Privacy policy


At Grouptree Ltd, we value your privacy and understand the importance of protecting your personal data. This privacy policy explains how we collect and process personal data related to our
responsible sourcing platform, Origin. For any questions regarding data protection, please contact our Data Protection Officer at Grouptree Ltd, 5 Tanner Street, Bermondsey, London SE1 3LE.

Personal data processed

We collect and process personal data related to our users, including contact details (such as name, email address, and phone number) and information about your use of the platform (including IP address, browser information, and website usage data). We may also process personal data related to an identifiable person who can be directly or indirectly identified by reference to an identifier such as location data or online identifier.

Information we collect

We collect information provided to us by users, such as when a contact form is submitted via our website. We may also collect information about users' use of the platform, such as their IP address, browser information, operating system, and website usage data.

Purposes of processing

We process personal data to identify users as the sender of, and to process, their emails. We also use personal data to develop and improve our services, for analytics and trending purposes, and to
carry out specific actions users may request.


We will only process data if we have received freely given consent from users to provide the information and services requested. Users may provide consent by submitting an online form that will provide clear and prominent details of why we are holding data, as well as the option to opt-out. Any consent will provide details of the specific purpose of processing data.

Right of access

Users have the right to access their personal data. If you require access to personal information, please send your request by email to or post and include the following

Your full name, address, and contact telephone number.

Information to help us identify you, such as email address or username.

Details of the specific information you require and any relevant dates.

On request, we will provide information about the collection and use of personal data, including the purposes for processing the data and retention periods. No personal data is used for any purpose other than that which is indicated at the point of consent, and personal data is never passed to any third parties.

The right to be forgotten

If a user withdraws consent or requests that their information is erased either in writing or verbally, we will comply with the request within one month of it being made.

Data transfer

We do not transfer data between organizations outside of the European Union unless a client has requested that data is transferred as part of a requirement to carry out the services and is written via an API to a 3rd party data processor.

Data retention

We only retain information for as long as is required to provide services to our clients or as required by law. All data is stored on Amazon Web Services, which has strong tenant isolation security and control capabilities. When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals.

Right to data portability

On request, we will provide individuals with their data so it can easily be transferred from Grouptree's environment in a safe and secure way. Data will be transferred as a structured CSV file so that the receiving environment can extract the required elements. Requests for data transfer will be responded to immediately and actioned within one month of the request being received.

Keeping data accurate

Grouptree will take all reasonable steps to ensure the accuracy of any data that we hold. If data is found to be inaccurate, incorrect or misleading the individual concerned has the right to rectify, block, erase `or destroy the inaccurate information.