1.    Shane Co. Master Privacy Notice and Cookie Policy

 

Last Updated: February 12, 2024

 

Company Information

 

WESTERN STONE & METAL CORP. dba Shane Co.

Attn: Privacy

P.O. Box 3552 Englewood, CO 80155-9922

Email: dataprotection@shaneco.com

 

This Privacy and Cookie Notice (“Notice”) applies to all of our sites. This Notice does not apply to our in-store public WiFi.

 

WESTERN STONE & METAL CORP. dba Shane Co., its subsidiaries and affiliates, including those listed under Company Information above (collectively, “Shane Co.,” “we,” “us” or “our”) acts as a controller in relation to the processing of personal data we collect about those who interact with our systems, stores, websites, mobile apps, mailing lists, content viewers and downloaders, which are related to interest-based online advertising, technology platforms owned and operated by us, and via third-party partners or service providers, including all software, technology platforms, systems, services, and/or service offerings by us (collectively, “Sites”). We know that you care how information is used and shared, and appreciate your trust that we do so carefully and sensibly. This Notice describes how we treat personal information and data; e.g., what kinds of personal data we collect, for which purposes the personal data is used, to which parties the personal data can be disclosed, how long personal data can be stored, and your rights with respect to the same. It also applies to and covers our information collection and tracking practices, and those related to sharing, marketing, third-parties, terms of use, content uploading, arbitration, and intellectual property. Shane Co. is committed to being transparent about how we collect and use personal data, and likewise how we meet our data protection obligations. When reading this Notice, please note that any capitalized terms not defined in this Notice are defined in our Terms and Conditions (https://www.shaneco.com/about/terms-and-conditions) or elsewhere on our Sites.

 

This Notice applies to our customers and those who engage with our Sites (“Customer”). With respect to such Customers, “personal data” refers to any information relating to a natural person who interacts with the Sites (generally speaking, a “data subject” under the General Data Protection Regulation (2016/679) (“GDPR”), that can identify him/her directly or indirectly (i.e. identified or identifiable by the data). Throughout this Notice, you may see references to “personal data,” “data subject,” “controller” and other key terms defined in the GDPR. Unless otherwise indicated, such terms have the meaning ascribed to them by the GDPR.

 

PLEASE NOTE THAT THIS NOTICE CONTAINS THE FOLLOWING IMPORTANT INFORMATION REGARDING YOUR RIGHTS AND CHOICES:

 

 

  • BINDING INDIVIDUAL ARBITRATION FOR CUSTOMERS IN CERTAIN LOCATIONS THAT AFFECTS YOUR RIGHTS TO SUE UNDER THIS NOTICE
  •  

  • OPT-IN AND OPT-OUT NOTICE FOR RECEIVING COMMUNICATION FROM US VIA EMAIL, TEXT, OR PHONE CALLS
  •  

  • OPT-IN AND OPT-OUT POLICIES WITH RESPECT TO COLLECTION OF SENSITIVE DATA, AS WELL AS EXPRESS CONSENT INFORMATION REGARDING THE SAME
  •  

  • INFORMATION FOR RESIDENTS OF CALIFORNIA, COLORADO, CONNECTICUT, DELAWARE, INDIANA, IOWA, MONTANA, OREGON, TENNESSEE, TEXAS, UTAH, VIRGINIA AND THE EUROPEAN UNION
  •  

  • STANDARD CONSUMER RIGHTS AND REQUIREMENTS: INCLUDING BUT NOT LIMITED TO THE RIGHT TO ACCESS, DELETE, OPT-OUT, CORRECTION, COPIES, AND OTHER ITEMS
  •  


 

BY ACCESSING OUR SITES, USING OUR SERVICES, CLICKING ACCEPT, OR CHECKING AN ACCEPTANCE BOX, YOU ACKNOWLEDGE THAT YOU HAVE READ, HAVE UNDERSTOOD, AND AGREE TO BE BOUND BY THIS NOTICE AS IF YOU HAD SIGNED IT.

 

Data Protection Officer

Shane Co.

Attn: Data Protection Officer

P.O. Box 3552 Englewood, CO 80155-9922

Email: dataprotection@shaneco.com

 

EU/UK Representative

Shane Co., which processes the personal data of individuals in the European Union, European Economic Area and UK, in either the role of ‘data controller’ or ‘data processer,’ has appointed DataRep as its Data Protection Representative for the purposes of GDPR* in the EU/EEA and The Data Protection Act 2018 / UK GDPR (as amended) in the UK.

 

If Shane Co. has processed or is processing your personal data, you. May be entitled to exercise your rights under GDPR in respect of that personal data. For more details on the rights you have in respect of your personal data, please refer to the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en) or the national Data Protection Authority in your country.

 

Shane Co. takes the protection of personal data seriously, and has appointed DataRep as their Data Protection Representative in the European Union so that you can contact them directly in your home country. DataRep has locations in each of the 27 EU countries, the UK, and Norway & Iceland in the European Economic Area (EEA), so that Shane Co.’s customers can always raise the questions they want with them.

 

If you want to raise a question to Shane Co., or otherwise exercise your rights in respect of your personal data, you may do so by:

 

  • Sending an email to DataRep at datarequest@datarep.com quoting in the subject line,
  •  

  • Contacting us on our online webform at www.datarep.com/data-request, or
  •  

  • Mailing your inquiry to DataRep at the most convenient of the addresses in the following list.

 

PLEASE NOTE: when mailing inquiries, it is ESSENTIAL that you mark your letters for ‘DataRep’ and not ‘Shane Co.’, or your inquiry may not reach us. Please refer clearly to Shane Co. in your correspondence. On receiving your correspondence, Shane Co. is likely to request evidence of your identity, to ensure your personal data and information connected with it is not provided to anyone other than you.

 

Country

Address

Austria

DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Belgium

DataRep, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium

Bulgaria

DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria

Croatia

DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia

Cyprus

DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus

Czech Republic

DataRep, Platan Office, 28. Října 205/45, Floor 3&4, Ostrava, 70200, Czech Republic

Denmark

DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark

Estonia

DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia

Finland

DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland

France

DataRep, 72 rue de Lessard, Rouen, 76100, France

Germany

DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany

Greece

DataRep, 24 Lagoumitzi str, Athens, 17671, Greece

Hungary

DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary

Iceland

DataRep, Kalkofnsvegur 2, 3rd Floor, 101 Reykjavík, Iceland

Ireland

DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland

Italy

DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy

Latvia

DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia

Liechtenstein

DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Lithuania

DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania

Luxembourg

DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg

Malta

DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta

Netherlands

DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands

Norway

DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway

Poland

DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland

Portugal

DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal

Romania

DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania

Slovakia

DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia

Slovenia

DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia

Spain

DataRep, Calle de Manzanares 4, Madrid, 28005, Spain

Sweden

DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden

United Kingdom

DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom

 

If you have any concerns over how DataRep will handle the personal data we will require to undertake our services, please refer to our privacy notice at www.datarep.com/privacy-policy.

 

*The General Data Protection Regulation, EU 2016/679

 

We collect information from and about you. Below is additional information regarding what data is collected, stored and processed.


Data Collection. The information we learn from customers and those who interact with our Sites helps us personalize and continually improve your Shane Co. experience. Here are the types of information we gather:

 

Information You Submit to Shane Co. We receive and store any information you enter on our Sites or give us in any other way. Types of information that you may submit, and we do (or may) collect include:

 

  • Contact Information. We use the information that you provide for such purposes as responding to your requests, customizing future shopping for you, improving our stores, and communicating with you. For example, we collect your name and email address if you register on our Sites. We might collect your phone number or zip code. We might also collect your mailing address, as well as other information regarding how best to get in touch or interact with you on your desired terms.
  •  

  • Payment Information. For example, we may collect your credit card number if you make a layaway order from Shaneco.com. We may also collect your credit card number or bank information for other purchases or subscriptions. This information is deleted after a purchase is made, or as soon as may be practicable under the circumstances should aspects of your order remain open or unfulfilled.
  •  

  • Information You Submit or Post. We collect the information you post in a public space on our Sites. We also collect information when you contact us, including information derived from your interactive engagement with our Sites.
  •  

  • Demographic Information. We may collect information like your gender and age. We might collect this when you contact us or enter a promotion, sweepstakes or contest, or when you make a purchase from Shaneco.com.
  •  

  • Content Related Information. When uploading pictures, data, or other information, a name, email address and other identifying information may be required. Generally, the information collected helps us to communicate with you regarding content that you have submitted. For instance, we may use your email address to notify you of the status of the content you have submitted.
  •  

  • Social Media and Third-Party Information. We may allow Customers to share our products and services on Facebook, Instagram, Pinterest, or other social media sites. If you decide to share one of our products or services, we will get basic information from your social media profile like name, gender, profile photo, and friends or contacts. This information is collected by the social media company and is provided to us under the terms of its own privacy policies. You may be able to control the information that we receive from Facebook using the privacy settings in one’s Facebook account.

 

Automatically Collected Information. We receive and store certain types of information whenever you interact with us. For example, like many websites, we use "cookies," and we obtain certain types of information when your Web browser accesses shaneco.com or advertisements. We may collect information about the browser you're using. We might look at what site you came from, or what site you visit when you leave us. We may also look at clickstream data. We may combine this information with other information we collect from you. This includes anything we collect from third parties. If you use our mobile website, we may collect your GPS location and your unique device identifier.

 

Device Identifiable Information. We may collect information that does not identify you personally, but is linked to your computer or device ("Device Identifiable Information”). We collect Device Identifiable Information from you in the normal course of operating our Sites. When you visit our Sites to browse, read or download information, we automatically collect information about your computer that your browser sends, such as your IP address, browser type and language, access times, pages visited, and referring website addresses. We may use Device Identifiable Information we collect to analyze trends, help administer the Sites, track the movement of visitors, to learn about and determine how much time visitors spend on each page of our Sites, how visitors navigate throughout the Sites or the Service and to gather broad demographic information for aggregate use.

 

We may also collect Device Identifiable Information through "cookies” or "web beacons” as explained below.

 

We may also collect information about your mobile device such as the type and model, operating system (e.g. iOS or Android), carrier name, mobile browser (e.g. Chrome, Safari), applications using our Sites, and identifiers assigned to your device, such as its iOS Identifier for Advertising (IDFA), Android Advertising ID (AAID), or unique device identifier (a number uniquely given to your device by your device manufacturer), sometimes referred to as a mobile carrier ID.

 

We may also collect your location information, such as your zip code or the approximate geographic area provided by your Internet service provider (ISP) or location positioning information provided by the location services and GPS features of your mobile device when location services have been enabled.

