SHI Privacy Statement
Manage your subscription or unsubscribe from SHI emails here.
Effective Date: November 9, 2022
You will find below our full privacy statement regarding the way we collect and process your personal data, and your rights regarding this personal data. We have tried to draft this document in an easily understandable way, but it remains a legally binding document with technical terms, which is why we are providing you with the following short and non-binding summary.
We collect some personal data automatically, only for statistical purposes; otherwise, all of your personal data is given directly to us by you to complete our registration, order or contact forms or procedures. We process this personal data only in compliance with the principles outlined in the General Data Protection Regulation ("GDPR") (Regulation (EU) 2016/679 of April 27, 2016). We only transfer this personal data to our parent company SHI International Corp. located in the United States and to third parties who take part in our services (for example, our delivery or payment partners and software or hardware providers), and who assist us in improving our service offerings to you (for example, event or webinar hosts, provided that you participate in such event). We don’t sell your information, and we require that our partners comply with all applicable data protection legislation in their use of your personal data.
You may exercise several rights under the GDPR by contacting us, including the right to access your personal data (i.e. receive a copy of the data we have), the right to portability of your personal data (transfer your data to someone else), the right to rectify any mistake in your personal data, and, under certain conditions, the right to erase your personal data, and the right to object to or to restrict the processing of your personal data.
We remain available to answer any questions you may have regarding this Privacy Statement, which may be directed to Privacy@shi.com, and invite you to read the full, binding statement below.
1. PURPOSE OF THE PRIVACY STATEMENT
This document constitutes a binding agreement (hereafter the "Privacy Statement") regarding the collection and processing of personal data by means of our registration, order or contact forms or procedures, and by means of all SHI websites (hereafter the "Website") between SHI International Corp. and its affiliates (hereafter "us", “we” or "SHI") as a data controller within, the meaning of the GDPR, and any customer or any visitor to and/or user of the Website (hereafter "you" or the "User"). Throughout this Privacy Statement, the expression "personal data" refers to any information relating to an identified or identifiable natural person, as defined by the GDPR.
The Privacy Statement aims to inform you of the conditions under which your personal data is collected and processed by us through the Website and the services to which a link to this Privacy Statement applies (hereafter the “Services”), and of the rights that you have regarding your personal data.
In order to operate the Website and provide the Services, we collect and process specific personal data, solely for the purposes detailed hereafter. We will not sell, share, or rent this personal data to third-parties in ways different from what is disclosed in this Privacy Statement.
This Privacy Statement in incorporated into the SHI Terms and Conditions, which you agreed to when visiting the Website.
2. PERSONAL DATA WE COLLECT AND PROCESS
2.1. Information Automatically Collected
SHI may collect personal data about you and your use of the Website (regardless of whether you create a User profile) via automated means, such as cookies and similar technologies.
The automatically collected information may include:
- your computer's or mobile device's operating system;
- the application or software that you used to access our Website;
- the time you accessed our Website;
- your browser type, language configuration, clicks, and page views;
- the terminal with which you accessed our Website; and
- the websites you visited before accessing our Website.
This automatic collection and processing aims to administer the Website and obtain visit statistics to improve your experience as a visitor/User of our Website and Services.
The collection and storage of your personal data through cookies used on our Website is based on our legitimate interest (i) to ensure the proper functioning of our Website and (ii) to improve our knowledge of the audience of our Website.
2.2. Personal Data provided by you
2.2.1 Registration and User profiles
In order to use certain features of the Website (i.e. placing an order, or viewing information related to an account), a User must register for a User profile and be granted a username and password to access customized content. The following information is collected to constitute this User profile:
- the name of the company on behalf of whom such User is accessing the Website, and
- the User's name and contact information, including their phone number and email address.
In order to secure your profile, we also collect a password, which is protected by a cryptographic one-way hash function before being stored; and a security question and the answer to this question, both of which are encrypted, in order to enable you to recover your account should you forget your password.
The User may also opt to disclose additional information including default shipping addresses, organization codes, or cost centers to facilitate ordering and reporting.
The processing of your personal data for the creation of your user profile is based on the performance of pre-contractual measures taken at your request and/or performance of the contract concluded with you in relation to your access to customized content.
2.2.2 Job applications
The Website also offers the opportunity to apply online to SHI job openings. In order to apply online, the User must register a profile via our third-party recruiting platform. The following information is collected in the course of that process:
- the User’s name and contact information, including their phone number, email address and postal address;
- the User’s personal information featured in their resume.
This information is processed by SHI for recruitment and career management purposes, in compliance with this Privacy Statement and by third-party partners in accordance with their own privacy policies accessible here: https://www.icims.com/legal/privacy-notice-website/ .
The processing of your personal data for the evaluation of your job applications is based on the performance of pre-contractual measures taken at your request and/or performance of the contract concluded with you.
When you place an order with us or use an applicable form to order a product on the Website, we request the following information:
- shipping address (including recipient name and phone number, street, city, and country);
- billing address, if different from the shipping address (which requires the same information as for the shipping address); and
- credit card information.
This information is used for billing purposes, internal reporting, and to process and manage your order/s.
The processing of your personal data for confirmation, validation, collection of payment, tracking and shipping of your order/s is based on the performance of pre-contractual measures taken at your request and/or performance of the contract.
We may also process and store personal for the management of SHI accounting and tax obligations, which will be retain according to the legal retention period applicable.
2.2.4 Contact form
You may use the contact form to send a message to SHI, register for events, or request information, including in order to exercise your rights as detailed in this Privacy Statement. When filling out the contact form, we may request the following information:
- first name,
- last name,
- company/organization name,
- phone number,
- type of assistance required, and
- your message (via a free-form field).
This information is required to process your message, your registration and/or to answer your request.
The processing of your personal data is either based :
- on our legitimate interest to provide appropriate information in response to your requests ;
- on the performance of pre-contractual measures taken at your request and/or performance of the contract in relation to management of your questions and claims and follow-up of our exchanges with you (i.e. customer service) ;
- on compliance with SHI legal and regulatory obligations in relation to the management of your request to exercise your rights.
We propose various monthly publications. We request User consent prior to sending you any of these publications, and you may choose whether you subscribe to any of these publications.
Consent may either be given by the User upon registration for a User profile by expressly opting in to receive any of these publications, or at any time by visiting the subscription webpage on our Website. Reception of the publication is opt-in only, and the User must communicate an email address to subscribe to the chosen publication.
The User's email address is required in order to receive the publication.
You can choose to unsubscribe at any time, either by clicking on the link provided at the bottom of the publications, or by updating your preferences on the Update subscriptions webpage on our Website.
The processing of your personal data for the sending of publications is based on your consent.
2.2.6 Marketing communications
We may also processed your personal data, as detailed above, in connection with the marketing of our Services and offerings so that they are relevant to you, by email. This includes sending you product recommendations and other non-transactional communications about us and our affiliates and partners.
The User's email address is required in order to receive marketing communications.
The processing of your personal data for sending these communications is either based:
- on your prior separate consent, or;
- on our legitimate interest to conduct direct marketing to increase sales for similar products and services to those you have purchased or subscribed to .
You can always opt-out of such direct marketing communications.
3. DATA Retention
In accordance with article 5(1)(e) of the GDPR, SHI collects your personal data for the purposes detailed above and for the retention periods detailed below
SAfter the retention period ends, your personal data will be deleted or, when necessary to preserve our rights or when legally required, be placed in an archive database, and retained for an additional period.
|Access to and use of the Website||Ensure the proper functioning of the Website and improve visitor/user experience||Personal data are stored for the duration of the session.|
|Obtain audience statistics of the Website||Personal data are stored in an aggregate form (and therefore do not allow you to be identified).|
|Creation of User profile||Personal data are stored until the deletion of the account, or for 3 years from the date of your last activity.|
|Evaluation of jobs applications||Personal data are stored for 2 years as from the last contact with the data subject for data relating to unsuccessful job candidates.|
|Orders||Confirmation, validation, collection of payment and shipping||Personal data are stored for 3 years from the date of your purchase.
Personal data related to your credit card, shipping and billing addresses, will be stored for the duration of the transaction, and delivery (unless otherwise requested by the customer/user). .
|Accounting and fulfilment of tax obligations||Personal data are stored for a 10 years period from the financial year’s end.|
|Contact form (requests, claims, and exercise of rights)||Management of requests.||Personal data are stored for 1 year from the date of each request. .|
|Management of claims (i.e. consumer service)||Personal data are stored for 3 years from the date of each claim.|
|Exercising your rights||Personal data are stored for 1 to 6 years from the date of your request, depending on the right exercised. Where collection of evidence of identity is required, it is deleted as soon as the verification has been completed.|
|Sending publications||Personal data are stored until you unsubscribe or for 3 years from the date of your last activity.|
|Sending direct marketing communications||Personal data are stored for 3 years from the date of your last activity.|
4. PERSONAL DATA SHARING AND TRANSFER
4.1. Internal transfers
We inform you that your personal data collected and processed as described above may be transferred to our parent company, SHI International Corp., located in the United States. These transfers are necessary for the execution of our Terms and Conditions of Use, which you agree to when you navigate on our Website. In particular, the Website and the Services are hosted in the United States. As a consequence, the processing of your orders and subscriptions requires your personal data to be transferred to the United States.
In order to ensure the lawfulness of these transfers, when required, we have executed and implemented the European Commission Standard Contractual Clauses approved in Decision (EU) 2021/914/EC of 4th June 2021.
In addition, and as United States does not offer protection equivalent to that provided by the GDPR, SHI will ensure the implementation of additional measures to guarantee a level of protection for your personal data that is materially equivalent to that provided in the European Union and to ensure that such protection is effective.
4.2. Sharing of personal data with third parties
We inform you that we may share your personal data with third party service providers in order (i) to improve the manner in which we promote our Services, (ii) to provide the Services and features available on or through our Website, and (iii) to conduct certain activities such as order shipments, marketing assistance, postal and email delivery, customer service, data analysis, and recruitment. We also use a credit card processing company to bill users for goods and services.
These companies may have access to or process your personal data only as part for the purpose of providing these services for us. We have also ensured that our agreements with these third parties contain data protection clauses that guarantee appropriate safeguards to the User.
4.3 Sharing of personal data with activity sponsors
We inform you that we may share your personal data collected within the framework of an activity to which you register (name, company, email address) with identified sponsors of the activity.
You will in that case be informed of the purposes of any such further collection and processing of your personal data, and your consent will be requested prior to the sharing of your personal data with such sponsors.
These sponsors will use your personal data under their own responsibility towards you and in accordance with their own privacy policies. We have however ensured that our agreements with these sponsors contain data protection clauses by which sponsors undertake to comply with all applicable legal requirements (including pursuant to EU law) and standards and offer you appropriate safeguards in relation to the processing of your personal data that will be carried out.
This Website contains links to other sites. Please be aware that SHI is not responsible for the privacy practices of such other sites. We encourage our Users to be aware when they leave our Website and to read the privacy statements of each and every websites that collects personal data. This Privacy Statement applies solely to personal data collected by this Website.
6. USER'S RIGHTS
You have the following rights regarding your personal data that is collected and processed by us.
We will notify each recipient to whom your personal data has been disclosed when you notify us of a rectification or erasure of your personal data or a restriction of processing.
6.1. Right of access
You may request access to your personal data that we collect and process. Should you request such access, we will provide you with a copy of all your personal data in our possession as well as all legally required information, including:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients to whom the personal data have been or will be disclosed;
- the duration of storage of the personal data; and
- further information on your rights regarding your personal data.
6.2. Right to data portability
You have the right to portability of personal data that you provide to us and that we process by automated, where the processing we carry out is based on your consent or on the performance of a contract or pre-contractual measure, provided that exercising such right does not infringe third parties’ rights and freedoms.
This right allows you to receive your personal data in a structured, commonly used and machine-readable format in order for you to be able to transfer your personal data to another data controller or processor.
6.3. Right to rectification
You may, at any time, request that we rectify inaccurate or incomplete personal data about you, and we will proceed accordingly and promptly.
6.4. Right to erasure
You may request the erasure of your personal data provided that one of the following conditions apply:
- your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw your consent for the processing and there is no other legal ground for the processing (for example, this only relates to the personal data collected via the contact form or for our publications purposes);
- you exercise your right to object to the processing of your personal data, as detailed in section 6.5;
- your personal data was unlawfully processed; or
- your personal data has to be erased to comply with a legal obligation to which we are subject.
6.5. Right to object
Where your specific situation justifies it, you may object to the processing of your personal data where this processing is carried out in our legitimate interests, unless our legitimate interests overrides your own interest, rights and freedoms, or the processing is necessary for determining, exercising, or defending rights in a court of law.
You may also, at any time, object to the processing of your personal data by us when such processing is carried out for marketing purposes by email.
