Effective Date: 2026.01.01
This Data Retention and Data Lifecycle Policy describes the principles and operational guidelines governing how MaxFusion Group Inc. and its affiliated entities retain, archive, de-identify, and delete information processed in connection with their websites, services, digital platforms, and commercial activities.
This document forms part of the MaxFusion Group privacy and data governance framework and should be read together with the MaxFusion Group Privacy Policy, the MaxFusion Group Sub-Processor Disclosure, and the applicable Terms of Use governing the services operated by the Group Companies.
This policy applies to MaxFusion Group Inc., Hanson Energy Inc., ReFusion Recycling Inc., and Inquill Agency LLC, together with any subsidiaries, affiliates, or operating divisions that may from time to time operate under the MaxFusion Group ecosystem (collectively referred to as the “Group Companies”).
The purpose of this policy is to ensure that information processed by the Group Companies is retained only for as long as reasonably necessary to fulfil legitimate operational, contractual, regulatory, and security purposes, and that information is securely deleted, anonymized, or archived when those purposes have been satisfied.
The Group Companies follow several core principles in determining the retention period for information.
Information is retained only for as long as necessary to fulfil the purpose for which it was collected, including operational service delivery, contractual obligations, legal compliance, financial recordkeeping, dispute resolution, and the protection of the rights and interests of the Group Companies.
Where possible, the Group Companies seek to minimize long-term storage of personal information by applying data minimization practices, including periodic deletion, anonymization, and archival processes designed to reduce the exposure of unnecessary data.
Where information is required to be retained for longer periods due to legal or regulatory requirements, such information will be securely stored with restricted access controls and retained only for the duration required by applicable law.
Certain operational systems used by the Group Companies may also maintain backup copies of information for disaster recovery purposes. Such backups are retained in accordance with infrastructure provider policies and are overwritten according to standard backup rotation cycles.
This retention schedule applies to several broad categories of information processed by the Group Companies, including personal information, operational data, technical system data, financial records, and contractual documentation.
These categories include, but are not limited to, information submitted through website forms, communications with clients and partners, customer relationship management records, project documentation, analytics and system logs, financial transactions, and information stored within digital collaboration platforms.
The specific retention periods associated with these categories are described in the retention schedule below.
The following table provides general guidelines regarding how long different categories of information may be retained by the Group Companies.
This Privacy Policy describes how MaxFusion Group Inc., together with its subsidiaries, affiliates, and related operating entities, collects, uses, processes, discloses, and safeguards information in connection with its websites, digital platforms, business operations, and commercial relationships.
This Privacy Policy applies to MaxFusion Group Inc. and its affiliated entities, including but not limited to Hanson Energy Inc., ReFusion Recycling Inc., and Inquill Agency LLC, each of which may operate websites, services, software platforms, or commercial activities within the MaxFusion ecosystem (collectively referred to as the “MaxFusion Group,” “Group Companies,” “Group,” “we,” “us,” or “our”).
This Privacy Policy governs information collected through websites, digital platforms, communications systems, operational tools, and business interactions conducted by or on behalf of the Group Companies, including but not limited to inquiries submitted through corporate websites, communications through email or messaging platforms, participation in digital services or SaaS tools operated by the Group Companies, contractual engagements with clients or partners, sourcing or procurement operations, recycling or asset-processing services, strategic partnerships, investment inquiries, and any related activities undertaken in the ordinary course of the Group’s operations.
For the avoidance of doubt, references in this Privacy Policy to “information,” “personal information,” or “data” shall be interpreted broadly and shall include any information relating to an identified or identifiable individual, business representative, partner, investor, supplier, client, or other person interacting with the Group Companies, whether such information is provided directly, collected through automated systems, obtained through commercial interactions, or derived from operational or analytical processes.
The following definitions and rules of interpretation apply throughout this Privacy Policy.
“Group Companies” means MaxFusion Group Inc. together with any subsidiary, affiliate, controlled entity, or operating division from time to time forming part of the MaxFusion Group, including Hanson Energy Inc., ReFusion Recycling Inc., and Inquill Agency LLC.
“Personal Information” means any information relating to an identified or identifiable natural person, including but not limited to names, contact information, identification records, professional details, communications records, financial information, digital identifiers, location data, and any other information that may reasonably be associated with an individual either directly or indirectly.
“Processing” means any operation performed on personal information, whether automated or manual, including but not limited to collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, restriction, deletion, or destruction.
“Service Providers” means third-party vendors, software providers, hosting providers, infrastructure providers, analytics platforms, payment processors, and other external organisations that process information on behalf of the Group Companies in connection with the provision of services, platform functionality, operational infrastructure, or business operations.
Except where the context otherwise requires, references to the singular shall include the plural and vice versa, references to any gender shall include all genders, and any words following the terms including, include, in particular, for example, or any similar expression shall be construed as illustrative and shall not limit the generality of the preceding description.
This Privacy Policy applies to the following legal entities and their respective business operations:
MaxFusion Group Inc., Hanson Energy Inc., ReFusion Recycling Inc., and Inquill Agency LLC, each of which is incorporated under the laws of the State of Delaware, United States of America, with a registered address at 3500 South DuPont Highway, Dover, Delaware 19901, United States of America.
For the purposes of this Privacy Policy, these entities collectively form the MaxFusion Group and may operate websites, services, platforms, or commercial activities that involve the collection or processing of information as described herein.
This Privacy Policy shall also apply, unless expressly stated otherwise, to any future subsidiaries, affiliated companies, controlled brands, joint ventures, or operational divisions that may from time to time become part of the MaxFusion Group structure.
The Group Companies operate under a structured data governance framework in which each entity may act as a Data Controller or Data Processor depending on the nature of the services provided and the operational context in which information is collected or processed.
In general terms, each operating subsidiary of the Group acts as the Data Controller for personal information collected in connection with its own commercial operations, including but not limited to Hanson Energy Inc. in relation to sourcing and procurement activities, ReFusion Recycling Inc. in relation to recycling and asset-processing services, and Inquill Agency LLC in relation to its own marketing and digital services operations.
MaxFusion Group Inc. provides overarching governance, oversight, and coordination for privacy and data protection practices across the Group Companies and may also act as a Data Controller in connection with certain group-level operational activities, including but not limited to strategic partnership inquiries, investment communications, governance processes, and shared corporate administration.
In addition to its role as an independent operating entity, Inquill Agency LLC may act as an internal service provider and Data Processor when operating digital infrastructure, marketing systems, analytics platforms, or automation systems on behalf of other Group Companies. In such circumstances, Inquill processes information strictly on behalf of the relevant Group entity acting as the Data Controller and in accordance with applicable contractual obligations and data protection requirements.
Information may be shared between Group Companies where reasonably necessary to facilitate legitimate business activities, including but not limited to service delivery, operational coordination, marketing infrastructure management, sourcing and procurement support, recycling and asset-tracking services, compliance functions, or group-level governance activities. Such information sharing is conducted under role-based access controls and restricted to personnel whose access to such information is necessary for the performance of their responsibilities.
For the avoidance of doubt, information collected by one subsidiary is not automatically accessible to all other subsidiaries of the Group and may only be shared where operationally required or where such sharing is consistent with contractual obligations, confidentiality agreements, and applicable legal requirements.
In the course of operating the Group Companies’ websites, services, digital platforms, and commercial operations, we may collect a range of information relating to individuals, businesses, and operational activities. The categories of information collected will vary depending on the nature of the interaction with the Group Companies but may include the following.
We may collect contact and professional information, including names, job titles, company affiliations, business addresses, telephone numbers, email addresses, professional networking profiles, and other information typically provided in the context of business communications, partnership discussions, or commercial inquiries.
We may collect business and commercial information relating to projects, sourcing inquiries, procurement requests, operational specifications, commercial negotiations, project development discussions, infrastructure requirements, facility information, and other details provided by clients, partners, or suppliers in connection with potential or ongoing business relationships.
We may collect account and platform information where individuals interact with digital services or software platforms operated by the Group Companies, including login credentials, account identifiers, system access permissions, activity records, usage data, support communications, and other information associated with the administration or operation of user accounts within such platforms.
We may collect financial and transaction information necessary to facilitate payments, billing processes, contractual arrangements, or regulatory compliance obligations, including billing contact details, payment confirmations, banking details for wire transfers, transaction records, tax documentation, and investor-related financial information. Payment card transactions are processed through secure third-party payment providers, including {Primary Payment Processor(s)}, and the Group Companies do not generally store full payment card numbers except where required for billing administration or regulatory compliance.
We may collect identity verification information where required for contractual, regulatory, or operational purposes, including government identification documents, passport information, tax identification records, compliance documentation, and verification information required for investor due diligence, client onboarding, contractor administration, travel coordination, or facility access requirements.
We may collect project and operational information associated with the services provided by the Group Companies, including engineering specifications, equipment configurations, electrical consumption data, solar system design parameters, asset tracking records, logistics documentation, recycling manifests, chain-of-custody records, and other technical or operational information required for project delivery or regulatory reporting.
We may collect shipping and location information, including shipping addresses, facility locations, site coordinates, logistics tracking details, and related operational information provided by clients, partners, or suppliers in connection with sourcing, procurement, recycling, or project delivery operations.
We may collect technical and usage information generated through the operation of websites, digital platforms, or automated systems, including device identifiers, browser type, operating system details, network identifiers, IP addresses, session timestamps, pages visited, usage patterns, and system performance data collected for security monitoring, analytics, or operational improvement purposes.
We may collect communications records, including correspondence conducted through email, messaging platforms, CRM systems, customer support platforms, video conferencing tools, or other communication channels used in the ordinary course of business interactions with the Group Companies.
In certain circumstances, clients using digital systems operated by the Group Companies may upload client-controlled data relating to their own customers or stakeholders. In such circumstances, the client remains the primary Data Controller for such information, and the Group Companies act solely as a service provider or processor in accordance with contractual agreements governing those services.
The Group Companies may obtain information from a variety of sources in connection with the operation of their websites, services, digital platforms, and commercial activities.
Information may be provided directly by individuals or organisations interacting with the Group Companies, including through website inquiry forms, email communications, contractual onboarding processes, project discussions, sourcing inquiries, partnership negotiations, or participation in digital platforms or services operated by the Group.
Information may also be obtained indirectly through operational systems, automated technologies, or third-party service providers used in connection with the Group’s digital infrastructure. Such sources may include analytics platforms, hosting providers, communication platforms, marketing systems, payment processors, customer relationship management systems, and other operational tools used to facilitate the Group Companies’ services.
In certain circumstances, the Group Companies may obtain information through publicly available sources, including professional networking platforms, industry databases, regulatory filings, public business directories, conference participation lists, or similar sources of information used for legitimate business development, partnership evaluation, or market research activities.
Information may also be provided to the Group Companies by clients, partners, suppliers, or other business counterparties in connection with commercial engagements, project coordination, or operational requirements.
The Group Companies process information for a variety of legitimate operational purposes in connection with the provision of services, the management of commercial relationships, and the operation of digital platforms and corporate infrastructure.
Information may be processed for the purpose of responding to inquiries, evaluating potential projects or partnerships, facilitating sourcing or procurement activities, coordinating project delivery, administering contracts, managing customer relationships, operating digital platforms and SaaS tools, supporting internal business administration, and maintaining communications with clients, partners, investors, suppliers, and other stakeholders.
Information may also be processed for operational and administrative purposes including the maintenance of internal records, financial accounting, payment processing, contract management, regulatory compliance, dispute resolution, risk management, and the protection of the rights and interests of the Group Companies.
In addition, information may be used for analytical and improvement purposes, including monitoring the performance of websites and digital platforms, analysing usage patterns, identifying operational inefficiencies, improving service offerings, and developing new products or capabilities within the Group’s ecosystem.
Where permitted by applicable law, information may also be used to communicate updates, insights, or relevant information regarding services, industry developments, or opportunities that may be of professional interest to individuals or organisations interacting with the Group Companies. Such communications will always respect applicable marketing consent requirements where required by law.
Information collected by the Group Companies may be disclosed in limited circumstances where such disclosure is necessary to facilitate the operation of services, comply with legal obligations, or support legitimate business activities.
Information may be shared among Group Companies where reasonably necessary for operational coordination, service delivery, project development, digital infrastructure support, marketing system administration, sourcing activities, recycling and asset-processing services, governance oversight, or other legitimate business functions carried out within the MaxFusion Group ecosystem.
In addition, the Group Companies may disclose information to third-party service providers engaged to support operational infrastructure. Such service providers may include hosting providers, payment processors, communication platforms, analytics providers, marketing infrastructure providers, project management systems, logistics partners, and other vendors necessary to operate the Group’s services and digital platforms. These service providers are contractually required to maintain appropriate confidentiality and security protections and may only process information in accordance with the instructions of the relevant Data Controller.
Where required to deliver services, information may also be shared with business partners, contractors, consultants, suppliers, or logistics providers participating in project delivery or operational coordination. Such disclosures are limited to information reasonably necessary for the performance of those services and are subject to contractual confidentiality obligations where appropriate.
The Group Companies may also disclose information where necessary to comply with legal or regulatory obligations, respond to lawful requests by governmental authorities, enforce contractual rights, investigate suspected fraud or security incidents, or protect the rights, property, or safety of the Group Companies, their partners, or other individuals.
For the avoidance of doubt, certain categories of information are treated with heightened confidentiality and are not shared across Group entities except where operationally required. Such information may include confidential client financial information, proprietary research or development materials, client customer databases, sensitive commercial negotiations, and other data designated as confidential under contractual agreements.
A current description of the categories of service providers used by the Group Companies is available in the MaxFusion Group Sub-Processor Disclosure, available at:
Sub-processor List
The websites and digital platforms operated by the Group Companies may use cookies and similar tracking technologies to support website functionality, monitor performance, analyse usage patterns, and support legitimate marketing and analytics activities.
Cookies are small text files stored on a user’s device that allow websites to recognise returning visitors, maintain session functionality, remember preferences, and collect aggregated usage information.
Tracking technologies used by the Group Companies may include analytics platforms, advertising attribution systems, performance monitoring tools, and similar technologies provided by third-party vendors including but not limited to providers such as Google, LinkedIn, Meta, X, TikTok, and other analytics or advertising platforms.
Non-essential cookies or tracking technologies are deployed only with the consent of users where required by applicable law. Consent for such technologies may be obtained through the cookie consent system implemented on Group websites, currently operated through CookieHub.
Users may also manage or restrict cookie usage through their browser settings, although disabling certain cookies may affect the functionality or performance of certain website features.
Certain operational processes used by the Group Companies may involve automated systems or AI-supported tools used for workflow management, analytics, communications support, or operational efficiency.
These tools may assist in tasks such as analysing operational data, summarising communications, managing marketing automation systems, improving platform performance, or assisting with internal administrative processes.
However, the Group Companies do not use confidential client data or personal contact information to train publicly available artificial intelligence models. Sensitive operational data is not intentionally provided to external AI providers for training purposes.
Where AI-supported tools are used, they are implemented within controlled operational environments and subject to appropriate security safeguards designed to protect confidential and personal information.
Aggregated or anonymised information may be used internally to improve services, systems, or operational processes where such use does not identify individuals.
The Group Companies retain information only for as long as reasonably necessary to fulfil the operational purposes for which the information was collected, to comply with contractual obligations, to meet legal or regulatory requirements, or to protect the legitimate interests of the Group Companies.
In general terms, client operational data is deleted or de-identified within ninety (90) days following the termination of a contractual engagement, unless a longer retention period is required by law, necessary to resolve disputes, required for fraud prevention or security investigations, or maintained temporarily as part of routine backup and disaster recovery processes.
Financial records, contractual documentation, and certain compliance-related records may be retained for longer periods where required under applicable financial, tax, or regulatory requirements.
A more detailed retention schedule may be maintained internally by the Group Companies and referenced within Retention Schedule Table where applicable.
The Group Companies implement commercially reasonable technical and organisational measures designed to protect information from unauthorised access, disclosure, alteration, or destruction.
Such measures may include encryption of information during transmission and storage, role-based access controls, multi-factor authentication for administrative systems, system monitoring and logging, vendor security assessments, periodic security reviews, and incident response procedures designed to address potential security events.
Despite these measures, no digital system can guarantee absolute security, and the Group Companies cannot guarantee that information transmitted through online systems will be completely immune from interception or unauthorised access.
Individuals interacting with the Group Companies are encouraged to maintain the confidentiality of their login credentials and to notify the Group promptly of any suspected unauthorised access to accounts or systems.
The Group Companies operate internationally and may store or process information on systems located outside the country in which the individual providing the information resides.
In particular, many of the Group Companies’ primary systems and infrastructure providers are located in the United States, where the Group’s core operations and hosting infrastructure are typically based.
Where information is transferred internationally, the Group Companies take reasonable steps to ensure that appropriate safeguards are in place consistent with applicable data protection laws. Such safeguards may include contractual protections with service providers, adherence to recognised international data protection standards, and implementation of security measures designed to protect the integrity and confidentiality of information during such transfers.
Depending on the jurisdiction in which an individual resides, applicable data protection laws may provide certain rights relating to personal information processed by the Group Companies.
These rights may include the right to request access to personal information held about the individual, the right to request correction of inaccurate information, the right to request deletion of personal information in certain circumstances, the right to request restriction of processing, and the right to object to certain types of data processing.
Individuals wishing to exercise such rights may submit a request using the contact information provided in this Privacy Policy.
In order to protect personal information from unauthorised disclosure, the Group Companies may require verification of identity before responding to such requests. Once a request has been verified, the Group Companies will respond within a reasonable timeframe consistent with applicable legal requirements and in accordance with {Response Timeframe for Verified Requests}.
The services and websites operated by the Group Companies are intended for business and professional use. The Group Companies do not knowingly collect personal information from children or individuals under the age required by applicable law to provide valid consent in their jurisdiction.
If the Group Companies become aware that personal information has been collected from a minor without appropriate consent, reasonable steps will be taken to delete such information from the relevant systems.
The Group Companies may update this Privacy Policy from time to time to reflect changes in operational practices, technology infrastructure, legal requirements, or corporate structure.
When changes are made, the updated version of this Privacy Policy will be published on the relevant website associated with the Group Companies and the Last Updated date at the beginning of the document will be revised accordingly.
Continued use of the Group Companies’ websites, services, or digital platforms following publication of an updated Privacy Policy will constitute acknowledgement of the revised policy to the extent permitted by applicable law.
Questions, requests, or inquiries regarding this Privacy Policy or the processing of personal information by the Group Companies may be directed to the Group’s legal and privacy contact:
Legal and Privacy Contact
MaxFusion Group Inc.
Email: legal@maxfusiongroup.com
Mailing Address:
3500 South DuPont Highway
Dover, Delaware
19901
United States of America
.svg)