Privacy Policy | ERG Supplements

1. Introduction

ERG Supplements ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal data in connection with our website, products, and services. This policy applies to all visitors and customers, including business clients, manufacturers, and formulators.

2. Information We Collect

2.1 Information You Provide Directly

When you use our services, we collect information you voluntarily provide, including:

Business name, contact person name, title, and position
Business email address and phone number
Business address and shipping address
Company type and industry classification
Product requirements and order specifications
Payment and banking information
Tax ID and business registration numbers
Correspondence and communications with our team

2.2 Information Collected Automatically

When you visit our website, we automatically collect:

IP address and device identifiers
Browser type and version
Pages visited and time spent
Referral source
Cookie data and similar technologies
General location data (country/region level)

3. How We Use Your Information

We use collected information for the following purposes:

Processing and fulfilling wholesale orders and quotes
Verifying business legitimacy and compliance
Communicating product information, specifications, and COA documentation
Managing payments and invoicing
Providing customer support and technical assistance
Complying with legal and regulatory obligations (Farm Bill, COMPLY, anti-money laundering)
Improving website functionality and user experience
Preventing fraud and unauthorized access
Conducting business analytics and market research
Contacting you about products, services, and updates (with consent)

4. Legal Basis for Processing (GDPR)

We process personal data based on the following legal grounds:

Contract Performance: Processing necessary to enter into and perform business contracts
Legal Obligation: Compliance with federal, state, and international laws (Hemp Farming Act, KYC requirements)
Legitimate Interests: Business operations, fraud prevention, and security
Consent: Marketing communications and optional data collection (with explicit opt-in)

5. Data Sharing and Disclosure

We may share your information with:

Service Providers: Payment processors, logistics providers, and hosting services
Compliance Partners: Age verification, KYC providers, and regulatory authorities
Financial Institutions: Banks and payment processors for transaction processing
Legal Requirements: Law enforcement, courts, or government agencies as required by law
Business Partners: Third parties you authorize or consent to

We do not sell, trade, or rent personal data to third parties for marketing purposes without explicit consent.

6. International Data Transfers

As an international business, we may transfer personal data across borders. For transfers to countries outside the EU/EEA, we implement appropriate safeguards including Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or other mechanisms compliant with GDPR Article 46.

7. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy:

Customer Data: During active business relationship and 7 years post-termination (for tax/regulatory purposes)
Transaction Records: Minimum 7 years (federal tax and regulatory requirements)
Website Analytics: 24-26 months
Communications: As long as necessary for correspondence purposes

8. Your Privacy Rights

General Rights

You have the right to:

Access the personal data we hold about you
Request correction of inaccurate or incomplete data
Request deletion of your data (subject to legal retention requirements)
Withdraw consent at any time
Opt-out of marketing communications
Data portability (receive data in structured format)

GDPR Rights (EU/EEA Residents)

If you are a resident of the European Union, European Economic Area, or United Kingdom, you have additional rights including:

Right to know about automated decision-making and profiling
Right to restrict processing
Right to object to processing
Right to lodge a complaint with your local data protection authority

To exercise any of these rights, please contact us at privacy@ergsupplements.com.

9. Security Measures

We implement industry-standard security measures to protect your data, including:

SSL/TLS encryption for data in transit
Secure data storage and access controls
Regular security assessments and penetration testing
Employee training on data protection
Incident response procedures
Compliance with PCI-DSS standards for payment processing

However, no security system is impenetrable. We cannot guarantee absolute security of your data.

10. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. You can control cookie preferences through your browser settings. We comply with ePrivacy Directive and GDPR requirements for cookie consent.

Essential Cookies: Required for site functionality
Analytics Cookies: Track usage patterns (with consent)
Marketing Cookies: Enable targeted communications (with consent)

11. Children's Privacy

Our services are intended for businesses and professionals only. We do not knowingly collect data from individuals under 18. If we become aware of such collection, we will delete the data immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use of our services constitutes acceptance of changes.

13. Contact Us

For privacy-related inquiries, data subject requests, or concerns:

Email: privacy@ergsupplements.com
Mailing Address: ERG Consultants LLC, United States
Response Time: We will respond to requests within 30 days (GDPR: 45 days)

14. Data Protection Officer / Privacy Contact

While not currently required, we maintain a Privacy Contact for data protection matters. For inquiries contact: compliance@ergsupplements.com