Three Impex

  • info@threeimpex.com
  • +91 8850998641
Facebook-f Instagram Linkedin
Request a Quote

Privacy Policy

Privacy Policy

1.    Introduction and Scope

Three Impex (“Company,” “we,” “us,” “our“) is committed to protecting your privacy and ensuring you have a positive experience on our website and in your interactions with us. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal data in connection with our export trading operations, business-to-business commerce, and related services.

This Policy applies to:

  • Our website: threeimpex.com
  • Our email communications
  • Business inquiries and quote requests
  • Customer relationships and transactions
  • Marketing communications
  • Any other interactions where personal data is shared

Jurisdiction: This Privacy Policy complies with:

  • EU General Data Protection Regulation (GDPR)
  • US state privacy laws including California Consumer Privacy Act (CCPA/CPRA)
  • India’s Digital Personal Data Protection Act (DPDP), 2023
  • Other applicable international data protection laws

 

2. Company Information and Data Controller Details

Legal Business Name: Three Impex Entity Type: Export Trading Company Location: India

Website: www.threeimpex.com

Data Controller Contact Information:

 

 

3. Data We Collect

We collect various categories of personal data depending on the nature of your interaction with us. The data we collect includes:

3.1   Information You Provide Directly
Contact Information:
  • Full name, business name, and job title
  • Email address and phone number
  • Mailing address and shipping address
  • Billing and payment information
  • Business tax identification numbers (EIN, GST, IEC)
Business Information:
  • Company name and registration details
  • Nature of business and industry
  • Business registration numbers
  • Bank account details (for payment processing)
  • Import/export documentation references
Communication Data:
  • Messages, inquiries, and correspondence
  • Quote requests and order information
  • Contract documentation
  • Product specifications and requirements
  • Complaint and feedback information
Transaction Data:
  • Purchase history and order details
  • Payment methods and transaction records
  • Delivery and logistics information
  • Invoice and receipt records
  • Payment terms and credit arrangements

 

3.2  Information Collected Automatically
Website Activity:
  • IP address and device identifier
  • Browser type and version
  • Pages visited and time spent
  • Referral source and navigation patterns
  • Device type and operating system
  • Geographic location (approximate)

 

Cookies and Similar Technologies:
  • Session cookies for website functionality
  • Analytics cookies to understand user behavior
  • Marketing cookies for targeted communications
  • Tracking pixels and web beacons
Communication Metadata:
  • Email open rates and click-through rates
  • Delivery and read receipts
  • Timestamp of communications
  • Device and client information
3.3   Information from Third Parties
  • Business partner and supplier information
  • Credit verification and financial information from third-party providers
  • Customs and regulatory documentation
  • Shipping and logistics provider data
  • Payment processor information

 

4.Legal Basis for Processing

We process personal data based on the following legal grounds:

4.1   Performance of Contract

Processing is necessary to:

  • Fulfill export orders and quotations
  • Manage supplier relationships
  • Arrange shipping and logistics
  • Process payments
  • Handle warranties and disputes
  • Maintain business records

 

4.2   Legitimate Business Interests

Processing is necessary for:

  • Marketing and business development
  • Website improvement and user experience
  • Fraud prevention and security
  • Compliance with regulatory obligations
  • Business analysis and analytics
  • Customer service and support
4.3   Legal Obligation

Processing is required by:

  • Indian export/import regulations
  • Tax and accounting requirements
  • Customs and excise regulations
  • Competition and consumer protection laws
  • Anti-money laundering (AML) and Know Your Customer (KYC) requirements

 

4.4   Consent

For certain processing activities (such as marketing communications), we obtain your explicit consent, which you may withdraw at any time.

4.5   Vital Interests

In rare cases where processing is necessary to protect vital interests of individuals or public safety.

 

5. How We Use Your Personal Data

We use personal data for the following purposes:

5.1   Core Business Operations
  • Processing and fulfilling orders
  • Generating quotations and proposals
  • Managing supplier and customer relationships
  • Coordinating logistics and delivery
  • Processing payments and invoicing
  • Maintaining accurate business records
5.2   Communication and Customer Service
  • Responding to inquiries and requests
  • Sending order confirmations and updates
  • Providing customer support
  • Managing complaints and feedback
  • Sending transactional emails
5.3   Marketing and Business Development
  • Sending promotional materials and newsletters (with consent)
  • Informing you of new products and services
  • Conducting market research
  • Generating leads and business opportunities
  • LinkedIn and professional network outreach

 

5.4   Compliance and Legal Obligations
  • Complying with customs and export regulations
  • Maintaining tax and accounting records
  • Fulfilling legal and regulatory requirements
  • Responding to government requests
  • Fraud prevention and security monitoring
  • Dispute resolution

 

5.5   Business Analytics and Improvement
  • Analyzing website usage and user behavior
  • Improving website functionality
  • Understanding customer preferences
  • Business intelligence and reporting
  • Performance metrics and analytics
5.6   Risk Management and Security
  • Detecting and preventing fraud
  • Protecting against cyberattacks
  • Ensuring information security
  • Conducting security audits
  • Investigating unauthorized access

 

6. Data Sharing and Disclosure

We do not sell your personal data. However, we may share your information with:

6.1   Service Providers and Vendors
  • Payment processors and financial institutions
  • Shipping and logistics companies (DHL, FedEx, courier partners)
  • Email service providers
  • Website hosting and analytics platforms
  • Customs and regulatory compliance services
  • Accounting and audit firms
  • IT security and infrastructure providers

 

6.2   Business Partners
  • Co-exporters and trading partners
  • Manufacturers and suppliers
  • Distribution partners
  • Joint venture partners

 

6.3   Regulatory and Law Enforcement
  • Indian customs and excise authorities
  • Tax authorities and government agencies
  • Law enforcement agencies (when legally required)
  • Regulatory bodies overseeing export/import
  • Financial compliance authorities
6.4   Legal Requirements and Protection
  • To comply with legal obligations and court orders
  • To enforce contracts and agreements
  • To protect against fraud and security threats
  • To protect the rights and safety of individuals
6.5   Business Transfers
  • In case of merger, acquisition, or asset sale
  • Information may be transferred to the acquiring entity
  • We will provide notice of any such change

Data Processing Agreements: All service providers are bound by confidentiality agreements and are required to process personal data in accordance with this Privacy Policy and applicable data protection laws, including GDPR Standard Contractual Clauses where applicable.

 

7.    International Data Transfers

As an export trading firm operating internationally, we may transfer personal data outside of India, including to:

  • EU member states
  • United States
  • Other countries where our partners and customers operate
7.1   GDPR Compliance Mechanisms

For transfers to countries outside the EEA, we implement:

EU-US Data Privacy Framework: We ensure service providers in the US comply with the EU-US Data Privacy Framework where applicable.

 

Standard Contractual Clauses (SCCs): We use European Commission-approved SCCs with our vendors to ensure adequate data protection during transfers.

Adequacy Decisions: We rely on European Commission adequacy decisions where applicable.

Supplementary Measures: We conduct transfer impact assessments and implement additional safeguards as required by GDPR.

 

7.2   CCPA Compliance for US Data Transfers

Data transferred to the US is subject to equivalent protections through:

  • Privacy commitments in vendor contracts
  • Technical security measures
  • Data minimization principles
  • Purpose limitation
7.3   India’s DPDP Act Compliance

For data transfers outside India, we ensure:

  • Cross-border transfer agreements are in place
  • Adequate safeguards are implemented
  • Transfers are necessary for legitimate business purposes
  • Individuals’ consent is obtained where required

 

8. Data Retention

We retain personal data for the following periods:

8.1   Transactional Data
  • Orders and Quotations: 7 years (per Indian tax/accounting requirements)
  • Payment Records: 7 years (per tax compliance)
  • Shipping Documentation: 7 years (per customs requirements)
  • Contracts and Agreements: Duration of contract plus 3 years
8.2   Customer/Supplier Relationship Data
  • Active Relationships: Duration of relationship
  • Inactive Relationships: 5 years from last transaction
  • Contact Information: As long as business relationship remains active
8.3   Marketing Communications
  • Subscribers/Contacts: Until unsubscribed
  • Email Lists: 2 years of inactivity triggers removal

 

8.4   Website Analytics
  • Analytics Data: 26 months
  • Server Logs: 90 days
  • Cookies: As specified in Cookie Policy
8.5   Legal and Compliance Data
  • Legal Records: As required by law (typically 7-10 years)
  • Dispute Records: Duration of dispute plus 3 years
  • Compliance Documentation: As required by regulatory authorities

Data Deletion: Upon expiration of retention periods, we securely delete or anonymize personal data unless legal obligations require extended retention.

9. Your Privacy Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

 

9.1   GDPR Rights (EU Residents)

Right to Access: You have the right to obtain a copy of your personal data and information about how it is processed.

Right to Rectification: You can request correction of inaccurate or incomplete data.

Right to Erasure (“Right to be Forgotten”): You can request deletion of your data, subject to legal and contractual obligations.

Right to Restrict Processing: You can request that we limit how we use your data.

Right to Data Portability: You can obtain your data in a structured, commonly-used format.

Right to Object: You can object to certain processing activities, particularly marketing communications and profiling. Right Against Automated Decision-Making: You have rights related to decisions based solely on automated processing. Right to Lodge a Complaint: You can file a complaint with your local data protection authority.

9.2   CCPA/CPRA Rights (California and Certain US Residents)

Right to Know: You can request what personal information is collected, used, shared, or sold.

Right to Delete: You can request deletion of personal information collected from you.

Right to Correct: You can request correction of inaccurate personal information.

Right to Opt-Out of Sale/Sharing: You can opt out of the sale or sharing of personal information (we do not sell your data).

Right to Limit Use: You can limit use of sensitive personal information.

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Right to Appeal: You can appeal our decision regarding your privacy request.

 

9.3   DPDP Act Rights (India Residents)

Right to Request Processing: You can request information about processing activities.

Right to Correct Data: You can request correction of inaccurate personal data.

Right to Erase Data: You can request deletion of personal data subject to legal requirements.

Right to Data Portability: You can obtain your data in a structured format.

Right to Grievance Redressal: You can lodge grievances with our Grievance Officer.

 

10.    Exercising Your Privacy Rights

10.1   How to Submit a Request
For GDPR Requests (EU Residents):

Email: info@threeimpex.com

Subject: “GDPR Privacy Request – [Your Name]”

Include: Full name, email, contact number, specific request details

For CCPA/CPRA Requests (US Residents):

Email: info@threeimpex.com

Subject: “California Privacy Rights Request – [Your Name]” Include: Full name, email, street address, specific request type

For DPDP Act Requests (India Residents):

Email: info@threeimpex.com

Subject: “Data Protection Request – [Your Name]” Include: Full name, email, contact number, request details

10.2   Verification and Response Timeline

Verification: We will verify your identity before processing requests using contact information or additional documentation as necessary.

Response Time:
  • GDPR: 30 days (extendable by 2 months for complex requests)
  • CCPA/CPRA: 45 days (may extend by 45 days if necessary)
  • DPDP Act: 30 days from receipt of verified request

Fees: Requests are typically free. We may charge reasonable fees for manifestly unfounded or excessive requests (as permitted by applicable law).

 

11.    Data Security and Protection

We implement comprehensive security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction:

11.1   Technical Security Measures
  • SSL/TLS encryption for data in transit

 

  • Industry-standard encryption for data at rest
  • Secure password policies and authentication
  • Regular security audits and penetration testing
  • Firewalls and intrusion detection systems
  • Secure backup and disaster recovery procedures
  • Data minimization and access controls

 

11.2   Organizational Measures
  • Employee training on data protection and privacy
  • Confidentiality agreements with all staff
  • Access controls limiting data access to authorized personnel
  • Incident response procedures
  • Regular privacy and security assessments
  • Third-party vendor security evaluations

 

11.3   Physical Security
  • Secured facilities and restricted access
  • Visitor logs and access controls
  • Secure destruction of physical records
  • Secure storage of sensitive documentation
11.4   Privacy by Design
  • Data minimization principles
  • Purpose limitation
  • Privacy impact assessments for new projects
  • Secure disposal procedures
  • Continuous monitoring and improvement

No Absolute Security: While we maintain robust security measures, no system is completely immune to breaches. We cannot guarantee absolute security but are committed to addressing any incidents promptly and transparently.

 

12.    Cookies and Tracking Technologies

12.1   What Are Cookies?

Cookies are small data files stored on your device that help us recognize you and enhance your experience on our website.

12.2   Types of Cookies We Use
Essential Cookies:
  • Session management and website functionality
  • Security and fraud prevention
  • User preference storage
  • Load balancing
Analytics Cookies:
  • Website traffic analysis
  • User behavior understanding
  • Performance optimization
  • Visitor statistics
Marketing Cookies:
  • Targeted advertising
  • Retargeting campaigns
  • Marketing campaign effectiveness
  • Social media integration
Third-Party Cookies:
  • Analytics providers
  • Advertising networks
  • Social media platforms

 

12.3   Cookie Consent

For EU Visitors (GDPR): We obtain your explicit consent before placing non-essential cookies. You can manage preferences through our consent management tool.

For US Visitors (CCPA): We provide opt-out options for tracking and targeted advertising.

For India Visitors (DPDP): We comply with applicable cookie and tracking requirements.

