Tradeshift website privacy policy

These updated terms went into effect on June 15, 2021 at 12 p.m. Pacific Daylight Time. To see the previous version of these terms, click here.

This website is operated by Tradeshift Inc. (“Tradeshift”, “we” or “us”). Our registered Federal Tax Identification Number is 98-1023485 and our registered address is 221 Main Street, Suite 250, San Francisco, CA 94015, USA. We are in the business of offering certain software-as-a-service products including a business to business collaboration platform, to customers  (the “SaaS Services”).

Tradeshift respects your privacy and takes the protection of your personal information seriously. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it in the context of the activities outlined below.

This Privacy Policy applies to activities by Tradeshift, Inc. and its affiliates and other subsidiaries of Tradeshift Holdings, Inc. (collectively “Tradeshift”, “we”, “us”) ( referred to from now on as the “Privacy Policy” ) associated with your use our marketing websites (e.g. tradeshift.com) (the “Site”) and other activities which reference this policy, such as marketing events and sales presentations. This policy does not address the handling of personal data by Tradeshift in the operation of the Tradeshift network and platform and SaaS Services.  Processing of personal data by Tradeshift related to such activities is governed by the Tradeshift Platform Privacy Policy. “User” means any person visiting our Site, receiving marketing communications, or participating in marketing activities and “Users”, “you” and “your” shall be construed accordingly.

This policy does not address the handling of personal data by Tradeshift gathered from or submitted by users of Tradeshift’s business to business platforms and only covers our marketing related sites and activities.  Processing of personal data by Tradeshift related to our platform is governed by the Tradeshift Platform Privacy Policy.

Please read this Privacy Policy and the Terms of Use carefully before you start to use our Site. By using our Site, you indicate that you accept the Privacy Policy and Terms of Use and that you agree to abide by them. If you do not agree to them, please refrain from using our Site.

Information we may collect 

We may collect and process the following data about you:

When you visit our Site

Our cookies policy explains what data we collect from you and what we do with it when you visit and browse through our Site (e.g. your IP address).

Usage Information

What data we collect:  Information about how you transact with the websites using our Services, including browser type and language, country and language setting on your device, other attributes about your browser, and the date and time of use of the sites.

How we use this data: To understand usage patterns and ensure our sites remain performant regardless browser and device

Device Information

Information about your device, including hardware model, operating system and version, device name, unique device identifier, mobile network information, and information about the device’s interaction with our websites.

When you register for a marketing event or request product information from our Site or sales team

What data we collect:  Typically we collect your username, country of business and email address and may also collect name, title, business phone number and company.  For paid events, we will collect billing information which may include your personal mailing or billing address although typically billing is to your company.

How we use this data: To send updates about our platform and services for direct marketing purposes.  From time to time we may email you news, updates and sales offers which you can easily opt out of receiving by clicking “unsubscribe” in the relevant email.  

Co-branded Offerings. Some of our offerings or events may be sponsored by Tradeshift and third parties or “co-branded.”  We endeavor to be clear that such a partnership exists.  If you sign up for these events or offerings, be aware that your information may also be collected by those third parties and would be subject to their privacy practices.

Where we store your personal data. 

All information you provide to us is stored by us on secure servers that we maintain in countries where Tradeshift operates its business or on systems maintained by our service providers. This means that we may, and we may use third-party service providers to, process and store your information in the United States, United Kingdom, Canada, the European Union, and other countries. 

Updating your personal data

In the event of changes, to ensure the Personal Data you provided to us is accurate and up to date, contact us at dpo@tradeshift.com

Information Sharing

Sharing with affiliated companies.  We may share personal data with our affiliated companies (other subsidiaries of Tradeshift Holdings, Inc.) in support of the activities outlined in this policy.

Onward transfers. In the event of onward transfers of personal data, Tradeshift retains responsibility as required by applicable data protection to require any further processing of data by third parties acting on our behalf do so in a manner that is consistent with this policy and applicable law.

