1. Home|
  2. Global Privacy Policy
Bg Image

Legal/Privacy

Safety Technology International, Inc.; STI (“We”/”Our”/”Us”) are committed to protecting and respecting your privacy.

Global Privacy Policy

Last Updated 10 September, 2024

INTRODUCTION

This Global Privacy Policy (“Policy”) tells you how the companies in the Safety Technology International group (the “Group”) collect and use your Personal Data (defined below). This privacy policy is issued on behalf of the Group so when we mention "we", "us" or "our" in this privacy policy, we are referring to the relevant company in the Group responsible for processing your data, which may be Safety Technology International Limited (company number: 05872791) of Taylor House, 34 Sherwood, Bromsgrove, Worcestershire, B60 3DR (hereafter known as “STI Limited”) or Safety Technology International Inc. (company number: 001-228) 2306 Airport Road, Waterford, Michigan 48327-1209 (hereafter known as “STI Inc”) .

Where STI Limited and STI Inc collect Personal Data (for example, when you interact with us through our website, mobile sites, applications, platforms and tools where this Privacy Policy appears or is linked, (collectively, the “Website”) or by email or telephone or in person), we act as a data controller with respect to the Personal Data. This means that we determine the purposes and means of the processing of that Personal Data. Insofar as we act as a data processor rather than a data controller, this policy shall not apply. Our legal obligations as a data processor are instead set out in the contract between us and the relevant data controller.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Policy and will respond to your queries about how we manage your Personal Data. You can contact our DPO:

(a) by post, to the postal addresses given above;

(b) using our Website contact form, or info@sti-usa.com;

(c) by telephone on +44 (0)1527 520 999 from Monday-Friday, 9:00 a.m. – 5:00 p.m. GMT. Or +001 248 673 9898 EST.

Please note that depending on where you (the individual and data subject) are located, different laws may apply to protect your Personal Data. This Policy refers to the UK and the EEA and also to the US and Canada territories in which Safety Technology International group companies operate.

Our Website and services are targeted at persons over the age of 18. If you are under 18, do not use our services, access the Website, or provide any information about yourself including, without limitation, your name, address, email address or any screen name or user name you may use. If we learn that we hold Personal Data of a person under that age in our databases, we will delete that Personal Data. If you believe we may have any information from or about a child under 18, please contact us.

This Privacy Policy was published on the date “Last Updated” above. We may update this Policy from time to time by publishing a new version on our Website. You should check this page occasionally to ensure you are aware of, and consent to, any changes to this Policy.

For UK and EEA territories (where the EU GDPR, UK GDPR and the Data Protection Act 2018 apply):

Any individual (and data subject) located in the UK and the EEA can expect their Personal Data to be protected by the European General Data Protection Regulation 2016/679, a version of which has been retained by the UK as the “UK GDPR” and introduced into national legislation as the Data Protection Act 2018.

1. The types of Personal Data we collect about you

Personal Data means any information (a) about an individual from which that person can be identified; (b) that is linked or reasonably linkable to an identified or identifiable individual or natural person, or (c) that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual or household. “Personal Data” will also include Personal Information, Non-Public Personal Information, and such other similar terms under applicable data privacy laws. Examples are below.

We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

  • Customer Relationship Data includes your name, your employer, your job title or role, your contact details, and information contained in correspondence between us and you or your employer. The source of the customer relationship data is you or your employer.
  • Financial Data includesbank account number, credit card number, debit card number, or any other financial information.
  • Transaction Data includes products or services you purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Correspondence Data may include the communication content and metadata associated with the communication. Our Website will generate the metadata associated with communications made using the Website contact forms.
  • Usage Data is information about how you interact with and use our Website, products and services. It includes IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system.
  • Marketing Data includes your preferences in receiving marketing from us and our third parties and your communication preferences and may include any information contained in an enquiry you submit to us regarding our goods or services.

