Affinity Fuels


Privacy Policy


About this privacy policy


AF Affinity Limited (Affinity) is committed to protecting and respecting your privacy. Affinity also trades under the name Affinity Fuels.  

This Policy sets out the basis on which Affinity (“We” or “Us”) collects personal data from you and the way in which it will be processed by us. Please read this Policy carefully to understand our views and practices regarding your personal data and how we will treat it.  

For the purposes of the relevant data protection legislation, the “controller” (or “data controller”) is AF Affinity Limited, Company Registration Number: 01525687 of Honingham Thorpe, Colton, Norwich, Norfolk, NR9 5BZ. Questions, comments and requests regarding this Policy are welcomed and should be addressed to [email protected]. Alternatively, you can call us on 01603 881881.  

This Policy was last updated on 02/08/2023 and will be kept under regular review. 

General notices

 

The reasons why we collect and use your personal information will depend on the type of relationship that we have you. To make this Policy more relevant to you, we have broken it down into different sections. Please read the relevant section(s) below for more information, but please also note that more than one section of this Policy may be relevant to you.   

Call recordings

 We record all calls made to and from the Affinity office landline numbers, with the exception of calls where a card payment is taken, when the recording is manually terminated. Calls are recorded for our own legitimate interests for the purposes of;  

  • Assisting in resolving complaints and disputes
  • Ensuring employee safety and wellbeing
  • Assisting in employee training and development
  • Supporting fair and thorough employee relations investigations
  • Ensuring we are providing a high-quality service to our customers  

Access to a recorded call will only be given when the request has been approved by a senior manager and when there is a valid reason for needing to access the call recording.  

We retain call recordings for a maximum of two years. 

Children's information 

We do not provide services directly to children and we do not proactively set out to collect personal information about children.  

If a child’s personal information is processed by us, it is processed in order to meet our obligations under a contract. Invoice information will be securely held by us for a minimum of seven years. We acknowledge that children have the same rights and freedoms as adults when it comes to their personal information. 

Visitors to the Affinity office 

We regularly welcome visitors to the Affinity office. We ask all visitors to sign in and out at reception and we will provide you with a visitors pass. Please ensure you visibly wear your pass for the duration of your visit. We process this information for our legitimate interests, for health and safety and security purposes. We will retain this information for a maximum of six months.  

If we are offering catering to you, we may request dietary requirements in advance of your visit. We collect this information with your consent and hold it only for as long as is necessary.  

CCTV is operated inside our business premises. During normal office hours this operates on a live feed and the video is not recorded. Outside of these hours, these cameras do record for the purposes of crime prevention and to maintain security of the premises. Footage is held for a maximum of 1 month.  

We operate some CCTV external to our business premises for purposes of crime prevention and to maintain security of the premises. Footage is held for a maximum of 2 months.  

Please note, additional CCTV is used external to our business premises but is not operated by us, so we are not the data controller.  

We provide wi-fi to our guests, but we do not record or store any of your information when you use our wi-fi network. 

Websites

We own and operate several different websites. Please see each website’s privacy policy to see the privacy notices relevant to each specific website. The privacy policy for this website can be found here - https://www.affinityfuels.co.uk/WebsitePrivacyPolicy 

Affinity Fuels Customers / Domestic Heating Oil Customers

 

The Types Of Personal Information That We Collect 


When you setup an Affinity account, the types of information we collect about you may include, but are not limited to; 

Identity information 

Such as your first and last name, documentation that will allow us to verify your identity and sometimes your gender. 

Contact information 

Such as your phone number(s), email address(es) and address(es). 

Other personal information 

Such as member numbers, id numbers, voice recordings, images, your date of birth and social media handles 

Financial information 

Such as your bank account details.  

If you are required to pay using a credit card, please note that we do not store credit card information on our own systems, but use third party software to process the payment on our behalf. 

Transaction information 

Such as delivery notes, invoices and credit notes which may contain additional personal information. The exact information provided on these invoices will depend on the goods or services purchased using your Affinity account. 

Sensitive personal information 

We will never ask you to provide or intentionally set out to collect or process any sensitive personal information and we ask that you do not provide this to us in any form. 

When We Collect Your Personal Information

We will collect information about you when;

  • You enquire about Affinity’s services. 
  • You complete a registration form. You provide information requested on a requirement or enquiry form.
  • We visit you or you visit us.
  • You provide specific information to us or we request specific information from you so we can process a quotation or order for goods or services or to arrange delivery or collection of goods or services.
  • We communicate with you, or you communicate with us in the process of managing your account or dealing with any account queries.
  • You complete a lead sheet at a show or event. 
  • You attend an online event that we are hosting, such as a webinar.
  • You complete an online form or survey. 

How We Get This Personal Information

We receive personal information from the following sources;

  • The information is provided directly by the individual. 
  • The account holder, or another contact for the account holder, provides the information to us.
  • The information is provided by a third party, such as on an invoice for goods or services purchased through the account. 

Why We Have Your Personal Information

We use this information for the following purposes;

Contractual obligations 

In order to meet our obligations to you under a contract, we may use your data in the following ways: 

  1. To process your account application.
  2. To manage and administer your account.
  3. To provide a quotation for goods or services.
  4. To provide you with goods or services, which includes managing the collection and delivery of goods and managing any contracting services provided by us or on our behalf. 
  5. To manage your account and to keep accurate records of goods and services provided.
  6. To contact you regarding your account, for example, to liaise with you to arrange collection or delivery of goods, or to provide services as requested.
  7. To invoice you for the goods or services provided.
  8. To resolve any issues or complaints with the goods or services provided or their related transactions.
  9. To take payment for goods or services. 
  10. To provide you with information relevant to any contracts that you hold with us, or information that is pertinent to a service that we provide to you.
  11. To carry out any other obligations arising from any contracts entered into between you and us.
  12. To enforce our terms and conditions, or any other agreement we enter into with you. 

