1. Who we are
EPD Market is an independent global marketplace. For privacy matters, please use our contact form with "Privacy" in the subject. If you are a resident of the EU/EEA, the General Data Protection Regulation (GDPR) governs our handling of your personal data; equivalent protections apply for users in jurisdictions with their own data-protection regimes.
2. What data we collect
From buyers (manufacturers submitting a brief):
- Company name, your name, work email, optional phone number
- Sector, timeline, program-operator preference
- Product description and any details you add
- Any messages you send us as the engagement progresses
From providers (consultants and verifiers applying to join):
- Name, work email, optional phone
- Organisation, role, team size, website
- Accreditations, sectors, regions, program operators
- Years of experience, capacity, references where applicable
From visitors: standard server logs (IP address, browser, referrer) for security and uptime. We do not use third-party analytics or advertising trackers on this site.
3. Why we collect it (legal basis)
- Performance of a contract — to match buyers with providers and run the marketplace operations.
- Legitimate interest — to communicate with you, maintain the integrity of the network, and improve our service.
- Consent — where you opt into marketing communications or non-essential cookies.
- Legal obligation — where we must retain records for tax, audit, or anti-fraud purposes.
4. Who we share it with
We share only what's necessary:
- Matched providers receive your brief contents (buyer data) once they've been shortlisted.
- Service providers — FormSubmit (form delivery), HubSpot (CRM, once configured), Stripe (commission billing once enabled), Google Workspace (email). These are processors bound by data-processing agreements.
- No advertisers or data brokers. We do not sell or rent your personal data to any third party.
- Authorities — only where compelled by law, and only to the minimum extent required.
5. How long we keep it
- Buyer briefs: 24 months after match closes, or 12 months after a brief is declined / not pursued. Deleted earlier on request.
- Provider profiles: while you are an active member of the network, plus 6 months after departure for reference and audit purposes. Deleted earlier on request, except where retention is legally required.
- Email correspondence: 36 months, then archived in a restricted-access store.
- Server logs: 90 days.
- Financial records: as required by applicable tax law (typically 7–10 years).
6. Your rights
If you are in the EU/EEA, you have the right to:
- Access the personal data we hold about you
- Correct it if it's inaccurate
- Delete it (subject to legal retention requirements)
- Restrict or object to certain types of processing
- Portability — receive your data in a machine-readable format
- Withdraw consent at any time, where consent is the legal basis
- Lodge a complaint with your local supervisory authority
To exercise any of these rights, please use our contact form with "Privacy request" in the subject. We respond within 30 days, free of charge for reasonable requests.
7. Cookies
This site uses only essential cookies (session continuity, form submission). We do not run analytics, advertising, or tracking pixels. If we add non-essential cookies in future, we will surface a cookie banner with opt-in consent before they load.
8. International transfers
Some of our service providers store data outside the EU/EEA. Where this happens, we rely on EU Standard Contractual Clauses or equivalent safeguards. A list of sub-processors is available on request.
9. Security
Personal data is stored on encrypted infrastructure provided by reputable vendors. Access is limited to team members who need it for their role, governed by role-based permissions and reviewed periodically. We will notify affected users and the relevant supervisory authority of any qualifying personal-data breach within 72 hours, as GDPR requires.
10. Children
EPD Market is a B2B platform and is not intended for use by anyone under 18.
11. Changes to this policy
We update this policy as our operations evolve. Material changes — anything that materially affects how your data is used — will be announced by email at least 30 days in advance.
12. Contact
Questions, requests, or complaints: please use our contact form.