Privacy Policy

Effective Date: August 19, 2025

This policy explains how Qurium Solutions, Inc. dba Supplier.io (including “CVM” and “CVM Solutions”; collectively, “Qurium Solutions”, “Supplier.io”, “we”, “us”, or “our”) process and protect personal information and data collected via our websites (“Sites”), products, and services (“Services”), collectively referred to as “Online Services.”

This policy applies to the entire global organization of Supplier.io and complies with applicable privacy laws and other applicable state and international privacy regulations.

Registered Business Address:
Qurium Solutions, Inc. dba Supplier.io
1 Mid America Plaza, 3rd Floor
Oakbrook Terrace, IL 60181

1. Scope

This policy governs all information collected or processed via our Online Services for website visitors, customers, suppliers, and business partners worldwide. It does not apply to information collected by other means.

By using our Online Services, you accept this Privacy Policy. If you do not agree, please do not use the Online Services.

1.1 Jurisdiction-Specific Rights

Depending on your location, you may have additional rights under your local privacy laws:

Or other applicable privacy regulations in your local jurisdiction

2. Information We Collect

2.1. Categories of Personal Information

We collect information you provide through:

Typical data collected: name, email address, job title, business information, usage data, location information, interests, and page views.
We may supplement collected data with public or third-party records as allowed by law.

2.2. Business Information (For Registered Users)

For registered customers, suppliers, and partners, we may require:

2.3. Technical and Usage Information

We use automated tools (such as cookies and analytics) to collect:

2.4. Sensitive Information

We may collect sensitive information as defined by applicable laws, including:

We limit use of sensitive information to:

2.5 Special Category Data & Children’s Data

We do not intentionally collect special category (sensitive) data without clear notice and explicit, documented consent.
Our Online Services are not intended for individuals under 16 in the EU/UK, under 13 if in the US, or under the applicable age of consent in your jurisdiction. If a child’s data is discovered, it will be promptly deleted.

3. How We Collect Information

We use the following types of cookies and tracking technologies:

Essential Cookies: Required for basic site functionality (cannot be disabled)
Analytics Cookies: Help us understand site usage and performance
Marketing Cookies: Enable personalized advertising and content
Social Media Cookies: Allow social sharing and embedded content

You can manage your cookie preferences through:

We obtain your explicit consent before placing non-essential cookies, and you can withdraw consent at any time, however site functionality may be impacted.

We process your information for the following purposes with the corresponding legal bases:

A. Service Provision and Contract Performance

B. Business Operations and Analytics

C. Marketing and Advertising

D. Legal and Security

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

4.1 Legitimate Interests Assessment

Where we rely on legitimate interests, we have balanced our interests against your privacy rights. Key legitimate interests include:

5. Data Inventory, Processing, and Flow

6. Data Processing Agreements (DPAs), Subprocessors & Sharing

6.1 Current Subprocessors and Third-Party Sharing

We maintain a current list of subprocessors at https://supplier.io/terms-of-use/subprocessors.

We share personal information with third parties for the following business purposes:

Commercial purposes for sharing (California residents):

7. International Data Transfers

Your information may be stored or processed on servers outside your country, including in the United States, Canada, or India. All cross-border transfers are protected by Standard Contractual Clauses, adequacy decisions, or other recognized safeguards.

8. Data Retention and Secure Disposal

9. Data Security and Incident/Breach Management

Layered safeguards include:

9.1 Security Frameworks and Certifications

We maintain compliance with:

Data Breach Notification:
In the event of a security incident or data breach affecting your personal data, you and any required authorities will be notified promptly—as required by law (typically within 48 hours for applicable regulations). Notifications include the nature and impact of the breach, mitigation steps, and recommendations.

10. Your Rights and Choices

Depending on your jurisdiction, you have rights to:

We respond to data subject requests within the required timeframes applicable by jurisdiction.

We verify and process each data subject request for which we are the controller  promptly using reasonable verification methods including email confirmation, account authentication, or government ID verification.

If Supplier.io is acting as a data processor when fielding a data subject request then we will promptly convey your request to the applicable data controller.
Contact for all requests: [email protected] or 708-236-2000.

11. Opt-Out Rights and How to Exercise Them

You may opt out of the following at any time:

All opt-out requests are honored promptly, and your preference is recorded.

12. Roles and Responsibilities

12.1 Privacy by Design and Default

We implement privacy by design principles in all processing activities:

13. Training, Accountability, and Disciplinary Actions

All relevant staff receive annual privacy and information security training. Non-compliance is subject to investigation and disciplinary consequences, up to termination or contract revocation.

14. Accountability and Audit

We conduct regular audits and privacy policy reviews; all systems and safeguards are continually improved for compliance and transparency. Documentation is maintained to demonstrate these standards.

We are not responsible for third-party privacy practices. Please review their policies before providing information.

Customer Branded Sites, jointly operated with clients, may share your provided data with the relevant client as disclosed at registration.

16. Business Transfers

If Supplier.io is acquired or reorganized, your data will be transferred to successors under conditions guaranteeing at least equivalent privacy protection.

17. Policy Changes and Review

We review this policy annually or following major business/incidence or regulatory changes. Significant changes are posted on our sites, with the current effective date clearly indicated.

18. Contact for Data Privacy

For any privacy questions, rights requests, or complaints:

This Privacy Policy is designed to comply with global data protection laws and all other applicable laws, and applies globally throughout Supplier.io’s business operations.