Supplier Privacy Notice
If you are a supplier then this information applies to you:
- Thursday’s Child Ltd takes data protection seriously.
- Our data processing activities are always in line with the General Data Protection Regulation (GDPR)
- We keep to a minimum the information we hold about you
- We use your data to consider using your goods/service, respond to your enquiries, manage our relationship with you, meet our legal obligations, including paying you, and improve our website
- We delete your data when it is no longer needed for these things
- Generally, we do not give your information to third parties, but there are some exceptions
- You have privacy rights as an individual
- We take security seriously
- We don’t record calls
- We are happy to talk to you about how we process and protect your data
What data we hold
We may hold the following information about you:
- Your name, identity and contact information
- Your payment details
Details of the technical personal data that we process is below
We generate log files from various servers when you visit our website: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
The cookies we use only contain anonymous information to improve the services we offer, and do not contain personal information.
Using your information
We have to tell you what our lawful basis is for processing your data, so we are letting you know the reference to the GDPR after each section.
Dealing with your enquiry
If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, so that we know what we have said to whom.
The legal basis for processing this data is Article 6.1(b) because need to use your details to follow up with you. It is also legitimate for us to keep track of what we said to you so we can understand further business need and plan our strategy accordingly.
We will use your data to manage our relationship with you, to enquire about/buy products and services from you, and of course to pay you.
In line with Article 6.1 (b): we need to use your details to enter into and perform contracts with you, as well as keeping track of what we have agreed (That’s Article 6.1(f) again, a legitimate thing to do.)
We have some great suppliers, and we love to recommend them to others where we think it might be helpful.
Recommending you, is a legitimate thing for a business to do, so Article 6.1(f) again.
We may use the logs from our servers to assist in our firm’s security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).
The legal basis for processing this data is Article 6.1(c): we have legal and regulatory obligations to protect our clients and their information, also under Article. 6(f): strategy planning is a legitimate thing for a business to do.
Transfers of your data
We do not transfer or process data outside the United Kingdom, European Economic Area or other countries deemed to have inadequate protection of data by the EU.
Supplier contact details: for as long as we have a relationship with you or think we might want to buy products or services from you, or for the duration of a dispute with you.
As a general principle, we will not transfer your personal data to third parties without your permission. That will usually be a third party who is interested in purchasing your art or working with you in the future.
We also have a small number of companies providing services to us. These are our processors and we have confirmed that they all meet the requirements of the GDPR.
- All our laptops are full-disk encrypted, as are our phones and tablets.
- Our servers and desktop computers are protected by physical security.
- The ability to log on to all these devices is restricted to members of staff, each having their own unique log on credentials.
- Landline phone calls are not encrypted.
- If you have particular security requirements, please call us to discuss how we can support you.
We do not record telephone calls. This may change in the future, but if it does, don’t worry, we will let you know.
As a supplier rights in respect of our processing of your personal data. The relevant rights are:
- Request a copy of your personal data and information about our processing of it
- Request that we delete information on you if we do not need to hold it
- Request that we correct any personal data that we hold on you
- Request that we stop processing your data, although we can still hold it
- Request that we move your data to another organisation’s IT system electronically
If you want to exercise any of these rights, please just contact us on firstname.lastname@example.org
You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/
If you want to talk to us about this you can call contact us onon [tel] or email at: email@example.com