Privacy Policy

Privacy Policy

1. Introduction

At md-ind.com (“we,” “us,” “our” or “MD Industrial”), we are committed to protecting and respecting your privacy. We prioritize transparency, data minimization, and security, and we process personal information lawfully and fairly in accordance with global data protection frameworks including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, disclose, store, and protect your information.

2. Scope of This Policy and Data Controller Role

This Privacy Policy applies to all users, customers, and visitors (“you,” “your”) interacting with our website at md-ind.com and any related services. For the purposes of the GDPR, MD Industrial acts as the data controller for processing your personal data collected via the website or through our services.

3. Categories of Data We Process

We collect and process the following categories of personal data:

a) Usage Data
Includes data about your interactions with our website such as IP address, browser type, time zone setting, operating system, referring site, accessed pages, session duration, and clickstream data.

b) Account Data
Includes details you provide when creating an account such as full name, billing and shipping address, email address, and phone number.

c) Profile Data
Includes information such as login credentials, preferences, purchase history, feedback, interests, and behavioral data derived from your interactions with the site.

d) Communication Data
Includes records of communication with you, including support requests, inquiries, contact forms, and correspondence history.

e) Technical Data
Includes device information, browser plug-in details, network location, system configurations, and diagnostic logs.

f) Transaction Data
Includes order and payment details, delivery status, invoicing data, and billing history.

g) Preference Data
Includes marketing and communication preferences, language settings, and expressed interests in products or services.

4. Legal Bases for Processing

Where required under applicable law, we process your personal data based on the following lawful bases:

– Performance of a contract: When processing is necessary for delivering products or services you have requested.
– Consent: Where you have given clear and informed consent to process your data for a specific purpose (e.g., subscribing to a newsletter).
– Legal obligation: Where processing is necessary for compliance with a legal requirement.
– Legitimate interest: Where processing is necessary to serve our legitimate business interests, and such interests are not overridden by your privacy rights.

5. Your Rights

Under applicable laws, you have the following rights regarding your personal data:

– Right of Access: You have the right to request access to the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete personal data.
– Right to Erasure: You may request that we delete your personal data under certain circumstances.
– Right to Restriction: You may request limitation on the processing of your personal data.
– Right to Data Portability: You may request to receive your personal data in a structured, commonly used, machine-readable format.
– Right to Object: You may object to our processing based on legitimate interest or direct marketing purposes.
– Right not to be subject to automated decision-making, including profiling, where this produces legal or similarly significant effects.

To exercise any of these rights, please contact us at [email protected].

6. Security Measures

We implement and maintain robust administrative, technical, and physical safeguards to protect your personal data from unauthorized access, misuse, alteration, and loss. Our security practices include but are not limited to:

– End-to-end encryption for data in transit and at rest;
– Controlled access based on role and necessity;
– Continuous monitoring and security audits;
– Secure data backup solutions;
– Regular employee training in data protection laws.

7. International Data Transfers

We may transfer your personal data to countries outside your jurisdiction, including to jurisdictions that may not provide an equivalent level of data protection. In such cases, we employ safeguards consistent with legal requirements, including standard contractual clauses approved by the European Commission and reliance on recognized frameworks to ensure lawful transfer and processing requirements are met.

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Retention periods include:

– Account Data: For as long as your account is active and up to 6 years post-deactivation;
– Transaction Data: Up to 7 years for legal and tax purposes;
– Communication Data: Up to 5 years after last correspondence;
– Usage and Technical Data: 36 months from collection;
– Marketing Data: Until you withdraw consent or opt out.

Upon expiry of the retention period, your data is securely deleted or anonymized.

9. Cookie Policy

We use cookies and similar technologies on md-ind.com to enhance functionality, analyze site usage, and support marketing operations. Our cookie categories include:

– Essential Cookies: Necessary for core website functionality such as security and access;
– Functional Cookies: Enable preferences like language or location settings;
– Analytics Cookies: Collect aggregated statistics on site usage and behavior;
– Performance Cookies: Monitor and improve website performance.

10. Cookie Management and GDPR/CCPA Compliance

We provide users with tools to manage cookie preferences in compliance with GDPR and CCPA. On your first visit, a cookie banner will prompt you to accept or manage your choices. You may update your preferences at any time via the “Cookie Settings” link on our website. Additionally, you may adjust your browser settings to block or delete cookies.

Under CCPA, California residents have the right to opt out of the “sale” of personal information. While we do not sell personal data in the conventional sense, we honor browser-based Global Privacy Control signals and provide an online mechanism to exercise opt-out rights.

11. Children’s Data

Our services are not directed to children under the age of 13, and we do not knowingly collect their personal data. If we become aware that we hold personal data from a child under 13, we will take appropriate steps to delete it. Parents or legal guardians who believe their child has provided us with personal data should contact us at [email protected].

12. Policy Updates

This Privacy Policy may be updated to reflect changes in our practices, technology, legal requirements, or other operational considerations. We encourage users to review this page regularly. In the event of material changes, we will provide prominent notice via our website or direct communication where required under applicable law.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, your data, or your rights, please contact us at:

Email: [email protected]

We take your privacy seriously and are committed to full compliance with applicable privacy laws and regulations. For inquiries or to exercise your rights, reach out to us at [email protected].