General Data Protection Regulation (GDPR) Compliance

Effective Date: March 31st 2025

At Northwen Group ("we", "our", "us"), your privacy is important to us. We are committed to ensuring that your personal data is handled in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

This GDPR Policy explains what data we collect, why we collect it, how we use it, and the rights you have as a data subject.

1. Who We Are

Northwen Group is a Canadian-based vendor coordination and contract brokering company that helps service providers access public sector opportunities.

Contact:
Northwen Group
Email: support@northwengroup.com

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

• Full name, email address, phone number

• Business name and contact details

• Location and IP address (for analytics)

• Any information voluntarily submitted via contact forms, applications, or onboarding

3. How We Use Your Data

We collect and process data only where we have legal grounds to do so. Your data is used to:

• Respond to inquiries or service requests

• Coordinate vendor onboarding and subcontractor agreements

• Provide support and service-related communications

• Improve our website and services through analytics (e.g., Google Analytics)

• Comply with legal obligations (e.g., for government bids)

4. Legal Basis for Processing

We process your personal data based on one or more of the following:

• Consent: When you fill out forms or subscribe to updates

• Contract: To fulfill service agreements or communications

• Legal obligation: To comply with procurement or regulatory laws

• Legitimate interest: To operate, improve, and market our services

5. Data Retention

We retain your data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Vendor and contractor details may be retained for compliance or audit purposes for up to 7 years.

6. Your Rights Under GDPR

You have the right to:

• Access your personal data

• Correct inaccurate or incomplete data

• Request deletion of your data ("Right to be forgotten")

• Restrict or object to certain processing

• Withdraw consent at any time

• Data portability (receive your data in a structured, machine-readable format)

• Lodge a complaint with a supervisory authority

To exercise any of these rights, email us at: support@northwengroup.com

7. Data Sharing & Third Parties

We may share data with trusted third-party services for:

• Email hosting (Hostinger)

• Web analytics (e.g., Google Analytics)

• Contract submissions (e.g., SAP Ariba)

• Payment or invoicing tools (if applicable)

All third parties are contractually obligated to comply with GDPR or equivalent standards.

8. Data Security

We use secure protocols (HTTPS), access controls, and encryption where appropriate to safeguard your personal information from unauthorized access, alteration, or disclosure.

9. International Data Transfers

Our services may involve transferring data outside of the EU/EEA, including to Canada and the United States. In such cases, we ensure that appropriate safeguards are in place, such as standard contractual clauses (SCCs) or other lawful mechanisms.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page and, where appropriate, notified by email.

Contact information:

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may send an email to vannessa.nyangor@northwengroup.com.