PRIVACY POLICY

This Privacy Policy explains how SS GLOBAL LLC (trading as EquipRemarket) ("we", "us", or "our") collects, uses, stores, and shares your personal data when you use our website at https://equipremarket.com (the "Website") and related services (together, the "Services").

We are committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Irish Data Protection Act 2018, and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (the "ePrivacy Regulations").

Please read this Privacy Policy carefully. If you have any questions, you can contact us at office@equipremarket.com.

Table of Contents

1. Data Controller
2. What Personal Data We Collect
3. How We Collect Your Data
4. Legal Bases for Processing
5. Purposes of Processing
6. Recipients and Sharing
7. International Transfers
8. Data Retention
9. Cookies and Tracking Technologies
10. Your Rights Under the GDPR
11. Children's Data
12. Data Security
13. Changes to This Policy
14. Contact Us
15. Complaints

1. Data Controller

The data controller responsible for your personal data is:

As we are established outside the European Economic Area (EEA), we have designated a Data Protection Officer who can be contacted at office@equipremarket.com for all data protection matters.

2. What Personal Data We Collect

2.1 Data you provide directly

When you register for an account, make a purchase, submit an enquiry, or otherwise interact with our Services, we may collect:

• Name
• Email address
• Postal/mailing address
• Phone number
• Contact and communication preferences
• Account login credentials
• Payment and billing information (processed by our payment service providers)
• Any other information you choose to provide (e.g. enquiry content, feedback)

2.2 Data collected automatically

When you visit our Website, we automatically collect certain technical and usage data, including:

• IP address
• Browser type and version
• Operating system
• Device type and identifiers
• Referring URL and pages visited
• Date, time, and duration of your visit
• Approximate geolocation data (derived from IP address)

This data is collected through cookies and similar technologies (see Section 9).

2.3 Data from third parties

If you choose to log in via a third-party social media account (e.g. Facebook or Google), we may receive your name, email address, and public profile information from that provider. We do not receive your social media password.

2.4 Special categories of data

We do not knowingly collect any special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation).

3. How We Collect Your Data

We collect personal data through the following means:

• Directly from you — when you create an account, place an order, fill in a form, or contact us.
• Automatically — through cookies, server logs, and similar technologies when you use our Website.
• From third parties — social login providers, analytics services (e.g. Adobe Analytics), and advertising platforms.

4. Legal Bases for Processing

Under the GDPR, we must have a lawful basis for each processing activity. We rely on the following legal bases:

Legal Basis (GDPR Article 6)	When We Rely on It
Consent (Art. 6(1)(a))	Setting non-essential cookies and tracking technologies; sending marketing communications; processing social login data.
Performance of a contract (Art. 6(1)(b))	Creating and managing your account; processing orders and payments; delivering our Services to you.
Legal obligation (Art. 6(1)(c))	Complying with tax, accounting, and regulatory requirements; responding to lawful requests from authorities.
Legitimate interests (Art. 6(1)(f))	Maintaining the security of our Website; improving our Services; fraud prevention; internal analytics and reporting. Our legitimate interests do not override your fundamental rights and freedoms.
Vital interests (Art. 6(1)(d))	In rare cases, to protect your vital interests or those of another person.

Where we rely on consent, you may withdraw your consent at any time by contacting us at office@equipremarket.com. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

5. Purposes of Processing

We process your personal data for the following purposes:

• Account management — to create, maintain, and secure your user account.
• Order fulfilment — to process purchases, payments, returns, and exchanges.
• Customer support — to respond to your enquiries and resolve issues.
• Service communications — to send you administrative messages about your account, orders, and changes to our terms.
• Marketing — to send promotional communications where you have given consent (you can opt out at any time).
• Analytics and improvement — to understand how our Website is used and to improve performance, functionality, and user experience.
• Security and fraud prevention — to detect, prevent, and address fraud, unauthorised access, and other harmful activity.
• Legal compliance — to comply with applicable laws, regulations, and legal processes.

6. Recipients and Sharing

We do not sell your personal data. We may share your data with the following categories of recipients, each bound by appropriate contractual obligations:

• Service providers and processors — hosting providers, payment processors, email service providers, analytics providers (e.g. Adobe Analytics), and customer support tools, who process data on our behalf under data processing agreements.
• Google Maps Platform — we use Google Maps APIs which may process your location data. Google's use of this data is governed by Google's Privacy Policy.
• Social login providers — if you use social login, the relevant provider receives confirmation of your login activity.
• Professional advisers — lawyers, accountants, and auditors where necessary.
• Law enforcement and regulators — where required by law or to protect our legal rights.
• Business transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

7. International Transfers

As our company is based in the United States, your personal data will be transferred to and processed in the United States and potentially other countries outside the EEA.

