Privacy Statement
Our Privacy Notice
Focus 4 U Limited (trading as Focus Group) is committed to protecting your privacy and personal information. This privacy notice explains how we collect, use, and protect your personal data.
Data Controller Details:
- Company Name: Focus 4 U Limited (trading as Focus Group)
- Company Registration: 04771242
- Registered Office: Ham Road, Shoreham-by-Sea, West Sussex, BN43 6PA
- ICO Registration Number: Z1894941
Our Data Protection Officer: Andy Hanson
Email: [email protected]
Telephone: +44 (0) 330 024 2000
Post: Office for Data Protection Compliance, Focus Group, Ham Road, Shoreham-by-Sea, West Sussex, BN43 6PA
Last updated: 22 May 2026
Purpose of This Notice
This privacy notice tells you what to expect when we collect and use personal information about you. It applies to:
- Visitors to our website
- Customers and prospective customers
- Suppliers and business contacts
- Job applicants
If you are an employee or contractor, a separate privacy notice applies to you, which can be found on our internal systems.
What Personal Data We Collect
We collect and process the following categories of personal data:
Identity and Contact Information
- Name
- Job title and position
- Business email address and personal email address (where provided)
- Business telephone number and personal telephone number (where provided)
- Business postal address
- Company name and details
Technical Information
- IP address
- Browser type and version
- Device information
- Location data (derived from IP address)
- Website usage data and browsing patterns
- Cookies and similar technologies (see our Cookie Notice for details)
Transactional Information
- Details of products and services you have purchased or enquired about
- Payment and billing information
- Contract details and service records
- Support tickets and correspondence
Communications and Correspondence
- Records of phone calls (where recorded for training and quality purposes)
- Email correspondence
- Live chat transcripts
- Feedback and survey responses
- Marketing preferences
Physical Access Information (where applicable)
- CCTV images (when you visit our premises)
- Visitor log information
- Access control records
Recruitment Information (job applicants only)
- CV and application details
- Qualifications and employment history
- References
- Interview notes
- Right to work documentation
We do not intentionally collect special category data (such as information about your health, racial or ethnic origin, religious or philosophical beliefs, trade union membership, genetic or biometric data, sex life or sexual orientation) unless there is a specific and lawful reason to do so. Where we do, we will rely on a condition for processing (most commonly your explicit consent, processing necessary for the establishment, exercise or defence of legal claims, or processing necessary for reasons of substantial public interest with a basis in law) and we will let you know which condition applies at the point of collection. [We will only process information about criminal convictions and offences where we have a lawful basis [(for example, in connection with right-to-work or vetting checks for certain roles).]
How We Collect Your Personal Data
We collect personal data in the following ways:
Directly From You
- When you fill in forms on our website (contact forms, newsletter sign-ups, quote requests)
- When you contact us by phone, email, webchat, or post
- When you create an account or purchase our services
- When you attend our premises
- When you apply for a job with us
- When you respond to surveys or provide feedback
Automatically
- Through cookies and similar technologies when you visit our website (see our Cookie Notice)
- Through analytics tools that collect website usage data
- Through our IT systems that record telephone calls for training and quality purposes
From Third Parties
- From our business partners or resellers (when they refer you to us)
- From publicly available sources (such as Companies House or LinkedIn)
- From credit reference agencies (for business credit checks)
- From recruitment agencies (for job applicants) background screening providers and referees you have nominated
How and Why We Use Your Personal Data
Under certain data protection laws, we can only process your personal data if we have a lawful basis, this is generally because:
- you have given consent (“consent”);
- it is necessary for the performance of a contract with you or to take steps at your request before entering into a contract (“contract”);
- the processing is necessary for compliance with a legal obligation which we are subject to (“legal obligation”); or
- it is in our legitimate interests or those of a third party (e.g. an acquired company) (“legitimate interests”).
To the extent required by law, we will only process Special Category Personal Data where a further lawful basis is also met. Usually this will mean:
- that the processing is legally required under employment or health & safety law (“legal obligation”); or
- where there is a substantial public interest (“substantial public interest”); or
- where you have provided explicit consent (“explicit consent”).
