Privacy Policy
About us and this policy
Shaw/Scott respects your privacy and is committed to maintaining the privacy and confidentiality of the personal information we collect. This Privacy Policy explains what types of information we collect when our Clients work with us, when you use our website, interact with our digital platforms, when we meet you and when you contact us. We've set out below how we use personal information, how we share it with others, how you can manage the information we hold and how you can contact us.
This Privacy Policy applies to the shawscott.com website and all related websites ("Site"), any of our centrally-hosted software applications and solutions ("Systems"), and the services delivered to our Clients. This Privacy Policy does not apply to any third-party site or service linked to our Site or Systems or recommended or referred through our products or services, or by our staff.
We are made up of a number of individual companies. Shaw/Scott is a trading name of Shaw/Scott, Inc., and our associated companies – please see the end of this Privacy Policy for a list of our associated companies. Where this policy refers to "we," "our," "us," or "Shaw/Scott" it's referring to the particular company that is the controller of your personal information.
The controller of any personal information submitted to, and collected by, our Site is Shaw/Scott, Inc. The controller and/or processor of any personal information provided to us when we provide a service to you will depend on which company you are dealing with or which company runs the particular service you are accessing. We act as a controller in respect of any personal information provided to us by our Client where we use it for our own purposes and we decide how it is used (such as contact information). We act as a processor in respect of any personal information that our Client submits to our Systems in connection with its receipt and use of our services and the Systems – in this case, our Client is the controller of that information and we only process it in accordance with our Client's instructions and the contract we have with our Client.
Application of local laws
This Privacy Policy is designed to provide compliance with all relevant applicable laws in North America, the European Economic Area (EEA) and the UK, in particular those transposing the General Data Protection Regulation (2016/679) and the California Privacy Rights Act (CPRA). Shaw/Scott recognizes that certain laws might be modified to require stricter standards than those described in this Privacy Policy, in which case we will ensure compliance with those stricter standards. This commitment extends to state-specific privacy laws across the United States, and we shall comply with any state law that provides a higher standard of privacy protection than is stipulated in this policy.
Shaw/Scott will handle personal information in accordance with local law at the place where the personal information is collected. If applicable law provides for a lesser degree of protection of personal information than that established by this Privacy Policy, then this Privacy Policy shall prevail.
How we collect personal information
Shaw/Scott may collect personal information from you when you visit our Site and when we provide services to you. In line with GDPR and related requirements, we will only collect personal information where we have a lawful basis to do so, and we will provide clear notice to you at the point of collection.
We may also process personal information when our Client uses our services or Systems – in this case, we process personal information on behalf of our Client as a processor. When we act as a processor, we will comply with our legal obligations under the applicable regulations, including respecting the rights of data subjects and assisting the controller in meeting their regulatory obligations.
Information We Collect Automatically
We may use technologies such as cookies and pixel tags to provide, monitor, analyze, promote and improve the Site and Systems. For example, if you use one of our Systems, a cookie may be used to remember your identifier when you return to the System and to improve our understanding of how you interact with the System. You can block cookies on your web browser; however please be aware that some features of the System may not function properly if the ability to accept cookies is disabled. We shall always seek your consent before using cookies or similar technologies, where this is required by law.
Log Files
When you visit our Site or use one or more of our Systems, our servers automatically record certain information in server logs. These server logs may include information such as your web request, Internet Protocol ("IP") address, browser type, referring/exit pages and URLs, number of clicks and how you interact with links on the Site and/or System, domain names, landing pages, pages viewed, mobile carrier, and other such information. Log files help us to monitor, analyze, improve and maintain the Site and Systems and to diagnose and fix any Site and System-related issues. Any log files containing personal data will be treated in accordance with relevant regulatory requirements, including ensuring appropriate security and limited retention.
Device Identifiers
When you access any of our Site or Systems using a mobile device, we may collect specific device information contained in your mobile device's "device identifier." This device identifier includes information such as the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may use data associated with your device identifier to customize our Systems to your device and to analyze any device-related issues. As required under GDPR and CPRA, we will only collect this information where we have a lawful basis, and we will take all necessary steps to protect this information.
Information You Provide to Us
We collect personal information, such as name, phone number, email address, and other information you enter directly onto or in connection with our Site. This information may be requested when visitors to our Site request certain information about Shaw/Scott products and services.
We collect personal information when you use our services. This includes information provided when you inquire about using our services, engaging our services, posting material or requesting further services, managing your account (including accessing documentation and engaging in correspondence with us by phone, email or otherwise). If you complete any surveys that we request you complete for research purposes, we will collect information in such circumstances as well. The information you give us includes your name, address, email address and phone number, inquiry details and may include records of any correspondence and responses to any surveys.
Any information provided to us in this section is for internal use only, for the purposes of tailoring services and improving the client experience, and is not sold or otherwise transferred externally. If in any case you wish to have your personal information deleted, please contact us at privacy@shawscott.com.
Customer Data and Content
Our services engagement with our Clients may involve our Clients providing information about its own customers to us, which may include: names, customer ID, email address, address, phone, email, optional profile information and/or web-related event data (together, the "Customer Data"). In addition, our Client's use of one or more of our Systems and related services may involve providing content to us, which may include personal data relating to our Client's clients or other individuals (for example, copies of emails sent to its customers and coupon codes) (together, the "Content").
Shaw/Scott is a processor in respect of Customer Data alongside any personal information contained in the Content and we process such personal information in accordance with our Client's instructions, GDPR and/or other relevant regulatory requirements, and the contract we have with our Client.
Shaw/Scott does not own any of the Content that is input or uploaded by clients for use within our Systems. If a Client’s customer requests that their personal information be deleted, a right outlined by GDPR amongst other privacy regulations, clients will be able to manage the deletion from our Systems by (i) deleting the Content directly through the System user interface where applicable, (ii) deleting the record from the source that provides data to our Systems, and/or (iii) sending a request to privacy@shawscott.com so that we may delete any historical data stored for that customer.
Social Media Platforms
We may receive certain information that's stored or processed by third-parties, such as social media sites Facebook®, Twitter® and LinkedIn® when you interact with us through these social media platforms.
Our Sites may also include social media features such as the Facebook "Like" button, and widgets such as the "share this" button. These features may collect your IP address as well as details of the pages you are visiting on our Sites. Social media features and widgets are either hosted by a third-party or hosted by our Sites. Each social media platform may have its own privacy notices that specifically govern its use of social media features.
How we use personal information
We use personal information in the following ways and for the following purposes:
Where you have provided CONSENT
We may use and process your personal information where you have consented for us to do so to contact you via email, mail or phone with marketing information about our services if you engage with us, whether online or otherwise and indicate that you would like to receive such marketing from us; (ii) sign up to our newsletter, updates or blog via our Site or other medium where available; or (iii) when you refresh your marketing preferences when responding to a request from us to do so.
You can withdraw your consent at any time by contacting us (see 'Contacting Us' below) or, in relation to any marketing messages you receive, by using the unsubscribe option included in those messages.
Where it is necessary for CONTRACTUAL PERFORMANCE
We may use and process your personal information where we have supplied you (or continue to supply you) with any services, where we have arranged for the supply of another company's products or services to you, or where you are in discussions with us about any new product or service. We use this information for the purpose of carrying out contracted services. Please see above for the type of personal information we may process about you to fulfill this purpose.
Where there is a LEGAL OBLIGATION
We will use your personal information to comply with our legal requirements. For example: (i) to assist an industry authority investigation or public authority or criminal investigation body; (ii) to identify you when you contact us; (iii) to respond to your exercise of your legal rights under data protection law; and/or (iv) to verify the accuracy of data we hold about you.
Where there is a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, or that of a third-party, for the following purposes:
-
To provide you with information about our products and services where you have requested this;
-
To analyze, evaluate and improve our services so that your engagement with us is more useful and enjoyable;
-
For analysis to inform our marketing strategy, and to enhance and personalize your customer experience (including to improve the recommendations we make to you on our Site);
-
For service and product development purposes (for example to improve our services, offering and performance);
-
To undertake market analysis and research (including contacting you with surveys) so that we can better understand your needs and provide tailored and bespoke offers and services that we think you will be interested in;
-
For marketing activities (with your consent) with information about our products and services or share your details with third-parties to do the same;
-
To contact you from time to time with marketing information (unless you object) if you have expressly indicated to us that you are acting on behalf of a business or where we have obtained your business contact details from a third-party. In relation to any such information we send by email, we will include an option allowing you to object to receiving future messages by unsubscribing;
-
In some cases we may use automated methods to analyze, combine and evaluate information that you have provided to us – we will anonymize personal information before doing so in accordance with GDPR's privacy principles. We collect and analyze this information in this way so that we can deliver the most appropriate customer experience to you by tailoring and making relevant all our service and communications;
-
To identify and record when you have received, opened or engaged with our website or electronic communications;
-
To contact you with targeted advertising delivered online through social media and other platforms operated by other companies;
-
To correspond or communicate with you;
-
To verify the accuracy of data that we hold about you and create a better understanding of you as a client;
-
For network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorized access;
-
To take appropriate action if we have a good faith belief, or have received a complaint alleging, that any Content or your use of our Site and/or Systems is in violation of our Acceptable Use Guidelines;
-
For prevention of fraud and other criminal activities;
-
To comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
-
For the management of queries, complaints, or claims;
-
For the establishment and defense of our legal rights; and
-
To inform you of updates to our terms and conditions and policies.
Data anonymization and use of aggregated information
Your information may be converted into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from it. This process is conducted in accordance with GDPR guidelines for anonymization and pseudonymization, and as such, anonymized and aggregated data cannot be linked back to you as a natural person. We may use this data for analytical and research purposes in order to better understand the manner in which our Site and Systems are being used.
Others who may receive or have access to personal information
We may share the information we collect from you with third-parties as detailed below.
At Your Request
As a processor, we will display your Content within the Systems or any third-party applications only as directed by you. If you elect to use a third-party application to access any of our Systems, then we may share or disclose your Content with that third-party application as directed by you. Whenever data is shared and/or disclosed in this manner, we maintain GDPR-mandated safeguards. However, please remember that we are not responsible for the privacy practices of such third-parties so you should make sure you trust the application and that it has a privacy policy acceptable to you.
With Trusted Service Providers and Business Partners
We may utilize trusted third-party service providers to assist us in delivering our services and/or Systems. For example, we may use third-parties to help host our Site and Systems, send out email updates, and process payments. Such third-parties may include cloud service providers (such as hosting and email providers), advertising media companies, photographers, printers, solicitors, accountants, advisors and administrative services. These service providers may have access to your information for the limited purpose of providing the service we have contracted with them to provide. We may also store personal information with third-party service providers (for instance, on databases co-located with hosting providers). These trusted third-parties are assessed for GDPR-compliant practices and security on a regular basis, and are required by contract to handle data in a manner compliant with relevant regulation.
With Law Enforcement or In Order to Protect Our Rights
We may disclose your information (including personal information) if required to do so by law or court order. We may also disclose your information to our professional advisors, governmental authorities or law enforcement if we believe that it is reasonably necessary to do so in order to comply with a law or regulation; to protect the safety of any person; to address fraud, security or technical issues; or to protect Shaw/Scott's rights or property.
In an Aggregate and Anonymized Manner
We may disclose aggregate, anonymized information (such as aggregate and anonymous usage data, platform types, etc.) about the overall use of our Site or Systems publicly or with interested third-parties to help them understand, or to help us improve, the Site or Systems. Any disclosure in this manner will maintain the protection and privacy of your personal information.
In Connection With a Sale or Change of Control
If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Site, services, and Systems can continue to operate. In such a case, your information would remain subject to the promises and commitments contained in this Privacy Policy until such time as this Privacy Policy is updated or amended by the acquiring party.
Where we store personal information
Because we operate as a global business, your personal information may be transferred to, stored, and processed in other countries, which may include countries that are not regarded as ensuring an adequate level of protection for personal information under European Union and UK laws.
We have put in place appropriate safeguards (such as data encryption at rest and transit, contractual commitments, and GDPR-approved standard contractual clauses where applicable) in accordance with applicable legal requirements to ensure that your personal information is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details contained in the Contacting Us section below.
If you use our Site, Systems or services while you are outside the EEA or the UK, your information may be transferred outside the EEA/UK in order to provide you with those services.
How long we keep personal information
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than is necessary.
We may need your personal information to establish, bring or defend legal claims. For this purpose, when acting as a controller we will always retain your personal information for 2 years after the date it is no longer needed by us for any of the purposes listed under How We Use Personal Information above. The only exceptions to this are where:
-
The law requires us to hold your personal information for a longer period, or delete it sooner;
-
You exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Erasing your personal information or restricting its processing below); or
-
In limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.
As a processor, we retain personal information for Client’s customers for the length of time stated in our contract with our Client, which varies depending on the type of services you use, or until our Client deletes it. Once our contract ends, unless otherwise instructed by our Client, we will delete all Client customer data within 30 days of the end of the contract.
Our website - security and links to other sites
Although we will do our best to protect your personal information, we cannot guarantee the security of your information when and if transmitted to our website and, accordingly, any transmission is at your own risk. Once we have received your personal information, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorized access.
Our Site and the Systems may contain links to other websites run by other organizations. This statement does not apply to those other websites, so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links that we provide. In addition, if you link to our Site from a third-party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party website and recommend that you check the policy of that third-party website.
Cookies
Like many other websites, our website uses cookies (including Google Analytics cookies to obtain an overall view of visitor habits and visitor volumes to our website. Their privacy policies can be viewed directly on the Google website). 'Cookies' are small pieces of information sent to your computer or device and stored on its hard drive to allow our websites to recognize you when you visit. We request and record your consent when using any cookies that are not strictly necessary for the operation of the website.
It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies for your respective browser, please visit your browser’s respective help page:
Our Marketing
We may collect your preferences to receive marketing information directly from us by email, post and phone in the following ways:
-
If you make a sales inquiry, either by phone, via our website or via email or any other method, or place/enter into a contract with us, we may contact you with marketing information in the ways mentioned in the notices presented to you, except where you indicate you would prefer otherwise; and
-
If we meet you at an event and you give us your contact information or invite us to make contact with you, we may contact you by one of the methods you have given to us to share marketing information
From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us. We will ensure that you can easily withdraw your consent at any time.
We may contact you with marketing information by mail or by telephone or with targeted advertising delivered online through social media and platforms operated by other companies by using your personal information, or use your personal information to tailor marketing to improve its relevance to you, unless you object.
Your rights
Subject to local laws applicable to you, you have certain rights in relation to your personal information. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month from either (i) the date that we have confirmed your identity; or (ii) where we do not need to do this because we already have this information, from the date we received your request.
Accessing your personal information
You have the right to ask for a copy of the information that we hold about you. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information. In some circumstances we may charge you a reasonable fee to carry out your request – we will notify you of this before incurring any costs.
Correcting and updating your personal information
For any corrections to information stored within any of our Systems, please contact privacy@shawscott.com.
If you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know.
Withdrawing your consent
Wherever we rely on your consent as the legal basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy. Likewise, if you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can do so by contacting us via the same details. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
Objecting to our use of your personal information and automated decisions made about you
Where we rely on your legitimate business interests as the legal basis for processing your personal information for any purpose(s), you may object to us using your personal information for these purposes. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data. You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use our unsubscribe tool within our messages or contact us.
Additionally, you will not and have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless you have given us explicit consent, it's necessary for a contract between us, or it's legally allowed.
Erasing your personal information or restricting its processing
In certain circumstances, you may ask for your personal information to be removed from our internal systems. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these situations we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
Transferring your personal information in a structured data file ("data portability")
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
Children’s Data
We do not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to use our Services. If you are under 16, please do not send any information about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected personal information from a child under the relevant age without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under the relevant age, please contact us.
Complaining to the data protection regulator
You have the right to complain to your relevant supervisory authority (in the UK, this is the Information Commissioner's Office) if you are concerned about the way we have processed your personal information. Please visit the supervisory authority’s website for further information.
In event of data breach
In the event of a data breach that results in unauthorized access to personal information, we have implemented and maintain reasonable and appropriate security procedures and practices appropriate to the nature of the information. We will notify the relevant supervisory authorities within 72 hours of becoming aware of a breach in compliance with GDPR, and will make efforts to notify affected individuals as expediently as possible and without unreasonable delay. This will also apply to individuals affected by the breach where there is a high risk to their rights and freedoms in relation to their data.
Changes to this policy
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our Site. The new version will become effective on the date it is posted, which will be stated at the top of the page as the new Effective Date. Where necessary, we will also contact you directly to notify you of these changes. We recommend that you regularly check for changes and review this Privacy Policy whenever you visit our Site. If you do not agree with any aspect of the updated policy you must immediately notify us and cease using our services.
Contacting us
If you have any questions about this Privacy Policy or the way in which we use your personal information, or if you would like to exercise any of your rights set out above, please contact us using any of the following details:
Email: privacy@shawscott.com with the subject heading 'Data Protection'
Post: Andy Thornhill, Data Protection Officer, 3 More Riverside, London, SE1 2RE
Phone: +44 (0)797 758 9021
Associated Companies
Shaw/Scott Inc.
1513 33rd Avenue
Seattle WA, 98122
Shaw/Scott Canada Inc.
4125 Burkeridge Place
West Vancouver BC, Canada, V7V 3N1
Shaw/Scott Ltd.
3 More Riverside, London, SE1 2RE
Company Number: 1004194
Shaw/Scott Kft.
Budapest 1065 Révay köz 4.
Registration Number: 01-09-290972
Updated August 23, 2023