Tradeshift Data Policy

This document describes Tradeshift’s policy for handling, processing, storing, and otherwise treating transactional and other data relating to Tradeshift Customers (which may be referred to as “you” or “Buyer” or “Supplier” or “Seller”), and data associated with individual users and employees of the Buyer and Seller organizations, when sent to Tradeshift as part of your use of the SaaS Service. This Data Policy may be updated by Tradeshift from time to time to reflect changes in our practices, service offerings, legal or regulatory requirements.

Contents

• Definitions
• Overview
• Ownership
• Transaction Data Handling
• Business Contact Information
• Data Use By Tradeshift
• Promoting Your Organization
• Transaction Data and Third Parties
• Data Analytics and Benchmarking
• Tradeshift’s Commitment to Data Security
• Miscellaneous

Definitions

“SaaS Service” means the Tradeshift cloud services to which you have subscribed (provided under terms of an agreement between you and Tradeshift, or between you and an authorized reseller of Tradeshift).
“Trading Partner” means an entity with which you or your company transact using a SaaS Service and includes marketplace operators facilitating such transactions.
“Tradeshift” for the purpose of this Data Policy means Tradeshift Holdings Inc. and any of its affiliates and subsidiaries.

Overview

Tradeshift collects information that you, or a Trading Partner, or other data sources send to the SaaS Service (such as internet-protocol addresses, transaction-related data, and user account information). This data is addressed below in two categories, “Transaction Data” (as defined below) and “Personal Information” (data that can identify an individual or that is associated with the identity of an individual). Please note that Tradeshift also collects and processes company information you provide us with, including, but not limited to, your company name, company description, company identifiers, tax identifiers, company address information, country information (“Entity Data”), as also described under the Tradeshift Terms of Service).

Ownership

Tradeshift recognizes and acknowledges that, as between Tradeshift and our customers, our customers own the data they submit to Tradeshift (whether Transaction Data, Personal Information, or otherwise). It is also noted that most transactions have two parties involved – Buyer and Seller – and each has an ownership interest in the data relating to such transactions. For transactions processed using the Tradeshift Marketplace Solutions there may also be a marketplace operator involved in each transaction who will also have rights in the Transaction Data.

Transaction Data Handling

Tradeshift understands the sensitive nature of the transaction data you or your organization may provide while using the SaaS Service. Transaction Data may include information you provide to Tradeshift or your Trading Partners during the registration, cataloging, ordering processes, or through any e-mail or other communication sent by you to the SaaS Service as well as other information that you store within the SaaS Service. It may also include data of transactions sent by your Trading Partners to you via the SaaS Service or by you to your Trading Partners via the SaaS Service. Transaction data may include Personal Information addressed more specifically below. You agree that your Transaction Data must not include information regulated under the International Traffic in Arms Regulations (U.S. government regulations addressing defense-related articles and services) and will not include Sensitive Personal Information as defined in the Tradeshift Privacy Statement.

If you are a Seller who objects to submitting Transaction Data to your Trading Partner via the SaaS Service, please contact the Trading Partner directly to investigate options (e.g. submitting certain proprietary information outside of the Tradeshift SaaS Service, using anonymous contact information, etc).

Business Contact Information

When a representative of a Buyer or a Seller creates a business account on the SaaS Service, Tradeshift asks for the name and contact information for an account administrator. The account administrator’s information will be used by Tradeshift to contact the company with notices, service offerings and SaaS Service administration purposes. The account administrator for your company is given primary control regarding the establishment and maintenance of user accounts and contacts within the SaaS Service. If you so choose, your organization may provide additional contacts (e.g. “Company Wide Contacts” in the Tradeshift Network). Depending on the SaaS Service and the visibility choices selected by you or your company, your user names, phone numbers, and email addresses and other profile information may be visible to other Buyers and/or Sellers using the SaaS Service or to a broader audience, as in directory option. Please review the documentation for the SaaS Service for visibility options, notification options and role-based options that affect how a specific user or company contact’s business contact information may be used or visible within the Tradeshift SaaS Services.

You should submit only publicly available business contact information. Individual contact information submitted to the SaaS Service should not include private home contact information. You agree not to enter sensitive government identification numbers associated with individual persons into the SaaS Service (e.g. U.S. Social Security Numbers) or to send documents over the SaaS Service containing such identifiers. Individual names and personal information associated with an individual is addressed below as “Personal Information”.

