The European Data Protection Regulation became applicable as of May 25th, 2018 in all member states to harmonize data privacy laws across Europe and considering that we are a company registered within the European Union, we here forth set to comply with the regulations as stipulated in within the Regulation (EU) 2016/6791, the European Union’s (‘EU’) new General Data Protection Regulation (‘GDPR’).
General Principles and Confidentiality
Supa Export shall process all Personal Data adhering to the general data processing principles:
- lawfully, fairly and in a transparent manner in relation to the data subject (lawfulness, fairness, and transparency);
- collect and process Personal Data only for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purpose limitation);
- ensure that Personal Data is adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed (data minimization);
- ensure that Personal Data is accurate and, where necessary, kept up to date (accuracy);
- ensure that Personal Data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (storage limitation);
- process Personal Data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).
All and any information stored on our Platform is treated as strictly confidential. All information is stored securely and is accessed by qualified and authorized personnel only.
Our Privacy Commitment
Supa has been concerned about our customers and user privacy for many years, long before it became fashionable, politically correct, or legally binding to take such a position. We ask for only the least amount of information necessary, gathering only what we believe is essential for doing business, or for the specific transaction at hand. We let customers know the information we have on them and allow them to opt out of specific engagements. We avoid fundamental conflict of interest between gathering customer information and fueling advertising revenue, and the unavoidable compromises in customer privacy that it brings.
The goal of this policy is to make explicit the information we gather on our customers and users, how we will use it, and how we will not. This policy is unfortunately longer than we would like, but we must unambiguously address all the relevant cases as stipulated by the law. We will try and keep the language simple and direct as much as possible.
We assume that all Users of our website or platforms have carefully read this document and agree to its contents. If someone does not agree with this Policy, they should refrain from using our website, and mobile applications. We reserve the right to change our Policy at any time and inform by using the way as indicated herein. Continued use of our website and mobile applications implies acceptance of the revised Policy.
Our Policy applies to all of the services offered by us and our affiliates, but excludes services that have separate privacy policies that do not incorporate this Policy.
Our Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you in search results, sites that may include our services or other sites linked from our services.
Our Policy may change from time to time. We will post any Policy changes on our website and, if the changes are significant, we may consider providing a more explicit notice (including, for certain services, email notification of Policy changes).
Part I – Information Supa collects and controls
This part deals with how Supa collects and uses information about website visitors, potential customers, users of Supa’s products and services, and others who contact Supa through forms or email addresses published on or linked to our websites.
Part II – Information that Supa processes on your behalf
This part deals with how Supa handles data that you entrust to Supa when you use our products and services, or when you share any personal or confidential information with us while requesting customer support.
Part III – General
Part I – Information Supa collects and controls
What information Supa collects
We collect information about you only if we need the information for some legitimate purpose. Supa will have information about you only if (a) you have provided the information yourself, (b) Supa has automatically collected the information, or (c) Supa has obtained the information from a third party. Below we describe the various scenarios that fall under each of those three categories and the information collected in each one.
Information that you provide us
i. Account signup: When you sign up for an account to access one or more of our services, we ask for information like your name, contact number, email address, company name and country to complete the account signup process. You’ll also be required to choose a unique username and a password for accessing the created account. You may also provide us with more information such as your photo, time zone and language, but we don’t require that information to sign up for an account. After signing up, you may have the option of choosing a security question and an answer to the security question — if you provide these, they will be used only while resetting your password.
ii. Event registrations and other form submissions: We record information that you submit when you (i) register for any event, including webinars or seminars, (ii) subscribe to our newsletter or any other mailing list, (iii) submit a form in order to download any product, whitepaper, or other materials, (iv) participate in contests or respond to surveys, or (v) submit a form to request customer support or to contact Supa for any other purpose.
iii. Payment processing: When you buy something from us, we ask you to provide your name, contact information, and credit card information or other payment account information. When you submit your card information, we store the name and address of the cardholder, the expiry date and the last four digits of the credit card number. We do not store the actual credit card number. For quick processing of future payments, if you have given us your approval, we may store your credit card information or other payment information in an encrypted format in the secured servers of our Payment Gateway Service Providers.
iv. Testimonials: When you authorize us to post testimonials about our products and services on websites, we may include your name and other personal information in the testimonial. You will be given an opportunity to review and approve the testimonial before we post it. If you wish to update or delete your testimonial, you can contact us by email.
v. Interactions with Supa: We may record, analyze and use your interactions with us, including email, telephone, and chat conversations with our sales and customer support professionals, for improving our interactions with you and other customers.
