Privacy and GDPR

We take your privacy extremely seriously.

We pay due care and attention to our responsibilities and your rights under the new Data Protection Bill/Act, which transfers the EU General Data Protection Regulation (GDPR) into UK law from 25 May 2018.

This policy relates to all companies within the Advance Group Holdings Ltd group (“the ADVANCE group) and all related companies. It sets out our approach to privacy, data security and data protection.

We have gone to great lengths to ensure the integrity and safety of the data we handle, investing in and implementing robust processes and systems as well as conducting comprehensive staff training.

If, however, you feel that we have mishandled / misused your personal data in any way then please get in touch by emailing [email protected].

Our process for handling requests and complaints related to data protection is set out below.

Our approach to privacy and data security

Your privacy is extremely important to us which is why, in March 2018, we underwent a rigorous GDPR readiness assessment in order to achieve IASME Governance certification.

The assessment, which was conducted by an authorised IASME certification body, involved an on-site audit covering three security standards:

  • GDPR readiness (data protection);
  • Cyber Essentials (IT systems); and
  • IASME Governance (IT/organisational processes).

The GDPR readiness assessment covered all 12 of the preparation steps recommended by the ICO.

The IASME Governance standard – which is based on international best practice – utilises a risk-based approach in order to assess a company’s information security.

IASME is one of just five recognised accreditation bodies for assessing and certifying against the government’s Cyber Essentials scheme.

Personal data

Due to the nature of work undertaken, it is necessary for companies within the ADVANCE group and all related companies to process personal data.

Our lawful basis for processing personal data, as set out in GDPR Article 6, is:

  1. CONTRACTUAL – processing is necessary for the performance of a contract; and / or
  2. LEGAL – processing is necessary for compliance with a legal obligation; and / or
  3. LEGITIMATE INTEREST – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

Data access requests and the 'right to be forgotten'

In order to comply with rules set out by government departments and meet legal obligations, the companies within the ADVANCE Group are required to retain certain information for a specified period of time.

If, however, you wish to request a breakdown of the information we hold on you and / or ask for this to be erased in line with your ‘right to be forgotten’, please complete the form below.

In line with GDPR, our starting point is that data subject access requests (SARs) and 'right to erasure' requests should be responded to free of charge within one month.

Visit our contact page to make a request today

Data retention

Companies within the ADVANCE Group and all related companies must process personal data in order to operate efficiently and comply with statutory requirements.

The type of record determines the length of time we must keep the record must be kept for.

For example, the below extract from the Home Office document, An employer’s guide to acceptable right to work documents, sets out the obligations regarding retention of evidence of a person’s right to work in the UK:

You must keep a record of every document you have checked. This may be a hard copy or a scanned and unalterable copy, such as a jpeg or pdf document. You should keep the copies securely for the duration of the person’s employment and for a further two years after they stop working for you.

Meanwhile, as a provider of accountancy services, Advance Accounting Solutions Ltd must retain VAT data and company accounts for six years.

These are just examples. The list of statutory requirements with which we must comply is extensive.

Please refer to your employment contract, subcontracting agreement or engagement letter for more information.

Accountability for data breaches and other grievances

Companies within the Advance Group and all related companies feature on the Data Protection Public Register – a searchable database of organisations that is managed by the Information Commissioner’s Office (ICO).

The ICO is the independent body set up to uphold information rights in the UK.

If you believe that we have mishandled your personal information and would like to report a concern, you can do so by visiting this page of the ICO website and using our ICO registration numbers:

  • Advance Contracting Solutions Limited – ZA302907
  • Advance Accounting Solutions Limited – ZA068387
  • Advance Contract Solutions Limited – ZA325085
  • Advance Medical Limited – ZA325102

In the unlikely event of a data breach, we will report the incident to the ICO within 72 hours of becoming aware, in line with GDPR requirements.

Data sharing

Companies within the ADVANCE Group and all related companies will occasionally be required by law to share personal data with certain public and government bodies, such as HMRC, the Home Office, the police and other law enforcement agencies.

In addition, we may from time to time share personal data with other businesses.

ADVANCE may contact you via email to invite you to review any services and/or products you received from us in order to collect your feedback and improve our services (the “Purpose”). We use an external company, 'Trustpilot', to collect your feedback which means that we will share your name, email address and reference number with Trustpilot for the “Purpose”. If you want to read more about how Trustpilot process your data, you can find their Privacy Policy here.

ADVANCE may also use such reviews in other promotional material and media for our advertising and promotional purposes.

Please refer to your employment contract, subcontracting agreement or engagement letter for more information.

IT and information security

All data held by the ADVANCE Group and all related companies, including email data, is stored in the UK on a secure server within a dedicated datacentre.

For additional safety, our server benefits from a UPS (Uninterruptable Power Supply). A UPS is a device that supplies battery backup power to the server and associated electronics, in the event of a power failure.

Contingency plans are set out in detail in a business continuity / disaster recovery plan.

Third-party software platforms

At the ADVANCE Group we use a multitude of third-party software platforms in the course of our day-to-day business. We have conducted an audit of all providers and are satisfied that they all comply with relevant cyber and data security requirements under GDPR.

If, however, we become aware of a breach involving personal data held by one of our third-party software partners we will report this to the ICO in line with the process set out above.

Get in touch

If you have any questions or concerns regarding privacy or the way in which the ADVANCE Group handles your data, please email [email protected] or call us on 01244 564 564.

Website and website forms

In order to improve the overall experience of using our website, we collect cookies and other anonymous information about our visitors.

If you have contacted us through a form on our website, by ticking the relevant box you consented to us using the data supplied to contact you in line with this privacy policy.

If you enquire via our website about our solutions or services but do not subsequently become engaged or advised by ADVANCE, we will erase your details from our systems after three months.

If you were not engaged or advised by ADVANCE following your enquiry and would like us to remove your details sooner, please email [email protected].

Call today on 01244 564 564