Privacy Statement Dated: August 24, 2023 A. M. Castle & Co. ("Castle") respects the privacy of our online visitors. Our privacy practices are described below to inform you how we collect, use and share personal and device information that we obtain from users of the Castle website. This Privacy Statement only applies to the Castle website.
Should you have any questions regarding this Privacy Statement, please send an email to DPF@amcastle.com.
This Privacy Statement covers the following topics:
What we collect What we do with the information we gather Security and confidentiality Links to other websites EU-U.S. Data Privacy Framework Access and Correction Cookies Changes to Privacy Statement What we collect We may collect the following information:
1 - "Personal Information" - that is, information such as your full name, employer, email address, mailing address, and telephone number;
2 - "Device Information" - that is, information about you or your activities, such as your Internet Protocol Address) through which we do not attempt to identify you but through which it may be possible to identify you; and/or
3 - Information related to customer surveys, promotions and/or offers that may be Personal Information and/or Device Information (e.g., preferences, demographics, interests, etc.).
We collect Personal Information from our online visitors only when voluntarily offered when those visitors place an order. We may also collect Device Information from users of the Castle website.
What we do with the information we gather We use the Personal Information that you provide and we subsequently gather in order to perform, monitor and review performance of any purchase order or contract you enter with us (online or otherwise). This includes using the Personal Information, (i) to understand your preferences, provide you with a better service, and respond to your inquiries; (ii) for internal record keeping; (iii) for internal analysis; and (iv) to administer offers for which you provided Personal Information. It is not possible for you or your company to enter, monitor or review purchase orders or contracts on our website unless you provide this Personal Information.
We use the Device Information, including IP addresses and login IDs, for our legitimate business interests, such as to allow our website to operate, to determine the nearest Castle facility and the availability of inventory near your geographic location, and to calculate shipping costs. We may also use it to investigate the source of any security incident. We retain this information for at least one year. We also use anonymized aggregated device information to measure the number of visitors to the Castle website and the areas of the website that are of most interest to our visitors.
We may contact you by email, phone, fax, mail or other means, unless you direct us not to do so.
We may share your Personal Information with a Castle affiliated company or with unrelated third parties (including contractors who provide services to us) to assist with any of the uses of Personal and Device Information described herein. For example, we may share and/or provide your Personal Information and Device Information with/to third parties that assist with the operation, administration, or maintenance of our website or to assist us in performing a contract we entered with you or your company. The privacy policies of such third parties may also apply. Castle does not otherwise make a practice of selling or otherwise supplying Personal Information or Device Information to others, unless we are required to do so by law or because it is pertinent to judicial, administrative or governmental investigations or proceedings. We retain Personal Information for as long as you remain a customer and thereafter for our record keeping purposes.
We retain Device Information, including IP addresses and login IDs, for at least one year.
Security and Confidentiality We are committed to ensuring that your Personal Information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online. However, we undertake no obligation to maintain the confidentiality of non-confidential data such as feedback, questions, comments or ideas that you voluntarily provide to us (e.g., via the "Contact" tab or similar features on the Castle website). We reserve the right to use and disclose such non-confidential information as we deem appropriate. By voluntarily submitting feedback to us, you consent to these terms.
Links to other Websites Our website may contain links to enable you to easily visit other websites of interest. The appearance of hyperlinks does not constitute an endorsement by Castle. Once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide while visiting such sites. You should exercise caution and look at the privacy statement applicable to the website you are visiting.
EU-U.S. Data Privacy Framework Please note that if you use the Castle website in the European Union ("EU"), Personal Information about you may be transferred outside the EU. Castle recognizes that EU law requires "adequate protection" for the transfer of personally identifiable information about individuals in the EU to Castle operations in the United States. Castle accordingly complies with the EU-U.S. Data Privacy Framework Principles (the "Framework") as set forth by the Department of Commerce. Castle's participation in the Framework applies to Personal Information received in the United States from the EU about Castle's EU employees and individual contacts of business customers ("EU Data Subjects"). We provide notice to EU employees about the collection, use, and disclosure of their Personal Information through separate internal company policies. Castle has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Framework, visit the U.S. Department of Commerce's Privacy Framework program website here.
