Federal Group Ltd (Federal) is a data controller and will collect and process personal data in order to provide services. Federal is required to explain what personal data we collect, the purpose for processing and the legal basis we rely on. If a client or individual wants more information or has questions they can contact our Data Compliance Manager via our contact page.

What personal information does Federal collect and why is it processed?

Federal collects and processes a range of information containing personal data. We process this information in order to provide services as a consulting firm under our agreements and contracts with clients, or to comply with legal obligations. We are required to process personal information when we are contracted to provide our consulting services. The personal data we collect and use will only be the minimum necessary for dealing with client requirements under our contract with them. The following information shows the particular data we collect and process, and why.

Data processed as necessary for the performance of a contract with clients includes:

• Contact Details (name, telephone numbers, email, address), for contacting individuals regarding the cases or projects we are dealing with.
• Insights and Analysis. Any personal data that is required in the collection of insight and analysis; this could be views or opinions shared by individuals; or other data as is required.

Data processed that is necessary for the legitimate interests of Federal or a third party:

• Contact Details (name and email), for keeping in touch and to send information about changes to our services or legal updates. Individuals will always be given the option to unsubscribe from receiving these communications and if any individuals do not want to receive this information they can contact via our contact page.

How does Federal protect personal data?

• Federal takes the security of data seriously. Federal has policies and controls in place to ensure data is not lost, accidentally destroyed, miss-used or disclosed, and is not accessed except by those authorised persons who have a need to know in order to perform their duties and are under a duty to maintain the confidentiality and security of such information.
• If personal data is transferred out of the EU we ensure that adequate safeguards are in place, relying on an adequacy agreement or other contractual terms as appropriate.

Who has access to personal data?

• Information may be shared internally within Federal on a need to know basis as is appropriate for the particular services that we are providing to our clients.  We may also share personal data with appropriate and trusted third parties where it is necessary for the service we provide, where we do so we ensure that the appropriate contacts and security measures are in place to protect an individual’s personal data:
• Service providers and their sub-contractors we are using to run our business including sales and marketing service providers (HubSpot); accounting (Xero) and IT services providers (Microsoft). Where we use these providers, we have appropriate contractual arrangements in place to ensure third parties do not use an individual’s data for their own purposes and keep data secure
• We will also share an individual’s data if required to by law with, for example, Government authorities, regulators for compliance with our legal requirements.

How long do we keep personal data?

• We can hold onto personal data for five years.  Your data will be securely destroyed when it is no longer required.

Data Protection Rights Under General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Federal takes steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

The rights of individuals

As a data subject, individuals have rights in relation to personal data. These are listed below.

• The right to access information about an individual’s own personal data Federal is processing and to obtain a copy of it;
• The right to require Federal to change any incorrect or incomplete data;
• The right to object to the processing of their own data where Federal is relying on its legitimate interests as the legal ground for processing.
• The right to require Federal to erase or stop processing an individual’s data in certain circumstances; and

A fee will not generally be charged for exercising any of these rights unless an individual’s requests are unfounded or are manifestly excessive. If an individual would like to exercise any of these rights, or if they have any concerns about how their personal data is being processed, they can contact our Data Compliance Manager via our contact page.  

If an individual still believes that Federal has not handled their personal data properly or has not complied with their rights, they can contact the Information Commissioner. Contact details are available at www.ico.org.uk.

Federal has policies and controls in place to ensure that their data is not lost, accidentally destroyed, miss-used or disclosed, and is not accessed except by authorised persons who have a need to know in order to perform their duties and confirm that these persons are under a duty to maintain the confidentiality and security of such information.

Changes to this policy

The Company reserves the right to update or amend this policy at any time.  This policy was last updated on 10 May 2021.