 

We get information about you from third parties. For example, contracts, representatives, affiliates, and social media platforms or plugins may also give us information about you. Affiliates or other business partners may also give us information. This might include information they gathered passively. We may also engage a data provider who may collect web log data from you (including IP address and information about your browser or operating system), or place or recognize a unique cookie on your browser to enable you to receive customized ads or content. These cookies contain no personally identifiable information. The cookies may reflect de-identified demographic or other data linked to data you voluntarily have submitted to us, e.g., your email address, that we may share with a data provider solely in hashed, non-human readable form. To opt-out of these data provider cookies, please go to http://www.aboutads.info/choices.

 

Advertising or Targeting Related. We may use first-party or third-party cookies and web beacons to deliver content, including ads relevant to your interests, on our Sites or on third-party sites. This includes using technologies to understand the usefulness to you of the advertisements and content that has been delivered to you, such as whether you have clicked on an advertisement. If you would like to opt-out of the Technologies we employ on our Sites, services, applications, or tools, you may do so by blocking, deleting, or disabling them as your browser or device permits.

 

Additional Examples of Types of Data Collected. For the purpose of transparency, we wish to further offer the below examples of types of data collected:

Additional Categories of Personal Data

Additional Examples of Personal Data

Identity details

  • First name and last name

Contact details

  • Email address
  • Phone number

Billing details

  • Billing Address

Information necessary to use services

  • Additional information that enables you to use our services

Information related to products and offerings

  • Name, email address, billing address, phone number, emergency contact, date of birth, gender, jewelry size and other preferences

Payment information

  • Payment card information

Phone device related information when using our platforms

  • May require special permission such as access to the camera, microphone, location, read and write access, external storage, network access, etc.

Survey information and user generated information

  • Information and data provided by a Customer from responses to voluntary surveys for research purposes
  • User generated data that a Customer posts on third party social media sites

Commercial information

  • Commercial information such as records of personal property, products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies;

Location information

  • Location data via device
  • Location data through in-store beacon technology

Device information

  • IP address, web browser type, mobile operating system version, phone carrier and manufacturer, application installations, device identifiers, mobile advertising identifiers, and push notification tokens.

Interactions information

  • Information about interactions with the platforms, such as the pages or other content viewed, items purchased, other purchase history, actions within the platforms, and the dates and times of the visits.

Analytics information

  • See our Cookie Policy

Online identifiers

  • See our Cookie Policy

Other information provided by Customers

  • Selections, preferences and free-form messages (e.g., related to contact requests, content subscription, etc.)
  • Information or content provided by our customer in our platforms
  • In case the Customer contacts customer support or places an order for merchandise, we may receive Customer’s name, email address, phone number, the contents of a message or attachments that Customers may send to us, and other information a Customer chooses to provide.

Social media information

  • We may allow Customers to share our products and services on Facebook, Instagram, Pinterest, or other social media sites. If a Customer decides to share one our products or services, we will get basic information from Customer’s social media profile like name, gender, profile photo, and Facebook friends. This information is collected by Facebook and is provided to us under the terms of Facebook’s privacy policies which can be found here: https://www.facebook.com/policy.php. Customer can control the information that we receive from Facebook using the privacy settings in Customer’s Facebook account. Customer may also tag us in social media posts, and if Customer tags us we may receive basic information from the profile listed above.

Third party information

  • We may receive additional information about Customer, such as demographic data, or fraud detection information, from third parties and combine it with other information that we have about Customer.

2. We collect personal data in different ways.

 

We collect information directly from you. We receive and store any information you enter on our Sites or give to us in any other way, such as described above. Most of our data is collected directly from Customers themselves. For example, we collect information you choose to provide us when you sign up for our emails or texts alerts, when you use our website, including Shane Co. MyWay, and when you make purchases from us either online or in person. We also collect information if you contact us, such as contact request forms and mailing list subscription forms. We collect information about you through our Sites and retail points of contact. In addition, personal data can be collected through direct contact and collaboration activities, such as face-to-face online meetings, visits in stores, phone calls and direct email, chat or text communications.

 

We collect information from you passively. On our platforms, which include our Sites, we collect information passively and/or automatically (such as when a site is visited), or via cookies or other tracking technologies. We might also collect information passively in our emails or through our apps. We may also collect information passively in connection with third parties. For example, to get purchase information from Affiliates, we may gather information passively on their platforms. Tools we use include browser cookies and web beacons.

 

In addition, with your permission, data may be collected in other ways within the marketing context. Personal data may also be updated or supplemented by collecting data from other private and public sources.

3.  Information regarding the retention, disclosure and transfer of personal data.

 

Retention of Personal Data.

 

Personal data shall be retained as long as needed for the purposes defined in this Notice and as required by the law, unless such data is replaced through regular updates or otherwise. Note that the periods vary greatly from one type of processing to another.

 

We retain personal data only for a period that is necessary to achieve the purposes for which personal data is processed, unless there is a legal obligation to retain personal data for a longer period of time (for example, responsibilities and obligations under specific legislation, accounting or reporting obligations). We may retain information for a longer period of time if it is required, for example, to exercise a legal claim, to defend a legal claim, or to settle a similar dispute. In general, we observe the following criteria for retaining and deleting personal data:

 

  • In relation to the personal data of our customers, and except as otherwise provided, personal data is stored for the duration needed to service the Customer. Because we consider Customer relationships to be for life, and offer lifetime warranty on many of our products, we require a record or Customer profile info complete with various information. As such, we may store some of the personal data for a longer period of time or indefinitely if necessary in order to fulfil our legitimate interest, such as servicing lifetime warranties, and also in managing and defending legal claims or to comply with our legal obligations.
  • In relation to the security of our services and preventing abuses, personal data is processed for the duration of the investigation of abuses or other harmful user experiences. In addition to this, however, we may store the necessary personal data for a longer period where it is necessary in relation to managing and defending a legal claim or to comply with legal obligations.
  • Notwithstanding anything to the contrary, personal data may also be stored for as long as a certain legal obligation requires.

 

We evaluate the necessity and accuracy of personal data on a regular basis and endeavor to ensure that the incorrect and unnecessary personal data are corrected or deleted. Detailed retention times can be provided upon requests.


Disclosures, Transfers and Recipients of Personal Data.


For the purposes stated in this Notice, the personal data may be disclosed, when necessary, to authorities, among and to other companies within the same group of companies as us (subsidiaries and affiliates), and to selected third parties, such as third-party service providers. In such case, the personal data will only be disclosed for purposes defined above and any disclosure is always limited to only the strictly necessary personal data included in such purposes. We do not sell or otherwise disclose personal data to third parties outside Shane Co. for such third parties’ own purposes without Customer’s consent.

In addition, we may share the personal data in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business and in connection with other similar arrangements.

The personal data is also disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the products and services as well as to guarantee the safety and usability of the products and services. In the event of emergencies or other unexpected circumstances, we may be required to disclose the personal data of registered persons to protect human life, health and property. If a government authority requests information and we evaluate that such disclosure is required and appropriate to comply with laws, regulations, or a legal process and to protect the rights, property, or safety of the Shane Co., Customers or the public, we may disclose required information.


List of the processors and other recipients:


  • Microsoft Corporation
  • Google LLC
  • Meta Platforms, Inc.
  • Business partners in relation to promotions
  • Service providers (for example hosting or maintaining our services, storing information, processing payments, processing subscriptions, or providing marketing assistance and data analysis)
  • Advertising partners, including Emarsys, Attentive, and Spotify 
  • Insurance partners, including Zillion
  • Technology partners, including: Treasure Data, TeamSupport, Avochato, and OneTrust
  • For other processors in relation to cookies, please see our Cookie Policy

4. Cookie Policy for United States residents and those subject to the GDPR.

 

This Cookie Policy specifically explains how we use cookies. We describe what information we gather, how we use it and why we sometimes need to store cookies. It also informs you how you can prevent and block these cookies from being stored. Note that this section is narrower in scope than the entirety of our Notice of which it is a part.

 

What are “cookies”, “pixels”, “widgets” and “analytics”?

 

Cookies are unique identifiers that we transfer to your device (persistent cookie) or stored in memory (session cookie) to enable our systems to recognize your device and to provide features, such as Shane Co. MyWay, personalized advertisements on other websites, and storage of items in your Shopping Cart between visits. They are generated by a web page server, which is essentially a computer that operates a website. Information the cookie contains is set by the server and it can be used by that server whenever a user visits the Sites.

 

Cookies can be stored for varying lengths of time on your browser or device. Session cookies are deleted from your computer or device when you close your web-browser. Persistent cookies will remain stored on your computer or device until deleted or until they reach their expiry date which varies typically from a few days up to a couple of years.

 

Cookies may be set by the site that you are visiting (known as “first party cookies”), or by third parties, such as those who serve content or provide advertising or analytics services on our website (“third party cookies”).

 

Our sites, emails, and other items may also contain other tracking technologies such as “web beacons” or “pixels.” These are typically transparent graphic images placed on a web page or in an email, which indicate that a page or email has been viewed.

 

The cookies we are using are gathered through various service providers. Our Sites may also include cookies, or similar technologies from third party service providers. These third-party cookie providers will also be able to gather and use data collected by their cookies. We have no direct control over the information that is collected by these third-party cookies. For further information about cookie usage by our third-party providers, please check the provider’s applicable cookie and privacy policies.

 

The “Help” feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-on's settings or visiting the website of its manufacturer. Because cookies allow you to take advantage of some of ShaneCo.com’s essential features, you may want to leave them turned on. For instance, if you block or otherwise reject our cookies, you will not be able to add items to your Shopping Cart, proceed to Checkout, or use any ShaneCo.com products and services that require you to Sign in.

 

“Pixels”/“Web Beacons” (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Services, to monitor how many visitors view our Services, and to monitor the effectiveness of our advertising. Unlike Cookies, which are stored on the user’s hard drive, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).

 

“Social Media Widgets” such as the Facebook “Like” button and those for LinkedIn, Pinterest, Instagram, YouTube, Twitter, and other similar outlets (that might include widgets such as the share this button or other interactive miniprograms) may be on our Sites. These features may collect your IP address, which page you are visiting on our Sites, and may set a cookie to enable the feature to function properly. These social media features are either hosted by a third party or hosted directly on our Sites. Your interactions with these features are governed by the privacy Notice of the company providing it.

 

We may also use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on some of our Services, and to develop website content. This analytics data is not tied to any Personal Information. For more information about Google Analytics, please visit https://policies.google.com/technologies/partner-sites. You can opt out of Google’s collection and Processing of data generated by your use of the Services by going to tools.google.com/dlpage/gaoptout.

 

What purposes do we use cookies and similar technologies for? What information is collected?

 

Generally, we use cookies and other tracking technologies to make visiting our website easier and to improve general user experience. In addition, we use cookies and collect information that helps us to enhance your experience and our services, as well as assist with advertising. The cookies that we use allow our website to work, to analyze our website traffic, and to help us to understand how our website is used so we can optimize it. To serve these purposes, we use cookies and web beacons to collect:

 

  • The user's IP address;
  •  

  • Time expended;
  •  

  • Pages visited;
  •  

  • Browser type;
  •  

  • The web address from which the user landed to the website;
  •  

  • The server from which the user landed to the website;
  •  

  • The domain name from which the user landed to the website;
  •  

  • Social media sharing information; and
  •  

  • Openings and clicks of emails.

