Industries

  • Industrial Materials
  • Metals
  • Nonferrous Metals

Participation

EU-U.S. Privacy Shield Framework: Active

Original Certification Date: 1/10/2017
Next Certification Due Date: 10/24/2019
Data Collected: HR, NON-HR

Purpose of Data Collection

Alcoa obtains personal data about individuals, suppliers? representatives, service providers, and others located in the EU, such as contact information, financial statements and reputational data, in connection with maintaining its enterprise customer relationships and providing products and services to enterprise customers. Alcoa uses this information to manage its relationships and comply with applicable law or legal requirements. In addition, Alcoa collects personal data directly from customers located in the EU. This collection occurs, for example, when a customer visits Alcoa?s websites and provides relevant personal data to the company. Alcoa may use this information to: (1) provide products and services; (2) send promotional materials or other communications; (3) communicate with customers about, and administer their participation in, special events, programs, offers, surveys and market research; (4) respond to customer inquiries; (5) perform data analyses (including anonymization and aggregation of personal data); (6) operate, evaluate and improve the company?s business (including developing new products and services; enhancing and improving the company?s products and services; managing Alcoa?s communications; analyzing the company?s products, services and communications; and performing accounting, auditing and other internal functions); (7) manage customer services, including managing negotiations, contracts, transactions and customer accounts, budgeting, accounting and records related to customer financial analysis; (8) protect against, identify and prevent cybersecurity and other security events, espionage, fraud and other unlawful activity, claims and other liabilities; and (9) comply with and enforce applicable legal requirements, relevant industry standards and Alcoa?s policies. The types of relevant personal data Alcoa collects in connection with these activities includes: (1) contact information (such as name, postal address, telephone number and email address); (2) login credentials for the company?s websites; (3) photograph, electronic signature and acknowledgement of company policy; (4) other personal information submitted by current or prospective suppliers and subcontractors, such as Social Security number, federal tax ID number and civil and criminal court history; (5) bank account and financial details; and (6) other personal information found in content that customers provide. Alcoa also collects personal data about employees and potential employees and those of its affiliates, located in the EU, to carry out and support human resources functions and activities in a consistent, global framework. Personal information is processed by Alcoa in order to provide for the efficient operation of a global compliance and learning system and provide support for global environmental, health, and safety programs. Personal information is also processed by Alcoa and authorized third parties in order to provide for the efficient operation of a global IT infrastructure, including email, internet gateways, and file shares that are replicated or consolidated; for company network access and mobility; and for auditing, accounting, and financial analyses, as well as to address cyber security issues, internal investigations, ethics investigations, law enforcement and government inquiries, and compliance with company policy and contractual and legal obligations. Alcoa may disclose the relevant personal data to recipients such as (1) the organization?s affiliates and subsidiaries, (2) third-party controllers and (3) third-party processors the organization has retained to perform services on its behalf and pursuant to its instructions. Alcoa also may disclose relevant personal data if required to do so by law or legal process or in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirement

Privacy Policy

HR Data

Alcoa Corp Employee Privacy Shield Notice
Description:

These privacy principles consolidate earlier principles issued under previous certifications by Alcoa and expand the scope. These principles apply to all Employee Personal Data received by Alcoa from Europe under its consolidated Privacy Shield certification.

Effective Date: 9/30/2016

HR and Non-HR Data

Description:

This Notice describes the types of personal information we collect on the Sites, how we use the information, with whom we share it and the choices available to users of our Sites regarding our use of the information. We also describe the measures we take to protect the security of the information and how users can contact us about our privacy practices.

Effective Date: 9/30/2016

Non-HR Data

Description:

These privacy principles consolidate earlier principles issued under previous certifications by Alcoa and expand the scope. These principles apply to all Non-Affiliated EU Individual Personal Data received by Alcoa from Europe under its consolidated Privacy Shield certification.

Effective Date: 9/30/2016

Verification Method

Self-Assessment

Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact Alcoa Corporation at:

Kevin Carter
Counsel
Alcoa Corporation
201 Isabella Street
Pittsburgh, Pennsylvania 15212

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from Alcoa Corporation to your question or complaint, please contact the independent recourse mechanism listed below


NON-HR RECOURSE MECHANISM



Appropriate statutory body with jurisdiction to investigate any claims against Alcoa Corporation regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission