Privacy Notice
Who we are and what we do
We are Bloom Procurement Services Limited (“Bloom”, “us”, “we”, “our”). We are a limited company registered in England and Wales under registration number 08045123 and we have our registered office at 3rd Floor, 1 Ashley Road, Altrincham, Cheshire, WA14 2DT. We are registered with the UK supervisory authority, Information Commissioner’s Office (“ICO”) in relation to our processing of Personal Data under registration number ZA331013.
Unless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.
The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the ‘How to Contact Us’ section.
Who this privacy notice applies to
This privacy notice applies to you if:
- You visit our website
- You enquire about our services by post, phone, email, or online form
- You are a current client
- You register as a buyer or supplier
- You complete our customer requirements form
- You login and use our Marketplace or Provide 2.0 platform
- You agree to receive newsletters and/or other promotional communications from us
Please note that we have a separate privacy notice for job applicants which is available to read directly from the job descriptions posted within our current job openings page.
What Personal Data is
‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.
‘Special Category Personal Data’ is more sensitive Personal Data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation. Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.
Personal Data we collect
The type of Personal Data we collect and/or process about you will depend on our relationship with you. However, we have grouped together the different kinds of Personal Data we may process as follows:
- Identity Data includes first name, last name, username or similar identifier title.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website and services.
The only special category data we may collect is where, as part of your registration, you tell us that you require enhanced screen accessibility options. We will retain this information in your individual profile for as long as you remain an active user of our platform.
For the purposes for which we use the above personal data, please see the table within the ‘Purposes for which we use personal data and the legal bases’ section below.
How we collect your Personal Data
We collect most of the Personal Data directly from you in person, by telephone, text or email and/or via our website.
However, we may also collect your Personal Data from third parties such as:
- reputable companies who provide lead generation contact lists;
- others to whom you have provided consent;
- publicly available sources such as social media platforms;
- sub-contractors in technical, payment and delivery services;
- advertising networks;
- analytics providers;
- your employer if nominated as an approver in our client billing process; and
- a current client wishing to recommend you as a supplier for a project.
Purposes for which we use personal data and the legal bases
We will only use your Personal Data when the law allows. Most commonly, we will use your Personal Data in the following circumstances:
Purpose |
Type of Data |
Lawful Basis |
Responding to correspondence from you |
a) Identity b) Contact
|
It is in our legitimate interest to respond to enquiries made via our website, by email, through our social channels or any other means.
|
Sending you marketing communications which we believe may be of interest |
a) Identity b) Contact |
If you are an existing client or have expressed an interest in our services, we will rely on legitimate interests to contact you for marketing purposes.
You may ‘opt out’ of the processing of your data for this purpose by emailing projects@bloom.services.
We may also process your personal data for marketing with your consent.
If we have captured your consent for the purposes of marketing, that consent may be withdrawn at any time by using the email address above.
|
Provision of our services |
a) Identity b) Contact c) Financial d) Transaction
|
Processing is necessary for the performance of the contract between us. |
Debt Recovery |
a) Identity b) Contact c) Financial d) Transaction
|
We have a legitimate interest in recovering any outstanding moneys owed. |
Business management, forecasting and statistical purposes |
a) Identity b) Contact c) Financial d) Transaction a) Technical b) Usage |
It is our legitimate interest to identify areas for managing current business relationships, develop new products and services, and for managing our business.
|
To administer and protect our Website, Marketplace and Pro-vide 2.0 (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
|
a) Identity b) Contact c) Technical |
This processing is necessary for our legitimate interests (for the provision and administration of our IT services, platforms, internal systems, network security, and to prevent fraud. |
Market Research |
a) Identity b) Contact c) Profile |
It is in our legitimate interest to ask you to leave a review or complete a survey in order for us to identify areas for improvement throughout our services.
|
Improving our websites and the overall website visitor and user experience. |
a) Technical b) Usage |
It is our legitimate interest to allow analytics and search engine providers to help improve and optimise our websites. |
Improving our websites and the overall website visitor and user experience. |
a) Technical b) Usage |
We use cookies on our websites with your consent. |
Where Personal Data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.
Sharing your Personal Data
We may also disclose your information to third parties in connection with other purposes set out in this privacy notice. These third parties may include:
- business partners, suppliers and sub-contractors who may process information on our behalf
- advertisers, social media platforms, and advertising networks
- analytics and search engine providers
- IT service providers
This site may also include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our site, we encourage you to read the privacy policy of every website you visit.
Where we are under a legal or regulatory duty to do so, we may disclose your details to the police, regulatory bodies or legal advisors, and/or, where we consider necessary to protect the rights, property or safety of Bloom, its personnel, users or others.
International Transfers
Your Personal Data may be processed outside of the UK. This is because the organisations we use to provide our service to you are based outside the UK.
We have taken appropriate steps to ensure that the Personal Data processed outside the UK has an essentially equivalent level of protection. We do this by ensuring that either:
- Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation);
- We enter into Standard Contractual Clauses (“SCCs”) with the receiving organisations and adopt supplementary measures, where necessary. (A copy of the SCCs can be found here along with the UK IDT Addendum);
- We enter into an International Data Transfer Agreement (“IDTA”) with the receiving organisation and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here international-data-transfer-agreement.pdf (ico.org.uk)).
How long we keep your data
We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.
At the end of the retention period, your personal data will be securely deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.
How we protect your data
We implement appropriate technical and organisational measures to protect data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
In addition to the technical and organisational measures we have put in place, there are simple things you can do to in order to further protect your personal information, such as:
- Never share One Time Passcodes (OTPs).
- Never enter your details after clicking on a link in an email or text message.
- Always send confidential information by encrypted email to reduce risk of interception.
- If you’re logged into any online service do not leave your computer unattended.
- Close down your internet browser once you’ve logged off.
- Never download software or let anyone log on to your computer or devices remotely, during or after a cold call.
- You can easily identify secure websites by looking at the address in the top of your browser which will begin https:// rather than http://.
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
For more information about our use of cookies, please see our cookie notice.
Your data protection rights
You have certain rights in relation to the processing of your Personal Data, including to:
Rights |
Description |
Right to be informed |
Individuals have the right to be informed about the collection and use of their personal data. |
Right of access |
Individuals have the right to receive a copy of their personal data, and other supplementary information. |
Right to rectification |
Individuals have the right to have inaccurate personal data rectified or completed if it is incomplete. |
Right to erasure (the ‘right to be forgotten’) |
Individuals have the right to request their personal information to be erased, in certain circumstances. |
Right to restrict processing |
Individuals have the right to request the restriction or suppression of their personal data, in certain circumstances, in particular: · if your data is not accurate; · if your data has been used unlawfully but you do not want us to delete it; · if your data is no longer needed, but you want us to keep it for use in legal claims; or · if you have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request. |
Right to data portability |
Individuals have the right to obtain and reuse their personal data, in a machine-readable format, for their own purposes across different services, in certain circumstances. |
Right to object |
Individuals have the right to object to the processing of their personal data, in certain circumstances.
Where we are using your personal data because it is in our legitimate interests to do so, you can object to us using it this way.
Where we are using your personal data for direct marketing, including profiling for direct marketing purposes, you have an absolute right to ask us to stop doing so. |
Rights with respect to automated decision-making and profiling |
Individuals have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. |
In addition to the above, an individual also has the following rights:
Rights |
Description |
Right to withdraw consent (if applicable) |
Where we are using your personal data based on your consent, you can withdraw your consent at any time. |
Right to lodge a complaint with a supervisory authority |
You have the right to raise a complaint about how we handle your personal information with the Information Commissioner’s Office by calling 0303 123 1113 or visiting https://ico.org.uk/make-a-complaint/. |
Exercising your data protection rights
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Children’s Privacy
We do not offer our products and services to children, and we do not knowingly collect Personal Data of children without parental consent, unless permitted by law. If you are under 18 years of age, you must not use our services. If we learn that a child has provided us with their Personal Data we will securely and permanently delete it, in accordance with applicable law.
How to contact us
If you would like to exercise your statutory data protection rights, or if you have any concerns or questions about how we handle personal data, please contact us using the details below:
Bloom Procurement Services Limited
3rd Floor, 1 Ashley Road
Altrincham
Cheshire
WA14 2DT
Our telephone number is 020 3948 9400.
Alternatively, you can email us at projects@bloom.services.
We have also appointed a Data protection Officer (“DPO”). Our DPO is Evalian Limited and can be contacted by using the above email or postal address. Please send your communication clearly indicating ‘FAO the ‘Data Protection Officer’ and your message will be passed directly to Evalian Limited for attention.
How To Complain
You have the right to lodge a complaint with the relevant supervisory authority, if you are concerned about the way in which we are handling your Personal Data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at https://ico.org.uk/make-a-complaint/ or by telephone on 0303 123 1113.
Changes to this privacy notice
We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify of the changes where required by applicable law to do so.
Last modified: 24.04.2024