We also collect, use and share aggregated data such as statistical or demographic data which is not Personal Data as individual data subject identities have been removed and such data is not linked or linkable to an individual data subject and it does not directly (or indirectly) reveal your identity. In some circumstances we will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. In the event we anonymise your Personal Data, we will take reasonable measures to ensure that the data cannot be associated with you, publicly commit to maintain the data and use the data only in anonymise form and not attempt to reidentify the data, and contractually obligate any recipients of the data to comply with these same requirements.

Please do not supply any other person’s Personal Data to us, unless we prompt you to do so.

2. How is your Personal Data collected?

We use different methods to collect data from and about you including through:

  • Your interactions with us. You may give us your Personal Data directly by filling in online forms or by corresponding with us by post, phone, email or otherwise:
    • apply for our products or services;
    • create an account on our Website;
    • subscribe to our service or publications;
    • request marketing to be sent to you;
    • enter a competition, promotion or survey; or
    • give us feedback or contact us.
  • Automated technologies or interactions. As you interact with our Website, we will automatically collect certain technical data about your equipment, browsing actions and patterns (“Technical Data”). We collect this Technical Data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details and note that you may refuse or accept the use of cookies using the cookiebot (which appears each time you access the Website).
  • Third parties or publicly available sources. We will receive Personal Data about you from various third parties and public sources as set out below:
    • Usage Data is collected from the following parties:
      • analytics providers such as Vercel, Google, Salesforce and Tawk.to;
      • advertising networks such as DoubleClick, Facebook, X, LinkedIn, Instagram, YouTube, Google; and
      • search information providers such as Facebook, X, LinkedIn, Instagram, YouTube, Google.
    • Personal Data is collected from the following parties:
      • Customer Relationship Data, Financial and Transaction Data is collected from providers of technical, payment and delivery services such as Salesforce.
      • Customer Relationship Data is collected from data brokers or aggregators such as Pardot, Salesforce and Tawk.to.
      • Customer Relationship Data is collected from publicly available sources such as Companies House and the Electoral Register based inside the UK.

3. How we use your Personal Data

Legal basis

The law requires us to have a legal basis for collecting and using your Personal Data. We rely on one or more of the following legal bases:

  • Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you or respond to your requests for information prior to deciding whether you want to contract with us.
  • Legitimate interests: We may use your Personal Data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • Legal obligation: We may use your Personal Data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
  • Consent: We rely on consent only where we have obtained your active agreement to use your Personal Data for a specified purpose, for example if you subscribe to an email newsletter.

Purposes for which we will use your Personal Data

  • To register you as a new customer; To manage our relationship with you which will include:
    • Notifying you about changes to our terms or Policy
    • Dealing with your requests complaints and queries
    • Communicating with you about our products
    • Keeping records of those communications
    • Type of data:
      • Customer Relationship Data
      • Correspondence Data
    • Legal basis:
      • Performance of a contract with you
      • Necessary to comply with a legal obligation
      • Our legitimate interest in communicating with existing and previous clients
  • To administer and protect our business and the Website (including troubleshooting data analysis testing system maintenance use patterns of the Website support reporting and hosting of data).
    • Type of data:
      • Usage Data
    • Legal basis:
      • Necessary for our legitimate interests (for running our business provision of administration and IT services network security to prevent fraud and in the context of a business reorganisation or group restructuring exercise) namely monitoring and improving our Website and services
      • Necessary to comply with a legal obligation
  • To deliver relevant Website content and online advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
    • Type of data:
      • Customer Relationship Data
      • Correspondence Data
      • Usage Data
      • Marketing Data
    • Legal basis:
      • Necessary for our legitimate interests (to study how customers use our products/services to develop them to grow our business and to inform our marketing strategy)
  • To use data analytics to improve our Website products/services customer relationships and experiences and to measure the effectiveness of our communications and marketing.
    • Type of data:
      • Usage Data
    • Legal basis:
      • Necessary for our legitimate interests (to define types of customers for our products and services to keep our Website updated and relevant to develop our business and to inform our marketing strategy)
  • To send you relevant marketing communications and make personalised suggestions and recommendations to you about goods or services that may be of interest to you based on your Personal Data.
    • Type of data:
      • Correspondence Data
      • Usage Data
      • Marketing Data
    • Legal basis:
      • Necessary for our legitimate interests (to carry out direct marketing develop our products/services and grow our business)
      • Consent having obtained your prior consent to receiving direct marketing communications
  • To carry out market research through your voluntary participation in surveys.
    • Type of data:
      • Customer Relationship Data
      • Correspondence Data
    • Legal basis:
      • Based on our contract with you
      • With your consent
      • Necessary for our legitimate interests (to study how customers use our products/services and to help us improve and develop our products and services)

Direct marketing

You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving the marketing.

We may also analyse your Usage Data to form a view which product, services and offers may be of interest to you so that we can then send you relevant marketing communications.

Third-party marketing

We will get your express consent before we share your Personal Data with any third party for their own direct marketing purposes.

Opting out of marketing

You can ask us to stop sending you marketing communications at any time by following the opt-out links within any marketing communication sent to you or by contacting us at marketing@sti-usa.com

If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes.

3. Disclosures of your Personal Data

We may share your Personal Data where necessary with the parties set out below for the purposes we have identified in the table above.

We may disclose your Personal Data to

  • our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
  • distributors, resellers, suppliers or subcontractors insofar as reasonably necessary for purpose of supplying you goods or services you have purchased, or as necessary to help respond to an inquiry from you, and for the purpose of keeping proper records of those transactions.
  • service providers insofar as reasonably necessary for the purpose of these third parties providing us with business, professional, or technical support services and/or administering activities on our behalf.
  • any of our appointed European manufacturer sales representative for the purposes of providing you with information relating to our products and services throughout Europe and to help them develop a relationship and assist in responding to an inquiry from you throughout Europe.
  • parties that assist us in performing analytics and help us measure the effectiveness of the Website and our marketing and advertising efforts.
  • other entities within our family of brands to fulfil any purpose described in this Policy.
  • other companies with whom we partner to provide the Website and our services, to promote our products, services, offers, contests, or other promotions to our customers, and carry out other activities described in this Policy.
  • third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this privacy policy.

In addition to the specific disclosures of Personal Data set out above, we may disclose your Personal Data where such disclosure is necessary (a) for compliance with a legal obligation to which we are subject, (b) to investigate and prevent against fraud and other illegal activity; (c) to protect our rights, privacy, safety, property, and/or those of others, (d) to allow us to pursue available remedies or limit damages that we may sustain, or (e) in order to protect your vital interests or the vital interests of another natural person. We may also disclose your Personal Data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

We may also disclose your Personal Data to government and public authorities as necessary or permitted by the laws of any jurisdiction in which we operate, including in response to a subpoena, court order, investigative demand, request for cooperation from a law enforcement agency, or similar request from a self-regulatory body or government agency.

We may disclose your Personal Data for other reasons described at the time of information collection or prior to disclosing your information. Additionally, we may disclose your Personal Data with your consent or when you direct us to do so.

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our written instructions (we enter into data processing agreements or data sharing agreements with them, to comply with legal requirements).

4. International transfers

Information may be held at our offices and those of our group companies, third party agencies, service providers, representatives and agents as described above (see above: “Disclosures of your Personal Data”). Some of these third parties may be based outside the country where we originally collected your Personal Information.

Whenever we transfer your Personal Data out of the country where we originally collected your Personal Data , we ensure a similar degree of protection is afforded to it by ensuring that either :

  • the transfer is to a territory which is the recipient of an adequacy decision; or
  • we use specific contracts approved for use in the country where we originally collected your Personal Data (depending on where the Personal Data originates from) to ensure the recipients of your Personal Data give it the same protection it has in the country where we originally collected your Personal Data.
  • Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the country where we originally collected your Personal Data.

In the rare event that you are located in the EEA or the UK and may make an enquiry or place an order for a product that we consider would be better met by members of our group of companies based in the US, we may transfer your Personal Data (contact details including your name, Company name, delivery address and email address and contact telephone number) to our US company, and where there is a need for us to do so for the purpose of better meeting your contractual (or pre-contractual) requirements, we will rely on the derogation provided by article 49(1)(b) of GDPR to make this transfer of an individual client’s Personal Data. In most cases, you will be aware of (or we will make you aware of) the need to transfer your Personal Data and you, as the data subject, may give your consent to the transfer (in which case, the transfer will be made under the derogation set out in article 49(1)(a) of GDPR).