The nature of your interaction with us will determine how we will process your personal data. The purposes and lawful bases (to the extent required by applicable data protection laws) for which we process your personal data are set out in the tables below:
A. Visitors to and users of our Sites and services
B. Individuals we interact with for marketing purposes
C. Visitors to our offices for events
D. Representatives of our consultants, advisers, business partners, suppliers or other counterparties
E. Representatives (e.g. business owners, entrepreneurial leaders, employees) of our acquired companies or prospective acquired companies
F. Recruitment candidates (for roles, including consulting roles, in Focus Group or our acquired companies)
G. For all visitors, users, representatives, consultants, advisers, business partners, suppliers, acquisition company employees or prospective employees or other counterparties
A. Visitors to and users of our Sites and services
Purpose of Processing |
Category of Personal Data |
Lawful Basis |
|---|---|---|
1.To operate and maintain our Sites and improve our sites and services |
Identity/Contact data Services data Usage data |
Where your consent is required by applicable laws; Or, in all other cases, where it is in our/a third party’s legitimate interests to process such data in order for Focus to operate its Sites, platform services, and business, such as (i) for IT operations; (ii) IT security and maintenance, and systems controls; (iii) to be efficient so we can deliver the best service to you; (vi) to place cookies or similar technologies on our webpages in order to track users as set out in our Cookie Notice where consent is not required. |
2.To respond to comments and questions and provide services. |
Identity/Contact data Services data Professional information |
Where it is in our legitimate interests to process such data in order to provide the expected service, including to send technical notices, updates, security alerts, and support and administrative messages. |
B. Individuals we interact with for marketing purposes
Purpose of Processing |
Category of Personal Data |
Lawful Basis |
|---|---|---|
1.To market to you (either directly or with the support and assistance of third parties) |
Identity/Contact data Professional information |
Where you have provided consent; Or, in all other cases, where it is in our/a third party’s legitimate interests to process such data in order to market to you and provide information about our businesses. |
C. Visitors to our offices and for events
Purpose of Processing |
Category of Personal Data |
Lawful Basis |
|---|---|---|
1.To register your attendance at our offices or events (including training, hangouts, forums, webinars, conferences), whether online or in person), to book accommodation, and to otherwise manage such visits, and events |
Identity/Contact data Professional information Services data Health information |
To comply with our legal obligations, including to comply with any applicable health and safety obligations; Where we have your consent/explicit consent; Or, in all other cases, where it is in our legitimate interests such as (i) to ensure safety and security in our offices, (ii) to provide the expected service, and (iii) to manage the event. |
2.For safety and security |
Physical access data |
Where it is in our/a third party’s legitimate interests to ensure safety and security in our offices or at our events. |
D. Representatives of our consultants, advisers, business partners, suppliers or other counterparties
Purpose of Processing |
Category of personal data |
Lawful Basis |
|---|---|---|
1.To conduct business with you/the business you represent and otherwise maintain our business relationships |
Identity/Contact data Professional information |
Where it is in our legitimate interests such as to (i) to contact you; (ii) to manage our relationship. |
2.To invoice you or pay you |
Identity/Contact data Bank account information |
In order to perform our obligations under our contract (with you or the entity you represent); Or, in all other cases, where it is in our legitimate interests to manage our relationship. |
E. Representatives (e.g. business owners, entrepreneurial leaders, employees) of our acquired companies or prospective acquired companies
Purpose of Processing |
Category of personal data |
Lawful Basis |
|---|---|---|
1.To consider prospective investment/divestment opportunities for Focus Group or acquired companies and to conduct due diligence |
Identity/Contact data Professional information Background check information Interview information Publicly available information |
In order to perform our obligations under our contract (with you or the entity you represent); Where we are under a legal obligation (e.g. for AML/KYC purposes); Or, in all other cases, where it is in our/a third party’s legitimate interests as part of a decision-making exercise whether to invest in/buy/sell a company (whether within or outside Focus Group or acquired companies). |
2.To conduct business with you/the business you represent, to otherwise maintain our business relationships, including for management purposes and value creation purposes e.g. networking and knowledge sharing |
Identity/Contact data Professional information Publicly available information |
Where it is in our/a third party’s legitimate interests such as (i) to contact you; and (ii) to manage our relationship; (iii) to identify potential sales leads or investment opportunities. |
3.To pay director fees and other transaction related fees |
Identity/Contact data Bank account information |
