Privacy Policy

Effective Date February 26 2020

Privacy Policy

At Chainyard Supplier Management Inc. and our parent IT People Corporation (the “Company,” “we,” “us,” or “our”), we respect and protect the privacy of our website visitors and registered users of the Network (as defined below) (“you,” “customer,” or “your”).  We created this “Privacy Policy” to demonstrate our commitment to your right of privacy and to describe our practices for how your personal information is collected and used.  This Privacy Policy applies to information that we may receive, collect or maintain about you when you visit www.trustyoursupplier.com and/or use the Company’s website, and/or use our blockchain-based supplier information management system (collectively, the “Network”).  By accessing the Network, you expressly consent to the use and disclosure of your information as described below.  If you do not agree with the terms set out in this Privacy Policy, please do not use the Network and delete any cookies placed by the website.

Except as specifically set forth herein, this Privacy Policy does not apply to information collected by third party websites or services that you may access through the Network or that you submit to us through email, text message or other electronic message, or offline.  We are not responsible for the privacy practices or the content of any third party websites.  Users and visitors who link to third party websites from the Network should check the privacy and security policy statements of such third party websites to understand the policies and practices of such third-party websites, as we are not responsible for those policies and practices. If you disclose your information to others on the Network or other sites on the internet, you do so at your own risk as different rules may apply to their use or disclosure of such information.

Please read the following carefully to understand our views and practices regarding your personal data and how we will use it.

Network Agreements

Data that you provide to us also will be governed by the agreement between you and the Company regarding your use of the Network (the “Network Agreements”).

Information We Receive or Collect From You

You may give us data about you when you:

We may collect information about you such as:

We may be given data about you, the organization you represent, or a third party such as:

Except with respect to Network visitors invited by a current Network user, we do not record the names or email addresses of visitors who do not register as Network users unless such users subscribe to receive information via electronic mail.

To protect children’s personal information, we do not knowingly collect any personal information from persons under the age of sixteen (16) that can be used to specifically identify them and the Company does not permit persons under the age of sixteen (16) to use the Network.

If you believe we might have any information from or about underage children, please contact us at [email protected].

Purpose and Legal Basis for Processing your Data and the Customer Information

The Company has lawful bases to collect, use and share your Customer Information and any personal data we receive from, collect or maintain about you.  Lawful bases include your consent (as provided for in this Privacy Policy and the Network Agreements), contract (where processing is necessary for the performance of a contract with you), and other legitimate interests including, but not limited to, were processing is necessary to:

Where we have a legal basis to use your personal data without consent, this Privacy Policy fulfils our duty to process personal data fairly and lawfully and in a manner that you would expect given the nature of our relationship with you, by giving you appropriate notice and explanation of the way in which your personal data will be used.  Where consent is required for our use of your personal data as described above, you have the right to withdraw or decline your consent and cease your use of the Network.

Notwithstanding Customer Information you choose to allow other users to view and access, your Customer Information will be kept confidential and will be used to support your relationship with us.  Except as otherwise set forth in this Privacy Policy or the Network Agreements, we will not sell, rent or lease to others your Customer Information or any other personal information we receive from, collect or maintain about you. 

As set forth above, if you email us, we may keep your message, email address, and contact information to respond to your message.  In certain instances, our response may be provided to other Network users or third-parties as necessary to address certain problems, comments, and requests.

We employ Stripe™ as a payment intermediary service to receive payment from users, and do not request or store any of your financial information, such as your bank routing or account numbers, or your debit or credit card account numbers.

Following termination or deactivation of your account with the Network, we may retain information, including profile information and Customer Information, in order to comply with applicable law, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our rights under our agreements with you, for backup, audit or regulatory purposes, and for other actions permitted by law.  In addition, you acknowledge the inherent nature of blockchain networks will make any records stored on the blockchain ledger impossible to delete.

Otherwise we will only retain your personal data for as long as reasonably necessary to fulfil the purposes we originally collected it for.  To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

We may share your Customer Information for marketing purposes but only with your prior consent.  Those uses will be subject to such third party’s privacy policies.  Also, the Company may share your Customer Information with third parties in aggregated and/or anonymized form. 

Special Cases in which We Share Personal and Password Information

We may share your information, including Customer Information and personal information, with a third party in connection with a merger, sale, or acquisition, or a bankruptcy.  Also, we may disclose your information to affiliated legal entities and businesses with whom we are under common corporate control. 

