Privacy Notice | Jindal Steel

Protecting Personal Data and your Privacy is of greatest concern for Jindal Steel Limited (referred to as the "Company" or "Us" and indicated by "us", "we" or "our" or "Jindal Steel"). This Privacy Notice describes how Jindal Steel Limited, acts as the Data Fiduciary for the Processing of your Personal Data under the Digital Personal Data Protection Act, 2023 (DPDPA). This Privacy Notice intends to establish a clear, concise, and transparent communication on the collection, use, processing, storing, retention, disclosure and transfer of Personal Data necessary to establish and manage business relationships with our clients and vendors, as well as for the provisions and procurement of services during business, while ensuring regulatory compliance and safeguarding the rights of Data Principals. We are committed to protect your Personal Data in accordance with applicable laws and regulations, including the Digital Personal Data Protection Act, 2023 in India.

If you provide us with Personal Data of other individuals, you confirm that you have obtained Consent from those individuals before sharing their Personal Data with us. References to 'your Personal Data' in this Privacy Notice include the Personal Data of those individuals that you have provided to us.

In the case of individuals with disabilities who have a lawful guardian, you confirm that you have obtained verifiable Consent from their guardian before providing their Personal Data to us.

This Privacy Notice does not apply to any Personal Data that you may provide to Third Parties such as through other sites linked to our website. Please be aware that if you choose to visit such sites, you should contact them directly to understand their respective Privacy notices. This Privacy Notice will not govern your activities or any Personal Data you disclose while visiting these sites.

1. What Personal Data do we collect?

The types of Personal Data we collect or obtain may vary according to our relationship with you and may include the following:

1.1 Customers / Direct Consumers:

Personal Information	1. Name 2. Telephone Number 3. Email Address 4. Mailing address 5. Pin Code 6. Geo Location
Banking Information	1. Account Number 2. Branch Name 3. IFSC Code 4. Cancelled Cheque
Identification Information	1. PAN 2. Aadhaar

1.2 Business Partners (including Third-Party vendors) and Dealer/Distributors:

Personal Information	1. Name 2. Telephone Number 3. Email Address 4. Business Address 5. Business User IDs (Vendor Code)
Banking Information	1. Account Number 2. Branch Name 3. IFSC Code 4. Cancelled Cheque
Identification Information	1. GST No. 2. MSME Documents 3. PAN 4. Incorporation Documents 5. Aadhaar
Third-Party Due Diligence documents	1. Trade references 2. Credit checks
Communication Recordings Platform	1. Telephone Recordings 2. Microsoft Teams 3. Zoom 4. Google Meet

1.3 Visitors to our premises or events:

Personal Information	1. Name 2. Telephone Number 3. Email Address
Business Information	1. Business Identification Number
Identification Information	1. GST No. 2. MSME Documents 3. PAN 4. Incorporation Documents 5. Aadhaar
Identification Information	1. Aadhaar 2. Driver's License Number 3. Vehicle Registration Number 4. Vehicle Insurance Number 5. PUC Certificates
Visit Details	1. Reason for Visit 2. Date and time of visit 3. Meeting Person 4. Visitor Category
Surveillance Recording	1. Photographic Footage 2. Video Footage (CCTV and other recording systems)

1.4 Applicants, Candidates, and Beneficiaries:

Personal Information	1. Name 2. Telephone Number 3. Email address 4. Address 5. Gender 6. Date of Birth 7. Age 8. Marital Status 9. Nationality
Financial Information	1. GST No. 2. MSME Documents 3. PAN 4. Incorporation Documents 5. Aadhaar
Family Information	1. Dependent Information 2. Parents & beneficiary information
Identification Information	1. Aadhaar 2. PAN 3. Tax Registration Number 4. Passport Number
Education Information	1. Field of studies 2. University 3. Country of study 4. Academic scores & achievements 5. Professional certificates 6. Marksheets
Health related Information	1. Health Insurance identification number 2. Personal health information

1.5 Contractor Labors

Personal Data	1. Name 2. Telephone Number 3. Email Address 4. Photo 5. Date of Birth 6. Father Name 7. Blood Group 8. Medical Enroll ID 9. Address

1.6 Certain required information is automatically collected pursuant to your visit to the Website. (Refer Section 4 for further details)

2. Why do we collect your Personal Data?

2.1 Customers / Direct Consumers:

To enable us to improve products & services based on your feedback.
To process your requests (such as replying to your queries or complaints) and to send email in response to your complaints and queries.
Obtain Third-Party services.
Regulatory Obligations, including for auditing purposes.
To deliver our products & services.

