Privacy Notice Supplier Data
Suppliers – refers to partnerships and companies (including sole traders), and typical workers such as independent contractors and freelance workers, who provide services to RSS.
What kind of personal data do we collect?
We don’t collect much data about Suppliers– we simply need to make sure that our relationship runs smoothly. We’ll collect the details for our contacts within your organisation, such as names, telephone numbers and email addresses. We’ll also collect bank details, so that we can pay you.
How do we use your personal data?
To ensure we find the right balance, we will only use your information:
- To store (and update when necessary) your details on our database, so that we can contact you in relation to our agreements;
- To offer services to you or to obtain support and services from you;
- To perform certain legal obligations;
- To help us to target appropriate marketing campaigns; and
- In more unusual circumstances, to help us to establish, exercise or defend legal claims.
- We will use your personal data for these purposes if we deem this to be necessary for our legitimate interests.
We will not, as a matter of course, seek your consent when sending marketing messages to a corporate postal or email address. If you are not happy about this, in certain circumstances you have the right to object by emailing gdpr@RSS.com.
Who do we share your personal data with?
Where appropriate and in accordance with legal obligations and regulatory requirements, we will share your personal data, in various ways and for various reasons, with the following categories of people:
– Any of our group companies;
– Appropriate colleagues within RSS (this may include colleagues in overseas offices);
– Tax, audit, or other authorities, when we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
– Third party service providers who perform functions on our behalf (external suppliers and consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
– Third party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
– Marketing technology platforms and suppliers;
What legal bases do we rely on to process Supplier data?
We use and store the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our Suppliers.
We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within the range of our legitimate interests as a recipient of your services.
How long do we keep your personal data for?
We will retain your personal data in accordance with our retention periods at Annex 2 in order to provide you with services or to receive services from you, or to provide you with information about our services that we believe you may be interested in.
If you have expressly indicated that you’re not interested in our services, then we will delete your personal data from our systems unless we believe in good faith that the law or other regulation requires us to preserve it (for example, because of our obligations to tax authorities or in connection with any anticipated litigation).
When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our online services.
In determining the appropriate retention period for different types of personal data, we always consider the amount, nature, and sensitivity of the personal data in question, the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we need to process it and whether we can achieve those purposes by other means (in addition of course to ensuring that we comply with our legal, regulatory and risk-management obligations, as described above).