EFFECTIVE DATE: December 12, 2022
SupplierGATEWAY commits to strong and transparent privacy practices. Our Privacy Policy explains:
What Personal Data we collect and why we collect it
How we use Personal Data
Who we share Personal Data with
The choices we offer, including how to access, update, and remove Personal Data
Please read this Privacy Policy carefully. By using or accessing the Service (defined below), you acknowledge that you have read, understood, and agree to be bound to all the terms and conditions of this Privacy Policy, and the “Terms of Use” or other customer agreement between you and SupplierGATEWAY that is applicable to the particular Service you are using or accessing (collectively, “User Agreements”). If you do not agree to this Privacy Policy and the applicable User Agreement, please exit, and do not access or use, the Service.
Your privacy is really important to us, so whether you’re new to SupplierGATEWAY or a long-time user, please take the time to get to know our practices. The policy comprises of the following sections:
INTRODUCTION
TRANSFERS OF PERSONAL DATA
EU Residents
EU-U.S. Privacy Shield Participation
NOTICE OF WHAT INFORMATION WE COLLECT AND HOW WE USE IT
Types Of Personal Data We Collect
Mechanisms for Collection of Personal Data
Use of Personal Data
Online Behavioral Advertising
PROCESSING GROUNDS
HOW AND WITH WHOM DOES SUPPLIERGATEWAY SHARE PERSONAL DATA?
YOUR PRIVACY CHOICES
Opting Out of Behavioral Advertising and Tracking Tools
Emails
Information Shared With Third Parties
SECURITY
DATA RETENTION
INTERACTIONS WITH OTHERS
WHAT RIGHTS AND CHOICES DO YOU HAVE REGARDING YOUR PERSONAL DATA?
Accessing, Correcting, and Deleting Your Personal Data and Other Data Subject Rights
Closing Your Account
California Privacy Rights
Enforcement and Recourse
Privacy Shield Inquiries
CHANGES TO THE PRIVACY POLICY
WHAT IF YOU HAVE QUESTIONS REGARDING YOUR PERSONAL DATA?
INTRODUCTION
This Privacy Policy (“Privacy Policy”) sets forth the privacy practices of SupplierGATEWAY LLC and its current and future SupplierGATEWAY Affiliates (collectively, “SupplierGATEWAY”) for all SupplierGATEWAY services and applications (including, without limitation, mobile Services and applications) (collectively, the “Services”); the SupplierGATEWAY websites located at www.suppliergateway.com and any other SupplierGATEWAY websites or services that link to this Privacy Policy, (collectively, the “Websites”); and all other SupplierGATEWAY products or services provided or otherwise made accessible on or through the Services or the Websites or that otherwise link to or reference this Privacy Policy. The Services, the Websites, and any other SupplierGATEWAY products or services that link or refer to this Privacy Policy are collectively referred to as the “Service.” This Privacy Policy describes how SupplierGATEWAY collects, discloses, stores, transfers, and uses information that could individually identify our users (“Personal Data”) in connection with our Service.
This Privacy Policy does not apply to the practices of third parties, as explained in more detail below. In this Privacy Policy, “we,” “us,” “our,” and other similar references mean SupplierGATEWAY, “you” and “your” and other similar references mean any user of the Service, and “SupplierGATEWAY Affiliates” means any parent, subsidiary, member, officer, director, employee, agent, or contractor of SupplierGATEWAY or any entity under common control with SupplierGATEWAY.
This policy applies (i) immediately to new users who use or access the Service on or after the Effective Date and (ii) on the Effective Date to users who use or access the Service before the Effective Date.
Please contact us if you have any questions or comments about our privacy practices. You can reach us via email at privacy@suppliergateway.com.
TRANSFERS OF PERSONAL DATA
The Service is hosted and operated in the United States (“U.S.”), with development, support and maintenance operations in other countries, through SupplierGATEWAY and its service providers. If you do not reside in the U.S., laws in the U.S. (and other countries) may differ from the laws where you reside. By using the Service, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to SupplierGATEWAY in the U.S. and will be hosted on U.S. servers, and you authorize SupplierGATEWAY to transfer, store, host and process your information to and in the U.S., and possibly other countries. You hereby consent to transfer of your data to the U.S. pursuant to either, at SupplierGATEWAY’s discretion, the EU-U.S. Privacy Shield Framework, the details of which are further set forth below, or the standard data protection clauses promulgated by the EC, a copy of which can be obtained at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087.
