Suppliers (and individuals associated with our suppliers)
We only process personal data about our suppliers (this includes subcontractors and any individuals associated with them) where it is necessary for us to receive goods and services, contract, manage our relationship and help provide services to our clients (where relevant).
Typically, we collect personal data directly from our suppliers but sometimes from third parties as a part of due diligence.
We use personal data in these circumstances for the following purposes:
- Providing professional services: where a supplier helps us to deliver services to our clients, we process the personal data of its people involved to help manage our relationship and to deliver those services to our clients.
- Managing our business: in order to run our business effectively we will need to process personal data for multiple reasons, including managing our client relationships, developing our business and services, hosting events, and to manage and administer our website, IT systems and applications.
- Quality, risk and security management systems: to protect our information and our clients’ information (including personal data), we use security measures that involve detecting, investigating and resolving security threats. As a part of the security monitoring we do personal data will be processed (eg automated scanning of emails to identify threats). We monitor the services we provide to our clients for quality purposes this involves processing personal data held on the relevant client file. As a part of our supplier and third party take-on procedures we will process personal data obtained from publically available sources (eg sanctions lists, adverse media databases, and internet searches) to identify any risks relating to organisations and associated individuals that may prevent us from engaging with a supplier or third party.
- Providing information about our services: we will use business contact details to provide information about us, our services and activities, including events that we believe will be of interest.
- Complying with legal, regulatory or professional obligations: as a regulated business, we are subject to various legal, regulatory and professional obligations that require us to keep records which will contain personal data.