Privacy Policy

This Privacy Policy explains how Supplied Technologies B.V. (“Supplied,” “we,” “our,” or “us”) collects, uses, stores, and protects personal data when you visit supplied.eu / getsupplied.ai or use our online services, applications, and portals (the “Services”).

This Privacy Policy should be read together with:

• our General Terms and Conditions / Terms of Service
• our Data Processing Agreement (DPA) (for Client Data processed on behalf of customers)

1. Who We Are

Supplied Technologies B.V. provides onboarding, verification, reporting, and data-integration software.

We act as:

• Data Controller for personal data collected through our website, marketing, sales, and direct communications; and
• Data Processor for personal data processed on behalf of our business customers in connection with the Services (“Customer/Client Data”), as governed by our DPA.

2. Scope

This Privacy Policy applies to:

• visitors to our websites and marketing pages;
• prospective customers and business contacts; and
• users of our Services where we act as a controller for account administration and service communications.

Where we process personal data on behalf of a customer (as a processor), the customer’s privacy notice governs the relationship with the end user, and our DPA governs our processing.

3. What Data We Collect

We collect only personal data necessary to operate and improve our Services. Depending on how you interact with Supplied, this may include:

Contact Data

Name, email address, phone number, company name, job title.

Collected when you fill out forms, request a demo, or contact us.

Account Data

User identifiers, access roles, authentication metadata, and login credentials (stored in hashed form where applicable).

Collected when you register for or use authenticated areas of the Services.

Usage and Technical Data

IP address, browser type, device information, operating system, pages viewed, referring URLs, timestamps, and log data.

Collected automatically through cookies, logs, and similar technologies.

Transactional and Billing Data

Billing contact details, subscription information, payment status, invoice metadata.

Collected when you subscribe to Services or enter into an agreement.

Support and Communications Data

Emails, chat messages, support tickets, and any files or information you choose to share with us.

Collected when you contact support or communicate with our team.

We do not intentionally collect special categories of personal data (e.g., health, biometric, political opinions) via our public website.

4. How We Use Your Data

We process personal data to:

• provide, maintain, and secure our website and Services;
• manage accounts, authentication, and access controls;
• handle billing, invoicing, and contract administration;
• respond to inquiries and provide support;
• send operational communications (e.g., service notices, security messages);
• send marketing communications where permitted by law and your preferences;
• monitor performance and improve features and user experience; and
• detect, prevent, and investigate fraud, misuse, or security incidents, and comply with legal obligations.

5. Legal Bases for Processing

Where we act as a controller, we rely on one or more of the following lawful bases under the GDPR:

• Contract performance – to provide Services you request;
• Legitimate interests – to operate, secure, and improve the Services, prevent fraud, and run analytics;
• Consent – for optional cookies and marketing where required;
• Legal obligation – to meet statutory requirements (e.g., accounting/tax).

6. Cookies and Similar Technologies

We use:

• strictly necessary cookies to operate the site; and
• optional cookies (e.g., analytics/performance) only where you provide consent via our cookie banner (where required).

You can manage cookies via your browser settings and (where available) our cookie banner preferences.

7. Sharing Data and Sub-processors

We may share personal data with trusted service providers (“sub-processors”) that help us provide the Services (e.g., hosting, email delivery, analytics, customer support, billing).

All sub-processors are bound by appropriate contractual obligations and may only process personal data on our instructions.

A current list of sub-processors is available upon request.

We do not sell personal data.

8. International Transfers

Where personal data is transferred outside the EEA, UK, or Switzerland, we rely on appropriate transfer safeguards such as:

• the EU Standard Contractual Clauses (SCCs) (2021/914);
• the UK International Data Transfer Addendum; and
• Swiss transfer mechanisms where applicable.

We apply supplementary safeguards such as encryption and access controls.

9. Data Retention

We retain personal data only as long as necessary for:

• the purposes described in this Policy;
• legal, regulatory, or contractual obligations; and
• dispute resolution and enforcement.

Where retention periods are governed by our customer contracts and DPA (for Client Data), those terms apply.

10. Automated Processing and AI

Certain features may involve automation or AI-assisted processing (e.g., data validation, categorisation, anomaly detection).

• We do not conduct automated decision-making that produces legal or similarly significant effects on individuals without appropriate safeguards.
• Where we act as a processor, any such processing is performed only under the customer’s instructions as set out in the DPA.

11. Your Rights (GDPR)

Subject to applicable law, you may have the right to:

• access your personal data;
• correct inaccurate data;
• request deletion;
• restrict processing;
• receive your data in portable format;
• object to processing based on legitimate interests or direct marketing; and
• withdraw consent at any time (where processing is based on consent).

To exercise your rights, contact: support@supplied.eu.

We aim to respond within one month as required by the GDPR.

12. Security

We maintain an ISO 27001-aligned security program, including:

• encryption in transit (TLS 1.2+) and at rest (AES-256);
• multi-factor authentication for privileged access;
• logging and monitoring;
• vulnerability management and periodic penetration testing; and
• internal privacy/security training.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their policies.

14. Children’s Privacy

Our Services are not directed to individuals under 16, and we do not knowingly collect personal data from them. If we become aware we have done so, we will delete it.

15. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will be posted on this page with an updated effective date.

16. Contact

For questions or requests:

Supplied Technologies B.V.

KvK: 93146620

Email: support@supplied.eu

WhatsApp: +1 555 835 4573

Website: https://www.getsupplied.ai

You may also lodge a complaint with the Autoriteit Persoonsgegevens (Netherlands DPA) or your local supervisory authority.

‍