The data controller responsible for processing your personal information is SupplyVue which you can contact online or by post at: www.supplyvue.com
SupplyVue Limited, 33 Queen Street, London, England, EC4R 1BR
The data we collect about you includes identity data and contact data (such as name or identifier, postal and email address, telephone), technical data and usage data (such as IP address, login data, browser type and other technical data, information on how you use our services and websites).
The main ways we use your data are:
We may share your personal data with carefully selected third parties such as our partners who may use the information to contact you in relation to our products and services.
You can exercise your rights to access the information we hold about you, to correct or delete information from our records, to object to processing of your information or exercise any other of your legal rights by contacting us.
SupplyVue is committed to protecting and respecting your privacy and personal data. This privacy notice will explain how we look after your personal data; please read it carefully.
This notice aims to give you information on how SupplyVue collects and processes your personal data through your use of any of our websites and participation in our events, including any data you may provide when you sign up to receive information about our products, any newsletter we might release, register for or attend one of our events, request further information about or purchase any of our services.
This privacy notice supplements any more specific privacy notices we may provide to you when collecting specific information from you and is not intended to override them.
Personal data, or personal information, means any information about an individual from which that person can be directly or indirectly identified. It does not include data where the identity has been removed (anonymous data).
We collect, use, store and transfer different kinds of personal data about you, as described below. In some cases, the data may not be personal data by itself but where it is associated with other data from which you can be identified, we treat it as personal data:
We may also utilise the above information to create Aggregated Data such as statistical or demographic data. Whilst Aggregated Data may be derived from your personal data it is not considered personal data in law as this data does not directly or indirectly reveal your identity.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We use different methods to collect data from and about you including through:
You may give us your Identity and Contact Data by filling in forms, providing us with your business card or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookie Notice for further details.
Examples of third party sources:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
The appendix at the end of this policy informs you in more detail of the legal basis of processing your data, and in particular what our legitimate interest is in each case.
Generally, we do not rely on consent as a legal basis for processing your personal data unless you have gone through a specific consent process for a particular service.
We may use your Identity, Contact, Technical, Usage and Profile Data for marketing products and services to you where we have a lawful basis on which to do so.
Unless you opt-out, you will receive marketing communications from us if you have requested information from us, registered to attend one of our events or purchased services from us. You have the right to opt-out of these communications at any time by following the unsubscribe links on any marketing message sent to you or by contacting us.
Where we have your express consent to do so, we may share your personal data with trusted partners outside of SupplyVue for marketing purposes.
We will only use your personal data for the purposes for which we collected it or for a compatible purpose, if we reasonably consider that we need to use it for that purpose and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please get in touch with us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may share your personal data with selected third parties, including:
We may share your information with law enforcement agencies, public authorities or other organizations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
We may also disclose your information to third parties:
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Sometimes we may transfer your details to third parties outside of the European Economic Area (EEA) to support the delivery of our services. If this happens we remain responsible to you for the transfer, processing and storage of your information.
SupplyVue is working towards ISO 27001 certification and maintains a formal Information Security Management System as part of the requirements of the standard. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Unfortunately, the transmission of information via the internet is not completely secure. We will do our best to protect your information, but we cannot guarantee the security of your information transmitted over the internet; any transmission is at your own risk. We will use strict procedures and security features to try to prevent unauthorised access to your information within our control and possession.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and for no longer than six years (unless a longer period is required by law).
In certain circumstances you can ask us to delete your data: see ‘Your rights’ below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
You have the right to:
If you wish to exercise any of the rights set out above, please contact us. A fee is not usually payable to exercise your rights (although we reserve the right to charge you a reasonable fee if your request is unfounded, repetitive or excessive). We will ask you to provide identification to ensure that we are providing information to the correct person. We will try to respond to requests within a month.
If you are a resident of California you may have a right pursuant to Section 1798.83 of the California Civil Code to obtain certain information about the types of personal data that we have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties.
SupplyVue Limited is the controller and responsible for this website.
Full name of legal entity: SupplyVue Limited
Email address: email@example.com
Postal address: SupplyVue Limited, 33 Queen Street, London, England, EC4R 1BR
If you have any questions about this privacy notice, please contact us at firstname.lastname@example.org
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. This website is not intended for children and we do not knowingly collect data relating to children. Where we have inadvertently collected information from a child, we will delete it as soon as possible. If you know that a child has given their information to us, please contact us at email@example.com
This notice was last updated on 15 October 2018. Any changes we may make to this notice in the future will be posted on this page. Please check back frequently to see any updates or changes to this notice. Archived copies can be obtained by contacting us at the address above.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please Contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new customer||(a) Identity|
|Performance of a contract with you|
|To process and deliver your services including:|
(a) Manage payments, fees and charges
(c) Marketing and Communications
|(a) Performance of a contract with you|
|To deliver relevant website content to you and measure or understand the effectiveness of the content we serve to you.||(a) Identity|
(e) Marketing and Communications
|Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||(a) Technical|
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||(a) Identity|
|Necessary for our legitimate interests (to develop our products/services and grow our business)|
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.