PRIVACY POLICY

Effective date: 11 February 2026
Last updated: 24 February 2026

1. Company Details (Data Controller)

This Privacy Policy applies to the services operated by:

Legal entity: Ventiere Ltd
Trading name: Ventiere
Company number: 17026297
Registered address: 128 City Road, London, England, EC1V 2NX, United Kingdom
Operating address: Same as registered address

Privacy contact email: privacy@ventiere.com
General enquiries: info@ventiere.com
Supplier relations: suppliers@ventiere.com
Marketplace communication (buyer–supplier coordination): trade@ventiere.com
Executive contact: ceo@ventiere.com

For the purposes of UK GDPR and EU GDPR:

Ventiere acts as:

• Data Controller — when operating the platform, verifying businesses and managing accounts
• Data Processor — when transmitting information on behalf of users (e.g., RFQs containing third-party contact details)

Lead supervisory authority: UK Information Commissioner’s Office (ICO)

2. Role of Ventiere

Ventiere operates a business-to-business sourcing and introduction platform that connects independent buyers and suppliers.

Unless explicitly agreed in a separate written agreement, Ventiere:

• does not manufacture, own, store, purchase, sell, import or export goods
• is not a party to contracts formed between users
• does not act as agent, distributor, broker, or representative of either party
• does not guarantee performance, delivery, quality, legality, certification validity, or payment between users

Our services are limited to providing tools that facilitate commercial interaction, including:

• supplier discovery and listing
• buyer-supplier introductions
• communication facilitation
• verification assistance
• record-keeping support for dispute review
• future transaction support features (such as escrow or order protection, if introduced)

Independent Parties

When users exchange contact details or enter into direct communication, each party acts as an independent data controller and independent contracting party.

Ventiere has no control over how users subsequently use personal data, conduct negotiations, or fulfil contractual obligations.

Users are solely responsible for:

• the accuracy of information they provide
• compliance with applicable laws and regulations
• performance of contracts they enter
• handling of personal data obtained from other users

No Fiduciary Relationship

Use of the platform does not create any partnership, joint venture, employment, fiduciary or agency relationship between Ventiere and any user.

Limitation of Operational Responsibility

Ventiere may assist communication and retain records to help resolve disputes, however Ventiere:

• does not adjudicate disputes as a court or arbitrator
• does not enforce contracts between users
• is not responsible for losses arising from transactions conducted between users

Future Transaction Tools

If Ventiere introduces optional services such as escrow, payment facilitation, verification badges or order protection, those services will be governed by separate terms and may involve regulated third-party providers.

3. Scope of this Policy

This Privacy Policy applies to all individuals and organisations that interact with the Ventiere platform, including:

• website visitors
• prospective users and leads
• registered buyers
• registered suppliers
• company representatives, employees and agents acting on behalf of businesses
• partners, contractors and communication participants

The Platform is intended strictly for business and professional use.
Ventiere primarily processes information relating to individuals acting in a professional or commercial capacity rather than as private consumers.

This Policy applies to data collected through:

• our website and web pages on our domains
• embedded and linked forms (including Airtable forms)
• onboarding and verification forms
• RFQ submission and communication tools
• email, messaging, phone and video communications
• document uploads and attachments
• cookies and tracking technologies
• third-party integrations used to operate the Platform
• offline interactions where information is later stored in our systems

Where local law provides additional protections, those requirements will apply in addition to this Policy.

4. Definitions

For the purposes of this Privacy Policy:

“Personal Data” means any information relating to an identified or identifiable natural person, including names, contact details, identification numbers, location data or online identifiers.

“Business Data” means information relating to a company or organisation that does not identify a natural person directly, such as company registration details, production capacity or certifications.

“Processing” means any operation performed on data, including collection, recording, storage, organisation, structuring, retrieval, use, disclosure, transmission, restriction or deletion.

“Controller” means the entity that determines the purposes and means of processing personal data.

“Processor” means an entity that processes personal data on behalf of a controller.

“User” means any individual or organisation accessing or interacting with the Platform.

“Buyer” means a user seeking suppliers, quotations or procurement opportunities.

“Supplier” means a user offering goods, manufacturing capability or services.

