Policy last modified: April 1, 2020
ShedWool Inc., (“ShedWool”) is a North American based organization that provides a cloud-based solution for organizations across the globe to increase efficiencies. This is done through our mobile and web applications to connect employees, enable efficient schedule management, allow for push notifications to approved devices, checking on employee qualifications for positions or jobs, approve time off, etc. Our products and services (“Services”) are available to organizations to voluntarily purchase and use.
By using the Services, you agree to the terms of this Policy and to our collection, processing and sharing of information for the purposes we describe in this Policy. Please read this Policy carefully as it will tell you how we will use your information and how we keep it safe.
Changes to this Policy
We encourage you to check back regularly on this Policy as it may change from time to time if data privacy laws or our business practices change. But when we do, we’ll let you know one way or another. Sometimes, we’ll let you know by revising the date at the top of the Policy that’s available on our website and mobile application. Other times, we may provide you with additional notice (such as adding a statement to our website’s homepage or providing you with an in-app notification). At the top of this Policy, you’ll see a reference to the date that the Policy was last updated.
What information is collected
We will collect THREE types of information.
First type of information: Information that can be used to identify you. This is information that you willingly provide to us.
Information required to create a business account:
- Business name
- Phone number
- Contact information for emergency purposes.
Once a business account is created, you can build a profile that will be available to all authorized users who share your business account, such as:
- Profile photo
- Job title
Other information related to billing such as:
- Billing address
- Credit information
- Name associated with the credit card that will be used but processed by a third party, Stripe.
We encourage you to review their privacy practices on how they will keep your information safe and secured as they are a separate company.
Second type of information: Information that is aggregated and cannot be used to identify you.
Device Data: We collect limited data from your mobile device in order to provide the Service and analyze our performance. Such data includes your operating system type, mobile device model, memory, software/firmware information, the language your system uses and the country and time zone of your device, and/or unique device identifier. Individuals must voluntarily install the mobile application on their device and may provide information associated with their profile and account.
Location-Identifying Data: GPS (global positioning systems) software, geo-filtering and other location-aware technologies locate you, or make assumptions about your location, for purposes such as verifying your location and delivering or restricting content based on your location. We may use GPS or use other location based features on the Services (such as geo-location and geo-fencing) and your location may be tracked.
Aggregate: We may collect non-identifying and statistical information about the use of our Services, such as how many visitors visit a specific page, how long they stay on that page and which links, if any, they click on, system configuration information, and/or other interactions with the Services. This information represents a generic overview of our users, including their collective habits.
Analytics: We use analytic software to gather statistics and usage trends for product and service improvement purposes. The Service may record data from your phone, tablet, or computer such as how frequently you use the Service, what actions you take and performance data.
Other Tracking Technologies: We may supplement information you provide to us with information from other sources, such as information to validate and/or update your address, payment card and/or other demographic information. This information is used to maintain the accuracy of information on our Services and for internal analysis.
Pixel Tags/Web Beacons: We may also use clear gifs, and pixel tags, which are tiny graphic images placed on website pages and/or in our emails that allow us to determine whether you have performed specific actions and are further used to track online movements of our users. Additionally, a point of sale system (POS) may use web beacons for similar purposes.
Third Party Services: To support the Services we provide to you; we may use services hosted by third parties. These services may collect information sent by a browser as part of a web page request, including ‘Internet Protocol’ addresses, browser software, and/or clickstream patterns. If such third party services collect information, they do so anonymously without identifying individual visitors.
Cookies: A “Cookie” is a tiny data file that resides on your computer, mobile phone, or other device and allows us to recognize you as a user when you return to our website using the same device and web browser and enables us to collect information about how you use our Services. We will collect:
- Dates and times of visits
- Pages viewed, and
- Times spent during these visits limited to our site
- Persistent Cookies: Persistent Cookies remain on a visitor’s device for a set period of time specified in the Cookie. They are activated each time that the visitor visits the Services that created that particular Cookie.
- Session Cookies: Session Cookies are temporary and deleted from your computer when you close your web browser. They allow us to link the actions of a user while using the Services.
- Strictly Necessary Cookies: Strictly necessary Cookies are essential to navigate around the Services and to use its features.
- Performance Cookies: Performance Cookies collect anonymous data for statistical purposes on how users use the Services, they don’t contain personal information and are used to improve the user experience.
- Functionality Cookies: Functionality Cookies allow us to operate the Services in accordance with your choices, such as ‘remembering’ you in between visits.
Third type of information: We may collect information about you from other users. Here are a few examples:
- Contact information related to employees or others you share with us
- If another user uploads contact information, we may combine information from that user with other information we have collected about you
How we will use information
We will use your information to:
- improve your user experience;
- run diagnostic information on our Services;
- monitor and analyze trends and usage;
- make sure we are running things efficiently which gives us more time to support our customers;
- improve Services in general and usability;
- support you when you ask for help which can be via phone or live chat;
- provide push notifications to the mobile application;
- provide text messages (after your approval);
- pass on to our partners and vendors for the sole purpose of carrying out our Services for you
We do not collect any more personal information than is necessary to the provide the Services and will only use your personal information for the purposes we specify in this Policy, unless you agree otherwise.
We may also contact you through a newsletter which will describe services and offerings related to our products. If you wish to opt out of those messages, instructions will be within those communications. You can also contact us through the methods we have outlined within this Policy.
Parties with whom we share information with
We do not sell, rent or otherwise disclose personal information collected by our Services to third parties in the ordinary course of business. However, certain third party agents and other third parties performing services for us may have access to the personally identifiable information in order to do their jobs.