 

What types of cookies do we use? What categories do the different uses and cookies fall into?

 

This section details what kind of first- and third-party cookies you may encounter on our Sites. More specifically, our uses of such technologies fall into the following general categories:

 

Operationally Necessary. We may use cookies, web beacons, or other similar technologies that are necessary to the operation of our Sites, services, applications, and tools. For instance, to provide you with better experience on this website we provide the functionality to set your preferences for how this website runs when you use it. To remember your preferences, we need to set cookies so that this information can be called whenever you interact with a page that is affected by your preferences. This also includes technologies that allow you access to our Sites, services, applications, and tools that are required to identify irregular site behavior, prevent fraudulent activity and improve security, or that allow you to make use of our functions such as shopping-carts, saved search, or similar functions.

Name


Purposes

Retention time

Provider

cookies.js

Determines whether the visitor has accepted the cookie consent box. This ensures that the cookie consent box will not be presented again upon re-entry. 

0 days

Shane Co.

_dc_gtm_UA-xxxxxxxx

This cookie enables tags through Google Tag Manager for first- or third-party scripts on the site and can impact specific functionality within the site.

A few seconds

Google

JSESSIONID

General purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.

Session

Shane Co.

OptanonAlertBoxClosed

This cookie is set after visitors have seen a cookie information notice and, in some cases, only when they actively close the notice down. It enables the website not to show the message more than once to a user. The cookie has a one-year lifespan and contains no personal information.

365 days

OneTrust

OptanonConsent

This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the user’s browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor.

365 days

OneTrust

Tangiblee:widget:user

Used to provide scaling and virtual try on capabilities for product detail pages

1 year

Tangiblee

Performance and Analytics Related. Performance cookies collect information on how you interact with our Sites and how our website performs. Generally, these cookies may track things such as how long you spend on the site or pages you visit which helps us to understand how we can improve the Site for you. More specifically, we may use such cookies, web beacons, or other similar technologies to assess the performance of our websites, applications, services, and tools, including as part of our analytic practices to help us understand how our visitors use our websites, determine if you have interacted with our messaging, determine whether you have viewed an item or link, or to improve our website content, applications, services, or tools.

 

As mentioned elsewhere, we use Google Analytics, which is one of the most common analytics tools, to help us understand how you use our Site and ways that we can improve your experience. For more information on Google Analytics cookies, please see the Google Analytics cookie usage documentation.

Name

Purposes

Retention time

Provider

AKA_A2

This cookie is generally provided by Akamai and is used for the Advanced Acceleration feature, which enables DNS Prefetch and HTTP2 Push

A few seconds

Akamai

_ga 

This cookie is a part of the services provided by Google Analytics. Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 

1 year

Google LLC

_ga_tng_gid

This cookie is a part of the services provided by Google Analytics. Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 

2 months

Google

_ga_xxxxxxx

This cookie name is associated with Google Universal Analytics. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for a sites analytics reports

2 years

Google LLC

_gclxxxx

Google conversion tracking cookie

2 months

Google LLC

_gid 

This cookie is a part of the services provided by Google Analytics. Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

A few seconds

Google LLC

RT

The roundtrip (RT) Boomerang cookie is used by Akamai to measure page load time and/or other timers associated with the page.

4 days

Akamai

_td

Tracks user behavior on the website for internal analytics.

729 days

Treasure Data

Functionality Related. We may use cookies, web beacons, or other similar technologies that allow us to offer you enhanced functionality when accessing or using our Sites, services, applications, or tools. This may include identifying you when you sign into our Sites or keeping track of your specified preferences, interests, or past items viewed so that we may enhance the presentation of content on our Sites.

Name

Purposes

Retention time

Provider

Klevu_rcp_

Klevu Recently Clicked Product - tracks what products users click on

179 days

Klevu

ku1-sid

session ID for Klarna payment

179 days

Klarna

ku1-vid

Visitor ID for Klarna

179 days

Klarna

Lashbrook-User-Prefs

This cookie is used to keep preferences intact for visitors using our custom band builder

Session

Shaneco.com

_pin_unauth

A cookie which groups actions for users who cannot be identified by Pinterest

1 year

Pinterest

recent_loose-diamonds

This cookie is a part of the services provided by Google Analytics. Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

A few seconds

Google LLC

RT

The roundtrip (RT) Boomerang cookie is used by Akamai to measure page load time and/or other timers associated with the page.

4 days

Akamai

_td

Tracks user behavior on the website for internal analytics.

729 days

Treasure Data

Advertising or Targeting Related. We may use first-party or third-party cookies and web beacons to deliver content, including ads relevant to your interests, on our Sites or on third party Sites. This includes using technologies to understand the usefulness to you of the advertisements and content that has been delivered to you, such as whether you have clicked on an advertisement, and the effectiveness of our ad campaigns on third party websites. If you would like to opt-out of the technologies we employ on our Sites, services, applications, or tools, you may do so by blocking, deleting, or disabling them as your browser or device permits.

 

We may also obtain information from our email newsletters or other communications we send to you, including whether you opened or forwarded a newsletter or clicked on any of its content. This information tells us about our newsletters’ effectiveness and helps us ensure that we’re delivering information that you find interesting.

 

Notwithstanding any other provision, we may also engage a data provider who may collect web log data from you (including IP address and information about your browser or operating system), or place or recognize a unique cookie on your browser to enable you to receive customized ads or content. These cookies contain no personally identifiable information. The cookies may reflect de-identified demographic or other data linked to data you voluntarily have submitted to us, e.g., your email address, that we may share with a data provider solely in hashed, non-human readable form. To opt-out of these data provider cookies, please go to http://www.aboutads.info/choices.


Name

Purposes

Retention time

Provider

_attentive_id

Captures behavioral data for targeting

21,899 days

Attentive

_attn_

Used for reporting and optimization of marketing text messages.

3,649 days

Attentive

_attentive_cco

Captures behavioral data for targeting

0 days

Attentive

criteo

 This is a Criteo cookie used to identify the visitor access visits and devices. This allows the website to present the visitor with relevant advertisements. The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers.

11 days

exchange.mediavine.com

cto_tld_test

 This is a Criteo cookie used to identify the visitor across the visits and devices. This allows the website to present the visitor with relevant advertisements. The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers.

A few seconds

Criteo

_fbp

Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers

2 months

Meta

MUID

Tracks visitors across various Microsoft domains. These cookies are used for advertising, site analytics, and other operational purposes.

1 year

Microsoft

pixlee_analytics_cookie_legacy

This cookie may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. They may not not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you may experience less targeted advertising.

1 month

Pixlee

tuuid_lu

Contains a unique visitor ID, which allows Bidswitch.com to track the visitor across multiple websites. This allows Bidswitch to optimize advertisement relevance and ensure that the visitor does not see the same ads multiple times.

3 months

Criteo

tuuid

Collects visitor data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.

3 months

Criteo

SnapABugUserAlias

This cookie stores the visitor alias (name) on use of the setUserName() Javascript API. This cookie is used to support subsequent chats so that once it is known, the chat agent doesn’t need to collect the information again. This alias also will be displayed on the chatbox (as the visitor’s name), prechat form (as the value of the ‘name’ field, if it exists), and offline form (as the value of the ‘name’ field, if it exists).

1 month

Shaneco.com

shaneco-cart

Klarna This cookie is used to keep items in the shopping bag that users have added

1 month

Shaneco.com

How can I allow, control and disable cookies?


You can give a consent to cookies or decline cookies on your terminal equipment, for example, by using the appropriate settings of a browser or device or by using the cookie banner.


In addition, you can control cookies by adjusting the settings. You can, for example, disable use of cookies, allow use of all cookies or only use of first party cookies. Please note that disabling use of cookies may downgrade or break certain elements of our Sites’ functionality and certain functions may not work in the usual way.


Responsibilities and revisions to this Cookie Policy.


If, at any time, you have questions or concerns about this Cookie Policy, please do not hesitate to contact the Data Protection Officer and EU Representative designated below. For more information about the cookies, please see the website of your national supervisory authority.


Data Protection Officer

Shane Co.

Attn: Data Protection Officer

P.O. Box 3552 Englewood, CO 80155-9922

Email: dataprotection@shaneco.com

 

EU/UK Representative

Shane Co., which processes the personal data of individuals in the European Union, European Economic Area and UK, in either the role of ‘data controller’ or ‘data processer,’ has appointed DataRep as its Data Protection Representative for the purposes of GDPR* in the EU/EEA and The Data Protection Act 2018 / UK GDPR (as amended) in the UK.

 

If Shane Co. has processed or is processing your personal data, you. May be entitled to exercise your rights under GDPR in respect of that personal data. For more details on the rights you have in respect of your personal data, please refer to the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en) or the national Data Protection Authority in your country.

 

Shane Co. takes the protection of personal data seriously, and has appointed DataRep as their Data Protection Representative in the European Union so that you can contact them directly in your home country. DataRep has locations in each of the 27 EU countries, the UK, and Norway & Iceland in the European Economic Area (EEA), so that Shane Co.’s customers can always raise the questions they want with them.

 

If you want to raise a question to Shane Co., or otherwise exercise your rights in respect of your personal data, you may do so by:

 

  • Sending an email to DataRep at datarequest@datarep.com quoting in the subject line,
  •  

  • Contacting us on our online webform at www.datarep.com/data-request, or
  •  

  • Mailing your inquiry to DataRep at the most convenient of the addresses in the following list.

 

PLEASE NOTE: when mailing inquiries, it is ESSENTIAL that you mark your letters for ‘DataRep’ and not ‘Shane Co.’, or your inquiry may not reach us. Please refer clearly to Shane Co. in your correspondence. On receiving your correspondence, Shane Co. is likely to request evidence of your identity, to ensure your personal data and information connected with it is not provided to anyone other than you.

 

Country

Address

Austria

DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Belgium

DataRep, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium

Bulgaria

DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria

Croatia

DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia

Cyprus

DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus

Czech Republic

DataRep, Platan Office, 28. Října 205/45, Floor 3&4, Ostrava, 70200, Czech Republic

Denmark

DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark

Estonia

DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia

Finland

DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland

France

DataRep, 72 rue de Lessard, Rouen, 76100, France

Germany

DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany

Greece

DataRep, 24 Lagoumitzi str, Athens, 17671, Greece

Hungary

DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary

Iceland

DataRep, Kalkofnsvegur 2, 3rd Floor, 101 Reykjavík, Iceland

Ireland

DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland

Italy

DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy

Latvia

DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia

Liechtenstein

DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Lithuania

DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania

Luxembourg

DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg

Malta

DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta

Netherlands

DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands

Norway

DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway

Poland

DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland

Portugal

DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal

Romania

DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania

Slovakia

DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia

Slovenia

DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia

Spain

DataRep, Calle de Manzanares 4, Madrid, 28005, Spain

Sweden

DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden

United Kingdom

DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom

 

If you have any concerns over how DataRep will handle the personal data we will require to undertake our services, please refer to our privacy notice at www.datarep.com/privacy-policy.