“RFQ” (Request for Quotation) means a request submitted by a buyer describing a sourcing requirement.

“Platform” means the Ventiere website, forms, systems, communication tools and related services used to facilitate business interactions.

“Verification” means checks performed to assess authenticity of business identity, documentation or compliance information.

“Counterparty” means another user with whom a user communicates or transacts through or after introduction via the Platform.

Where terms are defined by applicable data protection law, those legal definitions shall prevail.

5. Information We Collect

We collect only information reasonably necessary to operate a trusted business-to-business sourcing platform.
The categories below describe all data we currently collect and may collect as our services expand.

5.1 Identity and Professional Contact Information

We may collect:

• full name of contact person or authorised representative
• job title or role (e.g., director, sourcing manager, export manager)
• business email addresses and alternative contact emails
• phone numbers and WhatsApp numbers (including country codes)
• company legal name and trading name
• company website and professional social profiles (such as LinkedIn)
• postal addresses including registered office, operational and shipping addresses
• IP address, browser type, operating system and device identifiers

5.2 Business and Company Information

Collected during onboarding and verification:

• company registration or incorporation number
• tax identifiers (VAT, GST, TIN, EORI or equivalents)
• export/import licence details
• chamber of commerce or registration certificates
• production locations and factory addresses
• employee size and production capacity
• minimum order quantities and lead times
• manufacturing capabilities (OEM/ODM/private label)
• export markets served
• references, awards and business credentials

5.3 Buyer RFQ and Commercial Requirement Information

When buyers submit sourcing requests:

• product specifications and technical descriptions
• quantities and target budgets
• packaging requirements
• delivery deadlines and delivery locations
• incoterms preferences (EXW, FOB, CIF, DDP etc.)
• payment preferences and sampling requirements
• attachments such as drawings, spreadsheets, images and documents

5.4 Supplier Operational and Logistics Information

• shipping methods and logistics preferences
• inspection acceptance and quality control procedures
• audit reports and prior shipment documentation
• factory photos and videos

Uploaded images may contain embedded metadata such as location data which may be used for verification purposes.

5.5 Certifications and Compliance Records

We may process certifications including but not limited to:

quality standards, safety standards, social compliance certifications, environmental certifications, product safety approvals, halal/kosher certifications and similar documentation.

Any certification provided by users may be stored and used for verification and matching.

5.6 Uploaded Documents and Files

Users may upload documents which can contain additional personal data, including:

• company profiles, brochures and catalogues
• registration and tax documents
• audit and inspection reports
• shipping and customs documents
• product test reports
• photographs or videos of facilities or personnel

Users confirm they have authority to share all uploaded content.

5.7 Communications and Support Interactions

We record interactions such as:

• emails and correspondence
• call notes or meeting summaries
• support requests and CRM records
• onboarding discussions

These may be retained as evidence in case of disputes, fraud investigation or compliance review.

5.8 Usage and Technical Data

Automatically collected data:

• pages visited and time spent
• referring URLs and campaign parameters
• system logs and diagnostic data
• cookie identifiers and analytics information

5.9 Derived and Risk-Related Data

We may generate internal assessments such as:

• supplier reliability indicators
• buyer seriousness indicators
• matching compatibility scores
• duplicate account detection flags
• fraud risk indicators

These are used only to operate and secure the Platform.

5.10 Financial Information (When Payment Features Are Introduced)

Where applicable:

• billing details
• bank account details
• payment preferences

Payment card data is processed only by regulated third-party payment providers and not stored by Ventiere.

5.11 Sensitive Data and Children

We do not intentionally collect special category personal data (such as health, religion or biometric data).
If such data is included within uploaded documents, access is restricted and processed only where necessary.

The Platform is not intended for persons under 18 years of age.

5.12 Data Accuracy Responsibility

Users are solely responsible for the accuracy, completeness, and legality of all information submitted to the Platform. Ventiere does not verify all submitted information and shall not be liable for errors, omissions, or misrepresentations made by any user.

6. How We Collect Information

We collect information from several sources depending on how you interact with the Platform.

6.1 Information Provided Directly by Users

You provide information when you:

• complete onboarding or verification forms
• submit RFQs or sourcing requests
• upload documents or attachments
• communicate with us via email, phone, messaging or video
• participate in onboarding calls or meetings
• provide information during dispute resolution or support requests

6.2 Information Collected Automatically

When you access the Platform we automatically collect certain technical information through cookies and similar technologies, including:

• device and browser information
• IP address and approximate location
• pages visited and actions performed
• session duration and timestamps
• diagnostic and security logs

6.3 Information from Third Parties

We may obtain information from:

• public company registries and official databases
• certification or compliance databases
• sanctions and denied-party screening databases
• identity and verification service providers
• payment and financial service providers
• logistics, inspection or audit partners
• referrals from existing users acting on behalf of their organisations

6.4 Information from Counterparties

Users may share information about their employees, representatives or colleagues during communication or negotiation.

Where a user provides personal data relating to another person, that user confirms they have authority to share it.

6.5 Offline Collection

We may collect information during trade events, meetings, calls or other offline interactions and later add it to our systems.

We collect data only to the extent reasonably necessary to operate and secure the Platform.

7. Purposes and Legal Basis of Processing

We process Personal Data only where we have a valid legal basis under applicable data protection law.

7.1 Platform Access and Account Management

Purpose:
Create and manage user accounts, enable onboarding, maintain profiles and allow use of platform features.

Legal basis:
Performance of a contract; legitimate interests in operating a business platform.

7.2 Business Verification and Trust & Safety

Purpose:
Verify company identity, assess authenticity of documents, prevent fraud and maintain a trustworthy marketplace.

Legal basis:
Legitimate interests in preventing fraud and protecting users; legal obligations where applicable.

7.3 Matching Buyers and Suppliers

Purpose:
Recommend suitable counterparties and facilitate introductions based on RFQ requirements and supplier capability.

Legal basis:
Performance of a contract; legitimate interests in operating a sourcing platform.

7.4 Communication and Transaction Facilitation

Purpose:
Transmit messages, coordinate discussions, and maintain records of interactions to support business transactions.

Legal basis:
Performance of a contract; legitimate interests in enabling commercial interaction.

7.5 Compliance, Legal Obligations and Regulatory Requirements

Purpose:
Conduct sanctions screening, anti-fraud checks, recordkeeping and respond to lawful requests from authorities.

Legal basis:
Legal obligation; legitimate interests in legal compliance.

7.6 Platform Security and Abuse Prevention

Purpose:
Detect suspicious behaviour, prevent misuse, and protect system integrity.

Legal basis:
Legitimate interests in protecting the platform and its users.

7.7 Analytics and Service Improvement

Purpose:
Understand usage patterns, improve functionality and performance, and troubleshoot issues.

Legal basis:
Legitimate interests; consent where required for non-essential cookies.

7.8 Business Communications and Outreach

Purpose:
Contact users regarding relevant services, onboarding assistance, opportunities or platform updates.

Legal basis:
Legitimate interests for business-to-business communications; consent where legally required.

Users may opt out at any time by contacting: privacy@ventiere.com

7.9 Marketing Communications

Purpose:
Send newsletters, announcements or promotional material where appropriate.

Legal basis:
Consent where required by law; legitimate interests for existing business relationships where permitted.

7.10 Dispute Handling and Evidence Retention

Purpose:
Maintain records of interactions to investigate complaints, prevent fraud and support dispute resolution.

Legal basis:
Legitimate interests; legal obligations where applicable.

7.11 Future Payment or Protection Services

Purpose:
If introduced, facilitate escrow, order protection or payment-related services through regulated providers.

Legal basis:
Performance of a contract; legal obligation; legitimate interests in secure transactions.

We will not use personal data for purposes incompatible with those described above.

8. Business Communications (UK PECR & Similar Laws)

Ventiere operates a business-to-business platform and communicates primarily with individuals acting in a professional capacity on behalf of organisations.

We may contact users and prospective users by email, phone, messaging platforms (including WhatsApp) or professional networking platforms (such as LinkedIn) where permitted by applicable electronic communications laws.

Such communications may include:

• onboarding assistance
• responses to enquiries
• relevant sourcing opportunities
• supplier or buyer introductions
• platform service updates
• verification requests
• operational notifications

We rely on legitimate interest for business-to-business communications where:

• the contact relates to the recipient’s professional role
• the message is relevant to their business activities
• the sender is clearly identified
• a clear opt-out method is provided

We do not send unsolicited marketing communications to private individual consumers.

Recipients may opt out of communications at any time by:

• replying to the message requesting removal, or
• contacting: privacy@ventiere.com

We will honour opt-out requests within a reasonable timeframe and maintain suppression records to avoid further contact.

Transactional and operational communications necessary for platform use (such as account, verification or RFQ updates) may still be sent where required to provide the service.

9. Identity Verification & Compliance Checks

Ventiere operates as a curated B2B sourcing and procurement platform. To maintain marketplace integrity, reduce fraud risk, and improve transaction confidence, we conduct internal business verification and compliance screening on companies applying to join the platform.

9.1 Business Verification

Before a supplier or buyer is approved on Ventiere, we may request documentation including but not limited to:

• Company registration certificate
• VAT / Tax identification number
• Registered business address confirmation
• Company website or business presence verification
• Identity confirmation of authorised representative
• Proof of manufacturing, trading, or operational activity

Submission of documentation does not guarantee approval. Applications are manually reviewed and Ventiere reserves full discretion over acceptance.

9.2 Ongoing Monitoring

Approved companies may be periodically re-evaluated to ensure marketplace reliability. We may:

• Re-confirm business details
• Request updated documentation
• Suspend inactive or suspicious accounts
• Restrict listings pending clarification

Failure to cooperate may result in removal from the platform.

9.3 Compliance & Sanctions Screening

To protect platform users and comply with international trade practices, Ventiere may screen companies against:

• Public sanctions and restricted party lists
• Fraud indicators and suspicious activity patterns
• Trade compliance risk signals

Ventiere does not provide legal compliance certification and verification should not be interpreted as a guarantee of legitimacy.

9.4 Not a Financial KYC Service

Ventiere is a marketplace facilitator — not a bank, escrow institution, or regulated financial intermediary.

Our verification process is conducted solely for platform trust and risk reduction purposes.
Users must perform their own due diligence before entering commercial agreements.

9.5 Data Usage

Documents submitted for verification are used only for:

• Identity validation
• Risk assessment
• Fraud prevention
• Platform safety

They are securely stored and are not publicly visible or shared with other users unless legally required.

9.6 Platform Responsibility Limitation

While we aim to onboard reliable businesses, Ventiere cannot guarantee:

• Financial solvency
• Product quality
• Contract performance
• Delivery execution

All transactions remain agreements directly between participating businesses.

9.7 No Reliance on Verification

Any verification, screening, or review conducted by Ventiere is performed solely for platform risk-reduction purposes.

Such verification does not constitute endorsement, certification, guarantee of legitimacy, financial stability, product quality, regulatory compliance, or contractual performance.

Users must independently perform their own due diligence before entering into any transaction or agreement.

10. Trade Compliance & Sanctions Screening

Ventiere supports responsible international trade and aims to prevent misuse of the platform for unlawful or restricted commercial activities.

To protect users and maintain marketplace integrity, we apply risk-based trade compliance checks on businesses, transactions, and listed goods.

Each party is solely responsible for ensuring compliance with import/export regulations, customs declarations, product certifications, duties, taxes, and local legal requirements applicable to their transaction.

Ventiere does not act as importer, exporter, broker, declarant, or agent unless expressly agreed in writing.

10.1 Restricted Parties Screening

Ventiere may screen companies and authorised representatives against publicly available restricted and denied party lists, including but not limited to:

• UK sanctions lists
• EU consolidated sanctions lists
• UN sanctions lists
• Other internationally recognised restricted party databases

Access to the platform may be refused, limited, or terminated where a match or high-risk indicator is detected.

10.2 Prohibited Trade Activities

Users may not use Ventiere to request, offer, source, or facilitate trade involving:

• Sanctioned countries, regions, organisations, or individuals
• Goods prohibited under export or import regulations
• Dual-use items requiring export licences without proper authorisation
• Counterfeit, stolen, or illegally obtained products
• Materials restricted by international trade law

Users are solely responsible for ensuring their transactions comply with applicable laws in both exporting and importing jurisdictions.

