AF Group Privacy Policy

About this privacy policy

The AF Group Limited (AF) is committed to protecting and respecting your privacy.

This Policy sets out the basis on which AF (“We” or “Us”) collects personal data from you and the way in which it will be processed by us. Please read this Policy carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purposes of the relevant data protection legislation, the “controller” (or “data controller”) is The AF Group Limited, Society Registration Number: 29539R of Honingham Thorpe, Colton, Norwich, Norfolk, NR9 5BZ. Questions, comments and requests regarding this Policy are welcomed and should be addressed to ops@af.farm. Alternatively, you can call us on 01603 881881.

This Policy was last updated on 02/08/2023 and will be kept under regular review.

The reasons why we collect and use your personal information will depend on the type of relationship that we have you. To make this Policy more relevant to you, we have broken it down into different sections. Please read the relevant section(s) below for more information, but please also note that more than one section of this Policy may be relevant to you.

You can use the following links to jump to the relevant section of this Policy.

 

General notices

We record all calls made to and from the AF office landline numbers, with the exception of calls where a card payment is taken, when the recording is manually terminated.

Access to a recorded call will only be given when the request has been approved by a senior manager and when there is a valid reason for needing to access the call recording. Calls are recorded for our own legitimate interests for the purposes of;

  • Assisting in resolving complaints and disputes
  • Ensuring employee safety and wellbeing
  • Assisting in employee training and development
  • Supporting fair and thorough employee relations investigations
  • Ensuring we are providing a high-quality service to our Members

 

We retain call recordings for a maximum of two years.

We do not provide services directly to children and we do not proactively set out to collect personal information about children. We may be provided with and process information about children. For example, when a parent adds their child’s mobile phone contract to our portfolio, we may be provided with an itemised phone bill for the child by the supplier of the contract. We have no way of distinguishing from the invoice whether or not the itemised bill is related to a child.

If a child’s personal information is processed by us, it is processed in order to meet our obligations under a contract. Invoice information will be securely held by us for a minimum of seven years. We acknowledge that children have the same rights and freedoms as adults when it comes to their personal information.

We regularly welcome visitors to the AF office. We ask all visitors to sign in and out at reception and we will provide you with a visitors pass. Please ensure you visibly wear your pass for the duration of your visit. We process this information for our legitimate interests, for health and safety and security purposes. We will retain this information for a maximum of six months.

If we are offering catering to you, we may request dietary requirements in advance of your visit. We collect this information with your consent and hold it only for as long as is necessary.

CCTV is operated inside our business premises. During normal office hours this operates on a live feed and the video is not recorded. Outside of these hours, these cameras do record for the purposes of crime prevention and to maintain security of the premises. Footage is held for a maximum of 1 month.

We operate some CCTV external to our business premises for purposes of crime prevention and to maintain security of the premises. Footage is held for a maximum of 2 months.

Please note, additional CCTV is used external to our business premises but is not operated by us, so we are not the data controller.

We provide wi-fi to our guests, but we do not record or store any of your information when you use our wi-fi network.

We own and operate several different websites. Please see each website’s privacy policy to see the privacy notices relevant to each specific website.

You can access the policy for this website, af.farm, here.

The personal information that we hold is stored on premise and we also utilise a number of cloud-based systems, listed under the Sub-processer heading further down this Policy. We use our best endeavours to ensure that your information, whether held on premise or in the cloud, is held securely and in accordance with this privacy policy.

For all of the personal information that we hold, we will utilise measures, or we will check that our sub-processers utilise measures, appropriate to the harm that might result from unauthorised or unlawful processing or accidental loss, destruction or damage to the information and the nature of the information that we are protecting, in an attempt to keep your information safe.

These measures may include, but are not limited to;

  • Implementing appropriate technical and organisational measures that ensure and demonstrate compliance. This includes data protection policies, staff training, internal audits of processing activities and reviews of internal HR policies.
  • Maintaining relevant documentation on processing activities.
  • Implementing measures that meet the principles of data protection by design and default. Examples include;
    • Data minimisation
    • Encryption
    • Pseudonymisation
    • Transparency
    • Allowing individuals to monitor processing
    • Creating and improving security features on an ongoing basis.
  • Using data protection impact assessments where appropriate.
  • Ensuring confidentially, integrity, availability and resilience of systems and services. Examples include;
    • Running firewall and virus-checking software.
    • Downloading the latest patches or security updates as soon as possible.
    • Taking regular backups and keeping them in a separate, secure location.
    • Securely removing all personal information before disposing of hardware such as computers and mobile phones.
    • Use of strong passwords and two factor authentication.
    • Limiting administrator privileges to necessary and appropriate employees.
    • Role based access levels.
  • Ensuring that personnel who have access to and / or process personal information are obliged to keep personal information confidential and are trained on how to do so.
  • Regularly assessing and evaluating the effectiveness of the technical and organisation measures that have been adopted.

 

Please be aware that unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data when you are transmitting it to us. Any transmission to us is at your own risk. Once we have received your information, we will use strict safeguarding procedures and security features to try to prevent any unauthorised access to your personal information.

Shareholding Members, potential shareholding Members and their employees / account contacts

When you apply to become an AF Member and during the course of your membership, the types of information we collect about you may include, but are not limited to;

Identity information

Such as your first and last name, job title, documentation that will allow us to verify your identity and sometimes your gender.

Contact information

Such as your phone number(s), email address(es) and address(es).

Other personal information

Such as Member numbers, id numbers, voice recordings, images, your date of birth, social media handles and compliance documentation such as qualification certificates or certificates of competence / attendance, shotgun certificates, insurance certificates and machine operator certificates.

