Privacy Policy

Privacy Policy 

Last updated: March 17, 2026 

Industrial Metal Supply Co. (“IMS,” “Company,” “we,” “our,” or “us”) respects your privacy and is committed to protecting it through compliance with this Privacy Policy (“Policy”). This Policy describes how we collect, use, disclose, and safeguard your information when you interact with us online or offline. It also explains your rights and choices under applicable privacy laws, including the California Consumer Privacy Act (as amended by the CPRA), the General Data Protection Regulation (GDPR), and other U.S. and international laws. 

By accessing or using our Services, you consent to the collection and use of information in accordance with this Policy. 

1. Definitions 

For purposes of this Policy: 

• Account: A unique profile created for you to access our Services. 

• Cookies: Small files stored on your device that track preferences and interactions. 

• Device: Any internet-connected device, such as a computer, smartphone, or tablet. 

• Personal Data: Information relating to an identified or identifiable individual (e.g., name, email, IP address). 

• Service: The IMS website and related offerings. 

• Service Provider: Third parties engaged by IMS to process information on our behalf (analytics, hosting, email delivery, payment processing, etc.). 

• Usage Data: Data collected automatically (IP address, browser type, device identifiers, time spent on pages). 

• Sensitive Personal Information (as defined under the CPRA): Personal information that reveals Social Security number, driver’s license number, financial account credentials, precise geolocation, racial or ethnic origin, religious beliefs, contents of communications, or other categories defined by applicable law. 

2. Information We Collect 

We may collect: 

• Personal Identifiers: Name, email, phone, address, account credentials. 

• Transactional Data: Quotes, orders, billing/shipping history. 

• Usage Data: IP address, browser type, device IDs, site interactions. 

• Marketing Data: Communication preferences, campaign engagement. 

• Payment Data: Processed through third-party providers; IMS does not store card details. 

• Derived Data: Inferences drawn from behavior to create customer profiles. 

• Professional or Employment Information: Employer name, job title, business contact details (where voluntarily provided). 

• We do not collect Sensitive Personal Information except as necessary to process transactions, secure accounts, or comply with legal obligations. We do not use or disclose Sensitive Personal Information for purposes other than those permitted under the CPRA. 

3. How We Use Information 

IMS may use Personal Data to: 

• Provide, maintain, and improve Services 

• Process orders, payments, and customer requests 

• Manage accounts and authentication 

• Communicate with you (including promotions, offers, and service updates) 

• Analyze usage, test features, and improve security 

• Deliver tailored advertising 

• Fulfill contractual and legal obligations 

• Support business transfers (merger, acquisition, or asset sale) 

• Conduct internal business operations, including auditing, troubleshooting, and fraud prevention. 

 

• Comply with legal and regulatory requirements. 

• We do not engage in automated decision-making that produces legal or similarly significant effects within the meaning of GDPR Article 22. 

4. Cookies & Tracking 

We use cookies, pixels, and tracking technologies for: 

• Authentication/security 

• Remembering preferences 

• Measuring site traffic and performance 

• Delivering targeted advertising 

Where required by applicable law, we obtain your consent before placing non-essential cookies on your device. 

You may disable cookies in your browser/device, but some Services may not function properly. 

5. Sharing & Disclosure 

We may share Personal Data with: 

• Service Providers: For IT, analytics, email, and payments 

• Business Transfers: In the event of a merger, sale, or restructuring 

• Affiliates/Partners: For joint services or promotions 

• Advertising Vendors: We share certain identifiers (such as IP address, device identifiers, cookie data, and browsing activity) with advertising partners for purposes of cross-context behavioral advertising, analytics, and marketing optimization. Under California law, this may constitute “sharing” and, in some cases, a “sale” of personal information. 

• Legal Authorities: Where required by law 

• With Consent: When you authorize sharing 

We require our Service Providers to process Personal Data pursuant to written agreements that limit their use of such data to providing services to IMS and require appropriate confidentiality and security measures. 

6. Data Retention 

IMS retains Personal Data as long as necessary for business, legal, and compliance purposes. Usage Data is generally kept for shorter periods unless needed for security or compliance. 

• Customer account information: Duration of the customer relationship plus up to seven (7) years for tax, accounting, and compliance purposes. 

• Transaction records: Up to seven (7) years. 

• Marketing data: Until you opt out or withdraw consent. 

• Analytics data: Typically retained for up to twenty-six (26) months unless required longer for security or fraud prevention. 

• Legal compliance data: As required by applicable law. 

We may retain information longer where necessary to comply with legal obligations, resolve disputes, or enforce agreements. 

7. International Data Transfers 

Your information may be transferred outside your country. IMS uses appropriate safeguards (e.g., Standard Contractual Clauses for EU residents) to protect transferred data. 

8. Security 

We use commercially reasonable technical and organizational measures to protect your data. However, no method of transmission or storage is 100% secure.  In the event of a data breach involving your Personal Data, we will provide notice as required by applicable law. 

9. Marketing Communications 

You may receive marketing emails from us. You can opt out by clicking “unsubscribe” in any email or contacting us directly. 