EU PERSONAL DATA
If you are located in the EU, United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) related to your Personal Data, as further described below. SupplierGATEWAY will be the controller of your Personal Data processed in connection with the Service, unless you access the Service through an enterprise account, or other SupplierGATEWAY account that is controlled by a third party (e.g. your employer).
EU-U.S. Privacy Shield Participation
SupplierGATEWAY complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EU to the United States. SupplierGATEWAY adheres to the Privacy Shield Principles of (1) Notice; (2) Choice; (3) Accountability for Onward Transfer; (4) Security; (5) Data Integrity and Purpose Limitation; (6) Access and (7) Recourse, Enforcement and Liability (collectively, the “Privacy Shield Principles”). If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern with respect to all Personal Data transferred from the EU to the U.S. To learn more about the Privacy Shield program.
NOTICE OF WHAT INFORMATION WE COLLECT AND HOW WE USE IT
Types of Personal Data We Collect
SupplierGATEWAY collects Personal Data about you when you provide it directly to us, when third parties such as our business partners (e.g. companies with whom we integrate our Service), SupplierGATEWAY clients (such as your customers utilizing SupplierGATEWAY for vendor management) provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Service. We collect the following Personal Data from you in connection with the Service:
Contact Information: information we collect to identify or contact you, we collect typical “business card information” such as your first and last name, company address, email address, telephone number. For example, this is the basic information that we collect when you register for an account in our system.
Financial Account Information: information that you provide in connection with your purchase of the Service (or a purchase made through the Service), including credit card number, credit card expiration date, credit card verification code, bank account number, bank account title, bank name, branch location, and routing number. You must only provide us with Financial Account Information for accounts and credit cards that you have the lawful right to access.
Transaction Information: information related to transactions you conduct on the Service, including when you register for a webinar, event or download special content, and your interactions with the Service (for example the functionality you use and the links clicked on the Service).
User Account Information: information that identifies you to the Service, such as your user name, email address, password, and IP address. For example, we use this information to authenticate you when you log in to the Service, and use the IP address to help maintain your web session security while using the Service.
User Content: to the extent that you choose to input Personal Data as part of such content, images, comments, and other content, information, and materials that you post to or through the Service.
Log Data: information automatically recorded by the Service about how a person uses our Service, such as IP addresses, device and browser type, operating system, the pages or features of our Website or Service to which a user browsed, the time spent on those pages or features, the frequency with which the Service is used by a user, search terms used by a user, the links on the Service that a user clicked on or used, and other statistics.
We also collect usage and performance information that is not Personal Data or that we aggregate or de-identify so that it no longer personally identifies an individual. We also associate some data that is not Personal Data with Personal Data.
We collect Personal Data when a user (i) creates an account (a “User Account”); (ii) logs into the Service; (iii) interacts with the Service; (iv) uploads or generates User Content; (v) communicates with us; and (vi) responds to a communication or interaction from us. Some of the methods and tools we use to collect Personal Data are:
Unique Identifiers: We use unique identifiers such as cookies, e-mail or your pseudonymized customer ID to track individual usage behavior on our Service, such as the length of time spent on a particular page and the pages viewed during a particular log-in period. Unique identifiers collect information about a user’s use of our Service on an individual basis.
Mobile Device Identifiers: Mobile device identifiers are identifiers stored on your mobile device that track certain data and activities occurring on or through your device. Mobile device identifiers enable collection of Personal Data (such as media access controls) as well as non-personally identifiable information (such as usage and traffic data).
Cookies, Web Beacons, and Other Tracking Tools: We and our third party service providers collect information about you, your device, and your use of the Service through cookies, clear gifs (a.k.a. web beacons/web bugs) (“Web Beacons”), and other tracking tools and technological methods (collectively, “Tracking Tools”). Tracking Tools collect information such as computer or device operating system type, IP address, browser type, browser language, mobile device ID, device hardware type, the website or application visited or used before or after accessing our Service, the parts of the Service accessed, the length of time spent on a page or using a feature, and access times for a webpage or feature. These Tracking Tools help us learn more about our users and analyze how users use the Service, such as how often users visit our Service, what features they use, what pages they visit, what emails they open, and what other sites or applications they used prior to and after visiting the Service.
