Please see paragraph 18 below for specific information on the processing of Personal Information that is governed by the EU General Data Protection Regulation (Regulation 2016/679, the “GDPR”) and the UK GDPR. This paragraph is particularly relevant for website users that are doing business or are seeking contact with Shawcor’s EU or UK entities.
2 What is Personal Information?
“Personal Information” is any information that is identifiable with you, as an individual. This information may include but is not limited to your name, mailing address, telephone number, facsimile number, e-mail address, age, gender, marital status, financial status, credit card information and credit history. Subject to paragraph 18, Personal Information, however, does not include your name, business title, business address, business telephone number, business facsimile number and business e-mail address in your capacity as an employee of an organization.
3 How do we collect your Personal Information?
We will always collect your Personal Information by fair and lawful means (for example, when you complete a feedback form on our websites in order to communicate with us). We may collect Personal Information from you directly and/or from third parties, where we have obtained your consent to do so or as otherwise required or permitted by law.
4 Where do we store your Personal Information?
We will keep the Personal Information that we collect at the Shawcor offices or at the offices of our third-party service providers, as applicable.
5 How do we use your Personal Information?
We identify the purposes for which we use your Personal Information at the time we collect such information from you and obtain your consent where necessary, in any case, prior to such use. We generally use your Personal Information for the following purposes (the “Purposes”):
- to respond to questions, comments or concerns regarding Shawcor;
- to update any product information that we have provided to you previously;
- to communicate with you about our products and services that may be of interest to you;
- to collect opinions and comments in regard to Shawcor’ operations;
- to recruit for positions in Shawcor;
- to investigate legal claims;
- to administer the Shawcor website(s);
- such purposes for which Shawcor may obtain consent from time to time; and
- such other uses as may be permitted or required by applicable law.
6 To whom do we provide your Personal Information?
We identify to whom, and for what purposes, we disclose your Personal Information, at the time we collect such information from you and where required obtain your consent to such disclosure.
For example, we may transfer your Personal Information to third party service providers with whom we have a contractual agreement that includes appropriate privacy standards, where such third parties are assisting us with the Purposes – such as service providers that provide computer support including data storage or processing.
Notwithstanding the foregoing, we may also make disclosures of Personal Information to a potential acquiror in connection with a transaction involving the sale of some or all of the business of Shawcor (in which case the use of your personal information by the new entity would continue to be limited by applicable law), or as otherwise permitted or required by law.
In addition, we may send Personal Information outside of the country for the purposes set out above, including for processing and storage by service providers in connection with such purposes. However, you should note that to the extent that any Personal Information is out of the country, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
7 When and how do we obtain your consent?
Where required we will obtain your consent prior to collecting your Personal Information. You may provide your consent to us either orally, electronically or in writing. The form of consent that we seek, including whether it is express or implied, will largely depend on the applicable rules, the sensitivity of the personal information and the reasonable expectations you might have in the circumstances.
8 How do we ensure the privacy of your Personal Information when dealing with our affiliates and other third parties?
9 How long will we utilize, disclose or retain your Personal Information?
We may keep a record of your Personal Information, correspondence or comments, in a file specific to you. We will utilize, disclose or retain your Personal Information for as long as necessary to fulfil the purposes for which that Personal Information was collected and as permitted or required by law.
10 How can you review your Personal Information that we have collected, utilized or disclosed?
If you make a written request to review any Personal Information about you that we have collected, utilized or disclosed, we will provide you with any such Personal Information to the extent required by law. We will make such Personal Information available to you in a form that is generally understandable and will explain any abbreviations or codes.
11 How do you know that the Personal Information we have on you is accurate?
We will ensure that your Personal Information is kept as accurate, complete and up-to-date as possible. We will not routinely update your Personal Information, unless such a process is necessary.
12 What if the Personal Information we have on you is inaccurate?
At any time, you can challenge the accuracy or completeness of your Personal Information in our records. If you successfully demonstrate that your Personal Information in our records is inaccurate or incomplete, we will amend the Personal Information as required. Where appropriate, we will transmit the amended information to third parties having access to your Personal Information.
13 How fast will we respond to your written requests?
We will attempt to respond to each of your written requests not later than thirty (30) days after receipt of such requests. We will advise you in writing if we cannot meet your requests within this time limit. You have the right to make a complaint to the federal Privacy Commissioner in respect of this time limit.
15 How do we know that it is really you requesting your Personal Information?
We may request that you provide sufficient identification to permit access to the existence, use or disclosure of your Personal Information. Any such identifying information shall be used only for this purpose.
16 What safeguards have we implemented to protect your Personal Information?
We have implemented physical, organizational, contractual and technological security measures to protect your Personal Information from loss or theft, unauthorized access, disclosure, copying, use or modification. The only employees, who are granted access to your Personal Information, are those with a business ‘need-to-know’ or whose duties reasonably require such information.
17 Is Shawcor responsible for the third-party links on its websites?
No. The Shawcor website and any of its divisions’ or related companies’ websites may contain links to websites operated by third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and terms and conditions. Further, we can have no responsibility for or control over the information collected by any third-party website and we cannot be responsible for the protection and privacy of any information which you may provide on such websites.
- Shawcor Ltd.
