Menu
OPPLY DATA PROTECTION & PRIVACY POLICY
1. Important information and who we are
This privacy policy describes how Opply Ltd collects and uses personal data. This website, and our services, are not intended for children and we do not knowingly collect data relating to children. Opply Ltd is the data controller and responsible for the processing of personal data described in this privacy policy (collectively referred to as “Opply”, “we”, “us” or “our” in this privacy policy).
2. The types of personal data we collect
Personal data means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data which we have grouped together as follows:
We may also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ Usage Data for insights into how users are interacting with our services to help improve our services.
3. How is your personal data collected?
We use different methods to collect data from and about you including through:
Your interactions with us. You may give us personal data when you liaise with us to receive our services, including when you create an account with us, or ask us to provide services to you. You may also give us personal data, such as Contact Data when you attend events.
Automated technologies or interactions. As you interact with our services, we may automatically collect Technical Data, including by using cookies and other similar technologies. Please see our cookie policy https://www.opply.io/cookie-policy/ for further details.
4. How we use your personal data
The table below contains a description of the purposes for which we process personal data, and the legal basis we rely on to do so.
| Purpose/Use | Type of data | Legal basis |
| To register new customers, respond to user requests, manage accounts and support customer service. | (a) Identity (b) Contact | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and manage our relationship with you)
|
To provide services to you, such as operations services.
| (a) Identity (b) Contact (c) Technical (d) Usage
| (a) Performance of a contract with you (b) Necessary for our legitimate interests (to operate our business).
|
| To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical (d) Usage | (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
|
| To send you relevant marketing communications and make personalised suggestions and recommendations to you about goods or services that may be of interest to you | (a) Identity (b) Contact (c) Technical (d) Usage (e) Marketing and Communications | (a) Necessary for our legitimate interests (to carry out direct marketing, develop our products/services and grow our business) (b) Consent, if we are required to obtain your prior consent to receiving direct marketing communications.
|
| To facilitate access to extended payment terms through our partner Two Inc, including sharing your details to enable Two Inc to assess your creditworthiness and to issue and manage payment terms to you. | (a) Identity (b) Contact | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to provide financial services options to our customers and grow our business) |
5. Direct marketing
When your personal data is collected, you may be asked to indicate your preferences for receiving direct marketing communications from us via email. You can opt-out at any time using the link in our messages.
We may also analyse your Identity, Contact, Technical and Usage Data to form a view which products, services and offers may be of interest to you so that we can then send you relevant marketing communications.
6. Disclosures of your personal data
We do not sell or license personal data to third parties. We may occasionally share your personal data where necessary with external third parties, such as sub-processors that we use to operate our business, when needed for the purposes shown in the table above.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, except where a third party acts as an independent data controller (as described below in relation to Two Inc).
Where you elect to use our extended payment terms service, we will share your company name, company registration number, and Identity and Contact Data with Two Inc (“Two”), our extended payment terms provider. Two acts as an independent data controller in respect of your personal data and processes it for its own purposes, including to assess creditworthiness and to manage the payment terms arrangement between itself and you. You will be required to enter into Two’s own buyer terms and conditions directly, and we encourage you to review Two’s privacy policy, which is available at www.two.inc.
7. International transfers
We may transfer your personal data to service providers that carry out certain functions on our behalf. This may involve transferring personal data outside the UK to countries which have laws that do not provide the same level of data protection as the UK law.
Whenever we transfer your personal data out of the UK to service providers, we ensure a similar degree of protection is afforded to it by ensuring that appropriate contractual safeguards, such as standard contractual clauses (“SCCs”) or the UK International Data Transfer Agreement (“IDTA”) are in place.
8. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These measures use a multi-layered approach to data security, including access controls, authentication requirements, infrastructure security and data minimisation. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
9. Data retention
How long will you use my personal data for?
We will retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
10. Your legal rights
You have a number of rights under data protection laws in relation to your personal data, such as the right to request (i) access to your personal data, (ii) correction or erasure of your personal data, (iii) to object to processing of your personal data, or to request the transfer of your personal data to a third party. To exercise any of these rights, contact us at hello@opply.com.
11. Complaints
You have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). However, before doing so, please first raise your complaint to us or asked us for clarification if there is something you do not understand. Changes to the privacy policy and your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.
12. Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Version 2.0. Updated 21 March 2026.
Fill in a few details before connecting with us!
