Privacy Policy

Privacy Policy

Controller and scope
Supply Logica, Société par actions simplifiée (SAS), 5 rue des Allumettes, 13090 Aix-en-Provence, France. Site: https://app.supplylogica.com
Roles:

  • Controller: website, prospect/customer management (CRM), communications, support, management of administrative user accounts, security, invoicing.
  • Processor (Art. 28 GDPR): for data our clients upload/process on the platform or as part of our services (e.g., supplier contacts, due diligence documents, geolocation of plots, preparation/submission of EUDR/TRACES declarations). In these cases, the client is the controller and our data processing agreement applies.

Purposes and legal bases

  • Management of B2B commercial relationships (prospecting, responding to requests, demos, quotes, contracts, CRM):
    Legal basis: legitimate interests (Art. 6(1)(f) GDPR) to develop B2B activity; B2B emailing in compliance with local rules (in France: information and right to object, CPCE L.34‑5; consent where required).
  • Provision of the EUDR service (platform access, account creation/management, configuration, support, maintenance, logging and security):
    Legal basis: performance of a contract (Art. 6(1)(b)) and legitimate interests (service security, abuse prevention).
  • EUDR compliance support (collection/structuring of documents, traceability, due diligence statements, preparation/submission to TRACES on the client’s mandate):
    Legal basis: performance of a contract; where applicable, the client’s legal obligation for which we act as processor (Art. 6(1)(c)/(b)).
  • B2B communications and marketing (newsletters, compliance content, invitations to non‑webinar events where applicable):
    Legal basis: legitimate interests with right to object; consent where required (e.g., non‑clients, certain jurisdictions).
  • Invoicing, accounting and legal obligations:
    Legal basis: legal obligation (Art. 6(1)(c); 10‑year statutory accounting retention).
  • Security, fraud/abuse prevention and defense of rights:
    Legal basis: legitimate interests (Art. 6(1)(f)).

Categories of data

  • Identity/professional: last name, first name, department, company, business email, phone, country.
  • Commercial relationship and support: exchanges (emails, meetings), demo/information requests, communication preferences, support tickets.
  • Platform accounts and usage: identifiers, roles, connection metadata, technical logs, client space settings.
  • Data processed on behalf of clients (processor role): information on suppliers/actors in the supply chain (professional contacts), due diligence documents, traceability evidence, geolocations of plots, EUDR/TRACES declarations and supporting documents.
  • Billing: billing details, tax identifiers (SIREN/VAT), billing/payment history.
  • Web data: cookies/trackers, pages viewed, forms submitted, technical identifiers (see Cookie Policy).

Recipients

  • Internal Supply Logica teams (Sales/Marketing, Customer Success/Support, Operations/Product, Security, Finance) to the extent needed for their duties.
  • Our processors/tools:
    Hosting: Infomaniak
    CRM/Marketing automation: HubSpot
    Emailing: Mailchimp
    Other technical providers for security, monitoring, electronic signature, or document storage as applicable.
    The up‑to‑date list of main processors is available on request.
  • Partners/advisors involved in the service, on the client’s instructions or with an appropriate legal basis.
  • Authorities/public bodies if required by law or for the defense of rights.
    We do not share your data with partners for prospecting without an appropriate legal basis (including consent where required).

Transfers outside the EU/EEA
Some providers (e.g., Infomaniak, HubSpot, Mailchimp) may involve transfers outside the EEA. We implement appropriate safeguards (European Commission Standard Contractual Clauses and, if necessary, supplementary measures). Detailed information available on request (Art. 46 GDPR).

Retention periods

  • B2B prospects: 3 years after the last contact from the individual.
  • Clients and users: for the duration of the contract, then operational archiving for 5 years; accounting records: 10 years.
  • Technical logs (security/access): 6 to 12 months depending on purpose.
  • Data processed on behalf of clients (processor): for the duration of the contract and according to the client’s instructions; deletion/return at end of contract.

Cookie policy
A cookie is a small file stored on a user’s hard drive by a website. It is used to collect data about the user’s browsing habits and interactions with the site.
We use the following types of cookies on our site:

  • Functional cookies
    We use these to remember any selections you make on our site so they are saved for your next visits.

Your rights
Rights of access, rectification, erasure, restriction, objection (including objection to marketing), portability. You may withdraw your consent at any time where processing is based on consent.
For data processed in our capacity as processor, please address your request directly to the controller (your employer/client company). We will assist in accordance with the contract.

Exercising your rights and contact

  • Email: contact@supplylogica.com
  • Mail: Supply Logica – “Data Protection” Contact, 5 rue des Allumettes, 13090 Aix‑en‑Provence, France

Additional information
Updates: this notice may be updated; last update: 11/16/2025.

Scroll to Top