 

*The General Data Protection Regulation, EU 2016/679

 

From time to time, we may change this notice. Any changes will be posted on this page with an updated revision date. If we make any material changes to this notice, we will notify you by means of a prominent notice on our Sites prior to the change becoming effective. This notice will be reviewed annually and updated, as necessary. Our eCommerce Department is responsible for maintaining, reviewing and updating this Notice.


Version

Date Reviewed/Approved

Document Owner

Description

1

May 28, 2021

Data Protection Officer

Initial Cookie Notice

2

December 22, 2023

Data Protection Officer

Added detailed list of cookies

3

February 12, 2024

Data Protection Officer

Added EU/UK Representative

4

February 15, 2024

Data Protection Officer

Added New Jersey Data Privacy Law

5. We use information as disclosed and described here.

 

Information about our customers is an important part of our business, and we are not in the business of selling it to others. We share customer information only as described below.

 

We use information to respond to your requests or questions. For example, we might use your information to respond to your customer feedback.

 

We use information to improve our products and services. We may use your information to make our Sites better. We might use your information to customize your experience with us or understand your preferences. We may combine information we get from you with information about you we get from third parties.

 

We use information to communicate with you. We may send you emails and text messages you have consented to receive, such as promotional messages and transactional messages.

 

If you have opted-in to receiving messages from us, you expressly acknowledge consent to receiving such messages to the email, phone number, and address you have provided us, and that such messages may be from an automated system. If you have opted-in to receive text messages we do not charge you for the text message, provided, however, that standard messaging and data rates will apply to each text message in accordance with your wireless plan and your carrier’s policies. We do not require you to agree to receive text messages as a condition of making any purchase. If you need help with text messages text HELP to 720-730-2009. Text messages may not be delivered to you due to factors beyond our control such as transmission range, your carrier’s policies, or your phone plan.

 

You have the choice to opt-in to or opt-out from receiving certain emails or text messages to the email address or mobile number you provide to us at any time. Please see below for ways to opt-out of receiving certain communication from us.

 

Any communication or material you transmit to us by email or otherwise, including any data, questions, comments, suggestions, or the like is, and will be treated as, non-confidential and non-proprietary. Except to the extent expressly covered by this Notice, anything you transmit or post may be used by us for any purpose, including but not limited to, reproduction, disclosure, transmission, publication, broadcast and posting. Furthermore, you expressly agree that we are free to use any ideas, concepts, knowhow, or techniques contained in any communication you send to us without compensation and for any purpose whatsoever, including but not limited to, developing, manufacturing and marketing products and services using such information.

 

Automated Decision-Making and Profiling. Profiling means the automated processing of personal data for evaluating the personal aspects of an individual. In particular, profiling refers to the analysis or prediction of aspects concerning the Customer’s performance at work, economic situation, health, personal preferences or interests, reliability or behavior, location or movements. Profiling is automated or partly automated, is performed on personal data and evaluates personal aspects.


Decision-making is automated when decisions are based solely on the automated processing of personal data and the decisions produce legal effects concerning the Customer or significantly affect him or her. The processing in question includes profiling as defined in the GDPR insofar as it produces legal effects concerning the Customer or affects him or her in a correspondingly significant way. Automated decision-making is possible without profiling and vice versa. However, a single processing activity can involve both, depending on factors such as the data being used. We may use automated decision-making or profiling pursuant to Article 22 GDPR.

6. We Engage in Interest-Based Advertising.

 

ShaneCo.com and our partners display interest-based advertising using information gathered about you over time across multiple websites or other platforms. This might include apps.

 

Interest-based advertising includes ads served to you after you leave our website, encouraging you to return. They also include ads we think are relevant based on your shopping habits or online activities. For example, providing you with promotional materials we think you would like based on your shopping activity. These ads might be served on websites or on apps. They might also be served in emails. We might serve these ads, or third parties may serve ads. They might be about our products or other companies’ products.

 

To decide what is relevant to you, we use information you make available to us when you interact with us, our affiliates, and other third parties. For example, we or our partners might look at your purchases or browsing behaviors. We might look at these activities on our platforms or the platforms of others.

 

We work with third parties who might help gather this information or with whom we might share your information. These third parties might link your name or email address to other information they collect. That might include past purchases made offline or online, or online usage information.

 

The Self-Regulatory Program for Online Behavioral Advertising program provides consumers with the ability to opt-out of having their online behavior recorded and used for advertising purposes. If you want to opt out, visit http://www.aboutads.info/choices. Your opt-out may be both browser and device specific.

7. We Use Various Tracking Technologies.

 

We–or third parties we work with–use several common data collection technologies including cookies, pixel tags, and similar technologies. We collect personal information about users over time and across different websites when you use this website or service. We also have third parties that collect personal information this way. We do this for many reasons, including the following:

 

 

  • To engage in interest-based advertising as discussed above.
  •  

  • To understand the activities and behaviors of customers and platform users.
  •  

  • To recognize new visitors to our Sites.
  •  

  • To recognize past customers.
  •  

  • To present more personalized content and offers, to improve your website experience, optimize your shopping experience, and provide Site and service enhancements. For example, to avoid repeatedly showing you the same advertisements.
  •  

  • To serve customized advertising (whether on our website or others you visit).
  •  

  • To better understand our audience, our customers, our Site visitors, and their respective interests. For example, to understand what ads are of interest to consumers.

 

We work with third parties who provide us with certain web search services.

 

We use information for security purposes. We may use information to protect our company, our customers, and our Sites.

 

We use information for marketing purposes. If you register with our Site or if you opt-in to receiving messages from us in any other way, we may send you information about special offers, new products, or new services. These might be third party offers or products we think you might find interesting. Depending on your choice we may send this type of information via email, text, call, push notifications in apps, or notifications by regular mail. We also use information to customize offers you receive. This includes using your shopping history on Affiliates or other third-party platforms.

 

We utilize Third-Party service providers, and use your information to perform those functions. We employ other companies and individuals to perform functions on our behalf. Examples include fulfilling orders, delivering packages, sending postal mail and e-mail, removing repetitive information from customer lists, analyzing data, providing marketing assistance, providing search results and links (including paid listings and links), processing credit card payments, and providing customer service. They have access to personal information needed to perform their functions, but may not use it for other purposes.

 

We use information to communicate with you about your account or our relationship. We may contact you about your account or feedback. We might also contact you about this Notice or our website Terms.

 

We use information as otherwise permitted by law.

8. We may share information with third parties.

 

We will share information within the Shane Co. family of companies.

 

We will share information with third parties who perform services on our behalf. For example, we share information with vendors who send emails on our behalf. We may also share information with companies that operate our websites or run a promotion.

 

We will share information with our business partners. This includes sharing for marketing or advertising or for purposes of running joint promotions. For example, we will share information with our Affiliates to process orders or understand preferences. Or we might share information that third parties can use to serve you with ads they think you will like. This could include sharing with our partners what ads you look at. Third parties may use information for their own marketing or advertising purposes.

 

We will share information if we think we have to in order to comply with the law or to protect ourselves. We release account and other personal information when we believe release is appropriate to comply with the law; enforce or apply our Terms of Use and other agreements; or protect the rights, property, or safety of ShaneCo.com, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. Obviously, however, this does not include selling, renting, sharing, or otherwise disclosing personally identifiable information from customers for commercial purposes in violation of the commitments set forth in this Notice.

 

We may share information with any successor to all or part of our business. As we continue to develop our business, we might sell or buy stores, subsidiaries, or business units. In such transactions, customer information generally is one of the transferred business assets but remains subject to the promises made in any preexisting Notice (unless, of course, the customer consents otherwise). Also, in the unlikely event that Shane Co., or substantially all of its assets are acquired, customer information will of course be one of the transferred assets.

 

We may share information for other reasons we may describe to you.


9. You have certain choices about sharing and marketing practices.

 

You can choose not to provide us with information. You can always choose not to provide information, even though it might be needed to make a purchase or to take advantage of such ShaneCo.com features as Your Account, Shane Co. MyWay, and Customer Reviews.

 

General Opt-In. Subject to state-specific and rights under the GDPR, if you have opted-in to receiving messages from us, you expressly acknowledge consent to receiving such messages to the email, phone number, and address you have provided us, and that such messages may be from an automated system.


Additional. Any communication or material you transmit to us by email or otherwise, including any data, questions, comments, suggestions, or the like is, and will be treated as, non-confidential and non-proprietary. Except to the extent expressly covered by this Notice, anything you transmit or post may be used by us for any purpose, including but not limited to, reproduction, disclosure, transmission, publication, broadcast and posting. Furthermore, you expressly agree that we are free to use any ideas, concepts, know-how, or techniques contained in any communication you send to us without compensation and for any purpose whatsoever, including but not limited to, developing, content, manufacturing and marketing products and services using such information.

 

You can opt out of receiving our marketing email and texts. To stop receiving our promotional emails or other messages, you may opt-out by one of the following methods:

 

 

If you opt-out of receiving text messages, you may receive one final text message confirming your decision to unsubscribe.

 

Opting out of one form of communication does not mean you’ve opted out of other forms as well. For example, if you opt out of receiving marketing emails, you may still receive marketing text messages.

 

Even if you opt out of getting marketing messages, we will still send you transactional messages. These include responses to your questions. If you receive promotional emails from a third party, you will need to separately opt-out with them. If you participate in Shane Co. MyWay, you may need to separately opt out of notices and other email content.

 

You can request access to certain information. You may request access to the personal information we maintain about you or request that we correct, amend, delete or block the information by emailing us at support@shaneco.com. You may withdraw any consent you previously provided to us or object at any time on legitimate grounds to the processing of your personal information, and we will apply your preferences going forward.

 

You can control cookies and tracking tools. Your browser may give you the ability to control cookies. How you do so depends on the type of cookie. Certain browsers can be set to reject browser cookies. To control flash cookies, which we may use on certain websites from time to time, you can go here. Why? Because flash cookies cannot be controlled through your browser settings.

 

If you block cookies on your browser, certain features on our Sites may not work. If you block or delete cookies, not all of the tracking activities we have described here will stop. Choices you make may be both browser and device-specific.

 

You can control tools on your mobile devices. For example, you can turn off the GPS locator or push notifications on your phone. You can also control these settings in our apps.


10. State-specific privacy rights.

 

Depending on your location and other factors, specific state laws may apply. Note, however, that we make no representation or promise that such laws apply, it being acknowledged that this Notice alone does not grant you such rights even if you are a resident of such state. For the following rights to apply to you, other statutory thresholds and pre-requisites must be met beyond your place of residence and our posting of the following state-specific notices.  Moreover, to the extent language elsewhere in this Notice and the language of each jurisdiction-specific section below conflict, the language in the jurisdiction-specific section shall control where applicable.

 

To the extent a given state’s laws do apply to you because: (i) you enjoy the benefit and protection of the laws and government of each of the respective states and jurisdictions listed below, as applicable; and (ii) all threshold requirements for applicability are met, without exceptions or exemptions dictating otherwise, the following shall apply:

 

California.

 

This supplemental privacy notice may apply to California residents is provided to comply with the California Consumer Privacy Act of 2018 (“CCPA”), the Consumer Privacy Rights Act of 2020 ("CPRA"), and other California privacy laws.

 

Consumer Rights Under the CCPA and CPRA. The CCPA and CPRA establish several rights for you, the consumer. 

 

You have the right to submit several requests regarding the personal information we have collected about you. You may make such a request for disclosure or deletion of personal information twice within any given 12-month period. We will provide responsive information for a period of 12 months preceding the date of your request. We will provide this information to you within a period of 45 days from the date of your request. If needed, we may require up to an additional 45 days to complete the request but will provide notice to you of the need for the additional time prior to the expiration of the initial 45-day period.

 

To respond to your request, we will need to obtain enough information from you to verify that yours is a valid and legitimate request. This provides further protection for your personal information.

 

Right to Request Disclosure of Sensitive and Personal Information. You may request that we disclose the categories of sensitive and personal information that we have collected about you, the specific pieces of sensitive and personal information that we have collected about you, or both. 

 

Right to Correct Inaccurate Personal Information. In the event that any of the personal information we maintain about you is incorrect, you have the right to request that we correct it.

 

Right to Limit Use and Disclosure of Sensitive Personal Information. You may request that we limit the use and disclosure of your sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services, and other specific uses delineated in the CCPA and CPRA. 

 

The CCPA and CPRA define "sensitive personal information" as personal information that reveals any of the following:

 

  • A consumer’s social security, driver’s license, state identification card, or passport number;
  •  

  • A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
  •  

  • A consumer’s precise geolocation;
  •  

  • A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership;
  •  

  • The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication;
  •  

  • A consumer’s genetic data;
  •  

  • The processing of biometric information for the purpose of uniquely identifying a consumer;
  •  

  • Personal information collected and analyzed concerning a consumer’s health; and
  •  

  • Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.

 

Right to Opt-Out. If we engage in cross-context behavioral advertising, you may request that we stop sharing your personal information for cross-context behavioral advertising.

 

Right to Request Deletion of Personal Information. You also have the right to submit a request that we delete the personal information we have collected about you. There are several exceptions to the consumer’s right to deletion; namely, we may retain your information despite your request for deletion if we require the information in order to do any of the following:

 

 

  • Complete the transaction for which the personal information was collected;
  •  

  • Provide a good or service requested by the consumer or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer;
  •  

  • Otherwise perform a contract between the business and the consumer;
  •  

  • Detect security incidents and protect against “malicious, deceptive, fraudulent, or illegal activity;”
  •  

  • Use for internal debugging purposes or to repair software errors;
  •  

  • Exercise free speech, ensure the right of another consumer to exercise free speech, or any other right provided by law;
  •  

  • Use the information to comply with the California Electronic Communications Privacy Act;
  •  

  • Engage in research in the public interest that follows all other privacy laws (with consumer consent);
  •  

  • Enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business;
  •  

  • Comply with a legal obligation; or
  •  

  • Otherwise use the information internally in a lawful manner that is compatible with the context in which the consumer provided the information.

 

Note, however, that your information, including Sensitive Personal Information, is retained indefinitely for the purposes of providing our lifetime warranty services on the products we sell. To receive these services, we need your personal information to tie back your ownership of product to a specific transaction.

 

How to Submit a Request. We offer consumers two distinct methods for submitting requests to exercise their rights under the CCPA and CPRA:

 

Via Mail

WESTERN STONE & METAL CORP., dba Shane Co.

Attn: Privacy

P.O. Box 3552 Englewood, CO 80155-9922

Email: dataprotection@shaneco.com


WESTERN STONE & METAL CORP., dba Shane Co.

Attn: Data Protection Officer

P.O. Box 3552 Englewood, CO 80155-9922

Email: dataprotection@shaneco.com

 

Via Phone

Toll-free at 866-467-4263

Submitting a verifiable consumer request does not require that you have an active account with us, nor are you required to create an account. As previously noted, we will need to obtain enough information from you to verify your request in protection of your information before responding to your request. Information that we may need from you to verify your request may include the following:

 

 

  • Legal name;
  •  

  • Email address;
  •  

  • Phone number;
  •  

  • Date of birth;
  •  

  • Last four digits of your social security number; and
  •  

  • Billing address.

 

We may decline a consumer request if the time and resources that must be expended to respond to the request outweigh the reasonably foreseeable impact to the consumer from not responding, as provided by California law.


Requests by an Authorized Agent. A California resident may use an authorized agent to submit a right to know request or a request to delete. To use an authorized agent to submit such a request, the California resident must provide the agent with written authorization. In addition, the California resident may be required to verify their own identity with us or to authenticate the agent’s authorization. We may deny a request from an agent that does not submit proof, including written authorization from the resident, that the agent has been authorized by the California resident to act on their behalf. However, such requirements will not apply where a California resident has provided the authorized agent with power of attorney pursuant to California Probate Code Sections 4000 to 4465.

 

Right to Not be Discriminated Against for Exercising the Rights to Disclosure or Deletion. We will not discriminate against you for exercising your rights under the CCPA and CPRA. Unless otherwise permitted by the CCPA, the CPRA, or other California law, we will not deny you goods or services, charge you a different rate for goods or services, provide you a different quality of goods or services, or suggest that any aspect of your service will change if you exercise any of your rights enumerated here in this policy.

 

Categories of Information We Collected About Consumers in the Past 12 Months: As indicated in Section 1.


Disclosure of Personal Information to Third Parties. As indicated in Section 1.

 

We Do Not Sell Your Personal Information. We do not sell your personal information. However, in the event that we are considering a sale, partial or complete, asset transfer, partial or complete, or other financing matter, we would make any and all necessary disclosures to you before certain information we possess concerning you may be accessed, disclosed, and/or processed by third parties. Such third-party access would be governed by a written agreement that limits such access, disclosure, and processing in accordance with the CCPA, CPRA, and other applicable law.

 

Our Right to Change Privacy Policy. The foregoing policy is effective as of the date identified in Section 1. We reserve the right to change this policy at any time by notifying visitors to our website of the existence and location of the new or revised privacy policy. Changes to the policy will be posted to this page, and if changes are significant, a summary of the changes will be posted at the beginning of the policy. By entering our website and by continuing to use our services, you are accepting all terms and conditions outlined in the above Privacy Policy.

 

If you have any questions about this policy, you may contact us using the same information in the “How to Submit a Request section” above.

 

California and Delaware “Do Not Track” Disclosures.

 

Privacy regulations in the United States, such as the laws of California and Delaware, requires us to indicate whether we honor your browser’s “Do Not Track” settings concerning targeted advertising. We adhere to the standards set out in this Notice and do not monitor or respond to Do Not Track browser requests. 

 

Colorado.

 

This supplemental privacy notice may apply to Colorado residents acting in an individual or household context. Under the Colorado Privacy Act (“CPA”), you may have a right to: (i) confirm whether a controller is processing your personal data and access to your personal data; (ii) correct inaccuracies in your personal data; (iii) delete your personal data; (iv) obtain a personal data in a portable and technically feasible, readily usable format; and (v) to opt out of processing your personal data for targeted advertising, sale of your data or profiling.

 

Moreover, your affirmative opt-in consent is required for collection of sensitive data, which may include collection of government identifiers, account and login information, precise geolocation data, personal data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or citizenship status, genetic or biometric data, union membership, contents of mail, email, and text messages, generic data, sexual orientation, and health or biometric information, and the personal data of a known child. To do any of the above, please contact dataprotection@shaneco.com with the subject line “CPA Request,” or call us toll-free at 866-467-4263.

 

Connecticut.

 

This supplemental privacy notice may apply to Connecticut residents. Under the Connecticut Data Privacy Act (“CTDPA”), you may have a right to: (i) confirm whether a controller is processing your personal data and to allow access to your personal data; (ii) correct inaccuracies in your personal data; (iii) delete your personal data; (iv) obtain a personal data in a portable and technically feasible, readily usable format; (v) to opt out of processing your personal data for targeted advertising, sale of your data or profiling; and (vi) to appeal our decision in failing to act on your request within a reasonable time. In addition, as a Connecticut resident: (i) you may also have personal data provided by you deleted; and (ii) we will not require identification for you to take any of the actions described above.

 

Moreover, your affirmative opt-in consent is required for collection of sensitive data, which may include collection of government identifiers, account and login information, precise geolocation data, personal data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or citizenship status, genetic or biometric data, union membership, contents of mail, email, and text messages, generic data, sexual orientation, and health or biometric information, and the personal data of a known child. To do any of the above, please contact dataprotection@shaneco.com with the subject line “CTDPA Request,” or call us toll-free at 866-467-4263.

 

Delaware.

 

This supplemental privacy notice may apply to Delaware residents. Under the Delaware Personal Data Privacy Act (“DPDPA”), you may have a right to: (i) only have sensitive data processed pursuant to your express opt-in consent; (ii) have opt-out preference signals observed; and (iii) allows you the right to opt out of profiling in furtherance of solely automated decisions that produce legal or similarly significant effects. Moreover, you may (i) confirm whether a controller is processing your personal data and to allow access to your personal data; (ii) correct inaccuracies in your personal data; (iii) delete your personal data; (iv) obtain a personal data in a portable and technically feasible, readily usable format; (v) to opt out of processing your personal data for targeted advertising, sale of your data or profiling; and (vi) to appeal our decision in failing to act on your request within a reasonable time.

 

Moreover, your affirmative opt-in consent is required for collection of sensitive data, which may include collection of government identifiers, account and login information, precise geolocation data, personal data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or citizenship status, genetic or biometric data, union membership, contents of mail, email, and text messages, generic data, sexual orientation, and health or biometric information, and the personal data of a known child. To do any of the above, please contact dataprotection@shaneco.com with the subject line “DPDPA Request,” or call us toll-free at 866-467-4263.

 

Indiana.

 

This supplemental privacy notice may apply to Indiana residents. Under Indiana’s Digital Personal Data Protection Act (“DIPDPA”), you may have a right to: to: (i) confirm whether a controller is processing your personal data and to allow access to your personal data; (ii) correct inaccuracies in your personal data; (iii) delete your personal data; (iv) obtain a personal data in a portable and technically feasible, readily usable format; (v) to opt out of processing your personal data for targeted advertising, sale of your data or profiling; and (vi) to appeal our decision in failing to act on your request within a reasonable time.

 

Moreover, your affirmative opt-in consent is required for collection of sensitive data, which may include collection of government identifiers, account and login information, precise geolocation data, personal data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or citizenship status, genetic or biometric data, union membership, contents of mail, email, and text messages, generic data, sexual orientation, and health or biometric information, and the personal data of a known child. To do any of the above, please contact dataprotection@shaneco.com with the subject line “IDPDPA Request,” or call us toll-free at 866-467-4263.

 

Iowa.

 

This supplemental privacy notice may apply to Iowa residents. Under the Iowa Comprehensive Data Protection Act (“CDPA”), you may have a right to: (i) confirm whether a controller is processing your personal data and to allow access to your personal data; (ii) delete your personal data; (iii) obtain a personal data in a portable and technically feasible, readily usable format; and (iv) to appeal our decision in failing to act on your request within a reasonable time. Note that we do make use of targeted advertising as described in this policy.

 

Moreover, you may opt-out of our collection of government identifiers, account and login information, precise geolocation data, racial or ethnic origin, religious or philosophical beliefs, union membership, contents of mail, email, and text messages, generic data, sexual orientation, and health or biometric information. You may also opt out of the sale of your personal data. To do any of the above, please contact dataprotection@shaneco.com with the subject line “CDPA Request,” or call us toll-free at 866-467-4263.

 

Montana.

 

This supplemental privacy notice may apply to Montana residents. Under the Montana Consumer Protection Data Privacy Act (“MTCDPA”), you may have a right to: (i) confirm whether a controller is processing your personal data and to allow access to your personal data; (ii) correct inaccuracies in your personal data; (iii) delete your personal data; (iv) obtain a personal data in a portable and technically feasible, readily usable format; (v) to opt out of processing your personal data for targeted advertising, sale of your data or profiling; in furtherance of solely automated decisions that produce legally similar significant effects concerning you; and (vi) to appeal our decision in failing to act on your request within a reasonable time.

 

Moreover, your affirmative opt-in consent is required for collection of sensitive data, which may include collection of government identifiers, account and login information, precise geolocation data, personal data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or citizenship status, genetic or biometric data, union membership, contents of mail, email, and text messages, generic data, sexual orientation, and health or biometric information, and the personal data of a known child. To do any of the above, please contact dataprotection@shaneco.com with the subject line “MTCDPA Request,” or call us toll-free at 866-467-4263.

 

New Jersey.

 

Under the New Jersey Data Privacy Law (“NJDPL”), you may have a right to: (i) confirm whether a controller is processing your personal data and to allow access to your personal data; (ii) correct inaccuracies in your personal data; (iii) delete your personal data; (iv) obtain a copy of your personal data in a portable and technically feasible, readily usable format; (v) to opt out of processing your personal data for targeted advertising, sale of your data or profiling; (vi) revoke previously given consent to process your personal data; and (vii) to appeal our decision in failing to act on your request within a reasonable time.

 

Moreover, your affirmative opt-in consent is required for collection of sensitive data, which may include collection of government identifiers, account and login information, precise geolocation data, personal data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or citizenship status, genetic or biometric data, union membership, contents of mail, email, and text messages, generic data, sexual orientation, and health or biometric information, and the personal data of a known child. To do any of the above, please contact dataprotection@shaneco.com with the subject line “NJDPL Request,” or call us toll-free at 866-467-4263.

 

Oregon.

 

This supplemental privacy notice may apply to Oregon residents. Under the Oregon Consumer Privacy Act (“OCPA”), you may have a right to: (i) confirm whether a controller is processing your personal data and to allow access to your personal data; (ii) correct inaccuracies in your personal data; (iii) delete your personal data; (iv) obtain a personal data in a portable and technically feasible, readily usable format; (v) to opt out of processing your personal data for targeted advertising, sale of your data or profiling; (vi) revoke previously given consent to process your personal data; and (vii) to appeal our decision in failing to act on your request within a reasonable time.

 

Moreover, your affirmative opt-in consent is required for collection of sensitive data, which may include collection of government identifiers, account and login information, precise geolocation data, personal data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or citizenship status, genetic or biometric data, union membership, contents of mail, email, and text messages, generic data, sexual orientation, and health or biometric information, and the personal data of a known child. To do any of the above, please contact dataprotection@shaneco.com with the subject line “OCPA Request,” or call us toll-free at 866-467-4263.

 

Tennessee.

 

This supplemental privacy notice may apply to Tennessee residents. Under the Tennessee Information Protection Act (“TIPA”), you may have a right to: (i) confirm whether a controller is processing your personal data and to allow access to your personal data; (ii) correct inaccuracies in your personal data; (iii) delete your personal data; (iv) obtain a personal data in a portable and technically feasible, readily usable format; (v) to opt out of processing your personal data for targeted advertising, sale of your data or profiling; and (vi) to appeal our decision in failing to act on your request within a reasonable time.

 

Moreover, your affirmative opt-in consent is required for collection of sensitive data, which may include collection of government identifiers, account and login information, precise geolocation data, personal data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or citizenship status, genetic or biometric data, union membership, contents of mail, email, and text messages, generic data, sexual orientation, and health or biometric information, and the personal data of a known child. To do any of the above, please contact dataprotection@shaneco.com with the subject line “TIPA Request,” or call us toll-free at 866-467-4263.

 

Texas.

 

This supplemental privacy notice may apply to Texas residents. Under the Texas Data Privacy and Security Act (“TDPSA”), you may have a right to: (i) confirm whether a controller is processing your personal data and to allow access to your personal data; (ii) correct inaccuracies in your personal data; (iii) delete your personal data; (iv) obtain a personal data in a portable and technically feasible, readily usable format; (v) to opt out of processing your personal data for targeted advertising, sale of your data or profiling; and (vi) to appeal our decision in failing to act on your request within a reasonable time.

 

Moreover, your affirmative opt-in consent is required for collection of sensitive data, which may include collection of government identifiers, account and login information, precise geolocation data, personal data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or citizenship status, genetic or biometric data, union membership, contents of mail, email, and text messages, generic data, sexual orientation, and health or biometric information, and the personal data of a known child. To do any of the above, please contact dataprotection@shaneco.com with the subject line “TDPSA Request,” or call us toll-free at 866-467-4263.

 

Utah.

 

This supplemental privacy notice may apply to Utah residents acting in an individual or household context. Under the Utah Consumer Privacy Act (“UCPA”), you may have a right to: (i) confirm whether a controller is processing your personal data and to allow access to your personal data; (ii) delete your personal data that you provided to us as a controller; (iii) obtain a personal data that you provided to us as a controller in a portable and technically feasible, readily usable format; (iv) to opt out of processing your personal data for targeted advertising, or sale of your data; and (v) to appeal our decision in failing to act on your request within a reasonable time.

 

Moreover, please note that we may collect sensitive personal information, which may include government identifiers, account and login information, precise geolocation data, racial or ethnic origin, religious or philosophical beliefs, union membership, contents of mail, email, and text messages, generic data, sexual orientation, and health or biometric information. You may opt-out of our collection of the same. You also may opt-in to have children under the age of 13’s data collected, which will require verifiable parental consent. To do any of the above, please contact dataproteciton@shaneco.com with the subject line “UCPA Request,” or call us toll-free at 866-467-4263.

 

Virginia.

 

This supplemental privacy notice may apply to Virginia residents. Under the Virginia Data Protection Act (“VCDPA”), you may have a right to: (i) confirm whether a controller is processing your personal data and to allow access to your personal data; (ii) correct inaccuracies in your personal data; (iii) delete your personal data; (iv) obtain a personal data in a portable and technically feasible, readily usable format; (v) to opt out of processing your personal data for targeted advertising, sale of your data or profiling; and (vi) to appeal our decision in failing to act on your request within a reasonable time.

 

Moreover, your affirmative opt-in consent is required for collection of sensitive data, which may include collection of government identifiers, account and login information, precise geolocation data, personal data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or citizenship status, genetic or biometric data, union membership, contents of mail, email, and text messages, generic data, sexual orientation, and health or biometric information, and the personal data of a known child.. To do any of the above, please contact dataprotection@shaneco.com with the subject line “VCDPA Request,” or call us toll-free at 866-467-4263.


11. Our Sites and children.

 

Our Sites are meant for people at least 16 years old. If you are under 16, please do not use our digital services. We do not knowingly collect personally identifiable information from children under 16 without permission from a parent or guardian. If you are a parent or legal guardian and think your child under 16 has given us information, you can email us at CustomerServiceRep@shaneco.com. If we learn that we have unknowingly collected or received personal data from a child under 16, we will delete that personal data. You can also write to us at the address listed at the end of this Notice, including because you believe we may have information from or about a child under 16. Please mark your inquiries "COPPA Information Request." Parents, you can learn more about how to protect children's privacy on-line here: http://www.business.ftc.gov/privacy-and-security/childrens-privacy.


12. We store information in the United States.

 

The nature of our business means that the personal data collected through our platform and services will be transferred to and stored within the United States. Information we maintain is stored within the United States. If you live outside of the United States, you understand and agree that we may transfer your information to the United States. Also, the majority of our personnel and the third parties to whom we disclose Personal Data are located in the United States.


13. We use standard security measures.

 

We use reasonable measures to protect the information you share with us. This includes physical measures. It also includes technical and administrative measures, access controls, assignment of access rights. We use firewall encryption where appropriate. We may also use Secure Socket Layer encryption.

 

Please remember that no data security measures are 100% secure all the time. Considering the cyber threats in modern day online environment, we cannot give full guarantee that our security measures will prevent illegally and maliciously operating third parties from obtaining access to personal data or absolute security of the personal data during its transmission or storage on our systems.

 

All parties processing personal data have a duty of confidentiality in matters related to the processing of personal data. Access to personal data is restricted to those employees and parties who need it to perform their duties. We also require our service providers to have appropriate methods in place to protect personal data.

14. Our Site and Do Not Track Signals.

 

Some browsers transmit Do Not Track (DNT) signals to websites. Due to the lack of a common interpretation of DNT signals throughout the industry, we do not currently alter, change, or respond to DNT requests or signals from these browsers. We will continue to monitor industry activity in this area and reassess our DNT practices as necessary.


15. You can update your information.

 

To update your information, log into the website and click the “My Account” link at the top of every ShaneCo.com page. You can also update it by clicking here: https://www.shaneco.com/account-login. It may take us up to 10 business days to process account changes.


16. We may link to other sites or have third party services on our site we do not control.

 

If you click on a link to a third-party site or engage in services operated by other organizations, you will be taken to websites that we do not control or manage. This Notice does not apply to the privacy practices of that website. Read the privacy Notice of other websites carefully. We are not responsible for these third-party sites. Our Site may also serve third party content that contains their own cookies or tracking technologies. We do not control the use of those technologies. We also do not control the privacy practices of our Affiliates. This includes their use of cookies and other tracking technologies. We are not responsible for the privacy policies, related issues, technologies, and other matters relating to such external services.


17. Feel free to contact us if you have more questions.

 

If you have any questions or concerns about this Notice, you may contact us at:

Shane Co.

Attn: Privacy

P.O. Box 3552 Englewood, CO 80155-9922

Email: DataProtection@shaneco.com

18. Additional Rights and Information for Residents Under the General Data Protection Regulation (GDPR)

 

This section of the Notice applies only if your use our Sites or Services is covered by the GDPR and supplements the information in this Notice. Still, discussions above with respect to data processors, controllers, and other sections are to be read in tandem with this section when evaluating your rights under the GDPR. The Cookie Notice in Section 4 and other sections above that are not precluded by this section’s terms, for example, are equally applicable to those covered under the GDPR to the extent the same are not precluded by superior law. Otherwise, if the GDPR applies, and to the extent language elsewhere in this Notice and the language of this Section 18 conflict, the language of this Section 18 shall control where applicable.

 

We make no representation or promise that the GDPR applies, it being acknowledged that this Notice alone does not grant you such rights even if you are an EU resident. For the following rights to apply to you, other statutory thresholds and pre-requisites must be met beyond your place of residence and our posting of the following notices. To the extent the GDPR does apply to you because: (i) you enjoy the benefit and protection of the laws and government of the same; and (ii) all threshold requirements for applicability are met, without exceptions or exemptions dictating otherwise, the following shall apply:

 

Controller of Personal Information

 

To the extent that Shane Co. is subject to the laws of the European Union and Switzerland when processing personal data (“Personal Data”) of EU Citizens, it shall be the “data controller” under such laws.

 

Legal Basis for Data Processing Generally

 

We process Personal Data for the purposes set out in this Notice, as described above. Our legal basis to process Personal Data includes processing that is: necessary for the performance of the contract between you and Shane Co. (for example, to facilitate a purchase on Shaneco.com, to provide you with other services that you request, or for resolving billing or customer service inquiries related to your use of our Services); necessary to comply with legal requirements; necessary for our legitimate interests (for example, to manage our relationship with you and to improve the website and our Services); and, where legally required and we have no other valid legal basis to process Personal Data, we will use consent by our customers (for example, to provide you with marketing information or share information with third parties), which may subsequently be withdrawn at any time (by emailing privacy@shaneco.com) without affecting the lawfulness of processing based on consent before its withdrawal.

 

In some instances, you may be required to provide us with Personal Data for processing as described above, for us to be able to provide you all our Services, and for you to use all the features of our Sites.

 

Specific Purposes and Legal Bases for Processing Personal Data

 

Personal data will be processed for the following purposes based on the defined legal bases:

 

 

  • Provision of our services in stores and provision of our services online, such as on websites and platforms (contract or its preparation, legitimate interest).
  •  

  • Processing and replying to contact requests, e.g., website contact forms, phone calls, emails (contract, legitimate interest).
  •  

  • Processing orders and servicing customer accounts (contract or its preparation, legitimate interest).
  •  

  • Provision and improvement of customer service and support and customer communications (legitimate interest).
  •  

  • Monitoring the effectiveness of our sales promotion and marketing campaigns (legitimate interest).
  •  

  • Promoting our services and brand and increasing brand awareness (legitimate interest).
  •  

  • Advertising and offering our services, including direct electronic and non-electronic marketing, targeted marketing and advertising (consent, legitimate interest).
  •  

  • Monitoring the use of our website and platforms and to improve the site functionality and user experience and to present the content of our website and platforms in a manner ideal for the visitor’s device, i.e. personalize the experience (consent).
  •  

  • Analyzing how users use our platforms (consent).
  •  

  • Providing marketing on our website and platforms using cookies (consent).
  •  

  • Sending messages and push notifications regarding services that customers request (consent).
  •  

  • Developing and improving our services and platforms, for example by voluntary surveys (consent).
  •  

  • Ensuring security of our services and preventing abuses (legal obligation or legitimate interest).
  •  

  • Complying and fulfilling our legal duties and obligations such as tax law and accounting related obligations (legal obligation).
  •  

  • Establishing, exercising, or defending against legal claims (legal obligation or legitimate interest).

 

For processing activities that are based on a legitimate interest, we have carefully balanced such legitimate interest with the Customers’ right to privacy and concluded that our interest outweighs the Customers’ rights and freedoms.

 

Where the processing is such that consent is required by the applicable legislation, we will state so and obtain the consent, and this will be the legal basis for the processing. However, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If such withdrawal means that we are no longer able to provide our services, we may cease to provide the services.

 

International Transfers of Personal Data

 

The nature of Shane Co.’s business means that the Personal Data collected through our Services will be transferred to the United States. Also, the Shane Co. personnel and some of the third-parties to whom we disclose Personal Data (as set out above) are located in the United States. We take appropriate steps to ensure that recipients of your Personal Data are bound to duties of confidentiality and we implement measures such as standard data protection contractual clauses to ensure that any transferred Personal Data, remains protected and secure. If you live outside of the United States, you understand and agree that we may transfer your information to the United States. Also, our personnel and the third parties to whom we disclose Personal Data are located in the United States.

 

Your Rights

 

Right of access and right of inspection. The Customer has the right to obtain confirmation as to whether or not personal data concerning them is being processed.

 

The Customer has the right to inspect and view data concerning them and, upon a request, the right to obtain the data in a written or electric form. This applies to information that the Customer has provided to us insofar the processing is based on a contract/consent.

 

Right to rectification and right to erasure. The Customer has the right to demand the rectification of incorrect personal data concerning them and to have incomplete personal data completed.

 

The Customer has the right to require us to delete or stop processing the Customer’s personal data, for example where the data is no longer necessary for the purposes of processing.

 

However, please note that certain personal data is strictly necessary to achieve the purposes defined in this Notice and may also be required to be retained by applicable laws.

 

Right to data portability. The Customer has the right to receive the personal data that the Customer has provided to us in a structured, commonly used, and machine-readable format and, if desired, transmit that data to another controller. The right to data portability applies to the processing of the personal data based on consent or a contract.

 

Right to restriction of processing. The Customer has the right, under conditions defined by data protection legislation, to request the restriction of processing of his or her personal data. In situations where personal data suspected to be incorrect cannot be corrected or removed, or if the removal request is unclear, we will limit the access to such data.

 

Right to object to processing. The Customer has the right to object to the processing of your personal data where we are relying on its legitimate interests as the legal ground for processing. For example, the Customer may object to his or her personal data being used for marketing purposes.

 

Right to withdraw consent. In cases where the processing is based on the Customers’ consent, the Customer has the right to withdraw his or her consent to such processing at any time.

 

Right to lodge a complaint with a supervisory authority. The Customer has the right to lodge a complaint with a competent data protection authority if the Customer considers that the processing of personal data relating to the Customer infringes current legislation.

 

However, we request that the matter be dealt with Shane Co. in the first instance. The relevant authority in Europe is the data protection authority of your country of residence.

 

 

Requests regarding the rights of Customers shall be made in written or in electronic form, and the request shall be addressed to the Data Protection Officer at DataProtection@shaneco.com. You may lodge a complaint with a supervisory authority if you consider that our processing of your Personal Data infringes applicable law. A list of EU data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080. We do, however, hope you first raise the issue with us so we may work towards a prompt resolution on your behalf.

 

Please note that your identity will be checked before the information is given out, which is why we may have to ask for additional details. The request will be responded to within a reasonable time and, where possible, within one month of the request and the verification of identity.

 

If the Customer’s request cannot be met, the refusal shall be communicated to the Customer in writing. We may refuse the request (for example erasure of data) due to a statutory obligation or a statutory right of the company, such as an obligation or a claim relating to our services. Please note that we may charge a reasonable fee where requests from a Customer are manifestly unfounded or excessive, in particular because of their repetitive character.

 

If you have any questions relating to our data protection policies or wish to exercise your rights, please do not hesitate to contact us.

 

Moreover, if you no longer want to receive email communications from us, you may unsubscribe by clicking the “Unsubscribe” link in our email. Should you continue to receive email communications from us after unsubscribing please contact us at customerservicerep@shaneco.com and provide us the email address and services information from which you wish to unsubscribe. Opting out of receiving emails may impact your use of the services. We may continue to send you transactional related emails for any transactions which you initiate. If you receive promotional emails from third parties, you will need to separately opt-out with such third party.You can opt out of receiving push notifications through your device settings. Please note that opting out of receiving push notifications may impact your use of the services.

 

Finally, you may be able to prevent your device from sharing location information at any time through your device’s operating system settings.

 

If you have questions or concerns about this section, or wish to exercise any rights described above, please do not hesitate to contact the Data Protection Officer and/or EU Representative designated below.

 

Data Protection Officer

Shane Co.
Attn: Data Protection Officer
P.O. Box 3552 Englewood, CO 80155-9922
Email: dataprotection@shaneco.com

 

EU/UK Representative

Shane Co., which processes the personal data of individuals in the European Union, European Economic Area and UK, in either the role of ‘data controller’ or ‘data processer,’ has appointed DataRep as its Data Protection Representative for the purposes of GDPR* in the EU/EEA and The Data Protection Act 2018 / UK GDPR (as amended) in the UK.

 

If Shane Co. has processed or is processing your personal data, you. May be entitled to exercise your rights under GDPR in respect of that personal data. For more details on the rights you have in respect of your personal data, please refer to the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en) or the national Data Protection Authority in your country.

 

Shane Co. takes the protection of personal data seriously, and has appointed DataRep as their Data Protection Representative in the European Union so that you can contact them directly in your home country. DataRep has locations in each of the 27 EU countries, the UK, and Norway & Iceland in the European Economic Area (EEA), so that Shane Co.’s customers can always raise the questions they want with them.

 

If you want to raise a question to Shane Co., or otherwise exercise your rights in respect of your personal data, you may do so by:

 

  • Sending an email to DataRep at datarequest@datarep.com quoting in the subject line,
  •  

  • Contacting us on our online webform at www.datarep.com/data-request, or
  •  

  • Mailing your inquiry to DataRep at the most convenient of the addresses in the following list.

 

PLEASE NOTE: when mailing inquiries, it is ESSENTIAL that you mark your letters for ‘DataRep’ and not ‘Shane Co.’, or your inquiry may not reach us. Please refer clearly to Shane Co. in your correspondence. On receiving your correspondence, Shane Co. is likely to request evidence of your identity, to ensure your personal data and information connected with it is not provided to anyone other than you.