All of our affiliated legal entities and businesses that receive your information from us will comply with the terms of this Privacy Policy with respect to their use and disclosure of such information.  Whenever your information is disclosed under this paragraph, we may also disclose such information on a non-aggregated, non-anonymous basis. 

Under certain circumstances, Customer Information and personal information may be subject to disclosure pursuant to applicable law, judicial or other government subpoenas, warrants, or orders (such disclosures, “Disclosures Required by Law”).  In such circumstances, you acknowledge the Company may disclose such information to the extent necessary to comply with such legal requirement.  Also, we may share your Customer Information or personal information in an emergency if necessary to protect the safety of Company employees, agents, customers or any person.  Again, when your information is disclosed under this paragraph, we may also disclose such information on a non-aggregated, non-anonymous basis.

We may also share Customer Information and personal information with our service providers, business partners, suppliers, sub-contractors or agents who perform services for us, as well as our professional advisers (including our lawyers, bankers, auditors and insurers), and analytics and search engine providers that assist us in the improvement and optimization of the Network.

Aside from Disclosures Required by Law, any disclosure to a third party will only be made if such third party satisfies the requirements of the EU-U.S. Privacy Shield (as defined below), or has entered into a written agreement with us providing that it will provide at least the level of privacy protection as is provided in the EU-U.S. Privacy Shield.

Use of Other Users’ Information

If you use the Network, your email address and certain other information you choose to add to your profile may be accessible to other users.  By using the Network, you agree that, with respect to other users’ information you obtain through your use of Network, you will only use such information for: (i) communications related to the Network that are not unsolicited commercial messages; and (ii) any other purpose that such user expressly agrees to after adequate disclosure of such purpose.  Under no circumstances may you disclose information of another user to any third-party without our consent and the consent of such other user.

Third Party Communications

When you are involved in a transaction as a result of your use or access of the Network, each party involved in such transaction may obtain access to the other party’s name, email address, phone number and other contact and shipping information.  We cannot guarantee the privacy or security of your information when you deal with such third parties.  

International Transfers

From time to time, personal information we collect from data subjects in the European Economic Area (“EEA”) may be transferred to, stored, processed or accessed by, us and other entities who may be based outside of the EEA, for example, the United States.  Also, we may allow our service providers or assistance providers, who may be located outside the EEA, to access your personal data.  In addition, we may make other disclosures of your personal data outside the EEA, for example, in the event we receive a legal or regulatory request from a foreign law enforcement body.

We will always take steps to ensure any transfer of such information to entities based outside the EEA is carefully managed to protect your rights and interests by implementing appropriate safeguards to protect your personal information.  Your personal data may be transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.  To find out which countries are covered by this, please see here.

Where there is no adequacy decision by the European Commission in respect of a country (to the extent that they are outside the EEA), which means it is not deemed to provide an adequate level of protection to your personal data, we will ensure your personal data receives an adequate level of protection.  For example, each such transfer to a third party will be protected by contractual commitments and further assurances (where appropriate) such as the European Commission’s approved Standard Contractual Clauses, or certification schemes such as the EU – U.S. Privacy Shield for the protection of personal data transferred from within the EEA to the United States of America.

If you would like to find out more about these safeguards in respect of processing your personal data, please contact us at [email protected].

Control, Email and Opt-Out

You have control over your Customer Information and other personal information related to your use of the Network.  Accordingly, you may access, review, add, modify, correct, delete or update your Customer Information or other personal information at any time. 

If you receive one or more emails from us, it means one of two things: (i) your email address is on our list of customers or prospective customers; or (ii) you have provided us your email address so that we could contact you.  If you believe you receive an email from us in error, please contact us immediately at [email protected] 

We provide you with the opportunity to opt-out of receiving marketing communications from us at any point in time.  If you wish to cease receiving marketing emails and other communications from us, you can opt-out by contacting us at [email protected].

In addition to the above rights of access, correction, amendment or deletion, if you live in the EEA, subject to applicable law, you may have some or all of the following rights with respect to your personal information:

You can exercise the above rights by: (i) email sent to [email protected]; or (ii) mail sent to the Company at Chainyard Supplier Management Inc., One Copley Parkway #216, Morrisville, North Carolina 27560.  If you establish a membership account with the Network, you may make changes to the Customer Information related to your account by accessing your account settings.

