Supplier Privacy Notice

Supplier Relationship Management

If you do business with us, contact us, are referred to us, or are determined to be a sales target, then we store the contact details of one or more of your representatives, so that we can communicate with you concerning the potential or actual provision of your services. We do not give, sell, or exchange these details with third-party companies for marketing purposes.

We store this information in our internal email and phone contact databases, call logging, and CRM systems.

We may also store it in the third-party process management system Trello.

For further details, please see the Trello privacy policy.

We may also store it in the third-party communication system Slack.

For further details, please see the Slack privacy policy.

We may also store it in the third-party calendar system Google Calendar.

For further details, please see the Google privacy policy.

We believe that our GDPR lawful basis for processing such personal data is one of legitimate interest.

Processing Our Data

We may store information relating to your processing of our data.

We store this information in our internal fileservers, email and phone contact databases, call logging, CRM, and backup systems.

We may also store it in the third-party calendar system Google Calendar.

For further details, please see the Google privacy policy.

We may also store it in the third-party job tracking system ProWorkflow

For further details, please see the ProWorkflow privacy policy.

We may also store it in the third-party accounting system Xero.

For further details, please see the Xero privacy policy and Xero GDPR Centre.

We believe that our GDPR lawful basis for processing such personal data is one of legitimate interest.

Finance & Accounting

If you are a supplier then your contact details, together with data relating to the purchased service, are stored by our third-party accounting system provider Xero. We use this information to pay your invoices, and track financial performance. We are likely to store this data for at least six years.

For further details, please see the Xero privacy policy and Xero GDPR Centre.

This information will also be visible to our accountants Sibbalds.

For further details, please see the Sibbalds privacy policy.

We believe that our GDPR lawful basis for processing such personal data is one of legitimate interest.

Your Obligations

We expect you to comply with all provisions of the GDPR, particularly with regards to security and confidentiality.

It may be necessary for us to supply you with particular data in order for you to fulfil our contract. In that case, we expect you as a data processor to only store information for which we (or our clients) are the data controller (eg our employee data, client employee data) for the minimum amount of time possible to deliver the contracted service. We also expect you to support GDPR rights to access, amend, or delete any personal information if data subjects or data controllers make such requests of us.

We'll ask you to sign a formal Data Processing Agreement outlining these expectations in more detail, so that everyone is clear as to their obligations and responsibilities.