Privacy Policy

1. Who We Are & Scope

The Barns Group is a holding company for multiple trading brands, including ISCC Ltd, Procure.ac, Bidiful, Ace Advice, Dovetail, and Accredit (collectively “our brands”).

This policy covers all brands and the data practices across them unless a specific brand has its own supplemental privacy policy, in which case that policy will override or supplement this one for that brand.

​

2. What Personal Data We Collect

​

We may collect and process the following categories of personal data:

• Contact information: name, email address, postal address, telephone number

• Account information: username, password, role/organisation

• Business / workplace data: company name, job title, department

• Usage & technical data: IP address, browser type, device, operating system, pages visited, time & date of visits

• Transactional data: invoices, payments, purchase history

• Communications data: emails, support requests, messages

• Third-party / public data: e.g. business directories, social media public profiles

• Sensitive data (where necessary): only where required and with explicit consent (for example, DBS / background check data managed by Accredit)

 

We collect data when you:

• Register or create an account

• Use our websites or platforms

• Subscribe to newsletters or marketing

• Submit forms or make enquiries

• Engage in contracts or service delivery

• Interact with our customer support team

 

3. How & Why We Use Your Data

We use personal data for several key purposes, each supported by a lawful basis for processing and a specific retention period:

• To provide, operate, and maintain our services — we use account, usage, and transactional data.
  Legal basis: contractual necessity.
  Retention: for as long as the account is active or as required by law.

• For customer support and communications — we use contact and communications data.
  Legal basis: legitimate interest and contract.
  Retention: up to 6 years, or longer if required by law.

• For marketing and newsletters — we use contact data.
  Legal basis: consent (opt-in).
  Retention: until consent is withdrawn or up to 3 years.

• For billing, invoicing, and accounting purposes — we use transactional, business, and contact data.
  Legal basis: contractual and legal obligation.
  Retention: 7 years in accordance with tax and accounting regulations.

• For compliance, fraud detection, and security — we use all relevant data necessary to meet legal or security requirements.
  Legal basis: legal obligation and legitimate interest.
  Retention: up to 6 years or longer if legally required.

• For accreditation and vetting processes (Accredit) — we may use sensitive data such as DBS and background checks.
  Legal basis: explicit consent and legitimate interest.
  Retention: for as long as necessary to meet accreditation requirements and statutory rules.

​

4. How We Share / Disclose Data

We may share your data with:

• Service providers / subcontractors (hosting, payment processors, email & marketing software)

• Other brands within The Barns Group (for service delivery, support, analytics)

• Regulators, law enforcement, compliance bodies (if required by law)

• Professional advisers / auditors

• Prospective purchasers or during business restructures — subject to confidentiality

• Third parties only where you have consent (e.g. marketing partners we introduce)

All data recipients are required to maintain appropriate security and confidentiality standards.

 

5. Cookies, Tracking & Analytics

Our websites use cookies, web beacons, and tracking technologies to:

• Remember your preferences

• Analyse site usage and improve performance

• Serve relevant content and marketing

You can manage cookie preferences via our cookie banner or browser settings. Some cookies are essential for the site to function; others (analytics or marketing) are optional.

We may use tools such as Google Analytics, Hotjar, or similar platforms with IP anonymisation where possible.

 

6. Your Rights (UK GDPR)

Under UK data protection law, you have the right to:

• Access your personal data

• Rectify inaccurate or incomplete data

• Request erasure (“right to be forgotten”)

• Restrict or object to processing

• Withdraw consent (for marketing)

• Request portability of your data

• Lodge a complaint with the UK Information Commissioner’s Office (ICO)

To exercise your rights, contact us at hello@thebarnsgroup.com. We may request proof of identity to process your request.

 

7. Security & Data Protection

We implement robust technical and organisational measures to protect personal data, including:

• Encryption (SSL / TLS)

• Access controls and user permissions

• Secure data centres and servers

• Regular security testing and audits

• Staff training and clear internal policies

No system is 100% secure, but we work to the highest standards to safeguard your information.

 

8. Data Transfers Outside the UK / EEA

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses

• UK adequacy decisions

• Encryption and anonymisation measures

We only transfer data to countries with adequate privacy protections or under legally recognised transfer mechanisms.

 

9. Retention & Deletion

We retain personal data only as long as necessary to fulfil the purposes outlined in this policy or to meet legal, regulatory, or tax obligations. Once data is no longer needed, it is securely deleted or anonymised.

 

10. Children & Minors

Our services are not intended for children under the age of 16. We do not knowingly collect personal data from minors without parental consent.

 

11. Updates to This Policy

We may update this Privacy Policy periodically. If we make significant changes, we will notify you through our website or by email. The “Last updated” date at the top of this page reflects the latest version.

 

12. Contact Us

If you have any questions or concerns about this Privacy Policy or how we handle your personal data, please contact:

Data Protection Lead
The Barns Group
Email: hello@thebarnsgroup.com