5. Data security

We have put in place reasonable and appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Please note, however, no system can be completely secure and transmissions over the internet are never entirely secure. Therefore, although we take steps to secure your information, we cannot guarantee your information, searches, or other communications will always remain secure. Any such transmission of information by you is at your own risk.

6. Data retention

How long will you use my Personal Data for?

We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

Different retention periods apply for different types of Personal Data. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of Personal Data; the potential risk from unauthorized use or disclosure of the Personal Data; the purpose(s) for which we use or may use the Personal Data; whether we can achieve the purpose(s) through other means; and the applicable legal requirements. By law we have to keep basic information about our customers (includingCustomer Relationship Data, Financial Data, and Transaction Data) for seven years after they cease being customers for tax purposes.

7. Do Not Track

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference in certain web browsers. DNT is a HTTP header field which allows individuals to opt out of being tracked across multiple websites, as well as the use or sharing of such cross-contextual data or inferences derived from it. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. We are committed to providing you with meaningful choices about the information on our Website for third party purposes and that is why we provide the variety of opt-out mechanisms described in this Policy. However, we do not currently respond to DNT browser signals.

8. Third Party Websites

We are not responsible for, and this Policy does not address, the privacy practices of other third parties, such as Facebook, Apple, Google, Microsoft, or any other app developers, social media platforms, operating system providers, wireless or telecommunications service providers, or device manufacturers. If, in your interactions with the Website, you are linked or directed to, or click on, a third-party website, we cannot control what information you may provide to that party or on that website, and we are not responsible for how that party may use or disclose any information you may provide to them. This is not as an endorsement by us of any third-party website, content that may be offered on such third party website, or of any products or services provided by such third party. We do not control, nor are we responsible for, such third-party websites, product or service offerings. As such, we urge that you exercise caution before providing them with your Personal Information and to review the third party’s privacy policy for information on its data processing practice.

You should contact the site administrator for such third-party website if you have any complaints, claims, concerns or questions regarding such third party website or its privacy practices.

GDPR AND UK GDPR

1. Your legal rights under GDPR and UK GDPR

In some regions, like the European Economic Area and the UK, you have a number of rights under data protection laws in relation to your Personal Data.

You have the right to:

  • Request access to your Personal Data (commonly known as a "subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your Personal Data in certain circumstances. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
  • You also have the absolute right to object any time to the processing of your Personal Data for direct marketing purposes.
  • Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your Personal Data (see the table in Section 4 for details of when we rely on your consent as the legal basis for using your data). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in one of the following scenarios:
    • If you want us to establish the data's accuracy;
    • Where our use of the data is unlawful but you do not want us to erase it;
    • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

If you wish to exercise any of the rights set out above, please contact us at {info@sti-usa.com}

2. No fee usually required

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

3. What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

4. Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

5. Complaints

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

FOR USA

Where individuals are located in the USA, the EU and UK legislation does not apply and the national and federal privacy laws of the USA and the relevant state will be applicable.

This Section supplements the information contained in the above Policy and applies solely to all visitors, users, and others who reside in the State of California, Colorado, Connecticut, Iowa, Montana, Oregon, Texas, Utah, Virginia, ("consumers" or "you"). We adopt this notice to comply with the California Shine the Lights law, the California Consumer Privacy Act of 2018 (CCPA), the California Privacy Rights Act of 2020 (CPRA), the Colorado Privacy Act of 2021, the Connecticut Data Privacy Act of 2022, the Iowa Consumer Data Protection Act of 2023, the Montana Consumer Data Privacy Act of 2024, the Oregon Consumer Privacy Act of 2024, the Texas Data Privacy and Security Act of 2024, the Utah Consumer Privacy Act of 2022, the Virginia Consumer Data Protection Act of 2023, and certain other privacy and data protection laws, as applicable (collectively, the "Statutes"). Any terms defined in the Statutes will have the same meaning when used in this Section. Any terms used in this Section but undefined herein shall have the meaning provided in the Privacy Policy.