Legal obligations

We reserve the right to use or share your personal information in order to comply with any legal requirements, enforce our terms and conditions, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business, our employees, other customers and our suppliers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to perform due diligence before allowing goods or services to be provided to you.

Legitimate interest 

We may use your information for our legitimate interests, unless those legitimate interests are overridden by any of your interests or fundamental rights and freedoms. We will process information for our legitimate interest to;

  • To report on and proactively manage debt and financial risk.  
  • To request feedback about Affinity and your customer experience.
  • To monitor how we are performing as an organisation. 

Consent 

If we need to process your personal information for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use. 

When We Will Share Your Personal Information 


Approved suppliers 

We will share your relevant information with our approved suppliers when you contact us to enquire about, request a quotation for or place an order for good or services. We will only share relevant information that is necessary to action the enquiry, quotation or order. For example, if you request a quotation for a number of products, we will provide the suppliers with some basic location information, such as a postcode, to allow them to accurately calculate delivery charges.  

When we share your personal information with an approved supplier, you should be aware of the following; 

  • The supplier will become the data controller for any information that we pass to them and will process your information in accordance with their own policies and procedures.
  • Our suppliers are required to sign our Service Level Agreement (SLA) which ensures they will keep your information safe and only process it in compliance with data protection laws.
  • If you are not happy with how a supplier is using your personal information then you have the same rights and freedoms with them as you do with us.  

Authorised contacts 

We will also share your account information with others when you have given us the authority and consent to do so. For example, if you ask us to, we will email your invoices to a spouse or relative as well as to your own email address. You can revoke your consent for us to share this information at any time by contacting us using the information at the top of this Policy. 

Within our group of companies 

Your personal information will be shared with Affinity’s parent company, The AF Group Limited, for account administration and management purposes. 

Sub-Processors 

Your information may also be shared with our sub-processors. You can find the current list of sub-processors further down this Policy.  

Data Retention 


Your information will be held by us for at least twelve months after the last transaction on your account.  

If you decide to close your account, we will continue to hold necessary information for as long as is needed to resolve any outstanding issues, queries, balances or transactions and for at least twelve months after these have all been resolved. We will also continue to retain basic account information, such as name and membership number indefinitely, for business management and reporting purposes. 

Transaction information will be held for at least the minimum amount of time that we are legally required to hold it for. 

Domestic Fuel Customers Who Are Members Of A Community Action Group 


We work closely with several other groups to provide domestic heating oil procurement services to their members. 

The Types Of Personal Information That We Collect 


When we setup your Affinity account, the types of information we collect about you may include, but are not limited to; 

Identity information 

Such as your first and last name, documentation that will allow us to verify your identity and sometimes your gender. 

Contact information 

Such as your phone number(s), email address(es) and address(es). 

Other personal information 

Such as member numbers, id numbers, voice recordings, images, your date of birth and social media handles 

Financial information 

Such as your bank account details.  

If you are required to pay using a credit card, please note that we do not store credit card information on our own systems, but use third party software to process the payment on our behalf. 

Transaction information 

Such as delivery notes, invoices and credit notes which may contain additional personal information. 

Sensitive personal information 

We will never ask you to provide or intentionally set out to collect or process any sensitive personal information and we ask that you do not provide this to us in any form. 

How We Get This Personal Information

We receive personal information from the following sources;

  • The information is provided to us by the third-party organisation that you are a member of.
  • The information is provided directly by the individual. 
  • The account holder provides the information to us.
  • The information is provided by another third party, such as a credit reference agency or on an invoice for goods or services purchased through the account. 

Why We Have Your Personal Information

We use this information for the following purposes;

Contractual obligations

In order to meet our obligations to you under a contract, we may use your data in the following ways: 

  • To process your account application.
  • To manage and administer your account.
  • To provide a quotation for goods or services.
  • To provide you with goods or services, which includes managing the collection and delivery of goods and managing any contracting services provided by us or on our behalf. 
  • To manage your account and to keep accurate records of goods and services provided.
  • To contact you regarding your account, for example, to liaise with you to arrange collection or delivery of goods, or to provide services as requested.
  • To invoice you for the goods or services provided.
  • To resolve any issues or complaints with the goods or services provided or their related transactions.
  • To take payment for goods or services provided. 
  • To provide you with information relevant to any contracts that you hold with us, or information that is pertinent to a service that we provide to you.
  • To carry out any other obligations arising from any contracts entered into between you and us.
  • To enforce our terms and conditions, or any other agreement we enter into with you. 

Legal obligations

We reserve the right to use or share your personal information in order to comply with any legal requirements, enforce our terms and conditions, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business, our employees, other customers and our suppliers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to perform due diligence before allowing goods or services to be provided to you.

Legitimate interest 

We may also use your information for our legitimate interests, unless those legitimate interests are overridden by any of your interests or fundamental rights and freedoms. We will process information for our legitimate interest to;

  • To report on and proactively manage debt and financial risk.  
  • To request feedback about Affinity and your customer experience.
  • To monitor how we are performing as an organisation. Consent 

If we need to process your personal information for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use. 

When We Will Share Your Personal Information 

Approved suppliers 

We will share your relevant information with our approved suppliers when you or the organisation that you are a member of, contacts us to enquire about, request a quotation for or place an order for good or services. We will only share relevant information that is necessary to action the enquiry, quotation or order. For example, if you request a quotation for a number of products, we will provide the suppliers with some basic location information, such as a postcode, to allow them to accurately calculate delivery charges.  