Service Providers. We engage service providers to perform functions and provide services to us. Where allowed by law, we may share your private personal information with such service providers subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures, and on the condition that the third parties use your private personal data only on our behalf and pursuant to our instructions.  A list of subprocessors we use with regard to personal data we manage for marketing purposes is at List of Subprocessors 

Authorized Personnel. Our employees, agents, consultants, contractors, or other authorized personnel, may have access to user information as necessary in the normal course of our business.

Business Transfers. If the Service or Tradeshift, or substantially all of its assets, were acquired, liquidated, or dissolved, user information would be one of the assets that is transferred but the successor company would be obliged to honor this policy.

Government, Law Enforcement or Third Parties. We may disclose  information, including, without limitation, Personal Information to comply with applicable laws, regulations, legal processes or governmental requests.  We reserve the right to disclose a user’s Personal Information if we believe, in good faith, that the user is in violation of the Terms of Service, even without a subpoena, warrant or other court order.

Choice and Opt-Out

We provide you the ability to exercise certain controls and choices regarding our collection, use and sharing of your information. 

You can opt out of receiving promotional email messages from us by following the instructions in those messages.  If you receive a call from a Tradeshift representative you may opt out by informing the caller that you would not like to receive future promotional calls.  If you sign up for a newsletter or blog type communication from Tradeshift, you may change your choices for that subscription.

Opt-out of online statistics and tracking technologies. We may use tracking technologies to collect information about your visits over time and across third-party services or other online services.   You may update your cookie preferences at any time by navigating your browser to https://tradeshift.com/cookies/cookie-settings

The Network Advertising Initiative (the “NAI”) is a cooperative group of ad serving providers. The NAI has developed a set of privacy principles to which its members adhere. The NAI is committed to providing consumers with clear explanations of Internet advertising practices and how they affect you and the Internet generally. For more information about the NAI, third party ad servers generally and the opt-out options offered through the NAI, visit http://www.networkadvertising.org/index.asp.

Access and Correcting Your Information

You can help ensure that your contact information and preferences are accurate, complete, and up to date by logging in to your Tradeshift account or by emailing us at dpo@tradeshift.com. For other personal information we hold, we will provide you with access for any purpose including requesting that we correct the data if it is inaccurate or delete the data if we are not required to retain it by law or for legitimate business purposes. We may decline to process requests that are frivolous/vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.

Security of Your Information

We have put in place physical, electronic, and procedural controls designed to help prevent unauthorized access, to maintain data security, and to use correctly the information we collect online. These safeguards vary based on the sensitivity of the information that we collect and store.

Although we take reasonable measures to safeguard against unauthorized disclosures of Information, we cannot assure you that Information will never be disclosed, altered or destroyed.

Data Retention

Tradeshift will retain your personal information for as long as required to fulfill the purposes for which the information was collected and is being processed or for other valid reasons (for example to resolve disputes, comply with our legal obligations, or to enforce our agreements).

Changes to the Privacy Policy

Although most changes are likely to be minor, we may change our Privacy Policy from time to time, and at our sole discretion. We encourage repeat visitors to check this page for any changes to the Privacy Policy. 

Users From Other Jurisdictions

By using the Site, you acknowledge that you accept the practices and policies outlined in this Privacy Policy and consent to having your data transferred to and processed on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you do not accept this Privacy Policy, please do not use the Site or attend the event or other offering of Tradeshift referencing this policy. The Site is managed by Tradeshift from the United States although hosting of the web pages may be done in various jurisdictions. If you are not a resident of the United States or you are located outside the United States and choose to use the Site or provide information to us, please note that we may transfer the information, including Personal Information, to the United States and process it there.

Users from Switzerland, the EU, and the UK

As may be relevant, the controller of the personal information is Tradeshift, Inc. However Tradeshift, Inc. is not the controller in connection with an event or offering in which you have entered into a contractual relationship with a specific Tradeshift affiliated company.  In that case, the controller is that specific affiliate with which you or your employer have the contract.  

