Skip to main content

Supplier Privacy Notice

If you are a supplier then this information applies to you:

  • Thursday’s Child Ltd takes data protection seriously.
  • Our data processing activities are always in line with the General Data Protection Regulation (GDPR)
  • We keep to a minimum the information we hold about you
  • We use your data to consider using your goods/service, respond to your enquiries, manage our relationship with you, meet our legal obligations, including paying you, and improve our website
  • We delete your data when it is no longer needed for these things
  • Generally, we do not give your information to third parties, but there are some exceptions
  • You have privacy rights as an individual
  • We take security seriously
  • We don’t record calls
  • We are happy to talk to you about how we process and protect your data

What data we hold

We may hold the following information about you:

  • Your name, identity and contact information
  • Your payment details

Details of the technical personal data that we process is below

We generate log files from various servers when you visit our website: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

Our website uses cookies to distinguish you from other users of our website in order to provide increased functionality and service. This not only helps us to provide you with a better experience, but also to help us improve our website and services.

Unless you have adjusted your web browser settings (if and where possible) to refuse cookies, our system will issue cookies as soon as you visit our website or related online services. However, in doing so, you may find that certain functionality or services may be impaired or unavailable to you.

The cookies we use only contain anonymous information to improve the services we offer, and do not contain personal information.

As part of our commitment to keep our collection of data to what is absolutely necessary our website uses Plausible analytics which does not use cookies and is fully compliant with GDPR, CCPA and PECR.

If you choose to create an account to use our licensing platform, we will use cookies to assist with the management of that account. We use as a platform to manage the licensing content and also the user accounts. You can view Smint’s privacy policy here.

Using your information

We have to tell you what our lawful basis is for processing your data, so we are letting you know the reference to the GDPR after each section.

Dealing with your enquiry

If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, so that we know what we have said to whom.

The legal basis for processing this data is Article 6.1(b) because need to use your details to follow up with you. It is also legitimate for us to keep track of what we said to you so we can understand further business need and plan our strategy accordingly.

We will use your data to manage our relationship with you, to enquire about/buy products and services from you, and of course to pay you.

In line with Article 6.1 (b): we need to use your details to enter into and perform contracts with you, as well as keeping track of what we have agreed (That’s Article 6.1(f) again, a legitimate thing to do.)

Recommending you

We have some great suppliers, and we love to recommend them to others where we think it might be helpful.

Recommending you, is a legitimate thing for a business to do, so Article 6.1(f) again.

Technical data

We may use the logs from our servers to assist in our firm’s security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).

The legal basis for processing this data is Article 6.1(c): we have legal and regulatory obligations to protect our clients and their information, also under Article. 6(f): strategy planning is a legitimate thing for a business to do.

Transfers of your data

We do not transfer or process data outside the United Kingdom, European Economic Area or other countries deemed to have inadequate protection of data by the EU.

Retention periods

Supplier contact details: for as long as we have a relationship with you or think we might want to buy products or services from you, or for the duration of a dispute with you.

Third parties

As a general principle, we will not transfer your personal data to third parties without your permission. That will usually be a third party who is interested in purchasing your art or working with you in the future.

We also have a small number of companies providing services to us. These are our processors and we have confirmed that they all meet the requirements of the GDPR.

Technical security

  • All our laptops are full-disk encrypted, as are our phones and tablets.
  • Our servers and desktop computers are protected by physical security.
  • The ability to log on to all these devices is restricted to members of staff, each having their own unique log on credentials.
  • Landline phone calls are not encrypted.
  • If you have particular security requirements, please call us to discuss how we can support you.

Call recording

We do not record telephone calls. This may change in the future, but if it does, don’t worry, we will let you know.

Your rights

As a supplier rights in respect of our processing of your personal data. The relevant rights are:

  • Request a copy of your personal data and information about our processing of it
  • Request that we delete information on you if we do not need to hold it
  • Request that we correct any personal data that we hold on you
  • Request that we stop processing your data, although we can still hold it
  • Request that we move your data to another organisation’s IT system electronically

If you want to exercise any of these rights, please just contact us on

You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here:

Contact us

If you want to talk to us about this you can call contact us onon [tel] or email at: