Delivered by Co-operatives UK in partnership with The Co-operative Bank
The Hive: Support provider specification
Jump to table of contents

Data processing and security details

Section 1 – Data processing details

Processing of the Protected Data by the Support Provider under this Agreement shall be for the subject‐matter, duration, nature and purposes and involve the types of Personal Data and categories of Data Subjects as follows:

1. Subject‐matter of processing:

Client Information in connection with the performance of the Support Provider’s obligations under this Agreement

2. Duration of the processing:

The Protected Data shall be processed for the Term of this Agreement and thereafter, only for as long as is necessary for the proper performance of the Services up to a maximum period of 6 months

3. Nature and purpose of the processing:

To deliver support to The Hive clients.

4. Type of Personal Data:

Name, email addresses, tel number

5 Categories of Data Subjects:

Clients participating in the Hive programme.

Section 2 – Minimum technical and organisational security measures

The Support Provider shall implement and maintain the following technical and organisational security measures to protect the Protected Data.

In accordance with the Data Protection Laws, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of the Protected Data to be carried out under or in connection with this Agreement, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons and the risks that are presented by the processing, especially from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Protected Data transmitted, stored or otherwise processed, the Support Provider shall implement appropriate technical and organisational security measures appropriate to the risk, including as appropriate those matters mentioned in Articles 32(1)(a) to 32(1)(d) (inclusive) of the GDPR.

The Support Provider should also refer to Co‐operatives UK’s Privacy Notice and Data Protection Policy, which can be accessed at https://www.uk.coop/privacy.

The Privacy Notice describes how we collect and use personal information about individuals, in accordance with the General Data Protection Regulation (GDPR).

The Data Protection Policy sets out the basis on which Co‐operatives UK will process any personal data we collect or process.