Here is the Privacy Policy with clean, readable formatting:

Version: 1.0

INTRODUCTION

Wholepal Limited ("Wholepal") is a limited company based in the United Kingdom. We are responsible for the website wholepal.com and its subdomains. Wholepal is committed to respecting your privacy and is committed to complying with data protection and privacy laws that apply to the processing of the data that Wholepal collects.

OUR APPROACH

DATA STORAGE AND SECURITY

We securely store all personal and customer data using Microsoft Azure, which provides enterprise-grade infrastructure with robust security, data redundancy, and compliance with UK and EU data protection standards such as GDPR. Access to your data is tightly controlled, encrypted both in transit via SSL and at rest, and only shared with authorised partners as needed. We also employ industry-standard administrative and technical safeguards to ensure your data remains private and protected.

ARTIFICIAL INTELLIGENCE PROCESSING

The Wholepal Platform uses artificial intelligence and machine learning technologies to assist with the processing, extraction, structuring and validation of Customer Product Data submitted to the platform.

Where Supplier or Manufacturer Customers or Trading Partners upload Customer Product Data to Wholepal Platform, such data may be processed using automated systems to improve the performance, accuracy and functionality of the platform.

Customer Product Data may also be used in anonymised or aggregated form for the purposes of training, evaluating and improving artificial intelligence models used within the Wholepal Platform. Anonymisation or aggregation is applied by default when Customer Product Data is used for these purposes. Wholepal does not disclose commercially sensitive Customer Product Data belonging to one customer to any other customer. This prohibition applies regardless of whether any such disclosure would be intentional or accidental, and regardless of the means by which it might occur, including through AI-generated outputs, platform features, or any other functionality. Wholepal does not use Customer Product Data to generate or provide competitive intelligence, pricing insights, or commercial analysis to any other customer in identifiable form. Wholepal maintains technical and organisational measures specifically designed to prevent cross-customer exposure of Customer Product Data, including logical separation of customer data environments and regular testing of AI model outputs. In the event that any accidental exposure of commercially sensitive Customer Product Data to another customer occurs, Wholepal will notify the affected customer promptly, take immediate steps to contain and remediate the exposure, and provide a written account of what occurred and the steps taken to address it.

Where Supplier or Manufacturer Customers upload native documentation to the Wholepal Platform — such as product specification sheets, data files, product information documents and related materials — such documents may be accessed and processed by Wholepal's automated systems and artificial intelligence technologies for the purposes of data extraction, structuring, formatting and validation of product information. This processing is carried out solely to provide and improve the functionality of the Wholepal Platform and is consistent with the licence granted by customers under Wholepal's contract terms.

INFRASTRUCTURE AND PLATFORM SECURITY

Wholepal Platform infrastructure is hosted on Microsoft Azure cloud services. Data is stored within secure environments with encryption in transit and at rest. Access to systems is controlled using secure authentication methods and internal access control procedures based on least privilege principles. Wholepal applies industry-standard security practices designed to mitigate known vulnerabilities including those identified by OWASP.

Wholepal is currently preparing for Cyber Essentials certification and intends to pursue ISO 27001 accreditation.

THIS PRIVACY POLICY

This policy was last updated on 10th March 2026. It will be updated when required to reflect changes in how Wholepal collects and uses personal data as needs arise.

SOCIAL MEDIA ACCOUNTS

We primarily use LinkedIn for community engagement. When visitors leave comments on the site or on one of our social media accounts we collect the data shown in the comments form, and also the visitor's IP address and browser user agent string to help spam detection.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue. The data collected and stored in the servers will assist Wholepal and our customers maintain and improve data security. The lawful basis for processing data for the purpose of security is legitimate interest. The servers are located in the United Kingdom and globally.

SIGNING UP TO OUR EMAIL NOTIFICATIONS, NEWSLETTERS AND WHITE PAPER DOWNLOADS

The site allows followers, potential customers and ecosystem partners to sign up for emails and newsletters. We collect information and contact details of people who choose to interact with us on our websites. We use this data to generate new business leads, hear from interesting people, receive opportunistic job enquiries or have interesting suppliers tell us about their services.

The website contact form has six fields for collecting information.