When we share your personal information with an approved supplier, you should be aware of the following; 

  • The supplier will become the data controller for any information that we pass to them and will process your information in accordance with their own policies and procedures.
  • Our suppliers are required to sign our Service Level Agreement (SLA) which ensures they will keep your information safe and only process it in compliance with data protection laws.
  • If you are not happy with how a supplier is using your personal information then you have the same rights and freedoms with them as you do with us.  

Authorised contacts

We may also share your account information with others when you or your membership organisation has given us the authority and consent to do so. For example, if you ask us to, we will email your invoices to a spouse or relative as well as to your own email address. You can revoke your consent for us to share this information at any time by contacting us using the information at the top of this Policy. 

Within our group of companies 

Your personal information will be shared with Affinity’s parent company, The AF Group Limited, for account administration and management purposes. 

Sub-Processors 

Your information may also be shared with our sub-processors. You can find the current list of sub-processors further down this Policy.  

Data Retention 


Your information will be held by us for the length of time that you have an active account with us, and for at least twelve months after the most recent transaction.  

If you decide to close your account, we will continue to hold necessary information for as long as is needed to resolve any outstanding issues, queries, balances or transactions and for up to one year once these have all been resolved. We will also continue to retain basic account information, such as name and membership number indefinitely, for business management and reporting purposes. 

Transaction information will be held for at least the minimum amount of time that we are legally required to hold it for. 

Affinity Business Account Holders  


The Types Of Personal Information That We Collect 


When you apply for an Affinity Business account and during the course of your membership, the types of information we collect about you may include, but are not limited to; 

Identity information 

Such as your first and last name, job title, documentation that will allow us to verify your identity and sometimes your gender. 

Contact information 

Such as your phone number(s), email address(es) and address(es). 

Other personal information 

Such as member numbers, id numbers, voice recordings, images, your date of birth, social media handles and compliance documentation such as qualification certificates or certificates of competence / attendance, shotgun certificates, insurance certificates and machine operator certificates. 

Business information 

Such as billing / delivery addresses, livestock / cropping information, financial statements, copy invoices, trade references, the business partners / directors, business structure, business requirements and other relevant information about your business. 

Financial information 

Such as your bank account details, financial / credit history, credit score and national insurance number.  

Occasionally you may be required to pay using a credit card. We do not store credit card information on our own systems, but use third party software to process the payment on our behalf. 

Transaction information 

Such as delivery notes, invoices and credit notes which may contain additional personal information, such as mobile phone usage. The exact information provided on these invoices will depend on the goods or services purchased using your affinity account. 

Sensitive personal information 

Such as information about your health, sexual orientation, ethnic origin, political opinions, religious beliefs and criminal convictions.  

The only time that we may proactively ask for and process this type of information is if you outsource your payroll processing to us. Please read our policy specific to payroll processing for more information.  

If you purchase Personal Medical Insurance (PMI) through your Affinity account, we will pass your enquiry onto our approved suppliers. Any personal information necessary to obtain a quotation or contract for PMI will be collected and processed by our approved supplier. We will never have access to any sensitive personal information that you provide to our approved supplier and we are not the data controller for any information given to our approved supplier. 

Other than this, we will never ask you to provide or intentionally set out to collect or process any sensitive personal information and we ask that you do not provide this to us in any form. 

When We Collect Your Personal Information

We will collect information about you when;

  • You enquire about opening an Affinity Business account. 
  • You complete an account application form. 
  • You provide information requested on a requirement or enquiry form. 
  • We visit you or you visit us. 
  • You provide specific information to us or we request specific information from you so we can process a quotation or order for goods or services or to arrange delivery or collection of goods or services. 
  • We communicate with you, or you communicate with us in the process of managing your account or dealing with any account queries. 
  • You complete a lead sheet at a show or event. 
  • You attend an online event that we are hosting, such as a webinar. 
  • You complete an online form or survey. 

How We Get This Personal Information 

We receive personal information from the following sources;

  • The information is provided directly by the individual. 
  • The account holder, or another employee for the account holder, provides the information to us, such as a farm owner providing an employee’s name and phone number so they can be contacted to arrange a delivery.
  • The information is provided by a third party, such as a credit reference agency or on an invoice for goods or services purchased through the membership account. 

Why We Have Your Personal Information

We use this information for the following purposes;

Contractual obligations

In order to meet our obligations to you under a contract, we may use your data in the following ways: 

  • To process your account application.
  • To manage and administer your account.
  • To provide a quotation for goods or services.
  • To provide you with goods or services, which includes managing the collection and delivery of goods and managing any contracting services provided by us or on our behalf. 
  • To manage your account and to keep accurate records of goods and services provided.
  • To contact you regarding your account, for example, to liaise with you to arrange collection or delivery of goods, or to provide services as requested.
  • To invoice you for the goods or services provided.
  • To resolve any issues or complaints with the goods or services provided or their related transactions.
  • To take payment for goods or services. 
  • To provide you with information relevant to any contracts that you hold with us, or information that is pertinent to a service that we provide to you.
  • To carry out any other obligations arising from any contracts entered into between you and us.
  • To enforce our terms and conditions, or any other agreement we enter into with you. 

Legal obligations

We reserve the right to use or share your personal information in order to comply with any legal requirements, enforce our terms and conditions, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business, our employees, other members and our suppliers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to perform due diligence before allowing goods or services to be provided to you.

Legitimate interest 

As a business account holder, we feel it is important that you are able to make the most of your membership. We may also use your information for our legitimate interests, unless those legitimate interests are overridden by any of your interests or fundamental rights and freedoms. We will process information for our legitimate interest to;

  • Let you know about the goods or services available to you through Affinity, market information, or any events we are holding, attending or participating in. If you receive this information via email, you are able to unsubscribe from these emails at any time using the unsubscribe link at the bottom of the email. If you receive this information by post, phone call or text message and would prefer not to, please let us know by contacting us using the details at the top of this page.
  • To report on and proactively manage debt and financial risk.  
  • To request feedback about Affinity and your membership experience.
  • To monitor how we are performing as an organisation. 

