Privacy Notice For Suppliers

DATA CONTROLLER

1. In the course of our business transactions, Motrol Ltd collects and processes personal data relating to its suppliers, i.e. any person or organisation who provides a product or service the company needs. We are committed to being transparent about how we collect and use this data and about meeting our data protection obligations.

WHAT INFORMATION DO WE COLLECT?

1. Motrol Ltd collects and processes a range of information about its suppliers and potential suppliers. This includes:
   1. (a) full name of the relevant contact;
   2. (b) company address
   3. (c) contact details including email address and telephone numbers;
   4. (d) details of the services/products provided;
   5. (e) the terms and conditions of our contract with you; and
   6. (f) bank details.
2. We collect this information in a variety of ways including telephone conversations, email correspondence, supplier forms, etc.
3. Motrol does not collect or process special categories of personal data i.e. particularly sensitive information about its suppliers at any time.
4. Data will be stored in a range of different places including on our project files, accounts systems and other IT systems (including email).
5. Supplier decisions are not based solely on automated decision-making

WHY DOES MOTROL PROCESS PERSONAL DATA?

1. Motrol needs to process supplier data to consider whether to enter into a contract with a supplier or after entering into a contract with a supplier and to meet its obligations under such a contract. For example, the company needs to process supplier data for banking purposes and to contact suppliers about orders, deliveries, returns, etc.
2. In some cases, we need to process data to ensure that we are complying with our legal obligations such as health and safety laws.
3. In other cases, Motrol has a legitimate interest in processing personal data before, during and after the end of the contracting relationship.
4. Processing supplier data allows Motrol to:
   1. (a) maintainaccurateanduptodatesupplierrecordsandcontactdetails;
   2. (b) provide effective support services to the company;
   3. (c) assist in improving our services;
   4. (d) paysuppliersinaccordancewiththeirpaymentterms;
   5. (e) ensure effective general business administration;
   6. (f) comply with health and safety legislation; and
   7. (g) respond to and defend against legal claims.
5. Where Motrol relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.

WHO HAS ACCESS TO DATA?

1. Your information will be shared internally for operational purposes. This includes Directors, project teams and members of the Accounts department. If necessary, we will share your data with third parties such as solicitors and Courts in relation to disputes or with third parties that process data on our behalf, e.g. for the purposes of year end accounting.
2. Motrol will never sell your details to a third party or transfer our data to countries outside the European Economic Area.

HOW DOES MOTROL PROTECT DATA?

1. Motrol takes the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Electronic data is stored securely via secure and password protected systems. Hard copy information is locked away when not in operational use.
2. Where we engage third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

FOR HOW LONG DOES MOTROL KEEP DATA?

Motrol will hold your personal data for the duration of our contract with you. The period for which your data is held after the contract is dependent upon any legal or statutory requirements to retain the data and beyond that it will be retained on the basis of the legitimate business interests at the company’s discretion. The retention of this data will be reviewed periodically. Once it is decided that this is no longer relevant the information will be deleted or destroyed.

YOUR RIGHTS

1. As a data subject, you have a number of rights. You can:
   • access and obtain a copy of your data on request;
   • require the organisation to change incorrect or incomplete data;
   • require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
   • object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing; and
   • ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing data.
2. If you would like to exercise any of these rights, please contact the HR department.
3. If you believe that Motrol has not complied with your data protection rights, you can raise the matter with the HR department at hr@enisca.com initially or can complain to the Information Commissioner.

WHAT IF YOU DO NOT PROVIDE PERSONAL DATA?

You have some obligations under your contract agreement to provide Motrol with relevant data in order for us to enter into a contact with you. In particular you are required to provide relevant and accurate contact and invoicing details and it is in your best interest to provide all relevant information pertaining to your services. Failing to provide this data may mean that we are unable to fulfil our contractual obligations to you.