Privacy policy

SourcingPick SAS, headquartered in France, is the controller of personal data collected via the platform. To exercise your rights or contact our Data Protection Officer: dpo@sourcingpick.com.

Account data: first name, last name, email, phone, preferred language, role, and parent organisation.

Organisation data: legal name, registration number, VAT number, address, bank details, KYC documents.

Usage data: login history, requests created, quotes received, orders, messages exchanged.

Contract performance: delivery of the sourcing service, processing of orders and payments.

Legal obligations: KYC compliance, anti-money-laundering, invoicing, accounting retention.

Legitimate interest: platform security, fraud prevention, service improvement.

Consent: audience measurement, marketing communications (where you explicitly opt in).

We share certain data with technical service providers under contract (hosting, email, payments, KYC) acting as processors under GDPR.

We never sell your data. We may be required to disclose it to competent authorities under legal obligation.

Account data: kept while your account is active, then archived for 3 years after the last transaction.

KYC documents: kept for 5 years after the end of the business relationship, per AML-CFT obligations.

Invoicing data: kept for 10 years, per the French Commercial Code.

You have rights of access, rectification, erasure, restriction, portability, and objection regarding your personal data. You can exercise these from your settings or by writing to dpo@sourcingpick.com.

In case of disagreement, you may lodge a complaint with the CNIL (www.cnil.fr).

Our primary infrastructure is hosted in the European Union. When processing an order involves partners outside the EU, we apply the European Commission's Standard Contractual Clauses to govern the transfers.

Our use of cookies is detailed in our dedicated cookies policy.

Sensitive data (passwords, IBANs, KYC documents) are encrypted at rest. Access is restricted on a need-to-know basis and logged. Two-factor authentication is mandatory for Admin accounts.

Data Protection Officer: dpo@sourcingpick.com.