Services Provider/Vendors. We will only share your information with third parties that we have selected and have a contractual relationship with. This allows us to tell these third parties what we expect of them to keep your information secured.
- We utilize Amazon Web Services and Stripe as vendors. As those vendors are not a part of ShedWool, you should check their Privacy Policies to learn about how they keep information safe and secured.
- We will also utilize other vendors, only as necessary, that take the same types of measures we take to keep your information safe and secured.
- We will also share information to integrate into payroll, human resource, time keeping systems and point of sale (POS) systems.
With other Users/Collaboration. We may share the following information with other users:
- information about you, such as your name
- information about how you have interacted with our Services
- additional information you have directed us to share
- content and messages you post or send through the Service
Third Parties to Comply with Laws. We will not disclose your information to third parties except as set forth in this Policy and in the following circumstances to:
- investigate and defend ShedWool and its users against any third party claims, allegations or liability;
- investigate, prevent or take action regarding suspected or actual illegal activities;
- assist government enforcement agencies, respond to a legal process and/or comply with laws;
- exercise or protect the rights, property and/or personal safety of the users of the Services;
- protect the security and/or integrity of the Service.
Business Transfer. If we sell or otherwise transfer part or all of our assets to another organization (e.g., in the course of a transaction such as a merger, acquisition, bankruptcy, dissolution, liquidation, etc.), your information collected through the Services may be among the items sold and/or transferred.
Minors and Children
As our Services are geared toward companies wanting to improve efficiencies, we do not knowingly collect information from children under the age of thirteen (13).
If we learn that we have collected personal information from a child under age thirteen (13), we will delete such information as quickly as possible. If you believe that a child under the age of thirteen (13) may have provided us personal information, please contact us at [email protected]
By using the Services, you represent that you are at least eighteen (18) years old and understand that you must be at least eighteen (18) years old in order to create an account and/or purchase/use our Services.
As we value your privacy, we take commercially reasonable steps to protect your information. We use encryption techniques such as Transport Layer Security (TLS) both at rest and in transit. We also utilize techniques and practices from our trusted vendors such as Amazon Web Services. As an example, all data flowing through Amazon Web Services is automatically encrypted at the physical layer before it leaves their facilities. Another example is when a password is changed within a database. Although we don’t have access to the actual password, we will check to ensure it matches the encrypted password. We also provide different levels of administrative access. This controls the access that individuals have.
A company that uses our products will have an account administrator (“Customer Administrator”). Companies can determine if they want more than one. Additionally, there are other administrator accounts that can control things like modifying schedules but won’t have the same level of access or control as a Customer Administrator.
These examples are, of course, not a complete list of all the technical safeguards we take to protect your information. We also have internal policies and procedures to ensure that our staff are handling your information in a secured manner.
You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to emails you send to us. Please limit your access to your computer and/or mobile device and/or browser by signing off after you have finished accessing your account.
Although we value data privacy, we are not responsible for the functionality, privacy and/or security measures of any other organization.
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for. This includes satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider:
- the amount, nature, and sensitivity of the personal data
- the potential risk of harm from unauthorized use and/or disclosure of your personal data
- the purposes for which we process your personal data, and
- whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. We may retain information (including, without limitation, your personally identifiable information) for a commercially reasonable time for backup, archival, audit purposes, and/or to comply with legal obligations, resolve disputes and enforce agreements. In some cases, if you choose not to provide us with requested information, you may not be able to use and/or access all of the Services. You can request further details of retention periods for different aspects of your personal data by contacting us. If and when retention period(s) expire(s), then we will destroy your information in compliance with the Illinois Personal Information Protection Act, 815 ILCS 530/40 or other applicable laws.
Transfers of information
Our platform is hosted in North America. It is important for you to know that in an era of cloud computing, your information could be in places other than where it was collected. Regardless of the location your information is stored, we take steps to ensure it is kept safe and secured. This includes carefully selecting our partners and vendors and binding them through contract terms.
If you have specific requirements for keeping information in a certain geographical location, we can make those arrangements, but we ask that you make those arrangements in advance. We can take steps to segregate databases and source.
Publicly Accessible Parts of our Service
Our Service offers publicly accessible forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our forums, please contact us using the contact information below. We display personal testimonials of satisfied customers on our Service in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us using the contact information below.
How to contact us
If you have any questions, comments or complaints related to our Privacy Practices, we can be reached either by physical mail or e-mail address below. It is our hope that you will work with us to address your matter.
509 N. Wells Street, Unit 3
Chicago, IL 60654
What information we collect
Our e-mail address
Your California Privacy Rights (if applicable):
Under California Consumer Privacy Act (“CCPA”), California residents are entitled to receive the right to access and obtain a copy of your personal information. You may write us and ask for records of any and all personal information. The CCPA requires businesses to disclose:
(1) the categories of personal information the business collected about Individuals,
(2) the categories of sources from which personal information is collected,
(3) the business or commercial purpose for collecting or selling personal information,
(4) the categories of third parties with whom the business shares personal information, and
(5) the specific pieces of personal information the business has collected about the Individual.
To obtain such information from us, please email your request to [email protected] and we will provide a list of categories of personal information disclosed within thirty (30) days of receiving such a request. This request may be made no more than once per calendar year. We reserve the right not to respond to requests submitted in ways other than those specified above. The following exceptions may prevail with respect to fulfillment of data access requests: (a) We may not provide personal data to an Individual, if management determines that we cannot identify the Individual in our systems because the data we have has been de-identified to the extent that identification is not possible; and/or (b) We may not provide personal data to an Individual, if the Individual is involved in a civil or criminal proceeding with us.