The Sherwin-Williams Company Privacy Policy

Last Updated: July 1, 2023

To view our California Privacy Notice, please click here.

Sherwin-Williams recognizes that when you choose to provide us with information about yourself, you trust us to treat it responsibly.

Information Covered by this Privacy Policy

This Privacy Policy explains the types of information that Sherwin-Williams and its affiliated companies collect about you; how we use, share, and protect this information; and the choices you can make about how we use and share this information. This Privacy Policy governs information collected by Sherwin-Williams or its Affiliates (as hereinafter defined), by any means, including, but not limited to, websites, mobile applications, and other online services that refer or link to this Privacy Policy, as well as information collected by other business functions of Sherwin-Williams, such as through our customer loyalty programs or when you speak with a customer service representative (collectively, the “Services”).

It is important that you read this Privacy Policy carefully because anytime you use our Services you consent to the practices we describe in this Privacy Policy. Key jurisdiction-specific information about our privacy practices is available in our policy here.  In the event of any inconsistencies between the English-language version of this Privacy Policy and any local language version that we make available, the English-language version will prevail.

As permissible by law, Sherwin-Williams reserves the right to make changes to this Privacy Policy. If changes are made, updates will be reflected by the Last Updated date at the top of this Privacy Policy. These changes will take effect immediately upon posting. By continuing to use the Services following such changes, you will be deemed to have agreed to such changes.

Our Services may link to third-party websites and services that are outside our control. In addition, we may have relationships with non-Sherwin-Williams entities that distribute Sherwin-Williams products. We are not responsible for the security or privacy of any information collected by such third parties. You should exercise caution, and review the privacy statements applicable to such third parties.

Information We Collect

We may collect information about you in a variety of ways:

  • You may provide us with information directly.
  • We may collect information about you when you use our Services, make purchases, or view our online advertisements.
  • We may collect additional information about you in accordance with applicable law.

The manner of our collection, the type of information collected, and the processing of such information may vary by jurisdiction to accommodate local legal requirements.

Information you provide us directly

We collect information directly from you when you choose to register for our Services (for example, when you register for one of our loyalty programs), make a purchase, sign up to enter a promotion, submit your zip code to learn more about stores near you, or otherwise provide information directly to us. The following are examples of information you may provide us directly:

  • Name.
  • E-mail address, physical address and/or zip code, and phone number.
  • Username or password.
  • Age or birthdate, gender, occupation, organization name, job title and other demographic information.
  • Credit card, billing address or other payment information.
  • Other information about you, your family or others (such as product interests and where you typically shop for paint and coatings products).
  • Purchase history or coupon history.
  • Other information provided when you contact us for customer support purposes.

You can choose not to provide us with certain types of information but doing so may affect your ability to use some of the Services.

Information we collect when you use our Services or view our online advertisements

We collect information about your computer or device and your online activity, including using standard Internet technologies, such as cookies, pixels, web beacons, software development kits, local stored objects, and other similar technologies. The following are examples of the types of information that we collect, track, analyze, and use:

  • Your browser type, operating system and your push notification token.
  • IP address and/or device ID.
  • Your browsing behavior on our Services, such as when and how you visit our websites or other Services, the amount of time spent viewing our online Services, the buttons and links you click, videos you watch, and where you scroll within our online Services, the search terms that you enter into our website, and the form submissions, purchases and transactions you make through the Services.
  • Websites you visit before or after our websites, including but not limited to, any websites or advertisements that referred you to our websites or Services.
  • Sherwin-Williams e-mails you open and/or forward.
  • Sherwin-Williams offers or links you connect to via e-mails.
  • Depending on your device settings, location information, such as your mobile device’s GPS signal or information about nearby Wi-Fi access points and cell towers
  • Marketing identifiers, device identifiers, or other similar unique identifiers.
  • Text or other messages sent or shared through chat or chatbot services.

Additional information we may collect about you

We may receive information about you from publicly and commercially available sources in accordance with applicable law. In addition, we collect other information you allow a third party to provide to us. For example, if you choose to access or use social networking services, we may receive and store information that you share with us through those services.

All the information we collect about you may be combined to help us enhance and improve our products and services and tailor our communications to you.

Use of Information

We use the information we collect about you:

  • To provide you with services, products, or other materials you request (for example, completing a purchase, completing your registration for a loyalty program and sending you product samples).
  • To communicate with or advertise to you, including about our products, services, policies, and promotions.
  • To customize your experience with our Services, including by providing you with relevant advertising on our Services and elsewhere, such as on other websites and social media services and networks.
  • To manage and improve your shopping experiences and our products, Services and offerings, including analyzing the use of our products and services, and determining the effectiveness of our advertising.
  • To protect the security and integrity of our Services, as well as address information security and/or privacy issues, debug and detect security incidents or abnormalities, fulfill, respond to, and document privacy rights requests, network functioning, and troubleshooting.
  • To enforce our legal rights.
  • To conduct internal analyses, such as surveys, studies, market research, monitoring or analyzing trends, usage and activities.
  • To comply with Sherwin-Williams' policies, industry standards and applicable laws, regulations or legal processes.
  • Otherwise with your consent.

Please see Your Choices & Rights in Your Information below for information about the choices you may have in relation to our use of your information.

