SUPLARI, INC. PRIVACY POLICY
This Privacy Policy describes how Suplari, Inc. and Suplari Acquisition Corporation (together “Suplari,” “we,” “our” or “us”) maintain the privacy of information collected and processed through websites, applications, other online products and services that link to this Privacy Policy (collectively, our “Services”), and when you otherwise interact directly with us. Information is protected by Suplari in accordance with the terms set forth in this Privacy Policy.
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy and, in some cases, we may provide you with additional notice (such as adding a statement to our public website or sending you a notification). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.
If you have any questions about this Privacy Policy, please contact us by email at compliance@suplari.com.
Content
- Collection of Information
- Third Parties to Which Suplari Discloses Personal Information and for What Reason
- How to Contact Suplari with Inquiries or Complaints
- Choice
- Security
- Links to Third Party Websites
- Children
- Transfer of Information to the United States and Other Countries
- Notice of Suplari’s Participation in the Data Privacy Framework
- Suplari’s Privacy Policy for Mexico
COLLECTION OF INFORMATION
Information we Collect and Process when you Interact with Suplari
The legal basis for collecting the data described below follows:
- To perform our responsibilities under our contract with you (e.g., providing the products and services you requested, providing you with customer support).
- When Suplari has a legitimate interest in processing your personal data to operate our business or protect our interests (e.g., to provide, maintain, and improve our products and services, conduct and data analytics).
- To communicate with you about our Services.
- To comply with legal obligations.
We retain your personal data for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.
The Suplari SaaS Application:
Suplari customers who license the Suplari SaaS upload data to the Suplari SaaS application. Suplari does not permit uploading of sensitive personal data. Suplari customer end users must create accounts to securely access and use the Suplari application. Suplari does not process Human Resources (HR) data.
Personal DataPurposeEnd users’ name, business email address, phone numberTo create an account to access the Suplari SaaS application and to communicate with you to provide customer support. Phone number is optional for North American users and is used for multi-factor authentication.Device and Usage Information:
IP address, the pages of our Suplari SaaS application that you visit, the time and date of your visit, the time spent on those pages.
Information Collected by Cookies and Similar Tracking Technologies: We use cookies and similar tracking technologies to track the activity on our Suplari SaaS application and to hold information. Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Suplari SaaS application users are presented with choices to adjust cookie settings.
To analyze the usage patterns of the Suplari SaaS application to improve the application, to troubleshoot technical problems, and to inform contractual customers about how their end users are applying the application to perform their jobs. Application session management.Customer data sets uploaded to the Suplari SaaS application:
Data sets may contain minimal amounts of embedded business-related personal data at the choice of the customer.
Business-related personal data may include name, email address, employee ID, and job title.
To deliver the services and communication requested by its licensed customers.
The Suplari Public Website
Personal Data
Name, email address, phone number
Purpose
Upon your request to be contacted to see a demo of the Suplari SaaS or to ask questions about Suplari.
Device and Usage Information
We collect information about how you access our Services, including your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.
Information Collected by Cookies and Similar Tracking Technologies
We use cookies and similar tracking technologies to track the activity on our website and to hold information.
Website visitors are presented with choices to adjust cookie settings. The website does not currently support certain browser settings or otherwise respond to Do Not Track requests.
Session Cookies
We use Session Cookies to operate our website. Preference Cookies. We use Preference Cookies to remember your preferences and various settings. Analytics Cookies. We use Analytics Cookies to learn more about the users of our website.Security Cookies. We use Security Cookies for security purposes.
THIRD PARTIES TO WHICH SUPLARI DISCLOSES PERSONAL INFORMATION AND FOR WHAT REASON
Suplari maintains contractual agreements with the third parties described below to require compliance with data handling standards Suplari is required to uphold. Suplari recognizes its accountability and liability in cases of onward transfers in cases where the third parties fail to meet the data handling standards. For additional information about onward transfers see the “Accountability for Onward Transfer” section below.
Third Parties Supporting the Suplari Public Website:
- Service provider hosting the Suplari public website.
- Service provider sending email to Suplari public website users who request a demo or who request to be contacted.
Third Parties Supporting the Suplari SaaS Application:
- Service provider hosting the Suplari SaaS. Hosted in the US.
- Service provider of Suplari SaaS identity services, e.g., for end user account management. Hosted in the US.
- Service provider for Suplari SaaS usage statistics to provide to customers and to help improve the usability of the service. Hosted in the US.
- Contract personnel supporting service delivery.
Suplari may also be required to share information for third-party legal representation as follows:
- We may disclose personal data if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including to defend or prosecute legal claims and lawful requests by public authorities to meet national security or law enforcement requirements.
- We may share personal data if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Suplari, our users, the public, or others.
- We share personal data with our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.
- We may share personal data in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
HOW TO CONTACT SUPLARI WITH INQUIRIES OR COMPLAINTS
If you have any inquiries or complaints about Suplari’s collection or processing of your personal data you may contact Suplari at the following: compliance@suplari.com.
Users of the Suplari SaaS application please note the following: Suplari will coordinate closely with its licensed customers to address inquiries or complaints related to personal data processed by Suplari to deliver the Suplari SaaS application. Individual data subjects should first contact the Suplari customer who owns the Suplari SaaS application account you use. In most cases this will be your employer.
CHOICE
Right of Individuals to Access Their Personal Data and to Limit Use of Personal Data
You have the right to be aware of what personal data is being processed by Suplari. You may contact Suplari at the following to request details: compliance@suplari.com.
Bear in mind that by default Suplari retains the personal data you provide to establish your Suplari application SaaS account and to sign in to the Suplari SaaS application. You may contact the Suplari customer who owns the Suplari SaaS application account you use to inquire about any personal information you see in the data sets processed in the Suplari SaaS application. In most cases this will be your employer.
