Rooted Supply Chain Partner

Commitment to Transparency

Rooted Supply Chain Partner (RSCP) believes that transparency is the foundation of a sustainable supply chain. This statement summarizes data is handled to support the mission of ethical sourcing and regulatory compliance.

  • What is done: RSCP collects data—ranging from business contact info to farm-level labor records—to help clients identify and remediate risks in their global operations.
  • How data is protected: Confidentiality is at the heart of the business. RSCP uses secure, GDPR-compliant technology and never share your data for marketing purposes.
  • Why data is collected: RSCP processes data to fulfill consulting contracts and to help the industry meet international environmental and social standards.
  • With whom is data shared: RSCP only share data with authorized parties, such as project stakeholders, regulatory bodies, and professional auditors bound by law and contract to protect it.

Privacy Policy

Scope and Introduction

RSCP is committed to protecting the privacy and security of the personal data we process. This policy describes how information is collected, used, and safeguarded as a consultancy specializing in supply chain sustainability, traceability, and social risk assessment. This policy applies to all personal data processed by RSCP, whether relating to clients, subcontractors, or individuals within the supply chains analyzed.

Collected Information

RSCP collects information necessary to perform consulting services and ensure regulatory compliance for clients. This includes:

  • Business Contact Data: Names, professional emails, and phone numbers of client representatives and points of contact.
  • Supply Chain Operations Data: Information related to producers, which may include plot locations (geo-coordinates) and certification details.
  • Social and Labor Data: In the context of risk assessments and remediation; wage records, working hour logs, and copies of identity documents to verify age or legal status may be processed.
  • Technical Data: Information gathered through Business Intelligence (BI) and satellite monitoring platforms used for environmental and social due diligence.

 How RSCP Uses Your Information

RSCP processes data for the following purposes:

  • Service Delivery: Executing contracts, managing projects, and providing technical support for supply chain improvements.
  • Due Diligence and Auditing: Identifying and correcting social or environmental risks within a supply chain.
  • Regulatory Evidence: Developing consolidated evidence packages for submission to relevant authorities to demonstrate compliance with international trade and labor standards.
  • Business Operations: Managing invoices, tax obligations, and subcontractor relationships.

Legal Basis for Processing

We process data under the following legal grounds:

  • Contractual Necessity: To fulfill our service agreements with clients.
  • Legal Obligation: To comply with tax, labor, and trade regulations.
  • Legitimate Interest: To improve supply chain transparency and protect the rights of workers within those chains.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

We do not sell personal data. We share information only with:

  • Clients: As part of our reporting and evidence delivery.
  • Regulatory Authorities: When required to demonstrate compliance for our clients.
  • Service Providers: GDPR-compliant platforms for BI, satellite monitoring, and secure communication.
  • Subcontractors: Professional auditors or consultants bound by strict confidentiality agreements.
  • International Transfers: As our work involves global supply chains, data may be transferred outside the EEA. We use Standard Contractual Clauses (SCCs) to ensure a high level of protection in countries without an adequacy decision.

Data Security and Confidentiality

All information is treated under strict professional secrecy. We employ multi-factor authentication (MFA), encryption for data at rest and in transit, and use only software providers that meet high security standards.

Website administrators can also see and edit that information.

What rights you have over your data

Under the GDPR, individuals have the right to access, rectify, or erase their personal data, as well as the right to restrict or object to processing. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.