1. Introduction and Scope

megashaft.com (“MegaShaft,” “we,” “us,” or “our”) operates a global business-to-business (B2B) marketplace and technology platform that enables businesses to connect, communicate, and conduct commercial transactions worldwide. We are committed to protecting the privacy, confidentiality, and integrity of personal data in accordance with applicable data protection laws and regulations, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), where applicable.

This Privacy Policy sets out the basis on which we collect, process, use, store, transfer, and disclose personal data obtained from or about individuals who access or use our website, mobile applications, application programming interfaces (APIs), electronic communications, and other related services (collectively, the “Platform”).

This Policy applies to all individuals and business representatives who interact with the Platform, including buyers, sellers, vendors, service providers, and visitors (collectively, “Users,” “you,” or “your”).

For the purposes of applicable data protection laws, MegaShaft acts as a data controller (and, where relevant, a data processor) in relation to the personal data described in this Policy. We process personal data only where we have a lawful basis to do so, including where processing is necessary for the performance of a contract, compliance with legal obligations, protection of legitimate business interests, or where consent has been obtained, as required by applicable law.

By accessing, registering with, or using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein, to the extent consent is required under applicable law.

2. Information We Collect: Categories and Sources

We collect personal information to provide and improve our services. The categories of information we collect are detailed below.

2.1 Information You Provide Directly to Us

• Registration and Profile Data: When you create an account, we collect your full name, business email address, phone number, password, company name, job title, business registration number (e.g., VAT, GST, EIN), company address, and company website.
• Verification Data: To enhance trust and security, we may collect copies of government-issued IDs, business licenses, utility bills, or other documentation for identity and business verification purposes.
• Profile Enhancements: Information you voluntarily add to your public profile, such as profile pictures, company logos, business descriptions, certifications, product catalogs, and videos.
• Transactional and Communication Data: Details of inquiries, quotes, orders, contracts, and payments you initiate or receive. This includes all communications sent through our internal messaging system, as well as emails, chat logs, and call recordings (where permitted by law) for quality, training, and dispute resolution purposes.
• Financial Data: To process payments, we collect billing information such as credit/debit card numbers, bank account details, and billing addresses. This information is processed and stored by our PCI-DSS compliant payment processors. We only store a tokenized reference and the last four digits of your card for reference.
• Marketing and Survey Data: Your preferences for receiving marketing communications and your responses to surveys or customer research.

2.2 Information Collected Automatically

• Usage Data: We automatically collect information about your interactions with the Platform, such as the pages or content you view, the links you click, the features you use, the frequency and duration of your activities, and the search terms you use.
• Device and Connection Data: We collect information about your device, including IP address, browser type and version, operating system, unique device identifiers, mobile network information, and device settings.
• Location Data: We derive your general location (e.g., city and country) from your IP address. With your explicit consent, we may collect precise geolocation data from your mobile device to offer location-based features, which you can disable via your device settings.
• Cookies and Tracking Technologies: We use cookies, pixel tags, web beacons, and similar technologies to operate and personalize the Platform. For detailed information, see our Cookies and Tracking Technologies section below.

2.3 Information from Third-Party Sources

• Business Partners: We may receive information about you from our channel partners, resellers, and other business partners who help us provide services.
• Service Providers: We may receive information from service providers who help us with verification, fraud prevention, and payment processing.
• Public Databases: We may combine information you provide with information from public sources (e.g., company registries, credit bureaus) to verify your business credentials and prevent fraud.
• Social Media: If you choose to connect your social media account (e.g., LinkedIn) to your MegaShaft profile, we receive information from that platform as outlined in their authorization process.