Sharing of Information

Sherwin-Williams may disclose your information in the following circumstances:

  • Affiliates. We share information within Sherwin-Williams among our various businesses and companies with which we share common control (together, our “Affiliates”), including, for example, to provide you with our product and service improvements.
  • Service Providers. We rely on third-party service providers to perform a variety of contractual services on our behalf. To do so, we may need to share your information with them. For example, we may rely on service providers to fulfill our product and service requests, process your credit card and other payments, answer your questions, send e-mails on our behalf, and analyze data to improve our products and services.
  • Other Parties When Required by Law or as Necessary to Protect Our Services. There may be instances when we disclose your information to other parties:
    • To comply with the law or respond to legal process or a request for cooperation by a government entity.
    • To prevent fraud or verify and enforce compliance with the policies governing our Services.
    • Where permitted by law, to protect the rights, property, or safety of Sherwin-Williams, or any of our respective affiliates, business partners, customers or employees.
    • To comply with corporate governance functions such as audits.
  • Other Parties In Connection With A Corporate Transaction. We may disclose your information to a third party in the event we sell or transfer all or a portion of a business or our assets to a third party, such as in connection with a merger or in the event of a bankruptcy reorganization or liquidation.
  • Other Parties With Your Consent At Your Direction. In addition to the disclosures described in this Privacy Policy, we may share information about you with third parties when you consent to or request such sharing.
  • Aggregated and Non-Personal Information.  We also may share data in a manner that does not identify you (for example, information that has been aggregated with other records) for general business purposes.  For example, we may disclose the number of visitors to our websites or other Services.

Cookies, Pixels, and Other Internet Technologies

We, as well as certain third parties, including those that provide content and other functionality on our Services, may use cookies, pixels (i.e., through a Meta/Facebook pixel), web beacons and other similar technologies on our online Services (referred to collectively as “Cookies”) and the information collected from such technologies. We also share information about your use of our websites with third parties, including our social media, advertising, and analytics partners. For more information on the information we collect through the use of Cookies, and how we use the information we collect, please see the Information We Collect and Use of Information sections of this Privacy Policy. For more information regarding third-party use of cookies, pixels, web beacons, and other similar technologies on our websites, please see the Third Parties That Provide Content or Functionality on Our Services section of this Privacy Policy. By using our online Services, you are consenting to our use of tracking technologies as described in this Privacy Policy.

Cookies

A cookie is a small file that may be stored on your computer or other device. A cookie enables the entity that put the cookie on your device to recognize it across different websites and services.

When you use a web browser to access the Services, you may configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Click the “Help” menu of your browser to learn more about how to change your cookie preferences. The operating system of your device may contain additional controls for cookies. Please note that disabling cookies may affect your ability to access and use certain features of the Services. 

Do-Not-Track Signals and Similar Mechanisms

Some web browsers may transmit “do-not-track” signals to the websites and other online services with which a user communicates. There is no industry standard that governs what, if anything, websites should do when they receive these signals. Sherwin-Williams currently does not take action in response to these signals. If and when a standard is established and accepted, Sherwin-Williams may revisit its policy on responding to these signals. If you are a U.S. user, click here for information about Do-Not-Track signals and similar mechanisms.

Tracking Pixels and Web Beacons

Pixels, web beacons, and similar technologies are small bits of code, which are embedded in web pages, ads, and e-mail, that communicate with third parties. We may use pixels, for example, to count the number of users who have visited a particular web page, to deliver or communicate with cookies, and to understand usage patterns. We also may include pixels in e-mails to understand whether messages have been opened, acted on, or forwarded.

Other Technologies

There are a variety of tracking technologies that may be included in mobile applications that are not browser-based like cookies and cannot be controlled by browser settings. Some use “SDKs” to associate app user activity to a particular app and to track user activity across apps and/or devices. SDKs are blocks of code that may be installed in our mobile application by third party companies with which we work. SDKs help us understand how you interact with our mobile application and collect certain information about the device and network you use to access our application, such as the advertising identifier associated with your device and information about how you interact with our application.

How We Use These Technologies

Our online Services use these technologies for the following general purposes:
Type of Cookie What Do They Do Examples
Required Enable our online Service to work correctly. For example, these Cookies remember previous actions (e.g., entered text) when navigating back to a page in the same session and balance website traffic.
Performance Help us measure and understand how visitors interact with the online Services, our content, and any issues encountered to help us improve the performance of the Services. For example, these Cookies gain insight into how visitors use our websites so we can make improvements to usability and content.
Functionality Allow our online Services to remember choices you make (such as your user name, language, or the region you are in) to provide a more personalized online experience. For example, these Cookies may enable you to store your sign-in credentials and preferences so that you don’t have to enter those credentials and preferences each time you log on.
Targeting/Advertising Help us and third parties provide you with relevant content and advertising by collecting information about your use of our Services and other websites and online services. These Cookies may be used to deliver targeted advertising or to limit the number of times you see an advertisement.  They also help us measure the effectiveness of ad campaigns. We may include pixels in e-mails, for example, to understand whether messages have been opened, acted on, or forwarded.

Cookies vary in how long they last. “Session Cookies” terminate shortly after you terminate your internet session. “Persistent Cookies” are stored on your device until a set expiration date. We use both Session Cookies and Persistent Cookies on our websites.

Third Parties That Provide Content or Functionality on Our Services

Some of the content and functionality on our Services is provided by third parties that are not affiliated with us. For example, we enable you to share certain materials on our Services through social networking services, such as Facebook and Twitter. These and other social networking services may automatically collect information from or about your use of our Services when you use our Services while logged into the social networking services. We also offer online chat features that are supported by vendors - when you use these features, you are sharing information you provide in the chat with the vendor as well as with us. Third-party advertisers, including but not limited to session replay vendors and social media services, also may have a presence on some of our Services. These and other third parties collect or receive certain information about your use of our Services, including through the use of Cookies, pixels, and similar technologies, and this information may be collected over time and combined with information collected across different websites and online services.

Some of these companies participate in industry-developed programs designed to provide consumers choices about whether to receive targeted advertising. Please visit the websites operated by the Network Advertising Initiative and Digital Advertising Alliance to learn more. (Canadian users may also visit the website operated by the Digital Advertising Alliance of Canada. Further information in local languages may be available at that site.)

Our Services, including our websites, use analytics technology provided by Google Analytics to understand how users interact with the sites, improve our web experience, and better market our products. You may exercise choices regarding the use of Cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout or downloading the Google Analytics Opt-out Browser Add-on.

International Transfer of Data

Sherwin-Williams and its service providers may collect, transfer, store and process your personal information outside of your country of residence, including to the United States.  Please note that other countries’ data protection and other laws may not be as comprehensive as those in your country.  In accordance with applicable law, we implement measures such as standard data protection clauses to ensure that any transferred personal information remains protected and secure.  You may obtain further information about these measures by contacting us using the Global Privacy Portal.

Collection of Information From Children

We do not knowingly collect personal information online from children as defined by local law.  If we learn that a child has provided us with personal information, we will delete it or otherwise comply with applicable law.

Your Choices & Rights in Your Information

Where permitted by law, we may send you offers or promotions. However, we give you some choices about how we communicate with you.

  • E-Mail: If you no longer wish to continue receiving commercial emails from a particular Sherwin-Williams brand or group, you may follow the instructions contained in any such message. You may also contact us at Global Privacy Portal for information about how to remove yourself from any of our mailing lists.
  • Postal mail:  If you no longer wish to continue receiving commercial postal mailings from a particular Sherwin-Williams brand or group, you may follow the instructions or use the contact information contained in any such message. You may also contact us at Global Privacy Portal to remove yourself from our mailing lists.
  • Text messaging: You have the choice to opt in to receiving text messages and alerts on the mobile phone number(s) you share with us. You do not have to opt-in to text messages and alerts to use and enjoy our Service or products. If you opt-in, standard text messaging charges may apply. If you no longer wish to receive text messages from a particular Sherwin-Williams brand or group, you may opt-out of our text messages and alerts at any time. To directly opt-out, follow the instructions or use the contact information contained in any such message. Please see our Text Message Program Terms and Conditions for more information.

Please note that, despite your opt-out selections, where permitted by applicable laws, we may send you communications regarding transactions or services you have specifically requested or to inform you of important changes to our Services, products or policies. If you have multiple accounts, you may need to opt-out separately for each account in connection with the privacy choices described above.

You may have certain rights as a data subject under local law. For example, local law may afford you the right to access, update, restrict, oppose, erase, port and/or correct inaccuracies in your personal information under our control, subject to certain exceptions prescribed by law. Many of our programs provide you direct access to view, update, correct, and/or delete personal information you provided when you registered online. Please check where you registered to learn what functionality may be available to you in relation to an applicable program.

If functionality is not available where you registered and you would like to exercise your legal rights, please contact us at the Global Privacy Portal. We will respond to requests in accordance with applicable law and subject to legal and contractual restrictions.

Information Security & Retention

We have in place various procedures to safeguard your information, including technical, administrative and physical procedures intended to keep your information secure. However, please note that although we take reasonable steps to protect your information, no website, Internet transmission, computer system or wireless connection is completely secure.

In addition, we take steps to retain information about you only for so long as is necessary for the purpose for which it was collected, as required under contract, or as required by or permissible under applicable law.

How to Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact Sherwin-Williams through our Global Privacy Portal or at the following address:

The Sherwin-Williams Company

Global Privacy Compliance

101 W. Prospect Ave.

Cleveland, OH 44115

Changes to This Privacy Policy in the Future

Privacy laws and guidelines are part of a constantly changing environment. We reserve the right, at our discretion, to change, modify, add, or remove portions of this Privacy Policy at any time. Our Privacy Policy is posted at this link. We recommend that you revisit this Privacy Policy periodically to ensure that you are aware of our current privacy practices, although we may also elect to notify you by e-mail or by posting something on some or all of our Services. Your continued use of our Services following any changes signifies your acceptance of these changes.

Jurisdiction-Specific Disclosures

Residents of the United States

This Notice supplements the other parts of our Privacy Policy, and provides additional information for US consumers (“Consumers”) as well as California residents who interact with us in the course of their work for another company (“B2B Contacts”). This Notice applies to “Personal Information” or “PI” which means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you.

COLLECTION, USE & DISCLOSURE OF PERSONAL INFORMATION

In the past 12 months, we have collected PI about US Consumers and California B2B Contacts, and may have disclosed such PI with our affiliates, service providers, and contractors as described in the table below.

