| 47.74. EMS: Supplier Guide. |
| 1. The Customer Relationship Management (CRM) service is complemented with a Supplier Relationship Management (SRM) service. |
| 2. The SRM support every kind of business associate that is not a prospect or a customer. |
| 3. Every business associate known to the organisation is a member of the CRM or SRM or both. |
| 4. The Owner and staff are a kind of business associate in the SRM. |
| 5. TPI and ASP are a kind of business associate in the SRM. |
| 6. Each energy provider is a kind of business associate in the SRM, even when no contracts exist with the energy provider. |
| 7. Every business associate has the legal right to view, correct and delete their personal information. |
| Glossary: |
| Bespoke Application Service is the exchange used to manage contracts between customers and suppliers. |
| Customer Relationship Management service deals with customer information. |
| Supplier Relationship Management service deals with supplier and all other information. |
| Customer is a company that has a trade relationship with the broker. |
| Prospect is a company that have no fiduciary relationship with the broker. |
| Client is an optional name for a customer. |
| Consumer is an optional name for a customer. |
| Supplier is a company that provides energy services to a customer. |
| Provider is an optional name for a supplier. |
| Business Associate is a person as: |
| (1) Customer contact name. |
| (2) Supplier contact name. |
| (3) Approved person (staff). |
| (4) Third Party Intermediary. |
| (5) Application Service Provider. |
| (6) Any other person known to the business. |
| Access Rights. |
| 1. By law, every person must be granted rights to access, correct and delete their data. |
| 2. The Owner shall assign approved people to access all brokerage information or as account managers, to only access their own CRM information. |
| 3. Access Rights includes: |
| (1) None for when a person has requested to be forgotten. |
| (2) Personal information as the default rights of each person. |
| (3) Account manager with access to only the CRM information that they have been assigned as the account manager. |
| (4) Broker with access to all CRM and read-only access to SRM information. |
| (5) Owner with access and download rights to all CRM and all SRM information. |
| 4. The ASP second level support team have "broker" access rights to train Eliza according to improvement requests as directed by the data controller. ASP decline to have download rights that carry significant data breach liabilities. |
| 5. A unique welcome page is provided for each kind of access right. The Owner may enable and disable services provided by access right. |
| What the Owner does. |
| 1. The Owner is legally called the Data Controller. By definition, the Data Controller controls access to all business data. |
| 2. The ASP is legally called the Data Processor. The Data Processor is only able to access business data in accordance with written improvement requests as directed by the Data Controller. |
| 3. The Data Controller has a unique welcome page with services enabled that only the Data Controller can access. |
| (1) Add new approved person as a Broker or Account Manager. |
| (2) Get one-time pass-phrase for approved person who forgot their permanent pass phrase. |
| (3) Change supplier contact, TPI and staff information. |
| (4) Download selected information. |