OUR PRIVACY POLICY

Effective 21 December 2022

OUR PRIVACY PROMISE

Our priority is building trust with our customers. As part of this we are fully committed to respecting our customers’ privacy and ensuring that their data is secure at all stages of their journey with us.

The purpose of this document (“Policy”) is to let you - as one of our customers - know about how your data is being handled by us when you visit or use our sites, so that you can feel confident using our services from day one.

Who we are

When you use our services, Supply Trades ("Supply Trades" or "we") acts as a 'data controller' (meaning a company responsible for protecting your privacy). We are registered as a data controller at 47, KimPur, Mumbai - 313563, with CIN: U01631KA2010PTC096843.

Your data rights 

Did you know that, by law, you have certain rights in relation to your data? These include the right to revoke your consent and the right to object to direct marketing at any time. You may exercise any of these rights via Your Privacy Choices.

- - - - - - - - - - - - - -

NAVIGATING OUR POLICY

To make it easier for you to navigate our Policy, we have numbered each of the sections, as listed below. This will allow you to quickly scroll or skip to the sections that you want to know more about.

  1. OUR SERVICES
  2. HOW OUR SITES WORK
  3. WHAT INFORMATION WE COLLECT & HOW WE USE IT
  4. SHARING YOUR DATA
  5. COOKIES & EVENT TRACKING
  6. STORING YOUR DATA
  7. YOUR DATA RIGHTS
  8. TRANSFERRING YOUR DATA
  9. HOW TO EXERCISE YOUR RIGHTS & CONTACT US
  10. PRIVACY NOTICE FOR CALIFORNIA CONSUMERS
  11. SECURING YOUR INFORMATION
  12. CHANGES TO THIS POLICY

1. OUR SERVICES

Depending on which of our sites you are visiting, Supply Trades offers a number of different services. When you are on our sites, it should always be clear which service applies to you.

2. HOW OUR SITES WORK

Our aspiration is to help our customers make easier buying decisions and to connect them with relevant Suppliers at a click of a button. Our services are obligation-free so whether or not you go on to purchase or trial a Product, book an appointment or sign up to any Offer, the decision is entirely yours!

Unless you are on our site just to read more about a Product or Offer (in which case, please read on), our services generally rely on our customers to submit information to us via a webform. If you choose to submit a webform with us, we’ll do our best to connect you with one or more relevant Suppliers as follows:

RECEIVING MARKETING MESSAGES

We enjoy regularly updating our customers about other Products and Offers that might be of interest to them. This means that we may email or SMS message you about similar Products or Offers to your initial request, unless you opt-out of receiving such marketing messages.

You can change whether or not you receive these messages at any time through Your Privacy Choices. You also have the following options:

From time to time, we may also ask to send you browser notifications via a pop up box when you visit our sites (e.g. at the end of a webform). If you allow these notifications, you will receive regular messages from us about great offers, top tips, popular guides and more information about each Supplier. All our messages give you the option to unsubscribe by clicking on the notification settings and selecting 'Disable Notifications'.

3. WHAT INFORMATION WE COLLECT & HOW WE USE IT

If you visit our sites and use our services, we may collect certain information about you. We want you to understand:

The tables below explain this in more detail.

  1. Contact details (e.g. name, email address, telephone number, postal code) and Product requirements

How we collect it

Why we collect it

Lawful Basis

  • When you click to submit our webforms
  • When you submit your details via a pop-up box on our sites)
  • If we call you after your submission

Products & Offers

  • To connect you with relevant Suppliers
  • To confirm your details or requirements
  • To book an appointment
  • To email or SMS message you with more information about the Products that you have shown an interest in

Consent - You will see on our webforms that we have a really clear consent statement. This statement sets out the Suppliers that will contact you.

You may revoke your consent at any time.

Similar Products & Offers

To email or SMS message you about similar Products

Consent - You may revoke your consent at any time. You also have the right to object to direct marketing.

In some countries, we send such marketing messages on the basis of an existing customer exemption. In these instances we may send such messages only if you have not opted out of receiving them

Automated decision-making

Before we pass your request to any Suppliers, our service may involve an element of automated decision-making. Our technology platform may automatically assess your Product requirements and pass your request to such Suppliers that would like to receive requests at the time your request is made.

Legitimate interests -

You have the right to object to processing based on legitimate interests.

Verification

To verify that your submission is genuine (i.e. submitted by a real human). We may work with 3rd parties (e.g. Contact State) to carry out the verification. You can find out more about how Contact State uses this data here.

Legitimate interests -

You have the right to object to processing based on legitimate interests.