- Attn: Privacy Officer
- 25 Bethridge Road
- Toronto, Ontario
- M9W 1M7
By e-mail: email@example.com
19 Information on the processing of Personal Information under the (UK) GDPR – For website users that are doing business or are seeking contact with Shawcor entities in the European Economic Area (EEA) and the United Kingdom (UK)
For the purposes of this paragraph, Personal Information also includes any information relating to you in your capacity as an employee of an organization (i.e. business related information), such as your name, business e-mail address, business title and telephone number.
In case of a conflict between the information in this paragraph and the information in other paragraphs, the information in this paragraph is leading.
For the purposes of handling and responding to contact requests or sending (marketing) communications, your Personal Information will also be processed by the relevant local Shawcor entity in the EU or the UK. This particularly applies to all Personal Information included in any contact form you submit on the Shawcor website (https://www.shawcor.com/about/contact) or any of its divisions or related local Shawcor entity’s websites. This local Shawcor entity is the controller for the processing of your Personal Information subject to the GDPR.
If you have any questions or complaints in relation to the use of your Personal Information or if you would like to receive more information on the processing of your Personal Information by Shawcor, please contact us via Nicolas.firstname.lastname@example.org.
Legal basis for processing
The processing of your Personal Information in the context of handling and responding to contact requests submitted through our websites, and the sending of customer surveys is necessary for our legitimate interest to (i) respond to and handle contact requests and enquiries; and (ii) collect feedback on our services / products, analyzing customer satisfaction and improving services / products, respectively.
For sending direct marketing communications (including invitations to events), we rely on your consent.
Transfer of Personal Information to third countries (countries outside the EEA / UK)
Your personal data is stored in locations within and outside of the EEA and the UK.
In case of transfers of Personal Information from the EEA or the UK to countries outside the EEA or the UK, we ensure appropriate safeguards are in place to guarantee the continued protection of your Personal Information. For transfers from the EEA, we particularly do this by signing the Standard Contractual Clauses of the European Commission. For transfers from the UK, we execute the UK Addendum to the EU Standard Contractual Clauses or the UK International Data Transfer Agreement, whichever is more appropriate in the given situation. For more information on the EU Standard Contractual Clauses, please see here. For more information on UK Addendum and the UK International Data Transfer Agreement please see here.
We may share Your Personal Information collected or processed in the EEA with our affiliated entities in the United Kingdom. The European Commission has determined that the United Kingdom offers an adequate level of data protection (please see here). This means that if your Personal Information is transferred to the United Kingdom, your Personal Information is subject to a level of data protection similar as in the EEA and, as a consequence, Personal Information may be shared without additional safeguards being necessary.
Your Personal Information may also be shared back with Shawcor Ltd. The European Commission has determined that if the Personal Information Protection and Electronic Documents Act (PIPEDA) applies Canada offers an adequate level of data protection (please see here). This means that if your Personal Information is transferred to Canada, your Personal Information is subject to a level of data protection similar as in the EEA and, as a consequence, Personal Information may flow back to Shawcor Ltd. without additional safeguards being necessary.
Similarly, the United Kingdom has determined that the EEA member states and Canada (if PIPEDA applies) are adequate territories, meaning that Personal Information may be transferred from the United Kingdom to EEA member states and Canada without additional safeguards being necessary.
Your rights regarding to our processing of your Personal Information
In addition to the right to obtain access to your Personal Information (see paragraph 10) and the right to have your Personal Information corrected (see paragraph 12), you also have the right to have your Personal Information erased, the right to restriction of the processing, the right to data portability and the right to object to the processing. Most of these rights are not absolute and are subject to exemptions in the law.
Below we set out your rights in more detail and give information on how you can exercise these.
- Erasure: you are entitled to ask us to delete or remove Personal Information in certain circumstances. There are certain exceptions where we may refuse a request for erasure, for example, where the Personal Information is required for compliance with law or in connection with legal claims.
- Restriction: you are entitled to ask us to suspend the processing of certain of your Personal Information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Data portability: you may request the transfer of a copy of certain of your Personal Information to you or another party (if technically feasible). You have the right to ask that we provide your Personal Information in an easily readable format to another company.
- Objection: where we are processing your Personal Information based on our legitimate interest (or those of a third party), you may object to processing on this ground. However, we may be entitled to continue processing your Personal Information based on our legitimate interests. As regards the processing of your Personal Information for direct marketing purposes, you have the right to object at any time in which case we will immediately stop processing your Personal Information for these purposes.
If you have provided your consent to the processing of your Personal Information for a specific purpose (e.g. for receiving direct marketing communications), you have the right to withdraw your consent for that specific processing at any time. Revoking your consent does not affect the lawfulness of the processing based on your consent before it was revoked.
If you want to exercise any of these rights, please contact us via e-mail at email@example.com. You can also unsubscribe from our direct marketing communications by clicking the link in each communication.
If you have any complaint about the way we process your Personal Information, you may lodge a complaint with a supervisory authority in the UK or the EEA country of your residence, where you work or where an alleged infringement of the applicable data protection law took place.
For an overview of the local EU data protection authorities, please click here. Complaints for the Information Commissioner’s Office (UK) can be lodged via https://ico.org.uk/make-a-complaint/