Privacy Policy for Procure Partners Group Purchasing Organisation
Last Updated: September 11, 2025
Procure Partners Group Purchasing Organisation ("Procure Partners", "we", "us", or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, share, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR). It applies to all individuals whose personal data we process, including website visitors, suppliers, members, and other stakeholders.
1. Who We Are
Procure Partners is a Group Purchasing Organisation that leverages the collective buying power of its members to negotiate discounts with suppliers. We act as a data controller under UK and EU data protection laws, determining the purposes and means of processing personal data.
2. Personal Data We Collect
We collect and process the following types of personal data:
3. How We Use Your Personal Data
We process personal data for the following purposes, based on lawful grounds under UK and EU GDPR:
1. Who We Are
Procure Partners is a Group Purchasing Organisation that leverages the collective buying power of its members to negotiate discounts with suppliers. We act as a data controller under UK and EU data protection laws, determining the purposes and means of processing personal data.
- Contact Details:
- Address: 20 Wenlock Road, London, N17 GU, United Kingdom
- Email: info@procurepartners.co.uk
2. Personal Data We Collect
We collect and process the following types of personal data:
- Identity and Contact Information: Names, job titles, business email addresses, phone numbers, and postal addresses of representatives, employees, or contact persons of our suppliers, members, and other business partners.
- Professional Information: Details about your organisation, role, and business activities relevant to our services.
- Website Usage Data: IP addresses, browser type, device information, and cookies when you visit our website.
- Contractual Data: Information provided during supplier or member onboarding, such as bank details or contract terms.
- Sensitive Data: In limited cases, we may process sensitive personal data (e.g., relating to criminal convictions for compliance purposes), with appropriate safeguards.
3. How We Use Your Personal Data
We process personal data for the following purposes, based on lawful grounds under UK and EU GDPR:
We ensure that processing is fair, lawful, and transparent, and we limit data use to what is necessary for these purposes.
4. Sharing Your Personal Data
We may share your personal data with:
5. International Data Transfers
If you or your organisation are based in the EU, or if we transfer data outside the UK or EEA, we rely on:
6. Your Data Protection Rights
Under UK and EU GDPR, you have the following rights regarding your personal data:
7. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy or to comply with legal obligations. For example:
9. Cookies and Tracking
Our website uses cookies to enhance user experience and analyse performance. Cookies may include:
10. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for their privacy practices. We recommend reviewing the privacy policies of any third-party sites you visit.
11. Updates to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or a website notice. The latest version is always available on our website.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact:
This Privacy Policy ensures compliance with UK and EU data protection laws while addressing the specific needs of a Group Purchasing Organisation. For further guidance, refer to the ICO’s resources or consult a legal professional.
4. Sharing Your Personal Data
We may share your personal data with:
- Suppliers and Members: To facilitate procurement and contract agreements, ensuring compliance with GDPR requirements (e.g., Data Processing Agreements).
- Service Providers: Third-party providers (e.g., IT, payment processors, or analytics providers) acting as data processors, selected with data protection by design in mind.
- Legal Authorities: When required to comply with legal obligations, such as tax authorities or law enforcement.
- Business Partners: In cases of mergers, acquisitions, or joint ventures, with appropriate safeguards.
5. International Data Transfers
If you or your organisation are based in the EU, or if we transfer data outside the UK or EEA, we rely on:
- Adequacy Decisions: The EU’s adequacy decision for the UK (valid until 27 December 2025) allows data to flow freely from the EU to the UK.
- Standard Contractual Clauses (SCCs): For transfers to non-adequate countries, we use SCCs approved by the European Commission or UK International Data Transfer Agreements.
- Binding Corporate Rules: Where applicable for intra-group transfers.
6. Your Data Protection Rights
Under UK and EU GDPR, you have the following rights regarding your personal data:
- Right to be Informed: To know how we process your data (as outlined in this policy).
- Right of Access: To request a copy of your personal data.
- Right to Rectification: To correct inaccurate or incomplete data.
- Right to Erasure: To request deletion of your data, where applicable.
- Right to Restrict Processing: To limit how we use your data in certain cases.
- Right to Data Portability: To receive your data in a structured, machine-readable format.
- Right to Object: To object to processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time.
7. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of sensitive data during transmission and storage.
- Access controls to limit data access to authorised personnel.
- Regular security audits and staff training.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy or to comply with legal obligations. For example:
- Supplier or member contact details are retained for the duration of the business relationship and up to 7 years thereafter for tax or legal compliance.
- Website usage data is retained for up to 2 years for analytics purposes.
- Marketing data is retained until you withdraw consent or opt out.
9. Cookies and Tracking
Our website uses cookies to enhance user experience and analyse performance. Cookies may include:
- Essential Cookies: Necessary for website functionality (no consent required).
- Analytics Cookies: To track website usage, enabled only with your consent.
- Marketing Cookies: To deliver tailored advertisements, enabled only with your consent.
10. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for their privacy practices. We recommend reviewing the privacy policies of any third-party sites you visit.
11. Updates to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or a website notice. The latest version is always available on our website.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact:
- Data Protection Officer: info@procurepartners.co.uk
- Address: 20 Wenlock Road, London, N17 GU, United Kingdom
This Privacy Policy ensures compliance with UK and EU data protection laws while addressing the specific needs of a Group Purchasing Organisation. For further guidance, refer to the ICO’s resources or consult a legal professional.