Information that we collect automatically
i. Information from browsers, devices and servers: When you visit our websites, we collect information that web browsers, mobile devices and servers make available, such as the internet protocol address, browser type, language preference, time zone, referring URL, date and time of access, operating system, mobile device manufacturer and mobile network information. We include these in our log files to understand more about visitors to our websites.
iii. Information from application logs and mobile analytics: We collect information about your use of our products, services and mobile applications from application logs and in-house usage analytics tools, and use it to understand how your business use and needs can improve our products. This information includes clicks, scrolls, features accessed, access time and frequency, errors generated, performance data, storage utilized, user settings and configurations, and devices used to access and their locations.
Information that we collect from third parties
i. Signups using federated authentication service providers: You can log in to Supa Services using supported federated authentication service providers such as LinkedIn, Microsoft and Google. These services will authenticate your identity and give you the option to share certain personal information with us, such as your name and email address.
ii. Referrals: If someone has referred any of our products or services to you through any of our referral programs, that person may have provided us your name, email address and other personal information. You may contact us to request that we remove your information from our database. If you provide us information about another person, or if another person gives us your information, we will only use that information for the specific reason for which it was provided to us.
iii. Information from our reselling partners and service providers: If you contact any of our reselling partners, or otherwise express interest in any of our products or services to them, the reselling partner may pass your name, email address, company name and other information to Supa. If you register for or attend an event that is sponsored by Supa, the event organizer may share your information with us. Supa may also receive information about you from review sites if you comment on any review of our products and services, and from other third-party service providers that we engage for marketing our products and services.
iv. Information from social media sites and other publicly available sources: When you interact or engage with us on social media sites such as Facebook, Twitter, Google+ and Instagram through posts, comments, questions and other interactions, we may collect such publicly available information, including profile information, to allow us to connect with you, improve our products, or better understand user reactions and issues. We must tell you that once collected, this information may remain with us even if you delete it from the social media sites. Supa may also add and update information about you, from other publicly available sources.
Purposes for using information
In addition to the purposes mentioned above, we may use your information for the following purposes:
- To keep you posted on new products and services, upcoming events, offers, promotions and other information that we think will be of interest to you;
- To ask you to participate in surveys, or to solicit feedback on our products and services;
- To set up and maintain your account, and to do all other things required for providing our services, such as enabling collaboration, providing website and mail hosting, and backing up and restoring your data;
- To understand how users use our products and services, to monitor and prevent problems, and to improve our products and services;
- To provide customer support, and to analyze and improve our interactions with customers;
- To detect and prevent fraudulent transactions and other illegal activities, to report spam, and to protect the rights and interests of Supa export, our users, third parties (including Vendors) and the public;
- To update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you;
- To analyze trends, administer our websites, and track visitor navigation on our websites to understand what visitors are looking for and to better help them;
- To monitor and improve marketing campaigns and make suggestions relevant to the user.
Legal bases for collecting and using information
Legal processing bases applicable to Supa: If you are an individual from the European Economic Area (EEA), our legal basis for information collection and use depends on the personal information concerned and the context in which we collect it. Most of our information collection and processing activities are typically based on (i) contractual necessity, (ii) one or more legitimate interests of Supa or a third party that are not overridden by your data protection interests, or (iii) your consent. Sometimes, we may be legally required to collect your information, or may need your personal information to protect your vital interests or those of another person.
Withdrawal of consent: Where we rely on your consent as the legal basis, you have the right to withdraw your consent at any time, but this will not affect any processing that has already taken place.
Legitimate interests notice: Where we rely on legitimate interests as the legal basis and those legitimate interests are not specified above, we will clearly explain to you what those legitimate interests are at the time that we collect your information.
Your choice in information use
Opt out of non-essential electronic communications: You may opt out of receiving newsletters and other non-essential messages by using the ‘unsubscribe’ function included in all such messages. However, you will continue to receive notices and essential transactional emails.
Disable cookies: You can disable browser cookies before visiting our websites. However, if you do so, you may not be able to use certain features of the websites properly.
Optional information: You can choose not to provide optional profile information such as your photo. You can also delete or change your optional profile information. You can always choose not to fill in non-mandatory fields when you submit any form linked to our websites.
Who we share your information with
Third-party service providers: We may need to share your personal information and aggregated or de-identified information with third-party service providers that we engage, such as marketing and advertising partners, event organizers, web analytics providers and payment processors. These service providers are authorized to use your personal information only as necessary to provide these services to us.
Reselling partners: We may share your personal information with our authorized reselling partners in your region, solely for the purpose of contacting you about products that you have purchased or services that you have signed up for. We will give you an option to opt out of continuing to work with that partner.
Marketplace application developers: When you install or purchase any application developed using Supa‘s APIs that is posted on Supa’s online marketplace, your name and email address will be shared with the developer of the application, so they may engage with you directly as the provider of that application or service. Supa does not control the use of your personal information by the developers, which will be based on their own privacy policies.
Other cases: Other scenarios in which we may share the same information covered under Parts I and II are described in Part III.
Your rights to information we hold about you
If you are in the European Economic Area (EEA), you have the following rights with respect to information that Supa holds about you. We undertake to provide you the same rights no matter where you choose to live.
Right to access: You have the right to access (and obtain a copy of, if required) the categories of personal information that we hold about you, including the information’s source, purpose and period of processing, and the persons to whom the information is shared
Right to rectification: You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database.
Right to erasure (‘Right to be forgotten’): You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.
Right to restriction of processing: You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to data portability: You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means.
Right to object: You have the right to object to the use of your information in certain circumstances, such as the use of your personal information for direct marketing.
Right to complain: You have the right to complain to the appropriate supervisory authority if you have any grievance against the way we collect, use or share your information. This right may not be available to you if there is no supervisory authority dealing with data protection in your country.
You are entitled to a range of rights regarding the protection of your Personal Data. Those rights are:
- the right to access the information we process about you;
- the right to rectify incorrect/inaccurate information about you;
- the right to transfer all or part of the information collected about you to you or another data controller, where technically feasible (the right to data portability; with limitations and restrictions as specified in the EU General Data Protection Regulation);
- the right to erase any data concerning you. Users may demand erasure of data without undue delay for legitimate reasons, e.g. where data is no longer necessary for the purposes it was collected, or where the data has been unlawfully processed;
- the right to the restriction of data processing. Users, for legitimate purposes, may obtain restriction of data processing from the controller;
- the right to object to the processing of Personal Data when processing is carried out on the basis of legitimate interest, as well as in these cases, as specified above in this Policy:
- -use of your Personal Data for direct marketing purposes;
-Use of your Personal Data for profiling for direct marketing purposes.
Some of the rights as stated above are easy to exercise: i.e., you may at any time access and edit, update or amend your details, opt out of receiving communications from us and our partners by contacting to our Support Team or you can change them by editing your user profile data.
When you object to processing of Personal Data when processing is carried out on the basis of legitimate interest, we will carefully consider such a request, which may result in your Account closure or de-activation.
Users have the right to lodge a complaint with the national Data Protection Agency in their country of residence in the event where their rights may have been infringed. However, we recommend attempting to reach a peaceful resolution of the possible dispute by contacting us first.
Retention of information
Part II – Information that we processes on your behalf
Information entrusted to Supa and purpose
Information provided in connection with services: You may entrust information that you or your organization (“you”) control, to Supa in connection with use of our services or for requesting technical support for our products. This includes information regarding your customers and your employees (if you are a controller) or data that you hold and use on behalf of another person for a specific purpose, such as a customer to whom you provide services (if you are a processor). The data may either be stored on our servers when you use our services, or transferred or shared to us as part of a request for technical support or other services.
Information from mobile devices: When you elect to provide access, location-based information is also collected for purposes including, but not limited to, locating nearby contacts or setting location-based reminders. This information will be exclusively shared with our mapping providers and will be used only for mapping user locations. You may disable the mobile applications’ access to this information at any time by editing the settings on your mobile device. The data stored on your mobile device and their location information to which the mobile applications have access will be used in the context of the mobile application, and transferred to and associated with your account in the corresponding services (in which case the data will be stored on our servers) or products (in which case the data will remain with you unless you share it with us).
(All the information entrusted to Supa is collectively termed “service data”)
Ownership and control of your service data
We recognize that you own your service data. We provide you complete control of your service data by providing you the ability to (i) access your service data, (ii) share your service data through supported third-party integrations, and (iii) request export or deletion of your service data.
How we use service data
We process your service data when you provide us instructions through the various modules of our services. For example, when you generate an invoice, information such as the name and address of your customer will be used to generate the invoice; and when you take part in our campaign management service, your email and, the email addresses of other persons on our mailing list, will be used for sending emails.
If you have enabled notification on our desktop and mobile applications, we will push notifications through a push notification provider such as Apple Push Notification Service, Google Cloud Messaging or Windows Push Notification Services. You can manage your push notification preferences or deactivate these notifications by turning off notifications in the application or device settings.
