Privacy Policy

Max Metal processes personal data only to the extent necessary to operate the website securely, answer RFQs and contact requests, keep a record of cookie choices, optionally remember the visitor’s language preference, and, where permitted, measure aggregate visits and interactions in order to improve the website.

The legal bases are Art. 6(1)(f) GDPR for secure website operation, abuse prevention, and storing the cookie-choice record; Art. 6(1)(a) GDPR for preference cookies and analytics that are activated only after consent; Art. 6(1)(b) GDPR for replying to RFQs and taking pre-contractual steps on request; and Art. 6(1)(c) GDPR where retention is required by applicable law.

The website is hosted through Firebase Hosting, a Google service. Technical connection data such as IP address, requested files, browser information, referrer, time of access, and error events may be processed in server logs to ensure secure and stable delivery of the website.

This processing is necessary for website availability, security monitoring, troubleshooting, and abuse prevention.

When you submit the RFQ form, Max Metal processes the data you provide in order to review the request and respond to your inquiry. This may include company name, contact person, email address, phone number, country, selected category, project requirements, and the consent checkbox.

The form is submitted to a Firebase Cloud Function, which validates the request and sends the message through EmailJS to the Max Metal sales inbox. The browser does not communicate with EmailJS directly.

The website uses a consent banner that blocks optional cookies until you make a choice. Necessary storage remains active because it is required for security, correct website delivery, and keeping the cookie-choice record itself.

If you allow preference cookies, the website stores a language-preference cookie named `site-locale` and related browser storage so the selected BG or EN version can be preserved across visits.

If you allow analytics cookies, the website loads Google Analytics 4 for basic traffic and interaction measurement. Depending on browser behavior and Google settings, analytics measurement may use cookies or similar browser storage.

You can revisit and change your cookie choices at any time through the cookie settings link in the website footer.

Depending on the processing purpose, recipients may include Google/Firebase for hosting and infrastructure services, Google Analytics for website measurement where consent has been granted, and EmailJS for delivery of RFQ emails. Internally, access is limited to Max Metal staff or service providers who need the data to process the inquiry or operate the website.

Where providers process data outside the EEA, this is subject to the provider’s applicable transfer mechanisms and contractual safeguards.

Technical logs are retained only as long as necessary for secure operation, diagnostics, and abuse prevention.

The cookie-consent record is stored for up to 180 days before the website asks for a renewed choice. If preference cookies are enabled, the language-preference storage is kept for up to 12 months unless cleared earlier.

RFQ and contact data is retained for as long as necessary to handle the inquiry, maintain follow-up communication, and comply with legal retention obligations where applicable.

Under applicable data protection law, you may have the right to access, rectify, erase, restrict, object to certain processing, and receive a copy of your personal data in a portable format, where the legal requirements are met.

If processing is based on consent, you may withdraw that consent at any time with effect for the future.

You have the right to lodge a complaint with a competent data protection supervisory authority. In Bulgaria, the supervisory authority is the Commission for Personal Data Protection.

If you have questions about this privacy notice or the processing of personal data on this website, please contact Max Metal at the email address below.