Supplier Privacy Notice
What data we hold
We may hold the following information about you, for as long as we have a relationship with you or think we might want to buy products or services from you, or if we are legally obliged to keep it, e.g. due to a dispute or because our regulator requires us to:
- Your personal name and work contact information
- Your payment details
- Details of the technical personal data that we process if you use our website is below:
- We generate log files from various servers when you visit our website: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
Using your information
Managing our relationship with you
We will use your data to manage our relationship with you, to enquire about/buy products and services from you, to negotiate with you and to pay you.
We need to use your details to enter into and perform contracts with you, as well as keeping track of what we have agreed – a legitimate thing for a business to do.
Dealing with your enquiry
If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, so that we know what we have said to whom. It is also legitimate for us to keep track of what we said to you so we can understand further business need and plan our strategy accordingly.
Technical data
If you are reporting issues with the functionality of our website, we will generally collect your name, and contact details, and other information necessary to investigate the problem and advise of the outcome.
Transfers of your data
We only transfer data outside the EEA if it is to a country or organisation that is determined by the EU to have adequate protection for personal data. For example, our cloud data providers in the US are all signed up to the Privacy Shield.
Third parties
We do have a small number of companies providing services to us. These are our processors and in line with our obligations, we have confirmed that they adhere to the requirements of the GDPR.
Technical and operational security
As an organisation, Orcro is committed to protecting personal data. This includes technical security measures (e.g. intrusion, detection, firewalls, monitoring), encryption of personal data, restricted access to personal data, protection of our physical premises and hard assets, maintaining security measures for our team members (e.g. pre-screening), a data-loss prevention strategy and regular testing of our security posture.
All of our employees are trained on Data Privacy and work to the highest ethical standards to protect your rights.
Your rights
As a supplier you have rights in respect of our processing of your personal data. The relevant rights are:
- Request a copy of your personal data and information about our processing of it
- Request that we delete information on you, if we do not need to hold it
- Request that we correct any personal data that we hold on you
- Request that we stop processing your data, although we can still hold it
- Request that we move your data to another organisation’s IT system electronically
- If you want to exercise any of these rights, please just contact us on dataprotection@orcro.co.uk
- You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the Information Commissioner’s Office.
Contact us
If you want to talk to us about this, please email dataprotection@orcro.co.uk