Privacy Policy
Last Revised: [March/20/2025]
1. Scope & Purpose
This Policy governs the collection, use, and disclosure of Business Client Data during commercial interactions with AIRSOFTBAR. It applies to:
-
Corporate entities engaging in procurement activities
-
Authorized representatives (e.g., purchasing managers, technical consultants)
-
Third-party logistics partners under contractual obligations
2. Types of Business Data Collected
| Category | Examples | Legal Basis |
|---|---|---|
| Corporate Identity | Company name, business registration number | Contract fulfillment (Art. 6(1)(b) GDPR) |
| Transactional Data | Purchase orders, payment records, Incoterms | Legitimate interest (Art. 6(1)(f) GDPR) |
| Technical Specifications | Custom design files, compliance certificates | Performance of contract |
| Operational Contacts | Procurement manager email, technical liaison | Business necessity |
3. Data Utilization
We process Business Client Data strictly for:
-
Contract Execution: Order processing, customs clearance, certification management
-
Supply Chain Optimization: Inventory forecasting, lead time analysis
-
Regulatory Compliance: Export control screening (e.g., denied party checks)
-
Account Management: Technical support, product lifecycle updates
Note: We do not sell or monetize Business Client Data.
4. Cross-Border Data Transfers
To facilitate global operations, data may be transferred to:
-
Manufacturing Hubs: Production specifications to ISO-certified factories
-
Logistics Providers: Shipping details to bonded warehouse operators
-
Compliance Partners: Certification documents to accredited testing labs
All transfers adhere to:
-
EU Standard Contractual Clauses (SCCs)
-
APEC Cross-Border Privacy Rules (CBPR)
5. Data Retention Framework
| Data Type | Retention Period | Disposal Method |
|---|---|---|
| Purchase Orders | 7 years post-transaction | Secure shredding & digital erasure |
| Design Specifications | 3 years post-project | AES-256 encrypted deletion |
| Compliance Certificates | Indefinite (legal mandate) | N/A |
6. Security Protocols
-
Technical Measures:
-
TLS 1.3 encryption for data in transit
-
ISO 27001-certified access control systems
-
-
Organizational Controls:
-
Mandatory NDA for engineering staff
-
Annual SOC 2 Type II audits
-
7. Your Rights (EEA/UK Clients)
Business representatives may:
-
Request access to stored corporate data
-
Rectify inaccurate operational contacts
-
Object to non-essential processing (e.g., promotional emails)
Submit requests to: [email protected] (Response within 30 days)
8. Policy Updates
Material changes will be:
-
Notified via registered account administrators 30 days prior
-
Archived versions accessible at [Policy History Portal Link]
Contact for Data Concerns
Data Protection Officer:
[email protected]