Privacy

Your Privacy Matters to Us

At Tradeshift, ensuring the security and privacy of the data you’ve trusted us with is a top priority throughout the company. Those efforts include compliance with the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) . These regulations are designed to ensure transparency, accountability, purpose limitation, accuracy, integrity and confidentiality and is core to the controls and processes we have in place to ensure we handle and process your data in accordance with your wishes.

Our Commitment to Data Security

Security and confidentiality of our customers’ data has been central to the design and operation of the Tradeshift Platform since inception. Our rigorous and ever-expanding compliance program includes 3rd party audits that enable us to provide our customers reports validating the security of the platform with standards such as SOC 1 Type II, SOC 2 Type II, ISAE 3402 Type II, Payment Card Industry (PCI-DSS) Level 1 and ISO 27001. Tradeshift is also certified under the EU-US and Swiss-US Privacy Shield program which covers cross-border data transfers to the US and was similarly certified under the preceding program, the US-EU Safe Harbor. More information about our participation in this program can be found in our privacy policy.

If you already use Tradeshift and need to sign a Data Processing Addendum with us, you can begin the process by clicking here where we have a ready to sign DPA available on Docusign.

If you would like to submit a request related to your personal data, you please email dpo@tradeshift.com.

For a listing of the sub-processors in use by Tradeshift, click here.

Tradeshift data protection efforts

We have numerous changes to our internal processes, policies and products currently underway to further strengthen our comprehensive data privacy and compliance programs. Our goal is to ensure that our customers feel confident with Tradeshift as a trusted data processor. Some of the major internal processes and policies in place include:

• Company-wide and department-specific data protection training for all Tradeshift employees to ensure privacy-by-design is a part of our culture and everything we do.

• Documenting all external services in use companywide and ensuring full compliance and transparency wherever data is stored or shared.
• Updated and strengthened privacy policy and terms of service to reflect changes related to applicable data privacy laws.
• Comprehensive internal policies covering requests for information, the ability to correct personal information and likewise, to delete it.

Summary

Tradeshift is constantly evolving and expanding our security and compliance offerings to ensure an ever greater level of comfort and assurance to all users. We look forward to being a strong partner as you manage your ever growing global supply chain. If you have additional questions about Tradeshift’s privacy or security practices or want to obtain an update on our progress, please contact your sales representative for more information