Cookies: Like many websites and mobile application operators, we collect certain information through the use of “cookies,” which are small text files that are saved by your browser when you access our Service. Cookies can either be “session cookies” or “persistent cookies”. Session cookies are temporary cookies that are stored on your device while you are visiting our Website or using our Service, whereas “persistent cookies” are stored on your device for a period of time after you leave our Website or Service. We use persistent cookies to store your preferences so that they are available for the next visit, and to keep a more accurate account of how often you visit our Service, and how your use of the Service varies over time. We also use persistent cookies to measure the effectiveness of advertising efforts. Through these cookies, we may collect information about your online activity after you leave our Service. For more information on cookies, including how to control your cookie settings and preferences, visit http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm, https://ico.org.uk/for-the-public/online/cookies/ and http://www.allaboutcookies.org/.
Web Beacons: Web Beacons help us better manage content on our Service by informing us what content is effective. Web Beacons are embedded in, or otherwise associated with, certain emails or other communications that you receive from us or our partners. Web Beacons help us track your responses and interests and deliver relevant content and services to you. For example, they may let us know when you take actions based on the emails that we send. Web Beacons also allow us to enhance our Behavioral Advertising (defined below), which is further discussed below in the section titled “Online Behavioral Advertising” below.
Social Media Widgets: Some parts of our Service may include social media features, such as the Facebook “like” button, and widgets, such as the “share this” button. These social media features are either hosted by a third party or hosted directly on our Service. When you use these tools, the party that provides the tool, the third party that operates the social media services, and/or we may receive Personal Data about you. By using these tools, you acknowledge that some information, including Personal Data, from your social media services will be transmitted to us, and that information is therefore is covered by this Privacy Policy, and some information, including Personal Data, may be shared with the third party services, and that information is therefore governed by their privacy policies.
Third Party Sources: We may use third-party services, such as open search tools and social networks, to obtain information about you (such as your name or company) and to enrich your personal information by obtaining publicly available information about you, such as your job title, employment history and contact information.
Use of Personal Data
SupplierGATEWAY uses Personal Data to: (i) provide, administer, and improve our Service; (ii) better understand your needs and interests; (iii) fulfill requests you make; (iv) personalize your experience; (v) provide Service announcements; (vi) provide you with information and offers from SupplierGATEWAY, SupplierGATEWAY Affiliates, and our business partners; (vii) protect, investigate, and deter against fraudulent, harmful, unauthorized, or illegal activity and (viii) comply with legal obligations.
For example, we use Personal Data to:
Operate and improve the Service
Facilitate communications among and between users
Evaluate eligibility of customers for certain offers, products, or services
Evaluate the types of offers, products, or services that may be of interest to users
Provide user support
Communicate with users regarding support, security, technical issues, commerce, marketing, and transactions
Facilitate marketing, advertising, surveys.
Administer the Service, User Accounts, and transactions with respect to User Accounts
Enforce our contracts, administering and carrying out our obligations under contracts, and complying with the law
Publish aggregated data about usage trends, which may be derived from Personal Data
PROCESSING GROUNDS
We will only use your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, and our “legitimate interests” or the legitimate interest of others, as further described below.
Contractual Necessity: We process the following categories of Personal Data because we need to process the data to perform under our User Agreement with you, which enables us to provide you with the Service. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Service that require such data:
Contact Information
User Account Information
Financial Account Information
Transaction Information
User Content
Legitimate Interest: We process the following categories of Personal Data when we believe doing so furthers the legitimate interest of us or third parties:
Contact Information
Financial Account Information
User Account Information
Transaction Information
User Content
Partner Information
Log Data
Examples of these legitimate interests include:
Operation and improvement of our business, products, and services
Marketing of our products and services
Provision of customer support
Protection from fraud or security threats
Compliance with legal obligations
Completion of corporate transactions
Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
HOW AND WITH WHOM DOES SUPPLIERGATEWAY SHARE PERSONAL DATA?
We share Personal Data with vendors, third party service providers, and agents who work on our behalf and provide us with services related to the Service. These parties include:
Third parties who act for us or provide services for us, such as billing and credit card payment processing, maintenance, sales, marketing, administration, support, data enrichment, hosting, and database management services
Outside professional advisors (such as lawyers and accountants) for purposes related to the operation of our business such as auditing, compliance, and corporate governance
SupplierGATEWAY Affiliates, including persons or entities that acquire some or all of SupplierGATEWAY or our assets
Co-sponsors and presenters of webinars and events that you attend
We also share Personal Data with third party service providers and agents when necessary to complete a transaction initiated or authorized by you or provide you with a product or service you have requested. In addition to those set forth above, these parties also include:
Other users (when you use a “share link” to post information publicly, share or comment on content, or as otherwise necessary to effect a transaction initiated or authorized by you through the Service)
Social media services (if you interact with them through your use of the Service)
Third party business partners who you access through the Service
Other parties authorized by you
The owner and administrator(s) of the Service account that you use, or of the email address that you used to register with the Service (see “Use of Third-Party E-mail Address” immediately below).
We share Personal Data with presenters, sponsors, or other conference participants or organizers if you register for or attend an online webinar we are involved with.
We also share Personal Data when we believe it is necessary to:
Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies
Protect us, our business or our users, or third parties, for example to enforce our terms of service, prevent spam or other unwanted communications and investigate or protect against fraud
Maintain the security of our products and services
We also share information with third parties when you have given us consent to do so.
Use of Third-Party E-mail Address
If you register for the Service using an e-mail address that we recognize to be either a part of a third-party enterprise account for the Service (an “Enterprise Account”) or a potential enterprise Service purchaser (for example, your employer’s) (each, an “E-Mail Holder”), we may provide your name and email address to the E-Mail Holder and their administrator. In some cases, we will also consolidate your account(s) with the accounts of the E-Mail Holder and we provide your E-Mail Holder and their administrator with access to your User Account information and User Content. This may happen when the E-Mail Holder’s account is established after you register for your individual User Account. We make these transfers to allow users who are part of a larger organization to take advantage of the special features and security enjoyed by our enterprise Account holders, and in order to help you and your organization comply with its internal security and email usage obligations. Please note that all accounts for the Service, and all applicable subaccounts (which may include your User Account), are controlled by the account administrator. In certain cases (e.g. when we are aggregating all of the accounts under a current or potential Enterprise Account), we will provide you with the ability to opt-out of consolidation with an E-Mail Holder’s Account (typically by changing the email address on your account to a non-E-Mail Holder email address).
Additionally,
when an E-Mail Holder creates an Account, we may notify any
individuals already using the Services under an email address with
the same company domain as yours so that they can be migrated to your
enterprise Account.
Business Transfers
SupplierGATEWAY may sell, transfer, or otherwise share some or all of its business or assets, including your Personal Data, in connection with a business deal (or the evaluation of a potential business deal) such as a merger, consolidation, acquisition, reorganization, or sale of assets or in the event of bankruptcy. You acknowledge that such transfers may occur and that any acquirer or successor of SupplierGATEWAY or its assets may continue to use your Personal Data as set forth in this Privacy Policy. You will be notified via email and/or a prominent notice on our Website or Service of any change in ownership or resulting change in uses of your Personal Data, as well as any choices you may have regarding your Personal Data. Similarly, if you access the Service as part of a third party Enterprise Account, the individual or entity controlling the Enterprise Account may transfer or otherwise share the account (including your User Account, User Content, and Personal Data) to an acquirer of some or all of its assets in connection with the migration to an E-Mail Holder’s account, or a business deal (or the evaluation of a potential business deal) such as a merger, consolidation, acquisition, reorganization, or sale of assets, or in the event of bankruptcy.
YOUR PRIVACY CHOICES
Opting Out of Behavioral Advertising and Tracking Tools
You can opt-out of certain Behavioral Advertising activities by doing one or more of the following. Please note that you will need to opt-out of each browser and device for which you desire to apply these opt-out features.
Service Provider Opt Out: You can opt-out directly from some Advertising Service Providers and providers of Tracking Tools by using their opt-out tools. Some of these service providers, and links to their opt-out tools, are:
Google Analytics: with a privacy policy at http://www.google.com/policies/privacy/partners/ and opt out at https://tools.google.com/dlpage/gaoptout.
Industry Opt Out Tools: Some Advertising Service Providers or providers of Tracking Tools may participate in the Network Advertising Initiative's (NAI) Opt-Out Tool (http://www.networkadvertising.org/choices/) and/or the Digital Advertising Alliance (DAA) Consumer Choice Page (http://www.aboutads.info/choices/), and you can opt-out of certain services and learn more about your choices by visiting the links included there. Users in the EU can visit http://www.youronlinechoices.eu/ for more information about your choices and to opt out of participating service providers.
