top of page


Our values on user privacy and data protection

  • User privacy and data protection are human rights.

  • We have a duty of care our customers, staff and stakeholders with their data.

  • Data is a liability and should only be collected and processed when absolutely necessary

  • We dislike spam as much as you do.

  • We will never sell, rent or otherwise distribute or make public your personal information.

1. Relevant legislation

Along with our business and internal computer systems, this website is designed to be used by UK residents only.  It complies with the following national and EU legislation with regards to the data protection of our customers, partners and user privacy.

2. Personal data that this website collects and why we collect it

This website collects and uses personal information for the following reasons:

2.1 Website Visitor Tracking

This website uses Google Analytics to track user interaction. We use this information to determine the number of people using our website, to better understand how you find and use our website, your journey to and from our site but also how you travel through it.

Google Analytics records data that does not identify you as an individual such as geographical location, your type of device, your type of internet browser, operating system and age group.

Google Analytics is a third party data processor as listed under 6.  Google Analytics uses cookies at the heart of its application, details of which can be found on

Disabling cookies on your internet browser will stop Google Analytics from tracking any part of your visit to any area of our website. For further information on cookies in section 4. Disabling cookies via our pop up reminder may also prevent some areas of our website to operate in the way they are intended.

2.2 Contact Forms

We use contact forms on this website. Should you choose to contact us by using our contact forms in any area of our website, data that you supply will be stored by this website. See point 5 for further information about this website’s server, its back up and its security arrangements.

The data submitted through our contact forms will be transmitted into our in-house databases, Microsoft Dynamics NAV, Mintsoft and Xero.  Microsoft Dynamics, Mintsoft and Zero are an installed third party software, designed to assist with finance, manufacturing, customer relationship management supply chains and similar. We host these IT solutions on dedicated cloud servers for your added security. Enquiries and purchases arranged in this way are processed by our in-house team.

Data collected with these forms are the basic building blocks required to provide you with our products and services. Not providing this information or asking us to stop using it, will prevent us from offering our products and services to you.

Information submitted through some of our contact forms is emailed to our in-house team directly using Simple Mail Transfer Protocol (SMTP). The email content is then decrypted by our local computers and electronic devices.

Our contact forms enable you to join our mailing list. We don’t like junk mail either so joining our list of contacts does not mean we will fill up your inbox with dozens of emails every day. Our mailing list service is provided by Mailchimp which is also built into our website. Mailchimp will receive your name and email address so that we can send you special offers once in a while. You can choose to leave this mailing list at any time by following the directions to unsubscribe or by contacting us directly.

Mailchimp is a third party data processor as listed under 6.

2.3 Payment Details

Any purchases made on our website are processed through an integrated PayPal portal. PayPal is a third party data processor as listed under 6. For your information security, we ensure that our website does not process or store your payment information. Payment is processed by PayPal following which this payment is processed in our accounting system Microsoft Dynamics NAV.

NAV, Mintsoft and Xero are a third party data processor as listed under 6.

We offer specialist products and services for which you may be able to receive a VAT exemption. Customers providing us with information for such exemption are advised that relevant details will be provided to HMRC to validate the purchase in compliance with section 2.7.

HM Revenue & Customs is a third party data processor as listed under 6.

2.4 Delivery

Purchases made on this website are processed for delivery by our in-house staff. Delivery of your purchase is arranged with Royal Mail, UPS or Parcelforce. Royal Mail, UPS and Parcelforce are a third party data processor as listed under 6.

2.5 Email Links

We provide email links for your convenience on our website. Should you choose to contact us by using our email links, none of the data that you supply will be stored by this website.  You will essentially transfer off of our website and into your own email system.

2.6 Other Websites

Our website contains links to enable you to visit other sites of interest easily. Once you have used these links to leave our site you should note that we do not have any control of the other website. We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Data collected about your interaction with this website is not transferred to or otherwise shared with the website you are transferring to.

2.7 Other People’s data

You must not send us personal information about someone else without first getting his or her consent for it to be used and disclosed in the ways set out in this statement. This is because we will assume he or she has agreed, although we may still ask for confirmation from them. Where you do give us information about someone else, or someone else discloses a connection with you, that information may be taken into account with your other personal information.

2.8 Customer Login

Our customer login section is padded with additional security for your protection. Passwords are hashed and salted where each salt is unique each time with up to 64 characters.  We do not store your card or bank information on our servers, ever.

In order to secure your login, our website supports multi-factor authentication with username and password.

3. Cookies

A cookie is a small text file containing information that our website transfers to your computer’s hard disk or other electronic devices for record-keeping purposes and allows us to analyse our site traffic patterns. It does not contain chocolate chips, you cannot eat it and there is no special hidden jar.

We use cookies to make our website work, or to work more efficiently, as well as to collect information. They help us to understand how you use our website, enable you to apply for finance online with us and indeed help us develop and improve its design, layout, content and function.

You can disable cookies by changing settings in the preferences or options menu in your browser. You can set your browser to reject or block cookies or tell you when a website tries to put a cookie on your electronic device. You can also delete cookies that are already stored on your device. Please be aware deleting and blocking all cookies from our website may stop parts of the site from working.

To find out more about cookies, including seeing what cookies have been set and how to manage and delete them, visit 

If you do not wish to accept cookies from our website, please leave this site immediately and then delete and block all cookies from this site. Alternatively, you may opt out of receiving information from us by e-mail, telephone or post. Our number is 0800 983 6000, you can e-mail us at or write to us at Afia Ltd, Easistore Room 7F, North Farm Estate, Longfield Road, Tunbridge Wells, Kent, TN2 3EY.

4.How we store your personal information

As detailed under section 3 above, if you contact us by using our contact forms, the information you provide will be stored on the website’s database.

We endeavour to take all reasonable steps to protect your personal information. However, we cannot guarantee the security of any data that you disclose online and we will not be responsible for any breach of security unless this is due to our negligence or wilful default.

Once we receive your information into our systems, your data will be stored securely in line with legal and regulatory requirements.

5. About this website’s server

This website is hosted by SiteGround Hosting Limited on a UK based server.

Some of the data centre’s more notable security features are as follows:

  • Optical, ionisation and heat detection sensors

  • 24/7 On-site security teams

  • CCTV with PIR motion detectors, beam detectors and alarms

  • Bullet proof lobbies

  • Dual-factor entry system

  • Surplus generators and multiple power feeds to support ongoing operation

Full detail of SiteGround Hosting Limited’s data centre can be found on

All traffic (transfer of files) between this website and your browser is encrypted and delivered over Hyper Text Transfer Protocol Secure (HTTPS).

All traffic between this website and our server is enforced with HTTP Strict Transport Security policy (HSTS).

6. Our Third Party Data Processors

We use a number of third parties to process personal data on our behalf. These third parties have been carefully selected and all of them comply with the legislation set out in section 2.

  1. Google Analytics is based in the U.S. and complies with the EU-US Privacy Shield. Google’s Privacy Policy is here.

  2. Mailchimp is a trading style of The Rocket Science Group LLC based in the U.S and complies with the EU-US Privacy Shield. Mailchimp’s Privacy Policy is here.

  3. PayPal (Europe) is a licenced as a credit institution in Luxembourg and complies with the prevailing UK legislation as outlined under 2. PayPal’s Privacy Policy is here.

  4. Microsoft Dynamics NAV data is held on our server located in the UK.  Microsoft Dynamics NAV complies with the prevailing UK legislation as outlined under 5 alongside the EU-US Privacy Shield Sage’s Privacy Policy is here.

  5. HM Revenue & Customs are based in the UK and complies with the prevailing UK legislation as outlined under 2. HMRC’s Privacy Policy is here.

7. Marketing

We will specifically ask you if you would like to hear from us in the future.  Enabling us to contact you in the future with offers of products and services does not prevent you from removing yourself from our distribution lists in the future. Contact us in writing by post or email and we will remove you. Alternatively you may remove yourself from our Mailchimp operated mailing lists. For further information on Mailchimp see section 6.

8. Data Breaches

We will report any unlawful data breach relevant to this website or the database of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been lost, stolen or accidentally destroyed.

Our first point of contact in such cases is the Information Commissioners Office (ICO) as our regulatory authority in all aspects of privacy and data protection. The ICO can be contacted via and our registration under Afia Limited with them can be found on the public register.

9. Data Controller

The data controller of this website is Afia Limited. Our registration with the ICO can be found on the public register under our registered address Easistore Room 7F, North Farm Estate, Longfield Road, Tunbridge Wells, Kent, TN2 3EY with registration number Z9927869.

10. Data Protection Officer

Nick Kelly
Managing Director
01892 541 407

11. Your Rights under the GDPR from May 2018

  1. The right to be informed. 
    We meet your rights by providing you with this Privacy Statement.

  2. The right of access.
    You have the right to obtain confirmation that your data is being processed and access to your personal information, also known as Subject Access Rights.

  3. The right of rectification.
    You have the right to update us with any changes to your personal information if it is inaccurate or incomplete.

  4. The right of erasure.
    The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable you to request the deletion or removal of personal data whether there is no compelling reason for its continued processing.

  5. The right to restrict processing.

When processing is restricted, you permit us to store your personal data, but do not allow us to further process it. We can retain just enough information about you to ensure that the restriction is respected in future.

  1. The right to data portability.
    It allows you to obtain and reuse your personal data for your own purposes across different services.  It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.

  2. The right to object.
    You have the right to object to processing on legitimate interests or the performance of a task in the public interest, direct marketing and processing for purposes of scientific or historical research and statistics.

  3. The right to lodge a complaint with a supervisory authority.

The supervisory authority with regards to data protection and privacy is the Information Commissioners Office (ICO).Contact them on or telephone 0303 123 1113.

12. Data Retention

Once you have provided us with your information, we will retain your data as outlined below. The Data Protection Officer is responsible for all records.

This listing does not including external mailing lists which you may join and leave at your leisure.

Record Type

Retention Period

Staff records

6 years after termination

Staff records (H&S)

40 years after termination

Staff records (Pensions)

6 years after scheme end

Company accounts, Finance & VAT records

6 years and current

Money Laundering

5 years

Board meeting minutes & resolutions

10 years

Internal audit records

6 years

Communication records (including enquiries)

12 months from transaction


3 years from transaction

Electronic Waste (WEEE)

4 years from transaction

Record destruction records

6 years after activity

13. Subject Access Request

You have the right to see your personal data as defined under the legislation that we keep about you upon receipt of a written request and payment of a fee of £10 until and including April 2018. Any such requests will be fulfilled free of charge from May 2018.  Any request should be sent to:

Nick Kelly
Afia Ltd
Easistore Room 7F, North Farm Estate, Longfield Road
Tunbridge Wells, Kent, TN2 3EY

We will ask you to verify your identity and will not provide such information until such time as we are satisfied that you have a right to this information.

Information will be provided to you within 30 days unless in exceptionally challenging situations where we may advise you of an extension of up to 60 days.

14. Changes to our privacy statement

This privacy statement may change from time to time in line with legislation, industry changes and internal company developments.  We will not explicitly inform our customers, partners or website users of these changes.

Instead we recommend that you check this page occasionally for any changes to this statement. Specific statement changes and updates are mentioned in the change log below.

Version       Date                   Version Update Detail

1                 07 Nov 2020        Released

Privacy Statement: Text
bottom of page