The Site also collects information that you provide to us voluntarily. You may be asked to provide certain information about yourself, such as your name, your email address, your physical address, your phone number, company name and login credentials, in connection with activities that require registration, sign-in or subscription.
If you inquire about employment opportunities at SupplyPro, you have the option of sending to us a resume containing personal information about you and which we will use for employment evaluation purposes only. Providing this information is completely voluntary. Please do not submit sensitive personal information to us.
If you use the SupplyMobile™ or uStockit Mobile Android applications SupplyPro will periodically access your location data, which helps us offer key features in combination with our Inventory Shelf Tags. The applications are required to collect location data to identify nearby Inventory Shelf Tags and provide them with a Device Firmware Update (DFU). Because updating a large number of devices can be a lengthy process, these services may be run in the background while the device screen is turned off. Rest assured; we do not retain nor do we share your location information with third-parties.
We use the information we collect to: provide products and services you request; in connection with your employment; to inform you of new products and services or changes in products and services; to administer the Site; and to improve customer service (your information helps us to more effectively respond to your customer service requests and support needs).
If you decide to opt-in to our mailing list, you will receive emails that may include company news, updates, and related product or service information.
We use reasonable precautions to protect the personally identifiable information you provide to us. When you submit information to us via the Site, your information is protected in a secure environment. Because no Internet or email transmission is ever fully secure or error-free, please be careful in deciding what information you provide to us via email or the Site. As such, you assume the risk of security breaches and all consequences resulting from them. To that end, please safeguard your credentials.
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our Site, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe it is necessary or appropriate to comply with any applicable law, regulation, legal process or governmental request, enforce our Site policies, or protect our or others' rights, property, or safety. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses. It is possible that we might merge with or be acquired by another company or that we might dispose of some or all of our assets, in which case your personal information may be disclosed to another company as part of the transaction.
Occasionally, at our discretion, we may include links to third party sites from our Site. The inclusion of any link does not imply that we endorse the products and services offered at such linked site. These third party sites have separate and independent privacy policies which we encourage you to review. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our Site and welcome any feedback about these sites.
California residents may request an Information-Sharing Disclosure or Customer Choice Notice by sending to us a written request by email to firstname.lastname@example.org with "California Privacy Rights" in the subject line.
In accordance with the requirements of COPPA (Children's Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our Site, products and services are all directed to people who are at least 13 years old or older.
SupplyPro complies with (i) the EU-U.S. Data Privacy Framework (EU-U.S. DPF), (ii) the UK Extension to the EU-U.S. DPF, and (iii) the Swiss-U.S. Data Privacy program Framework (Swiss-U.S. DPF) (collectively, the “Data Privacy Framework” or “DPF”) as set forth by the U.S. Department of Commerce.
SupplyPro has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF, from the UK in reliance on the UK Extension to the EU-U.S. DPF, and from Switzerland in reliance on the Swiss-U.S. DPF (collectively, the “DPF Principles”). The personal information we may collect that is subject to the DPF Principles is, as applicable, described above in the section titled “WHAT INFORMATION DO WE COLLECT?” and/or in the DATA PROCESSING ADDENDUM; the purposes for which we may collect and use personal information is described in the section above titled “WHAT DO WE USE YOUR INFORMATION FOR?” and/or in the DATA PROCESSING ADDENDUM; the third parties to which we may disclose personal information is described in the section above titled “DO WE DISCLOSE ANY INFORMATION TO OUTSIDE PARTIES?” and/or in the DATA PROCESSING ADDENDUM.
Adherence to the DPF Principles may be limited (i) to the extent required or allowed by applicable law, rule or regulation; and/or (ii) to the extent necessary to respond to lawful requests by public authorities, including to meet national security, law enforcement, legal or governmental requirements. With respect to personal information received or transferred pursuant to the DPF, the Federal Trade Commission has jurisdiction over SupplyPro’s compliance with the Data Privacy Framework.
In compliance with the DPF, SupplyPro commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union and Swiss individuals with DPF inquiries or complaints should first contact SupplyPro at:
SupplyPro has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution provider, Data Privacy Framework Services, operated by the BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. For more information on this option, please see the Data Privacy Framework website: Annex I.