Category of PI

 

Examples of PI Collected

 

Sources of PI

 

Purpose for PI Collection

 

Disclosures to Affiliates, Service Providers and Contractors

 

Identifiers and Customer Records


(This category includes
Personal Information described
in Cal. Civ. Code § 1798.80(e))
Name, postal address, telephone number, signature, online identifier Internet Protocol (IP) address, email address, driver's license number, social security number (SSN collection limited to credit account applications), employment, employment history, bank account number, credit card number, debit card number, or other financial information Directly from you,
public information, Affiliates, service providers,
third parties, automatically when you use our Services
We use this information for the Business Purposes of: auditing related to interactions and transactions; detecting security incidents and protecting against fraud; debugging or repair of systems; short-term transient use (for example, contextual advertising); providing services; internal tech research; and quality and safety control. We also use this information for the Commercial Purposes listed under “Use of Information” above. Marketing service providers (such as ad networks, ISPs, analytics providers), service providers that otherwise help us to run our business, government entities, operating systems and platforms, social networks, collections agencies and financial institutions.
Commercial Information Purchase history, real estate ownership records, consuming histories or tendencies Directly from you, public information, Affiliates, service providers, third parties, automatically when you use our Services We use this information for the Business Purposes of: short-term transient use (for example, contextual advertising); and providing services. We also use this information for the Commercial Purposes listed under “Use of Information” above. Marketing service providers (such as ad networks, ISPs, analytics providers), service providers that otherwise help us to run our business, government entities, operating systems and platforms, collection agencies and financial institutions.
Internet or Other Electronic Network Activity Information Browsing history, search history, information regarding interactions with our websites or advertisements Directly from you, public information, Affiliates, service providers, third parties, automatically when you use our Services We use this information for the same purposes listed above for Identifiers. Marketing service providers (such as ad networks, ISPs, analytics providers), service providers that otherwise help us to run our business.
Geolocation Data Physical location, movements Our mobile applications collect geolocation information when you authorize that collection. We may also infer your geolocation from your IP address. We use this information for the Business Purposes of: short-term transient use (for example, contextual advertising); providing services; and internal tech research. We also use this information for the Commercial Purposes listed under “Use of Information” above. Marketing service providers (such as ad networks, ISPs, analytics providers), service providers that otherwise help us to run our business.
Audio, electronic, Visual, Thermal, Olfactory, or Similar Information Audio recordings of customer service calls, CCTV footage Customer service calls are sometimes recorded, with customers notified at the beginning of the call. CCTV footage is collected for security purposes only at certain facilities, where notification signs are posted indicating this collection. We use this information for the Business Purposes of detecting security incidents and protecting against fraud; and quality and safety control. Government entities, security service providers, service providers that otherwise help us to run our business.
Professional or Employment-Related Information Professional information such as your occupation and employer Directly from you, public information, Affiliates, service providers, third parties We use this information for the Business Purposes of providing services and internal tech research. We may also use this information for the Commercial Purposes listed under “Use of Information” above. In addition, if you apply for a credit card account with us, we may collect your employment information to enable us to provide services to you by performing the appropriate credit check and issuing your credit account. Marketing service providers (such as analytics providers), service providers that otherwise help us to run our business.
Inferences from PI Collected Purchasing tendencies Directly from you, Public information, Affiliates, service providers, third parties We use this information for the Business Purposes of short-term transient use (for example, contextual advertising); providing services; and internal tech research.  We also use this information for the Commercial Purposes listed under “Use of Information” above. Marketing services providers (such as analytics providers).

Among the categories of personal information listed above, the following categories of personal information we collect may be considered “sensitive” under some state privacy laws:

Category of Sensitive
Personal Information

 

Categories of Sources

 

Purposes for
Collection

 

Disclosures to Service
Providers and
Contractors

 

Personal Information that reveals your Social Security Number or driver’s license Directly from you To extend a line of credit To process transactions related to equipment rentals Service providers that help us to run our business
Personal Information that reveals an account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account Directly from you To extend a line of credit Service providers that help us to run our business
Personal Information that reveals your precise geolocation (location within a radius of 1,850 feet) Our mobile applications collect geolocation information when you authorize that collection Locating a store or providing other, similar services Internal tech research Service providers that help us to run our business
 

HOW LONG WE KEEP YOUR PERSONAL INFORMATION

We keep the categories of PI described above for as long as is necessary for the purposes described in this Policy or otherwise authorized by law. This generally means holding the information for as long as one of the following apply:

  • Your PI is reasonably necessary to manage our operations, to manage your relationship with us, or to satisfy another purpose for which we collected the information;
  • Your PI is reasonably necessary to carry out a disclosed purpose that is reasonably compatible with the context in which the PI was collected;
  • The information is reasonably required to protect or defend our rights or property (which will generally relate to applicable laws that limit actions in a particular case); or
  • We are otherwise required or permitted to keep your information by applicable laws or regulations.

Where PI is used for more than one purpose, we will retain it until the purpose with the latest period expires. For more information about our retention policies, please contact us using the contact details below.

TARGETED ADVERTISING, SELLING, AND SHARING OF PERSONAL INFORMATION

The categories of PI that we disclose for a business or commercial purpose and the categories of recipients are listed in the chart above. The chart below summarizes the categories of PI we used for targeted / cross-context behavioral advertising in the past 12 months. Although we do not sell Personal Information in exchange for money, some of the ways in which we share PI for targeted advertising may be considered “sales” or “sharing” under some US state privacy laws. We do not have actual knowledge that we sell or share the PI of people under 16 years of age. Our uses of Personal Information are not considered “sales” under Nevada law.

Category of Personal Information

 

Type of Disclosure

 

Categories of Third Parties to Which the Information Was Sold or Shared

 

Identifiers Transferred to third parties for cross-context behavioral advertising Ad networks, search and social media platforms, and other online advertising partners
Customer Records
Commercial Information
Internet or Other Electronic Network Activity Information
Geolocation Data
Inferences

CALIFORNIA PRIVACY RIGHTS

Under the California Consumer Privacy Act (California Civil Code Section 1798.100, et seq.), as amended by the California Privacy Rights Act (California Civil Code Section 1798.100, et seq.) (“CCPA”), California residents have certain rights they may exercise either independently or through an authorized agent. Your California privacy rights are described below. For purposes of this Notice, in some places we have abbreviated or summarized CCPA terms or language. Terms defined under the CCPA that are used in this Notice shall have the same meanings as under the CCPA.

To make a request to delete, request to correct, or request to know, you can submit a case through our Global Privacy Portal or by calling 1-844-835-4134. Please follow the instructions on our Global Privacy Portal and promptly respond to any follow-up inquires so that we may confirm your identity. If you would like to opt out of sales and sharing of PI, click the Do Not Sell or Share My Personal Information link on the homepage of the Sherwin-Williams website(s) you visit and move the “Do Not Sell or Share My Personal Information / Targeting Cookies” toggle to “off”.

If you submit a request to know, request to delete or request to correct, you will be asked to log into your account or to provide 2-3 pieces of PI that we will match against our records to verify your identity. Authorized Agents may submit requests on behalf of Consumers by following these steps and providing appropriate documentation. If you submit a request through an authorized agent, you will still need to verify your identity directly with us before your request can be processed.

Right to Know

You have the right to request that we provide you with the following information. Requests of this nature may be made no more than twice in a 12-month period.

  • The categories of PI we have collected about you, including:
    • The categories of sources from which the PI was collected
    • Our business or commercial purposes for collecting, selling, or sharing PI
    • The categories of third parties to which we disclose PI
    • The categories of PI that we sold, and for each category identified, the categories of third parties to which we sold that particular category of PI
    • The categories of PI that we disclosed for a business purpose, and for each category identified, the categories of recipients to which we disclosed that particular category of PI
  • The specific pieces of PI we have collected about you.

Right to Opt Out of Sales and Sharing of PI

You have the right to opt out of the sale of your PI, and to request that we do not share your PI for cross-context behavioral advertising. Although we do not sell Personal Information in exchange for money, some of the ways in which we share PI for advertising or marketing may be considered “sales” or “sharing” under the CCPA. To opt-out, please click on the “Do Not Sell or Share My Personal Information” link on the homepage of the Sherwin-Williams website(s) you visit and move the indicated toggle to “off.” If you choose to use a browser-based opt-out signal (such as the Global Privacy Control (GPC)), you will be opted out of cookie-based sales and sharing of Personal Information for each of our websites you visit with the signal enabled. Because we are unable to recognize you across different websites, visiting one of our sites with the signal enabled will have the effect of opting you out of sales and sharing with respect to that specific site, but will not impact sales and sharing for our other websites. Additionally, you will need to turn on the opt-out signal for each browser that you use. Please note that the GPC signal may block our websites’ cookie banners and preference centers from appearing or otherwise interfere with our Do Not Sell or Share My Personal Information links. If this occurs, your preferences have been recognized, even if the banner and preference center are no longer visible.

Deletion Rights

You may request that we delete your PI that we have collected directly from you. Under the CCPA, we may decline to delete your PI under certain circumstances—for example, if we need the PI to complete transactions or provide services you have requested or that are reasonably anticipated, for security purposes, for legitimate internal business purposes, to comply with law, or to exercise or defend legal claims. Where we use deidentification to satisfy a deletion request, we commit to maintaining and using the information in deidentified form and will not attempt to reidentify the information.

Correction Rights

If you believe that PI we maintain about you is inaccurate, you have the right to request that we correct that information.

Right to Limit Use and Disclosure of Sensitive Personal Information

We do not use or disclose Sensitive Personal Information for purposes to which the right to limit use and disclosure applies under the CCPA.

Right to Non-Discrimination for the Exercise of Your Privacy Rights

If you choose to exercise any of your privacy rights under the CCPA, you also have the right not to receive discriminatory treatment by us.

NOTICE OF FINANCIAL INCENTIVE

Our PaintPerks rewards program provides benefits such as rewards points and discounts to those who choose to participate. Participation requires you to provide some PI, such as Identifiers, Customer Records, and Commercial Information. The incentives associated with our rewards program are designed to reward loyal customers based on the volume of products and services they purchase from us. For the full terms and conditions applicable to our rewards program, please click here.

