Privacy notice:
Suppliers
Last updated: 2 December 2024
Who you are
This information is relevant to you if you supply good or provide services to us as individual, or someone who is employed or engaged by someone else.
Who we are
For the purposes of data protection law, the ‘controller’ of your personal data will be Shieldpay Operations Limited, a company registered in England and Wales under number 14318564 and registered as a controller with the ICO under number ZB476223.
What personal data we collect about you
We may also use your personal data for purposes that are compatible with the above purposes. In doing so, we'll take into account various factors including the link between the original purpose and the purposes of the intended further processing, the nature of our relationship, the nature of the personal data, the potential consequences for you and any additional safeguards that we can put in place.
Where we get your personal data from
We will generally get your personal data directly from you or from the organisation that employs or engages you. Internal directory data is provided by our staff.
What we use your personal data for
We'll use your personal data for the purposes listed below. Against each of these purposes, we've identified which categories of personal data listed above are required and the legal ground relied on by us in line with data protection law.
| Purpose | Categories of personal data | Legal ground |
|---|---|---|
| Communicating with suppliers about the supply of goods or provision of services |   |
Our legitimate interests in communicating with our suppliers regarding the supply of goods or provision of services |
| Entering into and performing contracts with individuals as suppliers |   |
If we’re contracting directly with you, contractual necessity |
| Paying invoices and related transactional matters |  |
If we’re contracting directly with you, contractual necessity |
| Maintaining a database of previous suppliers |  |
Our legitimate interests in keeping a central record of suppliers and notes of our experience working with them, to improve efficiency and ensure we use the right suppliers in the future |
We may also use your personal data for purposes that are compatible with the above purposes. In doing so, we'll take into account various factors including the link between the original purpose and the purposes of the intended further processing, the nature of our relationship, the nature of the personal data, the potential consequences for you and any additional safeguards that we can put in place.
Who we share your personal data with
Depending on which of the purposes listed above applies, we may share your personal data with:
- Technical service providers as necessary for us to effectively conduct our business operations
- Regulatory bodies such as the Financial Conduct Authority and Financial Ombudsman Service, where you are providing services that are relevant to the provision of payment services
How long we keep your personal data for
We'll only keep your personal data for as long as necessary in connection with the purposes for which we collected it. We maintain a data retention schedule for each category of personal data we hold.
We'll retain communications data and contract data for the duration of the contract plus six years, financial data for 6 years from the end of the financial year to which the records relate, and internal directory data indefinitely (although it will be updated as individuals change employer).