2.2 Business Partners (including Third Party Vendors) and Dealer/Distributors:

Business execution.
Organization and management of the business.
Compliance with laws and/or contractual and/or regulatory obligations, including for auditing purposes.
Protecting or exercising our legal, contractual and/or regulatory rights and remedies.
Protecting our assets and interests.
For providing services within the scope of the signed agreement between you and Jindal Steel Limited.
To process financial transactions such as invoices/purchase orders/work orders.

2.3 Visitors to our premises or events:

Providing access to our network, systems and/or services.
Compliance with laws and/or contractual and/or regulatory obligations, including for auditing purposes (if applicable).
Protecting or exercising our legal, contractual and/or regulatory rights and remedies.

2.4 Applicants, Candidates, and Beneficiaries:

To evaluate your candidature for prospective career opportunities with us.
To enable us to provide you with employment related services and prospective benefits.

2.5 Contractors Labors

To coordinate site access and security.
To conduct medical tests and training.
Comply with legal, safety and contractual obligations.
Manage worksite operations.

3. How do we collect your Personal Data?

We may collect your Personal Data through various means:

When you contact us through the Website or any other channels (such as forms, e-mail addresses, hyperlinks, or social media platforms).
When you register with us to receive products and/or services.
When you complete surveys conducted by or for us.
When you opt to receive any communications from us (including newsletters or promotional offers) and any information you may voluntarily provide.
When you contact us for any service requests, queries through a toll-free number/email.
When you connect with our sales officer or personnel.
When we have partnered with you for any business purposes.
When you contact us on email or career platforms for job applications.

4. Use of Cookies

Jindal Steel use various technologies to collect and store information when you visit our website. This may include Cookies or similar technologies to identify your browser or device, your device IP address. This information helps us provide enhanced website performance and navigation to track how you use and interact with the website. You can configure your browser to refuse Cookies or to warn you before a Cookie is placed. However, if you disable Cookies, some parts of our website may not function properly at all.
For further information, you may read our Cookie policy https://www.jindalsteel.in/cookie-policy

5. Distribution of Information:

5.1 Information Disclosure

Jindal Steel does not share, sell, rent, or trade Personal Data collected with Third Parties for their sole promotional purposes or as otherwise outlined in this Privacy Notice. Jindal Steel may share information with Third-Party service providers contracted to process data on our behalf, to provide you employment-related services, benefits, and for business purposes as defined under section 2 and section 3. These Third-Party service providers may only use information we provide to them as requested and instructed by us.

Jindal Steel may Disclose your Personal Data as we believe to be necessary or appropriate:
- under applicable law, including laws outside your country of residence.
- to comply with legal obligations.
- to respond to requests from public and government authorities, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes.
- to enforce our terms and conditions.
- to allow us to pursue available remedies or limit the damages that we may sustain.
We may share information with governmental agencies or other companies assisting us in fraud prevention or investigation. We may do so when:
- permitted or required by law; or
- trying to protect against or prevent actual or potential fraud or unauthorized transactions; or,
- investigating fraud which has already taken place. The information is not provided to these companies for marketing purposes.

If Jindal Steel goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your Personal Data collected through our website(s) may be among the assets transferred. A prominent notice will appear on our website(s) for 30 days after any such change in ownership or control of your Personal Data.

5.2 Digital Personal Data outside the territory of India

When conducting business activities, working on company projects, or implementing new processes or systems, a function may require the transfer of Personal Data to other entities or Third Parties that are located outside of India. While permissible data transfers are defined by the DPDP Act, 2023 permissible data transfers may include:

A valid data transfer agreement with the party who will access or obtain the Personal Data.
notice to and/or approval from a country's local Data Protection Board; or
notice to and/or Consent from the individual whose data is to be transferred.

6. Commitment of data security

Your Personal Data is kept secure. Only authorized employees, business partners, clients, contractors, and other Third-Party providers (who have agreed to keep information secure and confidential) have access to this information on a need-to-know basis. We employ encryption to protect Personal Data both in transit and at rest.

