Privacy Policy

This Privacy Policy explains how B&F Engineering (“B&F”, “we”, “our”, “us”) collects, uses, discloses and protects personal data when you visit bafengineering.com (the “Site”), contact us, or otherwise interact with our services.

If you have any questions or wish to exercise your rights, you can reach us at:

  • Data Controller: B&F Engineering
  • Address: 75. Yıl OSB, 2005. Cadde No:40, Odunpazarı/Eskişehir, Türkiye
  • E-mail: [email protected]
  • Phone: +90 544 794 58 41

1) Scope and who this policy applies to

This policy applies to information we process about visitors to our Site, prospective and existing customers, suppliers and business partners who contact us via our Contact or Get a Quote forms, by email/phone, or in person at fairs and business meetings.

2) What data we collect

Depending on how you interact with us, we may process:

  • Identification & contact data: name, surname, company, role/title, country, email, phone.
  • Business & project details: product interests (e.g., pancakes, waffles, rice cake lines), capacity/throughput needs, technical specifications, budget/timeframe, messages/attachments provided through our forms or email.
  • Website usage data: device/browser information, pages visited, time on page, referrers, and similar analytics data (collected via cookies or similar technologies).
  • Transactional & compliance data: order, delivery and invoicing details, contract and correspondence history, as required for after-sales support and legal obligations.

We do not intentionally collect special category data (e.g., health, biometric, religious data), nor do we knowingly collect data from children.

3) How we collect data

  • Directly from you: when you fill in our Contact or Get a Quote forms, email or call us, exchange business cards, or meet us at exhibitions.
  • Automatically: through cookies and similar technologies when you browse the Site (see Cookies below).
  • From third parties: event organizers, referrers, or partners—only where lawful and relevant to a potential or existing business relationship.

4) Purposes of processing

We use personal data to:

  • respond to inquiries and prepare quotations;
  • plan, design and deliver production lines and related services;
  • manage customer relationships, after-sales, warranty and technical support;
  • comply with legal, tax and accounting obligations;
  • protect our rights, prevent fraud/abuse, and secure our systems;
  • improve the Site and our products/services (analytics and performance).

5) Legal bases (EEA/UK GDPR and similar regimes)

Where applicable, we rely on:

  • Performance of a contract or steps prior to entering a contract (e.g., preparing a quote, processing an order);
  • Legitimate interests (e.g., B2B communications, sales pipeline management, Site security and improvement), balanced against your rights;
  • Consent (e.g., non-essential cookies or optional communications where required);
  • Legal obligations (e.g., tax, accounting, compliance).

6) Retention

We keep personal data only as long as necessary for the purposes above, including to meet legal/ accounting requirements. Typical retention periods:

  • Inquiry/quotation files: up to 24 months after last contact (unless a longer project cycle requires more);
  • Contractual & financial records: up to 10 years (or longer if required by applicable law);
  • Cookie/analytics data: per cookie lifespan settings (see Cookies).

7) Sharing & recipients

We may share data with:

  • Service providers acting on our behalf (hosting, IT/CRM, analytics, communications, professional advisors);
  • Logistics, installation and commissioning partners strictly as needed to fulfill a project;
  • Public authorities where required by law;
  • Corporate transactions (e.g., merger/acquisition), subject to appropriate safeguards.

We do not sell your personal information.

8) International transfers

Our infrastructure and providers may operate across multiple countries. Where data is transferred outside your jurisdiction (e.g., outside the EEA/UK/Türkiye), we implement appropriate safeguards such as Standard Contractual Clauses or rely on other lawful transfer mechanisms, and apply technical/organizational measures suitable to the risks.

9) Cookies & similar technologies

We use essential cookies to operate the Site and may use functional and analytics cookies to understand Site performance and improve user experience.

  • You can manage cookies in your browser settings.
  • Where required by law, we will request your consent for non-essential cookies via a banner or similar mechanism.

Examples (illustrative):

  • Essential: security/session, form submission.
  • Analytics: aggregated statistics about pages visited and interactions.

10) Your rights

Depending on your location, you may have the right to request:

  • access to and a copy of your data;
  • rectification of inaccurate or incomplete data;
  • erasure (where applicable);
  • restriction or objection to processing;
  • portability of data you provided to us;
  • withdrawal of consent at any time (for processing based on consent).

To exercise these rights, contact [email protected]. We may request information to verify your identity and will respond within the timelines required by applicable law.

11) California residents (CPRA)

If you are a California resident, you have the rights to know/access, correct, delete, and to limit use/disclosure of sensitive personal information. We do not “sell” or “share” personal information as those terms are defined under CPRA. You may exercise rights by emailing [email protected]; we will not discriminate against you for exercising your rights.

12) Children’s privacy

Our Site and services are intended for professional audiences and are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us to request deletion.

13) Security

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure or destruction, proportionate to the nature of the data and the risks of processing. No system can be guaranteed 100% secure; we maintain and improve our controls on an ongoing basis.

14) Third-party links

Our Site may contain links to third-party websites or services. Those sites have their own privacy policies; we are not responsible for their practices.

15) Changes to this Policy

We may update this Policy from time to time. The “Effective date” at the top indicates the latest revision. Significant changes will be posted on this page and become effective when published.

16) Contact us

For privacy requests or questions, please contact: [email protected] or write to the address above.