3. Legal Bases for Processing (For EEA and UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal information only when we have a valid legal basis under the General Data Protection Regulation (GDPR). The legal bases include:

• Contractual Necessity: Processing is necessary to perform our contract with you, such as managing your account, facilitating transactions, and providing customer support.
• Legitimate Interests: We process your information for our legitimate interests, provided they are not overridden by your rights and freedoms. Our legitimate interests include: (a) ensuring the security and integrity of our Platform; (b) improving and developing new features; (c) preventing fraud; (d) direct marketing (where you have not objected); and (e) networking and promoting connections between businesses.
• Compliance with Legal Obligations: We process your information to comply with applicable laws, such as tax laws, anti-money laundering regulations, and responding to lawful requests from public authorities.
• Consent: We rely on your consent to process your information for specific purposes, such as sending marketing communications via certain channels or placing non-essential cookies. You have the right to withdraw your consent at any time.

4. How We Use Your Information

We use the information we collect for the following business and commercial purposes:

• To Provide and Manage Services: Creating and managing your account, verifying your identity, facilitating connections between buyers and sellers, processing transactions, and providing customer support.
• To Improve and Personalize: Understanding how users interact with our Platform to improve user experience, personalize content and recommendations, and develop new features.
• To Communicate with You: Sending service-related announcements (e.g., order confirmations, password resets), responding to inquiries, and providing support.
• For Marketing and Promotions: Sending promotional materials, newsletters, and information about products, services, and events we think may interest you. You can opt out at any time.
• For Security and Fraud Prevention: Detecting, investigating, and preventing fraudulent transactions, spam, abuse, security incidents, and other harmful activity.
• For Legal Compliance: Complying with legal obligations, responding to subpoenas and court orders, and establishing, exercising, or defending legal claims.
• To Aggregate and Anonymize Data: Creating aggregated, de-identified data that we may use for analytics, research, and industry reporting. This data cannot be used to identify you.

5. Disclosure of Your Information

We share your personal information with the following categories of recipients for the purposes described in this policy:

• Other Users (Core Marketplace Functionality): As a B2B marketplace, your information is inherently shared with other users.
  • If you are a seller: Your business profile, contact information, and product listings are visible to all users on the Platform.
  • If you are a buyer: When you submit an inquiry or request for quote (RFQ), your name, company name, and contact information are shared with the relevant sellers to enable them to respond.
• Service Providers and Subprocessors: We engage third-party companies to perform services on our behalf, such as cloud hosting (e.g., AWS), payment processing, email delivery, fraud detection, customer support, and analytics. These providers are contractually bound to protect your information and use it only to provide services to us.
• Professional Advisors: We may share your information with lawyers, auditors, insurers, and accountants where necessary to obtain professional advice or manage risk.
• Legal and Regulatory Authorities: We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of MegaShaft, our users, or others.
• Corporate Affiliates and Transaction Partners: We may share information with our subsidiaries and affiliates. In the event of a merger, acquisition, reorganization, or sale of all or a portion of our assets, your information may be transferred as a business asset.
• With Your Consent: We may share your information for any other purpose disclosed to you and with your explicit consent.

We do not sell your personal information for monetary or other valuable consideration to third parties for their own direct marketing purposes.

6. International Data Transfers

MegaShaft operates globally. To provide our services, your personal information may be transferred to, stored, and processed in countries outside your own, including the United States, India, Singapore, and the European Union, where our servers, data centers, and service providers are located. These countries may have data protection laws that differ from the laws of your country.

When we transfer personal information from the European Economic Area (EEA), the UK, or Switzerland to countries that have not been deemed adequate by the European Commission, we implement appropriate safeguards to protect your information, such as:

• Entering into European Commission-approved Standard Contractual Clauses with the receiving entity.
• Relying on the recipient's compliance with Binding Corporate Rules or the EU-U.S. Data Privacy Framework (where applicable).

By using our Platform, you acknowledge and consent to the transfer of your information to countries outside your country of residence, as described in this section.

7. Data Security

We implement and maintain robust technical, administrative, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption: We use TLS/SSL encryption to protect data transmitted between your browser and our servers. Sensitive data, such as passwords and payment information, is encrypted at rest.
• Access Controls: We strictly limit access to personal information to employees, contractors, and agents who have a business need-to-know. They are subject to confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
• Security Audits: We regularly review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access.
• Vendor Assessments: We conduct security assessments on all third-party service providers before granting them access to any personal information.

