- 2. Data Protection Statement for European Union Users
- 3. Consumer Privacy for California User
This policy explains what information we collect when you use The Supply Chain Project’s sites, services, mobile applications, products, and content (“Services”). It also has information about how we store, use, transfer, and delete that information. Our aim is not just to comply with privacy law. It’s to earn your trust.
Information We Collect & How We Use It
The Supply Chain Project doesn’t make money from ads. So we don’t collect data in order to advertise to you. The tracking we do at The Supply Chain Project is to make our product work as well as possible. This includes basic product functions like allowing our metered paywall to work and key features like personalizing what posts you see based on what we think you’ll like. So, to give you the best possible experience in using The Supply Chain Project, we collect information from your interactions with our Services. Some of this information, you actively tell us (such as your email address, which we use to track your account or communicate with you). Other information, we collect based on actions you take while using The Supply Chain Project, such as what pages you view (including how much of a given page and for how long) and your use of product features (like Save to The Supply Chain Project, highlights, follows, and applause). This information includes records of those interactions, your Internet Protocol address, information about your device (such as device or browser type), and referral information (how you got to a particular page).
We use this information to:
- provide, test, improve, promote and personalize the Services
- fight spam and other forms of abuse
- generate aggregate, non-identifying information about how people use the Services When you create your The Supply Chain Project account, and authenticate with a third-party service (like Twitter, Facebook, Apple or Google) we may collect, store, and periodically update information associated with that third-party account, such as your lists of friends or followers. We will never publish something through one of your third-party accounts without your express permission.
The Supply Chain Project won’t transfer information about you to third parties for the purpose of providing or facilitating third-party advertising to you. We won’t sell information about you to a third-party. We may transfer your account information with third parties in some circumstances, including: (1) with your consent; (2) to a service provider or partner who meets our data protection standards; (3) with academic or non-profit researchers, with aggregation, anonymization, or pseudonymization; (4) when we have a good faith belief it is required by law, such as pursuant to a subpoena or other legal process; (5) when we have a good faith belief that doing so will help prevent imminent harm to someone. If we are going to share your information in response to legal process, we’ll give you notice so you can challenge it (for example by seeking court intervention), unless we’re prohibited by law or believe doing so may endanger others or cause illegal conduct. We will object to legal requests for information about users of our services that we believe are improper.
Search engines may index your The Supply Chain Project user profile page, public interactions (such as claps or highlights), and post pages, such that people may find these pages when searching against your name on services like Google, DuckDuckGo, or Bing. Users may also share links to your content on social media platforms such as Facebook or Twitter.
The Supply Chain Project uses third-party vendors and hosting partners, such as Amazon, for hardware, software, networking, storage, and related technology we need to run The Supply Chain Project. We maintain two types of logs: server logs and event logs. By using the Services, you authorize The Supply Chain Project to transfer, store, and use your information in the United States and any other country where we operate.
When posting on The Supply Chain Project, you may not embed a form that allows submission of personal information by users. You must link offsite to a page that allows such submissions by users, and that page’s appearance must be distinct enough from The Supply Chain Project to ensure it does not cause confusion among users over to whom they are submitting personal information. Failure to do so may lead The Supply Chain Project to disable the post or take other action to limit or disable your account.
Tracking & Cookies
We use browser cookies and similar technologies to recognize you when you return to our Services. We use them in various ways, for example to log you in, remember your preferences (such as default language), evaluate email effectiveness, allow our paywall and meter to function, and personalize content and other services. Without cookies, our metered paywall would not work, so they are necessary to The Supply Chain Project’s basic functionality.
Modifying or Deleting Your Personal Information
If you have a The Supply Chain Project account, you can access, modify or export your personal information, or delete your account here. To protect information from accidental or malicious destruction, we may maintain residual copies for a brief time period (generally several weeks). But, if you delete your account, your information and content will be unrecoverable after that time. The Supply Chain Project may preserve and maintain copies of your information beyond this time period when required to do so by law.
We use encryption (HTTPS/TLS) to protect data transmitted to and from our site. However, no data transmission over the Internet is 100% secure, so we can’t guarantee security. You use the Service at your own risk, and you’re responsible for taking reasonable measures to secure your account.
Email from The Supply Chain Project
Sometimes we’ll send you emails about your account, service changes or new policies. You can’t opt out of this type of “transactional” email (unless you delete your account). But, you can opt out of non-administrative emails such as digests, newsletters, and activity notifications through your account’s Settings page. When you interact with an email sent from The Supply Chain Project (such as opening an email or clicking on a particular link in an email), we may receive information about that interaction. We won’t email you to ask for your password or other account information. If you receive such an email, please forward it to us at legal@The Supply Chain Project.com so we can investigate.