Suplari retains the personal contact information you supply directly in forms on the Suplari public website. You may opt out of receiving marketing and promotional emails from Suplari by following the instructions in those communications or by emailing Suplari at compliance@suplari.com. If you opt out, Suplari may still send you non-promotional emails, such as those about your account or our ongoing business relations.
Suplari public website and SaaS application users are presented with choices to adjust browser cookie settings.
Opting Out
You may opt out of receiving marketing and promotional emails from Suplari by following the instructions in those communications or by emailing us at compliance@suplari.com. If you opt out, Suplari may still send you non-promotional emails, such as those about your account or our ongoing business relations.
Suplari application and website visitors are presented with choices to adjust cookie settings.
Suplari customer employees and agents may opt out of the processing of their data by our Subprocessors by emailing us at compliance@suplari.com with their opt out request, but once we process such request, such employees and agents will not be able to use the Suplari SaaS Application.
SECURITY
We have implemented and maintain reasonable security procedures and practices, and commercially reasonable technical and organizational measures, to ensure a level of security appropriate to the risk in order to help protect your personal data from unauthorized access and exfiltration, theft, unauthorized disclosure, accidental or unlawful destruction, loss, or alteration. However, no security system is perfect. We will notify you if there is a breach of our security where required by law or deemed necessary.
Data Integrity
Suplari’s information security policies and procedures follow a least privilege access principle when determining which employees may have access to customer data. If a Suplari employee requires access to perform their job an appropriate level of access may be granted upon approval. Monitors for potential system intrusion and other security violations alert personnel to any suspicious activity. Suplari maintains a data breach incident policy and procedure, which is reviewed at least annually. Suplari also maintains both physical and logical protection to safeguard the integrity and confidentiality of customer data. Customer data is encrypted in transit and at rest. Suplari’s policies, procedures, and performance against its information security controls are audited on an annual basis as a part of SOC 2 Type II control audits.
Access
Suplari employs least privilege access mechanisms to control access to production systems and customer data (including any personal data therein). Role-based access controls are employed to ensure that access to customer data required for service operations is for an appropriate purpose.
LINKS TO THIRD PARTY WEBSITES
Our Services may contain links to other websites on the Internet that are neither under our control nor maintained by us. Such links do not constitute an endorsement by us of those other websites, the content displayed therein, or the persons or entities associated therewith. You acknowledge that we are providing these links to you only as a convenience, and you agree that we are not responsible for the content of such websites. Your use of these other linked websites is subject to the respective terms of use and privacy policies located on the linked websites.
CHILDREN
Our Services are not intended for or directed at children under the age of 13. In addition, we do not knowingly collect personal data from children under the age of 13. Only adults 18 years or older are permitted to access our services and provide their personal data to us. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to delete that data.
TRANSFER OF INFORMATION TO THE UNITED STATES AND OTHER COUNTRIES
Suplari is headquartered in the United States, and we have operations and service providers in the United States and other countries. Therefore, we and our service providers may transfer your personal data to, or store or access it in, jurisdictions that may not provide levels of data protection that are equivalent to those of your home jurisdiction. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it.
NOTICE OF SUPLARI’S PARTICIPATION IN THE DATA PRIVACY FRAMEWORK
Suplari complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Suplari, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Suplari, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit the DPF website at the following: https://www.dataprivacyframework.gov/.
Suplari’s Commitment to the Principles of the DPF for Processing Personal Data
Suplari commits to subject its business practices to the DPF Principles for all personal data received from the EU in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
The personal data, as defined by the GDPR, collected and processed is described above in the “Collection of Information” section).
Accountability for Onward Transfer
When transferring personal information to a third party acting as a controller, Suplari complies with the DPF Notice and Choice Principles. Suplari acts as controller for personal information collected via the Suplari public website, suplari.com.
When entering into contracts with third-party controllers, contracts stipulate that data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the third-party controller will provide the same level of protection as the DPF Principles and will notify Suplari if the third party makes a determination that it can no longer meet this obligation. Those contracts provide that, when such a determination is made, the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.
Where Suplari transfers personal data to a third party acting as an agent (a sub-processor), (i) Suplari transfers such data only for limited and specified purposes; (ii) Suplari requires at least the same level of privacy protection as is required by the Principles usually by formal terms and conditions; (iii) Suplari takes reasonable and appropriate steps to ensure that the agent effectively processes the personal data transferred in a manner consistent with the organization’s obligations under the Principles; (iv) Suplari requires the agent to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under item (iv), Suplari takes reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) Suplari will provide a summary or a representative copy of the relevant privacy provisions of our contract with that agent to the Department of Commerce upon request.
Inquiries or Complaints
If you have any inquiries or complaints about Suplari’s collection or processing of your personal data you may contact Suplari at the following: compliance@suplari.com.
Users of the Suplari SaaS application please note the following: Suplari will coordinate closely with its licensed customers to address inquiries or complaints related to personal data processed by Suplari to deliver the Suplari SaaS application. Individual data subjects should first contact the Suplari customer who owns the Suplari SaaS application account you use. In most cases this will be your employ
If we are not able to resolve your question or complaint, you have the right to contact your data protection authority for the EU economic area (EEA), UK, or Switzerland using the following links:
- For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
- For individuals in the UK: https://ico.org.uk/global/contact-us/
- For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
Dispute Resolution
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Suplari commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
In its commitment to the principles of the DPF, Suplari also recognizes that supporting the DPF dispute resolution therefore subjects Suplari to the investigatory and enforcement powers of the US Federal Trade Commission (FTC) to bring resolution to claims of merit.
In some cases, you may have the ability to invoke binding arbitration. Additional information is available here for EU/EEA and UK (and Gibraltar) individuals and here for Swiss individuals.