In order to perform our obligations under our contract (with you or the entity you represent). |
4.For reporting purposes, e.g. for ESG monitoring (where possible aggregated and anonymised data is used) |
Identity/Contact data Professional information |
Where it is in our legitimate interests such as (i) to manage our relationship; and (ii) for internal and external reporting purposes. |
F. Recruitment candidates (for roles, including consulting roles, in Focus Group or our acquired companies)
Purpose of Processing |
Category of personal data |
Lawful Basis |
|---|---|---|
1.To assess your skills, qualifications, and suitability for the role |
Identity/Contact data Professional information Interview information |
In order to take preparatory steps before entering into a contract with you; Or, in all other cases, where it is in our/a third party’s legitimate interests in order to assess your suitability for a role. |
2.To carry out background and reference checks, where applicable |
Identity/Contact data Background check information Criminal conviction information Publicly available information |
In order to take preparatory steps before entering into a contract with you; Where you have provided consent/explicit consent; Where there is a legal obligation (employment-related); Where it is in the substantial public interest (e.g. for preventing or detecting unlawful acts or regulatory requirements); Or, in all other cases, where it is in our/a third party’s legitimate interests in order to (i) assess your suitability for a role, including those roles that require a high degree and trust and integrity); (ii) for security and prevention of fraud and crime purposes. |
3.To communicate with you about the recruitment process |
Identity/Contact data |
Where it is in our/a third party’s legitimate interests so that we can engage with you where appropriate as part of the recruitment exercise/s. |
4.To keep records related to our hiring processes and for other administrative and management purposes |
Identity/Contact data Background check information Professional information Interview information |
Where it is in our/a third party’s legitimate interests so that we have information available in relation to the recruitment process. |
5.To contact you about potential roles you may be interested in, either at Focus Group or in one of our acquired companies. |
Identity/Contact data Professional information |
Where we have your consent or where it is in our/a third party’s legitimate interests. |
6.To provide accommodations/adjustments to your during recruitment |
Health information |
To comply with our employment related legal obligations. |
7.For equal opportunity monitoring and reporting |
Diversity Information |
Where there is a legal obligation (employment-related), or where you have provided consent/explicit consent unless such information is collected on an aggregated and anonymous basis. |
G. For all visitors, users, representatives, consultants, advisers, business partners, suppliers, acquisition company employees or prospective acquisition employees or other counterparties
Purpose of Processing |
Category of Personal Data |
Lawful Basis |
|---|---|---|
1.To meet current or future legal and regulatory obligations. |
Identity/Contact data Services data Professional information Background check information |
To comply with our legal obligations; Or, in all other cases, where it is in our/a third party’s legitimate interests to protect and enhance our business and operations, including (i) to comply with applicable regulations and guidance as well as internal policies and procedures; (ii) for audit purposes and quality checks, and (iii) to respond to requests from legal, regulatory, judicial, administrative, governmental and other official bodies. |
2.To share with third parties as further outlined below |
Identity/Contact data Services data Professional information |
To comply with our legal obligations; Or, in all other cases, where it is in our/a third party’s legitimate interests to operate our business and provide relevant services in the expected manner and to support the other purposes as set out in these tables. |
3.To protect our rights, including initiating and defending claims, protect, investigate, and deter against fraudulent, unauthorised, or illegal activity. |
Identity/Contact data Services data Professional information |
Where it is in our/a third party’s legitimate interests to protect our business including by: (i) collecting amounts from you; (ii) enforcing our legal rights; (iii) initiating claims; (iv) defending claims; (v) preventing and detecting crime, fraud and other abuses; (vi) investigating and attending to enquiries; and (vii) creating and maintaining our risk related models. |
4.In case of sale, merger, reorganisation, restructuring, investment or similar |
Identity/Contact data Services data Professional information |
Where it is in our/a third party’s legitimate interests to manage and develop our business by enabling corporate transactions. Such transactions may require the provision of your personal data to actual or potential buyers, investors, merger entities, or assignees of our business or assets. Such data provision may also occur to allow such parties to evaluate or complete the corporate transaction. |
In general, we will not conduct any processing activities relating to your personal data that involves any automated decision-making (including profiling). Typically, there is always human involvement. However, where we make a decision or profile through automated means, then we will put systems in place that comply with applicable laws.
