AF Privacy Policies

The AF Group Limited Member Privacy Policy

The AF Group Limited(AF) and all its wholly owned subsidiary companies (collectively known as “The AF Group”) are committed to protecting and respecting your privacy.

This Policy sets out the basis on which AF (“We” or “Us”) collects personal data from you and the way in which it will be processed by us. Please read this Policy carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purposes of the relevant data protection legislation, the “controller” (or “data controller”) is The AF Group Limited of Honingham Thorpe, Colton, Norwich, Norfolk, NR9 5BZ. Questions, comments and requests regarding this Policy are welcomed and should be addressed to ops@theafgroup.co.uk.

1: Why we collect your information

We collect different types of information about you for the following reasons:

1. To take specific steps necessary to process your application for membership.
2. To provide quotations for goods / services through the AF Group.
3. To place orders for goods / services through the AF Group.
4. To carry out our obligations arising from any contracts entered into between you and us.
5. For our legitimate interests, in order to manage and / or administer your account, unless any of those legitimate interests are overridden by any of your interests or fundamental rights and freedoms.
6. For our legitimate interests, in order to communicate with you about the goods and services available through the AF Group, unless any of those legitimate interests are overridden by any of your interests or fundamental rights and freedoms.

2: When we collect your information

We collect information from you when:

1. You enquire about membership.
2. You complete a membership application form.
3. You provide the information requested on a requirement or enquiry form.
4. You complete the annual declaration form.
5. We request information from you in order to process a quotation or order.
6. We speak to you over the phone in the process of managing your account.
7. We communicate with you via email in the process of managing your account.
8. You write to us to confirm changes to the account.
9. You complete a lead sheet at a show or event.

3: The types of personal data we collect

In order to become a shareholding member of AF, the minimum information we require is your full business trading title, a contact name, address, telephone number, email address and your bank account details. During the course of your membership, we may collect additional information about you if it has been provided using the above methods.

During the membership application process, we may ask for trade references to ensure that you are able to meet your liabilities to the AF Group.
To ensure we comply with our legal obligations, we may also collect personal data for our health and safety records and to enable us to perform any due diligence necessary to enter into a contract. For example, we may ask you to provide the following documentation;

Shotgun certificates.

Insurance certificates.

Machine operator certificates.

Certificates of competency / attendance.

Qualification certificates.

We reserve the right to disclose or share your personal data in order to comply with any legal requirements, enforce our membership rules and regulations, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business and other members. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

All calls to and from the AF office landline phone numbers are recorded, with the exception of calls where payment is taken, when the recording is manually terminated.

4: How we use the data collected

In order to meet our obligations to you under a contract, we may use your data in the following ways:

To process your application for membership.

To provide a quotation for goods / services.

To provide you with goods / services, which includes managing the collection and delivery of goods, and managing any contracting services provided by us or on our behalf.

To manage your account and to keep accurate records of goods and services provided.

To contact you regarding your account, for example, to liaise with you to arrange collection or delivery of goods, or to provide services as requested.

To invoice you for the goods / services provided.

To take payment for goods / services provided.
For our legitimate interests, we may also use your data to;

Contact you about the goods / services available through the group. As a shareholding member of AF we feel it is important that you are able to make the most of your membership. Contacting you about current market conditions, new products or services, or offers available to you enables us to do this. You are able to choose the types of information you receive using the preferences link in the email. You are also able to unsubscribe from these emails at any time using the unsubscribe link at the bottom of the email.

Manage / administer your account.
We also record all calls made to and from the AF office landline numbers. Access to a recorded call will only be given when the request has been approved by at least two senior managers and when there is a valid reason for needing to access the call recording. We process this data for our legitimate interests for;

Complaints and disputes – In the event of a complaint or dispute, a call recording (if available), may provide additional information to help us quickly investigate and resolve a complaint or dispute.

Employee safety and wellbeing - A recording may become a vital piece of evidence in the event of any threats being made to the organisation or an individual.

If we need to process your personal data for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use.