Changes to this Policy
The Supply Chain Project may periodically update this Policy. We’ll notify you about significant changes to it. The most current version of the policy will always be here and we will archive former versions of the policy here.
We welcome feedback about this policy at firstname.lastname@example.org.
2. Data Protection Statement for European Union Users Description of Processing Activity
The Supply Chain Project collects and stores personal information about its users to customize their reading experience and enable personalized distribution of content. It shares minimal data with its service providers.
Purposes of Processing
- Provide, test, promote, and improve the Services
- Gather usage statistics of services
- Provider customized reading experience
- Publish and distribute user-generated content
- Provide access to paid content
- Pay authors in Partnership Program for certain content
- Fight spam, fraud, and other abuse of services
In order to provide the Services The Supply Chain Project collects and stores personal data about its users to fulfill its contractual obligations to users as described in our Terms of Service and to Members as described in our Membership Terms of Service. The Supply Chain Project also pursues its legitimate interests by collecting minimal data of logged out users to provide the Services, as outlined above, as well as to ensure that new users trying out the free member preview do not exceed their maximum limit of free articles per month before a paid subscription is required to read further. These legitimate interests are not outweighed by (nor do they violate) our users’ privacy interests because we collect minimal user data for these purposes and we are fully transparent about these activities.
Where The Supply Chain Project collects and stores personal data about non-users mentioned in user-generated content, it does so under performance of contract obligations to users who use the Services to publish content on web sites hosted by The Supply Chain Project. In such cases, users authoring such user-generated content containing personal data of third parties are responsible for that content. The Supply Chain Project will consider related complaints in compliance with the General Data Protection Regulation’s rights of the data subject, as well as rights of expression and access to information.
Public Nature of Personal Data
Logged-in users may choose to interact publicly with the Services in the form of clapping for a post, highlighting parts of a post, following other user accounts, sharing links on connected social media accounts, or writing original posts. Where such personal data may reveal special category protected data, it is processed on the basis that it is manifestly made public by the user. Additional information on potential consequences of such processing can be found below. If you do not agree to this public usage, do not create an account or use these features of the Services. Search engines may index your The Supply Chain Project user profile page, public interactions (such as claps or highlights), and post pages. Users may also share links to your content on social media platforms such as Facebook or Twitter.
Categories of Personal Data Collected
Logged out users:
- Reading history
- IP address
- Browser information
- DNT status
Logged in users:
- Display name
- Avatar image
- Email address (non-public)
- Session activity (security)
- Linked social media accounts (optional)
- IP address
- Browser information
- Reading history (on The Supply Chain Project Services only)
- Meta-data about URLs saved by using the optional feature Save to The Supply Chain Project
- Network interactions (recommends, follows, etc.)
- Posts, responses, or series published by user
- Billing information and history
- Bank account for payments
- Business information, if applicable
Categories of Recipients
The Supply Chain Project shares minimal personal data with third-party processors in order to provide the Services. These processors offer at least the same level of data protection as that set out in this statement.
This includes the following categories of recipients:
- Hosting, Storage, & Other Infrastructure
- Communication & Support
- Payment Processors
The Supply Chain Project provides Services in conjunction with several payment processors, including: Stripe, PayPal, Google Play, and Apple Pay, through which users may pay for The Supply Chain Project memberships or receive payment based on participation in our Partner program. Those companies acting as payment processors may collect and store personal data related to your billing information and history in order to provide their services, and may collect and store personal data and business data to prevent fraud and other abuse. When you delete your The Supply Chain Project account, The Supply Chain Project deletes your personal data as explained in this policy. However, to delete your payment or billing information, you will need to do so with your payment provider, as The Supply Chain Project only has minimal secure access to those records as needed to provide the Services.
Use of Algorithms to Personalize User Experience
The Supply Chain Project collects and stores personal data about its users to customize their reading experience by displaying content tailored to the preferences and interests indicated by the users (including through their reading history and Services interactions). This does not constitute automated decision-making as that phrase is used in the GDPR because it does not produce any legal effects or similarly significant effects for users. The Supply Chain Project also moderates content for the purposes of fighting and preventing spam, fraud, and other forms of abuse, and may rely on algorithms as part of doing so.
Potential Consequences of Processing
By creating and using an account on The Supply Chain Project, users may make certain personal data about themselves public and accessible to others on their profile and through network interactions. This may in some cases constitute special category protected data which is considered manifestly made public by the user. Due to the public nature of information posted to The Supply Chain Project, it may be possible for third parties to derive identifying personal data from posts, whether by reading, inference, supplemental research, or automated extraction and analysis. Users are free to use their real name and information, or a pseudonym of their choosing, for their account. Users may also choose to use the service without posting data or engaging in network interactions. However, if you do not agree with and accept the risks of such usage, you may not use the Services.
