Legal
Privacy policy
Draft. This text is a working draft pending counsel review. The owning entity (Shenyang HQ vs PT subsidiary) and the governing privacy regime are open questions per the project PRD.
1. Who we are
SATco Group is an international B2B holding with operations across petrochemicals, construction materials, real estate, manufacturing, and digital. The legal entity that operates this website is identified in the footer of every page.
For privacy questions, contact our data team at arturbastos@satcogrp.com.
2. What data we collect
We collect personal data in two situations:
Form submissions. When you submit a contact, RFQ, quote, viewing inquiry, or partnership form, we collect the fields you provide (name, email, phone, organisation, project details). We collect your IP address for rate-limiting and audit purposes.
Analytics — post-consent only. When you accept analytics cookies, we collect aggregated, pseudonymised information about how you use the site (pages visited, referrer, device class, approximate location). Until you accept, we run only Cloudflare Web Analytics, which is cookieless and does not identify individuals.
We do not use marketing cookies or advertising trackers in V1.
3. Why we collect it
| Purpose | Lawful basis |
|---|---|
| Reply to your inquiry | Legitimate interest / pre-contractual steps |
| Audit form submissions for fraud | Legitimate interest |
| Understand site usage (post-consent) | Consent |
| Comply with sanctions and KYC obligations | Legal obligation |
4. How long we keep it
| Data | Retention |
|---|---|
| Form submissions | 90 days in audit log; longer if you become a customer |
| IP rate-limit records | 1 hour |
| Analytics (post-consent) | 14 months |
| Counterparty due-diligence records | 7 years |
5. Who we share it with
We share personal data only with:
- The SATco Group legal entity that owns the relevant business unit
- Service providers acting under our instructions (Resend for transactional email, Cloudflare for hosting and security, Sentry for error monitoring)
- Authorities where required by law
We do not sell personal data.
6. International transfers
Data may be processed in the EU, UK, China, Bahrain, and Hong Kong. Where transfers occur outside the EEA, we rely on Standard Contractual Clauses or equivalent safeguards.
7. Your rights (GDPR / UK GDPR)
You have the right to access, rectify, erase, port, and object to processing of your personal data, and to lodge a complaint with a supervisory authority. Contact us to exercise any of these rights.
8. Changes to this policy
Material changes are announced on this page with the Last updated date below. Significant changes are also notified by email to active customers.