AIS LTD Supplier Privacy Notice

This is our supplier privacy notice in line with the new data protection legislation (known as General Data Protection Regulation - GDPR) with effect from 25th May 2018.

The policy includes:

• The data that we hold
• How we use it
• Why we need it
• Who has access to it
• What your rights are
• Details of who to contact with any queries

Background

Associated Independent Stores Limited (AIS Ltd) based at Cranmore Park, Cranmore Avenue, Shirley, Solihull, B90 4LF is a member Buying Group and is committed to protecting the data it collects and using it fairly to contact existing and potential members with business relevant information and applies the current laws, which are known as the General Data Protection Regulation (GDPR).

Wholly owned subsidiaries and divisions of AIS Ltd will be adhering to this privacy policy including: Cenpac (AIS) Ltd, Intersport UK Ltd, AIS Property Ltd, as well as Flooring One and plaY-room.

Data obtained through any of the above entities of AIS Ltd can be shared within the Group as per the "How we process your data" section of this policy.

How the law protects you

Your privacy is protected by law. This section explains how this works.

Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sometimes sharing it outside AIS Ltd. The law says we must have one or more of these reasons:

• To fulfil a contract (i.e. the Supplier Agreement) we have with you, or
• When it is our legal duty, or
• When it is in our legitimate interest, or
• When you otherwise consent to it

A legitimate interest is when we have a business or commercial reason to use your information in our normal course of business and as verified by our legitimate interest assessment (although even then it must not unfairly go against what is right and best for you).

Information we may collect about you

We will primarily hold business related information, although that may include some personal data about you, including for example your name, address, telephone/mobile number(s) and email address.

If we are running an event or training course that you, or any of your teams, are personally attending, then we may collect more sensitive data such as dietary requirements or access needs if applicable

Examples of the sources of data we collect about you or your company:

• supplier application form;
• supplier agreement;
• other application or registration forms for shows, events, training courses;
• when you talk to us on the telephone, personally or communicate with us via social media or website;
• in emails and letters;
• financial reports;
• business accounts;
• bank details;
• when you use our website;
• cookies (click here for more detailed information);
• when you interact on social media;
• email tracking facilities;
• in surveys;
• payment and transactional data;
• the internet;
• publicly available information;

What personal data do we collect for business purposes?

AIS Ltd may collect the following information about you:

• your name;
• your business contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;
• purchases and orders made by you;
• your on-line browsing activities on our websites, including aistores.co.uk and Members Net sites, as well as other related product and show websites owned by AIS Ltd;
• your password(s);
• your communication and marketing preferences;
• your product interests, preferences, feedback and survey responses;
• your location;
• your correspondence and communications with AIS Ltd.

How we process your data

GDPR law says that we can only use your personal information if we have a proper reason to do so. This includes sharing your data with third parties. We may process your personal data for the following purposes, if relevant:

• to administer your supplier realtionship with AIS Ltd and to manage interactions with your business;
• to provide services to you;
• to tailor your experience on our websites;
• to manage any registered account(s) that you hold with us;
• to verify your identity;
• for crime and fraud prevention, detection and related purposes;
• with your agreement, to contact you electronically about services which we think may interest you;
• for research and statistical analysis;
• to carry out marketing activities in a business context, e.g. Conference, Shows and Bulletins;
• to allow you to interact with AIS Group members and relevant service or preferred suppliers;
• to provide you with information about other services we are offering;
• where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
• to communicate with you about industry news and events, updates to your supplier relationship and other activities we are involved in as a Buying Group and believe you would be interested in
• to provide advice or guidance about using our services
• to collect and recover money that is owed to us
• to communicate with you via social media

We process this data on the basis of our legitimate interest to run AIS Ltd in an efficient and proper way for the benefit of our members and suppliers. This includes managing our financial position, planning, audit, communications, business capability and to exercise our rights set out in agreements and contracts. We also process your personal data where required to comply with laws and regulations that apply to us.

How will we protect information we hold?

AIS Ltd has various data and security policies in place to ensure the safe-keeping of the data that we collect. Staff are trained and regularly updated to ensure they are treating your data within the guidelines of this notice.

Data is stored securely within AIS Ltd’s systems to prevent unauthorised access. To deliver products and services to you, it is sometimes necessary for AIS Ltd to share your data outside of the European Economic Area.

This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws. If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice is to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers.

Retention Period

There are various lengths of time that data is kept for depending on need and other laws that we adhere to. You have the right to be forgotten within our database as long as there isn't an over-riding legitimate business need.

Unless we explain otherwise to you, we'll hold your personal information based on the following retention periods for personal data:

• Supplier records - throughout the commercial relationship and no less than 12 months after that should end
• Events - 2 years after the event you attended
• Training records - 12 months after the course or event ends
• Financial records - 7 years
• Related company accounts to agreements - 3 years
• New supplier enquiries - 7 years
• CCTV - 30 days

When we may share your information

We will treat your personal information as private and confidential, but may share it with each other and disclose it outside of the AIS Ltd group of companies if:

• allowed by any agreement entered into by you;
• you consent;
• needed by our agents, advisers or others involved in running accounts and services for you or collecting what you owe to other companies;
• needed by third parties to help manage your records (such as our IT suppliers who run our computer systems) - please note we will have appropriate separate service contracts in place with these firms;
• governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so:-
• to comply with our legal obligations;
• to exercise our legal rights (for example in court cases);
• for the prevention, detection, investigation of crime or prosecution of offenders; and
• for the protection of our employees.

Please note that where we have a relationship with a third party involving your data, we will have a signed data controller/processor agreement with them.

What are your rights?

You have the right to ask us to provide you with access to and rectification or erasure of your personal data providing there isn’t a legitimate business need by virtue of you remaining a member of AIS Ltd. Providing you with this information is free of charge, but charges may apply for excessive requests. You have the right to ask us to provide you or a third party with the personal data you have provided to us, in an electronic format.

You have the right to object to certain purposes for processing.

If you wish to stop us from providing you with marketing or information communications then you can opt out at any time by ticking the appropriate boxes within an email or mailing or contacting us directly.

If you have any questions about how AIS Ltd use your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by either of the following means:

• email us at: This email address is being protected from spambots. You need JavaScript enabled to view it.
• write to us at Cranmore Park, Cranmore Avenue, Shirley, Solihull, West Midlands, B90 4LF

You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk.

Changes to this policy

Any changes we make to this policy in the future will be communicated to you by email or letter. The full notice (as it currently stands) will be available on our website (www.aistores.co.uk) as well as available on request via the above email address.

Breaches

In the event that we believe there is a serious breach to our systems or data we will inform the Information Commissioner's Office within 72 hours and will inform the affected parties as soon as practically possible thereafter.

This policy was last updated in May 2018.