 

Country

Address

Austria

DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Belgium

DataRep, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium

Bulgaria

DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria

Croatia

DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia

Cyprus

DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus

Czech Republic

DataRep, Platan Office, 28. Října 205/45, Floor 3&4, Ostrava, 70200, Czech Republic

Denmark

DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark

Estonia

DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia

Finland

DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland

France

DataRep, 72 rue de Lessard, Rouen, 76100, France

Germany

DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany

Greece

DataRep, 24 Lagoumitzi str, Athens, 17671, Greece

Hungary

DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary

Iceland

DataRep, Kalkofnsvegur 2, 3rd Floor, 101 Reykjavík, Iceland

Ireland

DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland

Italy

DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy

Latvia

DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia

Liechtenstein

DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Lithuania

DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania

Luxembourg

DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg

Malta

DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta

Netherlands

DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands

Norway

DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway

Poland

DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland

Portugal

DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal

Romania

DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania

Slovakia

DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia

Slovenia

DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia

Spain

DataRep, Calle de Manzanares 4, Madrid, 28005, Spain

Sweden

DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden

United Kingdom

DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom

 

If you have any concerns over how DataRep will handle the personal data we will require to undertake our services, please refer to our privacy notice at www.datarep.com/privacy-policy.

 

*The General Data Protection Regulation, EU 2016/679

19. Terms of Use, Notices, Revisions, Limitation on Liability, Arbitration

 

If you choose to visit ShaneCo.com, your visit and any dispute over privacy is subject to this Notice and our Terms of Use, including limitations on damages, resolution of disputes, and application of the law of the state of Colorado. If you have any concern about privacy at ShaneCo.com, please contact us with a thorough description, and we will try to resolve it. Our business changes constantly, and our Notice and the Terms of Use will change also. We may e-mail periodic reminders of our notices and conditions, but you should check our Sites frequently to see recent changes. Unless stated otherwise, our current Notice applies to all information that we have about you and your account. We stand behind the promises we make, however, and will never materially change our policies and practices to make them less protective of customer information collected in the past without the consent of affected customers.

 

Except where prohibited, by visiting and using ShaneCo.com, you agree that: (1) any and all questions, controversies, claims and causes of action arising out of or connected with the construction, validity, interpretation, and enforceability of this Notice shall be resolved exclusively by means of arbitration administered by the American Arbitration Association in accordance with its Commercial Arbitration Rules, in Denver, Colorado, and shall be resolved individually, without resort to any form of class action or representative action, and you agree that you shall not seek to aggregate any claims with other individuals; (2) SHANE CO.’S LIABILITY ARISING IN CONNECTION WITH THIS NOTICE WHETHER IN CONTRACT, IN TORT, UNDER ANY WARRANTY, IN NEGLIGENCE OR OTHERWISE SHALL NOT EXCEED THE AMOUNT OF $1.00 AND SHALL BE FURTHER LIMITED TO ACTUAL DAMAGES EQUAL TO OR LESS THAN SUCH AMOUNTS, RESPECTIVELY, AND TO THE MAXIMUM EXTENT PERMITTED BY LAW, UNDER NO CIRCUMSTANCE, INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE, SHANE CO. SHALL NOT BE LIABLE FOR, AND YOU WAIVE ALL RIGHTS TO CLAIM ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES OR ATTORNEYS FEES ARISING OUT OF THIS NOTICE, AND ANY AND ALL RIGHTS TO HAVE DAMAGES MULTIPLIED OR OTHERWISE INCREASED (EVEN IF YOU OR ANY OF YOUR AUTHORIZED REPRESENTATIVES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), AND TO RECOVER OTHER SUCH RELATED COSTS OF BRINGING A CLAIM, NOR SHALL AN ENTRANT BE ENTITLED TO RESCIND THIS AGREEMENT NOR SEEK INJUNCTIVE OR ANY OTHER EQUITABLE RELIEF. Judgment on the award rendered by the arbitrator may be entered in any court having jurisdiction thereof.

 

Claims shall be heard by a single arbitrator. The place of arbitration shall be Denver, Colorado. The arbitration shall be governed by the laws of the State of Colorado without giving effect to any choice of law or conflict of law rules of the State of Colorado or of any other jurisdiction. Depositions shall be limited to a maximum of three per party and shall be held within twenty days of the making of a request. Additional depositions may be scheduled only with the permission of the arbitrators, and for good cause shown. Each deposition shall be limited to a maximum of seven hours duration. Time is of the essence for any arbitration under this agreement and arbitration hearings shall take place within ninety (90) days of filing and awards rendered within one hundred twenty (120) days. The Arbitrator shall agree to these limits prior to accepting appointment. The arbitrator will have no authority to award punitive or other damages not measured by the prevailing party's actual damages, except as may be required by statute. The prevailing party shall not be entitled to an award of attorney fees. Except as may be required by law, neither a party nor an arbitrator may disclose the existence, content, or results of any arbitration hereunder without the prior written consent of both parties. The parties agree that failure or refusal of a party to pay its required share of the deposits for arbitrator compensation or administrative charges shall constitute a waiver by that party to present evidence or cross-examine witness. In such event, the other party shall be required to present evidence and legal argument as the arbitrator may require for the making of an award. Such waiver shall not allow for a default judgment against the non-paying party in the absence of evidence presented as provided for above.


20. Content Uploader Terms of Use.

 

We respect the intellectual property rights of third parties and respond to allegations that copyrighted material has been shared through our site (“Platform”), without authorization from the copyright holder, in accordance with the safe harbor set forth in the Digital Millennium Copyright Act (“DMCA”). We will also, in appropriate circumstances and at our discretion, disable and/or terminate the use of the Platform by users who may infringe or repeatedly infringe the copyrights of others in accordance with the DMCA.


A. Notification of Alleged Copyright Infringement

 

If you believe that your work has been copied and made available in a way that constitutes copyright infringement, you may send a written document to CustomerServiceRep@shaneco.com that contains the following (a “Copyright Notice”):

 

 

  • A description of the copyrighted work that you claim has been infringed;
  •  

  • Identification of the URL or other specific location that contains the material that you claim infringes your copyright described in Item 1 above. You must provide us with reasonably sufficient information to locate the allegedly infringing material;
  •  

  • An electronic or physical signature of the owner of the copyright or of the person authorized to act on behalf of the owner of the copyright;
  •  

  • A statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or applicable law;
  •  

  • A statement by you that the information contained in your Notice is accurate and that you attest under the penalty of perjury that you are the copyright owner or that you are authorized to act on the owner's behalf; and
  •  

  • Your name, mailing address, telephone number, and email address.

 

Please note that you may be liable for damages, including court costs and attorneys’ fees, if you misrepresent that content uploaded by another Platform user is infringing your copyright.

 

Upon receiving a proper Copyright Notice, we will remove or disable access to the allegedly infringing material and notify the alleged infringer of your claim. We will also advise the alleged infringer of the DMCA Counter Notice Procedure described below in Section B by which the alleged infringer may respond to your claim and request that we restore this material.

 

B. Counter Notice Procedure

 

If you believe your own copyrighted material has been removed from the Platform in error, you may submit a written Counter Notice to CustomerServiceRep@shaneco.com that includes the following:

 

  • Identification of the material that has been removed or disabled and the location at which the material appeared before it was removed or disabled;
  • A statement that you consent to the jurisdiction of the Federal District Court of Colorado;
  • A statement that you will accept service of process from the party that filed the Notice or the party's agent;
  • Your name, address and telephone number;
  • A statement under penalty of perjury that you have a good faith belief that the material in question was removed or disabled as a result of mistake or misidentification of the material to be removed or disabled; and
  • Your physical or electronic signature.

 

If you send a valid, written Counter Notice meeting the requirements described above, we will restore your removed or disabled material within 10 to 14 business days from the date we receive your Counter Notification, unless we first receive notice from the party filing the original Notice informing us that such party has filed a court action to restrain you from engaging in infringing activity related to the material in question.

 

Please note that if you misrepresent that the disabled or removed content was removed by mistake or misidentification, you may be liable for damages, including costs and attorneys’ fees.

 

C. Repeat Infringer Policy

 

In accordance with the DMCA and other applicable laws, we will, at our discretion, disable and/or terminate access to the Platform by users who may infringe or repeatedly infringe the copyrights of others. This determination will be based on the number of “strikes” against the user. A “strike” is counted against a user each time there is an adjudication by a court, arbitrator or other tribunal of competent jurisdiction that the user has engaged in copyright infringement of any kind in relation to the Platform.

 

In accordance with the DMCA and other applicable laws, we will, at our discretion, disable and/or terminate access to the Platform by users who may infringe or repeatedly infringe the copyrights of others. This determination will be based on the number of “strikes” against the user. A “strike” is counted against a user each time there is an adjudication by a court, arbitrator or other tribunal of competent jurisdiction that the user has engaged in copyright infringement of any kind in relation to the Platform.

 

Each adjudication counts as a separate strike. If an adjudication pertains to multiple instances of copyright infringement, it can count as multiple strikes. We have adopted a “three strikes and you’re out” policy under which a user who accumulates three strikes is considered a repeat infringer and may be subject to account termination.

 

D. Representations and Warranties

 

You represent and warrant that any content you upload to the Platform does not violate the rights of any third party, including, without limitation, the intellectual property, privacy or publicity rights of any third party, and constitutes an original work of authorship by you.

 

E. User Content Restrictions

 

You may not upload, post, or transmit any images, video, text, audio, or other content or materials (collectively, “User Content”) that: (a) would violate or infringe our proprietary, privacy, publicity, or intellectual property rights, or those of any third party; (b) is obscene, defamatory, threatening, harassing, abusive, libelous, hateful, or harmful to any other person or entity; (c) violates any applicable law, statute, ordinance, or regulation; (d) puts in jeopardy the security of your account, us, the Platform, or any third party; or (e) promotes or displays any of the following content: (i) pornography; (ii) violence; (iii) racial intolerance or advocacy against any individual, group, or organization; (iv) profanity; or (v) illicit drugs and drug paraphernalia. We reserve the right, but have no obligation, to pre-screen, review, flag, filter, modify, refuse, and remove any and all User Content from this Site. You understand and expressly acknowledge that by using the Platform you may be exposed to content that you find offensive, indecent, or objectionable and that we will not be liable to you or any other person or entity for your consumption of any content on the Platform.

21. Changes to this Notice and the above Terms of Use.

 

We may make changes to this Notice at any time by giving a notice on the website and/or by other applicable means. The Customers are highly recommended to review the Notice on our website every now and then.

 

If the Customer objects to any of the changes to this Notice, the Customer should cease using the services, where applicable, and Customer can request that we remove the personal data, unless applicable laws require us to retain such personal data. Unless stated otherwise, the then-current Notice applies to all personal data we process at the time.

 

This updated Notice has been published on February 12, 2024, version 3.0, pursuant to the following version history:

Version Number

Change Description

Date

1.0    

Document created

May 28, 2021

2.0

Notice updated

December 22, 2023

3.0

Added EU/UK Representative

February 12, 2024

4.0

Added New Jersey Data Privacy Law

February 15, 2024