Tradeshift website privacy policy

These updated terms went into effect on October 25th, 2023 at 12 p.m. Pacific Daylight Time. To see the previous version of these terms, click here.

This website is operated by Tradeshift Inc. (“Tradeshift”“we” or “us”). Our registered Federal Tax Identification Number is 98-1023485 and our registered address is 447 Sutter Street, Suite 405, San Francisco, CA 94015, USA. We are in the business of offering certain software-as-a-service products including a business to business collaboration platform, to customers  (the “SaaS Services”).

Tradeshift respects your privacy and takes the protection of your personal information seriously. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it in the context of the activities outlined below.

This Privacy Policy applies to activities by Tradeshift, Inc. and its affiliates and other subsidiaries of Tradeshift Holdings, Inc. (collectively “Tradeshift”, “we”, “us”) ( referred to from now on as the “Privacy Policy” ) associated with your use our marketing websites (e.g. tradeshift.com) (the “Site”) and other activities which reference this policy, such as marketing events and sales presentations. This policy does not address the handling of personal data by Tradeshift in the operation of the Tradeshift network and platform and SaaS Services.  Processing of personal data by Tradeshift related to such activities is governed by the Tradeshift Platform Privacy Policy. “User” means any person visiting our Site, receiving marketing communications, or participating in marketing activities and “Users”, “you” and “your” shall be construed accordingly.

This policy does not address the handling of personal data by Tradeshift gathered from or submitted by users of Tradeshift’s business to business platforms and only covers our marketing related sites and activities.  Processing of personal data by Tradeshift related to our platform is governed by the Tradeshift Platform Privacy Policy.

Please read this Privacy Policy and the Terms of Use carefully before you start to use our Site. By using our Site, you indicate that you accept the Privacy Policy and Terms of Use and that you agree to abide by them. If you do not agree with them, please refrain from using our Site.

Information we may collect

We may collect and process the following data about you:

When you visit our Site

Our cookies policy explains what data we collect from you and what we do with it when you visit and browse through our Site (e.g. your IP address).

Usage Information

What data we collect:  Information about how you transact with the websites using our Services, including browser type and language, country and language setting on your device, other attributes about your browser, and the date and time of use of the sites.

How we use this data: To understand usage patterns and ensure our sites remain performant regardless browser and device

Device Information

Information about your device, including hardware model, operating system and version, device name, unique device identifier, mobile network information, and information about the device’s interaction with our websites.

Contact Information

When you register for a marketing event or request product information from our Site or sales team

What data we collect:  Typically we collect your username, country of business and email address, state or country of residence, and may also collect name, title, business phone number and company, Tradeshift products of interest, industry, annual revenue and company size information. For paid events, we will collect billing information which may include your personal mailing or billing address although typically billing is to your company.

How we use this data: To send updates about our platform and services for direct marketing purposes.  From time to time we may email you news, updates and sales offers which you can easily opt out of receiving by clicking “unsubscribe” in the relevant email.

Co-branded Offerings. Some of our offerings or events may be sponsored by Tradeshift and third parties or “co-branded.”  We endeavor to be clear that such a partnership exists.  If you sign up for these events or offerings, be aware that your information may also be collected by those third parties and would be subject to their privacy practices.

Please note that, in certain areas of our website, we may use a practice called progressive profiling, where we gradually collect more detailed information about you over time through repeated interactions. This practice allows us to provide more personalized user experiences and interactions. It is important to note that although this practice is called “progressive profiling”, it does not constitute “profiling” as defined under certain privacy laws. Progressive profiling is not automated in a way that allows us to make decisions on personal aspects concerning you or to create a complete profile based on your behaviors and interests. The information collected through progressive profiling may include, but is not limited to, the categories of data listed in this section. Please note that this information is always provided willingly by the user, and its processing is subject to the user’s explicit consent, which can be withdrawn at any time.

Where we store your personal data

All information you provide to us is stored by us on secure servers that we maintain in countries where Tradeshift operates its business or on systems maintained by our service providers. This means that we may, and we may use third-party service providers to, process and store your information in the United States, United Kingdom, Canada, the European Union, and other countries.

Updating your personal data

In the event of changes, to ensure the Personal Data you provided to us is accurate and up to date, contact us at dpo@tradeshift.com

Information Sharing

Sharing with affiliated companies.  We may share personal data with our affiliated companies (other subsidiaries of Tradeshift Holdings, Inc.) in support of the activities outlined in this policy.

Onward transfers. In the event of onward transfers of personal data, Tradeshift retains responsibility as required by applicable data protection to require any further processing of data by third parties acting on our behalf do so in a manner that is consistent with this policy and applicable law.

Service Providers. We engage service providers to perform functions and provide services to us. Where allowed by law, we may share your private personal information with such service providers subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures, and on the condition that the third parties use your private personal data only on our behalf and pursuant to our instructions.  A list of subprocessors we use with regard to personal data we manage for marketing purposes is at List of Subprocessors

Authorized Personnel. Our employees, agents, consultants, contractors, or other authorized personnel, may have access to user information as necessary in the normal course of our business.