5: When we will share your personal data

We will share your personal data with the following third parties for the reasons stated below:

Selected third party suppliers / contractors. A full list of our approved suppliers is available on the AF interactive website – www.afinteractive.co.uk. If you ask us to provide a quotation for goods / services or you ask us to order goods / services on your behalf we may pass your data to the supplier for the reasons stated below. We will only pass your address and contact data onto a third party supplier if you have asked us to provide goods / services and we have a data processing contract in place with the supplier to ensure they protect your data or we have reviewed the privacy policy of the supplier to ensure they are aware of their data protection obligations.
o Address and contact information may be passed to a third party supplier when obtaining a quotation on your behalf in order for the supplier to provide an accurate delivery charge quotation or to enable the supplier to contact you directly to discuss the quotation.
o Delivery address and contact information will be provided to a supplier when placing an order for goods / services so they can process the order, deliver the goods / provide the services and invoice us accordingly.

Redshelf Ltd T/A InTouch Systems, 36 Hurricane Way, Norwich, Norfolk, NR6 6HU for back up and disaster recovery purposes.

Campaign Monitor Pty Ltd, Level 38, 201 Elizabeth Street, Sydney NSW 2000, Australia for email marketing purposes.

Txtlocal Limited, IMImobile, 5 St. John’s Lane, Farringdon, London, England, EC1M 4BH for text marketing purposes.

We may pass customer information to credit reference agencies, for example Creditsafe, in order to verify your identity and assess your credit score to ensure you are able to meet your obligations to us under a contract.

Your personal data may be shared between the AF Group of companies and its’ employees in order to facilitate the management and administration of your account.

Where we pass your personal information to our selected third party suppliers, we will only provide the information that is necessary to deliver the goods / service or perform the obligations in a contract. Where possible, we have a data processing contract in place with our suppliers that requires them to keep your information secure and not to use it for their own direct marketing purposes. Where the supplier acts as a data controller and is unable to sign the contract, we will review the supplier’s privacy policy annually to ensure they are aware of their data protection obligations. AF will never sell your personal data or pass it to any other third parties without your consent.

We reserve the right to disclose or share your personal data in order to comply with any legal requirements, enforce the terms and conditions in our contract, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business and other members, suppliers and contractors. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

6: Where we store your personal data

All of the personal data that you provide to us is stored on our secure servers located at our head office. We use our best endeavours to ensure that your data is held securely and in accordance with this privacy policy.

Offsite backups are securely held by InTouch Systems as part of our disaster recovery plan, to ensure that we can get back up and running quickly in the event of a disaster.

We upload a small amount of personal data, namely email addresses, to Campaign Monitor in order to provide email marketing services. This data may be stored or transferred outside of the European Economic Area (EEA). We have additional EU Standard Contractual Clauses in place with Campaign Monitor to protect this data.

Due to the global nature of some of our third party suppliers, the data that we provide to a third party supplier may be transferred to, and stored at, a destination outside of the EEA in order to process your order. By submitting your personal data to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Where we have a data processing contract in place with our suppliers, the contract ensures that if your data is transferred outside of the EEA, the supplier will take the steps below to ensure that;

There are appropriate safeguards in place in relation to the transfer of any personal data outside of the EEA.

You have enforceable rights and effective legal remedies.

There is an adequate level of protection to any personal data that is transferred outside of the EEA.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data when it is being transmitted to us. Any transmission is at your own risk. Once we have received your information, we will use strict safeguarding procedures and security features to try to prevent any unauthorised access to your personal data.

7: How long we retain your personal data for

Call recordings will be retained for a maximum of six months.

We will hold personal data and bank account details for the duration of your membership.

Transactional data including invoices will be held for at least the minimum amount of time that we are legally required to hold it for.

8: Your rights

Please see the relevant sections below for further details on your rights as a data subject. You can exercise any of the above rights by emailing us at ops@theafgroup.co.uk.

We will endeavour to comply with any request made within one month from the date of your request. However, we may extend this date to two months if the request is excessive or of a repetitive nature. If we need more than one month to meet your request we will let you know.

Please note that where we receive requests under this section which are manifestly unfounded or excessive, in particular because of their repetitive character, we may:

1. Charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or
2. Refuse to act on the request.

8.1: Right to access / access request

You have the right to request access to the information that we hold on you. In order to protect your information, we may take reasonable steps to verify your identity before we can hand over your data.

8.2: Right to rectification

You have the right to ask us to update any personal information that is incomplete or inaccurate. We will endeavour to ensure that if we update your information, we will pass this onto our selected third parties, including suppliers and contractors.

8.3: Right to erasure / right to be forgotten

You have the right to ask us to delete your personal data if;

The personal data is no longer necessary for the purpose which we originally collected or processed it for.

You object to the processing of your data and there is no overriding legitimate interest for us to continue this processing.

We have processed the data unlawfully.

We have to in order to comply with a legal obligation.

8.4: Right to restrict processing

You have the right to ask us to restrict or supress the processing of your personal data if;

You have previously informed us that the data is inaccurate.

We no longer require the data for its original purpose, but we need to hold it, or you ask us to retain the information to comply with legal obligations.

We have processed the data unlawfully.

We are in the process of deleting your data.

We will endeavour to ensure that where you have asked us to restrict the processing of your data, we will inform our selected third parties, including suppliers and contractors accordingly.

8.5: Right to data portability

You have the right to receive a copy of your data in a commonly used machine-readable format for transfer to another controller, provided the data was processed for the purpose of a contract between us and the processing is being carried out by automated means.

This will allow you to move, copy or transfer personal data easily from one IT environment to another. Alternatively, we can transmit such data directly to another organisation. Please note that we will not be able to comply with a data portability request if this will affect the rights and freedoms of others.

8.6: Right to object

You have the right to restrict processing based on legitimate interests. If you exercise your right to object, we will stop processing your personal data unless;

We are able to demonstrate compelling legitimate grounds for the processing.

The processing is for the establishment, exercise or defence of a legal claim.

9: What to do if you are not happy with how we process your data

If you consider that we are in breach of our obligations under the GDPR you have the right to complain to the Information Commissioner’s Office (ICO).

10: Review of this policy

We keep this policy under regular review. This policy was last updated on 26/09/2018.

The AF Group Limited Supplier Privacy Policy

The AF Group Limited (AF) and all its wholly owned subsidiary companies (collectively known as “The AF Group”) are committed to protecting and respecting your privacy.

This Policy sets out the basis on which AF (“We” or “Us”) collects personal data from you and the way in which it will be processed by us. Please read this Policy carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purposes of the relevant data protection legislation, the “controller” (or “data controller”) is The AF Group Limited of Honingham Thorpe, Colton, Norwich, Norfolk, NR9 5BZ. Questions, comments and requests regarding this Policy are welcomed and should be addressed to ops@theafgroup.co.uk.

1: Why we collect your information

We collect different types of information about you for the following reasons:

1. To take specific steps necessary to process your application to become a supplier.
2. To request quotations for goods / services through the AF Group.
3. To place orders for goods / services through the AF Group.
4. To carry out our obligations arising from any contracts entered into between you and us.
5. For our legitimate interests, in order to manage and / or administer your account, unless any of those legitimate interests are overridden by any of your interests or fundamental rights and freedoms.
6. For our legitimate interests, in order to tell you about important updates about the AF Group, unless any of those legitimate interests are overridden by any of your interests or fundamental rights and freedoms.

2: When we collect your information

We collect information from you when:

1. You enquire becoming a supplier.
2. You complete our service level agreement.
3. You provide the information requested on an enquiry form.
4. We request information from you in order to process a quotation or order.
5. We speak to you over the phone in the process of managing your account.
6. We communicate with you via email in the process of managing your account.
7. You write to us to confirm changes to the account.
8. You complete a lead sheet at a show or event.

3: The types of personal data we collect

In order to become a supplier to the AF Group, the minimum information we require is your full business trading title, a contact name, address, telephone number, email address and your bank account details. Whilst you have an active supplier account, we may collect additional information about you if it has been provided using the above methods.

To ensure we comply with our legal obligations, we may also collect personal data for our health and safety records and to enable us to perform any due diligence necessary to enter into a contract. For example, we may ask you to provide the following documentation;

Insurance certificates.

Machine operator certificates.

Certificates of competency / attendance.

Qualification certificates.

We reserve the right to disclose or share your personal data in order to comply with any legal requirements, enforce our membership rules and regulations, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business and other members. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

All calls to and from the AF office landline phone numbers are recorded, with the exception of calls where payment is taken, when the recording is manually terminated.

4: How we use the data collected

In order to meet our obligations to you under a contract, we may use your data in the following ways:

To process your application to become a supplier.

To request a quotation for goods / services.

To place an order for goods / services.

To manage your account and to keep accurate records of goods and services provided.

To contact you regarding your account, for example, if we have any invoice queries.

To process invoices provided by you.

To pay you for goods / services provided.

For our legitimate interests, we may also use your data to;

Contact you about important updates that may affect your supplier account.

Manage / administer your account.

We also record all calls made to and from the AF office landline numbers. Access to a recorded call will only be given when the request has been approved by at least two senior managers and when there is a valid reason for needing to access the call recording. We process this data for our legitimate interests for;

Complaints and disputes – In the event of a complaint or dispute, a call recording (if available), may provide additional information to help us quickly investigate and resolve a complaint or dispute.

Employee safety and wellbeing - A recording may become a vital piece of evidence in the event of any threats being made to the organisation or an individual.

If we need to process your personal data for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use.

5: When we will share your personal data

We will share your personal data with the following third parties for the reasons stated below:

Members / customers of the AF Group who have expressed an interest in the goods / services you provide.

Redshelf Ltd T/A InTouch Systems, 36 Hurricane Way, Norwich, Norfolk, NR6 6HU for back up and disaster recovery purposes.

Campaign Monitor Pty Ltd, Level 38, 201 Elizabeth Street, Sydney NSW 2000, Australia for email marketing purposes.

Txtlocal Limited, IMImobile, 5 St. John’s Lane, Farringdon, London, England, EC1M 4BH for text marketing purposes.

Your personal data may be shared between the AF Group of companies and its’ employees in order to facilitate the management and administration of your account.

AF will never sell your personal data or pass it to any other third parties without your consent.

We reserve the right to disclose or share your personal data in order to comply with any legal requirements, enforce the terms and conditions in our contract, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business and other members, suppliers and contractors. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

6: Where we store your personal data

All of the personal data that you provide to us is stored on our secure servers located at our head office. We use our best endeavours to ensure that your data is held securely and in accordance with this privacy policy.

Offsite backups are securely held by InTouch Systems as part of our disaster recovery plan, to ensure that we can get back up and running quickly in the event of a disaster.

We upload a small amount of personal data, namely email addresses, to Campaign Monitor in order to provide email marketing services. This data may be stored or transferred outside of the European Economic Area (EEA). We have additional EU Standard Contractual Clauses in place with Campaign Monitor to protect this data.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data when it is being transmitted to us. Any transmission is at your own risk. Once we have received your information, we will use strict safeguarding procedures and security features to try to prevent any unauthorised access to your personal data.

7: How long we retain your personal data for

Call recordings will be retained for a maximum of six months.

We will hold personal data and bank account details for the duration of your membership.

Transactional data including invoices will be held for at least the minimum amount of time that we are legally required to hold it for.

8: Your rights

Please see the relevant sections below for further details on your rights as a data subject. You can exercise any of the above rights by emailing us at ops@theafgroup.co.uk.

We will endeavour to comply with any request made within one month from the date of your request. However, we may extend this date to two months if the request is excessive or of a repetitive nature. If we need more than one month to meet your request we will let you know.

Please note that where we receive requests under this section which are manifestly unfounded or excessive, in particular because of their repetitive character, we may:

1. Charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or
2. Refuse to act on the request.

8.1: Right to access / access request

You have the right to request access to the information that we hold on you. In order to protect your information, we may take reasonable steps to verify your identity before we can hand over your data.

8.2: Right to rectification

You have the right to ask us to update any personal information that is incomplete or inaccurate. We will endeavour to ensure that if we update your information, we will pass this onto our selected third parties, including suppliers and contractors.

8.3: Right to erasure / right to be forgotten

You have the right to ask us to delete your personal data if;

The personal data is no longer necessary for the purpose which we originally collected or processed it for.

You object to the processing of your data and there is no overriding legitimate interest for us to continue this processing.

We have processed the data unlawfully.

We have to in order to comply with a legal obligation.

8.4: Right to restrict processing

You have the right to ask us to restrict or supress the processing of your personal data if;

You have previously informed us that the data is inaccurate.

We no longer require the data for its original purpose, but we need to hold it, or you ask us to retain the information to comply with legal obligations.

We have processed the data unlawfully.

We are in the process of deleting your data.

We will endeavour to ensure that where you have asked us to restrict the processing of your data, we will inform our selected third parties, including suppliers and contractors accordingly.

8.5: Right to data portability

You have the right to receive a copy of your data in a commonly used machine-readable format for transfer to another controller, provided the data was processed for the purpose of a contract between us and the processing is being carried out by automated means.

This will allow you to move, copy or transfer personal data easily from one IT environment to another. Alternatively, we can transmit such data directly to another organisation. Please note that we will not be able to comply with a data portability request if this will affect the rights and freedoms of others.

8.6: Right to object

You have the right to restrict processing based on legitimate interests. If you exercise your right to object, we will stop processing your personal data unless;

We are able to demonstrate compelling legitimate grounds for the processing.

The processing is for the establishment, exercise or defence of a legal claim.

9: What to do if you are not happy with how we process your data

If you consider that we are in breach of our obligations under the GDPR you have the right to complain to the Information Commissioner’s Office (ICO).

10: Review of this policy

We keep this policy under regular review. This policy was last updated on 14/05/2018.

The AF Group Limited Employee and Recruitment Privacy Policy

The AF Group Limited (AF) and all its wholly owned subsidiary companies (collectively known as “The AF Group”) are committed to protecting and respecting your privacy.

This Policy sets out the basis on which AF (“We” or “Us”) collects personal data from you and the way in which it will be processed by us. Please read this Policy carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purposes of the relevant data protection legislation, the “controller” (or “data controller”) is The AF Group Limited of Honingham Thorpe, Colton, Norwich, Norfolk, NR9 5BZ. Questions, comments and requests regarding this Policy are welcomed and should be addressed to hr@theafgroup.co.uk.

Every day our business will receive, use and store personal information about our members, customers and employees. It is important that this information is handled lawfully and appropriately in line with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (collectively referred to as the ‘Data Protection Requirements’.)

We take our data protection duties seriously, because we respect the trust that is being placed in us to use personal information appropriately and responsibly.

1: Data Protection Principles

The GDPR requires that 6 data protection principles are followed in the handling of personal data. These principles require that personal data must:

Be processed lawfully, fairly and in a transparent manner

Be obtained for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes

Be adequate, relevant and limited to what is necessary

Be accurate and, where necessary, kept up to date

Not be kept longer than is necessary to the purpose

Have appropriate technical and organisational measures against unauthorised or unlawful processing, loss, damage or destruction

2: Why we collect your information

We collect different types of information about you for the following reasons:

To take specific steps necessary to enter into an employment contract with you.

To carry out our obligations arising from any contracts entered into between you and us.

3: When we collect your information

We collect information from you when:

You apply for a job with us.

As part of the interview process.

You sign a contract with us.

We communicate with you via email in the process of setting up interviews.

You sign a contract with us.

Throughout your employment with us.

4: The types of personal data we collect

In order to enter into a contract with you, the minimum information we require is your full name, address, telephone number, date of birth, NI number, passport number, marital status, next of kin details, emergency contact details, bank account details, email address, right to work in the UK details, copy of driving license, health and medical details. In some cases we may ask for references as part of the interview process.

In order to meet our obligations under a contract, we may use your data in the following ways:

Arrange an interview

Produce an offer letter / contract

In order to give you access to our systems.

Upload onto Sage Payroll in order to process pay on a monthly basis, this can also include Bonus payments, maternity pay, paternity pay, statutory sick pay, company sick pay.

Your address will be used for any letters sent directly to you from the Company.

Your personal email address will be used if you opt to have your payslip sent via email as opposed to printed.

In order to set up your AF staff account.

We also record all calls made to and from the AF office landline numbers. Access to a recorded call will only be given when the request has been approved by at least two senior managers and when there is a valid reason for needing to access the call recording. We process this data for our legitimate interests for;

Complaints and disputes – In the event of a complaint or dispute, a call recording (if available), may provide additional information to help us quickly investigate and resolve a complaint or dispute.

Employee safety and wellbeing- A recording may become a vital piece of evidence in the event of any threats being made to the organisation or an individual.

If we need to process your personal data for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use.

5: When we will share your personal data

We will share your personal data with the following third parties for the reasons stated below:

Your name, address, DOB, telephone number and marital status will be shared with the pension team at Alan Boswell in order for you to be enrolled onto the Company pension scheme or the people’s pension if you decide to join that scheme as an alternative to the Company one.

If you are a member of the Company healthcare scheme you will be required to fill in an application form with all the relevant details, however we would pass any additional information on if required.

HMRC will be in receipt of your name, address and NI number through RTI submissions

If you take advantage of the childcare vouchers we will send Eden Red (the voucher supplier) your name and NI number.

Your name, work email address and occasionally your photograph and job title may be used to set up a user account for any cloud based software such as the intranet or CRM.

Where we pass your personal information to our selected third parties, we will only provide the information that is necessary to deliver the service.

Where necessary, we have a contract in place with those selected third parties that requires them to keep your information secure and not to use it for their own purposes.

The AF Group will never sell your personal data or pass it to any other third parties without your consent.

We reserve the right to disclose or share your personal data in order to comply with any legal requirements, enforce the terms and conditions in our contract, or any other agreement we enter into with you.

6: Where we store your personal data

All of the personal data that you provide to us is stored on our secure servers located at our head office. We use our best endeavours to ensure that your data is held securely and in accordance with this privacy policy.

Offsite backups are securely held by InTouch Systems as part of our disaster recovery plan, to ensure that we can get back up and running quickly in the event of a disaster.

A small amount of personal information, such as your name, job title and occasionally your photograph is stored on our cloud based CRM and intranet in order to setup your user account for this system. The personal information held in the CRM is hosted within the EEA. The personal information held in the intranet is hosted in Canada. We have additional EU Standard Contractual Clauses in place with our intranet provider to protect this data.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data when it is being transmitted to us. Any transmission is at your own risk. Once we have received your information, we will use strict safeguarding procedures and security features to try to prevent any unauthorised access to your personal data. A small amount of information, such as your name, work email address and job title may be stored on external servers where this is necessary for you to access an external system.

7: How long we retain your personal data for

We will keep your data for the period of time you are employed by us, and then for seven years (or as long as legally required) after the end of the contract.

If you apply for a role and you are unsuccessful but we would like to keep you CV on record for future opportunities we will ask your consent to keep your details on file, if you are in agreement these will be stored on file for 12 months. If you do not reply or you request that your details are removed they will be permanently deleted immediately.

Call recordings will be held for a maximum of six months.

8: Your rights

Please see the relevant sections below for further details on your rights as a data subject. You can exercise any of the above rights by emailing us at hr@theafgroup.co.uk.

We will endeavour to comply with any request made within one month from the date of your request. However, we may extend this date to two months if the request is excessive or of a repetitive nature. If we need more than one month to meet your request we will let you know.

Please note that where we receive requests under this section which are manifestly unfounded or excessive, in particular because of their repetitive character, we may:

1. Charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or
2. Refuse to act on the request.

8.1: Right to access / access request

You have the right to request access to the information that we hold on you. In order to protect your information, we may take reasonable steps to verify your identity before we can hand over your data.

8.2: Right to rectification

You have the right to ask us to update any personal information that is incomplete or inaccurate. We will endeavour to ensure that if we update your information, we will pass this onto our selected third parties, including suppliers and contractors.

8.3: Right to erasure / right to be forgotten

You have the right to ask us to delete your personal data if;

The personal data is no longer necessary for the purpose which we originally collected or processed it for.

You object to the processing of your data and there is no overriding legitimate interest for us to continue this processing.

We have processed the data unlawfully.

We have to in order to comply with a legal obligation.

8.4: Right to restrict processing

You have the right to ask us to restrict or supress the processing of your personal data if;

You have previously informed us that the data is inaccurate.

We no longer require the data for its original purpose, but we need to hold it, or you ask us to retain the information to comply with legal obligations.

We have processed the data unlawfully.

We are in the process of deleting your data.

We will endeavour to ensure that where you have asked us to restrict the processing of your data, we will inform our selected third parties, including suppliers and contractors accordingly.

8.5: Right to data portability

You have the right to receive a copy of your data in a commonly used machine-readable format for transfer to another controller, provided the data was processed for the purpose of a contract between us and the processing is being carried out by automated means.

This will allow you to move, copy or transfer personal data easily from one IT environment to another. Alternatively, we can transmit such data directly to another organisation. Please note that we will not be able to comply with a data portability request if this will affect the rights and freedoms of others.

8.6: Right to object

You have the right to restrict processing based on legitimate interests. If you exercise your right to object, we will stop processing your personal data unless;

We are able to demonstrate compelling legitimate grounds for the processing.

The processing is for the establishment, exercise or defence of a legal claim.

9: What to do if you are not happy with how we process your data

If you consider that we are in breach of our obligations under the GDPR you have the right to complain to the Information Commissioner’s Office (ICO).

10: Review of this policy

We keep this policy under regular review. This policy was last updated on 26/09/2018.

The AF Group Limited Website Privacy Policy

The AF Group Limited (AF) and all its wholly owned subsidiary companies (collectively known as “The AF Group”) are committed to protecting and respecting your privacy.

This Policy sets out the basis on which AF (“We” or “Us”) collects personal data from you when you visit and use this website – www.theafgroup.co.uk - and the way in which it will be processed by us. Please read this Policy carefully to understand our views and practices regarding your personal data and how we will treat it. For further information about how The AF Group use your data please see the other privacy policies on this page.

For the purposes of the relevant data protection legislation, the “controller” (or “data controller”) is The AF Group Limited of Honingham Thorpe, Colton, Norwich, Norfolk, NR9 5BZ. Questions, comments and requests regarding this Policy are welcomed and should be addressed to ops@theafgroup.co.uk.

Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy.

1: Why we collect your information

When you visit or interact with this website, we collect different information about you for the following reasons:

For our legitimate interest in order to improve this website and the services that we offer on this website.

To contact you in regards to any enquiry you have made using a form on this website.

2: When we collect your information

We collect information from you when:

You use this website through the use of cookies.

You complete an enquiry form on this website.

3: The types of personal data we collect

When you visit this website, we may also collect your IP address and information regarding what pages are accessed and when using cookies. 'Cookies' are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to store your country preference. This helps us to improve our website and deliver a better more personalised service.

It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, please read our cookie policy.

We also collect any personal data you have chosen to send to us by filling in a form on this website.

4: How we use the data collected

For our legitimate interests, we may process your data;

To maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users.

We will also process your data in order to respond to any enquiry you make by filling in a form on this website.

If we need to process your personal data for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use.

5: When we will share your personal data

We will share your personal data with the following third parties for the reasons stated below:

The personal data you send to us when you complete and enquiry form on this website may be shared between the AF Group of companies and its’ employees in order to facilitate and respond to your enquiry.

We use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

6: Where we store your personal data

The personal data that you provide to us is stored on our secure servers located at our head office. We use our best endeavours to ensure that your data is held securely and in accordance with this privacy policy.

7: How long we keep your personal data for

Google Analytics retains data for a maximum of 14 months.
Information you have provided to us by using a form on this website will be held for as long as is necessary to deal with your enquiry.

8: Your rights

Please see the relevant sections below for further details on your rights as a data subject. You can exercise any of the above rights by emailing us at ops@theafgroup.co.uk.

We will endeavour to comply with any request made within one month from the date of your request. However, we may extend this date to two months if the request is excessive or of a repetitive nature. If we need more than one month to meet your request we will let you know.

Please note that where we receive requests under this section which are manifestly unfounded or excessive, in particular because of their repetitive character, we may:

1. Charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or
2. Refuse to act on the request.

8.1: Right to access / access request

You have the right to request access to the information that we hold on you. In order to protect your information, we may take reasonable steps to verify your identity before we can hand over your data.

8.2: Right to rectification

You have the right to ask us to update any personal information that is incomplete or inaccurate. We will endeavour to ensure that if we update your information, we will pass this onto our selected third parties, including suppliers and contractors.

8.3: Right to erasure / right to be forgotten

You have the right to ask us to delete your personal data if;

The personal data is no longer necessary for the purpose which we originally collected or processed it for.

You object to the processing of your data and there is no overriding legitimate interest for us to continue this processing.

We have processed the data unlawfully.

We have to in order to comply with a legal obligation.

8.4: Right to restrict processing

You have the right to ask us to restrict or supress the processing of your personal data if;

You have previously informed us that the data is inaccurate.

We no longer require the data for its original purpose, but we need to hold it, or you ask us to retain the information to comply with legal obligations.

We have processed the data unlawfully.

We are in the process of deleting your data.

We will endeavour to ensure that where you have asked us to restrict the processing of your data, we will inform our selected third parties, including suppliers and contractors accordingly.

8.5: Right to data portability

You have the right to receive a copy of your data in a commonly used machine-readable format for transfer to another controller, provided the data was processed for the purpose of a contract between us and the processing is being carried out by automated means.

This will allow you to move, copy or transfer personal data easily from one IT environment to another. Alternatively, we can transmit such data directly to another organisation. Please note that we will not be able to comply with a data portability request if this will affect the rights and freedoms of others.

8.6: Right to object

You have the right to restrict processing based on legitimate interests. If you exercise your right to object, we will stop processing your personal data unless;

We are able to demonstrate compelling legitimate grounds for the processing.

The processing is for the establishment, exercise or defence of a legal claim.

9: What to do if you are not happy with how we process your data

If you consider that we are in breach of our obligations under the GDPR you have the right to complain to the Information Commissioner’s Office (ICO).

10: Review of this policy

We keep this policy under regular review. This policy was last updated on 29/05/2018.