Privacy Statement – Gradewell Group

Gradewell Group Ltd is committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or

as otherwise stated at the point of collection.

Personal data is any information relating to an identified or identifiable living person. Gradewell Group Ltd processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ. When collecting and using personal data, our policy is to be transparent about why and how we

process personal data.

1. CLIENTS

Gradewell Group Ltd processes personal data about contacts (existing and potential clients and/or individuals associated with them). This information will include name, employer name, contact title, phone, email and other business contact details.

Personal data relating to business contacts may be used by Gradewell Group Ltd for the following

purposes:

• Administering, managing and developing our businesses and services

• Providing information about us and our range of services

• Making contact information available to Gradewell Group Ltd personnel

2. SUPPLIERS

Gradewell Group Ltd collects and processes personal data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients.

We use personal data for the following purposes:

• Receiving services

• Providing services to clients

• Administering, managing and developing our businesses and services

• Security, quality, health & safety and risk management activities

• Providing information about us and our range of services

• Complying with any requirement of law, regulation or a professional body of which we

are a member

As with any provider of services, we are subject to legal, regulatory and professional

obligations. We need to keep certain records to demonstrate that our services are provided in

compliance with those obligations and those records may contain personal data.

3. VISITORS TO OUR WEBSITE

Visitors to our websites are in control of the personal data shared with us. We may capture limited personal data automatically via the use of cookies on our website. We use small text files called ‘cookies’. The use of cookies is now standard operating procedure for

most websites. However, if you are uncomfortable with the use of cookies, most browsers now permit users to opt-out of receiving them. Additionally, after ending the visit to our site, you can always delete the cookie from your system if you wish.

Visitors are also able to send an email to us through the website. Their messages will contain the user’s screen name and email address, as well as any additional information the user may wish to include in the message.

We ask that you do not provide sensitive information to us when using our website; if you choose to provide sensitive information to us for any reason, the act of doing so constitutes your explicit consent for us to collect and use that information in the ways described in this privacy statement or as described at the point where you choose to disclose this information.

4. VISITORS TO OUR OFFICES

We have security measures in place at our office, including CCTV. There are signs in our office showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires

investigation (such as a theft).

We keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis (e.g. to look into an incident).

5. STAFF

We collect personal data concerning our own personnel as part of the administration,management and promotion of our business activities.

6. OTHERS

We collect personal data when an individual gets in touch with us with a question, comment or feedback (such as name, contact details and contents of the communication). In these cases, the individual is in control of the personal data shared with us and we will only use the data for the purpose of responding to the communication.

RETENTION OF DATA

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

Gradewell Group Ltd do not sell or otherwise release personal data to third parties for the purpose of allowing them to market their products and services without consent from individuals to do so.

Dated: 10 Feb 2020