Ships Manufacturer Direct | 855-962-7589

Privacy Policy

The Overspray Market is an e-commerce finishing goods store.  The protection of your personal data is critically important to us.  Our Privacy Policy provides you with detailed information on how we collect and process data when a customer visits the Overspray Market.

Although the Overspray Market does not conduct sales outside of the United States of America, we are obligated to protect the privacy of Overspray Market customer data in accordance with Privacy Shield and General Data Protection Regulation (GDPR).

WHY WE COLLECT YOUR DATA

We require certain information for the following reasons:

Order Processing

You provide personal information when you place an order or register an account.  Your name, billing and delivery address, email and phone number are collected and maintained so that we can process your order, communicate with you about your order, and so you may retrieve your order history if you registered an account.

Credit Accounts

If you have a credit agreement with Overspray Market, we will maintain your credit agreement on file locally in a secure environment.  

Tax Exempt Certificates

If you are exempt from paying sales taxes, you may submit a certificate to be maintained on file locally in a secure environment. 

Site Visitation Tracking

Like most websites, we use Google Analytics (GA) to track user interaction. We use this data to better understand how users interact with our store.

Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google does not grant access to this information. Google is a third-party data processor that uses cookies.  Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within our store.  View Google Privacy and Cookie Policy.

Contact forms and email links

Contact forms and email are not stored by this website nor is it passed to, or processed by, a third-party data processor. The data is collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.

Email Newsletter

If you choose to join our email newsletter (we don’t currently have one), the email address that you submit will be processed by MailChimp who provide our email marketing services. MailChimp is a third party data processor. The email address that you submit when joining the newsletter is maintained by MailChimp.

You can remove your email address from MailChimp using the unsubscribe links contained in any email newsletters that we send. When requesting removal via email, please send your request from the email account that is subscribed to the mailing list.

We do not market to children.  If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.  

Again, we do not have a newsletter yet.

Comments

We do not allow commenting or posting in our store as of now but should we choose to use such features in the future, we will comply with then current user requirements including opt-in consent and deletion.

USE OF COOKIES

Shopping Cart Data

To keep track of cart data, we utilize 3 session cookies.  The first two cookies contain information about the cart as a whole and updates the cart when data changes.  The final cookie contains unique code for each customer so that it knows where to find the cart data in the database. No personal information is stored within these cookies.

Google Analytics

Google may use a cookie to track your use of our website.  You may control your browser cookie use in your browser’s settings.

HOW WE STORE YOUR PERSONAL INFORMATION

We take precautions to prevent the loss, misuse or alteration of your personal data. We ensure that your data is protected against unauthorized access by applying SSL certification on our website, implementing firewalls and other security measures on our servers, encrypted storage of personal data including passwords and using credible security software.

If you place an order on this website some personal information such as name, billing address, delivery address, phone number and email will be stored within this website’s database. This data is stored in an encrypted environment.

We maintain invoice data in a secure location “locally” for tax purposes and on the servers of our accounting software provider.  We share your delivery address with carriers as is necessary to complete your order.  Your credit card information is not stored by Overspray Market.  Financial data is maintained by third-party merchant processors.  

YOUR RIGHT TO PERSONAL DATA

Right to Access

You have the right to access your data. Your addresses and contact information are accessible on your Account page where you may update your information. You may also request your information that we retain in our database through the Privacy Tools page.  Once we confirm your identity, we will disclose to you all personal data within 72 hours.  You may also request that your data be corrected or updated by writing to:  dpo@overspraymarket.com

Right to Data Portability

You have the right to data portability that will allow you to reuse your personal data for your own purposes. We provide your personal data in CSV, Excel or PDF file. This information is provided free of charge.

Right to Data Erasure

You have the right to erase your personal data only if the data is no longer necessary in relation to the purpose for which it was originally collected/processed.  For example, we can erase your data from our website database but are required to retain order related information for tax purposes.  Refer to our Data Retention section for order data retention.  Please be aware that data deletion is permanent.  Use the Privacy Tools page to erase your data.

DATA RETENTION

Accounting data is maintained for 7 years.  Data is maintained on our accounting software servers in Canada and locally at the Overspray Market in the United States of America.  Personal information that we process will not be kept for longer than is necessary.

ABOUT THIS WEBSITE’S SERVER

All traffic (file transfers) between this website and your browser is encrypted and delivered over HTTPS.  Our server is PCI compliant and undergoes quarterly security validation by a third party.

WORKING WITH OUR THIRD-PARTY DATA PROCESSORS

Third-Party Processors

We use a number of third parties to process personal data on our behalf.  These include credit card processors such as Amazon Pay and PayPal, freight carriers such as UPS and FedEx, the manufacturers we work with and of course, the hosted servers on which we operate.

Links to Third-Party Websites

We may provide links to other websites, including the manufacturers we work with. The information practices of those third-party websites are not covered by this Privacy Statement.

DATA BREACHES

We will report any unlawful data breach of this website’s database or the database(s) of any of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

DATA CONTROLLER

The Data Controller of this website is: 

Overspray Market
PO BOX 5366
Ardmore OK  73403

PH/FX:  855-962-7589

DATA PROTECTION OFFICER

DPO, Overspray Market
Telephone: 855-962-7589
Email: dpo@overspraymarket.com

CHANGES TO OUR PRIVACY POLICY

Our privacy policy may change with legislation or industry developments. We will update this page occasionally for any policy changes. Specific policy changes and updates are mentioned in the change log below.

Change Log

05/18/2020

  • State sales tax certificate option expands to any state.

04/15/2018

  • Data collection and user control best practices.

11/1/2015

  • Privacy policy implementation.