Business Transfers. If the Service or Tradeshift, or substantially all of its assets, were acquired, liquidated, or dissolved, user information would be one of the assets that is transferred but the successor company would be obliged to honor this policy.

Government, Law Enforcement or Third Parties. We may disclose information, including, without limitation, Personal Information to comply with applicable laws, regulations, legal processes or governmental requests.  We reserve the right to disclose a user’s Personal Information if we believe, in good faith, that the user is in violation of the Terms of Service, even without a subpoena, warrant or other court order.

Choice and Opt-Out

We provide you the ability to exercise certain controls and choices regarding our collection, use and sharing of your information.

You can opt out of receiving promotional email messages from us by following the instructions in those messages.  If you receive a call from a Tradeshift representative you may opt out by informing the caller that you would not like to receive future promotional calls.  If you sign up for a newsletter or blog type communication from Tradeshift, you may change your choices for that subscription.

Opt-out of online statistics and tracking technologies. We may use tracking technologies to collect information about your visits over time and across third-party services or other online services.   You may update your cookie preferences at any time by navigating your browser to https://tradeshift.com/cookies/cookie-settings

The Network Advertising Initiative (the “NAI”) is a cooperative group of ad serving providers. The NAI has developed a set of privacy principles to which its members adhere. The NAI is committed to providing consumers with clear explanations of Internet advertising practices and how they affect you and the Internet generally. For more information about the NAI, third party ad servers generally and the opt-out options offered through the NAI, visit http://www.networkadvertising.org/index.asp.

Access and Correcting Your Information

You can help ensure that your contact information and preferences are accurate, complete, and up to date by logging in to your Tradeshift account or by emailing us at dpo@tradeshift.com. For other personal information we hold, we will provide you with access for any purpose including requesting that we correct the data if it is inaccurate or delete the data if we are not required to retain it by law or for legitimate business purposes. We may decline to process requests that are frivolous/vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.

Security of Your Information

We have put in place physical, electronic, and procedural controls designed to help prevent unauthorized access, to maintain data security, and to use correctly the information we collect online. These safeguards vary based on the sensitivity of the information that we collect and store.

Although we take reasonable measures to safeguard against unauthorized disclosures of Information, we cannot assure you that Information will never be disclosed, altered or destroyed.

Data Retention

Tradeshift will retain your personal information for as long as required to fulfill the purposes for which the information was collected and is being processed or for other valid reasons (for example to resolve disputes, comply with our legal obligations, or to enforce our agreements).

Changes to the Privacy Policy

Although most changes are likely to be minor, we may change our Privacy Policy from time to time, and at our sole discretion. We encourage repeat visitors to check this page for any changes to the Privacy Policy.

Consent

Acceptance of this Privacy Policy, followed by your submission of such information represents your agreement and consent to that transfer. We do not represent or warrant that the Site, or any portion thereof, are appropriate or available for reference in any particular jurisdiction. Those who choose to access the Site do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules and regulations. We may limit the availability of the Site, in whole or in part, to any person, geographic area or jurisdiction that we choose, at any time and in our sole discretion.

Users From Other Jurisdictions

By using the Site, you acknowledge that you accept the practices and policies outlined in this Privacy Policy and consent to having your data transferred to and processed on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you do not accept this Privacy Policy, please do not use the Site or attend the event or other offering of Tradeshift referencing this policy. The Site is managed by Tradeshift from the United States although hosting of the web pages may be done in various jurisdictions. If you are not a resident of the United States or you are located outside the United States and choose to use the Site or provide information to us, please note that we may transfer the information, including Personal Information, to the United States and process it there.

Users from Switzerland, the EU, and the UK

As may be relevant, the controller of the personal information is Tradeshift, Inc. However Tradeshift, Inc. is not the controller in connection with an event or offering in which you have entered into a contractual relationship with a specific Tradeshift affiliated company.  In that case, the controller is that specific affiliate with which you or your employer have the contract.

Where we collect and use personal information in connection with a request for information, and order, event registration, or other transaction, or to provide you with services that you requested (such as a web site), we do this because it is necessary for the performance of an agreement with you.  Where we use your information in relation to marketing, product improvement, security or regulatory requirements other than in connection with your agreement or request, we do this on the basis of our or a third party’s legitimate interests or with your consent.

International Transfers of Personal Information

Whenever transferring personal information to recipients located in a third country outside of the European Economic Area, the UK or Switzerland that has not been subject to an adequacy decision by the EU Commission, we will ensure that any requirements under applicable data protection laws relating to cross-border transfers of personal information are fully complied with and that appropriate safeguards are implemented to protect such information. To the extent applicable, we may rely on Standard Contractual Clauses (as approved by the EU Commission) to effect cross-border transfers of personal information or, to the extent allowed, on Tradeshift’s participation in internationally recognized frameworks for the transfer of personal information across borders.