With respect to personal information received or transferred pursuant to the DPF, SupplyPro is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the DPF, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF, should direct their query to LNery@supplypro.com. If requested to remove personal information, we will respond within a reasonable timeframe. We may request specific information from you to confirm your identity in an effort to respond to your request.
To request to limit the use and disclosure of your personal information consistent with the DPF Principles, please submit a written request to LNery@supplypro.com. We may request specific information from you to confirm your identity in an effort to respond to your request.
SupplyPro's accountability for personal information that it receives in the United States under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, SupplyPro remains responsible and liable under the DPF Principles if third party agents that it engages to process the personal information on its behalf do so in a manner inconsistent with the DPF Principles, unless SupplyPro proves that it is not responsible for the event giving rise to the damage.
We help our customers around the world protect the privacy and security of their customers’ data.
Helping our customers operate on a global scale includes support complying with data protection and privacy regulations including General Data Protection Regulation (GDPR) security compliance. Regardless of the regulations and policies with which you’re currently complying, it is important you evaluate the best way to meet your requirements.
SupplyPro is committed to helping you develop a strategy to achieve GDPR security compliance. This document provides information about the privacy and security of SupplyPro which can help our customers to assess our security and privacy program, including by executing the attached DATA PROCESSING ADDENDUM. It does not provide legal advice. We urge you to consult with your own legal counsel to familiarize yourself with the requirements that govern your specific situation.
The European Union (EU) introduced its previous data protection standard 20 years ago through the Data Protection Directive 95/46/EC. Since the EU requires each member state to implement a directive into national law, Europe ended up with a patchwork of different privacy laws across different countries. In addition, increasing security breaches, rapid technological developments, and globalization over the last 20 years saw new challenges for the protection of personal data come to the forefront. In an effort to address this situation, the EU developed the GDPR, which is directly applicable as law across all member states.
The meanings given to them in the Data Processing Addendum; available HERE.
Customer — means in the case of an individual accepting an Agreement with SupplyPro on his or her own behalf, such individual, or in the case of an individual accepting this Agreement on behalf of a company or other legal entity, the company or other legal entity for which such individual is accepting this Agreement, and Affiliates of that company or entity (for so long as they remain Affiliates) which have accepted a System Order Forms (SOF).
Affiliate — means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity, where “control” refers to the power to direct or cause the direction of the subject entity, whether through ownership of voting securities, by contract or otherwise.
Controller — means an entity that determines the purposes and means by which the data is processed.
Data Processing Addendum (DPA) — means SupplyPro’s Data Processing Addendum as amended from time to time, available HERE.
GDPR— means General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), including as implemented or adopted under the laws of the United Kingdom.
Personal Data — means any personal data contained within the User Data and Third-Party User Data, which SupplyPro processes as a processor on behalf of Data Owner and/or any Third-Party Controllers (as applicable).
Processor — means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Subprocessor — means third parties authorized under the DPA to process Personal Data in relation to the Services.
All capitalized terms included in this document and not defined herein have the meanings given to them in the Data Processing Addendum, available HERE.
The Data Owner has entered into an agreement with SupplyPro, under which SupplyPro, has (a) agreed to provide hardware, software and/or services to the Data Owner and (b) may process certain personal data in the course of SupplyPro’s performance of the Services on behalf of Data Owner.
Further, the Agreement may provide Data Owner with the right to resell (possibly through multiple levels) all or part of the Services to certain permitted third parties. If and as applicable, Data Owner enters into this Addendum as processor for the benefit of those further permitted third parties who act as controllers in respect of personal data processed by SupplyPro in performance of the Services on those further permitted third parties’ behalf.
This Data Protection Addendum (DPA), available HERE, including its appendices, will be effective as of the Addendum Effective Date and shall apply to the processing of Personal Data solely to the extent that European Data Protection Legislation applies to such processing.
In the course of providing the Services to Customer pursuant to the Agreement, SupplyPro may Process Personal Data on behalf of Customer and the Parties agree to comply with DPA provisions with respect to any Personal Data, each acting reasonably and in good faith.
The DPA is available HERE.
This DPA has been pre-signed on behalf of SupplyPro.
To complete this DPA, Customer must:
9401 Waples Street
San Diego, CA 92121
Please do not email us sensitive information.
Effective Date: October 10, 2023