Business information

Such as billing / delivery addresses, livestock / cropping information, financial statements, copy invoices, trade references, the business partners / directors, business structure, business requirements and other relevant information about your business.

Financial information

Such as your bank account details, financial / credit history, credit score and national insurance number.

Occasionally you may be required to pay using a credit card. We do not store credit card information on our own systems, but use third party software to process the payment on our behalf.

Transaction information

Such as delivery notes, invoices and credit notes which may contain additional personal information, such as mobile phone usage. The exact information provided on these invoices will depend on the goods or services purchased using your AF Member account.

Sensitive personal information

Such as information about your health, sexual orientation, ethnic origin, political opinions, religious beliefs and criminal convictions.

The only time that we may proactively ask for and process this type of information is if you outsource your payroll processing to us. Please read our policy specific to payroll processing for more information.

If you purchase Personal Medical Insurance (PMI) through your AF account, we will pass your enquiry onto our approved suppliers. Any personal information necessary to obtain a quotation or contract for PMI will be collected and processed by our approved supplier. We will never have access to any sensitive personal information that you provide to our approved supplier and we are not the data controller for any information given to our approved supplier.

Other than this, we will never ask you to provide or intentionally set out to collect or process any sensitive personal information and we ask that you do not provide this to us in any form.

We will collect information about you when;

  • You enquire about AF membership.
  • You complete a membership application form.
  • You provide information requested on a requirement or enquiry form.
  • You complete the annual declaration form.
  • We visit you or you visit us.
  • You provide specific information to us or we request specific information from you so we can process a quotation or order for goods or services or to arrange delivery or collection of goods or services.
  • We communicate with you, or you communicate with us in the process of managing your account or dealing with any account queries.
  • You complete a lead sheet at a show or event.
  • You attend an online event that we are hosting, such as a webinar.
  • You complete an online form or survey.

We receive personal information from the following sources;

  • The information is provided directly by the individual.
  • The account holder, or another employee for the account holder, provides the information to us, such as a farm owner providing an employee’s name and phone number so they can be contacted to arrange a delivery.
  • The information is provided by a third party, such as a credit reference agency or on an invoice for goods or services purchased through the membership account.

We use this information for the following purposes;

Contractual obligations

In order to meet our obligations to you under a contract, we may use your data in the following ways:

  • To process your application for membership.
  • To manage and administer your membership account.
  • To provide a quotation for goods or services.
  • To provide you with goods or services, which includes managing the collection and delivery of goods and managing any contracting services provided by us or on our behalf.
  • To manage your account and to keep accurate records of goods and services provided.
  • To contact you regarding your account, for example, to liaise with you to arrange collection or delivery of goods, or to provide services as requested.
  • To invoice you for the goods or services provided.
  • To resolve any issues or complaints with the goods or services provided or their related transactions.
  • To take payment for goods or services.
  • To provide you with information relevant to any contracts that you hold with us, or information that is pertinent to a service that we provide to you.
  • To carry out any other obligations arising from any contracts entered into between you and us.
  • To enforce our membership rules and regulations, or any other agreement we enter into with you.

 

Legal obligations

We reserve the right to use or share your personal information in order to comply with any legal requirements, enforce our membership rules and regulations, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business, our employees, other members and our suppliers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to perform due diligence before allowing goods or services to be provided to you.

Legitimate interest

As a member of a cooperative, we feel it is important that you are able to make the most of your membership. We may also use your information for our legitimate interests, unless those legitimate interests are overridden by any of your interests or fundamental rights and freedoms. We will process information for our legitimate interest to;

  • Let you know about the goods or services available to you as a member of AF, market information, or any events we are holding, attending or participating in. If you receive this information via email, you are able to unsubscribe from these emails at any time using the unsubscribe link at the bottom of the email. If you receive this information by post, phone call or text message and would prefer not to, please let us know by contacting us using the details at the top of this page.
  • To report on and proactively manage debt and financial risk. As a not-for-profit cooperative, all of our members are financially liable for any debt we incur. It is within the interest of the cooperative and all of our members that we are proactive in our approach to financial risk management.
  • To request feedback about AF and your membership experience.
  • To monitor how we are performing as an organisation.

 

Consent

If we need to process your personal information for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use.

Approved suppliers

We will share your relevant information with our approved suppliers when you contact us to enquire about, request a quotation for or place an order for good or services. We will only share relevant information that is necessary to action the enquiry, quotation or order. For example, if you request a quotation for a number of products, we will provide the suppliers with some basic location information, such as a postcode, to allow them to accurately calculate delivery charges. A full list of our approved suppliers is available on the AF interactive website – www.afinteractive.co.uk.

If your membership account has been put on stop and we have tried all reasonable means to let you know that your account is on stop, we may share this information with suppliers you have recently traded with in order to prevent any further transactions from being processed on your account.

When we share your personal information with an approved supplier, you should be aware of the following;

  • The supplier will become the data controller for any information that we pass to them and will process your information in accordance with their own policies and procedures.
  • Our suppliers are required to sign our Service Level Agreement (SLA) which ensures they will keep your information safe and only process it in compliance with data protection laws.
  • If you are not happy with how a supplier is using your personal information then you have the same rights and freedoms with them as you do with us.

 

Authorised contacts

We will also share your account information with others when you have given us the authority and consent to do so. For example, if you ask us to, we will email your invoices to your accountant as well as to your own email address. Other examples include giving your employees access to your account information on the members portal AF interactive, or asking us to copy your agronomist into any order notifications for crop protection products. You can revoke your consent for us to share this information at any time by contacting us using the information at the top of this Policy.