Web Browser Controls: You can prevent the use of certain Tracking Tools, such as cookies, on a device-by-device basis using the controls in your web browser. These controls can be found in the Tools > Internet Options (or similar) menu for your browser, or as otherwise directed by your browser’s support feature. Through your web browser, you may be able to:
Delete existing Tracking Tools
Disable future Tracking Tools
Set your browser to provide you with a warning each time a cookie or certain other Tracking Tools are being set
Mobile Opt Out: Your mobile devices may offer settings that enable you to make choices about the collection, use, or transfer of mobile app information for Behavioral Advertising. You may also opt-out of certain Tracking Tools on mobile devices by installing the DAA’s AppChoice app on your mobile device (for iTunes, visit https://itunes.apple.com/us/app/appchoices/id894822870?mt=8, for Android, visit https://play.google.com/store/apps/details?id=com.DAA.appchoices&hl=en). For more information, please visit http://support.apple.com/kb/HT4228, https://support.google.com/ads/answer/2662922?hl=en or http://www.applicationprivacy.org/expressing-your-behavioral-advertising-choices-on-a-mobile-device, as applicable.
Do Not Track: Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites.
Opting-out of Behavioral Advertising does not mean that you will no longer receive online ads. It only means that such ads will no longer be tailored to your specific viewing habits or interests. You may continue to see ads on and about the Service.
Emails: We will give you the ability to opt-out of marketing-related emails by clicking on a link at the bottom of each such email. You cannot opt-out of receiving certain non-marketing emails regarding the Service.
Information Shared with Third Parties: Except as set forth in this Privacy Policy, you will be notified when your Personal Data may be shared with third parties, and will be able to prevent the sharing of this information. To the extent permitted or required by applicable law, you can opt-out of having your information shared with a third party that is not our agent, by contacting us at privacy@suppliergateway.com.
SECURITY
We believe the security of your information is a serious issue and we are committed to protecting the information we receive from you. We use commercially reasonable security measures to protect against the loss, misuse, and alteration of your information under our control based on the type of Personal Data and applicable processing activity, such as data encryption in transit, data encryption at rest (for customers that elect to purchase our “private cloud” solution), pseudonymization, and enforcement of least privilege and need-to-know principles.
To the extent the Service requires you to provide any Financial Account Information, such as when you purchase subscriptions to the Service, that information will be collected and processed by third-party PCI-compliant service providers. We do not store Financial Account Information transmitted through the Service, provided that we do store (or our payment processor on our behalf will store) just the last four digits of your credit card number, if you provide this to us, to comply with credit card processing requirements of authorizations, charges and chargebacks.
DATA RETENTION
We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide you with the Service, and thereafter as set forth in our Service agreement with you (typically 30 days after termination of the Service, or sooner upon request (except as required by law)). In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation. Upon disposal, we will destroy or render unreadable any such Personal Data. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.
USE OF BIOMETRIC INFORMATION
SupplierGATEWAY will not sell, rent, or trade your Biometric Information, and after verification you may request we delete your Biometric Information. Your Biometric Information will only be used by SupplierGATEWAY to verify your identity in accordance with the guidelines published by the National Institute for Standards and Technology or as required for the prevention of fraud. SupplierGATEWAY will transfer your Biometric Information to our third-party partners only when required by a subpoena, warrant, or other court ordered legal action.
Additionally, by consenting to the collection and use of your Biometric Information you acknowledge that you have been provided with, and agree to be bound by, the SupplierGATEWAY Terms of Service and this SupplierGATEWAY Privacy Policy.
Biometric Information is a form of Personal Information related to biometric characteristics which may be used to identify you. Common examples include fingerprints, voiceprints, scans of a hand, facial geometry recognition, and iris or retina recognition. As used in this policy, Biometric Information includes any “biometric identifiers” or “biometric information” as defined under applicable law.
Facial Biometrics: Our Service requires you to upload an image of your government issued or other identification document(s) as well as your photographic image or "selfie" photograph using your mobile or other device. We use these images to create a facial geometry or faceprint which we use for purposes of identity verification and to prevent the creation of multiple accounts in a fraudulent manner.
We use your Biometric Information only as follows:
• To verify your identity when applying for an Enhanced Digital Certification;
• To verify your identity when applying for a SupplierGATEWAY vendor Credential
SupplierGATEWAY will only share your Biometric Information with our partners in the following circumstances:
• As required with other third parties where permitted by law to enforce our Terms of Service, to comply with legal obligations, or to cooperate with law enforcement agencies concerning conduct or activity that we reasonably believe may violate federal, state, or local law when required by a subpoena, warrant, or other court ordered legal action, and to prevent harm, loss or injury to others.
• To third party service providers that perform Biometric identification functions on our behalf. These service providers are limited to using the Biometric Information to assist in our provision of Identification Services, and must maintain any Biometric Information we share in a secure fashion.
SupplierGATEWAY will not sell, rent, or trade your Biometric Information. Your Biometric Information will only be used by SupplierGATEWAY to verify your identity in accordance with the guidelines published by the National Institute for Standards and Technology or as required for the prevention of fraud. In fulfilling our Services to you, SupplierGATEWAY will transfer your Biometric Information to our third-party partners only when required by a subpoena, warrant, or other court ordered legal action.
SupplierGATEWAY may retain your Biometric Information for up to thirty-six months. SupplierGATEWAY collects and processes your Biometric Information in order to verify your identity and help prevent fraud. Biometric Information is retained in line with SupplierGATEWAY’s obligations to our partners, with the specific retention periods determined by the first instance of identification. Under no circumstances will SupplierGATEWAY retain this information for longer than thirty-six (36) months absent a subpoena, warrant, or other legally compelling justification.
For SupplierGATEWAY members who are residents of Illinois, in accordance with Illinois state law SupplierGATEWAY will retain Biometric Information only until the occurrence of the first of the following:(a) The initial purpose for collecting or obtaining such Biometric Information has been satisfied; or (b) Three (3) years following your last interaction with SupplierGATEWAY.
Yes, you may direct SupplierGATEWAY to delete your Biometric Information. After successfully verifying your identity, you may request that SupplierGATEWAY delete your Biometric Information. You may request the deletion of both the selfie image and Biometric Information submitted during your verification by submitting a request by emailing biometrics@suppliergateway.com. Deletion of the selfie image and associated Biometric Information may take up to seven (7) days and will not impact the validity of your credential or verified status. SupplierGATEWAY reserves the right to retain this information as needed to comply with our legal obligations, including warrants, subpoenas or other court orders, or to help prevent fraud.
Pursuant to the California Consumer Privacy Act of 2018 (CCPA), residents of California are entitled to additional rights and disclosures regarding their Personal information, including Biometric Information.
Yes, you may refuse to consent for the collection of your Biometric Information. Please note that if you refuse to consent to the collection and processing of your Biometric Information then we may not be able to verify you at the required level of assurance for use of all of our Services.
We are committed to protecting your information. We have adopted technical, administrative, and physical security procedures to help protect your information from loss, misuse, unauthorized access, and alteration. Please note that no data transmission or storage can be guaranteed to be 100% secure.
We employ appropriate security safeguards. To safeguard certain sensitive information (such as Biometric Information and government-issued identification information), we implement security measures such as encryption, firewalls, and intrusion detection and prevention systems.
This Biometric Information Privacy Policy may be periodically updated. From time-to-time we may update this policy to reflect new features or changes in our Personal Information practices or our Services. We will post a notice for users at the top of this Privacy Policy addressing any significant changes.
INTERACTIONS WITH OTHERS
This Privacy Policy applies only to the Service. It does not apply to products, services, or sites that are provided by or operated by third parties, even if such products, services or sites are linked or redirected to or from the Service (“Third-Party Sites”), regardless of whether or not such link or redirection is authorized by SupplierGATEWAY. Third-Party Sites may have their own policies regarding privacy, or no policy at all. The fact that we link to a Third-Party Site is not an endorsement, authorization, or representation that we are affiliated with that third party. SupplierGATEWAY is not responsible for Third-Party Sites, and you use them at your own risk. We encourage you to read the privacy policies and terms of the Third-Party Sites that you visit or use.
