Privacy and Data Security Policy

At eGrimesDirect, safeguarding your personal data is central to our mission. This comprehensive Privacy and Data Security Policy outlines how we collect, use, store, and protect your personal information in compliance with the applicable privacy laws of Ontario, Canada, as well as international laws such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). By using our website or services, you agree to this policy. Please review this document carefully to understand your rights and how we handle your data.

1. Collection and Use of Personal Data

1.1. Types of Personal Data Collected

eGrimesDirect collects various types of personal data to provide and improve our services. The data we collect may include, but is not limited to:

• Identification Information: Names, addresses, email addresses, phone numbers, and other contact details.
• Transactional Information: Payment details (such as credit card numbers), purchase history, billing and shipping information.
• Account Information: Username, password, preferences, and order history.
• Browsing and Technical Data: IP address, browser type, device identifiers, and data from cookies or similar tracking technologies.
• Communication Data: Records of your interactions with our customer service team, including emails, calls, or other inquiries.

1.2. Legal Basis for Processing

In accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable laws, we collect and process your personal data based on the following legal grounds:

• Consent: When you provide consent for us to collect and process your personal data (e.g., by accepting cookies, subscribing to our newsletter, or creating an account).
• Contractual Necessity: When processing is necessary to fulfill a contract with you (e.g., processing an order or delivering a product).
• Legal Obligations: When processing is required to comply with legal or regulatory obligations.
• Legitimate Interest: When processing is necessary for our legitimate business interests (e.g., improving user experience or conducting analytics), provided it does not override your fundamental rights.

1.3. Use of Personal Data

The personal data collected by eGrimesDirect is used for the following purposes:

• To fulfill orders: Processing transactions, shipping products, and providing customer support.
• To improve user experience: Personalizing your interactions with our website based on browsing history or preferences.
• To communicate with you: Sending important updates, newsletters, and promotional offers (you may opt-out at any time).
• To analyze performance: Using aggregated data to enhance website performance, diagnose issues, and improve our services.
• To ensure security: Protecting against fraud, unauthorized access, and data breaches.

We do not sell personal data to third parties under any circumstances.

1.4. Sensitive Data

eGrimesDirect does not intentionally collect sensitive personal data such as racial or ethnic origins, religious beliefs, health information, or political opinions. If sensitive data is collected inadvertently, it will be handled in accordance with strict legal requirements and deleted unless retention is legally necessary.

2. Data Security Measures

2.1. Encryption and Protection Protocols

We take your data security seriously. All sensitive data, including payment information, is transmitted via Secure Sockets Layer (SSL) encryption technology. This ensures that any personal data exchanged between your browser and our servers remains confidential and secure.

2.2. Secure Payment Processing

Our payment processing is handled through third-party providers who are PCI-DSS compliant. These providers adhere to industry standards for the secure handling of payment card information, protecting it from unauthorized access during transactions. We do not store complete payment information (e.g., full credit card numbers) on our servers.

2.3. Data Access and Role-Based Controls

Access to your personal data is restricted to authorized personnel who require access to perform their job functions. We enforce role-based access controls to limit who within eGrimesDirect can view or process sensitive data. Employees handling personal data are regularly trained in best practices for data privacy and security.

2.4. Data Breach Response

In the event of a data breach that compromises your personal data, eGrimesDirect will:

• Notify affected individuals as soon as reasonably possible (within the timeframe required by applicable laws such as PIPEDA or GDPR).
• Inform regulators if the breach poses a risk to individuals' rights and freedoms.
• Take corrective actions, including conducting internal investigations and enhancing security measures to prevent future breaches.

2.5. Monitoring and Audits

We conduct regular security audits to evaluate the effectiveness of our security measures and ensure compliance with industry standards and legal obligations. Vulnerabilities are addressed promptly to maintain the integrity and confidentiality of user data.

3. User Rights and Choices

3.1. Right to Access and Correction

You have the right to request access to any personal data we hold about you. If any of the information is incorrect or incomplete, you can request that it be corrected. Requests for access or correction can be directed to our Customer Service team.

3.2. Right to Data Portability

Under certain circumstances, you have the right to request a copy of your personal data in a structured, machine-readable format. You may also request that we transfer this data directly to another data controller, where technically feasible.

3.3. Right to Deletion (Right to be Forgotten)

You have the right to request the deletion of your personal data in certain situations, such as when the data is no longer necessary for the purpose for which it was collected, or when you withdraw your consent. However, certain legal obligations (e.g., tax or regulatory compliance) may require us to retain specific data for a prescribed period.