Consent 

If we need to process your personal information for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use. 

When We Will Share Your Personal Information

Approved suppliers 

We will share your relevant information with our approved suppliers when you contact us to enquire about, request a quotation for or place an order for good or services. We will only share relevant information that is necessary to action the enquiry, quotation or order. For example, if you request a quotation for a number of products, we will provide the suppliers with some basic location information, such as a postcode, to allow them to accurately calculate delivery charges. 

If your account has been put on stop and we have tried all reasonable means to let you know that your account is on stop, we may share this information with suppliers you have recently traded with in order to prevent any further transactions from being processed on your account. When we share your personal information with an approved supplier, you should be aware of the following;

  • The supplier will become the data controller for any information that we pass to them and will process your information in accordance with their own policies and procedures.
  • Our suppliers are required to sign our Service Level Agreement (SLA) which ensures they will keep your information safe and only process it in compliance with data protection laws.
  • If you are not happy with how a supplier is using your personal information then you have the same rights and freedoms with them as you do with us.  

Authorised contacts 

We will also share your account information with others when you have given us the authority and consent to do so. For example, if you ask us to, we will email your invoices to your accountant as well as to your own email address. You can revoke your consent for us to share this information at any time by contacting us using the information at the top of this Policy. 

Within our group of companies 

Your personal information will be shared with Affinity’s parent company, The AF Group Limited, for account administration and management purposes. 

Sub-Processors 

Your information may also be shared with our sub-processors. You can find the current list of sub-processors further down this Policy.  

Data Retention 


Your information will be held by us for as long as your account is active and for at least twelve months after the most recent transaction.  

If you decide to close your account, we will continue to hold necessary information for as long as is needed to resolve any outstanding issues, queries, balances or transactions and for up to one year once these have all been resolved. We will also continue to retain basic account information, such as trading name and membership number indefinitely, for business management and reporting purposes. 

Transaction information will be held for at least the minimum amount of time that we are legally required to hold it for.  

Affinity Employees, Contractors, Freelancers And If You Apply To Work For Us 


The information that we collect and the reasons for processing your information will change as you move through the recruitment and employment process. 

Please see the relevant sections below for more information about how your information will be processed. 

If You Apply To Work For Us, Or Express An Interest In Working For Us 


The Types Of Personal Information That We Collect 

If you apply for a role that we are advertising or submit your information to us in case we may have a role suitable for you now or in the future, we are likely to collect the following personal information. 

Identify information 

Such as your first and last name and job title 

Contact information 

Such as your phone number(s), email address(es) and address. 

Other personal information 

Such as id numbers, voice recordings, your date of birth, social media handles, employment history, qualification information and any other information that you provide to us as part of this process, such as information contained on your CV. 

Within our group of companies 

Your personal information will be shared with Affinity’s parent company, The AF Group Limited, for account administration and management purposes. 

Sensitive personal information 

Such as information about your health, sexual orientation, ethnic origin, political opinions, religious beliefs and criminal convictions, although at this stage of the recruitment process, this will be limited to any information that you have proactively provided to us.  

We need to have further justification for collecting, storing and using this type of personal information. Our further justification in this instance is Article 9(2)(a) of the UK GDPR which relates to explicit consent as you have proactively provided this information to us. 

When We Collect Your Personal Information

We will collect information about you when; 

  • You apply for a role that we are advertising
  • Your information is provided to us by a recruitment agency
  • You express an interest in working for us
  • You speak to us or complete an enquiry form at an event
  • You complete an enquiry form on our website 

How We Get This Personal Information

We receive personal information from the following sources;

  • The information is provided directly by the individual.
  • The information is provided by a third party, such as a recruitment agency. 

Why We Have Your Personal Information

We use this information for the following purposes; 

Contractual obligations 

We will process the information that is provided to us on the basis that the processing is necessary as we work towards potentially entering into an employment contract with you. 

Legal obligations 

We may need to process health information in order to make reasonable adjustments to the recruitment process. 

Legitimate interest 

We will process your information, where this is within our legitimate interest, to make decisions about your recruitment or appointment, such as assessing qualifications for a role. We may also process your information for record keeping and reporting purposes and to defend against legal claims. 

Consent 

If you have given your consent to do so, we may retain your information so we can contact you about any future employment opportunities that you may be suitable for. You can revoke your consent at any time by emailing [email protected] or by calling the HR team on 01603 881881. 

When We Will Share Your Personal Information 

With relevant internal parties 

At this stage of the application process, your information is likely to be shared with the appropriate hiring manager(s), to enable them to review your suitability for the role that you are applying for. This will include employees of Affinity’s parent company, The AF Group Limited.  

Sub-Processors 

Your information may also be entered onto our HR system and processed through our email system. 

Your information may also be shared with any other relevant sub-processors. You can find the current list of sub-processors further down this Policy. 

We will not share your information with any other third parties at this stage. 

Data Retention 

We will hold your CV on file for a maximum of six months unless you have consented for us to keep hold of it for longer.  

Please see the next section for how long we will retain you information for if you progress to the next stage of the recruitment process. 

If You Are Offered And Attend An Interview 


The Types Of Personal Information That We Collect 

If you are offered and attend an interview, we will continue to process the information provided to us at the previous stage. We may collect additional information about you during the interview. 

Identify information 

Such as your first and last name and job title 

Contact information 

Such as your phone number(s), email address(es) and address. 