Sub-Processors

Your information may also be shared with our sub-processors. You can find the current list of sub-processors further down this Policy.

Your information will be held by us for the duration of your membership.

If you decide to close your membership account, we will continue to hold necessary information for as long as is needed to resolve any outstanding issues, queries, balances or transactions and for up to one year once these have all been resolved. We will also continue to retain basic account information, such as trading name and membership number indefinitely, for business management and reporting purposes.

Transaction information will be held for at least the minimum amount of time that we are legally required to hold it for.

Affiliate Members through a third-party organisation, their employees and account contacts

We work closely with several other groups and cooperatives to provide procurement services to their Members.

When you become an affiliate Member and during the course of your membership, the types of information we collect about you may include, but are not limited to;

Identity information

Such as your first and last name, job title, documentation that will allow us to verify your identity and sometimes your gender.

Contact information

Such as your phone number(s), email address(es) and address(es).

Other personal information

Such as Member numbers, id numbers, voice recordings, images, your date of birth, social media handles and compliance documentation such as qualification certificates or certificates of competence / attendance, shotgun certificates, insurance certificates and machine operator certificates.

Business information

Such as billing / delivery addresses, livestock / cropping information, financial statements, copy invoices, trade references, the business partners / directors, business structure, business requirements and other relevant information about your business.

Financial information

Such as your bank account details, financial / credit history, credit score and national insurance number.

Occasionally you may be required to pay using a credit card. We do not store credit card information on our own systems, but use third party software to process the payment on our behalf.

Transaction information

Such as delivery notes, invoices and credit notes which may contain additional personal information, such as mobile phone usage. The exact information provided on these invoices will depend on the goods or services purchased using your AF account.

Sensitive personal information

Such as information about your health, sexual orientation, ethnic origin, political opinions, religious beliefs and criminal convictions.

The only time that we proactively ask for and process this type of information is if you outsource your payroll processing to us. Please read our policy specific to payroll processing for more information.

If you purchase Personal Medical Insurance (PMI) through your AF account, we will pass your enquiry onto our approved suppliers. Any personal information necessary to obtain a quotation or contract for PMI will be collected and processed by our approved supplier. We will never have access to any sensitive personal information that you provide to our approved supplier and we are not the data controller for any information given to our approved supplier.

Other than this, we will never ask you to provide or intentionally set out to collect or process any sensitive personal information and we ask that you do not provide this to us in any form.

We receive personal information from the following sources;

  • The information is provided to us by the third-party organisation or cooperative that you are a member of.
  • The information is provided directly by the individual.
  • The account holder, or another employee for the account holder, provides the information to us, such as a farm owner providing an employee’s name and phone number so they can be contacted to arrange a delivery.
  • The information is provided by another third party, such as a credit reference agency or on an invoice for goods or services purchased through the membership account.

We use this information for the following purposes;

Contractual obligations

In order to meet our obligations to you under a contract, we may use your data in the following ways:

  • To process your application for membership.
  • To manage and administer your membership account.
  • To provide a quotation for goods or services.
  • To provide you with goods or services, which includes managing the collection and delivery of goods and managing any contracting services provided by us or on our behalf.
  • To manage your account and to keep accurate records of goods and services provided.
  • To contact you regarding your account, for example, to liaise with you to arrange collection or delivery of goods, or to provide services as requested.
  • To invoice you for the goods or services provided.
  • To resolve any issues or complaints with the goods or services provided or their related transactions.
  • To take payment for goods or services provided.
  • To provide you with information relevant to any contracts that you hold with us, or information that is pertinent to a service that we provide to you.
  • To carry out any other obligations arising from any contracts entered into between you and us.
  • To enforce our membership rules and regulations, or any other agreement we enter into with you.

 

Legal obligations

We reserve the right to use or share your personal information in order to comply with any legal requirements, enforce our membership rules and regulations, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business, our employees, other members and our suppliers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to perform due diligence before allowing goods or services to be provided to you.

Legitimate interest

We may also use your information for our legitimate interests, unless those legitimate interests are overridden by any of your interests or fundamental rights and freedoms. We will process information for our legitimate interest to;

  • To report on and proactively manage debt and financial risk. As a not-for-profit cooperative, all of our members are financially liable for any debt we incur. It is within the interest of the cooperative and all of our members that we are proactive in our approach to financial risk management.
  • To request feedback about AF and your membership experience.
  • To monitor how we are performing as an organisation.

 

Consent

If we need to process your personal information for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use.

Approved suppliers

We will share your relevant information with our approved suppliers when you or the organisation or cooperative that you are a member of, contacts us to enquire about, request a quotation for or place an order for good or services. We will only share relevant information that is necessary to action the enquiry, quotation or order. For example, if you request a quotation for a number of products, we will provide the suppliers with some basic location information, such as a postcode, to allow them to accurately calculate delivery charges. A full list of our approved suppliers is available on the AF interactive website – www.afinteractive.co.uk.

If your membership account has been put on stop and we have tried all reasonable means to let you know that your account is on stop, we may share this information with suppliers you have recently traded with in order to prevent any further transactions from being processed on your account.

When we share your personal information with an approved supplier, you should be aware of the following;

  • The supplier will become the data controller for any information that we pass to them and will process your information in accordance with their own policies and procedures.
  • Our suppliers are required to sign our Service Level Agreement (SLA) which ensures they will keep your information safe and only process it in compliance with data protection laws.
  • If you are not happy with how a supplier is using your personal information then you have the same rights and freedoms with them as you do with us.

