Nordlys Consultancy Ltd, trading as (t/a) Supplierly, operates as a data controller registered in England and Wales (company number 16433338) with registered address at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.
Contact: dpo@supplierly.com
Website: https://supplierly.com
This Privacy Policy governs data collection and processing for all individuals interacting with Supplierly through our website, platform, applications, email, and other channels. It applies to all users of our platform, including suppliers, customers, and their employees, as well as visitors to our website.
Our systems and processes adhere to:
We maintain registration with the Information Commissioner’s Office (ICO) as a Data Controller (registration reference: ZB946623).
We collect the following categories of personal data:
Supplierly uses cookies - small text files placed on your device - to enhance your experience, improve functionality, and gather insights for service improvement. For full details on the cookies we use and how to manage your preferences, please see our Cookie Policy.
We process your personal data only when we have a lawful basis to do so. The table below sets out the purposes for which we process data and the corresponding legal basis.
| Purpose | Data Types | Lawful Basis |
|---|---|---|
| Website visits | Technical, Usage | Legitimate interest: determining service availability, diagnosing issues, analysing usage patterns |
| Account sign-up and subscription | Identity, Contact, Technical, Marketing | Contract performance; Consent for marketing communications |
| Providing our platform services | Identity, Contact, Business, Usage | Contract performance |
| Security and fraud prevention | Identity, Technical, Usage | Legitimate interest: protecting users and the platform |
| Service improvement and analytics | Technical, Usage | Legitimate interest; Consent where required |
| Demo and sales enquiries | Identity, Contact, Profile | Consent for facilitating services; Legitimate interest in understanding business needs |
| Marketing communications | Identity, Contact, Marketing | Consent |
Users receiving marketing communications must have created an account and opted in. We may provide personalised recommendations regarding relevant services or features.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis for doing so. We may process your personal data without your knowledge or consent where this is required or permitted by law.
We use a self-hosted, privacy-friendly analytics tool to understand how our website is used, such as which pages are viewed and where visitors arrive from, so we can improve it. It runs on our own infrastructure and the data is not shared with any third-parties. It is not used to track you across other websites.
These analytics are cookieless. They set no cookies, store no information on your device and do not collect personally identifiable information. If your browser sends a “Do Not Track” request, we won't collect analytics from your visit.
We may share your data with:
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, database, file storage and email delivery | United Kingdom (London) |
| Cloudflare | Content delivery, DNS, encryption in transit and bot protection | Global edge network |
| Sentry | Application error monitoring and performance diagnostics | European Union (Germany) |
| HubSpot | Customer relationship management for sales and marketing enquiries | European Union (Germany) |
| Apicbase | Food and beverage management platform. If you enable the integration, we'll sync approved product and ingredient data to your connected Apicbase library. | European Union (Frankfurt, Ireland and Paris) |
We do not sell your personal data to third parties.
We implement appropriate technical and organisational security measures to protect your personal data, including encryption at rest and in transit, access controls, and regular security assessments.
Access to your data is restricted to a limited number of employees and contractors who have a legitimate need to access it and who are bound by confidentiality obligations. Subcontractors handling data on our behalf remain under our control and are subject to equivalent security standards.
However, no method of transmission over the internet is completely secure. You transmit data at your own risk and should report any security concerns to dpo@supplierly.com.
You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email, or by contacting us at dpo@supplierly.com. Opting out of marketing will not affect the processing of your personal data for non-marketing purposes.
Under UK GDPR and the Data Protection Act 2018, you have the following rights:
No fee is normally required to access your personal data or to exercise any of your other rights. However, we may refuse clearly unfounded or excessive requests. We may request specific information from you to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).
To exercise these rights, please contact us at dpo@supplierly.com.
We retain your personal data only for as long as reasonably necessary for the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and applicable legal requirements.
We may retain data for longer where a complaint has been raised or where we reasonably believe litigation is probable.
Your data may be stored and processed in countries outside the United Kingdom. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses, adequacy decisions, or other mechanisms recognised under UK data protection law, to ensure your data receives an equivalent level of protection.
Our platform is a business-to-business service and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected personal data from a child, please contact us at dpo@supplierly.com and we will take steps to delete the data promptly.
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/
We may update this Privacy Policy from time to time. We will provide reasonable notice of any significant changes by posting a notice on the platform or sending you an email. The date at the top of this page indicates when the policy was last updated.