Stepan Company Website Privacy Statement

Introduction

Thank you for visiting the Stepan Company (“Company”, “we”, “our”, “us”) website. The following Privacy Statement (“Privacy Statement”) outlines the types of information we collect from you (“you”, “user”) or that you may provide when you access or use www.stepan.com (including any sites available through stepan.com, such as http://alkoxylates.stepan.com/, collectively, the “Website”) and our practices for collecting, storing, using, sharing and disposing of that information, as well as advises you of ways in which you may be able to  exercise additional rights. We use your personal data as disclosed in this Privacy Statement for legitimate interests of operating our business, providing you goods and services, and communicating with you per your requests, and for other lawful purposes such as processing your personal data as directed by you.

Please read this Privacy Statement carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, do not use our Website. By accessing or using the Website, you agree to this Privacy Statement and the terms and conditions set forth on the General Terms of Use (the “Terms”) page, which can also be accessed via the link displayed at the bottom of the Website.

In the case of conflicts in translation with any other language, the English version of the Privacy Statement and Terms will prevail.

EU-U.S. Privacy Framework Statement

Stepan acknowledges that it is subject to the investigatory and enforcement powers of the Federal Trade Commission, participates in the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), which provides a framework for the transfer of information from the European Union to the United States.

Stepan complies with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Stepan has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the UK Extension, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Goods and Services: What We Offer

The Website provides information about our products, markets and our Company. It allows users to contact us, connect on social media, request product samples and literature, view product information, locate sales offices and apply to work for the Company. It does not allow you to purchase products or services offered by the Company, except for samples.

The Company and its servers are located in the United States; therefore, if you access the Website from outside of the United States, please be advised that your information will be “processed” in the United States. By using our Website and any other online platforms within our Website, or requesting services from us you are consenting to having your personal data processed in the United States.

Personal Data: What We Collect

We collect several types of personal data from and about users of the Website, both:

  • Directly from you when you provide it to us; and
  • Automatically as you navigate through the Website.

The personal data we collect on or through the Website may include:

  • Personal data that you provide at the time of registering to use the Website, or when contacting us through the Website, including (collectively, “Contact Information”):
    • first and last name;
    • e-mail address;
    • phone number;
    • title;
    • company name;
    • authentication information (username and password);
    • your location (address and/or country, and where applicable, overnight carrier tracking numbers); and
    • shipping account numbers
  • E-mail correspondence with us.
  • Your responses to surveys that we might ask you to complete.
  • Your search queries on the Website.

As you navigate the Website, we may use automatic data collection technologies to collect details of your visits to the Website, including:

  • Last visit date
  • IP address
  • Accessed PDFs and other files
  • Website searches
  • Website pages and media viewed
  • Emails opened
  • Links clicked
  • Date and time of log in and log out

For more information regarding our Website cookies please see our Cookie Policy.

Purposes: Why We Need Your Personal Data

We use your information in order to:

  • Provide you with access to the Website and its contents,
  • Communicate with you, respond to your inquiry or fulfill your request,
  • Allow you to participate in any interactive features on the Website,
  • Properly manage your account,
  • Understand your interactions with the Company, whether through the Website, other websites or offline,
  • Send you communications about products or services that may be of interest to you, based on subscription selections (You may unsubscribe from these communications, but we will still send you communications regarding transactions, your account, or other administrative messages as needed.),
  • Process payments,
  • To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business,
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations, and
  • As described to you when collecting your information or as otherwise permitted under applicable law.

We collect other data about your activity on the Website, such as pages and media viewed, login data, and your Website searches to improve the Website and our products and services. We may combine Website data with other data we receive from or about you, such as your attendance at trade shows or your social media engagement with the Company. We use this information for internal business purposes and may share this information with trusted third parties to respond to your requests or provide you with additional information or content.

We will not collect additional personal data or use personal data we have collected for materially different, unrelated, or incompatible purposes without providing you notice.

Marketing Purposes

We may use your personal data to contact you for the purpose of marketing Company products or services. You will always have the opportunity to opt out of further marketing communications by following the link provided in any such communication or responding with a request to the Company to unsubscribe from future marketing communications. Please note that the Company retains your personal data, even if you opt out of further marketing communications, for the Company’s internal business purposes (processing transactions, administrative messages regarding your account), including any future marketing communications you may request.

Processing: What We Do with Your Personal Data

We may disclose aggregated (non-personally identifiable) information about our users as we determine is necessary for our business purposes.

We may share personal data with trusted third parties in the United States and brand agencies for purposes of assisting us with our marketing. Any sharing of personal data with third parties is subject to a written agreement and strictly for the purposes of maintaining and operating the Website and assisting the Company’s marketing efforts.

While unlikely, we may disclose or transfer your personal data to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data collected by the Website is among the assets transferred. In such an event, we will provide you notice of any such transition and update this Privacy Statement accordingly.

We may otherwise disclose your personal data only:

  • With your informed consent
  • For the purposes disclosed to you in this Privacy Statement or the Website
  • To comply with the law, enforce the Terms, or if disclosure is otherwise necessary or appropriate to protect the rights, property, or safety of the Company, its subsidiaries, affiliates, customers, or others

Do Not Track Disclosure

Certain cookies on the Website may track personal data across third party systems or sites; however, the Website is not configured to alter its behavior based on the receipt of Do Not Track headers if a user’s web browser is configured to send such headers.

 

Cookies

The Website uses cookies in accordance with its Cookie Policy.

Opt-Out Rights

During the Website registration process, you are given the option to decline receiving correspondence as a result of your Website registration. You can update this flag using the Email Preferences page. If your email doesn't automatically populate in the Email Preferences page, this indicates that you have not signed up for marketing emails and do not need to take further action to remove yourself from email communications. However, if you believe we have collected your information elsewhere on the site (e.g. you've ordered a sample in the past or previously applied for a job), please contact us at dataprivacy@stepan.com to remove your information.

We will not distribute your personal data to third parties for the purposes of marketing third party products to you without obtaining your consent in advance.

Data Security

Processing of personal data happens in strict accordance with our Company’s data governance program. We have put in place commercially reasonable and appropriate administrative, technical and physical procedures to safeguard the information that you provide or that is collected by the Website against unauthorized use, disclosure or destruction. If you access other websites through the Website, you should review the applicable terms and privacy and data security policies of those websites before you access them.

You are responsible for maintaining the confidentiality of your Website account and password and for restricting access to your computer. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to the Website. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

Retention: How Long We Keep Your Personal Data

As a general rule, we keep your personal data for only as long as it is needed to complete the purpose for which it was collected or as required by law. We retain your personal data as required to process it in accordance with the purposes described in this Privacy Statement, including the Company’s ongoing internal business purposes, which include being able to measure and analyze sample order related metrics and trends over time, prepopulate fields on the Website with your account information and track historical sample orders and shipments, and the marketing purposes described above.

Children

The Website is not for use by children (anyone under the age of 18), and we do not knowingly collect personal data from children. If a child sends information to us, and this information can be identified as originating from a child, the information we will be deleted. We cannot always determine which information originates with a user that is a child. We take commercially reasonable steps to ensure that any requests for samples are not shipped to children. If you believe we might have any information from or about a child under the age of 18, please contact us at dataprivacy@stepan.com.

This U.S State Privacy Notice applies to “Consumers” as defined under U.S Privacy laws, specifically the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively the “CCPA”), and any other applicable U.S privacy laws as each are amended and as and when they become effective, and including any regulations thereunder (collectively, the “US Privacy Laws”). This Privacy Statement does not apply to workforce-related personal data collected from California-based employees, job applicants, contractors, or similar individuals, see our Workforce Privacy Statement for more information.  This U.S. State Privacy Notice is designed to provide you with notice of our recent personal data practices over the prior 12 months from the “Last Updated” date of this Privacy Statement. This U.S State Privacy Notice also applies to our current data practices such that it is also meant to provide you with “notice at collection”.

For any new or substantially different processing activities that are not described in this U.S. State Privacy Notice, we will notify you as required by the applicable U.S. Privacy Laws, by updating this U.S. State Privacy Notice.

Generally, we collect, retain, use and disclose your personal data for business purposes. We make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal data confidential, prohibit selling or sharing the personal data, and prohibit using the disclosed personal data for any purpose except for performing the contract. In the event our Website or any of our services require or permit you to interface with one of our service providers, you may be subject to that service provider’s terms of use and privacy policy and should review their terms prior to any disclosure.

We do not sell personal data for monetary consideration, however, we may share personal data with third parties in a way that may be considered a sale of personal data under applicable U.S. Privacy Laws. These sales are subject to your right to opt-out.

In the preceding 12 months, we have disclosed personal data for the following business purposes. The table below describes the categories of personal data in the left column, examples of data types within the applicable categories in the middle column and the right column states the categories of recipients that receive such personal data as part of disclosures business purposes, as well as disclosures which may be considered a sale under certain U.S. Privacy Laws.