10.3 Goods & Documentation Compliance

Where relevant, Ventiere may request additional information relating to listed products, including:

• Product specifications
• Country of origin
• Certification or regulatory documentation
• End-use declarations

Failure to provide requested information may result in listing removal or account restriction.

10.4 Risk-Based Monitoring

Ventiere may monitor platform activity to detect potential compliance risks, including:

• Unusual trading patterns
• High-risk jurisdictions
• Attempts to bypass platform processes
• Misrepresentation of goods or origin

Such monitoring is conducted for platform safety and does not constitute regulatory supervision.

10.5 No Legal Advice or Export Clearance

Ventiere does not provide export licensing, customs clearance, or legal compliance certification.

Participation on the platform does not confirm that a business, product, or transaction complies with trade regulations.

Each user must independently verify all legal requirements before proceeding with any transaction.

10.6 Right to Suspend

Ventiere reserves the right, at its sole discretion, to:

• Remove listings
• Suspend accounts
• Block transactions
• Request additional verification

where compliance concerns arise.

11. Data Sharing Between Users

Ventiere operates as a business-to-business sourcing and introduction platform.
By using the platform, users acknowledge and agree that certain business information will be shared with other users to enable commercial communication and transactions.

11.1 Purpose of Sharing

Ventiere may share relevant business contact information between buyers and suppliers where necessary to:

• Respond to a request for quotation (RFQ)
• Enable direct commercial discussions
• Coordinate product sourcing or supply
• Facilitate negotiations and order fulfilment
• Provide post-introduction communication

This sharing forms a core function of the platform.

11.2 Types of Data Shared

The information shared may include:

• Company name
• Contact person name
• Business email address
• Business phone or WhatsApp number
• Company website
• Product or service details
• Commercial requirements and specifications

Personal private data unrelated to business activity is not intentionally shared.

11.3 Legal Basis (GDPR)

The legal basis for this data sharing is:

Performance of a contract — to provide the marketplace introduction service requested by the user
Legitimate interests — enabling B2B trade connections and commercial negotiations

By submitting an RFQ, enquiry, listing, or onboarding form, users explicitly request this sharing.

11.4 User Responsibility After Introduction

Once an introduction is made:

• Parties communicate directly outside Ventiere systems
• Each party becomes an independent data controller
• Ventiere is not responsible for how another business uses shared data

Users must handle received data in accordance with applicable data protection laws.

11.5 Misuse of Contact Information

Users may not:

• Send spam or unrelated marketing
• Sell or redistribute obtained contact details
• Add contacts to mailing lists without consent
• Use information for purposes unrelated to the requested trade enquiry
• Bypass the Platform to avoid service fees, commissions, or platform protections where an introduction was made through Ventiere.

Violations may result in account suspension or permanent removal.

11.6 Withdrawal of Sharing

Users may request removal of their business profile from future introductions at any time by contacting:

privacy@ventiere.com

Past introductions cannot be undone where data has already been shared.

11.7 Anti-Scraping & Database Protection

Users may not systematically extract, scrape, harvest, copy, download, store, or reuse platform data, listings, profiles, or contact information to create or support competing databases, directories, lead lists, or marketplaces without written permission from Ventiere.

11.8 Communication Relay Liability

Where Ventiere relays communications between users, Ventiere acts solely as a technical transmission intermediary and does not review, modify, endorse, or assume responsibility for the content of such communications.

Ventiere does not guarantee the authenticity, security, or integrity of external email communications once transmitted outside the Platform.

Users are responsible for independently verifying bank details, payment instructions, and identity changes communicated via email to prevent fraud, impersonation, or payment diversion scams.

12. Processor Role (Third-Party Data Uploaded by Users)

In certain circumstances, users may upload or submit personal or business contact information relating to third parties, such as employees, representatives, customers, or suppliers.

In these situations, Ventiere acts solely as a data processor on behalf of the submitting user, who remains the data controller.

12.1 User Responsibility

The user uploading the data confirms that they:

• Have lawful authority to share the information
• Have provided any required privacy notices
• Have obtained consent where legally required
• Comply with applicable data protection laws

Ventiere does not verify whether such permissions exist.

12.2 Processing Purpose

Ventiere processes uploaded third-party data only to provide requested platform services, including:

• RFQ handling and matching
• Business introductions
• Communication facilitation
• Supplier or buyer coordination

The data is not used for Ventiere’s own independent marketing purposes.

12.3 Controller Relationship

For third-party data:

• The uploading user = Data Controller
• Ventiere = Data Processor

After contact details are shared between businesses, each party becomes an independent data controller for further communications.

12.4 No Liability for Uploaded Data

Ventiere is not responsible for:

• Accuracy of uploaded information
• Legality of collection
• Consent status of the individual
• Subsequent use by the uploading user

Any claims arising from improper data sharing must be directed to the user who provided the data.

12.5 Removal Requests

If an individual believes their data has been uploaded without lawful basis, they may contact:

privacy@ventiere.com

We may restrict or remove the data while reviewing the request.

13. Automated Processing & AI Assistance

Ventiere may use automated systems and algorithmic tools to support marketplace functionality and improve matching between buyers and suppliers.

These tools assist platform operations but do not replace human judgement in commercial decisions.

13.1 Purpose of Automation

Automated processing may be used to:

• Categorise supplier capabilities
• Match RFQs with relevant suppliers
• Prioritise enquiries
• Detect incomplete or inconsistent submissions
• Identify potential compliance risks
• Improve platform efficiency and response time

The system provides recommendations only.

13.2 No Automated Decision-Making

Ventiere does not make legally binding or significant business decisions solely through automated processing.

Specifically:

• We do not automatically approve or reject contracts
• We do not automatically enforce transactions
• We do not make credit or legal determinations
• Final commercial decisions are made by users

Human review may occur where necessary.

13.3 AI-Generated Suggestions

The platform may generate suggested matches, recommendations, or insights based on submitted information.

Automated recommendations may prioritise relevance but do not rank businesses by quality, reputation, or reliability.

These suggestions:

• Are informational only
• May not be complete or accurate
• Should not be treated as professional, legal, financial, or trade advice

Users remain responsible for independent verification.

13.4 User Rights

Where required by law, users may request:

• Explanation of automated processing logic (high-level)
• Human review of a platform action affecting access
• Correction of inaccurate input data

Requests can be submitted to:

privacy@ventiere.com

13.5 No Profiling for Personal Characteristics

Ventiere does not use automated processing to evaluate individuals based on personal characteristics such as race, religion, health status, or political beliefs.

Processing relates only to business and commercial relevance.

14. International Transfers

Due to the global nature of business sourcing, information submitted to Ventiere may be transferred to and accessed by businesses located outside the United Kingdom and European Economic Area (EEA).

By using the platform, users acknowledge that cross-border communication is an essential function of the service.

14.1 Transfer Purpose

International transfers occur when:

• A buyer contacts a supplier located in another country
• A supplier responds to an enquiry from a foreign business
• Contact details are shared for commercial discussions
• Platform infrastructure providers process data globally

These transfers are necessary to provide the marketplace introduction service.

14.2 Countries Without Adequacy Decisions

Some recipient countries may not provide the same level of data protection as UK or EU law.

Where this occurs, Ventiere relies on appropriate safeguards such as:

• Contractual necessity for the requested service
• User-initiated communication
• Standard contractual protections where applicable
• Business-to-business communication expectations

Users understand that international trade inherently requires cross-border data exchange.

14.3 User Responsibility

By submitting an enquiry, listing, or onboarding form, users intentionally request contact with businesses in other jurisdictions.

Users should only submit information appropriate for professional business communication.

Sensitive personal data should not be shared through the platform.

14.4 Third-Party Providers

Some service providers used to operate the platform may process data outside the UK/EEA.

These providers are selected based on security and reliability standards appropriate for commercial services.

14.5 Risk Acknowledgement

International communications may carry different legal protections depending on the recipient country.

Ventiere cannot guarantee enforcement of foreign data protection rights once data is shared with another independent business.

15. Third-Party Processors

Ventiere uses carefully selected third-party service providers to operate, secure, and improve the platform.
These providers process data only on our instructions and only where necessary to deliver the service.

15.1 Categories of Processors

We may use processors providing services such as:

• Cloud database and form infrastructure
• Website hosting and content delivery
• Email communication systems
• Analytics and performance monitoring
• Security and fraud prevention
• Customer communication tools
• Document storage and internal administration

These services support the functioning of the marketplace and do not receive data for their own independent commercial purposes.

15.2 Processing Safeguards

All processors are required to:

• Process data only under contractual obligations
• Maintain confidentiality
• Apply appropriate technical and organisational security measures
• Not sell or misuse the information
• Comply with applicable data protection laws

Where required, data processing agreements are in place.

15.3 International Processing

Some processors may operate internationally and may access data from outside the UK or EEA.

Where applicable, appropriate safeguards are relied upon, including contractual protections and security standards suitable for commercial services.

15.4 Sub-processors

Processors may use sub-processors to provide infrastructure services (such as cloud hosting providers).

They remain responsible for ensuring equivalent data protection obligations are applied.

15.5 No Sale of Data

Ventiere does not sell personal data to third parties.

Processors are service providers only and cannot use the information for advertising resale or independent marketing.

16. Data Retention & Deletion

Ventiere retains information only for as long as necessary to operate the platform, maintain business records, resolve disputes, and comply with legal obligations.

Retention periods vary depending on the type of information and purpose of processing.

16.1 Account & Onboarding Data

Business profiles, onboarding forms, and verification information are retained:

For the duration of the business relationship and up to 6 years after last activity

This period allows handling of disputes, contractual matters, and legal record-keeping requirements.

16.2 RFQs & Business Communications

Requests for quotation, introductions, and marketplace communication records are retained:

Up to 6 years from the date of last interaction

This supports dispute resolution and commercial accountability between businesses.

16.3 Email Correspondence

Operational email communications may be retained:

Up to 6 years, unless deletion is requested and legally permissible.

16.4 Analytics & Technical Logs

Website usage data and technical logs are retained:

Up to 26 months for performance monitoring, security investigation, and service improvement.

Aggregated or anonymised data may be kept longer.

16.5 Compliance & Verification Records

Identity verification and compliance screening records may be retained:

Up to 6 years after the last compliance review

This is necessary for fraud prevention and regulatory defence.

16.6 Legal Obligations

Where required by law, data may be retained longer for:

• Legal claims
• Regulatory investigations
• Tax and accounting requirements
• Fraud prevention

16.7 Deletion

After the applicable retention period expires, data is:

• Securely deleted, or
• Irreversibly anonymised

Backups may persist temporarily before automatic overwrite cycles complete.

16.8 Platform Records as Evidence

Records, logs, timestamps, and stored communications maintained by Ventiere may be used as evidence in dispute resolution or legal proceedings to the extent permitted by applicable law.

17. Security Measures

Ventiere implements appropriate technical and organisational measures to protect information against unauthorised access, loss, misuse, alteration, or disclosure.

Security measures are designed based on the nature of business-to-business communications and the level of risk involved.

17.1 Technical Safeguards

We apply security protections including:

• Encrypted website connections (HTTPS/TLS)
• Access controls for internal systems
• Password-protected administrative access
• Secure cloud infrastructure
• Activity monitoring and logging
• Data minimisation practices

Access to information is limited to authorised personnel who require it to operate the service.

17.2 Organisational Measures

Operational procedures are in place to reduce risk, including:

• Restricted internal access to business data
• Role-based permissions
• Verification processes before sharing contact information
• Staff awareness of confidentiality obligations

17.3 User Responsibility

Users also play a role in protecting their information. Users should:

• Provide only business-relevant contact details
• Avoid sharing sensitive personal data
• Verify counterparties before entering agreements
• Secure their own email and communication channels

Ventiere cannot control the security practices of independent businesses after an introduction is made.

17.4 No Absolute Guarantee

While reasonable security measures are implemented, no internet transmission or storage system can be guaranteed 100% secure.

Users acknowledge that participation in online communications carries inherent risk.

17.5 Incident Handling

If a security incident affecting stored data is identified, Ventiere will take reasonable steps to:

• Investigate the issue
• Mitigate risks
• Notify affected parties where legally required

17.6 Force Majeure

Ventiere shall not be responsible for delays, failures, or interruptions caused by events beyond reasonable control, including but not limited to regulatory changes, sanctions, banking restrictions, internet outages, infrastructure failures, trade restrictions, or acts of government.