Please note that if you ask us to stop processing your personal data in a certain way or erase your personal data, and this type of processing or data is needed to facilitate your use of the Network you may not be able to use the Network as you did before, or at all.  This does not include your right to object to direct marketing, which can be exercised at any time without restriction.  Please allow at least ten (10) working days for your request to be addressed.

Please note that the rights mentioned above do not extend to non-personal data.  Please also note that it may be necessary to retain your personal data for the purposes of assessing and verifying data that is submitted to and/or held on the Network, and to manage the Network; your rights under applicable law may be limited accordingly.

Security of the Information Collected

We use technical, organizational, administrative, and physical security measures designed to protect against the loss, misuse and alteration of data used by, or transmitted to or from, our system.  No data transmissions over the Internet, however, are guaranteed to be completely secure.  While we strive to protect your data from unauthorized use or disclosure, the Company does not warrant or guarantee the security of the data that you provide to us; any transmission is at your own risk.

You are responsible for maintaining the security of any password, biometrics, user ID or other form of authentication involved in obtaining access to password protected or secure areas of any of our digital services.  In order to protect you and your data, we may suspend your use of the Network without notice, pending an investigation, if any breach of security is suspected.

Information Choices and Changes

You may request to review, correct, delete or otherwise modify information you have previously provided to us through the Network.  Notwithstanding the foregoing, you acknowledge the inherent nature of blockchain networks will make any records stored on the blockchain ledger impossible to delete.  You acknowledge that we will make reasonable efforts to delete such information, to the extent technically feasible.

You have the right to ask us not to collect, use, process or disclose your Customer Information in any of the manners described herein.  This will affect your user experience.  You can notify us of your intention to halt the collection, use, processing, or disclosure of your Customer Information at any time by contacting us at [email protected]

Some personal information is automatically collected via the use of data analytics tools.  If you object to such collection, your only choice is not to access the Network.

Cookies

Cookies are text files that web browsers place on a computer’s hard drive to tell site owners whether an individual has interacted with the website previously.  The Company uses cookies to recognize repeat visits by users of the Network and to collect information about our users’ interactions with and within the Network.  The cookie may transmit information via your browser with a purpose of authenticating or identifying the computer (via e.g., the IP address) or the user.  The use of cookies enables us to make your experience with the Network easier and more meaningful. 

There are two types of cookies: session-based cookies and persistent-based cookies.  Session cookies exist only during an online session.  They disappear from your computer when you close your browser software or turn off your computer.  Persistent cookies remain on your computer after you have closed your browser or turned off your computer.  They include such information as a unique identifier for your browser.  Standing alone, cookies do not contain personal data, and therefore do not identify you personally; they merely recognize your browser.  Also, we may use other standard technologies including, but not limited to, pixel tags and web beacons, to track visitors to the Network.  These technologies also help us to gather information including, but not limited to, the number of visitors to the Network, how visitors arrived at the Network, and the pages those visitors accessed.  This information also helps us to improve the appearance and content of the Network and enhances the functionality of Network resources.  Unless you choose to identify yourself to the Company by using the Network, you will remain anonymous to the Company.  You may delete cookies if you no longer wish to store them on your computer.

From time to time, we may engage third parties to track and analyze non-personally identifiable usage and volume statistical information from visitors to the Network to help us administer the Network and improve its quality.  Such third parties may use cookies to help track visitor behavior, including visitor responsiveness to online advertisements.  Such cookies will not be used to associate individual Network visitors with any personal data.  All data collected by such third parties on our behalf is used only to provide us with information on Network usage and will not be shared with any other third parties.

The cookies we use do not transmit personally identifiable information to us or to our service providers.  You have the choice to opt-out of receiving cookies from both the Company and third parties which will prevent the Company and third parties from tracking information about the online advertisements that you visit.  Please note that you still will have the ability to view our online advertisements even if you opt-out of receiving cookies OR if you choose to disable cookies, you may still use the Network; however, you may have limited access to some areas of the Network. 

If you wish to opt out of receiving cookies from the Company, please contact [email protected].  To opt-out of receiving cookies from our third parties, please contact [email protected].

For more detailed information about cookies and how they can be managed and deleted, please visit www.allaboutcookies.org.

