Effective Date: 1/1/2019
Suplari, Inc. (“us”, “we”, or “our”) operates the www.Suplari.com website (hereinafter referred to as the “Site”). This policy informs you of our policies regarding the collection, use, and disclosure of data and the choices you have associated with that data. We use your data to operate the Site and to provide information to you. By providing us with information, you agree to the collection and use of such information in accordance with this policy.
Information Collection And Use
We collect several different types of information to operate the Site and to provide information regarding our products and services to you.
Types of Data Collected
While using our Site, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
First name and last name
Address, State, Province, ZIP/Postal code, City
We may also collect information on how the Site is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Tracking & Cookies Data
Examples of Cookies we use:
Session Cookies. We use Session Cookies to operate our Site.
Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
Security Cookies. We use Security Cookies for security purposes.
Use of Data
We use the collected data for various purposes:
To provide and maintain the Site
To notify you about changes to our Site
To allow you to participate in interactive features of our Site when you choose to do so
To provide customer care and support
To provide analysis or valuable information so that we can improve the Site
To monitor the usage of the Site
To detect, prevent and address technical issues
Transfer Of Data
Disclosure Of Data
We may disclose your Personal Data in the good faith belief that such action is necessary to:
To comply with a legal obligation
To protect and defend our rights or property
To prevent or investigate possible wrongdoing in connection with the Site
To protect the personal safety of users of the Site or the public
To protect against legal liability
Security Of Data
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
We may employ third party companies and individuals to analyze, implement or operate our Site. These third parties may have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may use third-party Site Providers to monitor and analyze the use of our Site.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Site. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
Please be aware that we may provide links to third party Web sites from our Site as a service to our users and we are not responsible for the content or information collection practices of those sites. We have no ability to control the privacy and data collection practices of such sites and the privacy policies of such sites may differ from this policy. Therefore, we encourage you to review and understand the privacy policies of such sites before providing them with any information.
Our Site is not directed to anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
Choice and Access
We give users the following options for accessing, changing and deleting personal information previously provided, or opting out of receiving communications from us:
By email: email@example.com
GDPR and Suplari
The EU General Data Protection Regulation (GDPR) is a set of data privacy regulations designed to harmonize various data privacy laws across Europe and to provide a common set of regulations, which strengthen protection of the personal data of EU residents. The new regulations dictate requirements for data collection and processing, how individuals may exercise their rights regarding personal data, and requirements for data security.
Suplari is a SaaS offering. In terms of the GDPR, Suplari is the data processor for the data our customers provide to Suplari as a part of our agreements. Suplari customers are the controllers of the data.
Suplari has reviewed and updated its policies and procedures for managing its customers’ personal data. Suplari has completed its GDPR readiness and continues its commitment to complying with the GDPR principles as a data processor for our customers as outlined below:
- Lawfulness, fairness and transparency – Suplari has implemented procedures for complying with data subject access requests (DSARS) within the time stipulated by the GDPR. Suplari is compliant with additional local privacy laws. Suplari’s use of its customers’ data is bound by the terms of legal agreements with its customers.
- Purpose limitation – Suplari uses personal data in the Suplari service solely to support the use of the service for our customers.
- Data minimization – Data collected by end users is the minimum set of data required for account authentication, account recovery, and establishing your account preferences. Any other personal data is sent to Suplari by choice of its customers. For example, some of the procurement transactions sent to Suplari by its customers may contain an employee name or corporate email address.
- Accuracy – Suplari’s processes for incorporating customer procurement data in the Suplari service employs multiple verification steps to ensure the original information maintains integrity during the process of incorporating the data into the Suplari service. Additionally, if any inaccuracies are found while customers are using the service, corrections are made immediately after reported.
- Storage limitation – Suplari retains customer data and end user accounts for as long as its customers ask Suplari to keep the data available in the service. Customers’ end user accounts are removed as requested by customers. Upon termination of the license, all customer data is promptly deleted.
- Integrity and confidentiality – Suplari’s information security policies and procedures follow a least privilege access principle when determining which employees may have access to customer data. If an employee requires access to perform their job an appropriate level of access may be granted upon approval. Suplari has a data breach incident policy and procedure, which is reviewed annually. Suplari also maintains both physical and logical protection to safeguard the integrity and confidentiality of customer data. Customer data is encrypted in transit and at rest. Suplari’s policies, procedures, and performance against its information security controls are audited on an annual basis as a part of SOC 2 Type 2 control audits.
- We take responsibility for complying with the GDPR, at the highest management level and throughout our organization.
- We keep evidence of the steps we take to comply with the GDPR.
- We put in place appropriate technical and organizational measures, such as the following:
- Adopting and implementing data protection policies
- Taking a data protection by design and default approach. We put data protection measures in place throughout the entire life-cycle of system development and operations
- Maintaining documentation of our processing activities
- Implementing appropriate information security measures
- Recording and reporting personal data breaches should they occur
- Carrying out data protection impact assessments for uses of personal data
- Appointing a data protection officer
- We review and update our accountability measures at regular intervals.
If you have questions about GDPR at Suplari or if you wish to exercise your rights as a data subject contact us at firstname.lastname@example.org.
By email: email@example.com