Privacy notice for EEF grantees and suppliers
This privacy notice will inform you as to how we look after your personal data when you supply goods or services to us, receive a grant or partner with us. This page should be read in conjunction with the notice above, 'Privacy notice - information that we need to tell everyone', which covers information relevant to anyone whose data is used by the EEF, including your rights.
Purpose and lawful basis for processing
Your data will be used to process your invoice or grant claim and its payment. It will also be used to contact you to agree on a contract or a purchase order with you. We will also use your data to process the payment of invoices, expense claims or grant claims.
The lawful basis we rely on for processing your personal data is the processing necessary to perform a contract or to take steps at your request, before entering a contract.
What we need and why we need it
We collect your title, name, address, previous names or addresses (where relevant), email address and telephone number, bank details, records of payments made.
We need this information in order to process your invoices or claims.
How long we keep it
We only keep your data for as long as we need it, which, for financial transactions can be up to 7 years.
|Invoices / Expense or Grant claim forms||6 years (from end of financial year in which the transaction was made)|
|Bank records of payments made||6 years (from end of financial year in which the transaction was made)|
What are your rights?
For more information on your rights, please see ‘Your rights’ under 'Privacy notice - information that we need to tell everyone'.
Do we use any data processors?
Yes, we use the following third parties to process your data.
Employees within our company who have responsibility for finance and administration will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processed in line with GDPR.
Data is shared with third parties for the following reasons:
- CAF bank - when adding supplier on one of the bank accounts, also if making online expense or invoice payments via BACS. For more details about how CAF Bank use the data please visit https://www.cafonline.org/navigation/footer/privacy.
- Signable – when uploading expenses claims or invoices onto Signable, our online approval system. For more details about how Signable use the data, please visit https://www.signable.co.uk/gdpr/ , https://www.signable.co.uk/privacy-policy/ and https://www.signable.co.uk/terms-conditions/
- Quickbooks Online Intuit – when accounting for invoices and payment of the invoices. For more details about how Quickbooks Online (Intuit) use the data, please visit https://quickbooks.intuit.com/uk/privacy-policy/
- SAP Concur – when accounting for invoices or claims and payment of the invoices or claims. For more details about SAP Concur use the data, please visit https://www.concur.co.uk/privacy-policy, https://www.concur.co.uk/gdpr and https://www.concur.co.uk/data-security.
We may also share your data with third parties for other reasons to comply with a legal obligation upon us. We have a data processing agreement in place with such third parties to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
We share your data with bodies outside of the European Economic Area. These countries are the United States and the reason for sharing with these countries is that we use Quickbooks Online (Intuit) as our accounting software package, who store our data in the USA. We have put the following measures in place to ensure that your data is transferred securely and that the bodies who receive the data that we have transferred process it in a way required by EU and UK data protection laws: The data transfer mechanism used by Quickbooks Online (Intuit) is the EU-US Privacy Shield regime and Intuit is a certified member of the Privacy Shield scheme.
We also share your data with SAP Concur who host the data in the European Economic Area but who has affiliates and third-party service providers within, as well as outside of, the EEA. Therefore, your Personal Data may be transferred, used, processed or stored in the United States or any other country where SAP Concur operates or maintains facilities or call centers, including jurisdictions that may not have data privacy laws that provide protections equivalent to those provided in your home country.
* This privacy notice was updated on 30 January 2020.