Other personal information 

Such as id numbers, voice recordings, your date of birth, social media handles, employment history, qualification information and any other information that you provide to us as part of this process, such as information provided to us during the interview. 

Sensitive personal information 

Such as information about your health, sexual orientation, ethnic origin, political opinions, religious beliefs and criminal convictions.  

We need to have further justification for collecting, storing and using this type of personal information. Our further justification in this instance is Article 9(2)(b) of the UK GDPR which relates to our obligations as an employer, as we need to know about any reasonable adjustments we may need to make in order for you to attend an interview.

When We Collect Your Personal Information

We will collect information about you when;

  • We contact you, or you contact us in order to arrange an interview.
  • You attend an interview, either face to face or via video conferencing. 

How We Get This Personal Information

We receive personal information from the following sources;

  • The information is provided directly by the individual.
  • The information is provided by a third party, such as a recruitment agency. 

Why We Have Your Personal Information

We use this information for the following purposes; 

Contractual obligations 

We will process the information that is provided to us on the basis that the processing is necessary as we work towards potentially entering into an employment contract with you. 

Legal obligations 

We may need to process health information in order to make reasonable adjustments to the recruitment process. 

Legitimate interest 

We will process your information, where this is within our legitimate interest, to make decisions about your recruitment or appointment, such as assessing qualifications for a role. We may also process your information for record keeping and reporting purposes and to defend against legal claims. 

Consent 

If you are not successful at this stage and have given your consent, we may retain your information so we can contact you about any future employment opportunities that you may be suitable for. You can revoke your consent at any time by emailing [email protected] or by calling the HR team on 01603 881881. 

When We Will Share Your Personal Information 

With relevant internal parties 

At this stage of the application process, your information is likely to be shared with the appropriate hiring manager(s) and their teams, to enable them to review your suitability for the role that you are being interviewed for. This will include employees of Affinity’s parent company, The AF Group Limited. 

Sub-Processors 

Your information may also be entered onto our HR system and may be processed through our email system. If your interview is conducted remotely, your information will also be processed by our video conferencing software. 

Your information may also be shared with any other relevant sub-processors. You can find the current list of sub-processors further down this Policy. 

Data Retention 

If you are not progressed to the next stage of the recruitment process, you CV and any interview notes will be held for a maximum of six months, unless you have consented for us to hold it for longer than this. 

Please see the next section for how long we will retain you information for if you progress to the next stage of the recruitment process.  

If You Are Offered Employment 


The Types Of Personal Information That We Collect 

If we provide you with an offer of employment, we will continue to process the information provided to us at the previous stages. We will also need to collect additional information from you before your employment commences. 

Identify information 

Such as your first and last name and job title 

Contact information 

Such as your phone number(s), email address(es) and address. 

Other personal information 

Such as id numbers, voice recordings, your date of birth, social media handles, employment history, qualification information, ID verification documentation and any other information that you provide to us. 

Financial information 

Such as your national insurance number, bank account details and salary. 

Sensitive personal information 

Such as information about your health, sexual orientation, ethnic origin, political opinions, religious beliefs and criminal convictions. 

We need to have further justification for collecting, storing and using this type of personal information. Our further justification in this instance is Article 9(2)(b) of the UK GDPR which relates to our obligations as an employer, as we need to know about any reasonable adjustments we may need to make. 

When We Collect Your Personal Information

We will collect information about you when; 

We request it from you in order to perform any necessary pre-employment checks.

How We Get This Personal Information

We receive personal information from the following sources;

  • The information is provided directly by the individual.
  • The information is provided by a third party, such as a recruitment agency or a referee. 

Why We Have Your Personal Information

We use this information for the following purposes; 

Contractual obligations 

We will process the information that is provided to us in order to enter into an employment contract with you. 

Legal obligations 

We may need to process health information in order to make reasonable adjustments to the recruitment and employment process. We will also need to perform checks to ensure you are legally able to work in the UK. 

Legitimate interest 

We will process your information, where this is within our legitimate interest, to make decisions about your recruitment or appointment, such as assessing qualifications for a role. We may also process your information for record keeping and reporting purposes and to defend against legal claims. 

When We Will Share Your Personal Information 

With relevant internal parties 

At this stage of the application process, your information is likely to be shared internally so we can plan the start of your employment and ensure you are set up with access to the appropriate systems. This will include employees of Affinity’s parent company, The AF Group Limited. 

Third parties 

Your information may also be shared with any referees that you have provided to us. 

Sub-Processors 

Your information will also be entered onto our HR system and may be processed through our email system.  

Your information may also be shared with other relevant sub-processors. You can find the current list of sub-processors further down this Policy. 

Data Retention 

If you don’t accept our offer of employment, your information will be held for a maximum of six months. 

Please see the next section for how long we will retain you information for if you accept our offer of employment. 

If You Are An Employee Of Affinity


The Types Of Personal Information That We Collect 

We will continue to collect information for the duration of your employment. The types of information that we collect may include, but are not limited to the following types of information. 

Identify information 

Such as your first and last name and job title 

Contact information 

Such as your phone number(s), email address(es) and address.

Other personal information

Such as id numbers, IP addresses, voice recordings, images, your date of birth, social media handles, employment history, qualification information, documentation such as driving license and passport, next of kin details, relationship status and number of children.  

Throughout the duration of your employment, we may also collect;  

  • Leave and absence management information, such as attendance records and absence records.  
  • Information about your performance including appraisal, disciplinary and grievance information.
  • Information about your use of our information and communication systems. 

Financial information

Such as your national insurance number, bank account details and salary.

Sensitive personal information 

Such as information about your health, sexual orientation, ethnic origin, political opinions, religious beliefs, criminal convictions and biometric information where it is appropriate and necessary for us to do so. 

We need to have further justification for collecting, storing and using this type of personal information. Our further justification in this instance is Article 9(2)(b) of the UK GDPR which relates to our obligations as an employer, as we need to know about any reasonable adjustments we may need to make and we need to ensure that we are safeguarding your fundamental rights. 

If you have a work mobile phone or tablet, by default these devices will be setup with a PIN number which you will use to unlock the device. You may also have the ability to setup facial recognition or fingerprint recognition as an additional security measure.  If you choose to use the facial or finger print recognition feature, your image or fingerprint will be stored locally on the device. We will process your image or fingerprint under Article 9(2)(a) of the UK GDPR which relates to explicit consent as you will have chosen to use this optional feature. If you setup the facial or fingerprint recognition feature, you can revert back to purely using the PIN number at any time. Please speak to the IT support team if you need any assistance. 

When We Collect Your Personal Information

We will collect information from you during the course of your employment. 

How We Get This Personal Information

We receive personal information from the following sources; The information is provided directly by the individual. The information is provided by a line manager or another employee. We sometimes collect information from third-parties, including; 

  • Former employers
  • Doctors, medical and occupational health professionals 
  • Consultants and other professionals who advise us 

Why We Have Your Personal Information

We use this information for the following purposes; 

Contractual obligations

We will process your information in order to meet our contractual obligations to you. We do this to;

  • Enter into and maintain an employment contract with you.
  • Pay you and make tax and National Insurance contributions. 
  • Provide you with employment related benefits.
  • Administer our pension scheme(s). 

Legal obligations

We will process your information to;

  • Fulfil any of our legal obligations as an employer. 
  • Make reasonable adjustments as necessary.
  • Perform checks to ensure you are legally able to work in the UK.
  • Comply with health and safety regulations.
  • Deal with legal disputes involving you and other employees or contractors, including accidents at work. 

Legitimate interest

We may process your information, where this is within our legitimate interest, to; 

  • Give you access to systems and software relevant to your role.
  • Communicate with you or your designated contact(s) in the case of an emergency.
  • Conduct performance reviews, manage performance and set performance goals.
  • Help plan your education, training and development requirements. 
  • Monitor equal opportunities and diversity.
  • Make a decision about your promotion or suitability for transfer to another role.
  • Gather evidence for grievance or disciplinary matters.
  • Make decisions about your continued employment or engagement and termination of contract.
  • Decide if you’re fit to work or to manage absence. 
  • Make decisions about salary reviews and compensation.
  • Gather information to review and better understand employee retention and attrition rates.
  • Carry out business management and planning.
  • Protect your interests or those of another person.
  • Prevent fraud. 
  • Monitor your use of our information and communication systems and check you follow our relevant policies, such as the Working From Home policy, Telephones and Electrical Equipment policy and IT policy.
  • To ensure the physical security, IT and network security of the organisation.
  • To defend against legal claims.
  • Allow our members and suppliers to easily contact you, by including some basic personal information including your name, job title and work email address on our website and on member facing communications, such as our member newsletter and member facing emails. 

Consent

If we need to process your personal information for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use. You can revoke your consent at any time by contacting the HR department. 

When We Will Share Your Personal Information 

Third parties 

Necessary information will be provided to your selected pension provider, HMRC and if necessary, our pension broker Alan Boswell Employee Benefits Ltd. 

If you opt in to the company provided private health insurance benefit, the necessary personal information will be provided to Alan Boswell Insurance Brokers Ltd and Aviva so they can add you and any family members to the policy. 

We may share your personal information with our legal representatives, ACAS conciliators and occupational health providers if required. Necessary information will also be shared with training providers if you are undertaking any training or development. We may also share your information with our professional advisors, such as our accountants or auditors. 

We maintain a staff directory on our website and include a printed version within our twice-yearly member magazine. A small amount of information, such as your name, job title and photograph may be shared using these methods to allow our members and suppliers to easily find the correct person for an enquiry. 

Within our group of companies 

Your personal information will be shared with Affinity’s parent company, The AF Group Limited, for administration and management purposes. 

Sub-Processors 

Your information may also be shared with other relevant sub-processors. You can find the current list of sub-processors further down this Policy. 

Data Retention 

Employee information will be held for the duration of employment and for a maximum of six years after employment. Limited information such as name, job title and dates of employment may be held for longer than this for reporting purposes. 

If You Are A Freelancer, Contractor Or On A Work Experience Placement With Affinity 


The Types Of Personal Information That We Collect 

If you work with us as a freelance or contractor, or if you join us for a work experience placement, we may collect the following types information about you; 

Identify information 

Such as your first and last name and job title 

Contact information 

Such as your phone number(s), email address(es) and address. 

Other personal information

Such as voice recordings, images, your date of birth, social media handles, employment history, qualification and insurance information, documentation such as driving license and passport, next of kin details and details about your parent, guardian and your school.

Throughout the duration of your contract or placement, we may also collect;  

  • Leave and absence management information, such as attendance records and absence records.  
  • Information about your performance including appraisal, disciplinary and grievance information.
  • Information about your use of our information and communication systems. 

Financial information

Such as your national insurance number, bank account details and salary or payment value(s).

Sensitive personal information

We may ask you to complete a short medical questionnaire to provide appropriate health information for us to make any reasonable adjustments. We need to have further justification for collecting, storing and using this type of personal information. Our further justification in this instance is Article 9(2)(b) of the UK GDPR which relates to our obligations as an employer. 

When We Collect Your Personal Information

We will collect information from you during the term of your contract or placement.

How We Get This Personal Information

We receive personal information from the following sources;

  • The information is provided directly by the individual.
  • The information is provided by the parent, guardian or school of the individual.
  • The information is provided by a line manager or another employee.

We sometimes collect information from third-parties, including;

  • Former employers
  • Doctors, medical and occupational health professionals
  • Consultants and other professionals who advise us

Why We Have Your Personal Information

We use this information for the following purposes;

Contractual obligations

We may process your information in order to meet our contractual obligations to you. We do this to; 

  • Enter into and maintain a contract with you.
  • Enable you to carry out your placement.
  • Pay you and make tax and National Insurance contributions.
  • Provide you with employment related benefits.
  • Administer our pension scheme(s). 

Legal obligations

We may process your information to;

  • Make reasonable adjustments as necessary.
  • Perform checks to ensure you are legally able to work in the UK. 
  • Comply with health and safety regulations.
  • Deal with legal disputes involving you and other employees or contractors, including accidents at work. 

Legitimate interest 

We may process your information, where this is within our legitimate interest, to; 

  • Communicate with you or your designated contact(s) in the case of an emergency. 
  • Conduct performance reviews, manage performance and set performance goals. 
  • Help plan your education, training and development requirements. 
  • Monitor equal opportunities and diversity. 
  • Make a decision about your promotion or suitability for transfer to another role. 
  • Gather evidence for grievance or disciplinary matters. 
  • Make decisions about your continued employment or engagement and termination of contract. 
  • Decide if you’re fit to work or to manage absence. 
  • Make decisions about salary reviews and compensation. 
  • Gather information to review and better understand employee retention and attrition rates. 
  • Carry out business management and planning. 
  • Protect your interests or those of another person. 
  • Prevent fraud. 
  • Monitor your use of our information and communication systems and check your follow our relevant policies, such as the Working From Home policy, Telephones and Electrical Equipment policy and IT policy. 
  • To ensure the physical security, IT and network security of the organisation. 
  • To defend against legal claims. 
  • Allow our members and suppliers to easily contact you, by including some basic personal information including your name, job title and work email address on our website and on externally facing communications. 

Consent 

If we need to process your personal information for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use. You can revoke your consent at any time by contacting the HR department. 

When We Will Share Your Personal Information 

Within our group of companies 

Your personal information will be shared with Affinity’s parent company, The AF Group Limited, for administration and management purposes. 

Third parties 

Necessary information will be provided to HMRC where relevant. 

We may also share your personal information with our legal representatives and with occupational health providers if required.  

We maintain a staff directory on our website and included a printed version within our twice-yearly member magazine. A small amount of information, such as your name, job title and photograph may be shared using these methods to allow our members and suppliers to easily find the correct person for an enquiry. 

Necessary information will also be shared with training providers if you are undertaking any training or development. We may also share your information with our professional advisors, such as our accountants or legal advisors. 

Sub-Processors 

Your information may also be shared with other relevant sub-processors. You can find the current list of sub-processors further down this Policy. 

Data Retention 

If you work with us as a freelancer or contractor, we will retain your information for a maximum of six years following the end of your contract. 

If you join us for work experience, we will retain your information for a maximum of 6 months from the end of your placement. 

Third Parties And / Or Their Employees  


The Types Of Personal Information That We Collect 


We are sometimes in contact with organisations and individuals who are not customers of Affinity. This may include industry contacts or other organisations that we are working with. This section of the Policy is relevant to anyone who does not obviously fall into any of the above categories. 

Identity information 

Such as your first and last name and job title. 

Contact information 

Such as your phone number(s), email address(es) and address(es). 

Other personal information 

Such as voice recordings, images and social media handles. 

Business information 

Such as billing / delivery addresses, the business partners / directors, business structure, business requirements and other relevant information about your business. 

Sensitive personal information 

We will never ask you to provide or intentionally set out to collect or process any sensitive personal information and we ask that you do not provide this to us in any form. 

When We Collect Your Personal Information


We will collect information about you when; 

  • You make contact with us, or we make contact with you, either in person, through social media or by phone or email.
  • You complete a lead sheet at a show or event
  • You attend an online event that we are hosting, such as a webinar
  • You complete an online form or survey. 

How We Get This Personal Information


We receive personal information from the following sources;

  • The information is provided directly by the individual.
  • The third-party organisation, or another employee for the third-party organisation, provides the information to us.
  • The information is provided by another third party.

Why We Have Your Personal Information


We use this information for the following purposes;

Contractual obligations

In order to meet our obligations to you under a contract, we may use your data in the following ways:

  • To carry out any other obligations arising from any contracts entered into between you and us.
  • To enforce our membership rules and regulations, or any other agreement we enter into with you. 

Legal obligations

We reserve the right to use or share your personal information in order to comply with any legal requirements, enforce our membership rules and regulations, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business, our employees, other members and our suppliers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to perform due diligence before allowing goods or services to be provided to you.

Legitimate interest

As a member owned organisation, we may interact with wider industry organisations and individuals where this is beneficial our members. We may process your information where it is within our legitimate interest to;

  • Be proactive in maintaining high levels of service.
  • For knowledge sharing or to participate in wider industry initiatives.
  • To request feedback about Affinity and your experience interacting with us.
  • To monitor how we are performing as an organisation. 

Consent

If we need to process your personal information for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use.

When We Will Share Your Personal Information 


Within our group of companies 

Your personal information will be shared with Affinity’s parent company, The AF Group Limited, for administration and management purposes. 

Third parties 

It may be necessary for us to share your information with other third parties, such as other organisations within the industry. Where this is the case, we will communicate this to you. 

Sub-Processors 

Your information may also be shared with our sub-processors. You can find the current list of sub-processors further down this Policy.  

Data Retention 

We will retain your information only for as long as we need it. 

How We Keep Your Personal Information Safe 


The personal information that we hold is stored on premise and we also utilise a number of cloud-based systems, listed under the Sub-processer heading further down this Policy. We use our best endeavours to ensure that your information, whether held on premise or in the cloud, is held securely and in accordance with this privacy policy.  

For all of the personal information that we hold, we will utilise measures, or we will check that our sub-processers utilise measures, appropriate to the harm that might result from unauthorised or unlawful processing or accidental loss, destruction or damage to the information and the nature of the information that we are protecting, in an attempt to keep your information safe.

These measures may include, but are not limited to;

  • Implementing appropriate technical and organisational measures that ensure and demonstrate compliance. This includes data protection policies, staff training, internal audits of processing activities and reviews of internal HR policies. 
  • Maintaining relevant documentation on processing activities.
  • Implementing measures that meet the principles of data protection by design and default. Examples include;
    • Data minimisation
    • Encryption
    • Pseudonymisation 
    • Transparency
    • Allowing individuals to monitor processing
    • Creating and improving security features on an ongoing basis.
  • Using data protection impact assessments where appropriate.
  • Ensuring confidentially, integrity, availability and resilience of systems and services. Examples include;
    • Running firewall and virus-checking software.
    • Downloading the latest patches or security updates as soon as possible.
    • Taking regular backups and keeping them in a separate, secure location.
    • Securely removing all personal information before disposing of hardware such as computers and mobile phones.
    • Use of strong passwords and two factor authentication. 
    • Limiting administrator privileges to necessary and appropriate employees.
    • Role based access levels. 
  • Ensuring that personnel who have access to and / or process personal information are obliged to keep personal information confidential and are trained on how to do so.
  • Regularly assessing and evaluating the effectiveness of the technical and organisation measures that have been adopted. 

Please be aware that unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data when you are transmitting it to us. Any transmission to us is at your own risk. Once we have received your information, we will use strict safeguarding procedures and security features to try to prevent any unauthorised access to your personal information.  

Your Data Protection Rights

Please see the relevant sections below for further details on your rights as a data subject. You can exercise any of your rights by emailing us at [email protected] or by calling us on 01603 881881.

We will endeavour to comply with any request made within one month from the date of your request. However, we may extend this date to two months if the request is excessive or of a repetitive nature. If we need more than one month to meet your request, we will let you know in advance.

Please note that where we receive requests under this section which are manifestly unfounded or excessive, in particular because of their repetitive character, we may:

  • Charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or
  • Refuse to act on the request. 

Right to access / access request

You have the right to request access to the information that we hold on you. In order to protect your information, we may take reasonable steps to verify your identity before we can hand over your information.

Right to rectification

You have the right to ask us to update any personal information that is incomplete or inaccurate. We will endeavour to ensure that if we update your information.

Right to erasure / right to be forgotten

You have the right to ask us to delete your personal information if;

  • The personal information is no longer necessary for the purpose which we originally collected or processed it for.
  • You object to the processing of your information and there is no overriding legitimate interest for us to continue this processing. 
  • We have processed the information unlawfully.
  • We have to in order to comply with a legal obligation. 

Right to restrict processing

You have the right to ask us to restrict or supress the processing of your personal information if;

  • You have previously informed us that the information is inaccurate.
  • We no longer require the information for its original purpose, but we need to hold it, or you ask us to retain the information to comply with legal obligations.
  • We have processed the information unlawfully.
  • We are in the process of deleting your information. 

We will endeavour to ensure that where you have asked us to restrict the processing of your information, we will inform our selected third parties, including suppliers and contractors accordingly.

Right to data portability

You have the right to receive a copy of your information in a commonly used machine-readable format for transfer to another controller, provided you were the one to provide the information. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

This will allow you to move, copy or transfer personal information easily from one IT environment to another. Alternatively, we can transmit such information directly to another organisation. Please note that we may not be able to fully comply with a data portability request if this will affect the rights and freedoms of others.

Right to object

You have the right to restrict processing based on our legitimate interests. If you exercise your right to object, we will stop processing your personal information unless; We are able to demonstrate compelling legitimate grounds for the processing. The processing is for the establishment, exercise or defence of a legal claim. 

What To Do If You Are Not Happy With How We Process Your Information  


If you consider that we are in breach of our data protection obligations, we would encourage you to contact us in the first instance to see if we can resolve the issue. You can contact us by emailing us at [email protected] or by calling us on 01603 881881. 

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. The ICO website provides further information about their complaints process, which you can access here - https://ico.org.uk/make-a-complaint/data-protection-complaints/. Further contact information for the ICO can be found here - https://ico.org.uk/global/contact-us/.   

List of Sub-Processors


Sub Processor Purpose Hosting Location International Transfer Mechanism
DocuSign Electronic signature software EU
Eureka Solutions (Scotland) Limited Integration platform UK
Google Analytics Website analytics USA UK SCCs
MailChimp Email marketing software/td> USA UK SCCs
MessageMedia Text messaging services UK, Australia, USA UK SCCs
Microsoft Azure Hosting, integration and data analysis platform EU
Microsoft Office 365 Email server, administrative document management and information sharing EU
Naked Marketing Magazine mailout services UK
Opayo Credit card payment processor UK
Optimizely eCommerce software UK, Europe and USA UK SCCs
Oracle NetSuite CRM & Financial accounting and reporting UK
PageSuite Limited Digital magazine hosting EU
ProAgrica Order and Invoice integration platform EU
Redshelf Ltd T/A InTouch Systems Backup and disaster recovery purposes UK
Sage HR and recruitment software. Payroll software EU
Staffbase Employee intranet EU
Stripe Credit card payment processor UK, Europe and USA UK SCCs
SystemsLink Energy Manager Energy Management portal Germany
Tableau Business reporting UK