1. Personal Data We Collect About You

We may collect and process the following Personal Data (data that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household) about you:

Categories of Personal Information Collected

  • Category A - Identifiers
    • Examples: A real name alias postal address unique personal identifier online identifier Internet Protocol address email address account name social security number driver’s license number passport number or other similar identifiers.
    • Collected: Yes
  • Category B - Customer records information (i.e. Information that identifies relates to describes or is capable of being associated with a particular individual)
    • Examples: Name signature social security number physical characteristics or description address telephone number passport number driver’s license or state identification card number insurance policy number education employment employment history bank account number credit card number debit card number or any other financial information medical information or health insurance information.
    • Collected: Yes
  • Category C - Characteristics of protected classifications under state or federal law
    • Examples: Age (40 years or older) race color ancestry national origin citizenship religion or creed marital status medical condition physical or mental disability sex (including gender gender identity gender expression pregnancy or childbirth and related medical conditions) sexual orientation veteran or military status genetic information (including familial genetic information).
    • Collected: No
  • Category D - Commercial information
    • Examples: Records of personal property products or services purchased obtained or considered or other purchasing or consuming histories or tendencies.
    • Collected: Yes
  • Category E - Biometric information
    • Examples: Retina or iris scan fingerprint voiceprint or scan of hand or face geometry.
    • Collected: No
  • Category F - Internet or other electronic network activity information
    • Examples: Browsing history search history and information regarding a consumer’s interaction with an Internet website application or advertisement.
    • Collected: Yes
  • Category G - Geolocation data
    • Examples: Physical location or movements.
    • Collected: Yes
  • Category H - Sensory data
    • Examples: Audio electronic visual thermal olfactory or similar information.
    • Collected: No
  • Category I - Professional or employment-related information
    • Examples: Place of employment position job history salary resume and other related data.
    • Collected: Yes
  • Category J - Education information defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA)
    • Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf such as grades transcripts class lists student schedules student identification codes student financial information or student disciplinary records.
    • Collected: No
  • Category K - Sensitive Personal Information
    • Examples:
      • (1) Personal Information that reveals: a person’s social security driver’s license state identification card or passport number; a person’s account log-in financial account debit card or credit card number in combination with any required security or access code password or credentials allowing access to an account; a person’s precise geolocation; a person’s racial or ethnic origin religious or philosophical beliefs or union membership; the contents of a person’s mail email and text messages unless the business is the intended recipient of the communication; or a person’s genetic data.
      • (2) The processing of biometric information for the purpose of uniquely identifying a consumer;
      • (3) Personal Information collected and analysed concerning a consumer’s health or Personal Information collected and analysed concerning a consumer’s sex life or sexual orientation.
    • Collected: No
  • Category L - Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences characteristics psychological trends predispositions behaviour attitudes intelligence abilities and aptitudes.
    • Examples: An inference is essentially a characteristic deduced about a consumer (such as ‘married’ ‘homeowner’ ‘online shopper’ or ‘likely voter’) that is based on other information a business has collected.
    • Collected: No

2. Shine the Light Law

California Civil Code Section 1798.83, also known as the "Shine The Light" law permits individuals who are California residents to request and obtain from us, once a year and free of charge, information about categories of Personal Information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared Personal Information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

3. Personal Information we sold or disclosed for a business purpose

In the preceding 12 months, we have sold to one or more third parties the following categories of Personal Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:

  • Category A - Identifiers
  • Category B - Customer records information
  • Category D - Commercial information
  • Category F - Internet or other electronic network activity information
  • Category G - Geolocation data
  • Category I - Professional or employment-related information

In the preceding 12 months, we have disclosed for a business purpose to one or more third parties the following categories of Personal Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:

  • Category A - Identifiers
  • Category B - Customer records information
  • Category D - Commercial information
  • Category F - Internet or other electronic network activity information
  • Category G - Geolocation data
  • Category I - Professional or employment-related information

