Tradeshift Data Policy

This document describes Tradeshift’s policy for handling, processing, storing, and otherwise treating transactional and other data relating to Tradeshift Customers (which may be referred to as “you” or “Buyer” or “Supplier” or “Seller”), and data associated with individual users and employees of the Buyer and Seller organizations, when sent to Tradeshift as part of your use of the SaaS Service.

Contents

• Definitions
• Overview
• Ownership
• Transaction Data Handling
• Business Contact Information
• Data Use By Tradeshift
• Promoting Your Organization
• Transaction Data and Third Parties
• Data Analytics and Benchmarking
• Tradeshift’s Commitment to Data Security
• Miscellaneous

Definitions

“SaaS Service” means the following services to which you have subscribed (provided under terms of an agreement between Tradeshift Customer and Tradeshift):

1. The Tradeshift Platform (“TP”),
2. The Tradeshift Pay service,
3. The Tradeshift Buy service (including marketplaces), 
4. The Tradeshift Engage service,
5. The Tradeshift Go service; and
6. Any of Tradeshift Early Payment Programs.

“Trading Partner” means an entity with which you or your company transacts using a SaaS Service.

Overview

Tradeshift collects information that you, or a Trading Partner, or other data sources send to the SaaS Service (such as internet-protocol addresses, transaction-related data, and user account information). This data is addressed below in two categories, “Transaction Data” (as defined below) and “Personal Information” (data that can identify an individual or that is associated with the identity of an individual).

Ownership

Tradeshift recognizes and acknowledges that, as between Tradeshift and and our customers, our customers own the data they submit to Tradeshift (whether Transactional Data, Personal Data, or otherwise).  It is also noted that each transaction has two parties involved – Buyer and Seller – and each has an ownership interest in the data relating to such transaction.

Transaction Data Handling

Tradeshift understands the sensitive nature of the transaction data you or your organization may provide while using the SaaS Service. Transaction Data may include information you provide to Tradeshift or your Trading Partners during the registration, cataloging, ordering processes, or through any e-mail or other communication sent by you to the SaaS Service as well as other information that you store within the SaaS Service. It may also include data of transactions sent by your Trading Partners to you via the SaaS Service or by you to your Trading Partners via the SaaS Service. Transaction data may include Personal Information addressed more specifically below. You agree that your Transaction Data must not include information regulated under the International Traffic in Arms Regulations (U.S. government regulations addressing defense-related articles and services) and will not include Sensitive Personal Information as defined in the Tradeshift Privacy Statement.

If you are a Seller who objects to submitting transaction data to your Trading Partner via the SaaS Service, please contact the Trading Partner directly to investigate options (e.g. submitting certain proprietary information outside of the Tradeshift SaaS Service, using anonymous contact information, etc).

Business Contact Information

When a representative of a Buyer or a Seller creates a business account on the SaaS Service, Tradeshift asks for the name and contact information for an account administrator. The account administrator’s information will be used by Tradeshift to contact the company with notices, service offerings and SaaS Service administration purposes. The account administrator for your company is given primary control regarding the establishment and maintenance of user accounts and contacts within a SaaS Service. If you so choose, your organization may provide additional contacts (e.g. “Company Wide Contacts” in the Tradeshift Network). Depending on the SaaS Service and the visibility choices selected by you or your company, your user names, phone numbers, and email addresses and other profile information may be visible to other Buyers and/or Sellers using the SaaS Service or to a broader audience, as in directory option. Please review the documentation for the SaaS Service for visibility options, notification options and role-based options that affect how a specific user or company contact’s business contact information may be used or visible within the Tradeshift SaaS Services.

You should submit only publicly available business contact information. Individual contact information submitted to the SaaS Service should not include private home contact information. You agree not to enter sensitive government identification numbers associated with individual persons into the SaaS Service (e.g. U.S. Social Security Numbers) or to send documents over the SaaS Service containing such identifiers. Individual names and personal information associated with an individual is addressed below as “Personal Information”.

Data Use by Tradeshift

Tradeshift will treat your Transaction Data as confidential information and will use it only to: facilitate operation of Tradeshift solution and related services; enhance your use of the SaaS Service and its related web pages; perform internal tracking and SaaS Service improvement; analyze the extent to which you use the SaaS Service (e.g., the volume and history); enable us to contact you; and process your transactions through the SaaS Service. Tradeshift uses the business contact information you provide for the same purposes, as more fully described in the Tradeshift Privacy Statement.

Promoting Your Organization

You may be given the opportunity to promote your organization to other organizations. In addition, other users of the SaaS Service may conduct a search on the SaaS Service by using various criteria (e.g., information in your company profile to find your organization). In the interest of promoting suppliers to buyers, Tradeshift may supplement Tradeshift Cloud Profiles with statistical data from Tradeshift systems (such as the number of transacting relationships you have, events the Seller has participated in, etc.) or by allowing others to provide feedback on your organization. If you so choose, you will be able to opt out of disclosing certain types of this company-level information. Tradeshift may also utilize certain fields of information in your Tradeshift profile to promote your company’s capabilities (e.g. seller industry, geographic location) as, for example a highlighted Sellers feature visible to buyers.

Transaction Data and Third Parties

In using the SaaS Service, you understand that Tradeshift will send your Transaction Data to your Trading Partners (or others that you or your Trading Partners (as to their shared documents with you) authorize) and Tradeshift service providers in order to facilitate your transactions and the services associated with the SaaS Service or value added services such as finance partners who might provide early payment solutions to Trading Partner or insurance.  Your profile ( “badge”), configurable by you, will allow you to display your level of adoption of the SaaS Service (# of trading partners, # of years on the SaaS Service, # of transactions on the SaaS Service).

Data Analytics and Benchmarking

Tradeshift may create high level statistical reports relating to the SaaS Service utilizing Transaction Data, so long as such reports contain only anonymous, aggregated data that does not identify your company or any specific Transaction Data, and such reports may be reported publicly. Tradeshift offers benchmarking programs to facilitate deeper analysis into spend management practices for companies voluntarily wishing to participate. Tradeshift operates the Tradeshift data analytics and Tradeshift benchmarking programs according to standards that protect the confidentiality of each customer’s information.  These programs enable Tradeshift to offer you valuable feedback on how you use the Tradeshift SaaS Services as compared to typical usage of others by industry, company size, region or other factors.

Tradeshift’s Commitment to Data Security

The Tradeshift Platform solutions have been audited as a Type 2 audit for compliance with the SOC 2 Standards for Availability, Confidentiality, Processing Integrity, and Security and has additional audit reports available upon request including SOC 1 Type 2, ISAE 3402 Type 2, ISO 27001 and PCI Level 1.  General information on the Tradeshift security programs can be found at www.tradeshift.com/security

Tradeshift is compliant with the regulations spelled out in the EU General Data Protection Regulation (GDPR) and additionally is a registered participant in the EU US and Swiss / US Privacy Shield program.  Information about Tradeshift’s participation can be found at https://www.privacyshield.gov/list

Miscellaneous

The English version of this Data Policy shall govern in the event of any conflict or substantive translation changes into a non-English language.

*******

Data Policy v1.1  1 July 2020