Privacy Policy

Your privacy is important to us. This Privacy Policy explains how IT Vendor Hub LLC (“Company,” “we,” “us,” or “our”), operating vendorscoreit.com, collects, uses, protects, and shares your personal information. We are committed to respecting your privacy and complying with all applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR) for our European users and the California Consumer Privacy Act (CCPA) for our California users, where applicable.

By using our Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect various types of personal data to provide and improve our Service. This includes:

  • Information You Provide Directly:
    • Account Information: Name, email address, physical address, phone number, company name and job title.
    • Content Data: Any data, information, or materials you upload, create, or share within the Service (e.g., vendor scores, assessment data, contract information).
    • Communications: Information you provide when you contact us for support, inquiries, or feedback.
  • Information Collected Automatically:
    • Device and Usage Data: IP address, location data, device type, operating system, browser type, unique device identifiers, and information about how you interact with our Service (e.g., pages visited, features used, time spent, clickstream data).
    • Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see our Cookie Policy for more details).

2. How We Collect Information

We collect personal information through various methods:

  • Directly from You: When you register for an account, fill out forms, make payments, or communicate with us.
  • Automatically: Through your use of the Service, including activity-tracking cookies and server logs.
  • From Third Parties: We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources, such as analytics providers or payment processors.

3. How We Use Your Information

We use the collected personal information for the following legitimate purposes:

  • To Provide and Maintain the Service: To operate, deliver, and improve vendorscoreit.com’s functionalities, process transactions, manage your account, and provide customer support.
  • To Personalize Your Experience: To tailor the Service to your preferences, provide personalized recommendations, and enhance user experience.
  • For Communication: To send you service-related notifications, updates, security alerts, and administrative messages. If you opt-in, we may also send you marketing communications.
  • For Analytics and Improvement: To understand how users interact with our Service, monitor usage patterns, perform data analysis, and identify areas for improvement. We may use anonymized or aggregated data for these purposes.
  • For Security and Fraud Prevention: To detect, prevent, and address technical issues, security incidents, and fraudulent activities.
  • To Comply with Legal Obligations: To meet legal, regulatory, and compliance requirements, such as tax obligations or responding to lawful requests from public authorities.

4. How We Share Your Information

We may share your personal information with third parties in the following circumstances:

  • With Service Providers: We engage trusted third-party service providers to perform functions on our behalf, such as payment processing, cloud hosting (e.g., AWS), analytics, customer support, and marketing. These providers are contractually obligated to protect your data and use it only for the purposes for which we disclose it to them.
  • For Legal Reasons: We may disclose your information if required by law, subpoena, or other legal process, or if we reasonably believe that such action is necessary to (a) comply with a legal obligation, (b) protect and defend the rights or property of IT Vendor Hub LLC, (c) prevent or investigate possible wrongdoing in connection with the Service, (d) protect the personal safety of users of the Service or the public, or (e) protect against legal liability.
  • Business Transfers: In connection with a merger, acquisition, asset sale, or other business transaction, your personal information may be transferred as part of the assets. We will notify you before your personal information is transferred and becomes subject to a different Privacy Policy.
  • With Your Consent: We may share your information with third parties when we have your explicit consent to do so.

5. Data Security

We are committed to protecting your personal information. We implement and maintain appropriate technical and organizational measures to protect your data from unauthorized access, loss, misuse, alteration, or destruction. These measures include:

  • Encryption: Using encryption protocols for data in transit and at rest.
  • Access Controls: Implementing role-based access permissions and multi-factor authentication to limit access to sensitive data to authorized personnel only.
  • Secure Server Storage: Storing data on secure servers (e.g., AWS) with robust security features.
  • Regular Security Audits: Conducting regular security assessments, penetration testing, and vulnerability management.
  • Incident Response Plan: Maintaining defined procedures for personal data breaches and security incidents.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services (e.g., not making your personal information publicly available via our platform).

6. Data Storage and Retention

We keep your personal information only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, or as required by law. This period may depend on the type of data and its purpose.

  • Location: Your data is primarily stored on Amazon Web Services (AWS) servers in the AWS Region selected by IT Vendor Hub LLC. AWS commits to not processing customer data outside the selected region unless necessary for providing services initiated by the customer or to comply with legal requirements.
  • Deletion: We have procedures in place for the secure deletion or anonymization of data when it is no longer needed, including at your request or upon account termination, unless legal requirements necessitate longer retention (e.g., for tax purposes).

7. Your Rights

Depending on your location and applicable data protection laws (e.g., GDPR, CCPA), you may have the following rights regarding your personal data:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure (Right to Be Forgotten): You have the right to request the deletion of your personal data under certain conditions.
  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to Object: You have the right to object to our processing of your personal data under certain conditions.
  • Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us using the contact details provided below. We will respond to your request in accordance with applicable law.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Effective Date” at the top. For significant changes, we may provide more prominent notice (e.g., via email or in-app notification). We encourage you to review this Privacy Policy periodically for any changes.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]