Back to Home

Privacy Policy

Last updated: January 25, 2025

This Privacy Policy describes how ArchiusComus ("we", "us", or "our") collects, uses, and protects personal data when you use Machinery Dealer PRO Expo ("MDP Expo", "the Service"). This policy applies to our subscribing organizations (customers) and their authorized users, as well as end users who interact with the Service through QR code scanning at trade shows.

For Business Users: MDP Expo is a B2B service. When your organization subscribes to our Service, your organization acts as the data controller for personal data processed through the Service, and we act as a data processor on your behalf.

1. Data Controller Information

ArchiusComus
Email: privacy.machinerydealerpro@archiuscomus.com

For questions about this Privacy Policy or to exercise your data protection rights, please contact us at the email address above.

2. Categories of Personal Data We Collect

2.1 Subscriber Organization Data

When your organization subscribes to MDP Expo, we collect:

  • Organization name and contact information
  • Billing information (processed by Paddle as Merchant of Record)
  • Administrator contact details (name, email, phone)
  • Organization branding assets (logos, colors)

2.2 Authorized User Data

For salespeople and staff using the Service:

  • Name, email address, phone number
  • User credentials (passwords stored in hashed form)
  • Unique PIN codes for lead attribution
  • Activity logs within the Service

2.3 Lead/Prospect Data

When trade show visitors scan QR codes and submit contact forms:

  • Name, email address, phone number
  • Company name (if provided)
  • Machine/product interest
  • Marketing consent preference
  • Timestamp and event information

2.4 Technical Data

  • IP addresses and device information
  • Browser type and version
  • Usage patterns and feature interactions
  • Error logs for service improvement

3. Legal Basis for Processing (GDPR Article 6)

We process personal data based on the following legal grounds:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service to our subscribers
  • Legitimate Interests (Art. 6(1)(f)): Service improvement, security, and fraud prevention
  • Consent (Art. 6(1)(a)): Marketing communications where applicable
  • Legal Obligation (Art. 6(1)(c)): Tax records, legal compliance

4. How We Use Personal Data

We use collected data to:

  • Provide and maintain the MDP Expo service
  • Process subscriptions and billing through Paddle
  • Generate and deliver PDF quotes to trade show visitors
  • Enable lead tracking and CRM functionality for subscribers
  • Send service-related communications
  • Improve and develop new features
  • Ensure security and prevent fraud
  • Comply with legal obligations

5. Data Processor Role

When subscriber organizations use MDP Expo to collect and process lead data from trade show visitors:

  • The subscriber organization is the Data Controller
  • ArchiusComus acts as a Data Processor
  • We process data only according to subscriber instructions
  • We maintain appropriate technical and organizational security measures

Subscriber organizations are responsible for ensuring they have appropriate legal basis to collect lead data and for providing privacy notices to their trade show visitors.

6. Data Sharing and Third Parties

We share personal data with the following categories of recipients:

6.1 Service Providers

  • Paddle.com: Payment processing and billing (as Merchant of Record)
  • Amazon Web Services (AWS): Cloud infrastructure and data hosting (EU region)
  • Email service providers: Transactional email delivery

6.2 Legal Requirements

We may disclose data when required by law, court order, or to protect our legal rights.

7. International Data Transfers

Our primary data processing occurs within the European Union (AWS eu-north-1 region in Stockholm). When data transfers outside the EU/EEA are necessary, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Other approved transfer mechanisms under GDPR

8. Data Retention

We retain personal data for the following periods:

  • Subscriber account data: Duration of subscription plus 2 years
  • Lead/prospect data: As determined by the subscriber organization (data controller)
  • Billing records: 7 years (legal requirement)
  • Technical logs: 90 days

Subscriber organizations can request data deletion at any time, subject to legal retention requirements.

9. Your Rights Under GDPR

Depending on your relationship with the Service, you have the following rights:

  • Right of Access: Obtain confirmation and copies of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Where processing is based on consent

For Trade Show Visitors: If you submitted your contact information via a QR code scan, please contact the machinery dealer organization directly to exercise your rights, as they are the data controller for your information.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Secure password hashing (bcrypt)
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection

11. Cookies and Tracking

MDP Expo uses essential cookies for:

  • Authentication and session management
  • Security features
  • User preferences (language settings)

We do not use third-party advertising or tracking cookies.

12. Children's Privacy

MDP Expo is a business-to-business service not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify subscribers of significant changes via email or through the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In Finland, the relevant authority is:

Office of the Data Protection Ombudsman
Website: tietosuoja.fi

15. Contact Us

For privacy-related inquiries:

Email: privacy.machinerydealerpro@archiuscomus.com
General inquiries: info@machinerydealerpro.com