Customer Services

For customer services purposes. For example:

  • to request feedback about your experience using our sites and services, and dealing with the Suppliers with which we connected you
  • to respond to other enquiries or requests that you direct to us

Legitimate interests -

You have the right to object to processing based on legitimate interests.

Marketing

  • To create custom or look alike audiences (see section 4 for more detail).
  • To identify customer trends in order to better understand which of our customers are engaging with our services

Legitimate interests -

You have the right to object to processing based on legitimate interests.

Data Enrichment

  • To enhance our understanding of the services you require, we may match certain business-related data that you provide us with the corresponding data held by third parties.
  • Those third parties may share additional data with us to improve how we engage with you and carry out segmentation of our customers.

Legitimate interests -

You have the right to object to processing based on legitimate interests.

If you partially fill out our webform but do not submit it

Products & Offers

To email you to see if you’re still interested in the Product or Offer

Legitimate interests -

You have the right to object to processing based on legitimate interests.

When you create an account

Managing your account

To create and manage your account

Legitimate interests -

You have the right to object to processing based on legitimate interests.

When you sign up to our events, awards, competitions, prize draws or surveys

Events

  • If you enter an event or award (e.g. the annual Startups Awards, Startups 100 and Young Guns), to run the event or award and contact you in respect of the same where you have submitted an application (e.g. to send out event details)

Competitions & Prize Draws

  • If you enter a competition or prize draw on our site, to run the competition or prize draw, or contact you regarding your entry.
  • Where we are running a competition or prize draw jointly with another party, or promoting one on behalf of another party, we may share your entry details with that party, but only for the purposes of managing the competition or prize draw.


Surveys

  • To analyse survey results

Legitimate interests -

You have the right to object to processing based on legitimate interests.

When you join our mailing lists to receive newsletters, guides, whitepapers, e-books etc. as advertised on our sites

Mailing Lists

  • To send you such content.
  • If you have consented to receiving emails from named third-parties, we will pass your email address to those parties so they can email you.   We may also send you emails on behalf of such third parties.

Consent - You may revoke your consent at any time.

When you post reviews or comments on our sites

Reviews & Comments

To publish or respond to reviews and comments left on our sites

Legitimate interests -

You have the right to object to processing based on legitimate interests.

  1. Sensitive Information (e.g. medical conditions and other information about your health) - We will only collect this information if you are using our services in relation to health Products.

How we collect it

Why we collect it

Lawful Basis

  • When you click to submit our webforms for health Products
  • If we call you after your submission to confirm your health Product requirements
  • To assess which health Supplier to connect you with

Consent - You may revoke your consent at any time.

  1. IP address (this is a unique number associated with a computer or device, which enables it to communicate with other computers and devices over the Internet), other online identifiers, geolocation, device specification

How we collect it

Why we collect it

Lawful Basis

  • When you click on our ads (e.g. on Google, Facebook, TikTok etc)
  • When you interact with our sites by clicking on any links
  • When you click to submit a webform
  • When you click on links in emails or SMS messages we send you

Verification

  • To stop unwanted traffic (i.e. spam and fraudulent visitors) to our site.
  • To verify with our Suppliers that a request has been submitted by you and not by someone else
  • To verify with our Suppliers that you have consented to being contacted by us and them
  • To verify that your request has come from a particular country, state or region
  • To identify if you have submitted a duplicate request
  • To identify that your request has originated from our sites

Marketing

  • To personalise ads to suit you based on your location. We may use a third party to assist us with identifying the IP address location parameters.

Legitimate interests -

You have the right to object to processing based on legitimate interests

  1. Event Data (e.g. user agent, IP address, country, language, and browser/app used) - We may use third party device data collection tools and similar tracking technologies (that sit behind our ads and sites) to collect such data

How we collect it

Why we collect it

Lawful Basis

If you interact with our ads on one of our advertising partners’ platforms (e.g. Facebook, TikTok, and LinkedIn)

  • For marketing attribution purposes (i.e. to better understand how you interact with our content and track the relevance of our marketing campaigns to your interests)
  • For measuring and reporting on the performance of our ad campaigns
  • For ad targeting (but only if you haven’t opted out)

Legitimate interests -

You have the right to object to processing based on legitimate interests

In relation to Event Data that we share with TikTok for the purposes set out above, both Supply Trades and TikTok are joint data controllers. For any subsequent processing TikTok will be an independent controller.

  1. Call recordings (Please be aware that sensitive personal data may be recorded where you voluntarily disclose health information to us over the phone)

How we collect it

Why we collect it

Lawful Basis

  • If we call you after your submission to confirm your details and Product requirements
  • If we call you after you have used our service to ask for service feedback

  • We digitally monitor and/or record calls between you and us for the purposes of quality control and staff training
  • Occasionally, we may need to provide Suppliers with limited access to such recordings in order to resolve disputes

Legitimate interests -

You have the right to object to processing based on legitimate interests

        

  1. Disposition data (i.e. information on whether or you have purchased a Product or signed up to an Offer with one of our Suppliers)

How we collect it

Why we collect it

Lawful Basis

We may receive data (including health data) back from our Suppliers

  • To handle a Supplier query regarding a request sent to them or an enquiry that we have sent to them in order to enable us to resolve the query

Legitimate interests - You have the right to object to processing based on legitimate interests

  • To enable us to improve our marketing
  • To identify customer trends in order to better understand which of our customers are engaging with our services

Legitimate interests - You have the right to object to processing based on legitimate interests

  • To create custom/look alike audiences (see more section 4 for more detail).

Legitimate interests - You have the right to object to processing based on legitimate interests

4. SHARING YOUR DATA

In providing our services to you, and to ensure that we are able to provide you with a good customer experience, we may share your data with third parties.

We work with the following categories of third parties:

In each case, we have appropriate contracts in place with these companies and Suppliers to ensure the protection and confidentiality of your information.

Custom and lookalike audiences

We like to work with Facebook, Google, TikTok and other platforms (“Platforms”) to reach out to you with adverts for other Products that you might be interested in. We also like to use Platforms to reach out to other people who might like to use our service.

We do this in two ways. In both cases, your information, along with other information, is used to create a custom audience and/or a lookalike audience. Whenever an audience is shared with a Platform, the data is first hashed and pseudonymised, meaning that any data within the audience that could identify a person is replaced with an artificial identifier. So, the process is secure. Also, we don’t share more data than we need to for the purpose of creating the audience.

Sharing calls

On occasion, we may pass calls to local police enforcement when necessary under the lawful basis of protecting the vital interests (e.g. the life or safety) of the individual involved.

5. COOKIES & EVENT TRACKING

Cookies

A cookie is a small text file that is placed on your computer by a website that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Web browsers generally allow you to control cookies through the browser settings and you can clear your cookies at any time.

We use cookies on our sites. To find out more about the cookies we use (including the purposes for which we use them) and to manage your cookie settings, visit our cookies preference centre via the 'Cookies Settings' button found on our sites.  

Event Tracking

We may use click identifiers (i.e. a random unique sequence of letters and numbers) or hashing techniques for marketing attribution purposes, to identify new and returning visitors on our sites, or for other event tracking purposes.

Unlike the use of cookies, these techniques do not use any technology to store data on your device. These techniques rely on data voluntarily provided or supported by your browser (e.g. user agent string, IP address etc) and we will never attempt to use them to circumvent the browser or request excessive data about your device.

6. STORING YOUR DATA

We will only hold your information for as long as we need to in order to fulfil the purposes for which it was collected in the first place, as set out in this Policy. Specifically:

7. YOUR DATA RIGHTS

Do you know, you have a number of data rights, which will be determined by the country in which you reside. We have set these out for you in the tables below.

To exercise any of your data rights, you can contact us via the details set out in the ‘HOW TO EXERCISE YOUR RIGHTS & CONTACT US’ section of this Policy.

  1. The European Economic Area (“EEA”) / United Kingdom (“UK”)

If you reside in the EEA or the UK, you have certain rights under the GDPR and UK GDPR in relation to your information. In relation to our site, and the service that we provide, those rights are as follows:

Right to be informed

You have the right to be informed about how we collect and use your personal information. That’s the aim of this Policy!

Right of access

You have the right to ask us for a copy of the personal information we hold about you, and to check that we are lawfully processing it.

Right of rectification

If personal information that we hold about you is inaccurate or out-of-date and requires correction, you have a right to have the data rectified or completed.

Right of erasure

In certain circumstances, you have the right to request that personal information we hold about you is deleted (e.g. if the information is no longer necessary for the purposes for which it was collected or processed).

Right to restrict processing

In certain circumstances, you have the right to request the restriction or suppression of your personal information.

Right of data portability

In certain circumstances, you have the right to obtain (in a structured, commonly used and machine-readable format) and reuse your personal information for your own purposes across different services.

Right to object

You have the right to object to our processing of your personal information. This includes the right to object to direct marketing.

Right to withdraw consent

Where you may have provided your consent to our collection, processing and transfer of your personal information (e.g. to Suppliers), you have the right to withdraw your consent at any time. You can exercise this right by managing Your Privacy Choices.