12.4   Cookie Management

You can control cookies through:

  • Browser settings to accept, reject, or delete cookies
  • Our website’s cookie preferences tool
  • Opt-out mechanisms for specific providers
  • Browser extensions that manage tracking

 

13.    Third-Party Links and Services

Our website may contain links to third-party websites and services that are not operated by Three Impex. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of third-party sites.

Third-party services may include:
  • Social media platforms (LinkedIn, Instagram, Facebook)
  • Payment processors
  • Logistics and shipping providers
  • Business directories and platforms
  • Advertising networks

We recommend reviewing third-party privacy policies before sharing your information.

 

14.    Children’s Privacy

Our website and services are not directed to children under 13 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete such information and terminate the child’s account.

 

15.   Data Protection Officer and Grievance Redressal

15.1   Data Protection Officer

If appointed, our Data Protection Officer oversees privacy compliance and can be contacted regarding:

  • Privacy concerns and complaints
  • Data protection inquiries
  • Exercise of privacy rights
  • Data protection impact assessments

DPO Contact: [Name and email if applicable]

15.2   Grievance Redressal Officer

For India residents under the DPDP Act, we designate a Grievance Officer to address privacy complaints and disputes.

Grievance Officer Contact:

Name: [Insert name] Email: [Insert email] Phone: [Insert phone]

Response Timeline: 30 days

15.3   Complaint Process
  1. Submit a detailed written complaint to the Grievance Officer
  2. Include specific details of the concern
  3. Provide supporting documentation if available
  4. Receive acknowledgment within 5 business days
  5. Resolution or investigation update within 30 days

 

16.    Privacy Safeguards Specific to Export Trading

As an export trading firm, we implement additional protections for trade-sensitive data:

 

16.1   Customs and Regulatory Compliance
  • Confidential handling of import/export documentation
  • Secure processing of tariff classification information
  • Protected storage of shipping manifests
  • Encrypted transmission of regulatory filings

 

16.2   Business Confidentiality
  • Supplier and customer information remains confidential
  • Competitive business information is protected
  • Quotations and pricing are shared only with authorized parties
  • Trade secrets are safeguarded with heightened security

 

16.3   Financial Information Protection
  • Bank details and payment information are encrypted
  • Limited access to financial records
  • PCI DSS compliance for payment processing
  • Secure destruction of payment data after processing

 

17.    Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  1. Notify you via email (for subscribers)
  2. Post the updated policy on our website with a new effective date
  3. Request your consent if required by applicable law

Your Continued Use: Your continued use of our website or services after changes indicates your acceptance of the updated Privacy Policy.

Archive of Previous Versions: Previous versions of this Privacy Policy are available upon request.

 

18.    EU-Specific Information

18.1   Legal Basis Under GDPR

We process data under the following GDPR legal bases:

  • Article 6(1)(b): Performance of contract
  • Article 6(1)(c): Compliance with legal obligations
  • Article 6(1)(f): Legitimate interests
  • Article 6(1)(a): Consent (where applicable)

 

18.2   Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with all service providers meeting GDPR requirements, including:

  • Specification of processing activities
  • Data security obligations
  • Sub-processor management
  • Data subject rights support
  • EU Standard Contractual Clauses (SCCs)
18.3   Data Transfers Outside EEA

Transfers to non-EEA countries are authorized through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (Article 46 GDPR)
  • Derogations for specific circumstances (Article 49 GDPR)
  • Enhanced transfer protections including supplementary measures
18.4   Data Protection Authority

EU residents have the right to lodge a complaint with their respective national Data Protection Authority:

 

19.    US-Specific Information (CCPA/CPRA)

19.1   Categories of Personal Information Collected

We collect the following categories of personal information (as defined by CCPA):

  1. Identifiers: Name, email, phone, postal address, IP address, account identifiers
  2. Commercial Information: Purchase history, products/services obtained, payment information
  3. Internet Activity: Browsing history, website interactions, clicks, IP addresses
  4. Professional Information: Job title, company name, industry, business credentials
  5. Geolocation Data: Approximate location based on IP address
  6. Inference Data: Profiles about preferences and interests based on activity
  7. Other Categories: Communication records, customer service interactions

 

19.2   Sources of Personal Information
  • Directly from you via website forms and inquiries
  • Website analytics and cookies
  • Automatically through your device and browser
  • From third-party business partners
  • From payment processors and service providers

 

19.3   Use of Personal Information
  • Fulfilling business transactions
  • Business operations and communications
  • Marketing and advertising (with opt-out rights)
  • Improving website functionality
  • Fraud prevention and security
  • Legal compliance

 

19.4   Disclosure of Personal Information

We share personal information with:

  • Service providers and vendors (payment processors, logistics, hosting)
  • Business partners
  • Legal enforcement when required
  • Acquiring entities in case of merger/acquisition

We do NOT sell personal information.

19.5   Retention Periods

Personal information is retained as specified in Section 8, generally for 3-7 years depending on category.

19.6   Consumer Rights Under CCPA/CPRA
  • Right to know what personal information is collected
  • Right to delete personal information (with exceptions)
  • Right to correct inaccurate information
  • Right to opt-out of targeted advertising
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising rights

To Exercise Rights: Contact us at [Insert email] with “California Privacy Request” in the subject line.

 

20.    India-Specific Information (DPDP Act, 2023)

20.1   Applicability

This Privacy Policy complies with India’s Digital Personal Data Protection Act, 2023, which regulates the processing of digital personal data by data fiduciaries (like Three Impex).

 

20.2   Processing of Personal Data

We process personal data only when:

  • Consent is obtained from the data principal (individual)
  • Processing is necessary for a legitimate purpose
  • Data minimization principles are followed
  • Purpose limitation is maintained
  • Storage limitation periods are respected
20.3   Data Principal Rights

Under DPDP Act, individuals have the right to:

  • Right to Request Processing: Know what data is being processed
  • Right to Correct: Request correction of inaccurate data
  • Right to Erase: Request deletion of data
  • Right to Data Portability: Obtain data in portable format
20.4   Grievance Redressal

We maintain a Grievance Officer to address complaints under DPDP Act:

Grievance Officer Details:

Name: Ritesh Ravariya Email: info@threeimpex.com Phone: +91 8850998641

Process:
  1. Submit written complaint to Grievance Officer
  2. Receive acknowledgment within 5 days
  3. Investigation and resolution within 30 days
  4. Appeal available to Data Protection Board if dissatisfied

 

20.5   Data Retention

We do not retain personal data longer than necessary for the specified purpose, except where required by law. Retention periods are specified in Section 8.

 

20.6   Data Security Obligations

We implement appropriate technical and organizational measures to ensure:

  • Confidentiality and integrity of personal data
  • Prevention of unauthorized access
  • Protection against accidental loss or damage
  • Regular security assessments and audits
  • Employee training on data protection

 

 

21.    Contact Us

For questions, concerns, or requests related to this Privacy Policy or your personal data, please contact:

Three Impex – Data Protection and Privacy Team Email: info@threeimpex.com

Phone: +91 8850998641

Website: www.threeimpex.com

Response Time: We will respond to privacy inquiries within 7-10 business days.

Privacy Inquiries:

  • Data access and portability requests
  • Correction or deletion requests
  • Opt-out requests for marketing
  • Complaint about privacy practices
  • Questions about this policy

22.    Additional Resources

Relevant Privacy Authorities:
  • EU: European Data Protection Board (ec.europa.eu)
  • US: Federal Trade Commission (gov) and California Privacy Protection Agency (cppa.ca.gov)
  • India: Data Protection Board of India (gov.in)
Privacy Laws and Regulations:
  • EU General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Digital Personal Data Protection Act, 2023 (India)
  • India Information Technology Act, 2000
  • Indian Contract Act, 1872
Appendix A: Cookie Policy Summary

Cookies Used:

  • Session Cookies: For website navigation (not tracked)
  • Analytics: Google Analytics (26-month retention)
  • Marketing: For targeted communications (consent-based)
  • Third-Party: LinkedIn, social media platforms
Opt-Out Options:
  • Browser cookie settings
  • Cookie management tool on website
  • Email unsubscribe links
  • Do-Not-Track browser settings
Appendix B: Data Processing Activities (India Residents)
For DPDP Act Compliance:

Data Category

Purpose

Legal Basis

Retention

Business Contact Details

Contract performance & communication

Consent & Legitimate Interest

Duration + 3 years

Business Registration Info

Regulatory compliance

Legal Obligation

7 years

Transaction Records

Payment processing & accounting

Consent & Legal Obligation

7 years

Communication Records

Customer service

Consent

2 years

IP & Device Data

Website security & analytics

Legitimate Interest

90 days

Marketing Preferences

Targeted communication

Consent

Until unsubscribed

 

 

Last Updated: January 20, 2026

Version: 1.0 – International Compliance Edition (GDPR, CCPA/CPRA, DPDP Act)

 

This Privacy Policy is a comprehensive, legally-informed document designed to protect privacy and maintain regulatory compliance across multiple jurisdictions. It reflects industry best practices for B2B export trading firms and should be reviewed by a qualified privacy attorney for final customization to your specific operations.