SHI Privacy Statement
If you are a resident of the United Kingdom, please click here for our privacy statement; if you are a resident of the European Union, please click here.
Manage your subscription or unsubscribe from SHI emails here.
Effective Date: January 1, 2023
This document constitutes a binding agreement (the “Privacy Statement” ) between SHI International Corp. and its affiliates (“us”, “we”, or “SHI”) and all visitors, users, and others who reside in the United States (“consumers” or “you”) regarding the collection and processing of personal information that is given directly to us by consumers when consumers complete our registration, order or contact forms, or that is collected by means of the websites accessible via the domain names shi.com or stratascale.com (the “Website”). SHI respects the confidentiality, integrity, and security of your personal information. This Privacy Statement is intended to help you understand and manage how we collect and safeguard your personal information.
This Privacy Statement and our practices comply with the California Consumer Privacy Act of 2018, as amended (“CCPA”), and any terms defined in the CCPA have the same meaning when used in this Privacy Statement. The treatment of any non-personal information is discussed in our Terms and Conditions.
Collection of Information
Our registration, order or contact forms and our Website collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). In particular, within the last twelve (12) months, SHI has collected from one or more consumers the categories of personal information identified with the word “YES” in the following chart. Also set out below is the period of time for which SHI must retain each category of personal information and whether it sells or shares such information within the meaning of the CCPA.
For purposes of the CCPA, “sell” means “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration.”
For purposes of the CCPA, “share” means to provide information to a third party “for cross-context behavioral advertising for the benefit of a business in which no money is exchanged.”
|Category||Examples||Collected||Retention Period||Sold or Shared|
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.||YES||Duration of contract plus seven years||Sold (real name only)|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80I).||A name, signature, address, telephone number, employment, bank account number, credit card number, debit card number, or any other financial information.||YES||Duration of contract plus seven years||Sold (name only)|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||NO||-||NO|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES||Duration of contract plus seven years||NO|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO||-||NO|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES||3 years||NO|
|G. Geolocation data.||Physical location or movements.||NO||-||NO|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||NO||-||NO|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||NO||-||NO|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO||-||NO|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||NO||-||NO|
Personal information does not include publicly available information from government records or de-identified or aggregated consumer information. SHI obtains the categories of personal information listed above either directly from you, or indirectly from you.
We do not collect sensitive personal information or “share” (as that term is defined in the CCPA) personal information.
Information Automatically/Indirectly Collected
When you visit our Website, the following information about your visit is automatically collected by us, as it is sent by your browser when you access any webpage:
- your computer’s or mobile device's operating system;
- the application or software that you used to access our Website;
- the time you accessed our Website;
- your browser type, language configuration, clicks, and page views;
- the terminal with which you accessed our Website; and
- the websites you visited before accessing our Website.
The aim of this automatic collection and processing is to obtain visit statistics in order to improve our Website and your experience as a customer. In particular, we use IP addresses to analyze trends, administer the Website and gather broad demographic information for aggregate use.
- User identity, in the form of unique identifiers recognized only by our system;
- User authentication status, so we know if you are currently logged in or not;
- an identifier for which server is handling this session, to facilitate interactive reports;
- a token identifying the user's session, used in order to prevent certain types of security breaches; and
- transient information relating to the state of the current session.
We only use these cookies to facilitate the operation of the Website; they are not and will not be used for any other purpose, and no data related to them will be made available to any third party now or in the future. These cookies do not allow tracking of you in any way, and are only necessary for the operation of our Website.
You may, at any time, modify, delete or block the cookies stored on your device by SHI. This may affect your usage of or access to the Website. Please refer to your browser's documentation to learn how to proceed. By visiting the Website without disabling this function, you accept the use of these cookies.
Use of Personal Information for Business Purposes
We may use, sell, or disclose the personal information we collect for one or more of the following business purposes (the “Business Purpose”):
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
- To provide, support, personalize, and develop our Website, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries.
- To personalize your Website experience and to deliver content and product and service offerings relevant to your interests.
- To help maintain the safety, security, and integrity of our Website, products and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
SHI will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you with notice.
Disclosure of Personal Information
SHI may disclose your personal information to a service provider, contractor or third party for a Business Purpose. SHI may “sell” (within the definition of the CCPA) your personal information by disclosing individual names and/or business contact information to industry partners that are identified sponsors of activities in which you participate who request a list of individuals who participate in sponsored activities, subject to your right to opt-out of those sales. When we disclose or sell personal information, we enter into a contract with that service provider, contractor, or third party that describes the limited and specified purpose of the disclosure or sale, requires the recipient to comply with applicable obligations under the CCPA and provide the same level of privacy protection as mandated by the CCPA, and grants SHI the rights necessary to take reasonable and appropriate steps to help ensure the personal information is used in a manner consistent with the recipient’s obligations. The CCPA prohibits third parties to whom SHI may be deemed to have sold the personal information we hold from reselling it, unless you have received explicit notice and an opportunity to opt-out of further sales.
