Green PathBack to home

Legal

Privacy Policy

Last updated: 21 May 2026

1. Who we are

Green Path ("we", "us", "our") provides a supplier sustainability maturity assessment platform for UK procurement teams. This policy explains what personal data we collect, why we collect it, and the rights you have under the UK GDPR and the Data Protection Act 2018. For the purposes of UK data protection law, Green Path is the data controller for personal data processed through this website and platform.

2. Data we collect

  • Account data: name, work email address, organisation name, role, and password (stored as a hash).
  • Assessment data: answers, evidence files, certificates and policies that you or your suppliers upload to the platform.
  • Usage data: log data, device and browser information, IP address, and pages visited, collected to keep the service secure and reliable.
  • Communications: messages you send us (e.g. support requests) and supplier invitations issued through the platform.

3. How we use your data

  • To provide, operate and improve the Green Path platform.
  • To authenticate users and protect accounts from unauthorised access.
  • To generate supplier scores, action plans and reports for your organisation.
  • To send service-related communications, including supplier invitations.
  • To meet our legal, regulatory and contractual obligations.

Our lawful bases for processing are: performance of a contract, our legitimate interests in running and securing the service, your consent (where required), and compliance with legal obligations.

4. Sharing your data

We do not sell your personal data. We share it only with trusted processors who help us run the service (such as our cloud hosting and database providers), and where required by law. Within the platform, supplier assessment data is visible to the procurement organisation that invited the supplier; internal notes are private to that procurement team.

5. Data retention

We keep personal data only for as long as needed to provide the service and to meet our legal obligations. You can request deletion of your account and associated data at any time by contacting us.

6. Security

We use industry-standard technical and organisational measures including encryption in transit, hashed passwords, role-based access controls and row-level security in our database to protect your data.

7. International transfers

Some of our service providers may process data outside the UK. Where this happens, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or equivalent mechanisms.

8. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict or object to our processing of your personal data, and the right to data portability. You can also complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

We use a small number of strictly necessary cookies to keep you signed in and to keep the service secure. We do not use advertising or cross-site tracking cookies.

10. Contact us

For any privacy-related questions or to exercise your rights, please contact us at hello@green-path.pro.

11. Updates

We may update this policy from time to time. Material changes will be notified through the platform or by email.