The UK's leading provider of commercial kitchen

solutions geared around operational design and asset

management.

GDPR Readiness Statement

The Advance Group is committed to your privacy, keeping your personal data secure, and compliance with the General Data Protection Regulation (GDPR) which goes into effect on May 25th, 2018.

The GDPR is a new regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify the personal data protection rights of all individuals residing in the European Union (EU). The GDPR also governs how the personal data of EU residents can be transferred and processed both within and outside the EU. The GDPR gives EU residents specific rights concerning the collection, processing, and storage of their personal data and aims to simplify the regulatory environment which governs how international business is conducted with regard to management of an EU resident’s personal data. Upon implementation, the GDPR will replace Directive 95/46/EC.

The Advance Group is actively working to ensure our processes and systems meet the rigorous requirements of the GDPR and aims for full compliance on or before the effectual date. We understand that our customers may have questions regarding the terms of the GDPR and as such we have prepared this statement to assist you in your pursuit of understanding. You can access and review the entire legislation at the following link: http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf

GDPR Territorial Scope

The GDPR applies to all Data Controllers and Data Processors who collect, process and/or store personal data of Data Subjects who reside in the EU, regardless of the Data Controller’s or Data Processor’s location.

How does the GDPR define personal data?

Personal data is any information relating to a natural person (a ‘Data Subject’) that can be used to directly or indirectly identify that person.

Who does the GDPR consider a Data Controller?

A Data Controller is an individual or entity that determines the reason, purpose, terms and process by which personal data is captured and processed.

Who does the GDPR consider a Data Processor?

A Data Processor is an individual or entity that processes and stores personal data on behalf of a Data Controller.

Obtaining Data Subject Consent

A Data Subject must be presented with the option to provide consent for collection, processing and storage of their personal information in an intelligible format in an easily accessible form. Consent must provide clear and distinguishable information, in plain language, that accurately describes the purpose for which consent is being granted. Additionally, consent must be withdrawable in an easily accessible form. The Advance Group will have appropriate instruments in place to aid in proper navigation of these new GDPR consent requirements.

A Data Subject’s Right to Access, Update, Port and/or Request Deletion of Personal Information

A Data Subject has the right to obtain from the Data Controller confirmation as to whether personal data concerning them is being collected, processed, and/or stored, where these activities are taking place and for what purpose. Further, the controller must provide a copy of the Data Subject’s personal data, free of charge, in a common electronically readable format upon request from the Data Subject. Data Subjects also have the right to request that personal data being collected, processed and/or stored concerning them be updated and/or deleted upon request. The Advance Group will have appropriate instruments in place to aid in proper navigation of these new GDPR consent requirements.

The Advance Group is committed to safeguarding personal information as we believe that such is paramount to our mutual success and to maintaining the trust relationship already forged with our customers.

© Advance Group 2017