Tradeshift participates in and complies with  the EU-US Data Privacy Framework, the Swiss-US Data Privacy Framework and the UK Extension to the EU-US Data Privacy Framework (hereinafter collectively referred to as the “Data Privacy Framework”), with respect to the collection, use and retention of personal information that is transferred from the European Economic Area, the United Kingdom and Switzerland towards the United States (“DPF Covered Data”). To learn more about the Data Privacy Framework program, please visit https://www.dataprivacyframework.gov/.

In compliance with the Data Privacy Framework requirements, all DPF Covered Data will be subject to the Data Privacy Framework principles, including:

  • Principle of Notice;
  • Principle of Choice;
  • Principle of Accountability for Onward Transfers;
  • Principle of Data Security;
  • Principle of Data Integrity;
  • Principle of Purpose Limitation;
  • Principle of Access;
  • Principles of Recourse, Enforcement and Liability;
  • Any applicable supplemental principles.

As part of its self-certification, Tradeshift has certified to the US Department of Commerce that it adheres to the Data Privacy Framework Principles. To learn more about the Data Privacy Framework, and to inspect Tradeshift’s certification, please visit the following link: click here.

For information regarding how Tradeshift processes your personal information, the purposes of such processing, the entities we may share your personal information with, and how to exercise your privacy rights, please consult the relevant sections of this Privacy Policy. Please note that, in accordance with the Data Privacy Framework principles, Tradeshift is responsible for all DPF Covered Data it receives, and that it subsequently transfers to a third party acting as an agent on its behalf.

If there is any conflict between the terms in this privacy policy and the Data Privacy Framework, the Data Privacy Framework Principles shall govern.

In compliance with the Data Privacy Framework principles, Tradeshift commits to resolve complaints about our collection or use of your personal information.  European Union, Swiss or UK individuals with inquiries or complaints regarding the Data Privacy Framework policy should first contact Tradeshift’s Data Protection Officer at: dpo@tradeshift.com.

In compliance with Data Privacy Framework, Tradeshift further commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal information received in reliance on the Data Privacy Framework.

The Federal Trade Commission has jurisdiction over Tradeshift’s compliance with the Data Privacy Framework. In certain cases, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Under certain conditions, individuals may invoke binding arbitration for complaints regarding Data Privacy Framework compliance not resolved by any of the other Data Privacy Framework mechanisms. For more information, visit the following page: click here.

Contact Information. If you have any questions, feedback or to report a violation regarding the Privacy Policy, you may email us at dpo@tradeshift.com or contact us by mail addressed to: Tradeshift Inc. 447 Sutter Street, Suite 405, San Francisco, CA 94015

Users from California

The California Consumer Privacy Act (“CCPA”), which is effective as of January 1, 2020, regulates how we handle personal information of California residents and gives California residents certain rights with respect to their personal information.

Tradeshift is both a “business” and a “service provider” under the CCPA. The following supplemental privacy policy applies to information we collect in our role as a business—this is when we interact directly with you.

When we act as a service provider (for example, by providing our services to another company that you interact with), we follow the instructions of the business that engaged us with respect to how we process your personal information. If you would like more information about how your personal information is processed by other companies, including companies that engage us as a service provider, please contact those companies directly.

This supplemental privacy policy is effective as of January 1, 2020, shall apply only to residents of California, and may be subject to change. The general privacy policy shall continue to apply to the extent that it applies to you as a resident of California. If you are a resident of California, we are required to disclose certain uses and disclosures in a certain format, as well as to inform you of certain rights you may have. Any capitalized terms used in this supplemental privacy policy shall have the same meaning as in the general privacy policy.

Information We May Collect – Using CCPA Terminology

We may collect the following categories of information:

  • Identifiers
  • Commercial Information
  • Internet or other electronic network activity information
  • Audio, electronic, visual, or similar information
  • Geolocation data
  • Professional or employment-related information

For each category of information, we collect the information from a variety of sources, including directly from you, from your devices, from your company, and/or from third party providers. We collect the information to provide you with services, protect our customers and ourselves (including the services), and to improve the services. We do not share personal information with Third Parties as the term is defined under the CCPA.

Additional Disclosures

We do not sell personal information of any individual, including personal information of minors under 16 years of age.

We have disclosed the following categories of personal information for a business purpose in the 12 months prior to this Policy’s last update.

  • Identifiers
  • Demographic Information
  • Commercial Information
  • Internet or other electronic network activity information
  • Geolocation data
  • Audio, electronic, visual, or similar information
  • Professional or employment-related information
  • Inferences drawn from any of the above information.

We have not disclosed any personal information for valuable consideration in the 12 months prior to this Policy’s last update.

Your Rights

You may have certain rights with respect to your personal information, including:

  • The right to access, including the right to know the categories and specific pieces of personal information we collect;
  • The right to deletion of your personal information, subject to certain limitations under applicable law;
  • The right to request disclosure of information collected;
  • The right to disclosure of information disclosed for valuable consideration; and
  • The right not to be discriminated against for exercising certain rights under California law.

If you would prefer, you may designate an authorized agent to make a request on your behalf.