Skip to main content

Privacy Notice

Suppliers and Subcontractors


What this Notice covers

Sherwoods takes privacy very seriously and we are committed to protecting the privacy and security of your personal information.

This Privacy Notice describes how we collect and use personal information about you in accordance with the General Data Protection Regulation (GDPR) and data protection legislation.

Identity of the data controller

Sherwoods is a “data controller”.

This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

Categories of personal data we process

We will collect, store, and use the following categories of personal information about you:

• Personal & Business contact details such as name, title, addresses, telephone numbers, personal email & Business email;
• Bank Account details
• National Insurance Number & Unique Tax Reference and or Company Registration Number;
• Relative Business information

Our lawful bases for processing your data

We will use your personal information in the following circumstances:

• To administer and manage our relationship with you, including to set up and maintain your Supplier account facility;
• To process orders with you for goods and services;
• To deal with any enquires written or verbally that we may receive from you;
• To comply with any applicable laws and regulations.
• Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests.

Our purposes for processing your data

• Determining the terms on which we work for you;
• Administering the contract, we have entered with you;
• Making payment to you for goods or services you have provided us with.
• Verifying you (if necessary) with HMRC under the CIS scheme.

Who has access to your data

We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

Recipients of your data may include third-party service providers (such as our Business Software Provider & IT Maintenance Providers). other related business entities; a regulator or to otherwise comply with the law.

Where we do so, we will require third parties to respect the security of your data and to treat it in accordance with the law.

Below is a list (not exhaustive) of the main third parties we work with and a link to their privacy notice/website:

BigChange Apps Limited – we use Bigchange Apps ltd as our software job management system, for more information about Big Change Apps please read their Privacy Notice at:

Arthur J Gallagher Insurance Brokers – We use AJG for all our Insurance needs for further information please refer to their website at:

Bishop Fleming Chartered Accountants – We use Bishop Fleming Chartered Accountants for all our accounting and tax returns – for further information regarding their Privacy Notice please refer to:

Myriad Digital Group – We use Myriad Digital Group who are a data processor on behalf of Sherwoods and manage our IT infrastructure, files & backups – for further information please refer to:

Security of your data

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

How we decide how long to retain your data

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.