This is the privacy statement of George Tufts and Son Ltd Trading As Tufts.

At Tufts we are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, that you provide us or that we receive from others about you will be processed by us. It includes data that we hold in paper files and electronically.

If you have any questions in regards our privacy policy please contact us Tufts, Hale Road, Bradenham, Norfolk, IP25 7RA, email accounts@georgetufts.co.uk or telephone 01362 820365.

In order to operate, the Company needs to collect and use certain types of information about the people with whom it deals, these include current, past and prospective employees, clients, suppliers and others with whom it communicates. This personal information must be dealt with properly however it is collected, recorded and used, whether on paper, in a computer or recorded on other material and certain safeguards are in place to ensure this has been done in accordance with the General Data Protection Regulations (GDPR)2018.

We take the issue of data protection very seriously. We will process data to deliver goods and or services that we are contracted to provide to you. We confirm, when processing data on your behalf that we will comply with the provisions of the relevant data protection and regulation. We do not sell, rent or lease any of the personal information collected from you to third parties. We do not use or disclose sensitive personal information, such as race, religion, or political affiliations (in the event that we become aware of any).

The Company fully endorses and adheres to GDPR and its data protection principles therefore all data will be:

- Processed lawfully, fairly and in a transparent manner in relation to individuals.

- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

- Accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data that is incorrect for the purposes for which they are processed, is erased or rectified without delay.

- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

The personal information that we collect will vary depending on which product or service we deliver.

These may include (the list is non-exhaustive):

- Personal Identifiable Information (Names, email address, postal information, DOB)

- Financial

- Restrictive/Sensitive

- Confidential

- IP Addresses

We collect information through communication at our Business or via telephone and email. The basis for the processing of client data where supply of services/goods exists is under the following paragraphs of the General Data Protection Regulation (GDPR): Article 6 1.(f). Our legitimate interest means the interest of our Company in conducting and managing our business to enable us to provide the best service. The purposes for which personal information is processed may include any or all of the following (the list is non-exhaustive):

- Deliver services and meet legal responsibilities

- Verify identity where this required

- Communications by post, email or telephone

- Understand needs and how they may be met

- Maintain records

- Process Financial Transactions

- Prevent and detect crime, fraud or corruption

Data will be held and processed for the purpose of providing the service that we are contracted to.

Only those employees who have a legitimate need to access data will be authorised to do so.  We may also be required to share your data with some third parties.  For example, if we have a problem with some software, it may be necessary to provide the software supplier with specific data.  However, where this is necessary, we only disclose the information that is required to resolve the issue, and we have a contract in place that requires them to keep your information secure and not to use for their own purposes.

We may transfer personal data to insurers, payroll, bankers, legal, medical and other professional advisers, administrators of our pension scheme and other companies to which we have contracted work relating to any of the above purposes for which the personal data is to be used. The Company will ensure that any such information passed on to third parties is secure and that those third parties data protection policies comply with GDPR.

To meet our legal data protection and privacy obligations, we only hold on to your information for as long as we need it and for the purposes, we acquired it in the first place. We will
collect personal data and retain it for as long as required under current legislation. We will not sell, distribute or lease your personal information to third parties unless we are required by law to do so. If you believe that any information or details, we are holding on you is incorrect or incomplete, please write or email us as soon as possible, we will promptly correct any information found to be incorrect. Any social media posts or comments you send to us on our Facebook page will be shared under the terms of the relevant social media platform on which they are written and could be made public. Other people, not us, control these platforms. We are not responsible for this kind of sharing. We recommend you should review the terms and conditions and privacy policies of the social media platforms you use.

You have the right, subject to a number of exceptions, to know what information we hold about you. You have the right to have any information we hold about you corrected if inaccurate or incomplete. You have the right to ask us to delete personal information about you where you consider that we no longer require the information for the purposes for which it was obtained or you believe our use of your personal information is contrary to law or our other legal obligations. You have the right to object to us processing your personal data on the basis of legitimate interest. We will stop processing your data on the basis of legitimate interest unless there are compelling legitimate
grounds for us to continue.

The premises at Tufts is monitored by CCTV footage for security and health and safety purposes. Any individuals entering as a customer, supplier, visitor or employee will be
recorded on the CCTV system.

We will keep this privacy statement under regular review.