In these circumstances, we may disclose your personal information to the following categories of third parties:
- Service providers.
- Industry partners, such as identified sponsors of activities in which you participate who request a list of individuals who participate in sponsored activities.
- Activity sponsors
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, SHI has disclosed the following categories of personal information for a Business Purpose:
- Category A: Identifiers.
- Category B: California Customer Records personal information categories.
- Category D: Commercial information.
- Category F: Internet or other similar network activity.
We have disclosed each of the above categories of personal information for a Business Purpose to the following categories of third parties:
- Service providers.
We have disclosed personal information from categories A and B above for a Business Purpose to the following categories of third parties:
- Industry partners, such as identified sponsors of activities in which you participate who request a list of individuals who participate in sponsored activities.
Sales of Personal Information
In the preceding twelve (12) months, SHI has “sold” (within the meaning of the CCPA) the following categories of personal information:
- Category A: Identifiers (real name).
- Category B: California Customer Records personal information categories (real name).
We have “sold” each of the above categories of personal information to industry partners, in certain circumstances as described above.
Rights Regarding Personal Information
You have certain specific rights regarding your personal information, as outlined below.
Personal Information Sales – Opt-In and Opt-Out Rights
If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time. We do not knowingly sell the personal information of consumers less than 16 years of age, unless we receive affirmative authorization from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time. To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by visiting the following link:
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by contacting us at firstname.lastname@example.org.
You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.
Access and Portability Rights
You have the right to request that SHI disclose certain information to you about our collection and use of your personal information over the past 12 months. You may also have the right to request that SHI disclose certain information to you about our collection and use of your personal information dating back to January 1, 2022. Once we receive and verify your request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties to whom we disclose that personal information.
- The specific pieces of personal information we collected about you.
- If we sold or disclosed your personal information for a Business Purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a Business Purpose, identifying the personal information categories that each category of recipient obtained.
Our obligation to provide such information as may be requested shall apply to information collected during the 12 months preceding a verifiable request, and may also apply to information collected on or after January 1, 2022, to the extent any such information is retained by us at the time of your verified request. In some cases, we may not be able to provide information related to a period longer than twelve (12) months preceding the request where doing so would be impossible or require disproportionate effort.
Deletion or Correction Request Rights
You have the right to request that SHI delete any of your personal information that we collected, used, or processed from you and retained, subject to certain exceptions. You also have the right to correct inaccurate personal information maintained by us. Once we receive and confirm your request, we will use commercially reasonable efforts to correct inaccurate information, or, if requested, delete your personal information from our records, unless an exception applies. We will direct our service providers, contractors, and any third parties to whom we may have disclosed information about you to do the same, unless doing so would be impossible or require disproportionate effort.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s), contractor(s), or third parties to:
- Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the ability to complete such research, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us and compatible with the context in which the consumer provided the information.
- Comply with a legal obligation.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- Calling us at 833-619-1663 ; or
- Emailing email@example.com.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request. We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover information collected during the 12-month period preceding our receipt of the verifiable consumer request, and may also cover information collected on or after January 1, 2022, to the extent any such information is requested and retained by us at the time of your verified request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We have implemented appropriate security measures in order to protect your personal information, both online and off-line. All access to the Website is, by default, encrypted and protected using TLS 1.2.
All personal information is stored in database servers that cannot route traffic outside our internal network, and that have no access to the public Internet. Physical access to our servers is restricted; the servers are located in a datacenter that is only accessible to designated IT staff and is properly locked and off-limits to visitors.
All user passwords are stored using a one-way hash function. It is impossible for us to see what these passwords are; we can only verify that the hash value of what the user has entered matches the stored value.
We will not discriminate against you for exercising any of your rights under this Privacy Statement.
If we modify our Privacy Statement, we will post those changes on our Website, accessible from the home page and elsewhere, so our Users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. You can see when this Privacy Statement was last updated by checking the “Effective Date” displayed at the top of this Privacy Statement. A banner informing our Users of the change in this Privacy Statement will be displayed for two weeks after the change.
If at any point we decide to use personal data for purposes incompatible with those stated at the time it was collected, we will make reasonable efforts to notify Users of the change by sending a message to your email address or by displaying a banner requesting Users' consent to this change for two weeks before the change takes place. Users will have the option to refuse the change and request the deletion of their User profile and of their personal data. User continued use of the Website, and the Services, after the revised Privacy Statement has become effective indicated that you have read, understood, and agreed to the latest version applicable of the Privacy Statement, as indicated above.
If you have any questions or comments about this Privacy Statement, the ways in which we collect and use your personal information, or your choices and rights regarding such use, please do not hesitate to contact us at firstname.lastname@example.org.