  1. California Residents

If you are a California resident (i.e. if you reside in California on more than a temporary basis), you will benefit from the rights afforded to you by the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”). These include the right to have your personal data deleted, and the right to object to your personal data being ‘sold’ to third-parties.

For more information, see the section below titled ‘YOUR CALIFORNIA RIGHTS - PRIVACY NOTICE FOR CALIFORNIA CONSUMERS’.

8. TRANSFERRING YOUR DATA

There may be instances where we need to transfer your information outside the UK. For example, where you are using our services outside of the UK, we may need to transfer your information outside the UK.

As of 1 January 2021, the UK is no longer a part of the EEA. Although the UK is no longer part of the EEA, we will still hold your data to the same level of protection as we did when we were part of the EEA. This means that for any transfer of your data outside of the UK, we will continue to take steps to ensure that it is protected to the same level of protection that applies to transfers of data outside of the EEA.

Certain countries have a European Commission adequacy decision, which means they are considered to offer an adequate level of data protection and we will continue to only transfer data to those countries on this basis.

Other countries do not have the same level of legal protection as countries in the EEA, or with an adequacy decision. If we do transfer your data in this way, we will take steps to ensure that it is protected to the same levels that apply in the EEA. This may include, for example, adopting the EU’s standard contractual clauses.

9. HOW TO EXERCISE YOUR RIGHTS & CONTACT US

There are 3 ways in which you can contact us and exercise your rights as explained in this Policy:

  1. Via “Your Privacy Choices” - this is an easy-to-use portal through which you can withdraw your consent to being contacted by us and Suppliers at any time. A link can be found here.
  2. Via email - our data protection team is on hand Monday to Friday to answer your data questions and action your requests. Please email us at [email protected] and we will try to respond to you or action your request as soon as we can.
  3. Via post - you can also write to us at our registered office address: 47, KimPur, Mumbai - 313563
  4. Via phone - if you are based in India, you can call us at the following toll-free number 0674 2702416.

Our lead supervisory authority for the processing set out in this Policy is the UK Information Commissioner’s Office (ICO). If you are unhappy with how we have processed your data, you have the right to make a complaint to the ICO.

If you are based outside of the UK, or you have a complaint concerning our activities outside of the UK, you may prefer to lodge a complaint with a different Supervisory Authority. A list of relevant authorities can be accessed here.

10. PRIVACY NOTICE FOR CALIFORNIA CONSUMERS

This section of our Policy applies to customers who are residents of the state of California, United States, in compliance with the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”).

Information we collect

When customers visit our sites, we may collect certain Personal Information about them (as defined by the CPRA). The table below explains what Personal Information we collected in the preceding twelve months since the section of this Policy was last updated, and how we used, disclosed, sold or shared (for cross-context behavioural advertising purposes) it, broken down by categories.

Category

Fields

How we used it

Who we disclosed it to

Who we sold or shared it with

A. Identifiers

  • First & last name
  • Email address
  • Telephone number
  • Postal address
  • IP address
  • As per section 3(A) of this Policy
  • The process of connecting you with relevant Suppliers  may involve an element of automated decision making
  • To create custom/lookalike audiences for marketing purposes (as set out in section 4 of this Policy
  • With Suppliers who you have consented to being contacted by
  • With our advertising partners (e.g. Facebook, TikTok) but only in a hashed and pseudonymised format
  • With our service providers (e.g. cloud storage providers and email service providers)

With our advertising partners (e.g. Facebook, TikTok) but only in a hashed and pseudonymised format to reach new audiences who might benefit from our services (see our explanation of ‘customer and lookalike audiences’ in section 4).

B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)).

  • First & last name
  • Email address
  • Telephone number
  • Postal address
  • IP address
  • Any other electronic data submitted, stored, sent or received by you

As per category A

As per category A

As per category A

C. Protected classification characteristics under California or federal law.

  • Age
  • Sex and gender
  • Medical conditions
  • Mental or physical disability
  • To connect you with relevant Suppliers who can service your Product or Offer requirements
  • The process of connecting you with relevant Suppliers  may involve an element of automated decision making
  • With Suppliers who you have consented to being contacted by

Not applicable

D. Commercial information.

  • Interest in a Product via our webforms and whether the Product was purchased or if the inquiry was pursued
  • Interest in participating in Offers

