We are Omnea Limited (Omnea), a procurement orchestration platform that helps organisations streamline and optimise procurement. We enable businesses to manage supplier relationships, automate procurement workflows, and govern risks. This Policy details how we protect your data and respect your privacy.
If you are an Omnea customer, applying for a job with Omnea, or visiting our website, this Policy applies to you.
If you are a registered customer user of Omnea, we act as the 'data controller' of personal data about you and your use of Omnea, but as the 'data processor' of personal data contained in the information you put into the Omnea platform, such as information about your employees, suppliers, and information contained in your procurement workflows
When interacting with Omnea, we may collect data. Sometimes you provide us with data, sometimes we collect data about you, either automatically or sometimes through other sources, such as publicly available websites or from trusted data suppliers.
How and when we collect data:
If your data is processed by Omnea through one of our customers, for example, as a supplier in a procurement workflow, then we act as the 'data processor' of the Omnea customer. This means we only process your data to help us provide our service to our customer, in accordance with our customer's instructions, or as required by law. Our customer is responsible for making sure that your personal data is treated in accordance with applicable data protection laws. That includes informing you how service providers (like Omnea) collect and use data on their behalf.
We do not collect any "sensitive data" about you (like racial or ethnic origin, political opinions, religious/philosophical beliefs, health data or biometric data) except where we have your specific consent, or where we have to in order to comply with the law.
Our platform includes compliance screening features (including sanctions screening, politically exposed persons (PEP) checks, and adverse media screening) that customers can use to screen their suppliers. When customers use these features, we may share identifying information with third-party compliance screening providers. Screening features may reveal special category data, including information about criminal convictions, allegations, or offences.
Omnea is a business-to-business service directed to and intended for use only by those who are 18 years of age or over. We do not target Omnea at children, and we do not knowingly collect any personal data from any person under 16 years of age.
We may share personal data with third parties who help us run Omnea and our business. Your data is shared only when strictly necessary and with appropriate safeguards.
We share data with:
Service providers and processors: We share personal data with third-party service providers who perform services on our behalf, including cloud hosting and IT infrastructure providers, customer relationship management (CRM) and marketing automation platforms, analytics and website optimisation tools, payment processors, recruitment platforms and applicant tracking systems, AI and machine learning service providers (for candidate assessment and interview analysis), background check and reference verification providers, event management platforms, and email communication and newsletter services.
Professional advisers: We may share personal data with lawyers, accountants, auditors, insurers, and other professional advisers who provide consultancy, legal, insurance, accounting, or similar services to us.
Regulatory authorities and law enforcement: We may disclose personal data to regulatory authorities, law enforcement agencies, courts, or other public authorities where required by law or necessary to protect our legal rights.
Business transfers: If we undergo a merger, acquisition, sale of assets, or other business restructuring, personal data may be transferred to the acquiring or successor entity.
With your consent: We may share personal data with other third parties where you have given us specific consent to do so.
We require all third parties to whom we disclose personal data to respect the security of personal data and to treat it in accordance with applicable data protection laws.
Where personal data is transferred to a third party in a country outside the UK or European Economic Area (EEA) that is not considered to offer an adequate level of protection for personal data, we conduct a transfer risk assessment and ensure that we have in place a binding contract with them containing the current version of the standard contractual clauses with them. Generally, we use the European Commission Standard Contractual Clauses, supplemented by the UK’s International Data Transfer Addendum. We continually monitor this transfer mechanism.
We will retain personal data only for as long as necessary to fulfill the purposes for which it was collected and processed, including to satisfy any legal, accounting, or reporting requirements.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the personal data and whether we can achieve those purposes through other means. We will also consider any applicable legal, regulatory, tax, accounting, or other requirements.
At the end of the applicable retention period, we will securely delete or permanently anonymise personal data so that it can no longer identify you.
Our website uses cookies and similar tracking technologies to distinguish you from other users, improve your browsing experience, and analyse website usage. For more information on how we use cookies and how to manage your cookie preferences, please read our Cookie Policy.
We have implemented appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with applicable data protection laws.
We use AI-powered tools and automated systems to assist in our recruitment processes, including surfacing and matching candidates to suitable roles based on skills, experience, and qualifications, generating summaries or analyses of interview performance, and profiling candidates to identify strengths and areas for development.
We use third-party AI recruitment platforms to help us identify and assess candidates for open positions. These platforms use artificial intelligence to surface suitable candidates and score candidates based on their skills, experience, and qualifications in order to match candidates to specific roles Omnea is hiring for.
These AI tools are used to support, not replace, human decision-making in recruitment. No final hiring decisions are made solely on the basis of automated processing. All recruitment decisions involve meaningful human review and consideration.
If you are subject to any form of automated decision-making or profiling, you have the right to obtain human intervention, express your point of view, obtain an explanation of the decision, and challenge the decision.
You may object to or request a review of any automated decision-making or profiling by contacting us at data@omnea.co.
We may send you marketing communications about our products, services, events, and news where you have consented to receive such communications, you have provided your contact details in the context of a sale or negotiation of a sale of products or services and the marketing relates to similar products or services, or we have another lawful basis to do so, and you have not objected.
You can opt out of receiving marketing communications at any time by clicking the "unsubscribe" link in any marketing email we send you or contacting us at data@omnea.co.
Please note that even if you opt out of marketing communications, we may still send you non-marketing communications, such as service-related messages, responses to your inquiries, transactional communications related to your use of our services, or communications required by law.
Our website may contain links to third-party websites, applications, or services that are not operated or controlled by Omnea.
This privacy policy applies only to personal data collected by Omnea. If you click on a third-party link, you will be directed to that third party's website or service, which will have its own privacy policy.
We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites, applications, or services.
We strongly advise you to review the privacy policy of every website you visit.
This privacy policy primarily describes our practices where we act as a data controller (where we determine the purposes and means of processing personal data).
In many cases, when our customers use our procurement orchestration platform, we act as a data processor on behalf of our customers, who are the data controllers.
Where we process personal data as a data processor, we process personal data only in accordance with the customer's documented instructions and our Data Processing Agreement with that customer; the customer is responsible for ensuring that individuals whose data is processed are provided with appropriate privacy information and that processing has a lawful basis; and individuals should direct any requests to exercise their data subject rights to the relevant customer (the data controller), although we will cooperate with reasonable requests to facilitate the exercise of such rights.
For more information about how we process personal data as a data processor, please refer to the Data Processing Agreement you have with Omnea.
We are registered as a data controller at the UK Information Commissioner's Office under number: ZB504865.
If you have any questions about this privacy policy, our data protection practices, or wish to exercise any of your rights, please contact us:
By emailing our Data Protection Officer: dpo@omnea.co
By writing to us: FAO: Data Protection Officer, Omnea Limited, 123 Buckingham Palace Road, London, SW1W 9SH, England
We have appointed Data Protection Representation Limited as our EU and Switzerland Representative representative. If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR) or have any queries in relation to your rights or general privacy matters, please contact our Representative at datarep@omnea.co.
We may update this privacy policy from time to time to reflect changes in our data processing practices, legal requirements, or for other operational, legal, or regulatory reasons. Any changes we make will be posted on this page with an updated "Last Updated" date at the top of the policy.
We encourage you to review this privacy policy periodically to stay informed about how we protect your personal data. Your continued use of our website or services after any changes to this privacy policy constitutes your acceptance of such changes.