Category of Personal Data

Examples of Personal Data types within the category

Categories of recipients

Identifiers and Contact Information

Contact information, Unique IDs & Account Details, Financial Account Information, Government-issued IDs

·       Software and other business vendors,

·       Marketing Vendors,

·       Affiliates and related entities.

Personal Records

Contact information, Unique IDs & Account Details, Financial Account Information, Government-issued IDs

·       Business Vendors,

·       Marketing Vendors,

·       Affiliates and related entities.

Customer Account Details/Commercial Information

General demographics & Psychographics, Transaction and Commercial Information, Online and Technical Information

·       Business Vendors,

·       Marketing Vendors,

·       Affiliates and related entities.

Internet Usage Information

Transaction and Commercial Information, Online and Technical Information

·       Business Vendors,

·       Marketing Vendors,

·       Affiliates and related entities.

Location Data

Imprecise Location Data

·       Business Vendors,

·       Marketing Vendors,

·       Affiliates and related entities.

Professional or employment related information

General Demographics & Psychographics, Contact information, Government-issued IDs.

·       Business Vendors,

·       Marketing Vendors,

·       Affiliates and related entities.

Inferences drawn from other personal data received.

General Demographics & Psychographics, Inferred Information,

·       Business Vendors,

·       Marketing Vendors,

·       Affiliates and related entities.

 

Under certain U.S. Privacy Laws, you have specific rights regarding your personal data. Other jurisdictions, or countries (see EU and other Country Privacy Notices) may also provide similar rights. This section describes U.S. Privacy Law rights you may have and how to exercise those rights. For any of the following rights, we will first verify your identity prior to providing any personal data.

·       Right to Know and Data Portability: You have the right to request that we disclose certain information to you about our collection and use of your personal data over the past 12 months, which includes:

o   The categories of personal data we collect about you.

o   The categories of sources from which we collected personal data.

o   Our business or commercial purpose for collecting or selling (when applicable) that personal data.

o   The categories of third parties with whom we share personal data.

o   The categories of personal data about you that we disclosed for a business purpose, and the categories of service providers to whom disclosed that information for a business purpose.

Additionally, you may request that we provide the specific pieces of personal data we collect about you in a portable format.

·       Right to Delete:  You have the right to request that we delete any of your personal data that we have collected from you and retained, subject to certain exceptions. We may deny your deletion request if retaining the personal data is necessary for us or our service providers to:

o   Complete the transaction for which we collected the personal data, provide the services you have requested, or take actions reasonably anticipated within the context of our ongoing business relationship.

o   Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

o   Enable (internal only) uses that are reasonably aligned with consumer expectations based on your relationship with us.

o   Comply with a legal obligation.

o   Other internal and lawful uses of that information that are compatible with the context in which you provided it.

·       Right to Correct: You have the right to request correction of any inaccurate personal data we hold about you.

·       Right to opt-out of a sale: You have the right to opt-out of our sale or our use of personal data for targeted advertising purposes.

·       Right to receive notice:  You have the right to receive notice of our practices at or before collection of personal data and you have a right not to receive discriminatory treatment for exercising any of your rights described under this section. We will not discriminate against you based on your exercise of any of your rights.

If you are in a jurisdiction that recognizes the ability to use an authorized agent and wish to contact us through an authorized agent, the authorized agent can submit a request on your behalf to dataprivacy@stepan.com along with the authorized agent form found here.

If you are in a jurisdiction that recognizes your ability to appeal a decision we have made in connection with your attempt to assert a right under applicable U.S. State Privacy Laws, you may file an appeal of our decision refusing your request to exercise your rights under this Privacy Statement. Requests to change our policies or practices are not grounds for an appeal. You may request an appeal of such decision by contacting us at dataprivacy@stepan.com, please provide the state that you are writing from, accompanied with documentation that you may have regarding the matter you are appealing.  