While we strive to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account password.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. We will also retain and use your information to the extent necessary to comply with our legal obligations (e.g., tax and accounting record retention laws, which may require us to retain data for 5-10 years), resolve disputes, and enforce our agreements.

The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you.
• Whether there is a legal obligation to which we are subject.
• Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

Upon termination of your account, we will deactivate your public profile. However, certain information may remain in archived/backup copies for a reasonable period as required by law or for our legitimate business purposes.

9. Your Privacy Rights and Choices

Depending on your location, you may have the following rights regarding your personal information. We will honor these rights as required by applicable law.

9.1 Rights for All Users

• Access and Portability: You can access and update much of your information directly via your account settings. You can also request a copy of the personal information we hold about you.
• Correction: You can request that we correct inaccurate or incomplete information.
• Deletion: You can request that we delete your personal information, subject to certain exceptions (e.g., where we need to retain it for legal compliance).
• Objection / Restriction: You can object to our processing of your information or ask us to restrict processing in certain circumstances.
• Marketing Opt-Out: You can opt out of receiving promotional emails by following the unsubscribe instructions in those emails or by adjusting your account settings.

9.2 Additional Rights for EEA/UK Residents (GDPR)

• Right to Lodge a Complaint: You have the right to lodge a complaint with your local Data Protection Authority (e.g., the ICO in the UK) if you believe we have violated your data protection rights.

9.3 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, California law provides you with specific rights regarding your personal information, in addition to those listed above.

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions (e.g., completing a transaction, security, legal compliance).
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
• "Shine the Light" Law: California's "Shine the Light" law (Civil Code Section 1798.83) permits California residents to request information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not share information for those purposes.

How to Exercise Your Rights: To exercise any of these rights, please submit a verifiable request to us by:

We will need to verify your identity before processing your request, which may require you to provide additional information. For requests made under the CCPA, you may designate an authorized agent to make a request on your behalf.

10. Cookies and Similar Technologies

We and our service providers use cookies, pixels, and similar technologies to ensure everyone who uses the Platform has the best possible experience. Cookies are small text files placed on your device to store data that can be recalled by a web server.

10.1 Types of Cookies We Use

• Strictly Necessary Cookies: These are essential for you to move around the Platform and use its features, such as accessing secure areas. Without these cookies, services you have asked for cannot be provided.
• Performance/Analytics Cookies: These cookies collect information about how you use our Platform, like which pages you visit most often. We use this information to improve our site. These cookies don't collect information that identifies you.
• Functional Cookies: These cookies allow our Platform to remember choices you make (such as your language preference) and provide enhanced, more personalized features.
• Targeting/Advertising Cookies: These cookies are used to deliver content that is more relevant to you and your interests. They may be set by us or by our advertising partners. They remember that you have visited a website and this information may be shared with other organizations, such as advertisers.

10.2 Your Cookie Choices

When you first visit our Platform, you will be presented with a cookie banner that allows you to set your preferences for non-essential cookies. You can also manage your cookie preferences through your browser settings. Most browsers allow you to refuse to accept cookies and to delete cookies. Please be aware that if you block strictly necessary cookies, some parts of the Platform may not function properly.

11. Children's Privacy

Our Platform is a business-to-business service and is not intended for individuals under the age of 18 ("Minors"). We do not knowingly collect personal information from Minors. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately. If we become aware that we have collected personal information from a Minor without verification of parental consent, we will take steps to delete that information from our servers.

12. Third-Party Links and Services

Our Platform may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Platform, we encourage you to read the privacy policy of every website you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page with a new "Last Updated" date. If the changes are significant, we may provide a more prominent notice (such as an email notification or a banner on the Platform). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

14. Contact Us

If you have any questions, concerns, or comments about this Privacy Policy or our data practices, or if you would like to exercise your privacy rights, please contact our Data Protection Officer (DPO) at support@megashaft.com