., name, email address, phone number, company name, job title);
- Business-related information (e.g., contractual details, transaction records, communications);
- Technical and usage data (e.g., IP address, device information, log data);
- Recruitment and employment-related information, where applicable; and
- Other information you voluntarily provide to us.
We do not intentionally collect special categories of personal data (sensitive personal data) unless required or permitted by law.
We may obtain personal data directly from you, from your organization, from our business partners, or automatically through your interactions with our systems. You may refuse to provide personal data to us; however, in such cases, your access to our products and services may be limited, or restrictions may be imposed on the provision of our products and services to you.
4. Purposes of Processing
We process personal data for the following purposes:
- Providing and managing our products and services;
- Performing and managing contracts and business relationships;
- Communicating with customers, partners, and other stakeholders;
- Marketing our products and services;
- Managing recruitment and employment-related processes;
- Ensuring information security and preventing fraud or misconduct;
- Complying with law, regulations, and legal obligations;
- Handling inquiries, complaints, and requests; and
- Enhancing operational efficiency and quality, including the use of digital tools and automated technologies (which may include AI) where permitted by law.
5. Legal Basis for Processing
Where required by law, we rely on one or more of the following legal bases to process personal data:
- Contract: When processing your personal data is necessary to fulfill a contract with you, or to take pre-contractual steps based on your requests;
- Legal obligations: If we need to comply with legal obligations;
- Legitimate interests pursued by us or a third party: Where it is necessary for us to process your personal data to pursue our legitimate interests or those of a third party, and your interests or fundamental rights do not prevail over the aforementioned interests; and
- Consent: Where we obtain your consent to the processing of your personal data.
6. Disclosure and Sharing
We may disclose personal data to the following categories of recipients:
- Our group companies;
- Our contractors (such as, generative AI service venders and cloud vendors including Microsoft, Salesforce, and Sansan,and Kobelco Systems Corporation)
- Professional advisors including legal, accounting, and auditing;
- Government authorities or regulators, where required by law; and
- Other third parties in connection with corporate transactions.
We do not sell personal data.
7. International Data Transfers
Due to the global nature of our business, personal data may be transferred to, stored in, or accessed from countries outside the country where the data was originally collected.
Where required by law, we will ensure that:
- the recipient destination guarantees an adequate level of protection for the rights and freedoms that you possess in respect of your personal data in your resident country;
- the recipient enters into a data transfer agreement as required by the data protection law or regulations of your resident country; or
- we take other measures as required by the data protection law or regulations of your resident country.
More details of the protection given to personal data when it is transferred outside your resident country can be obtained by contacting us using the details set forth in Section 13 below.
8. Data Subject Rights
You have numerous legal rights in relation to your personal data that we process. These rights may vary depending on where you are located and which data protection law applies to the processing of your personal data, but typically include the following:
- right to obtain information regarding the processing of your personal data and to access your personal data;
- right to request that we rectify your personal data if it is inaccurate or incomplete;
- right to request that we erase your personal data in certain circumstances;
- right to request that we restrict our processing of your personal data in certain circumstances;
- right to receive your personal data in a structured, commonly used, and machine-readable format and/or to request that we directly transmit such personal data to a recipient where this is technically feasible;
- where the processing is based on consent, the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we can rely on other legal bases for doing so. The withdrawal of your consent shall not affect the lawfulness of processing performed based on the consent before your withdrawal;
- right to object to our processing of your personal data where processing personal data based on a legitimate interest; and
- right not to be subject to a decision based solely on automated processing, including profiling, if that decision produces legal or similarly significant effects concerning you.
You may exercise any of your rights by contacting us using the details set forth in Section 13 below. You may also lodge a complaint with a competent data protection authority if you believe that we have infringed any of your rights.
If you exercise your aforementioned rights in relation to your personal data in such a way that we are no longer or only to a limited extent able to process your personal data for the purposes stated in this Policy (e.g., you do not give your consent or withdraw it, provided this is the only permissible legal basis for processing), you are consequently no longer able to enjoy the benefits of marketing and advertising.
9. Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure as follows:
| Formulation of a basic policy | To ensure the proper handling of personal data, we have established this “KOBELCO Global Privacy Policy”. |
|---|---|
| Development of disciplines regarding the handling of personal data | We develop and apply internal rules, manuals, etc. regarding the handling of personal data. |
| Systematic security control measures | We establish responsible persons for the handling of personal data, and conduct management of ledgers for, and audits regarding, personal data. |
| Human security control measures | We regularly train employees on matters of concern regarding the handling of personal data. |
| Physical security control measures | We conduct access control for our buildings and floors, keep the documents under lock and key, and impose restrictions on taking out electronic media, etc. |
| Technical security control measures | We impose restrictions on the use of, and conduct access control over, external recording media, and take measures to prevent unauthorized access from external sources, etc. |
| Understanding of the external environment | We conduct research on systems regarding protection of personal data in the countries and regions where personal data is stored, and implement security control measures, etc. |
10. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.
11. Children’s Personal Data
Our products and services are not directed at children, and we do not knowingly collect personal data from children unless permitted by law.
12. Direct Marketing
We may send marketing communications where permitted by law. Individuals may opt out of marketing communications at any time by following the instructions provided in such communications.
13. Contact Information
For questions, requests, or complaints regarding this Policy or our processing of personal data, please contact us at:
E-mail:
Additional contact details, such as those of a data protection officer or local representative, are provided in the relevant Addenda where required.
14. Updates to This Policy
We may update this Policy from time to time to reflect changes in our practices or the law.
The updated version will be published on our website with the revised effective date.
Last updated on April 1, 2026