4. Your rights under the CCPA and CPRA

You may have the right under the CCPA and CPRA, as applicable, to exercise free of charge:

Disclosure of Personal Information We Collect About You

  • You have the right to know:
    • The categories of Personal Information we have collected about you
    • The categories of sources from which the Personal Information is collected
    • Our business or commercial purpose for collecting or selling Personal Information
    • The categories of third parties with whom we share Personal Information, if any
    • The specific pieces of Personal Information we have collected about you
  • Please note that we are not required to:
    • Retain any Personal Information about you that was collected for a single one-time transaction if in the ordinary course of business that information about you is not retained
    • Reidentify or otherwise link any data that in the ordinary course of business is not maintained in a manner that would be considered Personal Information
    • Provide the Personal Information to you more than twice in a 12-month period

Personal Information Sold, Shared, Disclosed or Used for a Business Purpose

  • In connection with any Personal Information we may sell or disclose to a third party for a business purpose, you have the right to know:
    • The categories of Personal Information about you that we sold and the categories of third parties to whom the Personal Information was sold
    • The categories of Personal Information that we disclosed about you for a business purpose
  • You have the right under the California Consumer Privacy Act of 2018 (CCPA) and certain other privacy and data protection laws, as applicable, to opt-out of the sale of your Personal Information. If you exercise your right to opt-out of the sale of your Personal Information, we will refrain from selling your Personal Information unless you subsequently provide express authorization for the sale of your Personal Information. To opt-out of the sale of your Personal Information, visit our homepage and click on the Do Not Sell My Personal Information link here: [Americas URL] & [EMEA URL].

Right to Limit Use and Disclosure of Sensitive Personal Information

  • You have the right to opt-out of the use and disclosure of your sensitive Personal Information for anything other than supplying requested goods or services.
  • Note: We do not collect any Sensitive Personal Information.

Right to Correction

  • You have the right to request correction of inaccurate Personal Information maintained by us about you. Upon receipt of a verifiable request from you, we will use commercially reasonable efforts to correct the inaccurate Personal Information.

Right to Deletion

  • Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
    • Delete your Personal Information from our records; and
    • Direct any service providers to delete your Personal Information from their records.
  • Please note that we may not delete your Personal Information if it is necessary to:
    • Complete the transaction for which the Personal Information was collected, fulfil the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
    • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
    • Debug to identify and repair errors that impair existing intended functionality;
    • Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
    • Comply with the California Electronic Communications Privacy Act;
    • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
    • Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
    • Comply with an existing legal obligation; or
    • Otherwise use your Personal Information internally in a lawful manner that is compatible with the context in which you provided the information.

Protection Against Discrimination

  • You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:
    • Deny goods or services to you;
    • Charge different prices or rates for goods or services, including through the use of discounts or other benefits, or imposing penalties;
    • Provide a different level or quality of goods or services to you; or
    • Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
  • Please note that we may charge a different price or rate or provide a different level or quality of goods and/or services to you if that difference is reasonably related to the value provided to our business by your Personal Information.

5. Your rights under other state privacy laws

Colorado, Connecticut, Iowa, Montana, Oregon, Texas, Utah, Virginia, also provide consumers who are residents of these states with certain rights regarding their Personal Data. This Section describes the rights you may have under these state privacy laws, under certain circumstances and subject to certain exceptions. Please contacts us if you have any questions about your rights under these state privacy laws.