Who we share service data with
Supa Export and third party sub-suppliers: In order to provide products/services and technical support for our products, the contracting entity with Supa engages us and our partners.
Employees and independent contractors: We may provide access to your service data to our employees and individuals who are independent contractors of the Supa Export, involved in providing the services (collectively our “employees”) so that they can (i) identify, analyze and resolve errors, (ii) manually verify emails reported as spam to improve spam detection, or (iii) manually verify scanned images that you submit to us to verify the accuracy of optical character recognition. We ensure that access by our employees to your service data is restricted to specific individuals, and is logged and audited. Our employees will also have access to data that you knowingly share with us for technical support or to import data into our products or services. We communicate our privacy and security guidelines to our employees and strictly enforce privacy safeguards within Supa Export.
Collaborators and other users: Some of our products or services allow you to collaborate with other users or third parties. Initiating collaboration may enable other collaborators to view some or all of your profile information. For example, when you edit a document that you have shared with other persons for collaboration, your name and profile picture will be displayed next to your edits to allow your collaborators to know that you made those edits.
Third-party integrations you have enabled: Most of our products and services support collaboration with third-party products and services. If you choose to enable any third-party collaborations, you may be allowing the third party to access your service information and personal information about you. We encourage you to review the privacy practices of the third-party services and products before you enable collaborations with them.
Other cases: Other scenarios in which we may share information that are common to information covered under Parts I and II are described in Part III.
Retention of information
We hold the data in your account as long as you choose to use Supa Services. Once you terminate your account, your data will eventually get deleted from active database during the next clean-up. The data deleted from active database will be deleted from backups also.
After de-activation of Account, we will still retain the following data for the purposes of compliance with applicable legal requirements (such as tax, accounting, legal reporting, AML, other) for as long as we are legally required by virtue of the such legal requirements:
profile with de-personalized information (we will change your email into firstname.lastname@example.org, erase you name, surname and contact information) like purchased services, login information, payment information, etc.
Please also note that we may further retain some of your personal information in such cases (i.e., after closure of your user Account):
- as long as it is necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety. If we suspend your Account with us for safety reasons, we may retain certain information from that user Account to prevent that User from opening a new Account in the future;
- the extent necessary to comply with our legal obligations. Supa Export may keep some of your information for tax, legal reporting and auditing obligations;
- forum posts or other publicly visible information may continue to be publicly available on the our Platform, even after your user Account is deactivated. However, attribution of such information to you will be removed. Additionally, some copies of your information (e.g., log records) may remain in our database, but are disassociated from personal identifiers;
- as we protect our Platform from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time;
Data subject requests
If you are from the European Economic Area and you believe that we store, use or process your information on behalf of one of our customers, please contact the customer if you would like to access, rectify, erase, restrict or object to processing, or export your personal data. We will extend our support to our customer in responding to your request within a reasonable timeframe.
Profiling For Direct Marketing Purposes
When creating an Account at our site, you are free to opt-out from receiving various offers directly to your e-mail, phone or in your Account. We use provided contact details and your preferences for direct marketing by sending various offers or newsletters.
These direct marketing offers, depending on your preferences, may be personalized taking into account any other information which you have provided to us (e.g. location, social media profile information, purchase history etc.) or we have collected or generated from other sources as described below.
Right to object
If a User wishes to change their preferences or withdraw their consent for direct marketing, they may exercise such option at any time they wish by following the instructions to unsubscribe in the received email.
Any user of our website can access, download or delete the data we have collected by using our Privacy Tools.
Specifically, you may also choose to withdraw your specific consent for using your profile and other automated systems-analysed-data for direct marketing purposes by sending an email.
You are free to opt out of our newsletters at any time. You can do this by clicking on a link (Unsubscribe) for that purpose at the bottom of our e-mail with the newsletters.
You may at any time refuse to receive information from us by sending us an email.
Part III – General
Children’s personal information
Our products and services are not directed to individuals under 16. Supa does not knowingly collect personal information from children who are under 16 years of age. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you believe that a child under 16 years has provided personal information to us, please write to email@example.com with the details, and we will take the necessary steps to delete the information we hold about that child.
How secure is your information
At Supa, we take data security very seriously. That’s why we have a very high value and respect for industry standards. We have taken steps to implement appropriate administrative, technical & physical safeguards to prevent unauthorized access, use, modification, disclosure or destruction of the information you entrust to us. If you have any concerns regarding the security of your data, we encourage you to write to us an email with any questions.
