Sustainment is a manufacturing market community that is designed to help buyers and suppliers of manufacturing services, and those that support them – collectively referred to as our “Community” – build better relationships and work more efficiently together. As a Public Benefit Corporation, we are committed to your privacy and to the security of your data.
When you use Sustainment, we collect information relating to you and your use of our services from a variety of sources, including the following:
a. Information you provide. When you respond to a “Contact Us” page, we collect your email address and whatever other information you provide to us. When using our hosted services for Buyers, Suppliers, and third parties (collectively, the “Site”), you may provide Sustainment with data, information or content regarding you, your company, capabilities, products, services, offerings, or procurement requirements (“Your Content”) including, without limitation, when creating or claiming a profile or otherwise listing your business, capabilities or offerings on the Site for access, use and evaluation by potential clients, customers or buyers (collectively, “Buyers”) or for access, use or evaluation by potential vendors or suppliers (collectively, “Suppliers”). When you create a profile or claim a profile on the Site, you control what information is added to, removed from, or modified in that profile.
b. Usage data. We may collect usage data about you whenever you interact with our services. This may include the webpages you visit, what you click on, when you performed those actions, and so on. Additionally, like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses.
c. Device data. We may collect data from the device and application you use to access our services, such as your IP address and browser type. We may also infer your geographic location based on your IP address.
d. Referral data. If you arrive at a Sustainment website from an external source (such as a link on another website or in an email), we may record information about the source that referred you to us.
e. Information from page tags. We may use third party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymized data about visitors to our websites. This data includes usage and user statistics.
a. To make our site easier to use. If you use the “remember me” feature when you sign into your account, we may store your username in a cookie to make it quicker for you to sign in whenever you return to Sustainment.
c. To provide you with personalized content. We may store user preferences in cookies to personalize the content you see.
We treat your data as information that is private to you, but we use your data for our own purposes in the limited circumstances described herein or if we have your express consent. We do not sell your data to third parties.
Generally, we use the information we collect from you in connection with providing our services to you. Specific ways we use this information include the following:
a. Provision to our Community including Potential Customers and Suppliers. We provide, display, publish and make Your Content available to our Community including potential Customers and/or Suppliers that use our site and services to connect to potential customers, clients, vendors, and suppliers.
b. Customer support. This includes providing you with customer support, which requires us to access your information to assist you.
d. Create new services, features or content (public data and metadata only). We may use information to create and provide new services, features or content. When we do this, the individual users will not be identified or identifiable unless we have obtained their permission.
e. Contact you about your service. We may occasionally send you communications of a transactional nature (e.g. service-related announcements, changes to our services or policies). You can’t opt out of these communications since they are required to provide our services to you.
f. Contact you for marketing purposes (if you opt in). We will only do this if you have given us your express permission to contact you for this purpose.
We don’t sell your data! When might we disclose your data to third parties?
Provision to our Community. We provide, display, publish and make Your Content available to our Community including potential Customers and/or Suppliers that use our site and services to connect to potential customers, clients, vendors, and suppliers. This is done primarily to help connect Buyers and Suppliers and assist Suppliers listed on our site in connecting with potential Buyers in existing and new markets and industries. All information within your profile is shared with the rest of our Community except for your contact email and phone number, which are shared only with your connections.
Manufacturing Support Organizations: Sustainment partners with local Manufacturing Extension Partnership (“MEP”) centers in many states and other manufacturing support organizations and may share information from supplier profiles, including Your Content, with those partners for the purposes of manufacturing industry research. This sharing is limited to company name, address, and capabilities - as well as aggregated and anonymized usage data. We do not share any personal information about any manufacturers' supply chain or supply chain activity.
Your Suppliers: The vendors you add to your Connections and Lists within your profile are strictly confidential. We do not share information about the vendors you manage with other Community members or any external individuals or organizations. Your Notes and other Supplier Management activities within your profile are completely confidential as well.
Your Projects: We do not share the details about your Projects, the vendors you invite to participate in your Projects, or the disposition of those Projects with other Community members or outside agencies. All messages and shared files exchanged within a Project are strictly private between you and your vendors. If you list a Community Project, only the project details will be listed and for only other registered Community members to see.
Your Files and Messages: We do not have access to the files you upload and share. You control who you share files with and you may revoke privileges or remove files you’ve shared with others at your discretion. The contents of all your messages are strictly private; even our team at Sustainment cannot access them.
Our Service Providers: In some cases, we also share your information with our service providers who help us to provide our services to you. This may include payment processors or similar vendors that may handle information not intended for public dissemination on our site or in connection with our services. In these cases, we contractually bind these service providers to keep your information confidential and to use it only for the purpose of providing their services to us. For example, we use payment processors who help us to process credit card transactions. By using our services, you authorize Sustainment to sub-contract in this manner on your behalf. Rare circumstances include when we need to share information if required by law, or in a corporate restructuring or acquisition context (see below for more details). Ways we may share your information include the following:
a. Aggregated information to third parties to improve or promote our services. We do not share information about how you use our applications or features or how often you use them. From time to time, we may use aggregated, de-identified activity information to measure and improve performance or to develop new features, but this data will not be attributable to you. No individuals can be identified or linked to any part of the information we share with third parties to improve or promote our services.
b. Your information if required or permitted by law. We may disclose your information as required or permitted bylaw, or when we believe that disclosure is necessary to protect our rights, and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us.
c. Your information if there’s a change in business ownership or structure. If ownership of all or substantially all of our business changes, or we undertake a corporate reorganization (including a merger or consolidation) or any other action or transfer between Sustainment entities, you expressly consent to Sustainment transferring your information to the new owner or successor entity so that we can continue providing our services. If required, Sustainment will notify the applicable data protection agency in each jurisdiction of such a transfer in accordance with the notification procedures under applicable data protection laws.
d. Information you expressly consent to be shared. For example, we may provide your contact details to third parties for various purposes, including to allow those third parties to contact you for marketing purposes. (You may later revoke your permission, but if you wish to stop receiving communications from a third party to which we provided your information with your permission, you will need to contact that third party directly.)
a. Download/backup your data. We may provide you with the ability to export, share and publish your data in a variety of formats. This allows you to create your own backups or conduct offline data analysis.
b. Delete your data. Deleting data in the ways described on this page will not permanently delete data immediately. As long as you maintain an account with us, we retain your deleted data in case you delete something by accident and need to restore it (which you can request by contacting customer support). To the extent permitted by law, we will permanently delete your data if you request to cancel your account.
c. Cancel your account. To cancel and delete your account, please contact firstname.lastname@example.org. Deleting your account will cause all the data in the account to be permanently deleted, as permitted by law, and will disable your access to any other services that require a Sustainment account. We will promptly fulfill requests to delete personal data unless the request is not technically feasible or such data is required to be retained by law (in which case we will block access to such data, if required by law).
For how long do we retain your data? We generally retain your data for as long as you have an account with us, or to comply with our legal obligations, resolve disputes, or enforce our agreements. Data that is deleted from our servers may remain as residual copies on offsite backup media for up to approximately 12 months afterward.
If you are using or visiting our services from outside the United States, including those that fall under the scope of the European General Data Protection Regulation (“GDPR”), please be aware that you are sending information (including personal information) to the UnitedStates where our servers are located.
GDPR gives you rights with respect to your personal information (as defined in the GDPR), subject to any exemptions provided by the law, including the rights to:
· Request access to your personal information;
· Request correction or deletion of your personal information;
· Object to our use and processing of your personal information;
· Request that we limit our use and processing of your personal information; and
· Request portability of your personal information.
We will keep your personal information only for the period required to provide you our services or as stated in the “For how long do we retain your data?” section above.
You can usually access, correct, or delete your personal information using your account settings and tools that we offer, but if you aren’t able to do that, or you would like to contact us about one of these or other rights, please contact us: email@example.com and give us details of your inquiry.
EU individuals also have the right to make a complaint to a government supervisory authority.
· In the case of US based entities, entering into European Commission approved standard contractual arrangements with them, or ensuring they have signed up to the EU-US Privacy Shield; or
· In the case of entities based in other countries outside the EEA, entering intoEuropean Commission approved standard contractual arrangements with them.
You can ask us for more information about the steps we take to protect your personal information when transferring it from the EU.
The CCPA provides California residents with specific rights regarding their personal information. For individuals whose state of residence does not afford these rights, we may offer them voluntarily and at our discretion, and we reserve the right to limit or revoke any such rights at any time, as may be permitted by applicable laws.This section describes your CCPA rights and explains how to exercise those rights:
· Right to Know: You have the right to request what personal information about you we collect, use, disclose, and/or sell, as applicable, over the past 12 months as follows:
· The categories of personal information we collected and used about you;
· The categories of sources from which we collected the personal information about you;
· Our business or commercial purpose for collecting or selling, as applicable, that personal information;
· The categories of third parties with whom we share that personal information;
· The specific pieces of personal information we collected about you; and
· If we disclosed your personal information fora business purpose or otherwise sold it, information regarding such disclosures, identifying the personal information categories that each category of recipient obtained.
· Right to Delete: You have the right to request the deletion of your personal information that is collected or maintained by us. If we receive and confirm your verifiable consumer request, we shall delete (and direct our service providers to delete) your personal information from our records, unless an exception applies or as otherwise required by law.
· Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of the privacy rights described above.
· Right to opt-out of the sale of personal information: You have the right to request to be opted out from the sale of your personal information, if applicable. However, we use and share personal information as set forth herein and do not sell personal information.
To exercise any applicable CCPA rights described above, please submit a verifiable consumer request to us by either:
· Emailing us at firstname.lastname@example.org.
· Sending postal mail to: the contact information provided under “Questions?” below.
The above rights are subject to our being able to reasonably verify your identity and authority to make these requests. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
· Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
· Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
The above rights are also subject to various exclusions and exceptions under the law. Under certain circumstances, we may be unable to implement your request, pursuant to applicable law. We will advise you of any reason for denying or restricting a request to the extent permitted by law.
Security. We are committed to handling your personal information and data with integrity and care.
As a contractor to the U.S. Department of Defense, we endeavor to employ strong security features that protect your information and to take measures to detect and automatically block security threats. Many of our security features are deployed to federal and DoD standards, and we have additionally been audited for compliance with the SOC2 framework.
Sustainment’s file sharing protocol is wholly contained and operated within Box Enterprise Plus, and thus is designed to meet the predominant security compliance requirements for the US defense industrial base. Specifically, file sharing is designed to be compliant to the following certifications: SOC 2, ISO 27001, FedRAMP Moderate, DoD IL4, ITAR, ISO 27018, PCI DSS, and NIST800-171.
However, regardless of the security protections and precautions we undertake, there is always a risk that your personal data may be viewed and used by unauthorized third parties as a result of collecting and transmitting your data through the internet.
Online Tracking. We currently do not process or comply with any web browser’s “do not track” signal or other similar mechanism that indicates a request to disable online tracking of individual users who visit our websites or use our services (unless otherwise stated in a service-specific privacy statement).
Safety of Minors and COPPA. Our services are not intended for and may not be used by minors. “Minors” are individuals under the age of majority in their place of residence. Sustainment does not knowingly collect personal data from minors or allow them to register. If it comes to our attention that we have collected personal data from a minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact us at email@example.com.
Sustainment Technologies, Inc.
14425 Falconhead Blvd.
Building E, Suite 100
Austin TX 78738
Attn: Privacy Officer
Last updated: January 18, 2024