As per category C

As per category C

Not applicable

E. Biometric information.

None

Not applicable

Not applicable

Not applicable

F. Internet or other similar network activity.

  • IP address
  • Other information regarding your interaction with our sites, applications, or advertisements
  • To stop unwanted traffic (i.e.spam and fraudulent visitors) to our site
  • To verify with our Suppliers that a request has been submitted by you and not by someone else
  • To verify with our Suppliers that you have consented to being contacted by us and them
  • To verify that your request has come from a particular country, state or region
  • To identify if you have submitted a duplicate request
  • To identify that your request has originated from our sites
  • To personalise ads to suit you based on your location
  • With the Supplier with whom you were connected
  • With a third party service provider who assists us with identifying the IP address location parameters
  • With our service providers who help us verify your request and your consent

Not applicable

G. Geolocation data.

  • Geolocation
  • For the purposes of measuring and reporting on the performance of our ad campaigns.
  • To personalise ads to suit you based on your location
  • To verify that your request has come from a particular country, state or region
  • With a third party service provider who assists us with identifying the IP address location parameters

Not applicable

H. Sensory data.

  • Audio information
  • We digitally monitor and/or record calls between you and us for the purposes of quality control and staff training
  • Occasionally, we may need to provide Suppliers with limited access to such recordings in order to resolve disputes

Not applicable

I. Professional or employment-related information.

None

Not applicable

Not applicable

Not applicable

J. Non-public information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

None

Not applicable

Not applicable

Not applicable

K. Inferences drawn from other personal information.

None

Not applicable

Not applicable

Not applicable

L. Sensitive personal data

  • Health data
  • Any other data that you voluntarily provide to us

As per category A (we do not collect genetic data)

As per category A

Not applicable

Please note that the categories of personal information set out above are obtained directly from you when you submit a webform through our site and indirectly from you (for example, through call recordings, cookies or other tracking mechanisms).

California Consumers’ Individual Rights

California consumers have certain rights in relation to their Personal Information. This section describes your rights and explains how you can exercise them.

Right to delete Personal Information

You have the right to request that your Personal Information collected by us be deleted.

To exercise this right, please email us at [email protected]. Once we receive and confirm your verifiable request, we will delete (and direct the Suppliers who we pass your information to in order to provide the service to delete) your Personal Information from our records, unless an exception applies.

Right to correct inaccurate Personal Information

You have the right to correct any inaccurate, out-of-date, or otherwise obsolete Personal Information that we have collected from you.

To exercise this right, you can email us at [email protected]. 

Right to know categories and specific pieces of Personal Information

You have the right to know what Personal Information we collect about you, for what purpose, from whom we collect it, and whether we sell or disclose the information.

We hope that this Policy provides the information that you are looking for. However, to make such a request, you can email us at [email protected]. 

Right to opt-out of a sale or sharing of Personal Information

You have the right to opt out of the sale or sharing (for cross-context behavioural advertising) of your Personal Information.

If you would like to opt out of the sharing of your Personal Information via cookies, you can opt out at any time by clicking on the cookie icon at the bottom left hand corner of your browser screen and adjusting your settings.

If you would like to opt out of the sharing of your Personal Information for custom audience purposes, you can opt out at any time via the link on our sites stating “Your Privacy Choices”, verifying your email and clicking on the option “Do Not Sell or Share My Personal Information”.

Right to limit the use and disclosure of sensitive Personal Information

You have the right to opt out of the analysis of your health Personal Information (which could be included in any disposition data received from Suppliers) at any time.

You can opt out of the use of your sensitive Personal Information at any time via a link on our sites stating “Your Privacy Choices”, verifying your email and clicking on the option “Limit the Use of My Sensitive Personal Information”.

Right of non-retaliation

You have the right not to be discriminated against if you exercise any of your California consumer rights.

Requests to know, delete and correct

  1. Verification

Requests to know, delete, and correct must be verified. To begin the verification process, please email us at [email protected] and from there, we will take you through the process.

Verifiable consumer requests for access can only be made by you twice within a 12-month period. The request must also:

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity.

  1. Response

Once we have received a verifiable request, we will aim to respond  within 45 days. Sometimes we may require more time. If we do, we will let you know by email with the reasons why and the period of extension.

  1. Authorising an agent

If you are acting as an authorised agent to make a request to know, delete,  correct, or opt out on behalf of a California resident, email us at [email protected] and attach a written authorisation signed by the resident.

Other disclosures

We do not knowingly sell or share Personal Information of customers under 16 years of age.

11. SECURING YOUR INFORMATION

We want you to be confident in trusting us with your information. To ensure that the necessary protection is in place, we have implemented a number of technical, organisational and security measures including:

This list is not exhaustive and may change from time to time.

12. CHANGES TO THIS POLICY

This Policy is effective from the date specified at the top of this Policy and is our most up-to-date version, which supersedes any earlier version.

From time to time, we may update this Policy.