Privacy Policy.

Your privacy is extremely important to us. This policy explains what personal information we have, how we use it and how you can check and update any of your personal information.

Vendor Society is owned and run by Ecommerce Nurse Limited, whose registered office is at 46 Hullbridge Road, South Woodham Ferrers, Chelmsford, Essex, England, CM3 5NG. We are a company registered in England and Wales under company number 10798755. We are registered with the Information Commissioner’s Office (ICO) under registration number ZA728270.

1. What information is being collected?
Vendor Society collect the data you provide when you complete various electronic online forms (Contact Us / Membership Subscription). Further data may be collected in connection with your registration, use, or enquiries about our service or our site that links to this Policy.

Contact Us Data
• your name
• your Company name
• your email address

Further Data collected for Membership Subscriptions
• your Account Username
• your contact details: address and telephone number
• your Company details and further information for consultancy purposes
• your credit card/banking details required for payment where applicable
• the various communications you have with us
• other publicly available data, including any which you have shared via a public platform (such as LinkedIn, Twitter feed or public Facebook page)

2. How we use your personal data
We will use your personal data in the following ways:

For our Contact List:
• to send you regular updates via email
• to share information that will be helpful to your business
• to send you details of our products and services

Plus the following for our Members:
• to register you as a new client/member
• to verify your identity
• to provide services
• to respond to and fulfil requests
• to manage our relationship with you
• to process and manage your payments where applicable

The lawful basis for processing your data for our Contact List is consent.  You are able to remove your consent at any time by clicking remove me from your contact list.

The lawful basis for processing your data if you are one of our Members is a contract in the form of a set of Terms and Conditions.

We will not share your details with third parties for marketing purposes except with your express consent.

3. Disclosure of your personal data
We may have to share your personal data with:

• service providers who provide IT and administration support
• professional advisors including lawyers, bankers, accountants/auditors
• other professionals including staff members and contractors for the purposes of carrying out the agreed services

We require all these third parties to respect the security of your personal data and to treat it in accordance with the law. They are only allowed to process your personal data on our instructions.

4. Merger, acquisition or sale of all or a portion of the company
If the Company is involved in a merger, acquisition or sale of all or a portion of its assets, the Company reserves the right to transfer personal and non-personal data to a party involved in the merger, acquisition or sale, to the extent such information is necessary to carry out the merger, acquisition or sale.

 5. Links to other websites
Our services may contain links to other websites not controlled or operated by Vendor Society. These links do not imply that we endorse these third party sites. We recommend reviewing those sites directly for information on their privacy policies.

6. International transfer
To deliver services to you, it is sometimes necessary for Vendor Society to share your data outside of the European Economic Area. This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws.

We do our best to ensure a similar degree of security by ensuring that contracts including codes of conduct are in place which give your personal data the same protection it has within Europe. If we are not able to do so, we will request your explicit consent to the transfer and you can withdraw this consent at any time.

If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice is to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers. Those clauses can be accessed here.

7. Data security
Protecting your data is important to us and we have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.

In certain circumstances you can ask us to delete your data. See the section entitled ‘your rights’ below for more information.

We may anonymise your personal data (so that you can no longer be identified from such data) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

8. Data retention
We will only keep your personal data for as long as is necessary to fulfil the purposes for which we collected it. We may retain your data to satisfy any legal, accounting, or reporting requirements. For example, we need to keep certain information about you for 6 years after you cease to be a client for tax purposes.

Upon reaching the retention period the data will be securely destroyed rendering the data unrecoverable and/or unreadable.

9. Your rights
You are able to exercise certain rights in relation to your personal data that we process. These are set out in more detail at:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

In relation to a Subject Access Right request, you may request that we inform you of the data we hold about you and how we process it. We will not charge a fee for responding to this request unless your request is clearly unfounded, repetitive or excessive in which case we may charge a reasonable fee or decline to respond.

We will, in most cases, reply within one month of the date of the request unless your request is complex, or you have made a large number of requests in which case we will notify you of any delay and will in any event reply within 3 months.

If you wish to make a Subject Access Request, please email the request to carina@vendorsociety.com.

10. Keeping your data up to date
We have a duty to keep your personal data up to date and accurate so from time to time we will contact you to ask you to confirm that your personal data is still accurate and up to date.

If there are any changes to your personal data (such as a change of address) please let us know as soon as possible by writing to or emailing carina@vendorsociety.com.

11. Complaints
We are committed to protecting your personal data but if for some reason you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.

This Privacy Policy does not cover third party websites that you connect with through Vendor Society.

This Privacy Policy may change from time to time. All subscribers and visitors who have made contact with Vendor Society will be notified of any policy changes that may impact their privacy.