10. Your Rights 

Depending on your jurisdiction, you may have rights to: 

• Access, copy, or correct your data 

• Request deletion 

• Opt out of targeted ads and data sales/sharing 

• Restrict or object to processing 

• Withdraw consent 

• Exercise data portability (GDPR) 

California residents have additional rights under the CCPA/CPRA (see Appendix A). EU/EEA residents have additional rights under the GDPR (see Appendix B). 

Requests can be made via customercare@imsmetals.com or 818-729-3333. We may verify identity before fulfilling requests. 

11. Third-Party Service Providers 

IMS partners with third parties who process data under their own privacy terms. These may include: 

• Salesforce Marketing Cloud (email campaigns & customer engagement) – Salesforce Privacy Policy 

• Salesforce CRM (customer account management) 

• Epicor BisTrack (ERP/order management) 

• Google Analytics & Ads (analytics & ads) – Google Privacy Policy 

• Lucky Orange (session analytics) 

• Unbounce (landing pages) 

• Thomasnet, Thryv, AdRoll, Yelp, LinkedIn, Facebook (advertising & lead generation) 

• Microsoft Outlook (email services) 

• Payment Processors: 

• Stripe – Stripe Privacy Policy 

• PayPal – PayPal Privacy Policy 

All payment processors are PCI-DSS compliant, meaning they follow strict security standards set by Visa, Mastercard, American Express, and Discover. IMS does not store cardholder information. 

Each third-party provider processes data pursuant to its own privacy policy and contractual obligations with IMS. IMS does not control the independent data practices of third parties acting as separate controllers. 

12. Behavioral Advertising 

We and our partners may use identifiers (cookies, hashed emails, device IDs) for interest-based advertising. 

Opt-out resources: 

• Network Advertising Initiative 

• Digital Advertising Alliance 

• Device settings (“Limit Ad Tracking” / “Opt Out of Ads Personalization”) 

We recognize Global Privacy Control (GPC) signals as a valid request to opt out of the sale or sharing of personal information where required by law. 

13. Children’s Privacy 

IMS does not knowingly collect data from children under 13, or under 16, where applicable by law. If we learn we have collected such data, we will delete it. 

14. Do Not Sell or Share My Personal Information 

California residents have the right to direct us not to “sell” or “share” their personal information, as those terms are defined under the CPRA. This includes sharing information for targeted advertising. 

IMS provides a “Do Not Sell or Share My Personal Information” link in the footer of our website. You may also exercise this right by: 

• Emailing customercare@imsmetals.com 

• Calling 818-729-3333 

• Submitting a request through our website’s opt-out form (if available) 

We will process opt-out requests within the timeframe required by law and will not discriminate against you for exercising your rights. 

15. Changes to This Policy 

We may update this Policy periodically. Changes will be posted with a revised “Last Updated” date. 

16. Contact Us 

Industrial Metal Supply Co. 
8300 San Fernando Rd 
Sun Valley, CA 91352 
📧 customercare@imsmetals.com 
📞 818-729-3333 

Appendix A: CCPA/CPRA Categories of Personal Information 

Category	Examples	Collected	Disclosed	Sold/Shared
A. Identifiers	Name, email, IP, account ID	Yes	Yes	Yes (for cross-context behavioral advertising)
B. Customer Records	Billing/shipping info, payment data	Yes	Yes (processors, ERP)	No
C. Protected Classifications	Age, gender, race, ethnicity	No	N/A	N/A
D. Commercial Information	Purchases, order history	Yes	Yes (ERP, Salesforce)	No
E. Biometric	Fingerprints, facial recognition	No	N/A	N/A
F. Internet/Network Activity	Browsing, clicks, device info	Yes	Yes (analytics, ads)	Yes
G. Geolocation	Approximate IP-based location	Yes	Yes (ads, analytics)	Yes
H. Sensory	Audio, video	No	N/A	N/A
I. Professional Data	Employer, job title	Yes (if provided)	Yes	No
J. Education	School records	No	N/A	N/A
K. Inferences	Profiles, preferences	Yes	Yes (marketing vendors)	Yes

Appendix B: GDPR Legal Bases & EU Rights 

Legal Bases for Processing (GDPR Articles 6 & 9) 

IMS may process Personal Data on these legal bases: 

• Consent (e.g., marketing communications) 

• Contract (e.g., order fulfillment, account setup) 

• Legal Obligation (e.g., tax or compliance records) 

• Legitimate Interests (e.g., analytics, fraud prevention, direct marketing) 

• Vital Interests (rare, e.g., safety/security situations) 

Rights of EU/EEA Residents 

You have the right to: 

• Access: Request a copy of your data 

• Rectification: Correct inaccuracies 

• Erasure (“Right to be Forgotten”): Request deletion where lawful 

• Restriction of Processing: Limit processing under certain conditions 

• Data Portability: Obtain your data in a portable format 

• Objection: Object to processing based on legitimate interests or direct marketing 

• Withdraw Consent: If processing is based on consent 

To exercise GDPR rights, email customercare@imsmetals.com. We may request verification before fulfilling requests. 

EU Supervisory Authority 

EU residents also have the right to lodge complaints with their local Data Protection Authority.