Privacy and Security Policy


Our Terms and Conditions, Privacy and Security Policy are only available in English. If our Terms and Conditions, Privacy and Security Policy are translated into another language the English version will prevail.

Our Privacy and Security Policy were last updated in August 2020.


1. Introduction

Welcome to www.metalandsteel.com (hereinafter "website" or "platform"). We respect your privacy, and we are committed to only collecting and using your personal data in compliance with applicable privacy laws and regulations, including the General Data Protection Regulation 2016/679 ("GDPR").


This Privacy Policy informs you (hereinafter "user," "you" or "your") of how we collect and process your personal data when you access our website or make use of our services, who we share it with, how long we retain it for and your rights as a data subject.


The platform is owned and controlled by Metal and Steel Limited, a Company formed in accordance with the laws of New Zealand (hereinafter the "Company," "we," "us," or "our").


Please read this Privacy Policy carefully before proceeding to use our platform. This Privacy Policy should be read in conjunction with our Terms and Conditions. Your continued use of our platform will be deemed as your acceptance of this Privacy Policy. If you do not agree with this Privacy Policy, please do not access our platform.


2. The Scope of this Privacy Policy

This Privacy Policy only applies to your use of the website located at www.metalandsteel.com. This Privacy Policy does not extend to your use of any third-party websites or services.


3. Data Controller

The Company acts as the data controller for all the personal data that we collect from you. For any privacy-related matters, you can contact us at [email protected].


4. Updates to this Privacy Policy

From time to time, we may amend this Privacy Policy to reflect our new privacy practices and commitment to compliance with applicable legislation and regulations. We will post the updated Privacy Policy on this webpage and notify you of such updates by changing the last updated date on the top. You should review this Privacy Policy regularly to ensure that you are familiar with any changes. You understand and accept that your continued use of the platform after the effective date of the amendments will be deemed as your tacit acceptance of our new Privacy Policy.


5. Definitions

The following words, wherever used in this Privacy Policy, shall have the meaning as defined hereunder:


Account Holder means a user who registers a user account on the platform
Buyer refers to a user who makes use of the service to search for and acquire products;
Data Controller means "the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law" as defined in Article 4(7) of the General Data Protection Regulation;
Data Subject means a natural person whose personal data is processed by the Company and its processors;
Listing means any request for quotation, an offer of products for sale, or business profiles published on the platform by users;
Personal Data means "any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person" as defined in Article 4(1) of the General Data Protection Regulation;
Processing means "any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction" as defined in Article 4(2) of the General Data Protection Regulation;
Processor means "a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller." as defined in Article 4(8) of the General Data Protection Regulation;
Seller refers to a user who makes use of the platform to list and offer products for sale to Buyers;
Service means all software features, functionality and services offered by the Company;
Subscription Fees refers to the fees payable by a user for a premium plan;
User means a Data Subject (Sellers and Buyers) who makes use of the platform;
User-Generated Content refers to the content created and posted by a user on the platform.

6. Personal data we collect and process

There is some personal and business information ("your data") that you voluntarily provide us when you use our platform. We require this data to deliver our service to you. The data we collect from you includes, but is not limited to, your:


  • Full Name;
  • E-mail Address;
  • Phone Number;
  • IP Address;
  • Business Address;
  • Business Phone Number;
  • Business Social Accounts;
  • Business Logo;
  • Business certifications/documents you upload on to the platform.

We use your data for the following purposes:


User Account Data

When you sign up for a user account on the platform, we collect your full name, e-mail address, password, and your phone number to create/verify your user account and to enable you to securely log into your user account and make use of the service. If you select a paid plan, we will also process your subscription data which includes your selected paid plan to ensure that we offer you all the features and functionality included in your selected plan for the entire duration of your paid subscription. We do not process any sensitive payment data linked to your paid subscription, which is processed directly by Stripe, Inc in accordance with their own privacy policy.


Legal Basis of Processing

The legal basis of our processing of your user account data is the performance of our contract with you, as set out in Article 6(1)(b) of the GDPR.


Data Retention Duration

We will not retain your user account data for more than one year from the date of your user account termination except in cases where we are required to keep your user account data for compliance with our legal obligation or to defend/assert our legal rights.


Please note that the deactivation of your user account will not lead to automatic termination of your user account data by the Company. To request deletion of your personal data, please initiate user account termination in accordance with the Company's Terms and Conditions.


User Profile Data

When you complete your business profile on the platform or make use of the verification functionality, we will collect your business information including but not limited to your business name, description, address, contact details, and any supporting documents you submit. This data is used to verify the business you represent.


Legal Basis of Processing

The legal basis of our processing of your data is the performance of our contract with you, as set out in Article 6(1)(b) of the GDPR.


Data Retention Duration

We will not retain your user profile data for more than one year from the date of your user account termination except in cases where we are required to keep your data to defend any legal actions against the Company or to assert our legal rights. Please note that the deactivation of your user account will not lead to automatic termination of your data.


Website Visitor Data

When you visit our Website, we collect your IP address as well as data relating to the pages you visit on our Website including user profiles and products you view on the platform ("Website Visitor Data"). We use this data to improve our understanding of our users and for our internal business purposes.


Legal Basis of Processing

Our legal basis for processing this data is our legitimate interest, which does not override your data rights as set out in article 6(1)(f) of GDPR.


Data Retention Duration

We will not retain our website visitor data for more than six months from the date of your last Website visit.


Support Requests

When you contact our support team with your requests, we process your personal data, including your name, e-mail address and the subject of your request to respond to your support request.


Legal Basis of Processing

Our legal basis for processing this data is our legitimate interest, which does not override your data rights as set out in article 6(1)(f) of GDPR.


Data Retention Duration

We will delete your support request data on the date of your user account termination.


Mailing List Data

If you subscribe to our mailing list, we will process your full name and your e-mail address to send you our newsletter and other promotional material. You can withdraw your consent at any time by unsubscribing at the bottom of our marketing e-mail. If you unsubscribe from our mailing list, we will immediately stop processing your personal data for our direct marketing purposes.


Legal Basis of Processing

Our legal basis for processing this data is your consent, which you freely grant us when you opt-in to receive marketing material from us as set out in article 6(1)(a) of GDPR.


Data Retention Duration

We will immediately remove you from our mailing list when you unsubscribe from our service.


Automatically collected data

When you access and make use of our platform, we automatically collect some data about you, such as:


Usage Data

We automatically collect and store some data about you when you use our platform, such as your browser type, your IP address, the pages you visit on our website (business or products you have viewed), products you search for, as well as time and date of your visit. We use this information to improve and deliver our services to our users.


Legal Basis of Processing

Our legal basis for processing this data is our legitimate interest, which does not override your data rights as set out in article 6(1)(f) of GDPR.


Data Retention Duration

We will delete your usage data on the date of your user account termination.


7. Disclosing your personal data

We do not sell or rent your personal data to any third party. We may disclose your personal data as described hereunder:


E-mail distribution Tools

We will use third-party e-mail distribution tools to send e-mails to you as and when required. Your name and e-mail address will be stored on the e-mail distribution tool that we use to e-mail you.


Platform Users

When you create your user account, your user profile and associated User-Generated Content may be publicly visible/accessible to other users on the platform for the entire duration that your user account is active.


We also provide certain services that enable users to access information such as who has viewed their user profile and products as well as whether the recipient user has read their message. When you visit a user profile, products or receive a message on the platform, your data may be shared by the Company with relevant users.


Company Employees

Your personal data will be shared with our Company employees on a need to know basis to enable them to deliver you the services on our behalf.


Merger or Acquisition

In the future, if we undergo a merger or acquisition, your personal data, such as your name, e-mail address, and phone number, will form part of our business assets and may be transferred to the new entity. Please note that any transfer of your personal data as a result of a commercial transaction will not negatively impact your privacy rights as specified in this Privacy policy.


Compliance Obligations

We may be required to disclose your personal data to local and international government authorities, law enforcement bodies, courts of law, or other government agencies as and when required for compliance with our legal and regulatory obligations, for asserting or defending our rights and interests.


Anonymous Statistical Data

We may share anonymous statistical data we collect from you during the course of your usage of the platform with third parties for our business purposes. We aggregate this data to ensure no personal information about any user is disclosed to any third-party that we share it with.


Third-Party Services

We may disclose your personal data to our third-party Service Providers who assist us with the maintenance and development of our platform;


8. Third-party website links

Our platform may contain links to third-party websites that are not owned or operated by us. Should you decide to click on any such third party links, you will be directed to such a third party's website. These third-party websites have their own Terms and Conditions and Privacy Policy. We encourage our Users to review the third-party website Terms and Privacy Policy prior to using such a Website or acquiring any services offered by them. We only provide such links for your convenience, and the presence of any third party links on our Website does not constitute an endorsement or recommendation of such third party website. We cannot be held responsible for these third-party websites or their practices.


9. Transfer of Personal Data

We will transfer and process your personal data on computers and servers that are located in New Zealand and other parts of the world where the data protection laws may differ from those of your current country of residence. If you are currently in one of the member states in the European Union (EU), you understand and consent to your personal data being transferred outside of the EU and processed in New Zealand and other parts of the world. If you do not consent to such transfer of data outside the EU, please refrain from using our platform.


10. EU Users' Data Rights

If you are currently in the EU, your rights relating to your personal data that we hold are as follows:


Right to access your personal data

As a data subject in the EU, you may ask us to provide you with a copy of all your personal data that we have for you.


Right to rectification

You have the right to rectification of any incorrect or incomplete information. You can exercise your right by logging into your user account and editing the relevant information; alternatively, you can also contact us at the contact information provided at the bottom of this Privacy Policy with your rectification request.


Right to data portability

You shall have the right to receive the personal data concerning you, which was provided to us, in a structured, commonly used, and machine-readable format.


Right to withdraw consent

You have the right to withdraw your consent from receiving any direct marketing material from us by clicking the "unsubscribe" button at the bottom of our marketing e-mail or alternatively by contacting us with your request.


Right to erasure of personal data

In limited circumstances, you may have the right to request the erasure of your personal data, such as where you have a reason to believe that your personal data is being processed unlawfully or where the personal data is retained for longer than specified in our data retention policies.


11. Complaints

If you believe that our privacy practices are infringing on your privacy rights, we will appreciate it if you would contact us to discuss the matter first by sending an e-mail to [email protected]. If you are dissatisfied with our response, you also have the right to complain to your local data protection authority.


12. Storage and Security

The security of your personal data is important to us, and we are committed to keeping all relevant confidential information secure. We store all your personal data in a password-protected database residing within our secure network behind a firewall. We also ensure that all our processors employ adequate levels of security to avoid any data breach. Although we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.


13. Children's Privacy

We do not knowingly collect any personal information from children who are under the age of eighteen. If you become aware of any information to suggest that a child has provided his/her personal information to us, please immediately contact us. We will investigate the matter and take appropriate action.


14. Cookie Policy


1. We use cookies

We use cookies on our website. This Cookie Policy informs you about what cookies we use on our website, how we use them and how you can decline our cookies. We do not receive any personal data about our users through the use of cookies. By using our website, you consent to the use of cookies and other tracking technologies that we use as specified in this Cookie Policy.


This Cookie Policy should be read in conjunction with our Privacy Policy, which informs you of your rights as a data subject for your personal data that we process.


For any questions about this Cookie Policy, you can contact us through the contact us form on our website or by sending an email at [email protected].


2. What are cookies?

Cookies are small text files that are stored on your browser or the hard drive of your computer or other mobile devices when you access a website. Cookies help improve your user experience on our website. Cookies we use on our website do not collect any personal data from your hard drive or computer.


There are different types of cookies. We are authorised to use cookies without your permission, provided such cookies are strictly necessary for the operation of our website. However, if we use cookies that are not strictly necessary for the operation of our website, we can only use them with your consent. You may withdraw your consent at any time.


3. Types of cookies on our website

We currently use three main types of cookies on our website: strictly necessary cookies, statistics cookies, and preferences cookies. Some of these cookies come from our website, and some come from third-party services that we use.


1. Necessary Cookies

Strictly necessary cookies are required to make a website usable and enable you to navigate through the website. Without the use of strictly necessary cookies some areas of our website will not be usable. We do not require your permission to use strictly necessary cookies on our website.


2. Preference Cookies

Preference cookies help a website to remember information that changes the way the website behaves or looks.


3. Statistics Cookies

Statistics cookies help us understand how users interact with our website by collecting information anonymously.


4. How to block cookies?

You can choose to accept or reject cookies by changing your browser settings at any time, as well as delete cookies. To learn more about how you can manage cookies on your browser, please visit the applicable browser links provided hereunder:



Please note that blocking cookies may result in poor user experience.


To learn more about how to delete cookies, please visit https://www.aboutcookies.org/how-to-delete-cookies/.


5. Changes to this Cookie Policy

The Company reserves the right to update this Cookie Policy at any time. When we make any changes to this Cookie Policy, we will notify you by updating the last updated date on the top of this page.


15. Contact Us

If you have any questions, comments, or enquiries regarding this Privacy Policy or our Privacy Practices, please contact us at the contact information provided hereunder:


[email protected]


Copyright © 2020 Metal and Steel Limited