6.6. Right to restriction of processing
You may ask for the restriction of the processing of your personal data when one of the following applies:
- where you contest the accuracy of your personal data, you can request the restriction of the processing of your personal data for the period required to verify your claim;
- where the processing is unlawful, you may choose to request the restriction of the use of your personal data instead of requesting its erasure;
- if we no longer need your personal data for the purpose of the processing, but you require this data for the establishment, exercise or defense of legal claims; or
- where you objected to the processing of your personal data carried out in our legitimate interests, you may request the restriction of this processing while we investigate your claim.
We have implemented physical, organizational, and technical measures designed to appropriately protect our Users' personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration, misuse and any other unlawful form of processing of your personal data.
Access to the Website is, by default, encrypted and protected using TLS 1.2.
All User data is stored in database servers that cannot route traffic outside our internal network, and that have no access to the public Internet. Physical access to our servers is restricted; the servers are located in a datacenter that is only accessible to designated IT staff and is properly locked and off-limits to visitors.
All User passwords are stored using a one-way hash function. It is impossible for us to see what these passwords are; we can only verify that the hash value of what the User has entered matches the stored value. As a result we are unable to retrieve lost passwords under any circumstances. To facilitate the verification of User's identity by our employees, we also store a verification question and answer entered by the User. This information is encrypted to protect against theft, loss, alteration, or disclosure to unauthorized third parties, and revealed selectively to SHI employees when such verification is necessary.
In case of security breach, SHI will notify you, without undue delay, and in accordance with the GDPR.
8. THIRD PARTY WEBSITES
This Privacy Statement does not apply to, and we are not responsible for, any personal data practices of third-party websites or online services or the practices of third parties. To learn about the personal data practices of third parties, please visit their respective privacy statements or notices.
9. NOTIFICATION OF CHANGES
If we modify our Privacy Statement, we will post those changes on our Website, accessible from the home page and elsewhere, so our Users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. You can see when this Privacy Statement was last updated by checking the “Effective Date” displayed at the top of this Privacy Statement.
If at any point we decide to use personal data for purposes incompatible with those stated at the time it was collected, we will make reasonable efforts to notify Users of the change by sending a message to your email address or by displaying a banner requesting Users' consent to this change for two weeks before the change takes place. Users will have the option to request the deletion of their User profile and of their personal data. User continued use of the Website, and the Services, after the revised Privacy Statement has become effective indicated that you have read, understood, and agreed to the latest version applicable of the Privacy Statement, as indicated above.
10. NON-PERSONAL DATA
This Privacy Statement discloses the processing of any personal data revealed by our Users to SHI. The processing of any non-personal data is discussed in the SHI Terms and Conditions.
11. CONTACTING US AND EXERCISING YOUR RIGHTS
SHI International Corp. is the entity responsible for the processing of your personal data as described in this Privacy Statement. Should you have any question regarding this Privacy Statement or wish to exercise one of the rights detailed above, you may contact us at Privacy@shi.com or write us at:
- SHI International Corp.
290 Davidson Avenue
Somerset, NJ 08873
- SHI Global IT Solutions Ireland Limited (which is SHI’s data controller for the European Economic Area):
28-32 Pembroke Street Upper
- SHI Corporation UK Limited, (which is SHI’s data controller in the UK):
401 Grafton Gate
Milton Keynes, Buckinghamshire
England MK9 1AQ
Data protection representative: firstname.lastname@example.org
An identity verification document will be required should you wish to exercise one of your rights, in order to ensure that no third party can gain access to your personal data.
Should a disagreement arise (including where a dispute is not solved by an amicable settlement), you may submit a claim to the competent personal data protection authority.
In the European Economic Area, the Website targets Ireland, France, Netherlands, and the United Kingdom, whose data protection authorities are the following:
- in Ireland, the Data Protection Commission (Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2 D02 RD28), whose website is accessible at the following address: www.dataprotection.ie.
- in France, the CNIL (3 place de Fontenoy, TSA 80715 – 75334 Paris Cedex 07 – Telephone: 01 53 73 22 22), whose website is accessible at the following address: https://www.cnil.fr/;
- in the Netherlands, the Dutch Data Protection Authority (Bezuidenhoutseweg 30, 2594 AV Den Haag), whose website is accessible at the following address: www.autoriteitpersoonsgegevens.nl;
- in the United Kingdom, the ICO (Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF – Telephone: 0303 123 1113), whose website is accessible at the following address: https://ico.org.uk.