Failure to provide us with the relevant personal data, in cases where you are legally or contractually required to provide it, may result in our being unable to hold up our end of the contract or meet legal requirements. We will inform you should this be the case.
Purpose |
Data Categories Used |
Legal Basis |
Additional Information |
|---|---|---|---|
To Provide Our Services - Deliver telecommunications, IT services, and support that you have requested or purchased |
Identity, contact, transactional, communications data |
Performance of contract (where you are a customer), Legitimate interests |
To respond to enquiries and provide support |
Customer Service and Support - Handle your enquiries, provide technical support, and resolve issues |
Identity, contact, communications, transactional data |
Performance of contract Legitimate interests |
To provide good customer service and maintain customer relationships |
Marketing Communications - Send you information about our products, services, and industry news |
Identity, contact, communications preferences |
Consent (for electronic marketing to individuals) Legitimate interests (for business-to-business marketing where consent is not required) |
You can opt out of marketing at any time using the unsubscribe link in our emails or by contacting us |
Website Improvement and Analytics - Understand how our website is used, improve user experience, and optimise our services |
Technical information, website usage data |
Legitimate interests (to improve our website and services) Consent (for non-essential cookies) |
See our Cookie Notice for more details |
Business Administration - Manage our business operations, including accounting, billing, and contract management |
Identity, contact, transactional data |
Performance of contract (where you are a customer), legal obligation (for tax and accounting requirements) Legitimate interests (for internal business administration) |
|
Security and Fraud Prevention - Protect our systems, detect and prevent fraud, and ensure network security |
Technical information, CCTV images, access logs |
Legitimate interests (to protect our business and customers) Legal obligation (under network and information systems regulations) |
|
Legal Compliance - Comply with regulatory obligations, respond to legal requests, and enforce our terms |
Any relevant personal data |
Legitimate interests (to enforce our rights and comply with regulations) |
|
Recruitment - Assess job applications, conduct interviews, and manage the hiring process |
Recruitment information |
Legitimate interests (to recruit suitable employees) Performance of contract (when entering into employment) Legal obligation (for right to work checks) |
Unsuccessful applicants' data is retained for 12 months after the recruitment process concludes, unless you consent to remain in our talent pool for longer |
Sharing Your Personal Data
We share your personal data with the following categories of recipients:
Focus Group Companies
We may share your data with other companies within the Focus Group companies for the purposes set out in this notice, including service delivery, billing, and customer support.
For a full list of Focus Group entities, please contact our DPO.
Service Providers (Data Processors)
We engage third-party service providers who process personal data on our behalf, including:
- IT, AI and cloud service providers (Microsoft Azure, Microsoft 365, hosting providers)
- Telecommunications carriers and network providers
- Security and monitoring services (CrowdStrike, eSentire)
- Customer relationship management systems
- Payment processors and financial services
- Marketing and communications platforms
These service providers are contractually obligated to process data only in accordance with our instructions and to maintain appropriate security measures.
Regulatory and Legal Authorities
We disclose your data to regulatory and legal authorities when required by law or necessary to comply with our regulatory obligations, including:
- Ofcom and other telecommunications regulators
- ICO and other data protection authorities
- Law enforcement agencies
- Courts and tribunals
- HMRC and other tax authorities
Business Transfers
If we sell, merge, or reorganise our business, your personal data may be transferred to the new owner, subject to appropriate safeguards.