The Supply Chain Project is hosted in the United States. By using the Services, you authorize The Supply Chain Project to transfer, store, and use your information in the United States and any other country where we operate. Where your data is disclosed to our processors, it is subject by contract to at least the same level of data protection as that set out in this statement.
The Supply Chain Project retains personal data associated with your account for the lifetime of your account. If you would like to delete your personal information, you can delete your account at any time. Deleted account profile pages will yield an error 404 “file not found” page, immediately upon initiating deletion, and will become unrecoverable in our system after a period of fourteen days. It may take several additional days for your personal data to be de-indexed from search engines, depending on those search engines’ practices, over which The Supply Chain Project may have limited or no control. To delete your payment or billing information, you will need to do so with your payment provider, as The Supply Chain Project only has minimal secure access to those records as needed to provide the Services.
Rights of Data Subjects
- 1. If you sign up for a The Supply Chain Project account, you may at any time request an export of your personal information from the Settings page.
- 2. You may correct information associated with your account from the Settings page, and the Customize Your Interests page to update your interests.
- 3. You may withdraw consent by deleting your account at any time through the Settings page, which will erase your personal information completely within 14 days (except to the extent The Supply Chain Project is prevented by law from deleting your information).
- 4. You may object at any time to the use of your personal data by contacting email@example.com. If your complaint relates to alleged misuse of your personal data by a third party, it may result in suspension of that post or account in keeping with relevant law, public interest, our contractual obligations, and the rights of expression and access to information of others.
- 5. Under EU law you have the right to lodge a complaint regarding the processing of your personal data by The Supply Chain Project with the dedicated Supervisory Authority of your EU member state.
Subject Access Requests
For security and account ownership verification reasons, we process Subject Access Requests and account deletion requests from the account holder only. We are unable to process requests made by third-party services. You can access the self-service download tool and account deletion mechanism by logging in to your account and navigating to https://thesupplychainproject.org/me/settings.
3. Consumer Privacy for California Users
If you are a California resident, the processing of certain personal data about you may be subject to the California Consumer Privacy Act (“CCPA”) and other applicable California state privacy laws. Beginning January 1, 2020, the CCPA gives you certain rights with respect to the processing of your personal data (known as “personal information,” as described in the CCPA).
This section provides additional privacy disclosures and informs you of key additional rights as a California resident:
Right to Know Request
Under the CCPA, you have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information:
- 1. Categories of and specific pieces of personal information we have collected about you.
- 2. Categories of sources from which we collect personal information.
- 3. Purposes for collecting, using, or selling personal information.
- 4. Categories of third parties with which we share personal information.
- 5. Categories of personal information disclosed about you for a business purpose.
- 6. If applicable, categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for each third party to which the personal information was sold.
To make a verifiable request for information about the personal information we have collected about you, please access your account profile to make a request by going to your Settings page here, scrolling down to Accounts section, and clicking on Download.zip button to make a request to download your information. You may also email us at firstname.lastname@example.org.
Right to Delete Request
Under the CCPA, you also have a right to request that we delete personal information, subject to certain exceptions. You may exercise your right to delete if you have a The Supply Chain Project account by going to your Settings page here, scrolling down to ‘Delete account’ and clicking on ‘Delete account.’ You may also email us at email@example.com.
We do not knowingly collect household data. If all the members of a household makes a Right to Know or Right to Delete request, we will respond as if the requests are individual requests.
General Requests under CCPA
If you do not have a The Supply Chain Project account, we will not have enough information about you to verify your Right to Know and Right to Delete requests since we do not keep sufficient information to re-identify and link you to a prior visit to The Supply Chain Project. You may make a verifiable consumer request related to your personal information twice per 12-month period. We will not discriminate against you for exercising any of your rights under the CCPA.
Requests made through Agents
You may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.
Disclosures of Personal Information for a Business Purpose
In the last 12 months, The Supply Chain Project has disclosed certain data from the following categories of personal information to the categories of recipients listed above in the ‘Categories of Recipients’ for one or more business purposes:
Logged in users:
- Display name
- Avatar image
- Email address (non-public)
- Billing information and history
- Bank account for payments
- Business information, if applicable
No Sale of Personal Information
Under the CCPA, a “sale” means providing to a third party personal information for valuable consideration. Since The Supply Chain Project doesn’t make money from ads, we don’t collect data to facilitate nor enable third parties to advertise to you. At this time and pending final regulations and guidance interpreting the CCPA, we don’t believe any of our data practices constitute a “sale” under the CCPA.
You may contact us by emailing us at firstname.lastname@example.org.