The information collected is:

• First Name and Last Name
• Company Name
• Role
• Email Address
• What you want to talk to Wholepal about

The submitted information is delivered to Wholepal via company email where it can be read by the company. The data is also stored on Webflow. We will then use the information to initiate contact with the party who contacts us. By submitting a contact request, we assume people are willing to be contacted by email, and with their consent we will then contact them by email. Wholepal email is provided by Google. The original email will be stored on Google Workspace servers (located in the EEA). No unsolicited Wholepal contact (newsletters, alerts, marketing messages) will be sent to anyone who uses the form. Wholepal's email marketing management system is provided by Mailchimp (located in the EEA and US). The personal information provided by new business leads, interesting people, job hunters or potential suppliers via the contact form will be entered into our internal customer relationship forms and stored in the Google Workspace and transferred to Mailchimp for newsletters.

We require all third party service providers to implement appropriate security measures to protect your personal data. Where our third party providers are data controllers, they are responsible for the safeguarding of your data: please refer to each of our third parties' own privacy policies for further detail on how they may process your data (these can be found on their websites which we can share upon request). We do not permit our third party service providers to use your personal data for their own purposes. The recipient of your personal data will be bound by confidentiality obligations. We may amend the list of third parties we use from time to time. We may also share your personal data with our professional advisers (such as lawyers) or external IT support who are bound by confidentiality obligations. We may also be required to share some personal data as required to comply with the law or a legal obligation such as to the police and courts. This may be necessary in situations where the legal authorities make a request for your personal data on the grounds of preventing or detecting a crime, or if we suspect fraud. We do not sell your personal data to any third-parties.

SECURITY

We will always hold your information securely. To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards. We also follow stringent procedures to ensure we work with all personal data in line with the Data Protection Act 1998 and EU General Data Protection Regulation 2018.

PROSPECTIVE CUSTOMERS

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. When you contact us using this website, if we meet at an event or via a social media platform, we process the following data:

• Name, role/title and contact data
• Data about the business and its business activities
• Documents about topics, projects or enquiries, and contacts/messages, meetings and communications.

We process this data to maintain our relationships with our customers, and to enable Wholepal to refine our business strategy, planning and make informed operational business decisions. For these purposes the data is processed on the basis of legitimate interest.

The data is processed using the following systems provided by suppliers:

• Google Workspace as documents in the Google suite and email in Gmail
• Webflow — our website platform
• Docusign, DocSend and WeTransfer for document management and sharing
• Mailchimp for email marketing management
• Google applications

PROSPECTIVE EMPLOYEES AND JOB APPLICANTS

Wholepal will post notifications of current and future job openings we are recruiting for and we encourage interested people to contact us through our websites and social media accounts. We retain information given to us by prospective applicants as required to consider their application and suitability for joining Wholepal. We will retain background information for as long as the prospective applicant remains in our recruitment pipeline. When we have decided not to hire an applicant we will only retain the information required to identify the candidate and the result of their previous interaction with Wholepal. For these purposes the data is processed on the basis of legitimate interest.

CUSTOMERS AND PARTNERS

Wholepal processes the following data about its customers:

• Name, role/title and contact data
• Data about the business and its business activities
• Documents about topics, projects or enquiries, and contact, meetings and communications
• Billing and payment data

We process this data to operate as a functioning business, to fulfil the contracts we have in place with our clients and so provide and bill our services to them.

We process this data to maintain our relationships with our customers and suppliers, and to enable Wholepal to create business strategy, planning and make informed operational business decisions. For these purposes the data is processed on the basis of legitimate interest.

Customer Product Data relating to a Supplier or Manufacturer Customer may also be provided to Wholepal Platform by a Trading Partner where such information forms part of an existing commercial relationship between those parties. Such data is processed solely for the purpose of facilitating product onboarding, product listings, catalogue management and other functionality provided by the Wholepal Platform.

The data is processed using the following systems provided by customers and suppliers:

• Microsoft Azure
• Google Workspace as documents in the Google suite and email in Gmail
• SignNow and WeTransfer for document management and sharing
• Webflow — our website platform
• Mailchimp for email marketing management and Google applications
• Xero financial accounting system
• Github and Jira for development management
• HubSpot as a CRM

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. Any changes will be posted on our website and will take effect immediately upon posting.

CONTACT US

Wholepal is committed to creating and delivering the best privacy experience possible. We don't collect data unless necessary for us to run our business and be able to communicate with you. If you have any questions about this Privacy Policy, please contact us at support@wholepal.com

Helping drive supply chain efficiencies through automation and digitisation.

‍