If you are a supplier then this information applies to you:
- GOTO Group takes data protection seriously.
- We keep to a minimum the information we hold about you
- We use your data to consider using your goods/service, respond to your enquiries, manage our relationship with you, meet our legal obligations, including paying you, and improve our website
- We delete your data when it is no longer needed for these things
- Generally, we do not give your information to third parties, but there are some exceptions
- You have privacy rights
- We are happy to talk to you about how we process and protect your data
What data we hold
We may hold the following information about you:
- Your personal name and work contact information
- Your payment details
- Records of calls made (inbound and outbound)
- CCTV images if you visit our location
Details of the technical personal data that we process if you use our website is below:
- We generate log files from various servers when you visit our website: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
- Unless you have adjusted your web browser settings (if and where possible) to refuse cookies, our system will issue cookies as soon as you visit our website or related online services.
- Some of our websites, like many others, use Google Analytics, a web analytics tool provided by Google to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google can provide more details about their cookies.
Using your information
Managing our relationship with you
We will use your data to manage our relationship with you, to enquire about/buy products and services from you, and to pay you.
We need to use your details to enter into and perform contracts with you, as well as keeping track of what we have agreed – a legitimate thing for a business to do.
Dealing with your enquiry
If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, so that we know what we have said to whom. It is also legitimate for us to keep track of what we said to you so we can understand further business need and plan our strategy accordingly.
Technical data
We use log files from our servers to assist in our firm”s security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).
The basis for processing this is that we have legal and regulatory obligations to protect our supplier and their information. When used for strategy planning, we do this under legitimate interest.
We use cookies to improve your experience of our website, for example to keep you logged in.
Transfers of your data
We only transfer data outside of the EEA if it is to a country or organisation that is deemed by the EU to have adequate protection of data. For example, our cloud data providers in the US are all signed up to the Privacy Shield – https://www.privacyshield.gov/list . Data may be required to be shared with governing regulatory bodies when we have a legal obligation to do so.
Retention periods
Supplier contact details: for as long as we have a relationship with you or think we might want to buy products or services from you, or for the duration of a dispute with you.
Third parties
We do have a small number of companies providing services to us. These are our processors and in line with our obligations, we have confirmed that they all meet the requirements of the GDPR.
Technical security
GOTO Platform
- The GOTO platform is hosted on a widely-used and recognised secure cloud platform.
- Access to the GOTO platform is controlled by an industry standard Authentication mechanism. With the exception of a handful of anonymous pages (such as the Login page), all areas of the system are protected by requiring Username and Password authentication.
- If a user attempts to access the system with a login/password combination that does not exist in our database, they will not be authenticated and thus refused access.
- The GOTO platform employs a role-based authorisation system. Logged in users are assigned permissions according to their role and are only permitted to view pages pertinent to that role.
- All user interaction with the GOTO System is logged to facilitate security auditing.
Email and Office Documents
- Emails and office documents are hosted and managed on a widely-used and recognised secure cloud platform.
- Access to items is limited to users who have been authenticated by a login/password mechanism.
- Access to emails and documents is further restricted according to role. Logged in users are only permitted to view emails and documents pertinent to their role.
- Geographic restrictions are used where appropriate, for example to prevent access to documents by users who are off-premises.
Servers
- Platform, email and document servers are maintained in a secure cloud environment as already stated. Administration access to the cloud environment is restricted to a small number of trusted users and limited by a recognised login/password mechanism.
- Administration access to cloud platforms is logged.
- Specialised servers (such as the server which maintains call recording for example) are hosted on premises.
- On-premises servers are only accessible by a small number of trusted users whose access is limited by a recognised login/password mechanism.
Laptops
- Access to laptops is limited to company staff, each of which has their own unique set of login credentials.
- Laptops are centrally managed from the secure cloud platform (i.e local accounts are not used at all). This allows access to the device to be disabled from a central location in the event that the laptop is lost for example.
- Geographic restrictions are in place for laptops which are used in secure areas. Such laptops do not have access to the GOTO platform, emails or documents outside of company premises.
Call recording
Phone calls to and from our offices are recorded to ensure we are dealing with our suppliers in the manner that they expect. These recordings are therefore processed under legitimate interest when used for training and quality purposes. It may also be necessary to share recordings with governing regulatory bodies where we have a legal obligation to do so.
If you don’t want your call to be recorded, just let us know at the beginning of the phone call.
Your rights
As a supplier you have rights in respect of our processing of your personal data. The relevant rights are:
- Request a copy of your personal data and information about our processing of it
- Request that we delete information on you, if we do not need to hold it
- Request that we correct any personal data that we hold on you
- Request that we stop processing your data, although we can still hold it
- Request that we move your data to another organisation’s IT system electronically
If you want to exercise any of these rights, please contact us at: humanresources@gotogroup.co.uk
You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here:
https://ico.org.uk/global/contact-us/postal-addresses
Contact us
If you want to talk to us about this, please email humanresources@gotogroup.co.uk