Please read this policy carefully. We, Marr Procurement Limited, is committed to protecting and respecting your privacy.
This policy sets out how we process any personal data we collect from you, or that you provide to us. It applies to clients, prospective clients, providers and any other third parties who provide data to us.
Our corporate website at www.marrprocurement.com (Corporate site) is hosted by 123-Reg Limited (registration number 05306504).
We also operate a procurement portal for registered Marr Procurement users at www.marrprocurementonline.com (Portal site). This is hosted by Amazon Web Services EMEA SARL (registration number FC034225).
For the purpose of the Data Protection Act 2018 and the General Data Protection Regulation (Data Protection Legislation). We are a data controller. Our full corporate details are: Marr Procurement Limited (company number 09095441) of 5 Pappus House, Tollgate Business Park, Colchester, Essex CO3 8AQ (we/us).
Our data protection lead is Jane Shelley (email@example.com). Jane is your first point of contact if you have any queries about how we handle your data. We are registered as a data controller with the Information Commissioner’s Office.
1) Information we may collect about you
We may collect and process the following data about you:
1.1 Information that you provide by electing to contact us, for example, by telephone, email or through our website or portal
1.2 Information you provide when you ask us to provide you with a quote for our services;
1.3 Information you provide when you are engaged as our client;
1.4 Details of your visits to our Corporate site including, but not limited to, traffic data and location data that you access;
1.5 Information provided by your company or your providers to enable you to be set up as a registered user on our Portal site with single sign-on to your suppliers where applicable – this is limited to your name, site and work email address; and
1.6 Information provided by providers detailing orders placed. We use this for management reporting but do not share any personal data in the production of these reports.
If you contact us, we may keep a record of that correspondence in accordance with our retention periods set out below.
2) IP addresses, cookies and other tracking technologies
2.1 When using our Corporate site, we may collect information about your computer, including, where available, your internet protocol (IP) addresses, operating system and browser type, for system administration purposes.
2.3 Our Corporate site uses Google Analytics, which is a web analytics service provided by Google Inc. This service evaluates visitors’ use of the site. For more information on the cookies set by Google Analytics, including information on how to opt out, please visit www.google.com/intl/en/privacypolicy.html. This helps us to provide you with a good experience when you browse our website and also allows us to improve the site.
2.4 When using our Portal site, we will collect information about your visit to the site, the content you have viewed, the links you have viewed and the links you have followed. We will also collect information such as web server logs, IP addresses, browser type, date/time stamp, and store it in log files as part of aggregated data. This identifies you as a portal user by your email address. We use this information to both improve the site’s performance and monitor compliance. We will only share this with your employer to report on usage.
How to turn off cookies
2.6 If you wish to restrict or block any cookies that are set by either of our sites or any other, you can do so by adjusting your browser settings (check your ‘help’ function within your browser to find out how). Alternatively, you can visit www.aboutcookies.org which contains comprehensive information about cookies, including how to delete them. By continuing to use our sites you consent to the setting of these cookies.
2.7 Please note, by disabling cookies on your browser, you may not be able to access the Portal site.
3) Where we store your personal data
3.1 The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). Any of your personal data that is transferred outside the EEA will only be transferred to a country with an adequacy ruling or where appropriate safeguards are in place, such as, the relevant company being signed up to EU-US Privacy Shield, having incorporated standard model contract clauses or equivalent. If you would like any further information, please do not hesitate to contact us.
3.2 All information you provide to us is stored on secure servers which may include the secure servers of our IT software suppliers (where applicable).
3.3 Where we have given you (or where you have chosen) a password which enables you to access the Portal site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
4) How we use your information
4.1 We use information held about you in the following ways:
4.1.1 to ensure that content from our Corporate site is presented in the most effective manner for you and for your computer;
4.1.2 to provide you with information, products or services that you request from us;
4.1.3 to carry out our obligations arising from any contracts entered into between you and us;
4.1.4 to create a profile for you if you are a registered user of our Portal site which allows you to login in securely and access directly the preferred suppliers agreed with your company (we may also be required to share your name and email address with the agreed suppliers for the sole purpose of authenticating and matching users between the Portal site and their supplier systems);
4.1.5 to monitor and report on your usage of and traffic on the Portal site to improve its performance and your experience using it; and
4.1.6 to notify you about changes to our services.
