Privacy & Cookies Policy
OUR PRIVACY STATEMENT
By using our site, you consent to us processing your data and you warrant that all data provided by you is accurate.
INFORMATION ABOUT US
We are Friend & Grant Ltd Bryant House Bryant Road Strood Rochester Kent ME2 3EW United Kingdom VAT No 856019812 Company Registration No 04252895 Registered in England and Wales
For more information, please see our Contact Us page and/or the footer of this website.
This website is designed and hosted on behalf of Friend & Grant by Superspnic Playground Ltd, registered company number 09093959 and whose registered address is The business Terrace, Maidstone, Kent. ME15 6JQ
We do not collect any personal information about website users other than:
- information provided by Users when completing forms on the website including but not limited to the contact and website registration form.
- that facilitated by the use of “cookie” technology. “Cookies” are designed to enhance your online visit and permit you to access the full service within the website.
CORRECTING/UPDATING PERSONAL INFORMATION
If a user’s personally identifiable information changes (such as your postcode) the User can update or remove that user’s personal data provided to us in the User’s personal profile page or by sending an email to firstname.lastname@example.org.
We use IP addresses to analyse trends, administer the site, track user’s movement, and gather broad demographic information for aggregate use.
SURVEYS & CONTESTS
From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.
This website takes every precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected both online and offline.
When our registration form asks users to enter information, that information is encrypted and is protected with the best encryption software in the industry – SSL. While on a secure page, such as the user profile page, the lock icon in the address bar of Web browsers such as Internet Explorer, Chrome and Firefox becomes locked, as opposed to un-locked or open, as will be the case for most of the time that a user is browsing the web.
If you have any questions about the security at our website, you can send an email to email@example.com.
NOTIFICATION OF CHANGES
If you register as a user of the website you will be asked for some basic information. Please note that registration is not required for all areas of the website, however we do encourage you to register in order to gain full access to the website content/information and online services. There are technological and operational security systems in place that provide protection for personally identifiable information from loss or misuse.
Where links are provided to other websites it should be noted that they are not and cannot be governed by our Privacy Statement. We cannot guarantee your privacy when you access other websites through any link provided on this website.
NOTICES AND DISCLAIMERS
A cookie is a small text file written to your hard drive that contains information about you. Cookies do not contain any personal information about users.
Services delivered via the website such as video or embedded content from external providers may also place cookies on your machine (computer).
By continuing to use this site you are deemed to be accepting the terms and conditions and consenting to the website placing cookies on your machine (computer) as set out in the Cookies information page.
Version 1.1 | Dated: 04 November 2020
This policy applies to Friend & Grant, which is a trading name of Friend & Grant Limited. – Registered Company number 04252895. Registered Office: Bryant House, Bryant Road, Strood, Kent, ME2 3EW. Registered in England and Wales. Friend & Grant Limited is a limited company registered to carry out audit work in the UK and Ireland by the Institute of Chartered Accountants in England and Wales.
GLOSSARY OF TERMS
What is personal data?
Personal data relates to any information about a natural person that makes you identifiable which may include (but is not limited to):
- Names and contact information i.e. emails and telephone numbers
- National Insurance Numbers
- Employment history
- Employee numbers
- Credit History
- Personal tax
- Payroll and accounting data
What is sensitive personal data?
Sensitive personal data refers to the above but includes genetic data and biometric data. For example:
- Medical conditions
- Religious or philosophical beliefs and political opinions
- Racial or ethnic origin
- Biometric data (eg photo in an electronic passport)
What is a Data Controller?
For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.
The data controller is Friend & Grant Limited, Bryant House, Bryant Road, Strood, Kent, ME2 3EW.
The data protection representative is Gavin Hooker, Head of Business Support who can be contacted at the above address or on firstname.lastname@example.org or by calling 01634 731390.
What is a Data Processor?
A “data processor” is a person or organisation, which processes personal data for the controller.
What is Data Processing?
Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
What do we mean by Business to Business?
PLC, LTD, LLP incorporated partnerships, trusts and foundations, local authorities and government institutions.
What do we mean by Business to Consumer?
Private clients, sole traders, unincorporated partnerships, trusts and foundations.
WHAT INFORMATION DO WE COLLECT ABOUT YOU AND HOW?