The Service contains areas where you may be able to publicly post information, communicate with others, submit media content, and/or review goods, services, or vendors, such as discussion boards or blogs. Any information, including Personal Data that you post there, will be public and can be viewed by the public at large, and therefore anyone who accesses such postings will have the ability to read, collect, and further disseminate such information. We have no control over, and take no responsibility for, the use, storage, or dissemination of information posted or otherwise made available on such portions of the Service. By posting Personal Data online in public forums, you may receive unsolicited messages from other parties.
WHAT RIGHTS AND CHOICES DO YOU HAVE REGARDING YOUR PERSONAL DATA?
Accessing, Correcting, and Deleting Your Personal Data and Other Data Subject Rights
You have certain rights with respect to your Personal Data, and we want to help you review and update your information to ensure it is accurate and up-to-date. We may limit or reject your request in certain cases, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, if it is not required by law, or if the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question. In some cases, we may also need you to provide us with additional information, which may include Personal Data, to verify your identity and the nature of your request. We will take reasonable steps to respond to all requests within 30 days (or less!).
If you are a SupplierGATEWAY Account holder, you can accomplish most of the following by logging into your User Account or, for those using enterprise accounts, by contacting your account administrator. You can also contact us directly at privacy@suppliergateway.com if you have any additional requests or questions:
Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data.
Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
Erasure: You can request that we erase some or all of your Personal Data from our systems. Please note that if you request the deletion of information required to provide the Service to you, your User Account will be deactivated and you will lose access to the Service.
Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
For the following, please email us at privacy@suppliergateway.com :
Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Service.
Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for marketing purposes.
Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
You also have the right to lodge a complaint about SupplierGATEWAY’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
Closing Your Account
You may close an account, and upon termination of your User Account, we will take reasonable steps to provide, modify, or delete your Personal Data as soon as is practicable. However, SupplierGATEWAY may nevertheless retain your Personal Data to protect the business interests of SupplierGATEWAY, SupplierGATEWAY Affiliates, vendors, and other users, and some information may remain in archived/backup copies for our records or as otherwise required by law. Those interests include without limitation the completion of transactions, maintaining records for financial reporting purposes, complying with our legal obligations, resolving disputes, and enforcing agreements.
California Privacy Rights
Pursuant to Section 1798.83 of the California Civil Code, residents of California can obtain certain information about the types of Personal Data that companies with whom they have an established business relationship have shared with third parties for direct marketing purposes during the proceeding calendar year. In particular, the law provides that companies must inform consumers about the categories of Personal Data that have been shared with third parties, the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. To request a copy of the information disclosure provided by SupplierGATEWAY pursuant to Section 1798.83 of the California Civil Code, please contact as set forth above.
ENFORCEMENT AND RECOURSE
We take our privacy commitments very seriously. We will conduct internal audits of our compliance with this Privacy Policy, and work to ensure that our employees and service providers also adhere to the Privacy Policy. If you have any questions or concerns regarding privacy related to the Service, please send us a detailed message to privacy@suppliergateway.com , and we will try to resolve your concerns.
Privacy Shield Inquiries
We also commit to resolve complaints about your privacy and our collection or use of Personal Data transferred from the EU to the U.S. in compliance with the Privacy Shield Principles where applicable.
CHANGES TO THE PRIVACY POLICY
We reserve the right to modify this Privacy Policy at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make material changes to this Privacy Policy, you will be notified via email (if you have an account where we have your contact information) or otherwise in some manner through the Service that we deem reasonably likely to reach you (which may include posting a new privacy policy on our Website—or a specific announcement on this page or on our blog). Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the new changes on the Service (or as otherwise indicated at the time of posting) or on the Effective Date set forth in the modified Privacy Policy. In all cases, your continued use of the Service or Website after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.
CHILDREN
Our Service is not intended for children under the age of 18 (16 in the EU), and therefore, SupplierGATEWAY does not knowingly acquire or receive Personal Data from children under the age of 18 (16 in the EU). If we later learn that any user of our Service is under the age of 18 (16 in the EU), we will take appropriate steps to remove that user’s information from our account database and will restrict that individual from future access to the Service.
WHAT IF YOU HAVE QUESTIONS REGARDING YOUR PERSONAL DATA?
Please contact us if you have any questions or comments about our privacy practices or this Privacy Policy. You can reach us online at privacy@suppliergateway.com or by mail at:
SupplierGATEWAY
LLC.
Attention: Privacy Officer
20 Corporate Park,
Suite 118
Irvine, CA 92606
USA
Last Reviewed: Dec 12, 2022