Consumer Rights

  1. The Right to Opt-Out
    • You may have the right to opt-out of the processing of Personal Data concerning you for the purposes of:
      • Targeted Advertising;
      • The Sale of Personal Data; or
      • Profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.
    • Applies to residents of: Colorado, Connecticut, Iowa, Montana, Oregon, Texas, Utah, Virginia
  2. The Right of Access
    • You may have the right to confirm whether we are processing Personal Data concerning you and to access your Personal Data.
    • Please note there may be restrictions on how often you may exercise this right.
    • Applies to residents of: Colorado, Connecticut, Iowa, Montana, Oregon, Texas, Utah, Virginia
  3. The Right to Correction
    • You may have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.
    • Applies to residents of: Colorado, Connecticut, Montana, Oregon, Texas, Virginia
  4. The Right to Deletion
    • You may have the right to delete Personal Data concerning you or to request that we delete Personal Data provided by or obtained about you.
    • Applies to residents of: Colorado, Connecticut, Iowa, Montana, Oregon, Texas, Utah, Virginia
  5. The Right to Data Portability
    • You may have the right to obtain a copy of your Personal Data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.
    • Please note there may be restrictions on how often you may exercise this right.
    • Applies to residents of: Colorado, Connecticut, Iowa, Montana, Oregon, Texas, Utah, Virginia
  6. The Right to Appeal
    • We hope that we can resolve any query or concern you raise about our use of your Personal Data. However, if we do not take action on your request to exercise any of your rights, we will inform you without undue delay after the receipt of the request for not taking action. You may appeal any decision we have made about your request by following the instructions in the communication you receive from us notifying you of our decision.
    • Applies to residents of: Colorado, Connecticut, Iowa, Montana, Oregon, Texas, Virginia

6. How to exercise your rights.

If you would like to exercise any of your rights as described in this Section, please:

  • Complete a data subject request form available on our Website;
  • Call us, toll-free, at 800 888 4784; or
  • Email us at marketing@sti-usa.com.

Please note that you may be restricted on the number of data access or data portability disclosures you may make within a 12-month period.

We will take steps to verify your identity before granting you access to your Personal Information or complying with your request. In order to help protect your privacy and maintain security, you will need to provide us with:

  • Enough information to identify you (e.g., your full name, address, email address, telephone number, birth date, or customer or matter reference number);
  • Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
  • A description of what right you want to exercise and the information to which your request relates.

In addition, if you ask us to provide you with specific pieces of Personal Information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose Personal Information is the subject of the request.

You may use a representative, called an "authorized agent," to submit a request to us.

In some states, an authorized agent must be a natural person, or a business entity registered with the appropriate Secretary of State, that you have authorized to act on your behalf.

In order to protect your privacy, we require you to confirm that you have provided the authorized agent permission to submit the request and you must provide the authorized agent with signed permission. "Signed" means that the written attestation, declaration, or permission has either been physically signed or provided electronically pursuant to the Uniform Electronic Transactions Act. In California, an authorized agent that has power of attorney pursuant to California Probate Code section 4121 to 4130 must submit proof of statutory power of attorney, but in such cases, consumer verification will not be required.

We may deny a request from an authorized agent that does not submit proof that they have been authorized to act on your behalf. Requests submitted by an authorized agent will still require verification of the person who is the subject of the request in accordance with the process described above.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.

Any Personal Information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.

SURVEYS & CONTESTS

From time-to-time STI-USA.com requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user, therefore, has a choice whether or not to disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as zip code and age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use and satisfaction of this Website.

COOKIE POLICY

A cookie is a small text file that is placed on your computer’s hard drive by your web browser when you first visit our Website. The cookie collects Personal Data allowing us to identify you and find out details about your last visit to the Website.

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. You are entitled to choose to disable cookies however, if you choose not to accept our cookies, we cannot guarantee that your experience with the Website will be as quick or responsive as if you do receive cookies. We use the entrust.com cookie tool to enable you to choose to accept or reject cookies.

We use cookies for the following purposes:

(a) Security – we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our Website and services generally.

(b) Analysis – we use cookies to help us to analyse the use and performance of our Website and services. Cookies used for this purpose are:

  • (cookies beginning with) _ga*
  • _gid
  • cookie_aweber_referrer_id)]];

Our service providers use cookies and those cookies may be stored on your computer when you visit our Website.

We use Google Analytics to analyse the use of our Website. Google Analytics gathers information about website use by means of the gtag.js and analytics.js set cookies. The information gathered relating to our Website is used to create reports about the use of our Website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/. The relevant cookies are:

  • _ga
  • _gid
  • _gat
  • AMP_TOKEN
  • _gac_<property-id>

Any other relevant cookies listed at: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage