OUR PRIVACY POLICY
Effective 21 December 2022
OUR PRIVACY PROMISE
Our priority is building trust with our customers. As part of this we are fully committed to respecting our customers’ privacy and ensuring that their data is secure at all stages of their journey with us.
The purpose of this document (“Policy”) is to let you - as one of our customers - know about how your data is being handled by us when you visit or use our sites, so that you can feel confident using our services from day one.
Who we are
When you use our services, Supply Trades ("Supply Trades" or "we") acts as a 'data controller' (meaning a company responsible for protecting your privacy). We are registered as a data controller at 47, KimPur, Mumbai - 313563, with CIN: U01631KA2010PTC096843.
Your data rights
Did you know that, by law, you have certain rights in relation to your data? These include the right to revoke your consent and the right to object to direct marketing at any time. You may exercise any of these rights via Your Privacy Choices.
- - - - - - - - - - - - - -
NAVIGATING OUR POLICY
To make it easier for you to navigate our Policy, we have numbered each of the sections, as listed below. This will allow you to quickly scroll or skip to the sections that you want to know more about.
Depending on which of our sites you are visiting, Supply Trades offers a number of different services. When you are on our sites, it should always be clear which service applies to you.
2. HOW OUR SITES WORK
Our aspiration is to help our customers make easier buying decisions and to connect them with relevant Suppliers at a click of a button. Our services are obligation-free so whether or not you go on to purchase or trial a Product, book an appointment or sign up to any Offer, the decision is entirely yours!
Unless you are on our site just to read more about a Product or Offer (in which case, please read on), our services generally rely on our customers to submit information to us via a webform. If you choose to submit a webform with us, we’ll do our best to connect you with one or more relevant Suppliers as follows:
RECEIVING MARKETING MESSAGES
We enjoy regularly updating our customers about other Products and Offers that might be of interest to them. This means that we may email or SMS message you about similar Products or Offers to your initial request, unless you opt-out of receiving such marketing messages.
You can change whether or not you receive these messages at any time through Your Privacy Choices. You also have the following options:
From time to time, we may also ask to send you browser notifications via a pop up box when you visit our sites (e.g. at the end of a webform). If you allow these notifications, you will receive regular messages from us about great offers, top tips, popular guides and more information about each Supplier. All our messages give you the option to unsubscribe by clicking on the notification settings and selecting 'Disable Notifications'.
If you visit our sites and use our services, we may collect certain information about you. We want you to understand:
The tables below explain this in more detail.
How we collect it |
Why we collect it |
Lawful Basis |
|
Products & Offers
|
Consent - You will see on our webforms that we have a really clear consent statement. This statement sets out the Suppliers that will contact you.
You may revoke your consent at any time. |
Similar Products & Offers To email or SMS message you about similar Products |
Consent - You may revoke your consent at any time. You also have the right to object to direct marketing.
In some countries, we send such marketing messages on the basis of an existing customer exemption. In these instances we may send such messages only if you have not opted out of receiving them
|
|
Automated decision-making Before we pass your request to any Suppliers, our service may involve an element of automated decision-making. Our technology platform may automatically assess your Product requirements and pass your request to such Suppliers that would like to receive requests at the time your request is made. |
Legitimate interests - You have the right to object to processing based on legitimate interests. |
|
Verification To verify that your submission is genuine (i.e. submitted by a real human). We may work with 3rd parties (e.g. Contact State) to carry out the verification. You can find out more about how Contact State uses this data here. |
Legitimate interests - You have the right to object to processing based on legitimate interests. |
|
Customer Services For customer services purposes. For example:
|
Legitimate interests - You have the right to object to processing based on legitimate interests. |
|
Marketing
|
Legitimate interests - You have the right to object to processing based on legitimate interests. |
|
Data Enrichment
|
Legitimate interests - You have the right to object to processing based on legitimate interests. |
|
If you partially fill out our webform but do not submit it |
Products & Offers To email you to see if you’re still interested in the Product or Offer |
Legitimate interests - You have the right to object to processing based on legitimate interests. |
When you create an account |
Managing your account To create and manage your account |
Legitimate interests - You have the right to object to processing based on legitimate interests. |
When you sign up to our events, awards, competitions, prize draws or surveys |
Events
Competitions & Prize Draws
|
Legitimate interests - You have the right to object to processing based on legitimate interests. |
When you join our mailing lists to receive newsletters, guides, whitepapers, e-books etc. as advertised on our sites |
Mailing Lists
|
Consent - You may revoke your consent at any time. |
When you post reviews or comments on our sites |
Reviews & Comments To publish or respond to reviews and comments left on our sites |
Legitimate interests - You have the right to object to processing based on legitimate interests. |
How we collect it |
Why we collect it |
Lawful Basis |
|
|
Consent - You may revoke your consent at any time.
|
How we collect it |
Why we collect it |
Lawful Basis |
|
Verification
Marketing
|
Legitimate interests - You have the right to object to processing based on legitimate interests |
How we collect it |
Why we collect it |
Lawful Basis |
If you interact with our ads on one of our advertising partners’ platforms (e.g. Facebook, TikTok, and LinkedIn) |
|
Legitimate interests - You have the right to object to processing based on legitimate interests |
In relation to Event Data that we share with TikTok for the purposes set out above, both Supply Trades and TikTok are joint data controllers. For any subsequent processing TikTok will be an independent controller.
How we collect it |
Why we collect it |
Lawful Basis |
|
|
Legitimate interests - You have the right to object to processing based on legitimate interests |
How we collect it |
Why we collect it |
Lawful Basis |
We may receive data (including health data) back from our Suppliers |
|
Legitimate interests - You have the right to object to processing based on legitimate interests |
|
Legitimate interests - You have the right to object to processing based on legitimate interests |
|
|
Legitimate interests - You have the right to object to processing based on legitimate interests |
4. SHARING YOUR DATA
In providing our services to you, and to ensure that we are able to provide you with a good customer experience, we may share your data with third parties.
We work with the following categories of third parties:
In each case, we have appropriate contracts in place with these companies and Suppliers to ensure the protection and confidentiality of your information.
We like to work with Facebook, Google, TikTok and other platforms (“Platforms”) to reach out to you with adverts for other Products that you might be interested in. We also like to use Platforms to reach out to other people who might like to use our service.
We do this in two ways. In both cases, your information, along with other information, is used to create a custom audience and/or a lookalike audience. Whenever an audience is shared with a Platform, the data is first hashed and pseudonymised, meaning that any data within the audience that could identify a person is replaced with an artificial identifier. So, the process is secure. Also, we don’t share more data than we need to for the purpose of creating the audience.
Sharing calls
On occasion, we may pass calls to local police enforcement when necessary under the lawful basis of protecting the vital interests (e.g. the life or safety) of the individual involved.
Cookies
A cookie is a small text file that is placed on your computer by a website that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Web browsers generally allow you to control cookies through the browser settings and you can clear your cookies at any time.
We use cookies on our sites. To find out more about the cookies we use (including the purposes for which we use them) and to manage your cookie settings, visit our cookies preference centre via the 'Cookies Settings' button found on our sites.
Event Tracking
We may use click identifiers (i.e. a random unique sequence of letters and numbers) or hashing techniques for marketing attribution purposes, to identify new and returning visitors on our sites, or for other event tracking purposes.
Unlike the use of cookies, these techniques do not use any technology to store data on your device. These techniques rely on data voluntarily provided or supported by your browser (e.g. user agent string, IP address etc) and we will never attempt to use them to circumvent the browser or request excessive data about your device.
We will only hold your information for as long as we need to in order to fulfil the purposes for which it was collected in the first place, as set out in this Policy. Specifically:
Do you know, you have a number of data rights, which will be determined by the country in which you reside. We have set these out for you in the tables below.
