1. List of Subprocessors
  2. Who are we
    1. This website is operated by Tradeshift Inc. (“Tradeshift”, “we” or “us”). Our registered Federal Tax Identification Number is 98-1023485 and our registered address is 221 Main Street, Suite 405 San Francisco, CA 94108 [Address updated January 2020]. We make certain software applications and platforms available to customers on our Site for the purposes of providing a business network and supporting the exchange of business documents between each customer (the “Services”).
    2. Our privacy policy and terms of use (respectively referred to from now on as the “Privacy Policy” and the “Terms of Use”) apply when you use our website (tradeshift.com) (“our Site”). Please read the Privacy Policy and Terms of Use carefully before you start to use our Site. By using our Site, you indicate that you accept the Privacy Policy and Terms of Use and that you agree to abide by them. If you do not agree to them, please refrain from using our Site.
  3. Defined terms used in privacy policy
    1. “Software” means any software accessible on our Site for the use of Users (whether free or if payment is required).
    2. “User” means any person using our Site or the Software (whether that person has paid for such use or not) and “Users”, “you” and “your” shall be construed accordingly.
  4. Introduction to privacy policy
    1. Tradeshift respects your privacy and is committed to protecting your privacy and confidential information. This Privacy Policy (together with our Terms Of Use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we, as data controller of your personal data that you provide to us, will treat it.
  5. Information we may collect from you, why we need it and how we use it
    1. We may collect and process the following data about you:
      1. When you visit our Site: Our cookies policy explains what data we collect from you and what we do with it when you browse through our Site (e.g. your IP address).
      2. When you register on our Site:
        1. What data we collect: When you register on our Site we will collect your username, country of business and email address.
        2. Why we need this data: We will need your username in order to authenticate your user account so that you can benefit from our Services. We will need your email address to send you an activation link to your profile so that you can receive business documents and network requests. We will also need your email address in case you forget your password or wish to receive emails from us with news about our services or changes to any of our policies or terms and conditions. Your IP address is logged by us so that we can prevent any spam, fraud or abuse of our Site. We will store this data only for as long as necessary for the purposes of the Services, unless we are required, for legal reasons or under exceptional circumstances, to retain this data for an extended period.
        3. How we use this data: We will not share your login data (your username, email address, password and IP address) with anyone except in the circumstances referred to in Clause 8 (Disclosure of Your Information).
        4. From time to time we may email you news, updates and sales offers which you can easily opt out of receiving by clicking “unsubscribe” in the relevant email.
      3. When you contact us or submit comments on our Site:
        1. If you submit comments on our Site or contact us for any reason we may store these communications for as long as necessary for the purposes of improving the Services we offer, unless we are required, for legal reasons or under exceptional circumstances, to retain this information for an extended period. Our comments service is run by Disqus and when you submit comments to us they will be received and stored by Disqus under the terms of Disqus’ privacy policy.
  6. Where we store your personal data
    1. All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
    2. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
  7. Updating your personal data
    1. We will need you to help us ensure the Personal Data you provided to us is accurate and up to date. If you wish to correct and update any of your Personal Data, you may do so by updating the Personal Data through the preferences available in your account.
    2. If you want to delete your account, you may do so by deleting your profile from the preferences page in your account. Upon deletion of your account, we will store your Personal Data for the duration set out in Clause 4.1.2.2.
  8. Information Sharing
    1. Onward transfers. In the event of onward transfers of personal data, Tradeshift retains responsibility for ensuring that any further processing of data by third parties acting on our behalf do so in a manner that is consistent with the Privacy Shield principles unless we prove that we are not responsible for the event giving rise to damage.
    2. Service Providers. We engage service providers to perform functions and provide services to us. Where allowed by law, we may share your private personal information with such service providers subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures, and on the condition that the third parties use your private personal data only on our behalf and pursuant to our instructions.
    3. Authorized Personnel. Our employees, agents, consultants, contractors, or other authorized personnel, may have access to user information as necessary in the normal course of our business.
    4. Business Transfers. In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the business assets that is transferred. [Correction made by Tradeshift June 22, 2020] If the Service or Tradeshift, or substantially all of its assets, were acquired, liquidated, or dissolved, user information would be one of the assets that is transferred.
    5. Government, Law Enforcement or Third Parties. We may disclose  information, including, without limitation, Personal Information to comply with applicable laws, regulations, legal processes or governmental requests.  We reserve the right to disclose a user’s Personal Information if we believe, in good faith, that the user is in violation of the Terms of Service, even without a subpoena, warrant or other court order.
  9. Choice and Opt-Out. We provide you the ability to exercise certain controls and choices regarding our collection, use and sharing of your information.