Whenever we transfer your personal data outside the EEA, we ensure that appropriate safeguards are in place to protect it, including:

• EU–US Data Privacy Framework — where the data importer is certified under the framework.
• Standard Contractual Clauses (SCCs) — approved by the European Commission under Article 46(2)(c) GDPR, supplemented by transfer impact assessments where required.
• Adequacy decisions — where the European Commission has determined that a third country provides an adequate level of data protection.

You may request a copy of the safeguards in place by contacting us at office@equipremarket.com.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention periods are:

Data Category	Retention Period
Account data	For the duration of your account, plus 6 months after closure
Transaction and order data	6 years (to comply with tax and accounting obligations)
Marketing consent records	For as long as consent remains valid, plus 12 months
Technical/log data	6 months
Geolocation data	6 months
Customer support correspondence	2 years from resolution

When personal data is no longer needed, we will securely delete or anonymise it. Where deletion is not immediately possible (e.g. data held in backups), we will isolate the data from further processing until deletion is feasible.

9. Cookies and Tracking Technologies

Our Website uses cookies and similar technologies. Under the ePrivacy Regulations, we are required to obtain your consent before placing non-essential cookies on your device.

9.1 Types of cookies we use

Cookie Type	Purpose	Legal Basis
Strictly necessary	Essential for the Website to function (e.g. shopping cart, authentication). Cannot be disabled.	Legitimate interest / Exemption under ePrivacy Regulations
Performance and functionality	Enhance Website performance and functionality (e.g. emoji support via WordPress).	Consent
Analytics and customisation	Help us understand how visitors use our Website (e.g. Adobe Analytics).	Consent
Advertising	Deliver relevant advertisements and track campaign effectiveness (e.g. WooCommerce source tracking via Sourcebuster).	Consent

9.2 Managing cookies

You can manage your cookie preferences at any time through our Cookie Consent Manager (available in the cookie banner on our Website). You may also configure your browser to block or delete cookies. Please note that disabling certain cookies may affect Website functionality.

For more detail on the specific cookies we use, please see our Cookie Policy.

10. Your Rights Under the GDPR

As a data subject in the EEA, you have the following rights under the GDPR. These rights are not absolute and may be subject to certain conditions and limitations under applicable law.

• Right of access (Art. 15) — You have the right to obtain confirmation as to whether we process your personal data, and to receive a copy of that data.
• Right to rectification (Art. 16) — You have the right to have inaccurate personal data corrected and incomplete data completed.
• Right to erasure ("right to be forgotten") (Art. 17) — You have the right to request the deletion of your personal data in certain circumstances.
• Right to restriction of processing (Art. 18) — You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability (Art. 20) — You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
• Right to object (Art. 21) — You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing your data for that purpose without delay.
• Right to withdraw consent (Art. 7(3)) — Where processing is based on consent, you may withdraw your consent at any time.
• Right not to be subject to automated decision-making (Art. 22) — You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. We do not currently carry out solely automated decision-making.

How to exercise your rights

You may exercise any of these rights by:

• Emailing us at office@equipremarket.com
• Submitting a request via https://equipremarket.com/contact
• Writing to us at: SS GLOBAL LLC, 10125 Industrial Dr, Whitmore Lake, MI 48189, United States

We will respond to your request within one month of receipt, as required by Article 12(3) GDPR. This period may be extended by a further two months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request.

We may need to verify your identity before processing your request. We will not charge a fee for exercising your rights unless requests are manifestly unfounded or excessive.

11. Children's Data

Our Services are not directed at children. Under the Irish Data Protection Act 2018, the age of digital consent in Ireland is 16 years of age. We do not knowingly collect personal data from children under 16. Where we rely on consent as the legal basis for processing and the user is under 16, such consent must be given or authorised by the holder of parental responsibility.

If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete that data promptly. If you believe we have collected data from a child under 16, please contact us at office@equipremarket.com.

12. Data Security

We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage, in accordance with Article 32 GDPR. These measures include encryption, access controls, regular security assessments, and staff training.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR. Where the breach is likely to result in a high risk to you, we will also notify you directly in accordance with Article 34 GDPR.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. The "Last updated" date at the top of this Policy indicates when it was most recently revised.

Where changes are significant, we will notify you by prominently posting a notice on our Website or by sending you a direct communication. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data protection practices, or if you wish to exercise any of your rights, please contact us:

15. Complaints

If you are not satisfied with how we handle your personal data or respond to your request, you have the right to lodge a complaint with a supervisory authority. If you are based in Ireland or if our processing is subject to the oversight of the Irish supervisory authority, you may contact:

You also have the right to lodge a complaint with the supervisory authority in the EU/EEA Member State of your habitual residence, place of work, or place of the alleged infringement.