Privacy Policy – Suppliers and Sub-Contractors UK

What is the purpose of this document?

Walsh Mushrooms is a "Data Controller". This means that we are responsible for deciding how we hold and use personal information about you. You are being sent a copy of this privacy notice because you are a customer. It makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. It provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679) (GDPR).

Data protection principles

We will comply with data protection law and principles, which means that your data will be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

The kind of information we hold about you

We will collect, store, and use the following categories of personal information about you:

  • Company Name
  • Company address including postcode (all locations)
  • Telephone/Fax numbers
  • Bank Details & Company Number
  • Vat Number
  • Various Email addresses supplied by you
  • Company contacts (Buyers/Sales/Accounts/Management etc)
  • Delivery & Collection Addresses

How is your personal information collected?

We collect personal information from the following sources:

  • You, the supplier/contractor.

How we will use information about you

The company needs to process data to be able to meets its obligations under the law. For example, it needs to process your data to pay you for any services/products provided.

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Data is stored in a range of different places in the company’s management systems and other IT systems (including the company email system). We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention

How long will you use my information for?

We will retain your personal information for a period the duration of the contract and up to 6 months after the contract has been terminated.

Rights of access, correction, erasure, and restriction

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request;
  • require the company to change incorrect or incomplete data;
  • require the company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • object to the processing of your data where the company is relying on its legitimate interests as the legal ground for processing; and
  • ask the company to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the company's legitimate grounds for processing data.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Tina Cameron, Data Protection, in writing.

Data protection

If you have any questions about this privacy notice or how we handle your personal information, please contact Tina Cameron, Data Protection. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.