Tradeshift Data Policy

This document describes Tradeshift’s policy for handling, processing, storing, and otherwise treating transactional and other data relating to Tradeshift Customers (which may be referred to as “you” or “Buyer” or “Supplier” or “Seller”), and data associated with individual users and employees of the Buyer and Seller organizations, when sent to Tradeshift as part of your use of the Solution.

Contents

Definitions

Overview

Transaction Data Handling

Business Contact Information

Data Use By Tradeshift

Promoting Your Organization

Transaction Data and Third Parties

Data Analytics and Benchmarking

Tradeshift’s Commitment to Data Security

Miscellaneous

Definitions

Solution” means the following services to which you have subscribed (provided under terms of an agreement between Tradeshift Customer and Tradeshift):

  1. The Tradeshift Platform (“TP”),
  2. The Tradeshift Pay solution,
  3. The Tradeshift Buy solution (including marketplaces), and
  4. The Tradeshift Go solution.
  5. “Trading Partner” means an entity with which you or your company transacts using a Solution.

Overview

Tradeshift collects information that you, or a Trading Partner, or other data sources send to the Solution (such as internet-protocol addresses, transaction-related data, and user account information). This data is addressed below in two categories, “Transaction Data” (as defined below) and “Personal Information” (data that can identify an individual or that is associated with the identity of an individual).

Ownership

Tradeshift recognizes and acknowledges that, as between Tradeshift and you, you are the owner of all of your data (whether Transactional Data, Personal Data, or otherwise).  It is also noted that each transaction has two parties involved – Buyer and Seller – and each has an ownership interest in the data relating to such transaction.

Transaction Data Handling

Tradeshift understands the sensitive nature of the transaction data you or your organization may provide while using the Solution. Transaction Data may include information you provide to Tradeshift or your Trading Partners during the registration, cataloging, ordering processes, or through any e-mail or other communication sent by you to the Solution as well as other information that you store within the Solution. It may also include data of transactions sent by your Trading Partners to you via the Solution or by you to your Trading Partners via the Solution. Transaction data may include Personal Information addressed more specifically below. You agree that your Transaction Data must not include information regulated under the International Traffic in Arms Regulations (U.S. government regulations addressing defense-related articles and services) and will not include Sensitive Personal Information as defined in the Tradeshift Privacy Statement.

If you are a Seller who objects to submitting transaction data to your Trading Partner via the Solution, please contact the Trading Partner directly to investigate options (e.g. submitting certain proprietary information outside of the Tradeshift Solution, using anonymous contact information, etc).

Business Contact Information

When a representative of a Buyer or a Seller creates a business account on the Solution, Tradeshift asks for the name and contact information for an account administrator. The account administrator’s information will be used by Tradeshift to contact the company with notices, service offerings and Solution administration purposes. The account administrator for your company is given primary control regarding the establishment and maintenance of user accounts and contacts within a Solution. If you so choose, your organization may provide additional contacts (e.g. “Company Wide Contacts” in the Tradeshift Network). Depending on the Solution and the visibility choices selected by you or your company, your user names, phone numbers, and email addresses and other profile information may be visible to other Buyers and/or Sellers using the Solution or to a broader audience, as in directory option. Please review the documentation for the Solution for visibility options, notification options and role-based options that affect how a specific user or company contact’s business contact information may be used or visible within the Tradeshift Solutions.

You should submit only publicly available business contact information. Individual contact information submitted to the Solution should not include private home contact information. You agree not to enter sensitive government identification numbers associated with individual persons into the Solution (e.g. U.S. Social Security Numbers) or to send documents over the Solution containing such identifiers. Individual names and personal information associated with an individual is addressed below as “Personal Information”.

Data Use by Tradeshift

Tradeshift will treat your Transaction Data as confidential information and will use it only to: facilitate operation of Tradeshift solution and related services; enhance your use of the Solution and its related web pages; perform internal tracking and Solution improvement; analyze the extent to which you use the Solution (e.g., the volume and history); enable us to contact you; and process your transactions through the Solution. Tradeshift uses the business contact information you provide for the same purposes, as more fully described in the Tradeshift Privacy Statement.

Promoting Your Organization

You may be given the opportunity to promote your organization to other organizations. In addition, other users of the Solution may conduct a search on the Solution by using various criteria (e.g., information in your company profile to find your organization). In the interest of promoting suppliers to buyers, Tradeshift may supplement Tradeshift Cloud Profiles with statistical data from Tradeshift systems (such as the number of transacting relationships you have, events the Seller has participated in, etc.) or by allowing others to provide feedback on your organization. If you so choose, you will be able to opt out of disclosing certain types of this company-level information. Tradeshift may also utilize certain fields of information in your Tradeshift profile to promote your company’s capabilities (e.g. seller industry, geographic location) as, for example a highlighted Sellers feature visible to buyers.

Transaction Data and Third Parties

In using the Solution, you understand that Tradeshift will send your Transaction Data to your Trading Partners (or others that you or your Trading Partners (as to their shared documents with you) authorize) and Tradeshift service providers in order to facilitate your transactions and the services associated with the Solution or value added services such as finance partners who might provide early payment solutions to Trading Partner or insurance.  Your profile ( “badge”), configurable by you, will allow you to display your level of adoption of the Solution (# of trading partners, # of years on the Solution, # of transactions on the Solution).

Data Analytics and Benchmarking

Tradeshift may create high level statistical reports relating to the Solution utilizing Transaction Data, so long as such reports contain only anonymous, aggregated data that does not identify your company or any specific Transaction Data, and such reports may be reported publicly. Tradeshift offers benchmarking programs to facilitate deeper analysis into spend management practices for companies voluntarily wishing to participate. Tradeshift operates the Tradeshift data analytics and Tradeshift benchmarking programs according to standards that protect the confidentiality of each customer’s information.  These programs enable Tradeshift to offer you valuable feedback on how you use the Tradeshift Solutions as compared to typical usage of others by industry, company size, region or other factors.

Tradeshift’s Commitment to Data Security

The Tradeshift Platform solutions have been audited as a Type 2 audit for compliance with the SOC 2 Standards for Availability, Confidentiality, Processing Integrity, and Security and has additional audit reports available upon request including SOC 1 Type 2, ISAE 3402 Type 2, ISO 27001 and PCI Level 1.  General information on the Tradeshift security programs can be found at www.tradeshift.com/security

Tradeshift is compliant with the regulations spelled out in the EU General Data Protection Regulation (GDPR) and additionally is a registered participant in the EU US and Swiss / US Privacy Shield program.  Information about Tradeshift’s participation can be found at https://www.privacyshield.gov/list

Miscellaneous

The English version of this Data Policy shall govern in the event of any conflict or substantive translation changes into a non-English language.

*******

Data Policy v1  31 December, 2018