Privacy Policy

1. Information We Collect

For the purposes of this Policy, "Personal Data" (or "Personal Information") means any information relating to an identified or identifiable natural person, as defined under applicable data protection laws such as the General Data Protection Regulation (GDPR) (EU) 2016/679 and the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). We collect Personal Data from various sources and in different contexts, as detailed below.

A. Data Provided Directly by Clients and Website Users

• Account and Registration Data: When You create an Account, register for Our Services, or contract with Us, We collect information such as the name, email address, phone number, job title, and company name of Your designated personnel, as well as billing and payment information.
• Communications Data: If You contact Us for support, inquiries, demonstrations, or to provide feedback, We collect the information You provide in such communications, including email content, chat logs, and survey responses.
• Marketing Preferences: We collect information regarding Your preferences for receiving marketing communications from Us.

B. Data Processed by MPL Risk on Behalf of Its Clients

• Vendor and Third-Party Data ("Client-Directed Data"): Our Services involve the processing of Personal Data related to Your vendors, suppliers, customers, and other third parties that You (Our Client) upload, input, connect, or otherwise make accessible to the MPL Risk Platform. This Client-Directed Data is processed by Us on Your behalf and according to Your instructions for the purpose of performing vendor diligence, risk assessments, and compliance monitoring.
• Data from Client's Integrated Systems: As part of the Services, and as directed and authorized by You, We may access and process information, including potential Personal Data, from Your existing procurement systems, legal platforms, financial systems, and compliance tools.

C. Data Collected Automatically

• Log Data: When You interact with Our Site or Platform, Our servers automatically record information, which may include Your Internet Protocol (IP) address, browser type and settings, operating system, referring/exit pages, date and time stamps, and clickstream data.
• Device Information: We may collect information about the device You use to access Our Site or Platform, such as device type, model, and unique device identifiers.
• Usage Data: We collect information about how You and Your Authorized Users interact with Our Services, such as features accessed, time spent on pages, actions taken within the Platform, and performance metrics.
• Cookies and Similar Technologies: We use cookies, web beacons, pixels, and other similar tracking technologies to collect certain information automatically.

D. Data from Third-Party Sources

In the course of providing Services to Our Clients, We may obtain information about vendors and other third parties from publicly accessible sources and commercial third-party data providers. This data is used to enrich vendor profiles, perform risk assessments, and conduct due diligence as instructed by Our Client.

2. How We Use Your Information

We use the information we collect to provide, maintain, and improve our services:

• To provide and operate the MPL Risk platform
• To process vendor compliance data and generate insights
• To communicate with you about our services
• To provide customer support and respond to inquiries
• To improve our services and develop new features
• To ensure security and prevent fraud
• To comply with legal obligations

3. Legal Basis for Processing Personal Data

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. We will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.

4. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share information in limited circumstances:

• With service providers who assist in operating our platform
• When required by law or to protect our rights
• In connection with a business transaction (merger, acquisition, etc.)
• With your explicit consent

All third-party service providers are bound by confidentiality agreements and security requirements.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Data encryption in transit and at rest
• Regular security assessments and monitoring
• Access controls and authentication measures
• SOC 2 compliance standards
• Secure cloud infrastructure with enterprise-grade security

Your data is stored in secure, geographically distributed data centers with redundancy and backup systems.

6. Data Retention

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible, then we will securely store your personal information and isolate it from any further processing until deletion is possible.

7. International Data Transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country. We have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy.

8. Your Data Protection Rights

You have certain rights regarding your personal information:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request transfer of your data
• Restriction: Limit how we process your information
• Objection: Object to certain types of processing

To exercise these rights, please contact us using the information provided below.

9. Cookies and Similar Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform:

• Essential cookies for platform functionality
• Analytics cookies to understand usage patterns
• Preference cookies to remember your settings
• Security cookies to protect against fraud

You can control cookie settings through your browser preferences, though this may affect platform functionality.

10. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information from our files.

11. Links to Other Websites

Our Site may contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third party sites or services.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "effective date" at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us: