Showing results for 
Search instead for 
Did you mean: 
Showing results for 
Search instead for 
Did you mean: 

Privacy Policy

This Privacy Policy sets out the information we collect, how we use it and what choices you have. Please get in touch if you have any questions! You can reach us at:

Purpose and scope of this Policy

This Privacy Policy outlines how Collaboroo collects, stores and uses personal information that it collects about you.

Lawful Basis for Processing

We will only Process your Data if there is a lawful basis for such Processing. The lawful basis for Processing Personal Data will be one of the following:

  • Consent. You have given Colaboroo clear and specific consent for Processing your Data.
  • Contract. You, or the organisation you work for, have entered into a contract in which the Processing of your Data is required.
  • Legal obligation. We need to Process your Data in order to comply with a common law or statutory obligation.
  • Legitimate interests. We have a legitimate interest in processing your Data in circumstances where it would be reasonable for you to expect such Data Processing and where there is a minimal privacy impact. Some direct marketing activities may be based on legitimate interests. Where legitimate interest is deemed to apply, Colaboroo will have carried out a Legitimate Interest Assessment.

Contact details:

For the purpose of data protection legislation, the data controller is The Consortium for Purchasing and Distribution Ltd (which includes the trading entity West Mercia Supplies) ("The Consortium") which has its registered office at: 140 Eastern Avenue, Milton Park, Abingdon, Oxon. OX14 4SB.


Collaboroo uses the following definitions in relation to data:

Personal Data (GDPR, Rec.26; Art.4(1)):
"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.”

Special Categories of Personal Data (GDPR, Rec.10, 34, 35, 51; Art.9(1)):
"Sensitive Personal Data" are personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data. Data relating to criminal offences and convictions are addressed separately (as criminal law lies outside the EU's legislative competence).”

Data Controller (GDPR, Art.2(d)):
"Controller" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State laws, the controller may be designated by those laws.”

Data Processor (GDPR, Art.2(e)):
“Processor" means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.”


Information you give us

This is information about you that you give us:

  1. We may collect and process personal information about you when you register your details and become a Collaboroo member. This includes your name and email address and any other information you give us, such as your avatar and bio informationwhen filling in forms on our websites;
  2. If you post something on Collaboroo, we collect details of what you have posted, including any photographs;
  3. by corresponding with us by phone, email or otherwise;
  4. when you register to use our websites;
  5. when you subscribe to our services;
  6. when you place an order on one of our websites;
  7. when you participate in discussion boards or other social media functions on our websites
  8. to enter a competition, promotion or survey; and
  9. when you report a problem with our websites.

The information you give us may include your name, address, e-mail address and phone number, organisation, job role or title, financial and credit card information and some interests / preferences.

Information we collect about you

Visits to websites
With regard to each of your visits to our websites we will automatically collect the following information:

  1. technical information, including your login information, the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
  2. information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page platform and any phone number used to call our customer service number.

Completion of forms
Our site uses various forms to help us manage requests and enter you into competitions. We collect contact information (like names and email addresses). Contact information is used to respond to enquiries, or get in touch with you when necessary. If you have given us your consent to do so, we sometimes use this contact information to send you information about our company and our products and services by phone, email or post.

Information we receive from other sources

This is information we receive about you if you use any of the websites we operate or other services we provide. In these cases we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on our websites. We will also have told you for what purpose we will share and combine your data.

We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies).


Information you give us

Use of the information
We will use the information you give us:

  1. to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
  2. to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
  3. to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data;
  4. to notify you about changes to our service;
  5. to ensure that content from our site is presented in the most effective manner for you and for your computer;
  6. We may use your information to help you share an entry with friends, or subscribe to a blog.


We collate the information collected about you in order to offer you a more tailored marketing experience.

Information we collect about you

We will use the information we collect about you:

  1. to administer our websites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  2. to improve our websites to ensure that content is presented in the most effective manner for you and for your computer;
  3. to allow you to participate in interactive features of our services, when you choose to do so;
  4. as part of our efforts to keep our websites safe and secure;
  5. to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
  6. to make suggestions and recommendations to you and other users of our websites about goods or services that may interest you or them.

For marketing purposes, we may collect, store and use the following kinds of personal data:

  1. information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit and number of page views);
  2. information that you provide to us for the purpose of registering with us (including name, company, telephone number and email address); and
  3. any other information that you choose to send to us.

We will use this information to send to you marketing communications relating to our business which we think may be of interest to you by post or by email (if you are an individual, we will have specifically obtained your consent for this) or similar technology. You can inform us at any time if you no longer require marketing communications.

IP addresses

The Internet protocol (IP) address used to connect your computer to the Internet. We use your IP address for the following purposes:

  1. Ops issue triage: if you notify us of an issue, or our monitoring identifies an issue, then the information within the servers’ logs is used to identify the root cause and, wherever possible, identify a fix.
  2. Issue trending: this provides us with aggregated trend data so we can monitor the quality of the service year-on-year.
  3. Application usage data: we use server logs to review system usage, both for issue triage and for service reporting year-on-year.
  4. Service analytics data: we do Pingdom and Microsoft to gather analytical data.


We use cookies on our websites to improve your experience on the websites, mainly so that we don't have to ask you for your information on every page you visit. It also allows us to personalise the information shown to be closer to your interests.

We (or third-party data processors acting on our behalf) may collect, store, and use your personal information for individual website experience improvement.

For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.


Sharing your personal information

You agree that we have the right to share your personal information with:

  1. Anyone can see the public blogs you post and the bio information you make public, including your avatar.
  2. Any member of the RM Group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
  3. Selected third parties including:
    • business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
    • advertisers and advertising networks that require the data to select and serve relevant adverts to you and others;
    • analytics and search engine providers that assist us in the improvement and optimisation of our websites; and
    • credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.

Disclosure to third parties

We will disclose your personal information to third parties:

  1. In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
  2. If any RM Group company or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
  3. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of any of our RM Group companies, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.



The data that we collect from you will be transferred to, and stored at:

  1. Third party cloud-hosted environments, e.g. Microsoft Azure, using servers that reside only in EEA.
  2. Third party data centres, using servers that reside only in the UK.
  3. A destination outside the European Economic Area (”EEA Your personal data may be processed by staff operating outside the European Economic Area ("EEA") who work for us (employed by our wholly-owned subsidiary, RM Education Solutions India Pvt) or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Security: websites

All websites have security measures in place to protect the loss, misuse and alteration of the information under our control. Where necessary RM will inform law enforcement agencies or other relevant organisations regarding misconduct.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted and utilise technologies to ensure PCI DSS compliance. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our websites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.


We keep your information only so long as you are a member of Collaboroo. When you cease being a member, we delete your information.


Individuals’ Rights

In accordance with data protection legislation, Collaboroo recognises that data subjects have specific rights that must be protected and observed.

Right to be informed

Collaboroo provides members with information about how personal data is collected, processed and managed. RM seeks to provide this information in language that is clear, concise and intelligible. This information is intended to be easily accessible for internal and external users.

Right of access

Collaboroo provides data subjects with access to the personal data that it manages as a data controller. A Subject Access Request (SAR) process has been defined (see paragraph 8 below) and communicated. Data subjects for whom RM is not the data controller but may process their personal data, should – in the first instance – contact the data controller directly when requesting such access.

Right to rectification

Collaboroo recognises the right of individuals to have inaccurate or incomplete data to be amended. Data subjects for whom Collaboroo is not the data controller, should – in the first instance – contact the data controller when making a data rectification request.

Right to erasure

Collaboroo recognises the right of individuals to request for their data to be deleted or removed where there is no compelling reason for its continued processing. Collaboroo will, in all cases, follow the ICO’s guidance on how and when such a request should be observed.

Right to data portability

Where the right of portability applies, as defined by the ICO, Collaboroo will provide data in a form that is structured, commonly used and in a machine readable form. In most cases, this will be the CSV format.

Right to object

Collaboroo recognises the right of individuals to object to the processing of their personal data, where such objections are allowable under data protection legislation.

Rights related to automated decision making including profiling

Collaboroo does not use automated decision making where such decisions have a significant effect on data subjects.

Withdrawing consent

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.

Right of complaint to the ICO

Should you have a concern about Collaboroo’s information rights practices, please report it to us for investigation. If, following our internal review, you are not satisfied, you can report the matter to the Information Commissioner’s Office.


The Data Protection Legislation gives you the right to access information held about you. Your right of access can be exercised in accordance with such legislation.

Upon receipt of a written request to our Data Protection Officer (see below for contact details), Collaboroo will within thirty (30) days:

  1. confirm whether any of your personal data is being processed;
  2. provide a description of the personal data, the reasons it is being processed and whether it is given to any other organisations; and
  3. if it is not disproportionate to do so, provide copies of the information comprising the data.

If the request is particularly complex or numerous, Collaboroo may extend the period for repose by up to two (2) months.

If the request is manifestly unfounded or excessive, Collaboroo may charge a fee or refuse to respond.

If disclosing the personal data will adversely affect the rights and freedoms of others, Collaboroo may withhold such personal data. This may extend to intellectual property and trade secrets.


Any changes we make to the Privacy Policy in the future will be posted on each website. Please check back frequently to see any updates or changes to this Privacy Policy.


If you have any questions or comments about this Privacy Policy, please contact our Data Protection Officer:

RM Data Protection Officer
140 Eastern Avenue
Milton Park
Abingdon, Oxfordshire
OX14 4SB
United Kingdom

Telephone: +44 (0) 8450 700300
Fax: +44 (0) 8450 700400