Privacy Policy

1. Who we are

Supero Ltd ("Supero", "we", "us") provides revenue diagnostics and related advisory services to business clients. This Privacy Policy explains how we collect, use and protect personal data in the course of operating our business and delivering our services.

If you have any questions about this Policy or how we handle personal data, you can contact us at:

• Supero Ltd
• 483 Green Lanes, London, N13 4BS, United Kingdom
• Email: [email protected]

If we appoint a Data Protection Officer or dedicated privacy contact, their details will be published here.

2. Scope of this Policy

This Policy applies to:

• Visitors to our website
• Contacts at our clients, prospects, partners and suppliers
• Individuals whose business contact details or work-related information are included in the data our clients share with us for diagnostic and advisory services

Supero processes business and work-related personal data only. We do not intentionally collect or process sensitive "special category" personal data (such as health, ethnicity, religion, political opinions, or biometric identifiers).

3. Personal data we collect

The types of personal data we may process include:

• Identification and contact details: name, business email address, business telephone number, job title, employer, location (e.g. city, country)
• Professional information: team and reporting line, role responsibilities, business unit or territory
• Interaction data: meeting notes, emails or other communications relating to our services
• Diagnostic data: structured responses to questionnaires or tools about pipeline, sales processes, accounts and opportunities, performance metrics and workflows (in all cases focused on business activities rather than private life)
• Website and technical data: IP address, browser type, device identifiers, approximate location, and usage data such as pages visited and interactions with our website or online services
• Marketing preferences: subscriptions, event registrations, and communications you choose to receive from us

We may receive personal data directly from you (for example, if you fill out a form or respond to our emails) or indirectly from your employer or colleagues when they share information with us in the context of a client engagement.

4. How we use personal data

We use personal data for the following purposes:

• To operate and improve our website and online services
• To respond to enquiries and communicate with you about our services
• To manage relationships with clients, prospects, partners and suppliers
• To deliver diagnostics, analysis and advisory services to our clients
• To develop and improve our products, tools and methodologies
• To send you relevant information or marketing communications where permitted
• To maintain security, prevent fraud, and protect our legal rights
• To comply with legal and regulatory obligations

Where possible and appropriate, insights and outputs from our diagnostic work are aggregated or de-identified so that they no longer relate to an identifiable individual.

5. Our legal bases for processing

We rely on one or more of the following legal bases when processing personal data:

• Performance of a contract and taking steps prior to entering into a contract (for example, to deliver services to a client or respond to a request for a proposal)
• Legitimate interests (for example, managing client relationships, improving our services, and operating and securing our business), provided those interests are not overridden by your rights and interests
• Compliance with legal obligations (for example, record-keeping, tax and regulatory requirements)
• Consent, where required for certain activities such as specific types of marketing communications; where we rely on consent, you can withdraw it at any time

6. When we act as controller or processor

Supero acts as a controller when it determines the purposes and means of processing personal data for its own business activities, such as operating the website, managing marketing lists, and managing client contacts.

Supero may act as a processor when processing personal data on behalf of a client, strictly following that client's instructions and the terms of the applicable agreement. In those cases, the client is responsible for providing appropriate privacy information to the individuals whose data is processed.

7. Sharing personal data

We may share personal data with:

• Our clients, where necessary for the performance and reporting of diagnostic and advisory services
• Professional advisers such as lawyers, accountants and auditors
• Third-party service providers, including IT hosting providers, cloud platforms, analytics and communication tools that support our business
• Potential buyers, investors or other parties in connection with a corporate transaction (subject to appropriate safeguards)
• Public authorities, regulators, law enforcement or courts where we are required to do so by law, regulation or court order, or where disclosure is necessary to establish, exercise or defend legal claims

We require service providers who process personal data on our behalf to do so only under our instructions, to protect the data and to keep it confidential.

8. International transfers

Some of our service providers or clients may be located outside the country where the data was originally collected. Where this results in personal data being transferred internationally, we will take appropriate steps to ensure that such transfers comply with applicable data protection laws, such as using recognised safeguards or ensuring the recipient is located in a country with adequate data protection laws.

9. Data security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include:

• Role-based access controls and need-to-know restrictions
• Security and confidentiality obligations for staff and contractors
• Use of reputable cloud and IT providers with appropriate security practices
• Processes for backup, recovery and incident handling

No method of transmission or storage is completely secure, but we continually review and enhance our safeguards in line with the risks and the nature of the data we process.

10. Data retention

We retain personal data only for as long as necessary for the purposes described in this Policy, including:

• For the duration of a client relationship and a reasonable period afterwards
• For as long as required to comply with legal, regulatory, tax or accounting obligations
• For as long as necessary to resolve disputes and enforce our agreements

Retention periods may vary by data category and context. When personal data is no longer required, we will delete it or anonymise it in line with our data retention procedures.

11. Your rights

Depending on applicable data protection law, you may have the following rights in relation to personal data about you:

• Right of access to a copy of your personal data
• Right to rectification of inaccurate or incomplete data
• Right to erasure of personal data in certain circumstances
• Right to restriction of processing in certain circumstances
• Right to object to processing based on legitimate interests or to direct marketing
• Right to data portability, where applicable
• Right to withdraw consent at any time where we rely on consent

You can exercise these rights by contacting us using the details in section 1. We may need to verify your identity before responding to a request and may not be able to fulfil a request where an exemption applies under applicable law.

12. Marketing communications

Where permitted by law, we may use your business contact details to send you information about our services, thought leadership, events or other content that we think may be relevant to you in your professional capacity. You can opt out of these communications at any time by using the unsubscribe link in our emails or by contacting us.

13. Cookies and similar technologies

Our website may use cookies and similar technologies to operate the site, remember your preferences and understand how visitors use our pages. Further details are provided in our Cookie Policy, which should be read alongside this Privacy Policy.

14. Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. The updated Policy will be posted on our website with an updated "last updated" date. You should review this page periodically to stay informed.