3.4. Right to Restriction of Processing

You may request that we limit the processing of your personal data in certain cases, such as when you contest the accuracy of the data or object to processing. During the restriction period, we will store the data but not process it further unless required by law.

3.5. Right to Object to Processing

You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. If you object, we will cease processing your data for these purposes unless there are compelling legal grounds for processing.

3.6. Right to Withdraw Consent

Where processing is based on your consent (e.g., receiving marketing emails), you may withdraw your consent at any time by contacting us or using the unsubscribe link in our communications. Withdrawing consent does not affect the legality of processing based on consent before its withdrawal.

3.7. How to Exercise Your Rights

To exercise any of your rights, please contact our Customer Service team at CSR@egrimesdirect.com. We will respond to your request within the legally mandated time frame (typically within 30 days).

4. Data Sharing and Transfers

4.1. Sharing with Third-Party Service Providers

eGrimesDirect partners with third-party service providers to perform essential business operations, including:

• Payment processing (e.g., Stripe, PayPal, Chase, etc).
• Shipping and logistics (e.g., couriers, freight services).
• Analytics (e.g., Google Analytics, which collects anonymized data to improve website performance).

These service providers are contractually obligated to maintain the confidentiality and security of your personal data and are only authorized to use your data to fulfill the purposes for which it was shared.

4.2. Cross-Border Data Transfers

eGrimesDirect may transfer personal data to service providers located in other jurisdictions, including outside Canada or the European Economic Area (EEA). When such transfers occur, we ensure that appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Privacy Shield certification (where applicable, for transfers to the United States).

You can contact us for further information on the safeguards we apply to such transfers.

4.3. Disclosure for Legal Obligations

We may disclose personal data in response to valid legal requests, such as court orders or requests from public authorities, including to meet national security or law enforcement requirements. We will always strive to disclose only the minimum amount of data necessary to comply with the law.

4.4. Business Transactions

In the event of a merger, acquisition, or sale of our business, your personal data may be transferred to the acquiring entity as part of the transaction. You will be notified of any such transfer and provided with options regarding your personal data.

5. Cookies and Tracking Technologies

5.1. Use of Cookies

eGrimesDirect uses cookies and other tracking technologies to enhance your user experience, improve our website performance, and deliver personalized advertisements. By continuing to browse our website, you consent to the use of cookies, unless you opt-out via your browser settings.

5.2. Types of Cookies Used

• Essential Cookies: Necessary for website functionality, such as login and shopping cart features.
• Performance Cookies: Help us understand how visitors use our site, such as which pages are most visited, allowing us to optimize performance.
• Targeting Cookies: Used to deliver relevant advertisements to users based on their interests.

5.3. User Control Over Cookies

You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies, although doing so may impact your ability to use certain features on our website. For more information, please see our Cookie Policy.

6. Data Retention

6.1. Retention Period

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Specific retention periods include:

• Transaction records: Retained for up to 7 years for tax and accounting purposes.
• Customer service inquiries: Retained for up to 2 years for support and dispute resolution.

After the retention period, your data will be securely deleted or anonymized.

6.2. Secure Deletion

When data is no longer required, it will be securely deleted or anonymized in compliance with legal obligations. We use industry-standard techniques to ensure secure deletion, including the use of encryption and file-shredding tools.

7. Children’s Privacy

7.1. Age Restrictions

Our website and services are not intended for individuals under the age of 13. We do not knowingly collect personal data from children under this age. If we discover that we have inadvertently collected data from a child under 13, we will promptly delete the information.

7.2. Parental Consent

If you are a parent or guardian and believe that your child has provided personal data to eGrimesDirect, please contact us immediately at CSR@egrimesdirect.com. We will take steps to delete the data and ensure compliance with applicable laws.

8. Contact Information for Privacy Concerns

If you have any questions, concerns, or requests regarding your personal data or this policy, please contact our Customer Service team:

Email: CSR@egrimesdirect.com
Phone: 1-800-268-0568
Mailing Address: Grimes Industrial Products Group, 667 Welham Rd #5, Barrie, ON L4N 0B7

We are committed to addressing your privacy-related inquiries promptly and in accordance with applicable legal requirements.

9. Legal Compliance and Changes to the Policy

This Privacy and Data Security Policy is governed by the laws of Ontario, Canada, and complies with PIPEDA, GDPR, and CCPA where applicable. We reserve the right to update this policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on our website, and users are encouraged to review the policy periodically. Continued use of our website and services after changes to the policy signify acceptance of the revised terms.