Friend & Grant, as a Data Controller, is bound by the requirements of the General Data Protection Regulations (GDPR).
You agree that we are entitled to obtain, use and process the information you provide to us to enable us to discharge the Services (as defined in our Letter of Engagement and supporting Schedules) and for other related purposes including;
- Updating and enhancing client records
- Analysis for management purposes
- Carrying out credit checks in relation to you
- Statutory returns
- Legal and regulatory compliance
- Crime prevention.
We collect information about you when you fill in any of the forms on our website i.e. sending an enquiry, signing up for an event, filling in a survey, giving feedback etc. Website usage information is collected using cookies.
We use LinkedIn, Facebook and Twitter advertising services and as such there are tracking codes installed on our website so that we can manage the effectiveness of these campaigns. We do not store any personal data within this type of tracking.
HOW WILL WE USE THE INFORMATION ABOUT YOU AND WHY?
At Friend & Grant we take your privacy seriously and will only use your personal information to provide the Services you have requested from us, detailed in your Letter of Engagement and supporting Schedules and as we have identified above. We will only use this information subject to your instructions, data protection law and our duty of confidentiality.
For Business to Business Clients and Contacts our lawful reason for processing your personal information will be “legitimate interests”. Under “legitimate interests”, we can process your personal information if: we have a genuine and legitimate reason and we are not harming any of your rights and interests.
For Business to Consumer Clients and Contacts our lawful reason for processing your personal information will be “A contract with the individual” e.g. to supply goods and services you have requested, or to fulfil obligations under an employment contract. This also includes steps taken at your request before entering into a contract.
We may receive personal data from you for the purposes of our money laundering checks, such as a copy of your passport. This data will only be processed for the purposes of preventing money laundering and terrorist financing, or as otherwise permitted by law or with your express consent.
Our work for you may require us to pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing the Services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the Services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
We collect information on our website to process your enquiry, deal with your event registration, give advice based on survey data and improve our services. If you agree, we will also use this information to share updates with you about our services which we believe may be of interest to you.
We will not share your information for marketing purposes with companies so that they may offer you their products and services.
TRANSFERRING YOUR INFORMATION OUTSIDE OF EUROPE
We may transfer your personal data to other professional organisations in countries outside the EEA which do not have the level of data protection as the UK. We will only do this when appropriate, for example when we work with foreign professionals on your behalf to provide you with certain services, or where we provide the data at your request.
As part of your engagement with us, we will notify you of any non-EU countries and details of the organisations to which we will be transferring your personal data. We will ensure your personal data is properly protected at all times. We have in place EU Model Contractual Clauses with professional organisations in non-EU countries which contractually require your personal data to be safeguarded in accordance with the law. You can find the current version of these clauses at the Annex of Commission Decision2010/87/EU: 5 February 2010 – please see: http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087
For Friend & Grant Ltd, these other professional organisations include Exel B P O (PVT) Ltd, 291 1/2 Galle Road, Mount Lavinia, 10350, Sri Lanka. We reserve the right to change these professionals as and when appropriate but will keep you informed of any changes that affect you.
Should you require further information about these protective measures, please contact us on email@example.com.
If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services.
SECURITY PRECAUTIONS IN PLACE ABOUT DATA COLLECTED
When you give us personal information, we take steps to make sure that it is treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.
Non-sensitive details (your email address etc.) are sent normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of extra information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and cut fraud and credit risk.
We would like to send you information about our services which may be of interest to you. If you have consented to receive marketing, you may opt out at any point as set out below.
You have a right at any time to stop us from contacting you for marketing purposes. To opt out please email: firstname.lastname@example.org.
HOW LONG WILL WE HOLD YOUR DATA FOR?
- Marketing: We will hold your data for a period of 3 years with a review every 3 years. You will have the opportunity to opt out or update or delete data at any point should you need to do so and details are set out in this policy as to how to do that.
- Contracted Services: We will hold your data in line with our regulatory requirements.
ACCESS TO YOUR INFORMATION, CORRECTION, PORTABILITY AND DELETION
What is a Subject Access Request?
This is your right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please email or write to us at the following address: Friend & Grant Limited, Bryant House, Bryant Road, Strood, Kent, ME2 3EW. We will respond to your request within one month of receipt of the request.
