At Bywater PSCM we understand that we have a responsibility to protect and respect your privacy and look after your personal data. This Privacy Statement explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely.

For clarity, Bywater PSCM may be both data controller and data processor for your personal data under certain circumstances.

We hope the following sections will answer any questions you have but if not, please do get in touch with us at

We must advise that this policy is subject to change, so please check our website for the current version of this statement.

Bywater PSCM Limited

Bywater PSCM Limited is a specialist, UK based, training and consultancy business supporting the development and enhancement of our clients’ commercial capabilities in procurement, supply chain management, contract management and sell-side commercial activities across both the private and public sectors. We therefore operate on a strictly “business to business” sales, marketing and operational basis.

For simplicity throughout this statement, ‘we’ and ‘us’ means Bywater PSCM Limited and ‘you’ and ‘yours’ refers to your organisation and its employees or representatives (whether a client, potential client, PSCM Associate or supplier to PSCM)

The Legal Basis and Principles We Adopt in Managing Your Data

Data protection laws state that we are only able to process personal data if we have valid reasons to do so. In compliance with the key principles as set out in the new EU GDPR Regulations (and Data Protection Act 1998) we:

  • Ensure all employees, associates and suppliers to our business are aware of GDPR principles and our associated policies.
  • Review and document the types of personal data we hold, where it has come from, who has access to it and what we do with it.
  • Store your personal data properly and securely.
  • Only process your personal data on a lawful basis (with your consent, because we have a legitimate interest in the data to run our business, because we are required to do so legally or in order to win or perform a contract with you).
  • Update and make freely available on our website this Privacy Statement for our employees, existing and potential clients, associates and suppliers.
  • Have procedures in place to enable clients, potential clients, associates and suppliers to exercise their rights to see, correct, restrict access, transfer or remove their personal data from our systems in a readily accessible format, free of charge.
  • Have ensured procedures are in place to detect, report and investigate personal data breaches.
  • Adopt a “data protection by design” principle to the planning and operational delivery of our assignments.

How do we collect personal data from you?

We receive personal data information about you, your employees or representatives in one or more of the following ways:

  • When you provide it to us in the conduct of normal business.
  • When you request we collect it from your employees.
  • When you complete forms on our website.
  • When you contact us by phone, email, or otherwise in respect of any of our services or during the purchasing of any such service.

If you provide us with personal data about a third party (eg. your employees, suppliers or associates) you warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data.

What type of data do we collect from you?

The personal data that we may collect from you includes your name, address, email address, phone numbers, and payment related information. We also retain records of your enquiries and correspondence, in the event you contact us.

Should you provide us with, or require that we collect, personal data relating to your employees, associates or suppliers we merely process such data on your behalf, subject to any agreement between us. You are responsible for any applicable legal requirements in respect of such data.

How do we use your data?

We may use information about you in the following ways:

  • To provide customer care, including responding to your requests if you contact us with a query / enquiry
  • To process and administer assignments that we deliver for you
  • To fulfil our consulting and training services in the best possible way
  • To comply with contractual obligations we have with you
  • To administer accounts, process payments and keep track of billing and payments
  • To enable us to review, develop and improve our services
  • To validate information you have provided to us
  • To notify you about changes to our website and services
  • To provide you with information about our products and services that you request from us or which we feel may interest you (subject to your consent); and
  • To inform you of service and price changes.

Retention periods

We will keep your personal data for the duration of the period you are a Customer, Associate or Supplier of Bywater PSCM. We shall retain your data only for as long as necessary in accordance with applicable laws.

On the completion of an assignment / contract with you, we may keep your data for up to 7 years. We may not be able to delete your data before this time due to our legal and/or accountancy obligations.

We may also keep customer personal data for the purpose of keeping you informed about our products and services that you request from us or which we feel may interest you (subject to your consent).

Customer employee or representative personal data provided by the customer or instructed to be gathered by us in the course of delivering our services will usually be retained for a period of two years after completion of the assignment / contract unless otherwise agreed with the customer. This data will not be used by us for marketing purposes without consent.

We assure you that your personal data shall only be used for the purposes stated herein.

Access and Use of Your Personal Data

Here is a list of the ways your personal data may be used and shared in the course of fulfilling our business commitments. For clarity we have grouped these according to the nature of our business relationship with you:

  • Customers: We process your data for administration, billing, support, marketing and the provision of our services. Your personal information may be shared with our Associates and Suppliers for the purpose of fulfilling our services only, but not with any other third parties
  • Potential Customers: We process your data for responding to sales enquires and for marketing purposes. Your personal information is not shared with any third parties.
  • Bywater PSCM Associates and Suppliers: We process your data for assignment administration and payment purposes only. Your personal information may be shared with our Associates, Suppliers and Customers (or their nominated representatives) for the purpose of fulfilling our services only, but not with any third parties.

For clarity where we pass your personal data to other parties for the provision of services on our behalf, we will only ever share information about you that is necessary to provide our services and will take the necessary steps to ensure your privacy rights are protected. For clarity you are responsible for the accuracy of any personal data supplied to us.

Your Rights

We have procedures in place to enable you to exercise your rights to see, correct, restrict access, transfer or remove your personal data from our systems in a readily accessible format, free of charge.

You have the right to object to our use of your personal data, or ask us to delete, remove or stop using it if there is no need for us to keep it (subject to our need to retain information for legal reasons or accountancy purposes).

Please contact us at if you wish to exercise any of your rights to your personal data which we hold.

Our Website

You may choose to contact us through our enquiries tabs on our website. This will always ask you to positively consent to us retaining your personal details and keeping you informed of our products and services.

Our website may provide links to third party sites. Since we do not control these websites, we cannot be responsible for the information supplied by them. We encourage you to review the privacy policies of these third party sites.

We use Google Analytics to monitor the performance of our website but do not knowingly capture or process any personal information in doing so.

Storage and Protection of Your Personal Data

We know how much data security matters to you so we treat your data with the utmost care and take all appropriate steps to protect it.

Since the transmission of information via the internet is not completely secure we cannot guarantee the security of your data transmitted to us and any transmission is at your own risk. Once we have received your information we take measures to ensure your data is secure from unauthorised access.

All our data is stored on the cloud with an ISO27001 certified and GDPR compliant provider, providing robust privacy and security protections. Once received by us your personal data is encrypted, both when in further transit (using HTTPS) and when stored.

Strict access controls to our data are in place both by the provider, and ourselves where access is only provided to employees on a “role” and “need to know basis” and under individual password protection at all times.

Our provider routinely monitors their systems for vulnerabilities and has robust arrangements in place to prevent data loss. In the event of a known data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.

Contact Us / Complaints

Please e-mail any questions, comments or complaints you may have about your privacy to in the first instance.


Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn