Privacy policy

At a glance

• We collect what you send us through our forms, plus standard server-log and device data created when any website is visited.
• We do not sell or “share” your personal information, we do not use it for cross-context behavioral or targeted advertising, and we do not use identity-resolution, device-fingerprinting, or visitor-de-anonymization technologies.
• Non-essential cookies (analytics, marketing) are off by default and load only if you opt in through our consent banner. You can change your choice any time via the “Cookie settings” link in the footer. We honor Global Privacy Control (GPC).
• You have rights to access, correct, delete, and port your information, and to opt out of certain processing — described in Sections 8–12.

This summary is for convenience only and does not replace the full Policy below.

1. Who we are, scope, and acceptance

1.1 Identity of the controller / business

Industrial Maintenance Solutions, Inc. (“IMS,” “we,” “us,” “our”) operates the website at https://www.imsbelzona.com(the “Site”). We are the authorized Belzona distributor for Virginia, Maryland, Washington, D.C., and most of West Virginia, supplying and supporting industrial protective coatings and polymer repair composites from our headquarters at 317 Tisinger Road, Mount Jackson, VA 22842. For the personal information described here, IMS is the “controller” (GDPR) and “business” (CCPA/CPRA).

1.2 Scope and what this Policy does not cover

This Policy applies only to information collected through the Site and through inquiries you submit to us. It does not cover: (a) information you provide directly to Belzona Polymerics Limited or any other manufacturer; (b) third-party websites we link to (Section 15); or (c) information you give us offline (for example, in person or on a job site), which we handle consistent with this Policy but which is not collected through the Site.

1.3 Acceptance of this Policy

By accessing or using the Site or submitting information through it, you acknowledge the practices described in this Policy. If you do not agree, please do not use the Site or send us information.

1.4 Intended audience — business and professional use

The Site is intended for industrial and commercial professionals and is not directed to children. See Section 13 (Children’s privacy).

2. Information we collect

2.1 Information you provide directly

When you submit a contact form, request a quote, request a site survey, schedule a Lunch & Learn, or apply for a role, we collect the information you choose to enter — typically your name, company, job title, email address, phone number, facility location, and a description of your equipment, application, or problem. Providing this information is voluntary, but we cannot respond to a request without enough information to do so.

2.2 Information collected automatically

When any website is visited, certain technical data is generated. Our hosting provider (Vercel, Inc.) processes standard server-log data on our behalf, which may include:

• Device and browser information: browser type and version, operating system, screen size, and language preference;
• Usage data: pages requested, timestamps, and the referring page or search engine;
• Network information: IP address, which may be used to derive an approximate (city- or region-level) location.

We do not currently deploy third-party analytics (such as Google Analytics), session-recording or heatmap tools, or any identity-resolution, device-fingerprinting, or visitor-de-anonymization technologies. If we add any such tool in the future, we will update this Policy first, classify it under the appropriate consent category (Section 4), and load it only with your consent where required.

2.3 Categories of sources

We collect personal information (a) directly from you; (b) automatically from your device and browser as described above; and (c) from our service providers acting on our behalf (for example, email-delivery logs). We do not purchase personal information about you from data brokers.

2.4 Sensitive information — please do not send it

We do not request and do not need sensitive personal information (such as government identifiers, financial-account numbers, health information, precise geolocation, or information revealing race, religion, or similar categories). Please do not include sensitive information in free-text fields. If you send it to us anyway, you consent to our handling it as described here, and we will delete it when it is no longer needed.

3. How we use your information

3.1 Purposes

We use the information we collect to:

• respond to your inquiries and provide technical recommendations;
• prepare and deliver quotes, schedule site surveys, and coordinate Lunch & Learn sessions;
• operate, secure, maintain, and improve the Site;
• understand, in aggregate, which content is useful (only where analytics is enabled by consent — see Section 4);
• follow up on expressed interest in Belzona products and services;
• detect, prevent, and respond to fraud, abuse, security incidents, and unlawful activity; and
• comply with our legal obligations and enforce our agreements.

3.2 Legal bases (EEA / UK visitors)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

• Consent— for non-essential cookies and any optional marketing communications (you may withdraw consent at any time);
• Contract / pre-contractual steps— to respond to your quote, survey, or inquiry;
• Legitimate interests— to operate and secure the Site and to pursue our reasonable commercial interests, balanced against your rights; and
• Legal obligation— to comply with applicable law.

3.3 What we do not do

We do not sell your personal information. We do not “share” it for cross-context behavioral advertising. We do not use it for targeted advertising. We do not engage in automated decision-making or profiling that produces legal or similarly significant effects about you.

4. Cookies, consent, and tracking technologies

4.1 Our consent model

We use an opt-in model for non-essential technologies. Only essentialstorage is set when you arrive. Analytics and marketing technologies remain off until you enable them through our consent banner. Declining is as easy as accepting (“Reject non-essential” is presented alongside “Accept all”).

4.2 Categories

• Essential (always on): required for the Site to function and to remember your cookie choice. Cannot be switched off.
• Analytics (off by default): would help us understand, in aggregate, how the Site is used. No analytics tool is currently deployed.
• Marketing (off by default): would help us measure campaigns and tailor outreach. No marketing or advertising technology is currently deployed.

4.3 Current cookies and storage

Because no analytics or advertising technologies are currently active, the only persistent item we set is the essential consent record above.

4.4 Managing your choices

• Consent banner / “Cookie settings”: use the banner, or the “Cookie settings” link in the footer at any time, to accept, reject, or change individual categories.
• Browser controls: you can block or delete cookies through your browser; blocking all cookies may affect Site functionality.
• Global Privacy Control (GPC):we honor the GPC signal. If your browser sends it, we treat it as a valid opt-out of non-essential technologies and as a “do not sell or share” request under applicable state laws; we automatically record this as a rejection of non-essential cookies and do not show the banner.
• Do Not Track (DNT): there is no common industry standard for DNT, so we do not respond to it; we honor the newer GPC signal instead.

5. How we share information

5.1 Categories of recipients

We disclose personal information only as described here: to service providers that process it on our behalf; to our manufacturer for product support; to legal and regulatory authorities where required; and in connection with a corporate transaction (Section 5.3). We do not disclose personal information for monetary or other valuable consideration.

5.2 Key sub-processors and third-party services

• Vercel, Inc.(United States) — hosting and standard server logs.
• Resend, Inc.(United States) — delivery of transactional emails (for example, inquiry and quote acknowledgments) on our behalf.
• Belzona Polymerics Limited(United Kingdom) — our manufacturer and franchisor, for product support, technical assistance, warranty processing, and distributor coordination.
• YouTube / Google LLC(United States) — only if you play an embedded video, your interaction is then handled under Google’s Privacy Policy.

Service providers are permitted to use the information only to perform services for us and are bound by confidentiality and data-protection obligations.

5.3 Legal disclosures and business transfers

We may disclose information when required by law, subpoena, or court order, or to protect the rights, property, or safety of IMS, our users, or the public. If IMS is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to this Policy or a successor policy with comparable protections.

6. Data retention

We keep personal information only as long as reasonably necessary for the purposes in this Policy, then delete or de-identify it. As general guidance:

• Inquiry / quote / survey submissions: for the duration of the prospect or customer relationship and a reasonable period afterward for follow-up, recordkeeping, and legal purposes;
• Email delivery logs (Resend):per Resend’s retention practices;
• Server logs (Vercel): per Vercel’s retention practices; and
• Consent record: until you clear it or change your choice.

We may retain information longer where required to comply with law, resolve disputes, or enforce our agreements. You may request deletion at any time (Section 8).

7. Security and breach notification

We use commercially reasonable administrative, technical, and organizational measures to protect personal information, including encrypted connections (TLS/HTTPS), access controls, and reputable cloud infrastructure. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a security incident affecting your personal information, we will notify you and the relevant authorities as and when required by applicable law.

8. Your privacy rights and how to exercise them

8.1 Rights overview

Depending on where you live, you may have rights to access, correct, delete, and obtain a portable copy of your personal information, and to opt out of certain processing. State-specific details are in Sections 9–11; rights under the GDPR are in Section 12.

8.2 How to submit a request

Submit a request using the methods in Section 14 (phone, mail, or our contact form). To protect your information, we will take reasonable steps to verify your identity before acting, which may require you to confirm details we already hold. You may use an authorized agentto submit a request; we may require proof of the agent’s authority and verification of your identity.

8.3 Non-discrimination and appeals

We will not discriminate or retaliate against you for exercising your rights. If we deny your request, you may appeal by replying to our decision; if you remain unsatisfied, you may contact your state attorney general or supervisory authority.

8.4 Response times

We aim to respond within 30 days, or sooner where your state’s law requires (for example, 45 days under several US state laws, extendable with notice).

9. Virginia Consumer Data Protection Act (VCDPA)

IMS is headquartered in Virginia. The VCDPA (Va. Code § 59.1-575 et seq.) grants Virginia residents the rights to confirm and access their personal data; to correct inaccuracies; to delete it; to obtain a portable copy; and to opt out of (a) targeted advertising, (b) the sale of personal data, and (c) profiling with legal or similarly significant effects.

How we comply: we do not sell personal data, conduct targeted advertising, or perform such profiling, so there is no opt-out to exercise for those activities. To exercise the access, correction, deletion, or portability rights, contact us (Section 14); we respond within 45 days and offer an appeal. You may also complain to the Virginia Attorney General.

10. California privacy rights (CCPA/CPRA)

If you are a California resident, the CCPA, as amended by the CPRA (Cal. Civ. Code § 1798.100 et seq.), gives you the rights to know, access, correct, and delete your personal information; to opt out of the “sale” or “sharing” of personal information; to limit the use of sensitive personal information; and to be free from discrimination for exercising these rights.

10.1 Notice at collection — categories collected

In the preceding 12 months we have collected the following categories of personal information (as defined by the CCPA), for the business purposes in Section 3, from the sources in Section 2.3, and disclosed to the recipients in Section 5:

• Identifiers: name, email address, phone number, IP address;
• Commercial information: records of quote requests, product inquiries, and service interest;
• Internet/network activity: pages visited and referral sources (from server logs);
• Professional/employment information: company name and job title (when you provide them);
• Geolocation: approximate (city/region) location derived from IP address.

10.2 Sale, sharing, and sensitive information

We do notsell or “share” (for cross-context behavioral advertising) personal information, and we have not done so in the preceding 12 months, including with respect to minors under 16. We do not collect sensitive personal information for the purpose of inferring characteristics, so the “limit” right has no practical effect here.

10.3 Shine the Light

California Civil Code § 1798.83 lets California residents request information about disclosures to third parties for their direct-marketing purposes. We do not make such disclosures.

10.4 Exercising your rights

Submit a verifiable request using Section 14. You may use an authorized agent. We will verify your identity and respond within 45 days (extendable by 45 days with notice).

11. Other US state privacy laws

Residents of other states with comprehensive privacy laws — including Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and others as they take effect — generally have rights similar to those in Sections 9 and 10, including access, correction, deletion, portability, and opt-out of targeted advertising, sale, and certain profiling. Many of these laws also recognize a universal opt-out mechanismsuch as GPC, which we honor (Section 4.4). To exercise any right, contact us (Section 14); we respond within the period your state’s law requires.

12. International visitors (GDPR / UK GDPR)

The Site is operated from the United States and is intended primarily for US visitors. If you access it from the EEA, the United Kingdom, or Switzerland:

• Legal bases: as described in Section 3.2 (consent; contract; legitimate interests; legal obligation).
• International transfers:your information will be processed in the United States. Where required, we rely on the European Commission’s Standard Contractual Clauses (and the UK Addendum) or another lawful transfer mechanism.
• Your rights: in addition to the rights above, you may withdraw consent at any time, object to processing based on legitimate interests, request restriction of processing, and lodge a complaint with your local supervisory authority.
• Controller: Industrial Maintenance Solutions, Inc., 317 Tisinger Road, Mount Jackson, VA 22842.

13. Children’s privacy

The Site is designed for industrial and commercial professionals and is not directed to children under 16, and we do not knowingly collect personal information from them (consistent with the Children’s Online Privacy Protection Act, COPPA). If you believe a child has provided us information, contact us (Section 14) and we will delete it.

14. How to contact us / submit a request

For privacy questions, data-rights requests, or to exercise any right in this Policy:

• Phone: (540) 984-8162
• Fax: (540) 984-8231
• Mail: Privacy Inquiry, Industrial Maintenance Solutions, Inc., 317 Tisinger Road, Mount Jackson, VA 22842
• Online: Contact form

15. Third-party links

The Site may link to third-party sites (for example, Belzona.com, Belzona Connect, and YouTube). We are not responsible for the privacy practices or content of those sites. Review their policies before providing information.

16. Changes to this Policy

We may update this Policy from time to time. The effective date above reflects the most recent revision. For material changes — such as adding a tracking technology, disclosing to a new category of recipient, or changing how we handle requests — we will provide prominent notice on the Site before the change takes effect and, where required, obtain your consent.

See also our Terms of Use.