Data Protection Officer
Locations and international transfers
We share your personal information and service data within the Supa Export. By accessing or using our products and services or otherwise providing personal information or service data to us, you consent to the processing, transfer, and storage of your personal information or Service Data within the European Economic Area (EEA) and other countries where Supa operates. Such transfer is subject to a group company agreement that is based on EU Commission’s Model Contractual Clauses.
Data processing addendum
To enable you to be compliant with the data protection obligations under the General Data Protection Regulation, we are prepared to sign a Data Processing Addendum (DPA) that is based on Standard Contractual Clauses. You can request a DPA from Supa by completing this form . Once we get your request, we’ll forward the DPA to you for your signature.
Do Not Track (DNT) requests
Some internet browsers have enabled ‘Do Not Track’ (DNT) features, which send out a signal (called the DNT signal) to the websites that you visit indicating that you don’t wish to be tracked. Currently, there is no standard that governs what websites can or should do when they receive these signals. For now, we do not take action in response to these signals.
External links on our websites
Blogs and forums
We offer publicly accessible blogs and forums on our websites. Please be aware that any information you provide on these blogs and forums may be used to contact you with unsolicited messages. We urge you to be cautious in disclosing personal information in our blogs and forums. Supa is not responsible for the personal information you elect to disclose publicly. Your posts and certain profile information may remain even after you terminate your account with Supa. To request the removal of your information from our blogs and forums, you can contact us.
Social media widgets
Our websites include social media widgets such as Facebook “like” buttons and Twitter “tweet” buttons that let you share articles and other information. These widgets may collect information such as your IP address and the pages you navigate in the website, and may set a cookie to enable the widgets to function properly. Your interactions with these widgets are governed by the privacy policies of the companies providing them.
Disclosures in compliance with legal obligations
We may be required by law to preserve or disclose your personal information and service data to comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements.
Enforcement of our rights
We may disclose personal information and service data to a third party if we believe that such disclosure is necessary for preventing fraud, investigating any suspected illegal activity, enforcing our agreements or policies, or protecting the safety of our users.
We do not intend to sell our business. However, in the unlikely event that we sell our business or get acquired or merged, we will ensure that the acquiring entity is legally bound to honor our commitments to you. We will notify you via email or through a prominent notice on our website of any change in ownership or in the uses of your personal information and service data. We will also notify you about any choices you may have regarding your personal information and service data.
Notification of changes
Cookies are small text files containing a unique identifier, which are stored on your computer or mobile device so that your device can be recognised when you are using a particular website or mobile app. They can be used only for the duration of your visit or they can be used to measure how you interact with services and content over time. Cookies help to provide important features and functionality on our Websites and Mobile Apps, and to improve your customer experience.
When you consent to Cookies on our Services, these may be used to do the following:
- Improve the way our Websites and Mobile Apps work
- Improve the performance of our Websites and Mobile Apps
- Cookies can help us to understand how our Websites and Mobile Apps are being used, for example, by telling us if you get an error messages as you browse.
- These Cookies collect data that is mostly aggregated and anonymous.
- Deliver relevant online advertising, including via social media
- Cookies used for this purpose are often placed on websites by organisations providing specialist services to us. These Cookies may collect information about your online behavior, such as your IP address, the website you arrived from and information about your purchase history or the content of your shopping basket. This means that you may see our adverts on our Websites and on other organisations’ websites. You may also see adverts for other organisations on our Websites.
- To help us to deliver online advertising that is relevant to you, we may also combine data we collect through Cookies in the browser of your desktop computer or other devices with other data that we have collected, for example your use of discount code and in-store purchases.
Any statement contained in the Content is made on a general basis and we have not given any consideration to nor have we made any investigation of the investment objective, financial situation or particular need of any user or reader, any specific person or group of persons.
You are advised to make your own assessment of the relevance, accuracy and adequacy of the information contained in the Content and conduct independent investigations as may be necessary or appropriate for the purpose of such assessment including the investment risks involved. You should consult an appropriate professional adviser for legal, tax, accounting, or investment advice specific to your situation, as to whether any governmental or other consent are required or if any formalities should be observed for the purposes of making such investments as are mentioned in the Content. If you are unsure about the meaning of any of the information contained in the Content, please consult your financial or other professional adviser.
Third Party References
References to third party publications are provided for your information only. The content of these publications are issued by third parties. As such, we are not responsible for the accuracy of the information contained in those publications, nor shall we be held liable for any loss or damage arising from or related to their use.
Supa Export SRL
Str. Rapsodiei Nr. 21, Apt. 6.
Cluj Napoca, 400395, Cluj Romania.