    1. Choice. In accordance with local law, your controls and choices may include:
      1. You may correct, update and delete your account information, as described below;
      2. You may change your choices for subscriptions and newsletters;
      3. You may choose whether or not to receive offers from us;
      4. You may choose whether you received targeted advertising from us or our partners.
    2. Opt-out. We may also use tracking technologies to collect information about your visits over time and across third-party services or other online services. The Network Advertising Initiative (the “NAI”) is a cooperative group of ad serving providers. The NAI has developed a set of privacy principles to which its members adhere. The NAI is committed to providing consumers with clear explanations of Internet advertising practices and how they affect you and the Internet generally. For more information about the NAI, third party ad servers generally and the opt-out options offered through the NAI, visit http://www.networkadvertising.org/index.asp.
  10. Access and Correcting Your Information
    1. If you have a Tradeshift account, you can help ensure that your contact information and preferences are accurate, complete, and up to date by logging in to your Tradeshift account or by emailing us at support@tradeshift.com. For other personal information we hold, we will provide you with access for any purpose including requesting that we correct the data if it is inaccurate or delete the data if we are not required to retain it by law or for legitimate business purposes. We may decline to process requests that are frivolous/vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.
  11. Security of Your Information.
    1. Security Measures. We have put in place physical, electronic, and managerial procedures designed to help prevent unauthorized access, to maintain data security, and to use correctly the information we collect online. These safeguards vary based on the sensitivity of the information that we collect and store.
    2. No Security Guarantees. Although we take appropriate measures to safeguard against unauthorized disclosures of Information, we cannot assure you that Information will never be disclosed, altered or destroyed in a manner that is inconsistent with this Privacy Policy.
  12. Changes to the Privacy Policy. Although most changes are likely to be minor, we may change our Privacy Policy from time to time, and in our sole discretion. We encourage visitors to frequently check this page for any changes to the Privacy Policy. Your continued use of the Service after any change in this Privacy Policy will constitute your acceptance the changes.
  13. California Privacy Rights and Do Not Track Disclosures. If you are a California resident, you may have certain additional rights.
  14. Privacy Rights. California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Information by us to third parties for the third parties’ direct marketing purposes. California Business and Professions Code Section 22581 permits registered users who are minors to request and obtain deletion of certain posted content. To make any such requests, please email us at support@tradeshift.com or contact us at the address below.
  15. Do Not Track Disclosures. California Business & Professions Code Section 22575(b) (as amended effective January 1, 2014) provides that California residents are entitled to know how Tradeshift responds to “Do Not Track” browser settings. We do not currently take action to respond to Do Not Track signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a standard once one is created.
  16. Users From Other Jurisdictions. By using the Service, you acknowledge that you accept the practices and policies outlined in this Privacy Policy and consent to having your data transferred to and processed on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you do not accept this Privacy Policy, please do not use the Service. The Service is controlled and operated by Tradeshift from the United States. If you are not a resident of the United States or you are located outside the United States and choose to use the Service or provide information to us, please note that we may transfer the information, including Personal Information, to the United States and process it there.
  17. Acceptance of this Privacy Policy, followed by your submission of such information represents your agreement and consent to that transfer. We do not represent or warrant that the Service, or any portion thereof, are appropriate or available for use in any particular jurisdiction. Those who choose to access the Service do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules and regulations. You also are subject to United States export controls in connection with your use of the Service and are responsible for any violations of such controls, including, without limitation, any United States embargoes or other federal rules and regulations restricting exports. We may limit the availability of the Service, in whole or in part, to any person, geographic area or jurisdiction that we choose, at any time and in our sole discretion.
  18. Users from Switzerland and the EU with Privacy Shield compliance Tradeshift complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  The Federal Trade Commission has jurisdiction over Tradeshift’s compliance with the Privacy Shield.  Tradeshift has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
  19. In compliance with the Privacy Shield Principles, Tradeshift commits to resolve complaints about our collection or use of your personal information.  European Union or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Tradeshift’s Data Protection Officer at: dpo@tradeshift.com
  20. Under certain conditions, individuals may invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms.  For more information see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.  Tradeshift has further committed to refer unresolved Privacy Shield complaints to JAMS ADR, an alternative dispute resolution provider located in the US. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS ADR for more information or to file a complaint.  The services of JAMS ADR are provided at no cost to you.  You can file a complaint here: https://www.jamsadr.com/eu-us-privacy-shield
  21. Contact Information. If you have any questions, feedback or to report a violation regarding the Privacy Policy, you may email us at support@tradeshift.com or contact us by mail addressed to: Tradeshift Inc. 221 Main Street, Suite 405 San Francisco, CA 94108 [Address updated January 2020].