 

Authorised contacts

We may also share your account information with others when you or your membership organisation or cooperative has given us the authority and consent to do so. For example, invoices containing personal information may be sent to your membership organisation or cooperative so they can take payment for the goods or services.

Sub-Processors

Your information may also be shared with our sub-processors. You can find the current list of sub-processors further down this Policy.

Your information will be held by us for the length of time that you have an active account with us.

If you decide to close your account, we will continue to hold necessary information for as long as is needed to resolve any outstanding issues, queries, balances or transactions and for up to one year once these have all been resolved. We will also continue to retain basic account information, such as trading name and membership number indefinitely, for business management and reporting purposes.

Transaction information will be held for at least the minimum amount of time that we are legally required to hold it for.

Suppliers, potential suppliers and their employees / account contacts

When you apply to become an AF supplier and whilst you have an active supplier account, the types of information we collect about you may include, but are not limited to;

Identify information

Such as your first and last name, job title, documentation that will allow us to verify your identity and sometimes your gender.

Contact information

Such as your phone number(s), email address(es) and address(es).

Other personal information

Such as account numbers, id numbers, voice recordings, images, your date of birth, social media handles and compliance documentation such as qualification certificates, insurance certificates and machine operator certificates.

Business information

Such as billing / branch addresses, financial statements, copy invoices, trade references, the business partners / directors, business structure, business requirements and other relevant information about your business.

Financial information

Such as your bank account details, financial / credit history and credit score

Transaction information

Such as delivery notes, invoices and credit notes which may contain additional personal information, such as your employee personal information.

Sensitive personal information

We will never ask you to provide or intentionally set out to collect or process any sensitive personal information and we ask that you do not provide this to us in any form.

We will collect information about you when;

  • You enquire about becoming an AF supplier.
  • You complete our supplier service level agreement (SLA).
  • You provide information requested on an enquiry form.
  • We visit you or you visit us.
  • You provide specific information to us or we request specific information from you so we can process an enquiry, quotation or order for goods or services or to arrange delivery or collection of goods or services.
  • We communicate with you, or you communicate with us in the process of managing your account or dealing with any account queries.
  • You complete a lead sheet at a show or event.
  • You attend an online event that we are hosting, such as a webinar.
  • You complete an online form or survey.

We receive personal information from the following sources;

  • The information is provided directly by the individual.
  • The account holder, or another employee for the account holder, provides the information to us, such as a sales manager providing a finance employee’s name and phone number so they can be contacted to resolve a disputed invoice.
  • The information is provided by a third party, such as a credit reference agency or on an invoice for goods or services provided.

We use this information for the following purposes;

Contractual obligations

In order to meet our obligations to you under a contract, we may use your data in the following ways:

  • To process your supplier application.
  • To manage and administer your supplier account.
  • To request a quotation for goods or services.
  • To request an order for goods or services, which includes managing the collection and delivery of goods.
  • To manage your account and to keep accurate records of goods and services provided.
  • To contact you regarding your account, for example, to liaise with you to resolve a dispute or query, or to provide services as requested.
  • To process invoices for the goods or services provided.
  • To resolve any issues or complaints with the goods or services provided or their related transactions.
  • To make payment for goods or services provided.
  • To provide you with information relevant to any contracts that we hold with you, or information that is pertinent to a service that you provide us with.
  • To carry out any other obligations arising from any contracts entered into between you and us.
  • To enforce our SLA, or any other agreement we enter into with you.

 

Legal obligations

We reserve the right to use or share your personal information in order to comply with any legal requirements, enforce our SLA, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business, our employees, our members and other suppliers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to perform due diligence before allowing goods or services to be provided by you.

Legitimate interest

We may also use your information for our legitimate interests, unless those legitimate interests are overridden by any of your interests or fundamental rights and freedoms. We will process information for our legitimate interest to;

  • Let you know about changes to our business, or any events we are holding, attending or participating in. If you receive this information via email, you are able to unsubscribe from these emails at any time using the unsubscribe link at the bottom of the email. If you receive this information by post, phone call or text message and would prefer not to, please let us know by contacting us using the details at the top of this page.
  • To internally report on and proactively manage debt and financial risk. As a not-for-profit cooperative, it is within the interest of the cooperative and all or our members that we are proactive in our approach financial risk management.
  • To request feedback about AF and your supplier experience.
  • To monitor how we are performing as an organisation.

 

Consent

If we need to process your personal information for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use.

Members and Affiliate Members or Customers

We may share your relevant information with our members or customers if it is necessary to do so when they enquire about, request a quotation for or place an order for good or services. We will only share relevant information that is necessary to action the enquiry, quotation or order. For example, if a member requests a quotation for a number of products and we need your assistance, we may provide the member with your contact details so they can speak to you directly

When we share your personal information with a member or customer, you should be aware of the following;

  • The member or customer will become the data controller, if they are processing your information in a non-personal capacity, for any information that we pass to them and will process your information in accordance with their own policies and procedures.

 

Authorised contacts

We will also share your account information with others when you have given us the authority and consent to do so. For example, if you ask us to, we will email your remittances to your accountant as well as to your own email address. You can revoke your consent for us to share this information at any time by contacting us using the contact information at the top of this Policy.

Sub-Processors

Your information may also be shared with our sub-processors. You can find the current list of sub-processors further down this Policy.

Your information will be held by us for as long as you have a supplier account with us.

If either of us decide to close your supplier account, we will continue to hold necessary information for as long as is needed to resolve any outstanding issues, queries, balances or transactions and for up to one year once these have all been resolved. We will also continue to retain basic account information, such as trading name and supplier code indefinitely, for business management and reporting purposes.

Transaction information will be held for at least the minimum amount of time that we are legally required to hold it for.

