- This policy applies in so far as we are acting as a data controller and responsibilities pertaining to the protection of personal data gathered on the site.
- “Personal data”, as defined in Article 4(1) of the GDPR, refers to “any information relating to an identified or identifiable natural person (‘the subject’)”.
- The site uses privacy controls which affect the processing of your personal data.
2. We may collect the following information about you
- Information (such as your name, IP address, email address, postal address and telephone number) that you provide by completing forms on the site, including if you register as a user of the site, subscribe to any service, upload or submit any material, or request any information;
- Communications you send to us, for example to report a support problem or to submit queries or comments regarding the site or its content. The site may generate metadata associated with your communications made using contact forms;
- Information from surveys that we may, from time to time, run on the site for research purposes, if you choose to respond to them;
- Details of your visits to the site, the resources you access and any data you download; employment details if you send us a CV or other details of your employment history in connection with an advertised job vacancy or a general enquiry regarding employment opportunities with us.
- We may process personal data provided in the course of the delivery of our services. The service data may be processed for the purposes of operating the site, providing services, ensuring security, maintaining back-ups and communicating with you and third parties.
- We may process information contained in enquiry forms that you submit to us regarding the services we provide.
- We may process data where necessary for the exercise or defense of legal claims, in or out of a court of law. The legal basis for this processing are our legitimate interest, including, but not limited to, the protection and assertion of legal rights.
- Article 6 of the GDPR states: “Processing shall be lawful only if and to the extent that at least one of the following applies: […] processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
- The site gathers usage data. This usage data may be processed to improve your user experience, and to analyse the use of the site. The legal basis for our processing activity is your express consent OR based on expressions of legitimate interests.
- You are under no obligation to provide such information. However, if you choose to withhold information, we may not be able to provide you with certain services. Your data will be held with us for an extended period until either
- We deem it no longer necessary to hold your information in order to satisfy the user objectives; or
- a formal request for erasure is received.
- Please do not supply the personal data of any other person to us through the site, unless they give you their express permission.
3. How is this information used?
- We will use the information you provide to: identify visitors to the site; enable us to provide you with the services and information offered through the site and which you request; audit the downloading of data from the site; verify financial transactions (where relevant); improve the layout and/or content of our web pages and customise them for users; carry out research on our users’ demographics; and send you information we think you may find useful, including information about our products and services, provided you have indicated that you do not object to being contacted for these purposes.
4. How secure is your data?
- Our company places great importance on the security of all personally identifiable information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control. Our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to user information. User data held on our website is encrypted. While we cannot ensure or guarantee that loss, misuse, or alteration of information will not occur, we use all reasonable efforts to prevent this. In the unlikely event of a data breach, we will work to inform the Supervisory Authority and concerned data subjects within 72 hours of becoming aware of the breach, in accordance with Articles 33 and 34 of the GDPR.
- You should bear in mind that transmission of information over the internet is never entirely secure. We cannot guarantee the security of information you transmit to the site and any such transmission is at your own risk.
- It is advisable to close your browser when you have finished your user session to help ensure others do not access your personal information if you use a shared computer or a computer in a public place.
5. Who do we share data with?
- We may share personal data to any member of our group of companies (including subsidiaries) as necessary for the purposes set out, and according to the legal basis outlined, in this policy.
- We may disclose your personal data to our insurers and legal counsel, as reasonably necessary for the purposes of coverage, managing risks, obtaining advice, or the establishment, exercise or defense of legal claims.
- We may disclose limited personal data to suppliers or subcontractors insofar as reasonably necessary for the provision of our services.
- With regards ecommerce, financial transactions processed through the site OR handled by our payment services providers: We will share your transaction data with our payment services providers only when necessary for the purposes of processing payments, refunds, and dealing with queries.
6. International transfers of your personal data (Outside of the European Economic Area (EEA))
- We have premises in the U.S.A. The European Union has made an “adequacy decision” with respect to transfers of data to these locations.
- Article 13 of the GDPR requires that data controllers disclose “the fact that the controller intends to transfer personal data to a third country or international organization and the existence or absence of an adequacy decision by the Commission” and put in place “appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available”.
- By agreeing to this policy, you acknowledge that your data may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others beyond the safeguards outlined here.
7. Public forums
- The site may make chat rooms, forums, message boards and/or news groups available to its users. Any information that is disclosed in these areas becomes public information and you should exercise caution when using these and never disclose your personal information.
8. Retaining your data
- Any personal data that we process shall not be kept for longer than is necessary.
9. Your acceptance of these terms
- We may update this policy from time to time by publishing a new version on our website.
10. Your rights
- You have a legal right to a copy of all the personal information about you held by us. You also have a right to correct any errors in that information. As mentioned above, you have a right to prevent us using your personal information for direct marketing purposes. In some circumstances, you may also request that personal information about you that is held by us be erased from our records, without undue delay, in compliance with Article 17 of the GDPR.
- Your principal rights under data protection law are:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- You have the right to confirmation as to whether or not we process your data and to have access to that personal data.
- In certain circumstances, you have the right to lodge a complaint with the Supervisory Authority. You may do so in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement.
- In so far as the legal basis for our processing your personal data is consent, as explained above, you have the right to withdraw that consent at any time. Do note, however, that withdrawal does not affect the lawfulness of processing before the time of the withdrawal.
- You have the right to receive your data from us in a clear and machine-readable format. However, this right does not apply should we deem it might adversely affect the rights and freedoms of others.
12. Contact us
- The site is owned by Timberline Tool and Casting.
- You can contact us at PO Box 1328 Whitefish MT 59937 and +1.406.755.4258.