Privacy Policy
How we collect, use, and protect your personal information on ProSource MRO platform
Privacy at a Glance
We are committed to protecting your personal information and being transparent about our data practices.
📊 Data We Collect
Business information, contact details, transaction data, and platform usage analytics
🎯 Why We Use It
To provide B2B matching services, process transactions, and improve platform experience
🤝 Who We Share With
Only with your consent for business matching, and with service providers under strict agreements
⏰ How Long We Keep It
As long as necessary for business purposes and legal requirements, typically 7 years for B2B records
Privacy Policy Navigation
1. Data Controller
The data controller for the ProSource MRO platform is:
| Company Name | ENGONE Co., Ltd. (주식회사 이앤지원) |
| Business Registration | 119-86-44010 |
| Address | 16, Emtibeui 27-ro 20beon-gil, D-17, Siheung-si, Gyeonggi-do, 15118, South Korea |
| Privacy Officer | privacy@prosourcemro.com |
| Data Protection Contact | +82 70 4366 0656 |
2. Information We Collect
2.1 Information You Provide
Account Registration:
- Business name and registration details
- Contact information (name, email, phone)
- Business address and billing information
- Industry sector and company size
- Authorized representative details
Business Profile:
- Company description and capabilities
- Product catalogs and specifications
- Certifications and quality standards
- Financial and trade references
Transaction Data:
- RFQ submissions and requirements
- Quotes and pricing information
- Purchase orders and contracts
- Payment and shipping details
- Communication records
2.2 Information Collected Automatically
Platform Usage:
- Login times and session duration
- Pages visited and features used
- Search queries and filter preferences
- Download and interaction history
Technical Information:
- IP address and device identifiers
- Browser type and operating system
- Screen resolution and language settings
- Referring websites and exit pages
2.3 Third-Party Information
- Business verification from credit agencies
- Industry databases and trade associations
- Social media business profiles (with consent)
- Integration with ERP and procurement systems
3. How We Use Your Information
3.1 Platform Services
- Business Matching: Connect buyers with suitable suppliers based on requirements
- Account Management: Maintain user accounts and provide customer support
- Transaction Processing: Facilitate RFQ submissions, quotes, and order processing
- Quality Assurance: Verify business credentials and maintain platform standards
- Communication: Enable secure messaging between buyers and suppliers
3.2 Business Operations
- Platform Security: Detect and prevent fraud, abuse, and security threats
- Compliance: Meet legal requirements and regulatory obligations
- Analytics: Improve platform performance and user experience
- Marketing: Send relevant business opportunities and platform updates
Legal Basis for Processing (GDPR Article 6)
We process personal data based on: (a) Contract performance, (b) Legitimate business interests, (c) Legal compliance, and (d) Consent where explicitly obtained.
4. How We Share Information
4.1 Business Partners
With Your Consent:
- Sharing business profiles with potential trading partners
- Including company information in RFQ distributions
- Facilitating introductions and business communications
Transaction Facilitation:
- Contact details for order processing and fulfillment
- Technical specifications for accurate quoting
- Shipping and payment information as required
4.2 Service Providers
We share data with trusted third-party providers under strict confidentiality agreements:
- Payment Processors: Secure transaction processing
- Logistics Partners: Shipping and delivery coordination
- Verification Services: Business credential verification
- Cloud Infrastructure: Secure data storage and hosting
- Analytics Providers: Platform performance and usage insights
4.3 Legal Requirements
We may disclose information when required by law:
- Korean tax and customs authorities
- Law enforcement and regulatory agencies
- Court orders and legal proceedings
- Export control and trade compliance
5. Data Security
5.1 Technical Safeguards
- Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- Access Controls: Multi-factor authentication and role-based permissions
- Network Security: Firewalls, intrusion detection, and DDoS protection
- Data Backups: Regular encrypted backups with geographic redundancy
- Monitoring: 24/7 security monitoring and incident response
5.2 Organizational Safeguards
- Staff Training: Regular privacy and security awareness programs
- Access Management: Principle of least privilege and regular access reviews
- Vendor Management: Due diligence and contractual security requirements
- Incident Response: Documented procedures for security breach response
- Compliance Audits: Regular internal and external security assessments
5.3 Data Breach Response
In the unlikely event of a data breach, we will:
- Assess and contain the breach within 24 hours
- Notify relevant authorities within 72 hours (GDPR/PIPA requirement)
- Inform affected users without undue delay
- Provide clear information about the incident and remedial actions
- Implement additional safeguards to prevent recurrence
6. Your Privacy Rights
🔒 Your Data Protection Rights
Right to Access
Request a copy of personal data we hold about you
Right to Rectification
Correct inaccurate or incomplete information
Right to Erasure
Request deletion of your personal data
Right to Restrict
Limit how we process your information
Right to Portability
Receive your data in a machine-readable format
Right to Object
Object to processing based on legitimate interests
6.1 How to Exercise Your Rights
To exercise your privacy rights, please contact us at:
- Email: privacy@prosourcemro.com
- Phone: +82 70 4366 0656
- Online: Privacy settings in your account dashboard
- Mail: ENGONE Co., Ltd., Privacy Officer, Siheung, Korea
We will respond to your request within 30 days (GDPR) or 10 days (PIPA) as required by applicable law.
6.2 Withdrawal of Consent
Where processing is based on consent, you may withdraw consent at any time:
- Marketing communications: Unsubscribe link in emails
- Optional features: Account settings panel
- Data sharing: Contact privacy officer
Withdrawal does not affect the lawfulness of processing before withdrawal.
7. Cookies & Tracking Technologies
7.1 Types of Cookies
| Cookie Type | Purpose | Duration | Required |
|---|---|---|---|
| Essential | Platform functionality, security, authentication | Session | Yes |
| Functional | User preferences, language settings | 1 year | Optional |
| Analytics | Platform usage, performance optimization | 2 years | Optional |
| Marketing | Personalized content, relevant opportunities | 1 year | Optional |
7.2 Managing Cookies
You can control cookies through:
- Cookie Settings: Available in the footer of our website
- Browser Controls: Most browsers allow you to refuse or delete cookies
- Account Preferences: Customize tracking preferences in your dashboard
- Third-Party Opt-outs: Direct opt-out from analytics providers
7.3 Third-Party Analytics
We use the following third-party analytics services:
- Google Analytics: Website usage and performance analysis
- Hotjar: User behavior and experience insights
- Platform Analytics: Internal business intelligence tools
These services have their own privacy policies and cookie practices.
8. International Data Transfers
8.1 Transfer Scenarios
Personal data may be transferred internationally for:
- Business Matching: Sharing with global buyers and suppliers
- Cloud Services: Hosting and backup in secure data centers
- Support Services: Third-party service providers in various countries
- Group Companies: Affiliates and subsidiaries where applicable
8.2 Transfer Safeguards
We ensure adequate protection through:
- Adequacy Decisions: Transfers to countries with adequate protection
- Standard Contractual Clauses: EU Commission approved contracts
- Binding Corporate Rules: Internal data protection standards
- Certification Schemes: Third-party validated security standards
8.3 Your Consent
By using ProSource MRO, you consent to international transfers necessary for platform operation. This includes transfers to:
- Countries with EU adequacy decisions
- Service providers with appropriate safeguards
- Business partners for transaction purposes
9. Data Retention
9.1 Retention Periods
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Account Information | Duration of relationship + 7 years | Business records requirement |
| Transaction Records | 10 years after completion | Tax and accounting laws |
| Communication Logs | 3 years | Dispute resolution |
| Usage Analytics | 26 months | Google Analytics standard |
| Marketing Data | Until consent withdrawn | Consent-based processing |
9.2 Secure Disposal
When data is no longer needed, we ensure secure disposal through:
- Automated deletion systems with audit trails
- Secure wiping of storage media
- Certificate destruction for physical documents
- Verification of third-party deletion
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make material changes:
- We will notify you via email and platform announcements
- Provide at least 30 days notice before changes take effect
- Highlight key changes in the notification
- Maintain previous versions for reference
Continued use of the platform after changes indicates acceptance of the updated policy.
Privacy Questions or Concerns?
Our privacy team is here to help with any data protection questions