Supplier Privacy Notice
Link defines a supplier as a person or organisation that provides something that the company needs, such as a product or service. On entering into a contract with us, you trust us with your personal information.
This Privacy Notice is meant to help you understand what data we collect, why we collect it, what we do with it, how we keep your personal data safe, and your individual rights over your personal data.
We are strongly committed towards the privacy of sensitive information, acting transparently and meeting our obligations in respect of data protection. Whenever you provide personal information, we will treat that information in accordance with this Privacy Notice, relevant legislation and best practice.
- What information do we collect?
Link collects and processes the following information about its suppliers:
- full name of the relevant contact;
- company address;
- contact details, including email address and mobile and landline telephone numbers;
- details of services/products provided;
- the terms and conditions of your contract;
- copies of email correspondence and hardcopy correspondence; and
- bank account details.
- Why do you need to process personal data?
Link needs to process supplier data to consider whether to enter into a contract with a supplier/s or following the placement of a contract with a supplier/s and to meet its obligations under this contract. For example, Link needs to process supplier data for banking purposes, and to contact suppliers about orders, deliveries, returns and/or give feedback.
In some cases, Link needs to process data to ensure that it is complying with its legal obligations. For example, to comply with health and safety laws such as cleaning service COSHH assessments. In other cases, Link has a legitimate interest in processing supplier data before, during and after the end of the contracting relationship.
Processing supplier data allows Link to:
- maintain accurate and up-to-date supplier records and contact details;
- pay suppliers in accordance with their payment terms;
- operate and keep a record of supplier spending to inform current and future budgets;
- ensure effective general business administration;
- ensure compliance with Health and Safety legislation; and
- respond to and defend against legal claims.
Where the organisation relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of suppliers and has concluded that they are not.
Link does not collect or process special categories of personal data i.e. particularly sensitive information about its suppliers at any point, such as ethnic origin, sexual orientation or religious and/or political beliefs.
- Do I have to provide personal data?
You have some obligations under your contract agreement to provide Link with relevant data in order for us to enter into a contract with you. In particular, you are required to provide relevant and accurate contact details and invoicing details, and it is in your best interests to provide all relevant information pertaining to your services. Failing to provide this data may mean that we are unable to fulfil our contractual obligations to you.
- Who can access personal data?
We disclose supplier data for the purposes of operational use with Link employees.
If necessary, Link will share your data with third parties such as solicitors and Courts in relation to disputes, or with third parties that process data on our behalf, such as for the purposes of end of year accounting.
We will never sell your details to a third party or transfer your data to countries outside the European Economic Area.
- How do we protect personal data?
Link takes the security of your data very seriously. Link has internal policies and controls in place to ensure as is reasonably practicable that your data is not lost, accidentally destroyed, misused or disclosed to irrelevant third parties, and that your data is only accessed and used by Link employees in the performance of their duties. Electronic supplier data is stored securely via a secure server and password protected systems. Financial information is also stored within Link's chosen online banking systems. Hardcopy information is locked away when not in operational use. Data is subject to restricted access as appropriate.
Where Link engages third parties to process personal data on its behalf in the course of its business operations, such parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate measures to ensure the security of data held.
- How long do we keep personal data?
Link will hold your data for the duration of the contract between us. The periods for which your data is held after the end of the contract is dependent upon the service requirements. If we use a supplier service once a year we will maintain your details on our list of approved suppliers. Any service used less than once a year will be removed from the list from one year after the last action of the contract.
Any supplier details or marketing literature deemed irrelevant during the review process will be destroyed via shredding or deletion from the system/supplier list.
To view Link's full data retention schedule please click here.
- Your Rights
As a data subject, you have rights over your personal data collected by us.
- access and obtain a copy of your data on request;
- require Link to change incorrect or incomplete data;
- require Link delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where Link is relying on its legitimate interests as the legal ground for processing;
- ask Link to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override WHHA’s legitimate grounds for processing data; and / or
- ask Link not to process your personal data for marketing purposes and to ask us not to share your personal data with third parties other than our employees.
This privacy notice was last reviewed on 22 November 2021.