Contractors, freelancers and if you apply to work for us

The information that we collect and the reasons for processing your information will change as you move through the recruitment and employment process.

Please see the relevant sections below for more information about how your information will be processed.

The types of personal information that we collect

If you apply for a role that we are advertising or submit your information to us in case we may have a role suitable for you now or in the future, we are likely to collect the following personal information.

Identify information

Such as your first and last name and job title

Contact information

Such as your phone number(s), email address(es) and address.

Other personal information

Such as id numbers, voice recordings, your date of birth, social media handles, employment history, qualification information and any other information that you provide to us as part of this process, such as information contained on your CV.

Sensitive personal information

Such as information about your health, sexual orientation, ethnic origin, political opinions, religious beliefs and criminal convictions, although at this stage of the recruitment process, this will be limited to any information that you have proactively provided to us.

We need to have further justification for collecting, storing and using this type of personal information. Our further justification in this instance is Article 9(2)(a) of the UK GDPR which relates to explicit consent as you have proactively providing this information to us.

When we collect your personal information

We will collect information about you when;

  • You apply for a role that we are advertising
  • Your information is provided to us by a recruitment agency
  • You express an interest in working for us
  • You speak to us or complete an enquiry form at an event
  • You complete an enquiry form on our website

 

How we get your personal information

We receive personal information from the following sources;

  • The information is provided directly by the individual.
  • The information is provided by a third party, such as a recruitment agency.

 

Why we have your personal information

We use this information for the following purposes;

Contractual obligations

We will process the information that is provided to us on the basis that the processing is necessary as we work towards potentially entering into an employment contract with you.

Legal obligations

We may need to process health information in order to make reasonable adjustments to the recruitment process.

Legitimate interest

We will process your information, where this is within our legitimate interest, to make decisions about your recruitment or appointment, such as assessing qualifications for a role. We may also process your information for record keeping and reporting purposes and to defend against legal claims.

Consent

If you have given your consent to do so, we may retain your information so we can contact you about any future employment opportunities that you may be suitable for. You can revoke your consent at any time by emailing hr@af.farm or by calling the HR team on 01603 881881.

When we will share your personal information

With relevant internal parties

At this stage of the application process, your information is likely to be shared with the appropriate hiring manager(s), to enable them to review your suitability for the role that you are applying for.

Sub-Processors

Your information may also be entered onto our HR system and processed through our email system.

Your information may also be shared with any other relevant sub-processors. You can find the current list of sub-processors further down this Policy.

We will not share your information with any other third parties at this stage.

How long we will retain your personal information for

We will hold your CV on file for a maximum of six months unless you have consented for us to keep hold of it for longer.

Please see the next section for how long we will retain you information for if you progress to the next stage of the recruitment process.

The types of personal information that we collect

If you are offered and attend an interview, we will continue to process the information provided to us at the previous stage. We may collect additional information about you during the interview.

Identify information

Such as your first and last name and job title

Contact information

Such as your phone number(s), email address(es) and address.

Other personal information

Such as id numbers, voice recordings, your date of birth, social media handles, employment history, qualification information and any other information that you provide to us as part of this process, such as information provided to us during the interview.

Sensitive personal information

Such as information about your health, sexual orientation, ethnic origin, political opinions, religious beliefs and criminal convictions.

We need to have further justification for collecting, storing and using this type of personal information. Our further justification in this instance is Article 9(2)(b) of the UK GDPR which relates to our obligations as an employer, as we need to know about any reasonable adjustments we may need to make in order for you to attend an interview.

When we collect your personal information

We will collect information about you when;

  • We contact you, or you contact us in order to arrange an interview.
  • You attend an interview, either face to face or via video conferencing.

 

How we get your personal information

We receive personal information from the following sources;

  • The information is provided directly by the individual.
  • The information is provided by a third party, such as a recruitment agency.

 

Why we have your personal information

We use this information for the following purposes;

Contractual obligations

We will process the information that is provided to us on the basis that the processing is necessary as we work towards potentially entering into an employment contract with you.

Legal obligations

We may need to process health information in order to make reasonable adjustments to the recruitment process.

Legitimate interest

We will process your information, where this is within our legitimate interest, to make decisions about your recruitment or appointment, such as assessing qualifications for a role. We may also process your information for record keeping and reporting purposes and to defend against legal claims.

Consent

If you are not successful at this stage and have given your consent, we may retain your information so we can contact you about any future employment opportunities that you may be suitable for. You can revoke your consent at any time by emailing hr@af.farm or by calling the HR team on 01603 881881.

When we will share your personal information

With relevant internal parties

At this stage of the application process, your information is likely to be shared with the appropriate hiring manager(s) and their teams, to enable them to review your suitability for the role that you are being interviewed for.

Sub-Processors

Your information may also be entered onto our HR system and may be processed through our email system. If your interview is conducted remotely, your information will also be processed by our video conferencing software.

Your information may also be shared with any other relevant sub-processors. You can find the current list of sub-processors further down this Policy.

How long we will retain your personal information for

If you are not progressed to the next stage of the recruitment process, you CV and any interview notes will be held for a maximum of six months, unless you have consented for us to hold it for longer than this.

Please see the next section for how long we will retain you information for if you progress to the next stage of the recruitment process.

The types of personal information that we collect

If we provide you with an offer of employment, we will continue to process the information provided to us at the previous stages. We will also need to collect additional information from you before your employment commences.

Identify information

Such as your first and last name and job title

Contact information

Such as your phone number(s), email address(es) and address.

Other personal information

Such as id numbers, voice recordings, your date of birth, social media handles, employment history, qualification information, ID verification documentation and any other information that you provide to us.

Financial information

Such as your national insurance number, bank account details and salary.

Sensitive personal information

Such as information about your health, sexual orientation, ethnic origin, political opinions, religious beliefs and criminal convictions.

We need to have further justification for collecting, storing and using this type of personal information. Our further justification in this instance is Article 9(2)(b) of the UK GDPR which relates to our obligations as an employer, as we need to know about any reasonable adjustments we may need to make.

When we collect your personal information

We will collect information about you when;

  • We request it from you in order to perform any necessary pre-employment checks

 

How we get your personal information

We receive personal information from the following sources;

  • The information is provided directly by the individual.
  • The information is provided by a third party, such as a recruitment agency or a referee.

 

Why we have your personal information

We use this information for the following purposes;

Contractual obligations

We will process the information that is provided to us in order to enter into an employment contract with you.

Legal obligations

We may need to process health information in order to make reasonable adjustments to the recruitment and employment process. We will also need to perform checks to ensure you are legally able to work in the UK.

Legitimate interest

We will process your information, where this is within our legitimate interest, to make decisions about your recruitment or appointment, such as assessing qualifications for a role. We may also process your information for record keeping and reporting purposes and to defend against legal claims.

When we will share your personal information

With relevant internal parties

At this stage of the application process, your information is likely to be shared internally so we can plan the start of your employment and ensure you are set up with access to the appropriate systems.

Third parties

Your information may also be shared with any referees that you have provided to us.

Sub-Processors

Your information will also be entered onto our HR system and may be processed through our email system.

Your information may also be shared with other relevant sub-processors. You can find the current list of sub-processors further down this Policy.

How long we will retain your personal information for

If you don’t accept our offer of employment, your information will be held for a maximum of six months.

Please see the next section for how long we will retain you information for if you accept our offer of employment.

The types of personal information that we collect

If you work with us as a freelance or contractor, or if you join us for a work experience placement, we may collect the following types information about you;

Identify information

Such as your first and last name and job title

Contact information

Such as your phone number(s), email address(es) and address.

Other personal information

Such as voice recordings, images, your date of birth, social media handles, employment history, qualification and insurance information, documentation such as driving license and passport, next of kin details and details about your parent, guardian and your school.

Throughout the duration of your contract or placement, we may also collect;

  • Leave and absence management information, such as attendance records and absence records.
  • Information about your performance including appraisal, disciplinary and grievance information.
  • Information about your use of our information and communication systems.

 

Financial information

Such as your national insurance number, bank account details and salary or payment value(s).

Sensitive personal information

We may ask you to complete a short medical questionnaire to provide appropriate health information for us to make any reasonable adjustments. We need to have further justification for collecting, storing and using this type of personal information. Our further justification in this instance is Article 9(2)(b) of the UK GDPR which relates to our obligations as an employer.

When we collect your personal information

We will collect information from you during the term of your contract or placement.

How we get your personal information

We receive personal information from the following sources;

  • The information is provided directly by the individual.
  • The information is provided by the parent, guardian or school of the individual.
  • The information is provided by a line manager or another AF employee.
  • We sometimes collect information from third-parties, including;
    • Former employers
    • Doctors, medical and occupational health professionals
    • Consultants and other professionals who advise us

 

Why we have your personal information

We use this information for the following purposes;

Contractual obligations

We may process your information in order to meet our contractual obligations to you. We do this to;

  • Enter into and maintain a contract with you.
  • Enable you to carry out your placement.
  • Pay you and make tax and National Insurance contributions.
  • Provide you with employment related benefits.
  • Administer our pension scheme(s).

 

Legal obligations

We may process your information to;

  • Make reasonable adjustments as necessary.
  • Perform checks to ensure you are legally able to work in the UK.
  • Comply with health and safety regulations.
  • Deal with legal disputes involving you and other employees or contractors, including accidents at work.

 

Legitimate interest

We may process your information, where this is within our legitimate interest, to;

  • Communicate with you or your designated contact(s) in the case of an emergency.
  • Conduct performance reviews, manage performance and set performance goals.
  • Help plan your education, training and development requirements.
  • Monitor equal opportunities and diversity.
  • Make a decision about your promotion or suitability for transfer to another role.
  • Gather evidence for grievance or disciplinary matters.
  • Make decisions about your continued employment or engagement and termination of contract.
  • Decide if you’re fit to work or to manage absence.
  • Make decisions about salary reviews and compensation.
  • Gather information to review and better understand employee retention and attrition rates.
  • Carry out business management and planning.
  • Protect your interests or those of another person.
  • Prevent fraud.
  • Monitor your use of our information and communication systems and check your follow our relevant policies, such as the Working From Home policy, Telephones and Electrical Equipment policy and IT policy.
  • To ensure the physical security, IT and network security of the organisation.
  • To defend against legal claims.
  • Allow our members and suppliers to easily contact you, by including some basic personal information including your name, job title and work email address on our website and on externally facing communications.

 

Consent

If we need to process your personal information for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use. You can revoke your consent at any time by contacting the HR department.

When we will share your personal information

Third parties

Necessary information will be provided to HMRC where relevant.

We may also share your personal information with our legal representatives and with occupational health providers if required.

We maintain a staff directory on our website and included a printed version within our twice-yearly member magazine. A small amount of information, such as your name, job title and photograph may be shared using these methods to allow our members and suppliers to easily find the correct person for an enquiry.

Necessary information will also be shared with training providers if you are undertaking any training or development. We may also share your information with our professional advisors, such as our accountants or legal advisors.

Sub-Processors

Your information may also be shared with other relevant sub-processors. You can find the current list of sub-processors further down this Policy.

How long we will retain your personal information for

If you work with us as a freelancer or contractor, we will retain your information for a maximum of six years following the end of your contract.

If you join us for work experience, we will retain your information for a maximum of 6 months from the end of your placement.

AF employees

We will continue to collect information for the duration of your employment. The types of information that we collect may include, but are not limited to the following types of information.

Identify information

Such as your first and last name and job title

Contact information

Such as your phone number(s), email address(es) and address.

Other personal information

Such as id numbers, IP addresses, voice recordings, images, your date of birth, social media handles, employment history, qualification information, documentation such as driving license and passport, next of kin details, relationship status and number of children.

Throughout the duration of your employment, we may also collect;

  • Leave and absence management information, such as attendance records and absence records.
  • Information about your performance including appraisal, disciplinary and grievance information.
  • Information about your use of our information and communication systems.

 

Financial information

Such as your national insurance number, bank account details and salary.

Sensitive personal information

Such as information about your health, sexual orientation, ethnic origin, political opinions, religious beliefs, criminal convictions and biometric information where it is appropriate and necessary for us to do so.

We need to have further justification for collecting, storing and using this type of personal information. Our further justification in this instance is Article 9(2)(b) of the UK GDPR which relates to our obligations as an employer, as we need to know about any reasonable adjustments we may need to make and we need to ensure that we are safeguarding your fundamental rights.

If you have a work mobile phone or tablet, by default these devices will be setup with a PIN number which you will use to unlock the device. You may also have the ability to setup facial recognition or fingerprint recognition as an additional security measure.  If you choose to use the facial or finger print recognition feature, your image or fingerprint will be stored locally on the device. We will process your image or fingerprint under Article 9(2)(a) of the UK GDPR which relates to explicit consent as you will have chosen to use this optional feature. If you setup the facial or fingerprint recognition feature, you can revert back to purely using the PIN number at any time. Please speak to the IT support team if you need any assistance.

We will collect information from you during the course of your employment.

We receive personal information from the following sources;

  • The information is provided directly by the individual.
  • The information is provided by a line manager or another AF employee.
  • We sometimes collect information from third-parties, including;
    • Former employers
    • Doctors, medical and occupational health professionals
    • Consultants and other professionals who advise us

We use this information for the following purposes;

Contractual obligations

We will process your information in order to meet our contractual obligations to you. We do this to;

  • Enter into and maintain an employment contract with you.
  • Pay you and make tax and National Insurance contributions.
  • Provide you with employment related benefits.
  • Administer our pension scheme(s).

Legal obligations

We will process your information to;

  • Fulfil any of our legal obligations as an employer.
  • Make reasonable adjustments as necessary.
  • Perform checks to ensure you are legally able to work in the UK.
  • Comply with health and safety regulations.
  • Deal with legal disputes involving you and other employees or contractors, including accidents at work.

Legitimate interest

We may process your information, where this is within our legitimate interest, to;

  • Give you access to systems and software relevant to your role.
  • Communicate with you or your designated contact(s) in the case of an emergency.
  • Conduct performance reviews, manage performance and set performance goals.
  • Help plan your education, training and development requirements.
  • Monitor equal opportunities and diversity.
  • Make a decision about your promotion or suitability for transfer to another role.
  • Gather evidence for grievance or disciplinary matters.
  • Make decisions about your continued employment or engagement and termination of contract.
  • Decide if you’re fit to work or to manage absence.
  • Make decisions about salary reviews and compensation.
  • Gather information to review and better understand employee retention and attrition rates.
  • Carry out business management and planning.
  • Protect your interests or those of another person.
  • Prevent fraud.
  • Monitor your use of our information and communication systems and check you follow our relevant policies, such as the Working From Home policy, Telephones and Electrical Equipment policy and IT policy.
  • To ensure the physical security, IT and network security of the organisation.
  • To defend against legal claims.
  • Allow our members and suppliers to easily contact you, by including some basic personal information including your name, job title and work email address on our website and on member facing communications, such as our member newsletter and member facing emails.

Consent

If we need to process your personal information for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use. You can revoke your consent at any time by contacting the HR department.

Third parties

Necessary information will be provided to your selected pension provider, HMRC and if necessary, our pension broker Alan Boswell Employee Benefits Ltd.

If you opt in to the company provided private health insurance benefit, the necessary personal information will be provided to Alan Boswell Insurance Brokers Ltd and Aviva so they can add you and any family members to the policy.

We may share your personal information with our legal representatives, ACAS conciliators and occupational health providers if required. Necessary information will also be shared with training providers if you are undertaking any training or development. We may also share your information with our professional advisors, such as our accountants or auditors.

We maintain a staff directory on our website and include a printed version within our twice-yearly member magazine. A small amount of information, such as your name, job title and photograph may be shared using these methods to allow our members and suppliers to easily find the correct person for an enquiry.

Sub-Processors

Your information may also be shared with other relevant sub-processors. You can find the current list of sub-processors further down this Policy.

Employee information will be held for the duration of employment and for a maximum of six years after employment. Limited information such as name, job title and dates of employment may be held for longer than this for reporting purposes.

Other third-parties and their employees

We are sometimes in contact with organisations and individuals who are not Members or suppliers of AF. This may include industry contacts or other organisations that we are working with. This section of the Policy is relevant to anyone who does not obviously fall into any of the above categories.

Identity information

Such as your first and last name and job title.

Contact information

Such as your phone number(s), email address(es) and address(es).

Other personal information

Such as voice recordings, images and social media handles.

Business information

Such as billing / delivery addresses, the business partners / directors, business structure, business requirements and other relevant information about your business.

Sensitive personal information

We will never ask you to provide or intentionally set out to collect or process any sensitive personal information and we ask that you do not provide this to us in any form.

We will collect information about you when;

  • You make contact with us, or we make contact with you, either in person, through social media or by phone or email.
  • You complete a lead sheet at a show or event
  • You attend an online event that we are hosting, such as a webinar
  • You complete an online form or survey.

We receive personal information from the following sources;

  • The information is provided directly by the individual.
  • The third-party organisation, or another employee for the third-party organisation, provides the information to us.
  • The information is provided by another third party.

We use this information for the following purposes;

Contractual obligations

In order to meet our obligations to you under a contract, we may use your data in the following ways:

  • To carry out any other obligations arising from any contracts entered into between you and us.
  • To enforce our membership rules and regulations, or any other agreement we enter into with you.

 

Legal obligations

We reserve the right to use or share your personal information in order to comply with any legal requirements, enforce our membership rules and regulations, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business, our employees, other members and our suppliers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to perform due diligence before allowing goods or services to be provided to you.

Legitimate interest

As a member owned organisation, we may interact with wider industry organisations and individuals where this is beneficial our members. We may process your information where it is within our legitimate interest to;

  • Be proactive in maintaining high levels of service.
  • For knowledge sharing or to participate in wider industry initiatives.
  • To request feedback about AF and your experience interacting with us.
  • To monitor how we are performing as an organisation.

 

Consent

If we need to process your personal information for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use.

Third parties

It may be necessary for us to share your information with other third parties, such as other organisations within the industry. Where this is the case, we will communicate this to you.

Sub-Processors

Your information may also be shared with our sub-processors. You can find the current list of sub-processors further down this Policy.

We will retain your information only for as long as we need it.

Your data protection rights

Please see the relevant sections below for further details on your rights as a data subject. You can exercise any of your rights by emailing us at ops@af.farm or by calling us on 01603 881881.

We will endeavour to comply with any request made within one month from the date of your request. However, we may extend this date to two months if the request is excessive or of a repetitive nature. If we need more than one month to meet your request, we will let you know in advance.

Please note that where we receive requests under this section which are manifestly unfounded or excessive, in particular because of their repetitive character, we may:

  1. Charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or
  2. Refuse to act on the request.

You have the right to request access to the information that we hold on you. In order to protect your information, we may take reasonable steps to verify your identity before we can hand over your information.

You have the right to ask us to update any personal information that is incomplete or inaccurate. We will endeavour to ensure that if we update your information.

You have the right to ask us to delete your personal information if;

  • The personal information is no longer necessary for the purpose which we originally collected or processed it for.
  • You object to the processing of your information and there is no overriding legitimate interest for us to continue this processing.
  • We have processed the information unlawfully.
  • We have to in order to comply with a legal obligation.

You have the right to ask us to restrict or supress the processing of your personal information if;

  • You have previously informed us that the information is inaccurate.
  • We no longer require the information for its original purpose, but we need to hold it, or you ask us to retain the information to comply with legal obligations.
  • We have processed the information unlawfully.
  • We are in the process of deleting your information.

 

We will endeavour to ensure that where you have asked us to restrict the processing of your information, we will inform our selected third parties, including suppliers and contractors accordingly.

You have the right to receive a copy of your information in a commonly used machine-readable format for transfer to another controller, provided you were the one to provide the information. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

This will allow you to move, copy or transfer personal information easily from one IT environment to another. Alternatively, we can transmit such information directly to another organisation. Please note that we may not be able to fully comply with a data portability request if this will affect the rights and freedoms of others.

You have the right to restrict processing based on our legitimate interests. If you exercise your right to object, we will stop processing your personal information unless;

  • We are able to demonstrate compelling legitimate grounds for the processing.
  • The processing is for the establishment, exercise or defence of a legal claim.

What to do if you are not happy with how we process your information

If you consider that we are in breach of our data protection obligations, we would encourage you to contact us in the first instance to see if we can resolve the issue. You can contact us by emailing us at ops@af.farm or by calling us on 01603 881881.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. The ICO website provides further information about their complaints process, which you can access here – https://ico.org.uk/make-a-complaint/data-protection-complaints/. Further contact information for the ICO can be found here – https://ico.org.uk/global/contact-us/

List of sub-processors

Sub Processor
Purpose
Hosting Location
International Transfer Mechanism
Chord UK Ltd
To request feedback
UK
DocuSign
Electronic signature software
EU
Eureka Solutions (Scotland) Limited
Integration platform
UK
Google Analytics
Website analytics
USA
UK SCCs
MailChimp
Email marketing software
USA
UK SCCs
MessageMedia
Text messaging services
UK, Australia, USA
UK SCCs
Microsoft Azure
Hosting, integration and data analytics platform
EU
Microsoft Office 365
Email server, administrative document management and information sharing
EU
Naked Marketing
Magazine mailout services
UK
Opayo
Credit card payment processor
UK
Optimizely
eCommerce software
UK, Europe and USA
UK SCCs
Oracle NetSuite
CRM & Financial accounting and reporting
UK
PageSuite Limited
Digital magazine hosting
EU
ProAgrica
Order and invoice integration platform
UK
Redshelf Ltd T/A InTouch Systems
Backup and disaster recovery purposes
UK
Sage
HR and recruitment software. Payroll software.
EU
Staffbase
Employee intranet
EU
Stripe
Credit card payment processor
UK, Europe and USA
UK SCCs
SystemsLink Energy Manager
Energy management portal
Germany
Tableau
Business reporting
UK