We want to make sure your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate by emailing email@example.com or writing to the above address.
Objections to processing of personal data
It is your right to lodge an objection to the processing of your personal data if you feel the “ground relating to your particular situation” apply. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claims.
It is also your right to receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:
(a) The processing is based on consent or on a contract, and
(b) The processing is carried out by automated means.
Your Right to be Forgotten
Should you wish for us to completely delete all information that we hold about you for:
- Email: firstname.lastname@example.org, or
- In Writing to: Friend & Grant Limited, Bryant House, Bryant Road, Strood, Kent, ME2 3EW.
If you feel that your personal data has been processed in a way that does not meet the GDPR, you have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will then tell you of the progress and outcome of your complaint. The supervisory authority in the UK is the Information Commissioner’s Office.
HOW TO CONTACT US
- By email: email@example.com.
- Or write to us at Friend & Grant Limited, Bryant House, Bryant Road, Strood, Kent, ME2 3EW.
JOB APPLICANT PRIVACY NOTICE (GDPR)
Data controller: Friend & Grant Limited, Bryant House, Bryant Road, Strood, Kent, ME2 3EW
Data protection representative: Gavin Hooker, Head of Business Support
Dated: 25 May 2018 | Version: 1.0
As part of any recruitment process, the organisation collects and processes personal data relating to job applicants. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
This document demonstrates our commitment to protect the privacy and security of your personal information. It contains information regarding how we collect and use personal data or personal information about you in advance of any employment relationship in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force.
Pursuant to that legislation, when processing data we will:
- process it fairly, lawfully and in a clear, transparent way
- collect your data only for reasons that we find proper for the course of your employment in ways that have been explained to you
- only use it in the way that we have told you about
- ensure it is correct and up to date
- keep your data for only as long as we need it
- process it in a way that ensures it will not be lost or destroyed or used for anything that you are not aware of or have consented to (as appropriate).
Friend & Grant Limited is a “data controller”. This means that we are responsible for determining the purpose and means of processing personal data relating to you.
“Personal data”, or “personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
There are “special categories” of sensitive personal data, meaning data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sex life or sexual orientation, genetic data, and biometric data which require a higher level of protection.
This statement is applicable to job applicants. It is not intended to, neither will it, form part of any contract of employment or contract of services. We reserve the right to make changes to this statement at any time, if you are affected by substantial changes we will make an alternative statement available to you.
Where you are successful in your application and are appointed to a position, you will receive details of our data protection compliance statement (privacy notice).
WHAT INFORMATION DOES THE ORGANISATION COLLECT?
The organisation collects a range of information about you. This includes:
- your name, address and contact details, including email address and telephone number;
- your date or birth, gender, photograph, marital status and dependents;
- details of your qualifications, skills, experience and employment history and your National Insurance Number;
- information about your current level of remuneration, including benefit entitlements;
- whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process; and
- information about your entitlement to work in the UK.
The following list identifies the kind of data that we will process and which falls within the scope of “special categories” of more sensitive personal information:
- information relating to your race or ethnicity, religious beliefs, sexual orientation, sex life and political opinions
- information about your health, including any medical conditions and disabilities;
- information about criminal convictions and offences.
The organisation may collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport/driving licence or other identity documents, or collected through interviews or other forms of assessment, including online tests. This data will be collected either directly from candidates, via an employment agency or a third party who undertakes background checks.
The organisation may also collect personal data about you from third parties, such as references supplied by former employers and information from criminal records checks. The organisation will seek information from third parties only once a job offer to you has been made and will inform you that it is doing so.
Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).
WHY DOES THE ORGANISATION PROCESS PERSONAL DATA?
The organisation needs to process data to take steps at your request prior to entering into a contract with you. It may also need to process your data to enter into a contract with you.
The circumstances in which we will process your personal information are listed below:
- making a decision about your recruitment or appointment
- making decisions about terms and conditions, salary and other benefits
- checking you are legally entitled to work in the UK
- assessing qualifications for a particular job or task
- education, training and development requirements
- complying with health and safety obligations
- preventing fraud
- in order to fulfil equal opportunity monitoring or reporting obligations
There may be more than one reason to validate the reason for processing your personal information.
In some cases, the organisation needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant’s eligibility to work in the UK before employment starts.
The organisation has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows the organisation to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide on whom to offer a job. The organisation may also need to process data from job applicants to respond to and defend against legal claims.
The organisation may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief, to monitor recruitment statistics. It may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. The organisation processes such information to carry out its obligations and exercise specific rights in relation to employment.
Examples of the circumstances in which we will process special categories of your particularly sensitive personal information are listed below (this list is non-exhaustive):
- in order to protect your health and safety in the workplace
- to assess your physical or emotional fitness to work
- to determine if reasonable adjustments are needed or are in place
- in order to fulfil equal opportunity monitoring or reporting obligations
We will only collect criminal convictions data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, may also be collected during your engagement should you be successful.
We may process such information to protect yours, or someone else’s, interests and you are not able to give your consent or we may process such information in cases where you have already made the information public.
We do not anticipate that we will process information about criminal convictions.
We do not anticipate that any of our decisions will occur without human involvement. Should we use any form of automated decision-making we will advise you of any change in writing.
If your application is unsuccessful, the organisation may keep your personal data on file in case there are future employment opportunities for which you may be suited. The organisation will ask for your consent before it keeps your data for this purpose and you are free to withdraw your consent at any time.
CVs that are sent speculatively may also be kept on file for future recruitment exercises.
WHO HAS ACCESS TO DATA?
Your data will be shared with individuals within the Company where it is necessary for them to undertake their duties with regard to recruitment. This includes, for example, the HR department, those in the department where the vacancy is who are responsible for screening your application and interviewing you, the IT department.
It may be necessary for us to share your personal data with a third party or third party service provider (including, but not limited to, contractors, agents or other associated/group companies) within, or outside of, the European Union (EU). Data sharing may arise due to a legal obligation, as part of the performance of a contract or in situations where there is another legitimate interest (including a legitimate interest of a third party) to do so.
The list below identifies which activities are carried out by third parties on our behalf:
- pension providers/administrators
- IT services
- legal advisors
- insurance providers
Data may be shared with third parties in the following circumstances:
- in relation to the maintenance support and/or hosting of data
- to adhere with a legal obligation
- in the process of obtaining advice and help in order to adhere with legal obligations.
If data is shared, we expect third parties to adhere and comply with the GDPR and protect any data of yours that they process. We do not permit any third parties to process personal data for their own reasons. Where they process your data it is for a specific purpose according to our instructions.
We do not anticipate that we will transfer data to other countries.
HOW DOES THE ORGANISATION PROTECT DATA?
The organisation takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
FOR HOW LONG DOES THE ORGANISATION KEEP DATA?
If your application for employment is unsuccessful, the organisation will hold your data on file for 6 months after the end of the relevant recruitment process. If you agree to allow the organisation to keep your personal data on file, the organisations will hold your data on file for a further 12 months for consideration for future employment opportunities. At the end of that period, your data is deleted or destroyed.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.
We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.
In some situations, you may have the:
- Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
- Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request.
- Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
- Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
- Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data where we are using it.
- Right to request the restriction of processing. You have the right to ask us to stop the processing of dataof your personal information. We will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
- Right to portability. You may transfer the data that we hold on you for your own purposes.
- Right to request the transfer. Youhave the right to request the transfer of your personal information to another party.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please firstname.lastname@example.org.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
WHAT IF YOU DO NOT PROVIDE PERSONAL DATA?
You are under no statutory or contractual obligation to provide data to the organisation during the recruitment process. If you neglect to provide certain information when requested, it may affect our ability to enter into an employment contract with you, and it may prevent us from complying with our legal obligations.
We commit to only process your personal information for the purposes for which it was collected, except where we reasonably consider that the reason for processing changes to another reason and that reason is consistent with the original basis for processing. Should we need to process personal information for another reason, we will inform you of this and advise you of the lawful basis upon which we will process.
Important note: We may process your personal information without your knowledge or consent, in compliance with the above rules (see above section – Why does the organisation process personal data?).
In the event that you enter into an employment contract with us, any information already collected may be processed further in accordance with our data protection policy, a copy of which will be provided to you.