We have made a good faith estimate that the value of PI provided in connection with our rewards program is equivalent to the relevant expenses related to the collection and retention of that PI. Any difference in price or benefits provided to customers who participate in our rewards program is reasonably related to the value of the PI provided. By joining our rewards program, you consent to any financial incentive associated with the program. You have the right to withdraw from the financial incentive at any time by cancelling your participation in the rewards program. To cancel your rewards membership, please click here. Please note that if you submit a request to delete, that will delete PI associated with any rewards account you may have.

Privacy Rights for Residents of Additional U.S. States

This section supplements the other parts of our Privacy Policy and provides additional information for consumers who reside in US States other than California. If you are a resident of California, please review our California-specific disclosures, above.

MAKING A PRIVACY RIGHTS REQUEST

If you would like to make a request relating to your Personal Information, please use our Global Privacy Portal or call 1-844-835-4134. Please note that we will need to authenticate your identity before your request can be processed. For authentication, you will be asked to log into your account or to provide 2-3 pieces of Personal Information that we will match against our records.

  • Access and Data Portability. You can use this type of request to confirm whether we are processing your Personal Information, access your Personal Information, and to obtain a copy of your Personal Information in a portable format.
  • Correction. You may request that we correct inaccuracies in your Personal Information, taking into account the nature of the Personal Information and our purposes for processing it.
  • Deletion. You may request that we delete your Personal Information. Under the state privacy laws, we may decline to delete your PI under certain circumstances—for example, if we need the PI to complete transactions or provide services you have requested or that are reasonably anticipated, for security purposes, for legitimate internal business purposes, to comply with law, or to exercise or defend legal claims.
  • Opt-Out Requests. You may opt out of the following uses of your Personal Information: (a) targeted advertising; (b) the sale of Personal Information; and (c) profiling in furtherance of decisions that produce legal or similarly significant effects concerning your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. We do not sell Personal Information in exchange for money or engage in practices that qualify as profiling producing legal or similarly significant effects under applicable state privacy law. To opt out of targeted advertising / non-monetary “sales” of Personal Information, please click on the “Do Not Sell or Share My Personal Information” link on the homepage of the Sherwin-Williams website(s) you visit and move the Targeting Cookies toggle to “off.” If you are an authorized agent submitting an opt-out request on behalf of a Colorado consumer, please click the Do Not Sell or Share My Personal Information link on the homepage of the Sherwin-Williams website(s) you visit and move the “Do Not Sell or Share My Personal Information / Targeting Cookies” toggle to “off.” We use commercially reasonable efforts to authenticate the identity of the consumer and the authorized agent's authority to act on the consumer's behalf.
  • Appeals. Sometimes we are unable to process requests relating to your Personal Information, in which case, your request will be denied. If your privacy rights request has previously been denied by us and you believe we denied it in error, you may appeal for reconsideration of your request using our Global Privacy Portal.

Please note that if you make a privacy rights request, we will retain the Personal Information submitted in connection with your request for recordkeeping purposes.

LOYALTY PROGRAM DISCLOSURES FOR COLORADO RESIDENTS

The purpose of this section is to notify Colorado consumers of how we use Personal Information in connection with your participation in our PaintPerks loyalty program. You have the right to delete your Personal Information associated with your PaintPerks account; however if you delete your Personal Information, we will be unable to link your rewards to your account, and therefore you will be unable to receive benefits from the program. The chart below identifies the categories of Personal Information collected through our loyalty program that we sell, or process for targeted advertising, and the third parties who receive each category of Personal Information.

Category of Personal Information

 

Third Parties Who Receive Each Category

 

Identifiers Advertising and communications partners
Customer Records
Commercial Information

For more information about how we process your Personal Information, please see the other sections of our Privacy Policy.

Residents of any European Union Member State

The legal bases for our processing activities are as follows:

  • For our legitimate business purposes, including:
    • to provide you with services, products, or other materials you request (for example, completing your registration for a loyalty program and sending you product samples) and to customize your experience with our Services;
    • to manage and improve your shopping experiences and our products, Services and offerings, including analyzing the use of our products and services, and determining the effectiveness of our advertising; and
    • to protect the security and integrity of our Services.
  • To perform our contract(s) with you, including processing your purchases and transactions,
  • To meet our legal obligations, for example:
    • for audit and reporting purposes;
    • to perform accounting and administrative tasks;
    • to respond to requests for information by competent public bodies and judicial authorities; and
    • to enforce our legal rights and to enforce or manage legal claims.
  • On the basis of your consent:
    • to send you direct marketing messages about our products, services, and promotions; and
    • to deliver targeted advertisements to you, both on and off the Services, including by using cookies and similar technologies, as explained below.

You can withdraw your consent at any time by contacting us.  If you withdraw certain consents, we may no longer be able to offer related services.

  • E-Mail: If you wish to unsubscribe or opt out of receiving direct marking from a particular Sherwin-Williams brand or group via email, you may follow the instructions contained in any such message.   You may also contact us at Global Privacy Portal for information about how to remove yourself from any of our mailing lists.
  • Postal mail:  If you no longer wish to continue receiving commercial postal mailings from a particular Sherwin-Williams brand or group, you may follow the instructions or use the contact information contained in any such message.   You may also contact us at Global Privacy Portal to remove yourself from our mailing lists.
  • Other:  If you no longer wish to continue receiving other commercial communications from a particular Sherwin-Williams brand or group, you may follow the instructions or use the contact information contained in any such message, or by changing the privacy settings in your browser (for example, with respect to cookies).   You may also contact us at Global Privacy Portal to remove yourself from other types of direct marketing in accordance with local law. 