4.2) We process your information on the following legal bases:
|Purpose/Activity||Lawful basis for processing including basis of legitimate interest|
|Where you are a client or a provider||For the performance of a contractual or statutory obligation or for legitimate business interests as a provider of procurement services.|
|Where you request information or a quote for services from us||For legitimate business interests to fulfil your request|
|To administer and protect our business and our sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)|
|To use data analytics to improve our sites, products/services, marketing, customer relationships and experiences||Necessary for our legitimate interests (to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To send you marketing||Consent|
5) When we disclose your information
5.1 We may disclose your personal information to third parties in limited circumstances, including:
5.1.1 in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
5.1.2 if Marr Procurement Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its clients will be one of the transferred assets;
5.1.3 if we are under a duty to disclose or share your personal data in order to comply with any legal or compliance obligation (for example to the Police or any relevant regulatory body), or in order to enforce or apply our terms of business and other agreements;
5.1.4 where necessary to protect our rights, property, or safety or those of our clients, or others;
5.1.5 to our auditors or other inspecting organisations from time to time (including any accrediting organisations). This also includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
5.1.6 if you are our client, it may be necessary to pass your personal data to third parties in order to carry out the services you have requested, for example when we share names and email addresses of registered Portal site users with suppliers. We will always tell you if this is the case before sharing your information; and
6) Your rights
6.1 Right to object
You have the right to ask us not to process your personal data for direct marketing purposes where we are relying on consent to do so. We will ask you (before collecting your data) if you consent to us using your data for such purposes. We may use a third party processor to send communications to you. Where you do provide your consent, you can opt-out at any time by contacting us at: firstname.lastname@example.org
6.2 Right to access
The Data Protection Legislation gives you the right to access information held about you. Your right of access can be exercised in accordance with Data Protection Legislation by contacting Jane Shelley at: email@example.com
6.3 Right to Erasure
In certain circumstances you can request us to delete or put your data beyond use (where our software systems do not allow deletion) so we cannot identify you. You can make this request at any time by contacting Jane Shelley at: firstname.lastname@example.org but please note we may be compelled to maintain certain of your information due to specific legislative or regulatory requirements.
6.4 Right to rectification
You have the right to require us to correct any inaccuracies in your data free of charge. You can also exercise this right at any time by contacting Jane Shelley at: email@example.com and:
6.4.1 providing us with enough information to identify you; and
6.4.2 specifying the information that is incorrect and what it should be replaced with.
6.5 Right to data portability
You have the right to request your data in a structured, commonly used, machine-readable and inter-operable form to be transferred to yourself or another data controller by contacting Jane Shelley at: firstname.lastname@example.org.
6.6 Request restriction of processing
You have the right to request that processing of your personal data is restricted by contacting Jane Shelley at: email@example.com. We will then discuss with you the possible consequences of such restrictions.
6.7 Right to complain
You have the right to complain to the Information Commissioner’s office. Their website can be found at: www.ico.org.uk
7) When we will delete your information
We will only retain your personal data for as long as it’s necessary. Where we hold your personal data in connection with a contractual obligation and/or for a legitimate business interest, we will review this at the contract end date and as a matter of course every 3 years. If you use our portal, we conduct quarterly reviews to ensure that the data in the admin system is up-to-date. When a contract expires or is terminated, we will ensure that we will either delete or anonymise all personal data associated with it within 6 months of that date.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security or integrity of your data transmitted to either of our sites and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
9) Third party sites
Our Portal site will contain links to supplier websites that enables a portal user to place orders direct with their preferred suppliers. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.