If you are a Website visitor or user in the European Union, Canada, Brazil, or China, you are afforded additional rights under the law. You can exercise any of the following rights by directly making changes in your account or notifying us as described below. We cannot delete your personal data except by also deleting your user account, which will require you to re-register should you choose to access information on our Website requiring an account in the future. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

  • Access.   You can access and verify what personal data the Website has collected and currently contains by logging into your account and visiting your account profile page.
  • Correction or Rectification.   If any of your personal data is incorrect, you may change or request that your personal data be corrected by submitting a request as described below. Where applicable, we will ensure such changes are shared with any trusted third parties.
  • Restrict Processing.   When applicable, you may restrict the processing of your personal data through the Website by submitting a request via email as described below. When such restrictions are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Statement, to include withdrawing your consent (resulting in deleting your account and any associated personal data). Where applicable, we will ensure such changes are shared with any trusted third parties.
  • Object to Processing.   When applicable, you have the right to object to the processing of your personal data by submitting a request via email as described below. When such objections are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Statement, to include withdrawing your consent (resulting in deleting your account and any associated personal data). Where applicable, we will ensure such changes are shared with any trusted third parties.
  • Portability.   Upon request, and when possible, we can provide you copies of your personal data. When such a request cannot be honored, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Statement, which include withdrawing your consent (resulting in deleting your account and any associated personal data). Where applicable, we will ensure such changes are shared with any trusted third parties.
  • Withdraw Consent.   At any time, you may withdraw your consent to our processing of your personal data by notifying us at dataprivacy@stepan.com. Using the same email address associated with your account, simply type the words “WITHDRAW CONSENT” in the subject line of an email and send it to the email address below. Upon receipt of such a withdrawal of consent, we will confirm receipt, proceed to stop processing your personal data and erase your data (and delete your account and any associated personal data) in accordance with this Privacy Statement. Where applicable, we will ensure such changes are shared with any trusted third parties.
  • Erasure.   If you should wish to cease use of your account and have your personal data deleted from the Website, please notify us at dataprivacy@stepan.com.  We will confirm receipt and erase your personal data (and delete your account and any associated personal data). Where applicable, we will ensure such changes are shared with any trusted third parties.

Transfers to Third Parties.  We may transfer personal data to certain third-party agents and/or service providers, with whom we have entered into written agreements requiring their compliance with the DPF Principles and at least the same level of privacy protections, to perform services on our behalf. Furthermore, we take reasonable and appropriate steps to ensure that the third party is effectively processing your personal data consistent with our obligations under the DPF Principles.  

 

We may also transfer personal data to our affiliated entities for administrative purposes (i.e accounting or financial reporting) after ensuring that they apply the same level of protection as the DPF Principles and have implemented appropriate technical and organizational measures.

 

We remain liable under the Data Privacy Framework if a third party to whom we disclose personal data processes such data in a manner inconsistent with the DPF Principles and/or applicable law, unless we prove that we are not responsible for the event giving rise to the damage.

 

Submit complaints or questions.   If you wish to raise a complaint on how we have handled your personal data, you can contact us as described below. If you reside in an E.U. member state, you may also lodge a complaint with the supervisory authority in your country.

The Company is a controller or processor of the following personal data you provide to the Company:

Information Collected

Purpose Collected

Consent Provided

Name, email, phone number, address

For the completion of your transaction/processing your orders

Explicit Consumer consent.

Anonymized Website usage information

For reviewing Website analytics

Informed consent.

 

In compliance with the EU-US Data Privacy Framework Principles (“DPF Principles”), Stepan commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles.  European Union and United Kingdom individuals with DPF inquiries or complaints should first contact us at dataprivacy@stepan.com

Unresolved privacy complaints arising under DPF Principles may be heard by an independent dispute resolution mechanism.  Stepan participates in the JAMS Data Privacy Dispute Resolution process.  For more information on the JAMS DPF Resolution process, please visit https://www.jamsadr.com/DPF-Dispute-Resolution or to file a JAMS DPF Dispute Resolution Claim, please visit https://www.jamsadr.com/file-a-dpf-claim. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.

Will this Privacy Statement Change?

This Privacy Statement may change from time to time. Your continued use of the Website after we make changes is deemed to be acceptance of those changes, so please check this Privacy Statement periodically for updates. It is our policy to post any changes we make to this Privacy Statement on this page with a notice on the Website home page that the Privacy Statement has been updated. If we make material changes to how we treat users’ personal data, we will notify you by e-mail to the e-mail address specified in your account and/or through a notice on the Website home page. You are responsible for ensuring we have an up-to-date active and deliverable e-mail address for you, and for periodically visiting the Website and this Privacy Statement to check for any changes.

How Can I Get Help?

To ask questions or comment about this Privacy Statement and our privacy practices, contact us at:

dataprivacy@stepan.com
Stepan Company
22 West Frontage Road
Northfield, Illinois, USA 60093