To exercise any of your data rights, you can contact us via the details set out in the ‘HOW TO EXERCISE YOUR RIGHTS & CONTACT US’ section of this Policy.
If you reside in the EEA or the UK, you have certain rights under the GDPR and UK GDPR in relation to your information. In relation to our site, and the service that we provide, those rights are as follows:
Right to be informed |
You have the right to be informed about how we collect and use your personal information. That’s the aim of this Policy! |
Right of access |
You have the right to ask us for a copy of the personal information we hold about you, and to check that we are lawfully processing it. |
Right of rectification |
If personal information that we hold about you is inaccurate or out-of-date and requires correction, you have a right to have the data rectified or completed. |
Right of erasure |
In certain circumstances, you have the right to request that personal information we hold about you is deleted (e.g. if the information is no longer necessary for the purposes for which it was collected or processed). |
Right to restrict processing |
In certain circumstances, you have the right to request the restriction or suppression of your personal information. |
Right of data portability |
In certain circumstances, you have the right to obtain (in a structured, commonly used and machine-readable format) and reuse your personal information for your own purposes across different services. |
Right to object |
You have the right to object to our processing of your personal information. This includes the right to object to direct marketing. |
Right to withdraw consent |
Where you may have provided your consent to our collection, processing and transfer of your personal information (e.g. to Suppliers), you have the right to withdraw your consent at any time. You can exercise this right by managing Your Privacy Choices. |
If you are a California resident (i.e. if you reside in California on more than a temporary basis), you will benefit from the rights afforded to you by the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”). These include the right to have your personal data deleted, and the right to object to your personal data being ‘sold’ to third-parties.
For more information, see the section below titled ‘YOUR CALIFORNIA RIGHTS - PRIVACY NOTICE FOR CALIFORNIA CONSUMERS’.
8. TRANSFERRING YOUR DATA
There may be instances where we need to transfer your information outside the UK. For example, where you are using our services outside of the UK, we may need to transfer your information outside the UK.
As of 1 January 2021, the UK is no longer a part of the EEA. Although the UK is no longer part of the EEA, we will still hold your data to the same level of protection as we did when we were part of the EEA. This means that for any transfer of your data outside of the UK, we will continue to take steps to ensure that it is protected to the same level of protection that applies to transfers of data outside of the EEA.
Certain countries have a European Commission adequacy decision, which means they are considered to offer an adequate level of data protection and we will continue to only transfer data to those countries on this basis.
Other countries do not have the same level of legal protection as countries in the EEA, or with an adequacy decision. If we do transfer your data in this way, we will take steps to ensure that it is protected to the same levels that apply in the EEA. This may include, for example, adopting the EU’s standard contractual clauses.
There are 3 ways in which you can contact us and exercise your rights as explained in this Policy:
Our lead supervisory authority for the processing set out in this Policy is the UK Information Commissioner’s Office (ICO). If you are unhappy with how we have processed your data, you have the right to make a complaint to the ICO.
If you are based outside of the UK, or you have a complaint concerning our activities outside of the UK, you may prefer to lodge a complaint with a different Supervisory Authority. A list of relevant authorities can be accessed here.
10. PRIVACY NOTICE FOR CALIFORNIA CONSUMERS
This section of our Policy applies to customers who are residents of the state of California, United States, in compliance with the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”).
Information we collect
When customers visit our sites, we may collect certain Personal Information about them (as defined by the CPRA). The table below explains what Personal Information we collected in the preceding twelve months since the section of this Policy was last updated, and how we used, disclosed, sold or shared (for cross-context behavioural advertising purposes) it, broken down by categories.
Category |
Fields |
How we used it |
Who we disclosed it to |
Who we sold or shared it with |
A. Identifiers |
|
|
|
With our advertising partners (e.g. Facebook, TikTok) but only in a hashed and pseudonymised format to reach new audiences who might benefit from our services (see our explanation of ‘customer and lookalike audiences’ in section 4). |
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)). |
|
As per category A |
As per category A |
As per category A |
C. Protected classification characteristics under California or federal law. |
|
|
|
Not applicable |
D. Commercial information. |
|
As per category C |
As per category C |
Not applicable |
E. Biometric information. |
None |
Not applicable |
Not applicable |
Not applicable |
F. Internet or other similar network activity. |
|
|
|
Not applicable |
G. Geolocation data. |
|
|
|
Not applicable |
H. Sensory data. |
|
|
|
Not applicable |
I. Professional or employment-related information. |
None |
Not applicable |
Not applicable |
Not applicable |
J. Non-public information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
None |
Not applicable |
Not applicable |
Not applicable |
K. Inferences drawn from other personal information. |
None |
Not applicable |
Not applicable |
Not applicable |
L. Sensitive personal data |
|
As per category A (we do not collect genetic data) |
As per category A |
Not applicable |
Please note that the categories of personal information set out above are obtained directly from you when you submit a webform through our site and indirectly from you (for example, through call recordings, cookies or other tracking mechanisms).
California Consumers’ Individual Rights
California consumers have certain rights in relation to their Personal Information. This section describes your rights and explains how you can exercise them.
Right to delete Personal Information |
You have the right to request that your Personal Information collected by us be deleted.
To exercise this right, please email us at [email protected]. Once we receive and confirm your verifiable request, we will delete (and direct the Suppliers who we pass your information to in order to provide the service to delete) your Personal Information from our records, unless an exception applies. |
Right to correct inaccurate Personal Information |
You have the right to correct any inaccurate, out-of-date, or otherwise obsolete Personal Information that we have collected from you.
To exercise this right, you can email us at [email protected]. |
Right to know categories and specific pieces of Personal Information |
You have the right to know what Personal Information we collect about you, for what purpose, from whom we collect it, and whether we sell or disclose the information.
We hope that this Policy provides the information that you are looking for. However, to make such a request, you can email us at [email protected]. |
Right to opt-out of a sale or sharing of Personal Information |
You have the right to opt out of the sale or sharing (for cross-context behavioural advertising) of your Personal Information.
If you would like to opt out of the sharing of your Personal Information via cookies, you can opt out at any time by clicking on the cookie icon at the bottom left hand corner of your browser screen and adjusting your settings.
If you would like to opt out of the sharing of your Personal Information for custom audience purposes, you can opt out at any time via the link on our sites stating “Your Privacy Choices”, verifying your email and clicking on the option “Do Not Sell or Share My Personal Information”. |
Right to limit the use and disclosure of sensitive Personal Information |
You have the right to opt out of the analysis of your health Personal Information (which could be included in any disposition data received from Suppliers) at any time.
You can opt out of the use of your sensitive Personal Information at any time via a link on our sites stating “Your Privacy Choices”, verifying your email and clicking on the option “Limit the Use of My Sensitive Personal Information”. |
Right of non-retaliation |
You have the right not to be discriminated against if you exercise any of your California consumer rights. |
Requests to know, delete and correct
Requests to know, delete, and correct must be verified. To begin the verification process, please email us at [email protected] and from there, we will take you through the process.
Verifiable consumer requests for access can only be made by you twice within a 12-month period. The request must also:
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity.
Once we have received a verifiable request, we will aim to respond within 45 days. Sometimes we may require more time. If we do, we will let you know by email with the reasons why and the period of extension.
If you are acting as an authorised agent to make a request to know, delete, correct, or opt out on behalf of a California resident, email us at [email protected] and attach a written authorisation signed by the resident.
Other disclosures
We do not knowingly sell or share Personal Information of customers under 16 years of age.
This list is not exhaustive and may change from time to time.
This Policy is effective from the date specified at the top of this Policy and is our most up-to-date version, which supersedes any earlier version.
From time to time, we may update this Policy.