Privacy Policy for linQsupply®

Welcome to linQsupply®! Protecting your privacy and that of your business partners is our top priority. This Privacy Policy explains how we process personal and business data exchanged through our Software-as-a-Service (SaaS) platform. As an EDI service provider based in Germany, we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Your data is primarily stored and processed in the Germany West Central region of Microsoft Azure. For international data transfers, we ensure that appropriate safeguards are in place.

If you have any questions about this policy or the processing of your data, please contact us at partnermanagement@linQsupply.com

Effective Date: 2024-11-28

Information We Collect

Data You Provide

We collect the following data when you use linQsupply®:

  • Account Information: Name, email address, phone number, job title, and company details.
  • Subscription Details: Payment information and billing details.
  • Support Requests: Information you provide in support tickets or inquiries.

Business Data in EDI Messages

As part of our services, we may process the following business data:

  • EDI Documents: Invoices, purchase orders, delivery notes, payment information, and other business-related data provided by you or your business partners.
  • Personal Data in Business Documents: Names, contact details, or similar information included in EDI documents.

Data Collected Automatically

When you use our platform, we automatically collect:

  • Usage Data: Login times, activity logs, and performance metrics.
  • Technical Data: IP address, browser type, device details, and operating system.

Data from Third Parties

We may receive data from:

  • Microsoft Azure: Hosting and performance metrics related to our platform.
  • Payment Processors: For subscription and billing purposes.

How We Use Your Data

We use your personal and business data for the following purposes:

  • To provide, operate, and maintain linQsupply®.
  • To process EDI messages and forward them to your designated business partners.
  • To handle subscriptions and payment transactions.
  • To communicate with you regarding your account, support requests, and important updates.
  • To improve platform functionality and security.
  • To comply with legal obligations and enforce our terms of use.

Legal Basis for Processing

The processing of your data is based on the following legal grounds under GDPR:

  • Contractual Necessity: To deliver the services you subscribed to.
  • Legitimate Interests: To ensure platform functionality and security.
  • Legal Obligations: To comply with applicable laws.
  • Consent: For optional communication or analytics purposes.

Sharing Your Data

We do not sell your data. However, we may share it in the following cases:

  • Service Providers: Trusted partners such as Microsoft Azure and payment processors who assist us in delivering our services. More information on our third-party providers can be found on our [Third-Party Sub-processors Page]. [Third-Party Sub-processors-Seite].
  • Authorities: Where required to comply with legal obligations.
  • Business Partners in the EDI Network: Business documents, such as invoices or purchase orders, are forwarded to your specified business partners, including those located outside the EEA (see Section "Data Transfers").

Your data will be stored and processed exclusively in the Germany West Central region of Microsoft Azure in order to meet the requirements of the GDPR and data sovereignty.

Data Transfers

International Data Transfers in the EDI Context

As an EDI service provider, it may be necessary to transfer business data to your business partners outside the European Economic Area (EEA). We ensure the following:

  • Standard Contractual Clauses (SCCs): Transfers to countries without an adequacy decision are based on SCCs to ensure an appropriate level of data protection.
  • Technical Measures: All transferred data is encrypted and secured using protocols such as AS2 and AS4.
  • Contractual Measures: We ensure that your business partners commit to complying with data protection requirements.

Processing Within the EU

Data stored on linQsupply® is primarily retained in the Germany West Central region of Microsoft Azure.

Data security

We implement extensive security measures, including:

  • Encryption: Data is encrypted both in transit and at rest.
  • Access Controls: Access to data is restricted to authorized personnel only.
  • Logging: All data access is logged to prevent misuse.
  • Regular Security Audits: Our platform undergoes regular security assessments to identify and address vulnerabilities.

Data Retention and Deletion

We retain your data only as long as necessary for the following purposes:

  • EDI Data: Business documents and transaction logs are retained for the agreed-upon period and subsequently deleted in accordance with your instructions.
  • Personal Data: Personal data is deleted once it is no longer required for the original purpose.

Your Rights

Under GDPR, you have the following rights:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Correct any inaccurate or incomplete data.
  • Erasure: Request the deletion of your data ("Right to be Forgotten").
  • Restriction of Processing: Limit the processing of your data in certain circumstances.
  • Objection: Object to the processing of your data, particularly in cases of legitimate interest.
  • Data Portability: Receive your data in a machine-readable format.

To exercise these rights, please contact us at partnermanagement@linqsupply.com

Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Significant updates will be communicated to you via email or notifications within the platform. The "Effective Date" at the top of this policy will always indicate the latest version.

Contact

If you have any questions or concerns about this policy, you can reach us at: