Information for suppliers

View of Edale from Edale Rocks at Kinder Scout in the Peak District, Derbyshire

As a UK conservation charity protecting historic places and green spaces it is important that goods and services meet our requirements and comply to our terms and conditions.

Our values 

Our suppliers play a crucial role in enabling the National Trust to care for special places. We aim to work with suppliers who share our values and avoid business practices which harm the environment or individuals and communities.  This includes zero tolerance of modern slavery in all its forms:

Modern slavery statement 

The National Trust's statement on modern slavery.

How we buy goods and services - what suppliers need to know

To help us work efficiently with our suppliers and make sure we hold accurate and up-to-date information, any suppliers we use will be first, formally invited to register on Proactis, our supplier management system:
If you are a prospective supplier who would like to tender your goods or services to the National Trust, you can register yourself on Proactis ( without an invite from the National Trust. If we advertise an opportunity you will then be able to view it using this Portal.

Please note however that you will need to be invited specifically by the National Trust before our staff will be able to raise orders with you.

Please only accept a request for goods/services from a formal National Trust purchase order. This should be issued to you before you dispatch any goods /services or before sending an invoice to us for payment. The only exception to this will be the use of Purchasing Cards for smaller transactions.

All orders will be subject to our standard terms and conditions unless different terms and conditions have been agreed between the supplier and the National Trust.

Our payment terms 

Unless we have specifically agreed otherwise with you we will pay the price of the goods and/or services 30 days from the later of (a) the date of invoice, or (b) the date the goods and/or services are received, provided that a valid invoice, quoting the Purchase Order number, is received by National Trust Supplier Invoices at PO Box 352, Darlington, DL1 9QQ or and provided that the supplier has registered properly on the Proactis portal following a formal National Trust invitation.

Existing Suppliers Invoicing

If you can email us a PDF or other electronic image of your invoices and credit notes then please send them to:

Otherwise please post hardcopies of invoices and credit notes to us at this new PO Box address:

If you have queries about billing, invoicing or payments please contact:

National Trusts Supplier Invoices
PO Box 352
If you are a utility or one-bill supplier than we will have given you different address information, but unless we have contacted you directly about that then please use the address information above.

Existing Supplier Queries

If you have queries about billing, invoicing or payments please contact:

National Trust Finance Service Centre
Epsom Court
Epsom Road
BA14 0XF
Tel: 0844 800 4201

General Data Protection Regulation

You will most likely be aware of the new General Data Protection Regulation which was implemented in the UK on the 25th May 2018.

This legislation requires all organisations that process personal data, or engage others to do so on their behalf, to adopt certain practices to safeguard personal data.  If you are an existing supplier you will have received an email from us notifying you of a change to our terms of business. 

If you have any queries about these changes you may find the following Q & A section helpful:

Q: Are these changes really necessary?

A: We’re afraid they are. However, we’re trying to strike a balance between doing all the things we have to do to achieve compliance, and going over the top and asking too much of suppliers. Therefore, we have adopted terms in a form recommended by the regulators / ICO (

These should therefore become ‘standard terms’ for everyone and you should find other organisations will ask you to sign up to very similar or identical terms.

We could have used different ‘friendlier’ looking terms but on balance we thought it was simplest to just adopt the ones that the regulators are recommending since we expect these to become ‘standard practice’.

Q: But the sort of work I do has nothing to do with personal data, why these complicated terms?

A: If you don’t process personal data on our behalf you can ignore all this. The terms will technically still apply to our relationship but because of the way they’re written they will have no effect on you.

The Trust has a very large number of suppliers doing an incredibly broad range of activities. Therefore, it’s impractical to review every single arrangement and establish which suppliers process personal data, and which don’t. Had we tried to do that, this would have created a lot more work for our suppliers and for us.

Q: What is ‘personal data’?

A: Personal Data is any information that tells you something about an identifiable living individual. This could include name and address, e-mail addresses or contact numbers.

Certain ‘special categories’ of personal data are more heavily protected. These include information about racial or ethnic origin, sexual orientation or religious belief. If you process that sort of data (or large amounts of personal data in general) we are more likely to get in touch and ask you to work with us to review our processes to ensure data is processed securely. This may include entering into a specific ‘Data Processing Agreement’.

Q: What is the Data Processing Agreement you refer to?

A: Ideally, we should list out the forms of processing that our suppliers are involved in as part of our terms of business. In reality this is too impractical to do with all suppliers that process personal data (and had we gone down that route this process would be much more difficult for you!). However, we will do this with those suppliers that we think are higher risk in the form of a specific ‘Data Processing Agreement’.

We may consider suppliers ‘high risk’ either because they process personal data that is more heavily protected under the regulations (‘special category data’) or because suppliers process large amounts of personal data in general. We will be in touch with suppliers that we deem high risk.

Q: But we already operate under agreed terms / we only operate under our own terms / we have accepted standard National Trust terms. Surely this doesn’t apply to us?

A: They do! Regardless of the arrangements that may already exist, if you process personal data on our behalf, we have to ensure that specific terms are included that oblige our suppliers to safeguard personal data. The terms that we have sent to you via our ‘Proactis’ system will take effect as an amendment to whatever agreement(s) we have with you.

Other clients of yours (especially large clients) are likely to ask you to do very similar things. We expect the terms that we have sent to you to become ‘normal industry practice’.

Q: Where can I go to find out more about this?

A: The ICO Website here has a lot of information about the General Data Protection Regulation and the piece of UK legislation that brings it into effect (the Data Protection Act 2018). If this is all news to you we would encourage you to take advice.

If you handle personal data as part of your business (and most businesses do) then you will be affected by these regulations and it is likely you will need to change your processes in order to be compliant.

Construction work at Croome, Worcestershire

Assessment of our building contractors 

Useful information on our new method of assurance for building contractors, and how to get started.

Dunwich Heath Coastguard Cottages Heather

Our cause 

We know the positive effects that special places have on people, so we work hard to keep them special. We look after our shared natural and built heritage across England, Wales and Northern Ireland, so it lasts for ever, for everyone.