You may lodge a complaint with a supervisory authority if you consider that our processing of your personal information infringes applicable law.

Our Services may use web analytics services, such as Google Analytics, which are provided by Google, Inc. and other third party providers. These services use “cookies” to help analyze how visitors use online services. The information generated by the cookies about your use of the online services (including your IP address) will be transmitted to and stored by these providers, including outside the EU in third countries such as the United States which might not have data protection and other laws that are as comprehensive as those in your country.

If your IP address is not truncated through IP-anonymization, then the full IP address may be transferred to third party providers’ non-EU servers. These providers may use this information for the purpose of evaluating your use of the websites, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage.   You may refuse the use of cookies as described elsewhere in this policy, and some providers offer you the ability to prevent the collection and processing of data generated by cookies and related to your use of the website (including your IP address) by downloading and installing a Browser-Plugin.

Residents of Argentina

If you are an Argentine resident, in accordance with Law No. 25,326, as amended, you can exercise your right of access every 6 months free of any charge, or more often if you have a legitimate interest to exercise such right, by providing us with any proof of your identity. The request shall be answered in accordance with applicable law.

Besides the right of access, any Argentine resident can exercise their amendment, update or cancelation rights at any time free of any charge by providing us with any proof of identity. The request shall be answered in accordance with applicable law. The request can be denied if: (i) there is a third party interested in the conservation of the personal information in its current state by Sherwin-Williams; or (ii) there is a legal obligation to preserve the data in its current state.

The exercise of the rights of access, amendment, update or cancelation can be denied by us if it is needed to: (i) protect the national security, the institutional order, the public safety or third party rights; or (ii) avoid the obstruction of justice in judicial or administrative case files related to tax obligations, social security obligations, public health, criminal investigations and administrative infraction investigations as long as there is an order in the corresponding case file to avoid the exercise of any of the aforementioned rights by the data subject.

For information about how to exercise these rights, please see Your Choices & Rights in Your Information above. Sherwin-Williams can be contacted through the Global Privacy Portal for additional inquiries.

Residents of Australia

Australian residents are hereby notified that you have the option to deal anonymously or by pseudonym if you contact us by telephone and you merely seek information about our Services but you do not wish to enter into any further discussions with us. However, if you wish to deal with us in this way, you will not be able to engage with us in respect of our services. If you wish to engage with us in respect of our services, you may be required to provide us with your personal information.

Sherwin-Williams may transfer your personal information to affiliates, service providers, and other parties described under “Sharing Your Information” outside of Australia including in the United States.

We rely on your consent to send you direct marketing messages about our products, services, and promotions, and to deliver targeted advertisements to you.  You can withdraw your consent at any time.  Please see Your Choices & Rights in Your Information for more information.  You also may change the privacy settings of your browser, for example, with respect to cookies.  If you withdraw consent, we are no longer able to offer these services.

If we become aware of any ongoing concerns or problems concerning our privacy practices, we will take these issues seriously and work to address these concerns. If you have any further queries relating to our privacy policy, or you have a problem or complaint, please contact us at our Global Privacy Portal.  If you are not satisfied with our handling of your problem or complaint you may make a complaint to the Australian Information Commissioner – for further details please visit http://www.oaic.gov.au/

Residents of Brazil

In addition to the purposes set forth in this Consumer Privacy Policy, we also process your personal data in order to manage your orders internally, for the protection and security of your personal data and to manage your participation in trainings, presentations and events that we or our representatives may offer related to our products and services.

By participating in trainings, presentations, and other events, you agree that you are interested in our products and services, including our marketing materials.  We observe all your rights set forth in this policy and applicable law, including your right to opt-out.

Regardless of additional provisions set forth in this Privacy Policy, you may be entitled to the following rights in connection with your personal data before Sherwin-Williams at any time and upon request:

  • confirmation of the processing;
  • access to the personal data;
  • rectification of incomplete, inaccurate or out-of-date personal data;
  • anonymization, restriction/blocking or deletion of unnecessary or excessive personal data or data processed in breach of the provisions set forth in the Law No. 13,709/18 or “Brazilian Data Protection Law”;
  • portability of personal data to another service provider or product supplier, upon explicit request, subject to commercial and industrial secrecy, pursuant to regulation of the National Data Protection Authority (as defined in the Brazilian Data Protection Law);
  • erasure of personal data processed based on the consent of the data subject, except for cases where the Brazilian Data Protection Law authorizes Sherwin-Williams to keep such data;
  • information about public and private entities which Sherwin-Williams shared data subject’s personal data with;
  • information about the possibility of denying consent and the consequences of such denial; and
  • revocation of consent. 

In addition to the exercise of the rights above, it is your responsibility to keep your information duly updated and accurate with us.

You may contact Sherwin-Williams, the controller of personal data subject to processing, at the Global Privacy Portal, to exercise any of your rights and comply with obligations set forth in this Privacy Policy.

Pursuant to article 41 of the Brazilian Data Protection Law, Sherwin-Williams has appointed its Global Privacy Manager – LATAM as its Data Protection Officer. You may contact her at the Global Privacy Portal.

Residents of Canada

Canadian residents are hereby notified that Sherwin-Williams and its service providers may process and store your personal information outside of Canada, including in the United States, and such data may be subject to disclosure to authorized law enforcement, local courts, and national security authorities pursuant to applicable local laws and legal process.  You may contact Sherwin-Williams with questions about our privacy practices, including to receive information regarding our policies and procedures with respect to service providers outside of your jurisdiction.

You are further notified that if you refuse to consent to our collection, use or disclosure of your personal information, we may not be able to provide you with the products or services you request.  Subject to legal and contractual restrictions, you may withdraw your consent to our further collection, use or disclosure of your personal information for such purposes as marketing and delivering surveys at any time by giving us reasonable notice.  You may not be permitted to withdraw your consent to certain necessary collections, uses and disclosures of your information (such as maintaining reasonable business and transaction records). 

Please see Your Choices & Rights in Your Information for information about how to exercise your rights to access your personal information.  Our authorized employees, agents and mandataries will have access to your information as required to fulfill their obligations to us.  

Residents of India

If you are an Indian resident, you are entitled to request to review your personal information and to update, correct, or delete deficient or inaccurate information, and you have the right to contact us regarding any discrepancies or grievances relating to the processing of personal information by Sherwin-Williams.  Please see How to Contact Us for information on how to contact us.  Please see Your Choices & Rights in Your Information for information about how to exercise these rights.  While we take steps to comply with your requests in a timely manner, we are not responsible for the authenticity of your personal information.

Residents of Malaysia

If you are a resident of Malaysia, please see How to Contact Us for information about how to contact Sherwin-Williams’ Global Privacy Compliance group responsible for global data protection.

Residents of Mexico 

As residents of Mexico, you may object to the processing of your personal information for the following voluntary uses of such personal information:

  • To communicate or send you promotions.
  • To provide you with relevant advertising on our Services and elsewhere.
  • To determine the effectiveness of our advertising.

Also, in addition to your rights of access and rectification, you also may have the right to cancel or oppose the collection and processing of your personal information and to limit the scope of processing and to revoke your consent, in accordance with local law.

Please see Your Choices & Rights in Your Information for information about how to exercise these rights.  Please explain what right you want to exercise and provide proof of identity.  The request shall be answered in accordance with applicable law. If you would like to correct or update your personal information, indicate what the correction should be.

Residents of New Zealand

Under the New Zealand Privacy Act 1993, you have certain rights of access to and correction of personal information we hold about you.  Please see Your Choices & Rights in Your Information for information about how to exercise these rights.

Residents of Singapore

If you are a resident of Singapore, please see How to Contact Us for information about how to contact Sherwin-Williams’ Global Privacy Compliance group responsible for global data protection.

Residents of Sweden

If you are a Swedish resident, you may contact Sherwin-Williams for information about our privacy practices as described under How to Contact Us.

Residents of Uruguay

The legal bases for our processing activities are as follows:

  • For our legitimate business purposes, including:
    • to provide you with services, products, or other materials you request (for example, completing your registration for a loyalty program and sending you product samples) and to customize your experience with our Services;
    • to manage and improve your shopping experiences and our products, Services and offerings, including analyzing the use of our products and services, and determining the effectiveness of our advertising; and
    • to protect the security and integrity of our Services.
  • To perform our contract(s) with you, including processing your purchases and transactions.
  • To meet our legal obligations, for example:
    • for audit and reporting purposes;
    • to perform accounting and administrative tasks;
    • to respond to requests for information by competent public bodies and judicial authorities; and
    • to enforce our legal rights and to enforce or manage legal claims.
  • On the basis of your consent:
    • to send you direct marketing messages about our products, services, and promotions; and
    • to deliver targeted advertisements to you, both on and off the Services, including by using cookies and similar technologies, as explained below.

You can withdraw your consent at any time.  Please see Your Choices & Rights in Your Information for more information.   You also may change the privacy settings of your browser, for example, with respect to cookies.  If you withdraw consent, we are no longer able to offer these services.

Please see Your Choices & Rights in Your Information for information about how to exercise the rights you may have in accordance with Uruguayan Data Protection Act No. 18,331.  You also may contact us with questions and to exercise any rights hereunder as described under How to Contact Us.

Vietnam Residents

The information about you that we collect, store, process, use, disclose to and transfer to third parties includes information in electronic format. References to “sharing” and “disclosure” of personal information in Sharing of Information include any and all of the acts of sharing, disclosing, and transferring your information.  Please see Your Choices & Rights in Your Information for information about how to exercise rights you may have under local law to access, update, correct and/or request removal of your personal information from our databases, request stoppage of the provision of your personal information to a third party or request we not quote or otherwise use contents of such information.  In addition, you may contact us at the following address for questions or information about how to exercise your rights under local laws as described under How to Contact Us.  Upon receipt of your request, Sherwin-Williams will grant you reasonable access to personal information that we hold about you, unless otherwise legally unable to do so. In addition, Sherwin-Williams will take necessary steps to permit you to correct, amend, or delete information demonstrated to be inaccurate or incomplete.