Tuesday, September 26, 2023 at 10:35am EST
Where, Blue State (“we”, “us” or “our”), chooses to enter into a business engagement with supplier, we will be the controller of any personal data, that you give to us, to enable us to process that business engagement and are therefore responsible for processing it in accordance with the law.
- Our suppliers, vendors and service providers, either historical, existing or prospective, who are natural persons; and
- representatives or contact persons of our suppliers and service providers who are legal entities.
What information do we collect?
We may gather the following information about you during our engagement:
- Identification and contact information (full name, title, email, phone, address etc)
- Job Title, position, and name of company
- Business Financial information (e.g., bank account details), insofar our supplier is a natural person
- Identification data relating to the delivery of products or services to our company (e.g., login details, passwords, visitor pass, IP address, online identifiers/ cookies, logs, access times, correspondence) and
- Background checks related to the supplier (which may include related party checks)
Suppliers should ensure their employees are aware that their data is being shared with us, as described in this policy.
How do we use it?
The primary reason we process your personal data is to approve, manage, administer or effect an agreement between Blue State and the supplier you represent or work for. In this respect, we use your personal data, to organize our sourcing activities, issue purchase orders, process payments, perform accounting, manage our contract or review the services or products you supply us with. In addition, we process personal data to meet our legal obligations (such as record keeping obligations), as well as to manage our risks and operations (e.g. prevent and detect security threats, exercise or defend legal claims).
We are also required by law to state a “legal basis for processing”, i.e., to tell you on what grounds we are allowed to use your information, and this is also set out below:
|How we will use your personal data||Our legal basis for processing|
|Managing our relationship with our suppliers.||Legitimate interest – in cases where we process data of representatives or contacts of our suppliers who are legal entities, the processing of your data is necessary for our legitimate interest to communicate with our suppliers’ representatives in a customary, personal manner. Necessary for the performance of a contract – we use your personal data to liaise with you on matters relating to our relationship, if you, as our supplier, are a natural person.|
|Making decisions about procuring goods and services (e.g., determining payment or the terms of our contractual agreement(s) etc).||Legitimate interest – in cases where our supplier is a legal person, we use your personal data to keep our supplier updated throughout our relationship. Necessary for the performance of a contract – we use your personal data to assess your status as a new or existing supplier, and to keep you updated throughout our relationship.|
|Upholding our company’s economic interests and ensuring compliance and reporting (such as adhering to our policies, local legislation and managing allegations of fraud or misconduct).||To comply with our legal obligations – in cases where our supplier is a natural person, we use your personal data to investigate and prevent fraud or misconduct and to protect our economic interests.|
|To manage your visit to our offices.||Our legitimate interests for any other purposes required by law such as for example, compliance with fire protection regulations.|
|To keep you informed of news, updates and other information related to our business and that of other companies in our group.||Our legitimate interests – ensuring you receive information relevant to you related to the services we provide. You will always have the opportunity to opt-out in each correspondence. |
Where required by local law, we will ask you for your consent before we process your data for information purposes.
|Any other purposes required by law and authorities.||Processing is necessary for compliance with a legal obligation to which we are subject.|
Do we pass your information to third parties?
Given the global nature of our company, your personal information may be transferred from one jurisdiction to another. When we make such transfers, we do so in accordance with data protection legislation, for example by using Standard Contractual Clauses where information is transferred from Blue State Digital UK LImited in the European Economic Area to Blue State Digital, Inc.in the United States of America.
We may disclose your personal data if we or any of our assets are the subject of a sale or similar corporate transaction. We will ensure that the third parties who receive your personal data are required to keep it confidential.
We may disclose personal data to third parties when we reasonably believe we are required by law, and in order to investigate, prevent, or take action regarding suspected or actual unlawful or otherwise prohibited activities, including, but not limited to, fraud.
Where do we send your information?
We are a global company and therefore we may transfer your personal data to countries around the world including the US and other countries outside of the UK and Europe. We will, where the country to which your data is transferred has not been found to provide an adequate level of protection, put in place appropriate safeguards (we use standard contractual clauses) to ensure your information is protected.
How long do we keep your information?
We will keep your information for as long as is necessary to fulfill the purpose for which it was collected. The retention time is the term of the suppliers’ contract until any legal claims under the contract expire, unless an overriding legal or regulatory obligation arises.
How do we protect your information?
We take appropriate measures to ensure that your personal data disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used.
Depending on the purposes of processing, you may be entitled to ask:
- for a copy of the personal data we hold about you, and details about how we are processing your personal data;
- to have any inaccuracies in your personal data corrected;
- if we are processing your personal data by automated means and on the basis of your consent (see “How do we use it?”, above), for us to provide your personal data to you in a structured, commonly-used and machine-readable format. You can also ask us to provide your personal data directly to a third party in this format, and, if technically feasible, we will do so; and
- to withdraw your consent at any time. The withdrawal of your consent will not affect the lawfulness of processing based on consent before withdrawal
- to object, on grounds relating to your particular situation, at any time which is based on our legitimate interest; and
- to have your personal data erased, or for our use of it to be restricted
Please contact us using the details set out below if you would like to exercise any of these rights.
You may also have the right to make a complaint to the supervisory authority, in your country or jurisdiction, if you’re not happy with how we’ve handled your personal data.
How to contact us
If you wish to exercise any of your rights in relation to your personal information or if you have any queries about how we use your personal information, please let us know by contacting us at the following address: Blue State, 175 Greenwich Street, 16th Floor, New York NY 10007 or by email at [email protected].
California residents should read our California Vendor Privacy Notice.