Oxbury Supplier Privacy Notice

Oxbury will store and use your personal information to enable us to run our business and to manage our relationship with you effectively, lawfully and appropriately. This includes using information to fulfil our contractual obligations, to comply with legal requirements, to pursue the legitimate interests of the Company and to protect our legal position in the event of legal proceedings.

We will not share your personal information with 3rd parties except as required to carry out our business or as required by law of other legal processes and we will never sell your personal information.

Most of the information we hold will have been provided by you, but some may have come from 3rd parties (e.g. insurance and financial checks).

What information do we hold and what is it used for?

The sort of information we hold includes your name, job title and business contact details as well as records of our business dealings with you and your organisation. You will also be referred to in documents and messages that we produce, store, or share with you, your colleagues and third parties as part of our normal Company business.

We will hold financial information such as bank account details and a record of transactions between you / your organisation and Oxbury. This information is only used to pay for goods or services and to administer and manage our financial accounts.

If you are sub-contracting services to Oxbury we may also hold Health & Safety information such as the name and contact details of your nominated emergency contact.

How is your information stored and who has access?

Suppliers’ information is stored in our secure electronic document management system which can only be accessed with an approved logon and password.

In addition, your details may be referenced on paper documents (for example a business card, sales materials supplied by you, or printed email) which are kept by individual Oxbury employees. Your name and contact details may also be stored on our employees’ mobile devices if they are, or have been, working directly with you.

Oxbury has clear policies and procedures for all staff to protect company documents and equipment from loss or unauthorised access.

Who do we share your information with?

We will only share your personal data with 3rd parties if we are legally obliged to do so, or where necessary to comply with our contractual obligations. We will never sell your personal details.

How long do we keep your personal information?

All information, including suppliers’ details, relating to the business of Oxbury is kept for 15 years in order to comply with the requirements of our insurance. Information is kept securely in our offices until our contract with you is complete and it will then be moved to secure archive storage.

What are your rights?

You have the right to access the information we hold about you; to have any inaccuracies rectified; and to erase information which is incorrect or should no longer be held. You also have the right to object to and restrict processing of your data. However, be aware that if you do not provide information or allow us to process your data we may be unable to fulfil our legal and contractual obligations. If that is the case we will tell you about the implications of your decision.

If you want to access your personal information you can submit a Subject Access Request in writing to the HR & Practice Manager, Steph Pain at Oxbury’s head office. The Company will either provide the information requested, or will explain why there is a delay, within one month.

You have the right to lodge a complaint with the information Commissioners’ Office if you believe we have not complied with the requirements of the GDPR with regards to your personal data.

Who is the responsible for Data Protection?

Tim Boucher is the Board member with responsibility for Data Protection. You can contact him at timboucher@oxbury.co.uk or on 01603 707914