Where we collect and use personal information in connection with a request for information, and order, event registration, or other transaction, or to provide you with services that you requested (such as a web site), we do this because it is necessary for the performance of an agreement with you.  Where we use your information in relation to marketing, product improvement, security or regulatory requirements other than in connection with your agreement or request, we do this on the basis of our or a third party’s legitimate interests or with your consent.

Although the EU-U.S. and Swiss-U.S. Privacy Shield Framework may no longer be used or relied upon for transfer of personal information, Tradeshift continues to comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  The Federal Trade Commission has jurisdiction over Tradeshift’s compliance with the Privacy Shield.  Tradeshift has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the Privacy Shield Principles, Tradeshift commits to resolve complaints about our collection or use of your personal information.  European Union or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Tradeshift’s Data Protection Officer at: dpo@tradeshift.com

Under certain conditions, individuals may invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms.  For more information see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.  Tradeshift has further committed to refer unresolved Privacy Shield complaints to JAMS ADR, an alternative dispute resolution provider located in the US. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS ADR for more information or to file a complaint.  The services of JAMS ADR are provided at no cost to you.  You can file a complaint here: https://www.jamsadr.com/eu-us-privacy-shield

Contact Information. If you have any questions, feedback or to report a violation regarding the Privacy Policy, you may email us at dpo@tradeshift.com or contact us by mail addressed to: Tradeshift Inc. 221 Main Street, Suite 250, San Francisco, CA 94015

Users from California

The California Consumer Privacy Act (“CCPA”), which is effective as of January 1, 2020, regulates how we handle personal information of California residents and gives California residents certain rights with respect to their personal information.

Tradeshift is both a “business” and a “service provider” under the CCPA. The following supplemental privacy policy applies to information we collect in our role as a business—this is when we interact directly with you.

When we act as a service provider (for example, by providing our services to another company that you interact with), we follow the instructions of the business that engaged us with respect to how we process your personal information. If you would like more information about how your personal information is processed by other companies, including companies that engage us as a service provider, please contact those companies directly.

This supplemental privacy policy is effective as of January 1, 2020, shall apply only to residents of California, and may be subject to change. The general privacy policy shall continue to apply to the extent that it applies to you as a resident of California. If you are a resident of California, we are required to disclose certain uses and disclosures in a certain format, as well as to inform you of certain rights you may have. Any capitalized terms used in this supplemental privacy policy shall have the same meaning as in the general privacy policy.

Information We May Collect - Using CCPA Terminology

We may collect the following categories of information:

  • Identifiers
  • Commercial Information
  • Internet or other electronic network activity information
  • Audio, electronic, visual, or similar information
  • Geolocation data
  • Professional or employment-related information

For each category of information, we collect the information from a variety of sources, including directly from you, from your devices, from your company, and/or from third party providers. We collect the information to provide you with services, protect our customers and ourselves (including the services), and to improve the services. We do not share personal information with Third Parties as the term is defined under the CCPA.

Additional Disclosures

We do not sell personal information of any individual, including personal information of minors under 16 years of age.

We have disclosed the following categories of personal information for a business purpose in the 12 months prior to this Policy’s last update.

  • Identifiers
  • Demographic Information
  • Commercial Information
  • Internet or other electronic network activity information
  • Geolocation data
  • Audio, electronic, visual, or similar information
  • Professional or employment-related information
  • Inferences drawn from any of the above information.

We have not disclosed any personal information for valuable consideration in the 12 months prior to this Policy’s last update.

Your Rights

You may have certain rights with respect to your personal information, including:

  • The right to access, including the right to know the categories and specific pieces of personal information we collect;
  • The right to deletion of your personal information, subject to certain limitations under applicable law;
  • The right to request disclosure of information collected;
  • The right to disclosure of information disclosed for valuable consideration; and
  • The right not to be discriminated against for exercising certain rights under California law.

If you would prefer, you may designate an authorized agent to make a request on your behalf.