Data Use by Tradeshift

Tradeshift will treat your Transaction Data as confidential information and will use it only to: 

• facilitate operation of Tradeshift solution and related services; 
• enhance your use of the SaaS Service and its related web pages; 
• perform internal tracking and SaaS Service improvement; 
• analyze the extent to which you use the SaaS Service (e.g., the volume and history); 
• enable us to contact you; 
• identify and consider your company’s potential fit for value-added services, identify you as a user of the SaaS Service to other customers and value-added services partners, and process your transactions through the SaaS Service. 

Tradeshift uses the business contact information you provide for the same purposes, as more fully described in the Tradeshift Privacy Statement.

Your Entity Data is processed for the same purposes and may be publicly visible within the SaaS Service to other users of the SaaS Service, depending on your account settings, as described in the Tradeshift Terms of Service.

Promoting Your Organization

You may be given the opportunity to promote your organization to other organizations. In addition, other users of the SaaS Service may conduct a search on the SaaS Service by using various criteria (e.g., information in your company profile to find your organization). In the interest of promoting suppliers to Buyers, Tradeshift may supplement Tradeshift Cloud Profiles with statistical data from Tradeshift systems (such as the number of transacting relationships you have) or by allowing others to provide feedback on your organization. If you so choose, you will be able to opt out of disclosing certain types of this company-level information. Tradeshift may also utilize certain fields of information in your Tradeshift profile to promote your company’s capabilities (e.g. seller industry, geographic location) as, for example, a highlighted Sellers feature visible to buyers.

Transaction Data and Third Parties

In using the SaaS Service, you understand that Tradeshift will send your Transaction Data and/or metrics or metadata associated with your transactions to your Trading Partners (or others that you or your Trading Partners authorize),Tradeshift service providers and value-added services partners in order to facilitate your transactions and the services associated with the SaaS Service and/or to consider you for and facilitate value-added services such as payment and finance partners who might, for example, provide early payment solutions, trade insurance and other financial services to you or your Trading Partners.

Data Analytics and Benchmarking

Tradeshift may create high level statistical reports and aggregated summaries relating to the SaaS Service utilizing Transaction Data from various customers in order to evaluate the operation and usefulness of the Tradeshift Solutions and to consider opportunities to add value for our customers. Tradeshift may report high level statistics about use of the Tradeshift Solutions in a public manner, so long as such reports contain only anonymous, aggregated data that does not identify your company or any specific Transaction Data. From time to time, Tradeshift may offer benchmarking programs to facilitate deeper analysis into spend management practices for companies voluntarily wishing to participate. Tradeshift operates the Tradeshift data analytics and Tradeshift benchmarking programs according to standards that protect the confidentiality of each customer’s information. These programs enable Tradeshift to offer you valuable feedback on how you use the Tradeshift SaaS Services as compared to typical usage of others by industry, company size, region or other factors.

Tradeshift’s Commitment to Data Security

The Tradeshift Platform solutions have been audited as a Type 2 audit for compliance with the SOC 2 Standards for Availability, Confidentiality, Processing Integrity, and Security and has additional audit reports available upon request including SOC 1 Type 2, ISAE 3402 Type 2, ISO 27001 and PCI Level 1.  General information on the Tradeshift security programs can be found at www.tradeshift.com/security

Tradeshift is compliant with the regulations spelled out in the EU General Data Protection Regulation (GDPR) and additionally is a registered participant in the EU US, and  Swiss / US and the UK Extension to the Privacy Shield Data Privacy Framework.  Information about Tradeshift’s participation can be found at https://www.dataprivacyframework.gov/list 

For more information about Tradeshift’s practices with respect to privacy and personal data protection, please consult the Tradeshift Privacy Policies.

Miscellaneous

The English version of this Data Policy shall govern in the event of any conflict or substantive translation changes into a non-English language.

This Data Policy may be updated by Tradeshift from time to time. Your continued use of our services following the posting or notification of any changes to this Data Policy will constitute your acceptance of such changes. We encourage you to review our Data Policy periodically to stay informed about our data practices.

*******

Data Policy v2.1  1 July 2024