Legal
Last updated: May 2026
This Privacy Policy explains how Suplivia, operated by Macro Global Business Sp. z o.o., collects, uses, stores, and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR), the Polish Personal Data Protection Act, and applicable US privacy regulations including the California Consumer Privacy Act (CCPA).
Contents
The data controller responsible for your personal data is:
Macro Global Business Sp. z o.o.
KRS: 0000889077
Spektrum Tower, Twarda 18, 00-105 Warsaw, Poland
Email: info@suplivia.com
Macro Global Business Sp. z o.o. operates the Suplivia platform accessible at www.suplivia.com, a controlled-access B2B medical procurement network connecting verified buyers and distributors with verified manufacturers worldwide.
We collect the following categories of personal data:
Account Registration Data
Platform Usage Data
Uploaded Documents and Files
We do not collect sensitive personal data (special categories under GDPR Article 9) and do not knowingly collect data from persons under 18 years of age.
We use the personal data we collect for the following purposes:
We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
Suplivia uses automated systems, including artificial intelligence technologies, to process and structure publicly available and user-submitted information.
These systems are used to:
AI systems are used as a data processing tool and do not independently make legal, compliance, or certification decisions regarding manufacturers or products.
All verification of submitted documentation is performed by human review where applicable.
Under the General Data Protection Regulation (EU) 2016/679, we rely on the following legal bases for processing your personal data:
Contract performance (Art. 6(1)(b))
Processing your registration data, application details, RFQ activity, and uploaded documents is necessary to provide the Suplivia platform services you have requested.
Legitimate interests (Art. 6(1)(f))
We process usage data (login activity, session metadata, profile views) for fraud prevention, platform security, and improvement of our services. These interests are balanced against your privacy rights.
Legal obligation (Art. 6(1)(c))
We may process and retain certain data to comply with applicable EU, Polish, and international laws including tax, accounting, and anti-money laundering regulations.
Consent (Art. 6(1)(a))
Where we send marketing communications or use non-essential cookies, we rely on your freely given, specific, and informed consent, which you may withdraw at any time.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:
When data is no longer required, it is securely deleted or anonymised. You may request earlier deletion of your personal data subject to our legal retention obligations — see Section 6 for your rights.
Under the GDPR, if you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights:
Under the CCPA, if you are a California resident, you have the following rights:
To exercise any of these rights, contact us at info@suplivia.com. We will respond within 30 days (GDPR) or 45 days (CCPA). We may request verification of your identity before processing your request.
We use a limited number of carefully selected third-party processors to operate the Suplivia platform:
All processors are bound by Data Processing Agreements (DPAs) and are required to implement appropriate technical and organisational measures to protect your data. We do not share your personal data with any other third parties without your explicit consent, except where required by law.
Supabase is used as our primary backend infrastructure provider. Your account data, profile information, uploaded documents, and RFQ records are stored in Supabase-managed databases. Supabase complies with GDPR and provides EU-region database hosting options. Their privacy policy is available at supabase.com/privacy.
Suplivia is operated from Poland (EU) and your data is primarily processed within the European Economic Area. However, some of our third-party processors (including Supabase and Vercel) are headquartered in the United States.
Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place in accordance with GDPR Chapter V, including:
By using the Suplivia platform, you acknowledge that your data may be transferred to and processed in countries outside your country of residence, subject to the safeguards described above.
For all privacy-related enquiries, rights requests, or complaints, please contact us at:
Privacy & Data Enquiries
Macro Global Business Sp. z o.o.
Spektrum Tower, Twarda 18, 00-105 Warsaw, Poland
Email: info@suplivia.com
We aim to respond to all privacy enquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Polish data protection supervisory authority:
This Privacy Policy was last reviewed and updated in May 2026. We may update this policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated to registered users via email. Continued use of the Suplivia platform following notification constitutes acceptance of the updated policy.