Privacy Policy

AMPCO Manufacturers Inc. (“Ampco,” “we,” “us,” or “our”) is a precision manufacturer based in Coquitlam, British Columbia, Canada. We produce labels, decals, membrane switches, and printed circuit board assemblies for automotive and industrial customers.

This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our website at ampcomfg.com, interact with our blog, or engage with us through business inquiries, customer orders, or supplier relationships.

We are committed to complying with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), British Columbia’s Personal Information Protection Act (PIPA), and, where applicable, the European Union’s General Data Protection Regulation (GDPR) and other relevant data protection laws.

We may collect the following personal information when you contact us, submit an inquiry, request a quote, or engage in a business relationship:

• Name (first and last)
• Email address
• Phone number
• Company name and job title
• Mailing address (city, province/state, postal/ZIP code, country)
• Content of your inquiry or message

When you visit our website, we automatically collect certain technical data, including:

• IP address
• Browser type and version
• Operating system
• Pages visited, time and date of visit, and time spent on pages
• Referring URL
• Unique device identifiers and other diagnostic data

We may collect approximate location data (such as city or region) derived from your IP address. We do not collect precise GPS location data through our website. If we ever enable precise location services, we will obtain your explicit consent first.

In the course of our B2B operations, we collect business contact information from our customers, suppliers, and partners as necessary to fulfill orders, manage contracts, and maintain our business relationships. This may include names, business email addresses, phone numbers, and shipping/billing addresses associated with purchase orders.

We process your personal information only when we have a valid legal basis to do so. The table below maps each processing activity to its lawful basis under GDPR Article 6 and the corresponding Canadian privacy law authority.

We use the personal information we collect for the following specific purposes:

• To respond to your inquiries, provide quotes, and facilitate business discussions
• To process and fulfill customer orders, including shipping, invoicing, and quality follow-up
• To communicate with you about changes to our services, products, or policies
• To provide customer support and resolve issues
• To improve our website, products, and services through aggregated analytics
• To monitor and maintain the security and integrity of our website
• To detect, prevent, and address technical issues or fraudulent activity
• To comply with applicable legal, tax, and regulatory obligations
• To send you marketing communications about products and services similar to those you have previously inquired about, where you have provided consent or where permitted by law

We will not use your personal information for purposes materially different from those stated above without first obtaining your consent or providing you with notice as required by law.

We obtain consent for the collection, use, and disclosure of your personal information in a manner appropriate to the sensitivity of the information:

• Express consent: For sensitive information or marketing communications, we obtain your explicit, opt-in consent (e.g., checking a consent box, signing a form, or providing written agreement).
• Implied consent: For less sensitive information where the purpose would be obvious to a reasonable person (e.g., providing your email address when sending us an inquiry), your consent may be implied by your actions.

You have the right to withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. To withdraw consent:

• For marketing emails: click the “unsubscribe” link in any marketing email
• For other purposes: contact our Privacy Officer at privacy@ampcomfg.com

We will inform you of the implications of withdrawing consent. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods are guided by the following:

When personal information is no longer needed, we securely delete or anonymize it in accordance with our Information Security Management System (ISMS) data disposal procedures.

Canada has been recognized by the European Commission as providing an adequate level of data protection for transfers of personal data from the EU/EEA to organizations subject to PIPEDA. Where we engage service providers located in countries without an adequacy decision, we implement appropriate safeguards, including EU Standard Contractual Clauses (SCCs), to ensure your data remains protected.

In accordance with BC PIPA Section 33.1, we notify you that some of your personal information may be disclosed to service providers located outside of Canada for the purposes of providing our services. Before any such transfer, we ensure that:

• The service provider is contractually bound to protect your personal information to a standard comparable to Canadian privacy law
• Appropriate technical and organizational safeguards are in place
• The transfer is necessary for the identified purposes

Currently, Ampco may transfer personal information to service providers in the following countries: Canada (domestic), the United States, and India. If this list changes materially, we will update this policy accordingly.

If Ampco is involved in a merger, acquisition, or asset sale, your personal data may be transferred to the acquiring entity. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.

We may disclose your personal data when we have a good faith belief that such action is necessary to:

• Comply with a legal obligation, court order, or government request
• Protect and defend the rights or property of Ampco
• Prevent or investigate possible wrongdoing in connection with our services
• Protect the personal safety of our users or the public

We may disclose your personal information for purposes not described in this policy only with your express consent.

We engage third-party companies and individuals to help us provide, maintain, and improve our services. These service providers have access to your personal data only to the extent necessary to perform their designated tasks and are contractually obligated to protect it.

We maintain written data processing agreements with all service providers who process personal information on our behalf. These agreements require service providers to process data only on our instructions, implement appropriate security measures, and notify us promptly of any data breaches.

We use Google Analytics to analyze website usage. Google Analytics collects data through cookies and similar technologies. Google may use this data to contextualize and personalize advertisements on its own network. You may opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on. For more information, see Google’s Privacy Policy.

The security of your personal information is important to us. We implement and maintain appropriate administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, disclosure, alteration, or destruction.

• Administrative: Information security policies, employee training, access controls based on the principle of least privilege, and regular security reviews
• Technical: Encryption of data in transit and at rest, multi-factor authentication, network segmentation, continuous monitoring, and vulnerability management
• Physical: Secured facilities with access controls, visitor management, and environmental protections

All personal information is classified and handled in accordance with Ampco’s Information Classification Policy, which is part of our broader Information Security Management System (ISMS). Data is categorized by sensitivity and handled according to the corresponding protection level.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We continuously evaluate and improve our security practices.

In the event of a breach of security safeguards involving personal information under our control, Ampco will follow our Incident Response Plan and comply with all applicable breach notification requirements.

• We will assess whether the breach creates a real risk of significant harm to affected individuals
• If significant harm is likely, we will notify the Office of the Privacy Commissioner of Canada (OPC) and/or the BC Office of the Information and Privacy Commissioner (OIPC) as applicable
• We will notify affected individuals as soon as feasible, providing a description of the breach, the types of information involved, and steps they can take to reduce harm
• We maintain a record of every breach of security safeguards, regardless of whether notification thresholds are met
•  

For breaches involving personal data of EU/EEA data subjects:

• We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to rights and freedoms
• Where the breach is likely to result in a high risk to individuals, we will notify affected data subjects without undue delay

Depending on your location and the applicable law, you have certain rights regarding your personal information. We honour these rights regardless of your location and will respond to legitimate requests within the timeframes required by law.

If you are a resident of the European Union or European Economic Area, you have the following additional rights:

• Right to Restriction: You can request that we restrict the processing of your personal data in certain circumstances
• Right to Data Portability: You can request to receive your personal data in a structured, machine-readable format and transfer it to another controller
• Right to Object: You can object to processing based on legitimate interest, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds
• Right Not to Be Subject to Automated Decisions: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects

• You have the right to access your personal information in our custody or control
• You can request correction of inaccurate or incomplete information
• You can withdraw consent to the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions
• You can file a complaint with the Office of the Privacy Commissioner of Canada or the BC Office of the Information and Privacy Commissioner

To exercise any of these rights, please contact our Privacy Officer using the details in Section 18. We will respond to your request within 30 days. In complex cases, we may extend this by up to two additional months, and we will inform you of any such extension within the initial 30-day period. We may need to verify your identity before processing your request.

Our website and services are intended for business use and do not target anyone under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal data from a child without verified parental consent, we will take steps to delete that information promptly.

We use cookies and similar tracking technologies on our website. Cookies are small data files placed on your device that help us provide and improve our services.

You can control cookies through your browser settings. Most browsers allow you to refuse all cookies, accept only certain cookies, or be notified when a cookie is set. Please note that disabling cookies may affect the functionality of our website.

Our website may contain links to third-party websites that are not operated by us. We have no control over the content, privacy policies, or practices of third-party sites. We strongly encourage you to review the privacy policy of every website you visit. A link from our website does not imply endorsement of the linked site.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes:

• We will update the “Effective Date” and “Last Reviewed” dates at the top of this page
• For material changes, we will provide prominent notice on our website and, where feasible, notify you by email
• We will maintain an archive of previous versions upon request

Your continued use of our website after any changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have a complaint about our handling of your personal information, please contact us:

If you are not satisfied with our response, you have the right to file a complaint with the applicable regulatory authority:

• Canada (Federal): Office of the Privacy Commissioner of Canada — 1-800-282-1376
• British Columbia: Office of the Information and Privacy Commissioner for BC — 250-387-5629
• EU/EEA Residents: You may contact your local Data Protection Authority

This Privacy Policy is governed by the laws of British Columbia and the federal laws of Canada applicable therein. This document was last reviewed and approved by management on March 6, 2026. Document reference: ISPO-PP-01 Rev 01.