Arconic Online Privacy Notice

aap is a subsidiary of Arconic. (10/17/22)

Arconic Corporation. and its affiliates (collectively referred to as “Arconic, “we” and “us”) takes its data protection and privacy responsibilities seriously. This Online Privacy Notice applies to Arconic.com and other external Arconic websites that link to this Notice (the "Sites"). This Notice describes the types of personal information we collect on the Sites, how we use the information, with whom we share it and the choices available to users of our Sites regarding our use of the personal information. We also describe the measures we take to protect the security of the personal information and how users can contact us about our privacy practices. Certain of the Sites may provide additional detail about privacy practices specific to those Sites. Internal company policies and procedures govern Arconic's internal networks and systems and the processing of personal information relating to employees and other authorized Arconic network users.

California residents have rights under the California Consumer Privacy Act of 2018 (the “CCPA”). Please see the Arconic California Privacy Notice – Non-Affiliated Individuals by clicking the following link: http://www.arconic.com/global/en/pdf/Arconic-California-Privacy-Notice.pdf

When we collect information
We collect personal information about you if you visit one of our facilities, request access to our network and/or computing assets apply for a job with us, or have a type of business relationship with us.  We will collect your personal information via the following methods:

  • By recording details you provide to us (communications with us through emails, calls, or via our websites);
  • By visiting one of our facilities; and/or
  • By engaging in a consulting, customer, vendor or other type of business agreement with us.


Information We Collect
The types of personal information users of our Sites may submit include:

  • contact information (such as name, postal address, telephone number and email address);
  • visitor information (such as full name, home address, email address, personal telephone number, company name, business contact information, citizenship/U.S. person status, government ID number, security clearance information, date of birth, passport and/or photograph);
  • employment/consultant information (such as name, title, division, personal and business address, fax number, phone number, email address, W-8BEN form, W-9 form, biography with work history, photo, banking information provided with invoices, business reference information including name and contact information and employer);
  • login credentials for the Sites (such as IP address of the computer/personal device that you use to access our network, approximate location information from where you access our network and information about your device and browser);other personal information submitted by current or prospective suppliers and subcontractors, such as Social Security number, diversity-related information (such as ethnicity), federal tax ID number, disability status, and civil and criminal court history;
  • other personal information submitted by current or prospective suppliers and subcontractors, such as Social Security number, diversity-related information (such as ethnicity), federal tax ID number, disability status, and civil and criminal court history;
  • other personal information submitted by job applicants, such as a résumé or C.V., work authorization information, salary history, education history, information about security clearances, citizenship information and, for jobs with U.S.-based Arconic entities, ethnicity, race and gender; and
  • other personal information found in content that users provide.


Information We Collect by Cookies and Other Related Technology
When you use our Sites, we may collect certain information technologies such as cookies, web server logs, web beacons and JavaScript. For more information on how we collect and use this information, please review our cookie policy.

The Legal Basis for Using Your Personal Data
We will only collect, use and share your personal data where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • you have provided your consent to us using the personal data;
  • our use of your personal data is in our legitimate interest as a commercial organization (for example our legitimate interests in communicating with you - in these cases we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the “Your Rights and Choices” section below);
  • our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (for example where you are one of our consultants, customers or vendors); and/or 
  • our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have for example fulfilment of a court order.

If you would like to find out more about the legal basis for which we process personal data please contact us at privacy@arconic.com.

Personal Data Processed

Reason for Processing

Legal Justification

Personal data processed for visitors may include: Full name, home address, email address, personal telephone number, company name, business contact information, citizenship/U.S. person status, government ID number, number, security clearance information, date of birth, and/or passport number

To provide you with physical access to an Arconic facility or logical access to our network, and/or checking security clearance status;

Consent, our legitimate interests, or necessity for performance of a contract

Still photograph or video via CCTV.

Facility security

Legitimate interest

Name, personal and business address, fax number, phone number, email address, W-8BEN form, W-9 Form, biography with work history, photo, banking information provided with invoices, business reference information including name and contact information

Communicate with you in the context of a contractual agreement which we have with you; facilitate payments to you; fraud prevention; and/or communicate with you regarding our products and services

Performance of a contract, our legitimate interests

 

How We Use the Information We Collect
We may use the information described above to:

  • provide products and services;
  • send you promotional materials or other communications;
  • communicate with you about, and administer your participation in, special events, programs, offers, surveys and market research;
  • respond to your inquiries;
  • process employment applications, including by assessing qualifications, verifying information, and conducting reference or other employment-related checks;
  • evaluate potential suppliers and subcontractors and manage our relationships with them;
  • provide and administer human resources services for Arconic employees;
  • perform data analyses (including anonymization and aggregation of personal information);
  • operate, evaluate and improve our business (including developing new products and services; enhancing and improving our products and services; managing our communications; analyzing our products, services and communications; and performing accounting, auditing and other internal functions);
  • protect against, identify and prevent cybersecurity and other security events, espionage, fraud and other unlawful activity, claims and other liabilities; and
  • comply with and enforce applicable legal requirements, relevant industry standards and our policies.

We also may use the information in other ways for which we provide specific notice at the time of collection.


Information We Share
We do not sell or otherwise disclose personal information we collect about you, except as described in this Online Privacy Notice. We share your information in the manner and for the purposes described below:

  1.  within Arconic, where such disclosure is necessary to provide you with our services or to manage our business; 
  2. with third parties who help manage our business and deliver services. These third parties have agreed to confidentiality restrictions and use any personal data we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These include IT service providers; who help manage our IT and back office systems;
  3. with our regulators, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
  4. we may share in aggregate, statistical form, non-personal data regarding the visitors to our website, traffic patterns, and website usage with our partners, affiliates or advertisers; and/or
  5. if, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third-party purchaser of our business or assets.

