Privacy Policy & Cookies

1. Purpose of this Policy

This Privacy Policy explains how Supplied Technologies B.V. (“Supplied,” “we,” “our,” or “us”) collects, uses, stores, and protects personal data when you visit supplied.eu or use our online services and portals (the “Services”).

By using our website or Services, you agree to this Policy and the data-processing terms described below.

2. Who We Are

Supplied Technologies B.V. provides onboarding, verification, reporting, and data-integration software.
We act as:

• a data controller for data we collect through our website and marketing; and
• a data processor for Customer Data handled on behalf of our business clients, under our Data Processing Agreement (DPA).

3. What Data We Collect

We collect only the information necessary to provide and improve our Services:

CategoryExamplesSourceContact Dataname, email, phone, companywhen you fill out forms or contact usAccount Datalogin credentials, user IDswhen you register for the Admin PortalUsage DataIP address, browser type, device info, pages visited, timestampsautomatically via cookies and analyticsTransactional Databilling contact info, subscription detailswhen you purchase or subscribeSupport Datachat or email correspondence, attachmentswhen you contact support

We do not intentionally collect “special categories” of data (race, health, biometrics, etc.) via the public website.

4. How We Use Your Data

We process personal data to:

• provide, maintain, and secure our website and Services;
• manage accounts, billing, and authentication;
• respond to inquiries and support requests;
• send operational or marketing communications (where lawful);
• detect, prevent, and investigate fraud or abuse; and
• comply with legal obligations.

5. Legal Bases for Processing

We rely on one or more of the following lawful bases under the GDPR:

• Contract performance – providing Services you requested;
• Legitimate interests – website operation, fraud prevention, analytics;
• Consent – optional marketing communications or cookies;
• Legal obligation – record-keeping, tax, and compliance duties.

6. Cookies and Analytics

We use strictly necessary cookies to operate the site and optional cookies (analytics, performance, or personalization) only with your consent.
You can manage cookie preferences in your browser or through the on-site cookie banner.
Analytics data is processed in aggregated form and not used to identify individuals.

7. Disclosures and Sub-processors

We may share data with trusted service providers (“Sub-processors”) that help us host, process, or support the Services — for example, cloud infrastructure, email delivery, analytics, or billing systems.
All such vendors are bound by GDPR-compliant agreements and process data only on our documented instructions.
A current list is available upon request.

We never sell personal data.

8. International Transfers

Where data is transferred outside the EEA, UK, or Switzerland, Supplied relies on:

• the EU Standard Contractual Clauses (2021/914, Module Two);
• the UK International Data Transfer Addendum; and
• the Swiss FADP Addendum (as applicable).

Supplementary safeguards (encryption, access controls) are applied to all transfers.

9. Data Retention

We retain personal data only as long as necessary to:

• fulfil the purposes described above;
• comply with legal obligations; or
• resolve disputes.

For customer accounts, data is kept for the duration of the contract plus a 30-day export period, then deleted or archived securely in accordance with our General Terms and DPA.

10. Your Rights under the GDPR

You have the following rights (subject to applicable law):

• Access – request a copy of your personal data.
• Rectification – correct incomplete or inaccurate data.
• Erasure (“Right to be Forgotten”) – request deletion of your data.
• Restriction – ask us to limit processing in certain cases.
• Portability – receive data in a structured, commonly used format.
• Objection – object to processing based on legitimate interests or direct marketing.
• Withdraw Consent – withdraw any consent you have given.

To exercise these rights, email support@supplied.eu.
We will respond within one month as required by the GDPR.

11. Security Measures

Supplied maintains an ISO 27001-aligned information-security management system including:

• encryption in transit (TLS 1.2+) and at rest (AES-256);
• multi-factor authentication for administrative access;
• continuous logging and monitoring;
• vulnerability management and penetration testing;
• data-retention and deletion controls;
• employee privacy and security training.

12. Third-Party Links

Our website may contain links to external sites we do not control.
We are not responsible for their content or privacy practices; please review their respective policies.

13. Children’s Privacy

Our website and Services are not directed to individuals under 16 years of age, and we do not knowingly collect personal data from them.
If we learn that we have inadvertently collected such data, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy periodically.
The updated version will be posted on this page with a new effective date.
Significant changes will be announced through the website or by email when appropriate.

15. Contact & Data Protection Officer

For questions, complaints, or to exercise your data-protection rights, contact:

Data Protection Officer
Johann Rozario
📧 support@supplied.eu
📞 +31 6 86630404

If you believe we have not addressed your concern, you may also lodge a complaint with the Autoriteit Persoonsgegevens (Netherlands DPA) or your local supervisory authority.

‍