bizSupplyBeta
HomePrivacy Policy

Privacy Policy

Last updated: April 1, 2026Version 1.0

This Privacy Policy applies to the bizSupply marketing website (bizsupply.ai). For information about how we handle data within the bizSupply platform and service, please see our Product Privacy Policy.

1. Controller Identification

INFOSISTEMA, SISTEMAS DE INFORMACAO, S.A. (hereinafter referred to as "Infosistema"), a company incorporated under Portuguese law, with tax identification number (NIF) 502 081 631, registered office at Rua de Salazares 842, 4149-002 Porto, Portugal, is the controller responsible for the processing of personal data collected through the bizSupply website (www.bizsupply.ai).

Infosistema has not appointed a dedicated Data Protection Officer as it does not meet the mandatory threshold under GDPR Article 37. For data protection inquiries, contact privacy@infosistema.com.

For any questions or requests regarding the processing of your personal data, you may contact us at: privacy@infosistema.com

For users in the United States, the relevant entity is Infosistema Inc., incorporated in Delaware. California residents have additional rights under the CCPA — see our Product Privacy Policy for details.

2. Information Regarding the Processing of Personal Data

Law No. 58/2019, of 8 August ("LPDP") and the General Data Protection Regulation (Regulation (EU) 2016/679 — "GDPR") ensure the protection of natural persons regarding the processing of personal data and the free movement of such data.

"Personal data" is any information, of any nature and regardless of the respective support, including sound and image, relating to an identified or identifiable natural person. An identifiable person is a person who can be identified directly or indirectly, namely by reference to an identification number or to one or more specific elements of their physical, psychological, economic, cultural, or social identity.

By reading this Privacy Policy, the User is informed about the processing of personal data carried out by Infosistema through the website bizsupply.ai and the bizSupply platform. This policy applies to all personal data collected via contact forms, demo requests, newsletter sign-ups, and general use of the bizSupply website.

The categories of personal data we may collect include:

  • Identity data: name, job title, company name
  • Contact data: email address, phone number
  • Company information: company size, industry, procurement needs
  • Usage data: pages visited, time spent on pages, navigation paths, referral sources
  • Technical data: IP address, browser type and version, device type, operating system
  • Cookie data: as described in our Cookie Policy

3. Purposes of Processing Personal Data

The personal data that we process will only be used for the following purposes:

  1. Managing the hiring of services performed through the Website, such as scheduling demos, requesting contact, and processing partnership or investment enquiries.
  2. Periodically sending electronic newsletters with news related to bizSupply services, product updates, and the procurement management sector.
  3. Managing applications submitted for the recruitment process, analysis of Curriculum Vitae and Cover Letters.
  4. Periodically sending commercial and/or promotional information related to the contracted services sector, unless the holder objects or withdraws consent.
  5. Providing information about bizSupply services, pricing, and features when requested by Clients or Potential Clients.
  6. Answering requests for contact and/or information submitted through the Website's contact forms.
  7. Anonymous and aggregated analysis of the use of services, to identify user habits and trends, to improve the services offered and meet specific User needs.
  8. Processing partner applications and managing the bizSupply partner ecosystem, including SDK access and plugin development enquiries.
  9. Compliance with national and international legal provisions or executing an order of competent judicial authorities.
  10. Fulfillment of legal obligations derived from applicable legislation on data protection, as well as the exercise of the rights of the holders, in particular, the defense of a right during a judicial process.

Infosistema guarantees the confidentiality of all data provided. Although Infosistema collects and processes personal data in a secure manner and prevents its loss or manipulation using the most appropriate techniques for this purpose, the collection of data on open networks allows the circulation of personal data without absolute security conditions, with the risk of these being seen and used by unauthorized third parties.

Failure to present the requested data marked as mandatory implies the impossibility of responding to the data subject's request.

4. Lawfulness of Processing

Infosistema handles User data:

  1. When they express their explicit and legitimate consent for the processing of their personal data for certain purposes; and/or
  2. When necessary for the performance of a contract to which the data user is a party, or for pre-contractual arrangements at the User's request;
  3. To comply with legal obligations to which Infosistema is bound;
  4. For the purpose of legitimate interests pursued by Infosistema or by third parties, unless the data subject's interests, fundamental rights and freedoms shall prevail.

The User warrants that the information provided is true, accurate, complete, and up-to-date, and is responsible for any damage or loss, direct or indirect, that may be caused because of the breach of this obligation.

If the data provided belongs to a third party, the User guarantees that they have informed the said third party of the aspects contained in this document and obtained their authorization to provide their data to Infosistema for the purposes indicated.

5. Storage Period

Infosistema only stores and processes your personal data for as long as it is necessary or mandatory to fulfill the purposes described above, applying information storage criteria appropriate to each processing and in compliance with the applicable legal and regulatory obligations.

Personal data is maintained according to the following criteria:

  • For a period of time not exceeding the pursuit of the purposes for which they were collected, provided that legal or contractual obligations do not provide otherwise;
  • To fulfill specific legal or contractual obligations;
  • When applicable and legitimate, until any request for opposition or deletion by the Data Subject;
  • Contact form submissions and demo requests: retained for a maximum of 24 months from the date of submission, unless a contractual relationship is established;
  • Newsletter subscriptions: retained until the User unsubscribes or withdraws consent.

6. Data Communication

In addition to communications made in compliance with legal obligations, the Data Subject's personal data may be known, in addition to Infosistema, by:

  • Infosistema employees and collaborators, in their capacity as authorized data processors;
  • National and international companies belonging to the same group as Infosistema;
  • Authorities in general, administrative entities and public bodies, both national and international;
  • External service providers, including cloud hosting providers, email service providers, and analytics platforms, bound by appropriate data processing agreements;

Exclusively for the purposes indicated above, in accordance with the consents granted by the data subject.

7. International Data Transfers

Infosistema may process and transfer your personal data to a country outside the European Economic Area. This will only occur upon adoption of the appropriate guarantees and the level of protection required, in accordance with the applicable legislation on personal data protection, including Standard Contractual Clauses approved by the European Commission or adequacy decisions where applicable.

In particular, the use of analytics services (such as Google Analytics) and marketing platforms (such as Meta and LinkedIn) may involve the transfer of data to the United States, subject to appropriate safeguards.

8. Information Security

Infosistema has implemented the appropriate technical and organizational security measures to ensure the security of the personal data provided by the User, in order to prevent its alteration, loss, processing and/or unauthorized access, taking into account the current state of technology, the nature of the data stored and the risks to which they are exposed.

Whenever accessing personal data, Infosistema undertakes to:

  • Store it through legally required security measures, of a technical and organizational nature, which guarantee its security, thus avoiding unauthorized alteration, loss, processing or access;
  • Use data exclusively for previously defined purposes;
  • Implement physical security measures to protect the facilities;
  • Ensure that data is processed only by employees and collaborators whose intervention is essential, who are bound by the duty of secrecy and confidentiality;
  • Encrypt data in transit using TLS/SSL protocols and apply appropriate encryption at rest where technically feasible.

If Infosistema subcontracts to other entities the provision of services that involve the transfer of personal data, these entities will be obliged to adopt the necessary technical and organizational measures to protect personal data against destruction, loss, alteration, disclosure, unauthorized access, or any other unlawful processing.

9. Your Rights

In accordance with the provisions of the GDPR, Users may exercise the following rights regarding their personal data:

  • Right of access: obtain confirmation as to whether your personal data is being processed and, if so, access to that data;
  • Right to rectification: request the correction of inaccurate personal data or the completion of incomplete data;
  • Right to erasure: request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected;
  • Right to restriction of processing: request the restriction of processing in certain circumstances;
  • Right to data portability: receive your personal data in a structured, commonly used and machine-readable format;
  • Right to object: object to the processing of your personal data for reasons related to your particular situation;
  • Right to withdraw consent: withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at: privacy@infosistema.com

Infosistema will respond to your request within 30 days. In complex cases, this period may be extended by an additional 60 days, in which case you will be informed of the extension and the reasons for the delay.

10. Data Protection Authority

The User also has the right to submit a complaint to the National Data Protection Commission (CNPD) in relation to matters relating to the exercise of their rights and the protection of their personal data, through the following website: www.cnpd.pt.

11. Third Party Pages

The Website may contain advertising, links or other content that link or redirect to pages and services of suppliers, advertisers, affiliates, sponsors and other third parties. Infosistema does not control the content or links that appear on these pages and is not responsible for the practices used by these pages or websites.

The search or interaction on any other website, including those that have an external link to the Website, are subject to the terms and conditions of that website. Infosistema will not be responsible for such access and use in any case.

12. Privacy Policy Changes

Infosistema reserves the right to revise this Policy at any time it deems appropriate. Any changes will be published on this page with an updated "Last updated" date. It is recommended that users check this privacy policy regularly and/or each time they access the Website to stay informed of any updates.

See also:Cookie PolicyTerms of Use
Part of the Joyn Group ecosystem