Privacy Policy

This Privacy Policy describes the information that we gather on or through our Services and how we use and process such information. For each processing purpose, we will articulate the reason for requiring the data, what data we will process, the legal basis for processing the data, and how long we will keep the data. Where the legal basis of consent is to be used, this will be gathered freely, and we will use clear, plain language that is easy to understand. You will be able to remove your consent at any point.

1. What Information do we collect about you and how do we use it?

We collect/process information so that we can provide the best possible experience for you when you use our site. This section of the policy describes the purpose for processing your Personal Data, the legal basis to do so, and how long we will keep your data.

1.1 Our Product / Service

If you choose to use our service, including receiving email notifications, newsletters, and product/service updates, or attending webinars, you must consent to provide us with some Personal Data so that we can provide these services to you. This will include your name, email address, job title, company name, and phone number. Other non-mandatory Personal Data may also be gathered if you choose to provide it.

We will process personal data using two legal rationales:

  • If you are an individual and not associated with a contracted client, we will ask for your consent.
  • If you are associated with a contracted client, we will use legitimate interest as the legal basis to process the data (this includes carrying out the business of providing products and services and pursuing our general business interests). A Legitimate Interest Assessment (LIA) has been conducted to ensure compliance.

Sometimes we may process personal data on the basis that you have provided your consent; however, you have the right to change your mind, which you can do by contacting us using the details below. You may also opt out of receiving marketing emails from us by following the instructions outlined in the email.

We will retain Personal Data for active customer leads or site users for a period of up to one (1) year for a dormant account, i.e., an account which has not been used.

1.2 Corporate

If you choose to use our service, personal data items such as Name, Email Address, and Telephone Number may be stored in our Corporate Cloud Storage, Corporate Email Platform, or our Help Desk platform.

We will process personal data using two legal rationales:

  • If you are an individual and not associated with a contracted client, we will ask for your consent.
  • If you are associated with a contracted client, we will use legitimate interest as the legal basis to process the data.

We will retain Personal Data for active customer leads or site users for a period of one (1) year for a dormant account.

1.3 Marketing

We would like to send you information about new or existing products and services, or content resources of ours which may be of interest to you. You have a right at any time to stop us from contacting you for marketing purposes. To distribute our marketing information, we may use personal data such as names, addresses, email addresses, employer details, job titles, telephone numbers, and LinkedIn profiles.

If you request or consent to be added to our mailing or marketing lists, we will use consent as the legal basis to process your Personal Data. For existing customers who have engaged with our services, we may use legitimate interest as a basis for marketing under soft opt-in rules, where we provide a clear opt-out mechanism in every communication.

We use Mailchimp to manage our email marketing campaigns. By subscribing to our communications, you acknowledge that your data may be transferred to Mailchimp for processing in accordance with their Privacy Policy and Terms.

We will retain Personal Data for active customer leads for a period of one (1) year, where a lead is considered active if:

  • An email sent by our organisation has not received an unknown account bounce back.
  • An email has been sent to us from the data subject.

1.4 Cookies

Like many websites, we use cookies and similar technologies to collect additional site usage data and to improve our services. We will process Personal Data under the legitimate interest legal basis, as we only use the data to perform aggregated tracking analysis and will not target individuals based upon this analysis. You will also need to accept our cookie policy to allow us to process the data.

We will retain active cookie data for a period of one (1) year, with cookies remaining active if a user revisits our site.

2. Updating This Policy

We may change or update this Privacy Policy at any point so that it accurately reflects our services. If we believe your rights have been affected, we will contact users 30 days before implementing the change. If you continue to use the site once the Privacy Policy has been updated, you will be bound by the updated Privacy Policy.

3. Your Rights

You have the following rights under UK GDPR and EU GDPR:

  • Access: You have the right to request a copy of your personal data.
  • Rectification: You may ask us to correct inaccurate information.
  • Deletion: You may request that we delete your personal data.
  • Object, Restrict or Withdraw Consent: You may restrict our ability to process your data or withdraw consent.
  • Portability: You may transfer your personal data to another platform.
  • Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority (e.g., ICO in the UK).

4. Who We Are And How To Contact Us

Supplychain360 is the data controller responsible for this website and for defining and managing how your personal data is processed.

  • Company Name: Supplychain360
  • Company Address: 128 City Road, London, United Kingdom
  • Email Address: info@supplychain360.io

5. Data Transfers Outside the EEA

We may transfer your personal information outside the EEA, including to:

  • HubSpot (CRM data storage)
  • Mailchimp (email marketing platform)
  • Microsoft (internal employee operations)
  • Google (internal employee operations)

Transfers are protected under Standard Contractual Clauses (SCCs) and other legally approved safeguards to ensure compliance with GDPR.

6. Data Security

We have appropriate security measures in place, including:

  • ISO 27001 certified data centres in the UK.
  • Firewalls, intrusion detection, anti-malware, and backup protocols.
  • Access restrictions and staff training on data security.

We cannot guarantee absolute security due to the nature of the internet, but we will take all reasonable efforts to protect your personal information.

This privacy policy was last updated on February 10, 2025.