article banner


Suppliers (and individuals associated with our suppliers)

We only process personal data about our suppliers (this includes subcontractors and any individuals associated with them) where it is necessary for us to receive goods and services, contract, manage our relationship and help provide services to our clients (where relevant).

We use personal data in these circumstances for the following purposes:

  • Providing professional services: where a supplier helps us to deliver services to our clients, we process the personal data of its people involved to help manage our relationship and to deliver those services to our clients.
  • Managing our business: in order to run our business effectively we will need to process personal data for multiple reasons, including managing our client relationships, developing our business and services, hosting events, and to manage and administer our website, IT systems and applications.
  • Quality, risk and security management systems: to protect our information and our clients’ information (including personal data), we use security measures that involve detecting, investigating and resolving security threats. As a part of the security monitoring we do personal data will be processed (eg automated scanning of emails to identify threats). We monitor the services we provide to our clients for quality purposes this involves processing personal data held on the relevant client file. As a part of our supplier and third party take-on procedures we will process personal data obtained from publically available sources (eg sanctions lists, adverse media databases, and internet searches) to identify any risks relating to organisations and associated individuals that may prevent us from engaging with a supplier or third party.
  • Providing information about our services: we will use business contact details to provide information about us, our services and activities, including events that we believe will be of interest.
  • Complying with legal, regulatory or professional obligations: as a regulated business, we are subject to various legal, regulatory and professional obligations that require us to keep records which will contain personal data.

Who we share data with

In addition to the parties listed in the main privacy notice we may also share your personal data with suitable external providers (who must have equivalent data protection requirements to our own) in order to verify the identity of individuals through the use of electronic databases, including credit reference agencies. This may be done on a periodic basis in line with our legal obligations to keep due diligence information up to date. When the electronic verification takes place this will leave a digital footprint on the individual’s credit file, though this has no impact on their credit file.