Jindal Steel ensures to implement reasonable and appropriate industry standard security measures to ensure the security of Personal Data through legally binding terms and conditions. However, users are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of any websites. Regular security audits and assessments are conducted to identify and mitigate potential vulnerabilities. Access to and use of password protected and/or secure area is restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to legal consequences. Additionally, we have a comprehensive incident response plan in place to address any Personal Data breaches or security incidents promptly and effectively.

7. Retention and Disposal

Jindal Steel will retain Personal Data only as long as necessary for the fulfilment of the stated purposes and it will be deleted securely thereafter. We will retain your information for the duration of your engagement with us and for a limited period thereafter, as required to comply with applicable laws or if any other internal purposes. If you wish to request that we no longer use your information to provide you services, you may contact the Data Protection Officer (DPO) at dpo@jindalsteel.in and we will respond to your request to access or delete your information within 30 days. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements in accordance with Jindal Steel retention schedule and policy established.

8. Data Principal rights

As a Data Principal, you have certain rights regarding the Personal Data collected by us for the purposes mentioned in this Privacy Notice. You may exercise your rights by submitting Data Principal Request (DPR) form (Data Principal Request (DPR) form) or by emailing the Data Protection Officer at email ID: dpo@jindalsteel.in. You may refer to the Data Principals Rights FAQ for more details. The rights available to you under the DPDP Act, 2023 and include:

8.1 Right to access information

You have the right to request for:

a summary of the Personal Data we process about you along with the purposes for which it is processed the details of all other Data Fiduciaries and Data Processors with whom the Personal Data has been shared by us, along with a description of the Personal Data so shared.
any other information related to the Personal Data and its Processing.

8.2 Right to correction/erasure

You have the right to request for:

Correction of inaccurate or misleading Personal Data.
Completion of incomplete Personal Data.
Updation of the Personal Data.
Erasure of Personal Data, unless retention is required by law or justified business purpose.

8.3 Right to nominate

You have the right to nominate a representative to exercise your rights in case of an inability under the DPDP Act, 2023 attributable to (i) unsoundness of mind or infirmity of body, or (ii) death.

8.4 Right of grievance redressal

You have the right to raise grievance redressal with a Data Fiduciary or Consent Manager. The Data Fiduciary or Consent Manager shall respond to any grievances within the time period prescribed from the date of its receipt.

If you have any further questions about the procedure to exercise these rights, any grievance regarding the manner in which we are handling your Personal Data, or if you wish to withdraw your Consent for the Processing your Personal Data, you may contact the DPO at dpo@jindalsteel.in. If you are unsatisfied with our response, you have the right to raise your grievance with the Data Protection Board of India or any other body established by the Central Government under the DPDP Act, 2023 or any rules thereunder.

9. Notice Updates

We reserve the right to change, adjust, alter, or revise this Privacy Notice at our discretion whenever necessary. The latest version of the Privacy Notice will take precedence over any earlier versions. We recommend that you review this Privacy Notice periodically to stay updated on any modifications.

10. Disclaimer

We have deployed the appropriate technical and organizational measures consistent with the industry standard security practices to protect and safeguard the Personal Data collected from you. You are also advised to use secure systems and follow security best practices while accessing any of our systems, avoid sharing your login credentials and ensure that your devices are not left unattended while accessing our application or website. It is essential that you take necessary precautions on your end to help safeguard your Personal Data. We shall not be liable for any Personal Data Disclosure or breach resulting from the compromise of your systems. You will be solely responsible for any security breach or loss arising therefrom.

11. Acknowledgement

By submitting Personal Data to us, you acknowledge that:

You have read and understood this Privacy Notice and agree to the use, Processing and transfer of Personal Data as set out herein; and
All information and representation provided by you are true and correct to the best of your knowledge, and you have not knowingly omitted any relevant information which may have an adverse effect.

12. Queries and updates

If you have any questions, please feel free to contact us at dpo@jindalsteel.in.
This Privacy Notice was last updated on 09/10/2025.

Annexure

Term	Definition
Privacy/ Data Privacy	The term refers to protecting Personal Data from unauthorized access, use, or Disclosure. It ensures that individuals have control over their own data and can decide who can see it, how it is used, and for what purposes.
Data Principal	The individual to whom the Personal Data relates, where such individual is a child includes the parents or lawful guardian of such a child, and where such individual is a person with disability, includes the lawful guardian of such an individual.
Personal Data	Any data about an individual who is identifiable by or in relation to such data including but not limited to: name, employee number, contact details, Aadhar card details, e-mail address, bank account details, biometric details, driving license details, photographs etc.
Personal Data Breach	Any unauthorised Processing of Personal Data or accidental Disclosure, acquisition, sharing, use, alteration, destruction, or loss of access to Personal Data, that compromises the confidentiality, integrity, or availability of Personal Data.
Processing	Processing in relation to Personal Data means an automated operation or set of operations performed on digital Personal Data, and may include operations such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, use, alignment, or combination, indexing, sharing, Disclosure by transmission, dissemination or otherwise making available, restriction, erasure, or destruction.
Cookies	Small data files that are placed on your device (such as your computer, phone, or tablet) when you visit a website. They are used to improve your website experience, as well as provide website owners with useful information about how the website is used.
Data Fiduciary	Any person who alone or in conjunction with other persons determines the purpose and means of Processing of Personal Data.
Significant Data Fiduciary	Data Fiduciary that processes large volumes of Personal Data or deals with sensitive data categories.
Data Protection Officer (DPO)	An individual appointed by the Significant Data Fiduciary in accordance with Section 10(2)(a) of DPDP Act.
Data Processor	Any person who processes Personal Data on behalf of a Data Fiduciary.
Disclosure	Rendering Personal Data accessible, for example by allowing access to Personal Data either transferring, distributing, or publishing the Personal Data.
Consent	Any freely given, specific, informed, and unambiguous indication of the Data Principal's wishes by which they, through a statement or using a clear affirmative action, signify agreement to the specific Processing of Personal Data relating to them.
Consent Manager	A person registered with the Board, who acts as a single point of contact to enable a Data Principal to give, manage, review, and withdraw their Consent through an accessible, transparent, and interoperable platform.
Third-Party	A natural or legal person, public authority, agency, or body other than the Data Principal, Fiduciary, Processor, and persons who, under the direct authority of the Fiduciary or Processor, are authorized to Process Personal Data.

Term

Definition

Privacy/ Data Privacy

The term refers to protecting Personal Data from unauthorized access, use, or Disclosure. It ensures that individuals have control over their own data and can decide who can see it, how it is used, and for what purposes.

Data Principal

The individual to whom the Personal Data relates, where such individual is a child includes the parents or lawful guardian of such a child, and where such individual is a person with disability, includes the lawful guardian of such an individual.

Personal Data

Any data about an individual who is identifiable by or in relation to such data including but not limited to: name, employee number, contact details, Aadhar card details, e-mail address, bank account details, biometric details, driving license details, photographs etc.

Personal Data Breach

Any unauthorised Processing of Personal Data or accidental Disclosure, acquisition, sharing, use, alteration, destruction, or loss of access to Personal Data, that compromises the confidentiality, integrity, or availability of Personal Data.

Processing

Processing in relation to Personal Data means an automated operation or set of operations performed on digital Personal Data, and may include operations such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, use, alignment, or combination, indexing, sharing, Disclosure by transmission, dissemination or otherwise making available, restriction, erasure, or destruction.

Small data files that are placed on your device (such as your computer, phone, or tablet) when you visit a website. They are used to improve your website experience, as well as provide website owners with useful information about how the website is used.

Data Fiduciary

Any person who alone or in conjunction with other persons determines the purpose and means of Processing of Personal Data.

Significant Data Fiduciary

Data Fiduciary that processes large volumes of Personal Data or deals with sensitive data categories.

Data Protection Officer (DPO)

An individual appointed by the Significant Data Fiduciary in accordance with Section 10(2)(a) of DPDP Act.

Data Processor

Any person who processes Personal Data on behalf of a Data Fiduciary.

Disclosure

Rendering Personal Data accessible, for example by allowing access to Personal Data either transferring, distributing, or publishing the Personal Data.

Consent

Any freely given, specific, informed, and unambiguous indication of the Data Principal's wishes by which they, through a statement or using a clear affirmative action, signify agreement to the specific Processing of Personal Data relating to them.

Consent Manager

A person registered with the Board, who acts as a single point of contact to enable a Data Principal to give, manage, review, and withdraw their Consent through an accessible, transparent, and interoperable platform.

Third-Party

A natural or legal person, public authority, agency, or body other than the Data Principal, Fiduciary, Processor, and persons who, under the direct authority of the Fiduciary or Processor, are authorized to Process Personal Data.