+1 (800) 555-0123 [email protected]
Masking Supply

Privacy Policy

Last updated: January 28, 2026

Version: 2.0

1. Data Controller

NISACO Ventures Limited

(Operating under the brand name Masking Supply)

Unit 2A, 17/F, Glenealy Tower

No. 1 Glenealy Central

Hong Kong S.A.R.

Contact: [email protected]

Data Protection Officer: Nikolaus J. Sauer

Company Registration Number: 75939874

2. Scope and Principles

2.1 Application

This Privacy Policy applies to the processing of personal data by NISACO Ventures Limited (operating as Masking Supply) in the context of our business activities as a provider of industrial masking supplies and custom manufacturing solutions. It informs you about the nature, scope, and purposes of the collection and use of personal data on our website www.maskingsupply.com and when using our services.

2.2 Legal Basis

The processing of your personal data is based on the EU General Data Protection Regulation (GDPR) and applicable national data protection laws. As a company based in Hong Kong that provides services to customers in the European Union and globally, we comply with GDPR requirements for our EU customers and maintain high data protection standards for all users worldwide.

2.3 Data Protection Principles

We are committed to the following principles in processing personal data:

  • Lawfulness, fairness, and transparency: All data processing is lawful, fair, and transparent
  • Purpose limitation: Personal data is collected for specified, explicit, and legitimate purposes
  • Data minimization: Processing is limited to what is necessary for the purposes
  • Accuracy: Personal data is accurate and kept up to date
  • Storage limitation: Personal data is stored only as long as necessary
  • Integrity and confidentiality: Personal data is protected by appropriate technical and organizational measures

3. Collection and Processing of Personal Data

3.1 Categories of Personal Data

We process the following categories of personal data:

Contact Information:

  • Name (first and last name)
  • Email address
  • Phone number
  • Company name and position
  • Postal address

Quote Request Data:

  • Product selections and quantities
  • Custom requirements and specifications
  • Technical drawings and documents (PDF, JPG, PNG, DWG, DXF, STEP files)
  • Message content and inquiries

Website Usage Data:

  • IP address
  • Browser type and version
  • Pages visited and time spent
  • Referrer URL
  • Device information (operating system, screen resolution)
  • Geographic location (country/region)

3.2 Sources of Data Collection

Direct Collection from You:

  • Quote request forms on our website
  • File uploads (technical drawings and specifications)
  • Email communication
  • Phone conversations
  • Product selections in quote cart

Automatic Collection:

  • Website analytics through Manus platform
  • Server logs and access records
  • Cookies and similar tracking technologies

3.3 Purposes of Data Processing and Legal Bases

Contract Performance (Art. 6(1)(b) GDPR):

  • Processing quote requests and inquiries
  • Providing product information and technical support
  • Order fulfillment and delivery
  • Customer service and support
  • Quality assurance

Legitimate Interests (Art. 6(1)(f) GDPR):

  • Business development and marketing communications
  • Website optimization and analytics
  • IT security and fraud prevention
  • Internal administration and organization
  • Improving our products and services

Consent (Art. 6(1)(a) GDPR):

  • Marketing communications and newsletters
  • Cookies and tracking technologies (where required)
  • Optional data collection beyond what is necessary

Legal Obligation (Art. 6(1)(c) GDPR):

  • Tax and accounting record-keeping requirements
  • Compliance with trade laws
  • Government requests and investigations

4. Cookies and Tracking Technologies

4.1 Use of Cookies

Our website uses cookies and similar technologies to ensure functionality, improve user experience, and for analytics purposes. Cookies are small text files stored on your device.

4.2 Categories of Cookies

  • Necessary Cookies: Essential for website functionality, including session management and quote cart storage (localStorage)
  • Analytics Cookies: Help us understand how visitors interact with the website through Manus analytics platform
  • Functional Cookies: Enable enhanced functionality and personalization

4.3 Cookie Management

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect website functionality, such as the quote cart feature.

5. Third-Party Services and Data Processors

5.1 Manus Platform (Website Hosting and Services)

Provider: Manus Technologies Inc., United States

Purpose: Website hosting, analytics, notification services, and file storage

Data Processed: Website usage data, IP addresses, browser information, quote requests, uploaded files, email notifications

Legal Basis: Art. 6(1)(f) GDPR (legitimate interests)

Data Transfer: United States (appropriate safeguards in place)

Website: www.manus.im

Manus provides our website hosting infrastructure, analytics tracking, email notification services for quote requests, and temporary file storage. The platform processes data automatically collected during website visits and data you submit through forms.

5.2 Amazon Web Services (File Storage)

Provider: Amazon Web Services, Inc. (AWS)

Purpose: Temporary storage of uploaded technical drawings and documents

Data Processed: Uploaded files (PDF, JPG, PNG, DWG, DXF, STEP)

Legal Basis: Art. 6(1)(b) GDPR (contract performance)

Storage Duration: Files are automatically deleted after processing

Security: Industry-standard encryption and access controls

Files you upload through our quote request form are temporarily stored in Amazon S3 (Simple Storage Service) to enable our team to review your technical requirements. Files are securely stored and automatically deleted after they are no longer needed for quote processing.

6. International Data Transfers

We transfer personal data to countries outside the European Economic Area (EEA), including Hong Kong and the United States. These transfers are conducted in compliance with GDPR requirements through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Other appropriate safeguards to ensure data protection

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Secure file upload with size and format restrictions (10MB limit)
  • Access controls and authentication mechanisms
  • Regular security assessments and updates
  • Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Marketing Communications

When you submit a quote request or contact us, we may use your email address to send you information about our products, services, and special offers. This is based on our legitimate interest in maintaining customer relationships and promoting our business.

You have the right to opt out of marketing communications at any time. Every marketing email includes an unsubscribe link, or you can contact us directly at [email protected] to request removal from our marketing list.

Opting out of marketing communications will not affect our ability to send you transactional emails related to your quote requests or orders.

9. Your Rights as a Data Subject

9.1 Overview of Your Rights

As a data subject, you have the following rights regarding your personal data:

Right of Access (Art. 15 GDPR):

You have the right to obtain confirmation as to whether we process your personal data and, if so, to access that data along with information about the processing purposes, categories of data, recipients, and storage duration.

Right to Rectification (Art. 16 GDPR):

You have the right to request the correction of inaccurate personal data or the completion of incomplete data.

Right to Erasure (Art. 17 GDPR):

You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, when you object to processing, or when the data has been unlawfully processed.

Right to Restriction of Processing (Art. 18 GDPR):

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability (Art. 20 GDPR):

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object (Art. 21 GDPR):

You have the right to object to processing of your personal data based on legitimate interests, including profiling and direct marketing.

Right to Withdraw Consent:

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

9.2 Exercising Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]

Post: NISACO Ventures Limited, Unit 2A, 17/F, Glenealy Tower, No. 1 Glenealy Central, Hong Kong S.A.R.

We will respond to your request without undue delay and within one month of receipt. In complex cases, we may extend this period by an additional two months.

10. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

For EU residents, you may contact the supervisory authority in your country of residence or the authority where you believe a violation has occurred. You can find contact information for EU data protection authorities at www.edpb.europa.eu.

11. Children's Privacy

Our website and services are intended for business-to-business (B2B) use and are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected information from a child, please contact us immediately so we can delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Your continued use of our website and services after changes constitutes acceptance of the updated policy.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

NISACO Ventures Limited (Masking Supply)

Unit 2A, 17/F, Glenealy Tower

No. 1 Glenealy Central

Hong Kong S.A.R.

Email: [email protected]

Data Protection Officer: Nikolaus J. Sauer