In addition to the Framework, any transfers of the Personal Information of EU Data Subjects are subject to data transfer agreements containing the SCCs, as adopted by the European Commission. You may have certain rights under these SCCs, and if applicable to you, we will make copies of redacted SCCs available to you upon request to educate you about your rights.
Rights of EU Data Subjects If you are an EU Data Subject, you have the right to access or opt-out of the sharing or processing of your own Personal Information subject to certain limitations, such as where the legitimate rights of other persons would be infringed or where the burden or expense of providing access would be disproportionate. If you wish to exercise such rights, please contact us as described below.
Choices of EU Data Subjects We will provide appropriate choice in the event we use your Personal Information for purposes materially different from the purposes for which it was originally collected.
Recourse, Enforcement, and Liability Please contact us as specified below if you have any questions, want access to your Personal Information, or otherwise need assistance. We remain responsible for our collection, use and disclosure of Personal Information in accordance with the Framework. We also are responsible for third-party agents that process such Personal Information on our behalf, unless we prove that we are not responsible for the event giving rise to the damage. In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
If you have an unresolved concern about Personal Information that we have not addressed satisfactorily, we have committed to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF.. We are also subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to the Framework. In addition, under certain conditions, more fully described on the Privacy Framework website, EU Data Subjects may invoke binding arbitration for non-monetary issues when other dispute resolution procedures have been exhausted.
We are also subject to the jurisdiction of the EU Member State specified in the SCCs (France), and if you are an EU Data Subject, you may seek judicial remedies in France against us regarding a dispute arising from the SCCs.
Please contact us at DPF@amcastle.com if you have any questions, wish to exercise your rights of access, or seek other assistance.
Data Subject Rights You may request access to Personal Information we hold about you and, provided that you are not a current customer, you may also ask to be removed from our database. If the Personal Information we hold about you is incorrect, we will correct it upon your request. You also have the right to opt-out of the sharing of your Personal Information with third parties and the use of your Personal Information for a purpose materially different from that which was originally intended. Please email your request to DPF@amcastle.com. Please state "Request/Remove/Change Personal Data" in the subject line of your email.
.
Cookies The Castle website uses cookies. Cookies are small files that contain information sent by a website that are saved on your computer's hard drive. We use cookies to allow your web browser to communicate with our website, and in order to enable you to move around the website and use its features. We also use cookies to collect information about how visitors use our website, for instance which pages visitors go to most often and if they get error messages from web pages. Cookies also allow the website to remember choices you make (such as your user name, language or location) and provide enhanced, more personal features. Some of the cookies we use may be deleted from your browser when you end your session, but others may persist indefinitely unless you delete them. A list of all cookies used on this website by category is set out below.
"Strictly Necessary" Cookies
These cookies are essential in order to enable you to move around the website and use its features. Without these cookies, services you have asked for cannot be provided.
"Performance" Cookies
These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. This information is only used to improve how a website works.
"Functionality" Cookies
These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect is anonymous and they cannot track your browsing activity on other websites.
Changes to Privacy Statement Please note that this Privacy Statement may change from time to time. We will notify you of any material changes to this Privacy Statement by posting a link on the home page of our website that says "Revised Privacy Statement". We will also indicate a revised Effective Date at the top of this Privacy Policy and the changes in the Privacy Statement will not be effective until 30 days after first posting the revised version. Please check this Privacy Statement regularly.
***
If you feel that this site is not adhering to this Privacy Statement, you may contact us via email at DPF@amcastle.com or contact us via mail at A.M. Castle & Co., Attention: Law Department, 1420 Kensington Road, Suite 220, Oak Brook, Illinois 60523.