18. User Rights

Individuals whose personal data is processed by Ventiere may have certain rights under applicable data protection laws, including the UK GDPR and EU GDPR where applicable.

These rights apply only to personal data. Most information on the platform relates to businesses rather than private individuals.

18.1 Right of Access

You may request confirmation of whether we process your personal data and request a copy of the information we hold.

18.2 Right to Rectification

You may request correction of inaccurate or incomplete personal data.

Business users are encouraged to keep their company details up to date.

18.3 Right to Erasure

You may request deletion of personal data where:

• The information is no longer necessary
• You withdraw consent where applicable
• Processing is unlawful
• Legal obligations permit removal

Some information may be retained where required for legal or dispute resolution purposes.

18.4 Right to Restrict Processing

You may request temporary restriction of processing where:

• Accuracy is contested
• Processing is unlawful but deletion is not requested
• Data is required for legal claims

18.5 Right to Object

You may object to processing based on legitimate interests, including business communication usage.

We may continue processing where compelling legitimate grounds exist.

18.6 Right to Data Portability

Where technically feasible, you may request a copy of personal data you provided in a structured format.

18.7 Right to Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time.
This does not affect processing carried out before withdrawal.

18.8 Exercising Your Rights

Requests can be submitted to:

privacy@ventiere.com

We may need to verify identity before fulfilling a request.

We aim to respond within 30 days, subject to legal allowances.

18.9 Complaints

If you are unsatisfied with our response, you may lodge a complaint with a relevant supervisory authority, such as the UK Information Commissioner’s Office (ICO) or your local data protection authority.

19. Children

The Ventiere platform is a business-to-business service and is not intended for individuals under the age of 18.

20. Data Breach Notification

If a security incident occurs that affects personal data under our control, Ventiere will:

• Investigate the incident
• Take reasonable steps to mitigate risk
• Notify affected users where required by law
• Notify relevant supervisory authorities where legally required

Notifications will be made within applicable legal timeframes where a risk to individuals is identified.

21. Marketplace Liability Limitation

Ventiere operates solely as a business introduction and sourcing intermediary, unless expressly agreed in writing.

Users acknowledge that all commercial decisions, including pricing, quantities, specifications, logistics arrangements, payment terms, and counterparty selection, are made at their own discretion and risk.

Information provided through the Platform, including profiles, communications, or verification indicators, does not constitute professional, financial, legal, trade, or due-diligence advice.

Ventiere does not:

• Act as buyer or seller of goods
• Take ownership of products
• Guarantee product quality, legality, or delivery
• Guarantee payment between parties
• Provide legal, regulatory, or customs clearance services

All contracts are formed directly between buyers and suppliers.

Both parties remain solely responsible for:

• Product compliance
• Import/export legality
• Certifications and documentation
• Payments and financial arrangements
• Logistics and shipping
• Regulatory obligations in their jurisdictions

Ventiere is not liable for losses arising from transactions conducted between users.

Ventiere may transmit, relay, store, or make available communications between users for operational purposes.

Such involvement does not constitute supervision, participation in negotiations, approval of terms, inspection of goods, monitoring of payments, or verification of contractual performance.

All commercial terms and obligations remain solely between the transacting parties unless expressly agreed in a separate written service agreement.

22. Changes to Policy

Ventiere may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes.

The updated version will be published on the website with a revised “Last Updated” date.

Where changes materially affect user rights or obligations, reasonable notice may be provided through appropriate communication channels.

Continued use of the platform after an update constitutes acceptance of the revised policy.

23. Contact & Complaints

For any privacy, data protection, or legal enquiries, you may contact:

Ventiere Ltd
128 City Road
London, United Kingdom
EC1V 2NX

Email: privacy@ventiere.com

You may also lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local supervisory authority.

Acknowledgement

By accessing or using the Platform, you acknowledge that you have read this Privacy Policy and understand how your Personal Data is collected, used and processed. Where consent is required under applicable law, you agree to such processing by continuing to use the Platform or by submitting your information.