Further Information

The Company is the sole owner and operator of the Network.  If you have any questions about anything in this Privacy Policy or about how we collect your Customer Information, or information generally, please contact [email protected]


You may also use the above contact information if you think any information about you is inaccurate, incomplete.

Privacy Policy Changes

We reserve the right to modify, amend or cancel this Privacy Policy at any time, consistent with the requirements of the EU-U.S. Privacy Shield and applicable data privacy laws.  Any changes to this Privacy Policy will be posted here (trustyoursupplier.com/privacy), so please check this page regularly and make sure to check the effective date of the policy as set forth above.  If you have any questions or concerns about the changes, please contact us at [email protected].

Notice to California Residents

Pursuant to California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: California residents may reach the Compliant Assistance Unit of the Division of Consumer Services for the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.

Notice to Non-U.S. Data Subjects

Please be aware your Customer Information and personal information may be collected, managed, transferred to, processed, and stored or accessed in a country different other than your country of residence.  Also, we may allow our service providers or assistance providers, who may be located outside of your country of residence, to access your personal information.  In addition, we may make other disclosures of your personal information outside of your country of residence, for example, in the event we receive a legal or regulatory request from a foreign law enforcement body.  We will always take steps designed to ensure any transfer of such information to entities based outside your country of residence is carefully managed to protect your rights and interests by implementing appropriate safeguards to protect your personal information.  Data protection laws in any such country (including laws governing the terms of the notice issued to you at the time of collection of Customer Information and personal information) may be different from those laws of your country of residence.  By visiting the Network, you consent to the transfer of your information, including Customer Information, to such country(ies) as are set forth in this Privacy Policy by visiting the Network.

Within the Company, only authorized Company personnel have access to personal information.  Such personnel have been informed by the Company of their obligation to preserve the confidentiality of such personal information. The Company employees who have access to such personal information may use it only in accordance with the principles set out in the Privacy Policy and applicable legislation and regulation. Depending on the nature of the personal information, it may be stored in the offices of the Company or in various computer systems of the Company or of its service suppliers, or in storage installations of the Company or of its service suppliers.

Notice to Canada Data Subjects

Notwithstanding any provisions of the Privacy Policy to the contrary, we will only send you commercial electronic messages in accordance with the requirements of Canada’s Anti-Spam Legislation (An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, S.C. 2010, c. 23).

In the event a non-English version of the Privacy Policy is created and there is a conflict of terms between such non-English version and the English version of the Privacy Policy, the English version will govern, unless prohibited under applicable legislation. The Privacy Policy and the related documents are drawn up in the English language at the express wish of the parties. La politique de vie privée et les documents qui s’y rattachent sont rédigés en anglais selon la volonté expresse des parties.

EU-U.S. Privacy Shield

We comply with the EU-U.S. Privacy Shield framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Economic Area countries (the “EU-U.S. Privacy Shield”).  We adhere to the EU-U.S. Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (the “Privacy Shield Principals”).  If there is any conflict between this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern unless you are a customer of the Network, in which event, the data processing addendum referenced in the agreement by and between you and the Company, that, by its terms, expressly governs your use of the Network, governs (the “DPA”).  To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

Our accountability for personal data that we receive under the EU-U.S. Privacy Shield and subsequently transfer to a third party is described in the Privacy Shield Principles or the DPA, as applicable.  In particular, we remain responsible and liable under the Privacy Shield Principles if third party agents that we engage to process the personal data on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove we are not responsible for the event giving rise to the damage.

If you have questions regarding our compliance with the EU-U.S. Privacy Shield, please contact us at [email protected].

In compliance with the Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information.  Individuals located in the EEA with inquiries or complaints regarding this Privacy Policy should first contact us at [email protected].  If we do not resolve your complaint, you may submit it free of charge to JAMS, an alternative dispute resolution provider based in the United States that we have designated to address complaints.  Please visit the JAMS website at https://www.jamsadr.com/eu-us-privacy-shield for more information.  During a dispute, we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.  Under certain conditions specified by the Privacy Shield Principles, you may also be able to invoke binding arbitration to resolve your complaint.

How to Contact the Company

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to [email protected].

Please also contact us if you would like to know more about our data processing activities, to update or amend any of your personal data which you have sent us or if you believe our records relating to you are inaccurate