In addition, we may disclose information about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government entities, and (iii) when we believe disclosure is necessary or appropriate to prevent harm or financial loss, or in connection with an investigation of suspected or actual espionage, cybersecurity or security events or other fraudulent or illegal activity. We also reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, spin-off, dissolution or liquidation).


Transferring Personal Information Globally
Arconic operates on a global basis. Accordingly, your personal data may be transferred and stored in countries outside the EU, EEU, UK and Switzerland (including Canada, the United States, Mexico, China, Brazil, South Korea, Japan, Australia and Russia) that are subject to different standards of data protection. Arconic will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. To this end: 

  • we ensure transfers within Arconic will be covered by an agreement entered into by members of Arconic (an intra-group agreement) which contractually obliges each member to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred within Arconic;
  • where we transfer your personal data outside Arconic or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal data. Some of these assurances are well recognized certification schemes like the EU - US Privacy Shield for the protection of personal data transferred from within the EU, EEU, UK and Switzerland to the United States; or
  • where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal data are disclosed.

If you are located in the European Economic Area ("EEA"), United Kingdom or Switzerland, we will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries outside of the EEA. With respect to transfers of personal information to the U.S., Arconic is certified under the EU-U.S. Privacy Shield framework developed by the U.S. Department of Commerce and the European Commission regarding the transfer of personal information from the EU, EEA, or UK to the U.S. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov. For our Privacy Shield notice to third party natural persons located in the EU, EEA, or UK, please visit the Arconic Privacy Shield Privacy Notice-Non Affiliated Individuals by clicking the following link: : https://www.arconic.com/global/en/pdf/Arconic-Privacy-Shield-Privacy-Principles.pdf.

The Federal Trade Commission has jurisdiction over Arconic’s compliance with the Privacy Shield. You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For more information on binding arbitration please refer to the following link: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Arconic has the responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Arconic shall remain liable under the Privacy Shield Principles if its agent(s) process such personal information in a manner inconsistent with the Principles. You have a right to contact us at privacy@arconic.com for more information about the safeguards we have put in place to ensure the adequate protection of your personal data when this is transferred as mentioned above.


Your Rights and Choices
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal data. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us at privacy@arconic.com . Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfil your request.  

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

In compliance with the Privacy Shield Principles, Arconic commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Arconic at privacy@arconic.com.

Arconic has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.

Arconic has further committed to refer unresolved Privacy Shield complaints to The International Centre for Dispute Resolution (ICDR-AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to you.

Right to access personal data 

You have a right to request that we provide you with a copy of your personal data that we hold and you have the right to be informed of; (a) the source of your personal data; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal data may be transferred.

Right to rectify or erase personal data 

You have a right to request that we rectify inaccurate personal data. We may seek to verify the accuracy of the personal data before rectifying it.  You can also request that we erase your personal data in limited circumstances where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent), and where there is no other legal ground for the processing; or
  • following a successful right to object (see right to object); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which Arconic is subject. 

We are not required to comply with your request to erase personal data if the processing of your personal data is necessary: 

  • for compliance with a legal obligation; or
  • for the establishment, exercise or defense of legal claims; or
  • for performance of a contract.

Right to restrict the processing of your personal data 

You can ask us to restrict your personal data, but only where:

  • its accuracy is contested, to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal data following a request for restriction, where:

  • we have your consent; or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

Right to transfer your personal data

You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

  • the processing is based on your consent or on the performance of a contract with you; and
  • the processing is carried out by automated means.

Right to object to the processing of your personal data

You can object to any processing of your personal data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to object to how we use your personal data for direct marketing purposes

You can request that we change the manner in which we contact you for marketing purposes. You can request that we do not transfer your personal data to unaffiliated third parties for the purposes of direct marketing or any other purposes.

Right to obtain a copy of personal data safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the European Union.  We may redact data transfer agreements to protect commercial terms.

Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal data.  We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.


How We Protect Personal Information

Security

We have implemented and maintain appropriate technical and organizational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to such information appropriate to the nature of the information concerned. As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords please take appropriate measures to protect this information. 

Storing your personal data

We will store your personal data for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances we may store your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements. 

In specific circumstances we may store your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.


Links to Other Websites
Our Sites may provide links to other websites for your convenience and information. These websites may operate independently from us. Linked sites may have their own privacy notices or policies, which we strongly suggest you review. To the extent any linked websites are not owned or controlled by us, we are not responsible for the websites' content, any use of the websites, or the privacy practices of the websites, even though you may enter that site directly from visiting ours.


Updates to Our Online Privacy Notice
This Online Privacy Notice may be updated periodically and without prior notice to you to reflect changes in our personal information practices. We will post the updated version on our Sites and indicate at the top of the notice when it was most recently updated.


How to Contact Us
If you have any questions or comments about this Online Privacy Notice, or if you would like us to update information we have about you or your preferences, please contact us by writing to us at:

Arconic Corp.
Attn: Arconic Privacy Office
201 Isabella Street
Pittsburgh, PA 15212
privacy@arconic.com

If you are a customer, supplier, or consumer for Arconic and have a data subject request, please use this link: OneTrust DSAR webform

Because Arconic offers a wide range of online business opportunities for its customers, the amount of information Arconic needs to collect in order to serve you in a particular business transaction will sometimes vary from case to case. Regardless of the amount of information collected, the principles listed above will apply. Wherever Arconic collects personal information, you will find a link to an Arconic privacy statement. If you choose not to provide some information, for example to enable confirmation of credit status or contact information to permit sending you requested information, it may not be possible for you to proceed with your chosen business activity with Arconic.