Suplari Privacy Policy

Effective Date: 1/1/2019

Suplari, Inc. (“us”, “we”, or “our”) operates the www.Suplari.com website (hereinafter referred to as the “Site”). This policy informs you of our policies regarding the collection, use, and disclosure of data and the choices you have associated with that data. We use your data to operate the Site and to provide information to you. By providing us with information, you agree to the collection and use of such information in accordance with this policy.

Information Collection And Use

We collect several different types of information to operate the Site and to provide information regarding our products and services to you.

Types of Data Collected

Personal Data

While using our Site, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

Email address
First name and last name
Phone number
Address, State, Province, ZIP/Postal code, City

Usage Data

We may also collect information on how the Site is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Site and hold certain information.Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Site.You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.

Examples of Cookies we use:

Session Cookies. We use Session Cookies to operate our Site.
Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
Security Cookies. We use Security Cookies for security purposes.

Use of Data

We use the collected data for various purposes:

To provide and maintain the Site
To notify you about changes to our Site
To allow you to participate in interactive features of our Site when you choose to do so
To provide customer care and support
To provide analysis or valuable information so that we can improve the Site
To monitor the usage of the Site
To detect, prevent and address technical issues

Transfer Of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. We will take commercially reasonable steps to help ensure that your Personal Data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Data.

Disclosure Of Data

Legal Requirements

We may disclose your Personal Data in the good faith belief that such action is necessary to:

To comply with a legal obligation
To protect and defend our rights or property
To prevent or investigate possible wrongdoing in connection with the Site
To protect the personal safety of users of the Site or the public
To protect against legal liability
Security Of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Site Providers

We may employ third party companies and individuals to analyze, implement or operate our Site. These third parties may have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party Site Providers to monitor and analyze the use of our Site.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Site. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Site available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

Links

Please be aware that we may provide links to third party Web sites from our Site as a service to our users and we are not responsible for the content or information collection practices of those sites. We have no ability to control the privacy and data collection practices of such sites and the privacy policies of such sites may differ from this policy. Therefore, we encourage you to review and understand the privacy policies of such sites before providing them with any information.

Children’s Privacy

Our Site is not directed to anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy.

We will let you know via email and/or a prominent notice on our Site, prior to any material change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when posted.

Choice and Access

We give users the following options for accessing, changing and deleting personal information previously provided, or opting out of receiving communications from us:

By email: compliance@suplari.com

GDPR and Suplari

The EU General Data Protection Regulation (GDPR) is a set of data privacy regulations designed to harmonize various data privacy laws across Europe and to provide a common set of regulations, which strengthen protection of the personal data of EU residents. The new regulations dictate requirements for data collection and processing, how individuals may exercise their rights regarding personal data, and requirements for data security.

Suplari is a SaaS offering. In terms of the GDPR, Suplari is the data processor for the data our customers provide to Suplari as a part of our agreements. Suplari customers are the controllers of the data.

Suplari has reviewed and updated its policies and procedures for managing its customers’ personal data. Suplari has completed its GDPR readiness and continues its commitment to complying with the GDPR principles as a data processor for our customers as outlined below:

  • Lawfulness, fairness and transparency – Suplari has implemented procedures for complying with data subject access requests (DSARS) within the time stipulated by the GDPR. Suplari is compliant with additional local privacy laws. Suplari’s use of its customers’ data is bound by the terms of legal agreements with its customers.
  • Purpose limitation – Suplari uses personal data in the Suplari service solely to support the use of the service for our customers.
  • Data minimization – Data collected by end users is the minimum set of data required for account authentication, account recovery, and establishing your account preferences. Any other personal data is sent to Suplari by choice of its customers. For example, some of the procurement transactions sent to Suplari by its customers may contain an employee name or corporate email address.
  • Accuracy – Suplari’s processes for incorporating customer procurement data in the Suplari service employs multiple verification steps to ensure the original information maintains integrity during the process of incorporating the data into the Suplari service. Additionally, if any inaccuracies are found while customers are using the service, corrections are made immediately after reported.
  • Storage limitation – Suplari retains customer data and end user accounts for as long as its customers ask Suplari to keep the data available in the service. Customers’ end user accounts are removed as requested by customers. Upon termination of the license, all customer data is promptly deleted.
  • Integrity and confidentiality – Suplari’s information security policies and procedures follow a least privilege access principle when determining which employees may have access to customer data. If an employee requires access to perform their job an appropriate level of access may be granted upon approval. Suplari has a data breach incident policy and procedure, which is reviewed annually. Suplari also maintains both physical and logical protection to safeguard the integrity and confidentiality of customer data. Customer data is encrypted in transit and at rest. Suplari’s policies, procedures, and performance against its information security controls are audited on an annual basis as a part of SOC 2 Type 2 control audits.
  • Accountability
    • We take responsibility for complying with the GDPR, at the highest management level and throughout our organization.
    • We keep evidence of the steps we take to comply with the GDPR.
    • We put in place appropriate technical and organizational measures, such as the following:
      • Adopting and implementing data protection policies
      • Taking a data protection by design and default approach. We put data protection measures in place throughout the entire life-cycle of system development and operations
      • Maintaining documentation of our processing activities
      • Implementing appropriate information security measures
      • Recording and reporting personal data breaches should they occur
      • Carrying out data protection impact assessments for uses of personal data
      • Appointing a data protection officer
    • We review and update our accountability measures at regular intervals.

If you have questions about GDPR at Suplari or if you wish to exercise your rights as a data subject contact us at compliance@suplari.com.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

By email: compliance@suplari.com