Other Third Parties
We may also share your personal data with other third parties such as:
- Credit reference agencies (for business credit checks before entering contracts)
- Fraud prevention agencies (to prevent and detect fraud as part of our security measures)
- Business partners (where you have engaged with us through a partner or reseller)
- Professional advisers, including lawyers, accountants, auditors (where this is necessary to obtain legal or professional advice, manage accounting and audit requirements, comply with legal or regulatory obligations, support corporate governance, or establish, exercise or defend legal claims).
These disclosures are based on our legitimate interests in protecting our business and customers from fraud, financial risk and legal risk, managing our business responsibly, obtaining professional advice, and supporting compliance and governance. Where relevant, disclosures to professional advisers may also be necessary for compliance with a legal obligation or in connection with the establishment, exercise or defence of legal claims.
Some of the third-party recipients are data controllers, as they decide the purpose and means of processing personal data about you. In such cases their data protection notices will apply to the processing of your personal data too.
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.
International Transfers
Certain of the third-party recipients are located outside of the UK or operate global infrastructure that may involve processing data in multiple locations outside of the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards are implemented. Usually this will mean:
- We will transfer your personal data to a country that has been deemed to provide an adequate level of protection for personal data by the ICO or other applicable regulator.
- We may use specific contracts approved by the relevant authorities which give your personal data the same protection it has in the UK, e.g. Standard Contractual Clauses and UK Addendum or UK International Data Transfer Agreement, together with a transfer impact assessment where required.
- We may rely upon the UK adequacy regulations made by the Secretary of State (for example for the EEA and the UK Extension to the EU-US Data Privacy Framework).
You can obtain a copy of the safeguards relied on for a particular transfer, or further details of the countries to which personal data is transferred, by contacting our Data Protection Officer.
How Long We Keep Your Personal Data
We retain your personal data only for as long as necessary for the purposes set out in this notice. Specific retention periods include:
We endeavour not to keep personal data in a form that allows an individual to be identified for any longer than is reasonably necessary for achieving permitted purposes. To determine the appropriate retention period for personal data, we consider the volume, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process personal data, whether we can achieve those purposes through other means, and the applicable legal and/or regulatory requirements.
In determining the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, whether we can achieve those purposes by other means, and applicable legal, accounting or regulatory requirements. After the retention period expires, we securely delete or anonymise your personal data. Anonymised data may be retained indefinitely for statistical and research purposes.
Cookies and Similar Technologies
Our website uses cookies and similar technologies. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Notice.
CCTV Surveillance
Focus Group operates CCTV systems at our premises to prevent and detect crime, protect staff, customers and visitors, and safeguard company property.
What we collect: Visual images (no audio) of individuals in monitored areas, including date, time and location stamps.
Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR) - we have assessed that our use of CCTV is necessary and proportionate and does not override individual rights and freedoms.
Camera locations: External entrances/exits, car parks, reception areas, and internal corridors. Cameras are not used in private areas such as toilets or changing rooms. Clear signage is displayed in all monitored areas.
Retention: Footage is automatically deleted after 30 days unless required for legal proceedings, ongoing investigations, or other lawful purposes.
Sharing: We may share footage with police, legal advisors, insurers, or CCTV system maintenance providers where lawfully required.
Your rights: You can request access to footage containing your image, object to processing, or exercise other data protection rights. Contact our Data Protection Officer at [email protected].
Your Rights
Under UK GDPR, depending on the situation, you may have the following rights regarding your personal data:
Your Rights |
Your Requests |
|---|---|
Right of access |
You can request a copy of the personal data we hold about you (Subject Access Request). |
Right to rectification |
You can ask us to correct inaccurate or incomplete personal data. |
Right to erasure |
You can request deletion of your personal data in certain circumstances, such as:
|
Right to restrict processing |
You can ask us to restrict processing in certain circumstances, such as when you contest the accuracy of the data. |
Right to data portability |
You can request a copy of your personal data in a structured, commonly used, machine-readable format and ask us to transfer it to another controller (where technically feasible). |
Right to object |
You can object to:
|
Rights related to automated decision making |
UK GDPR gives you the right not to be subject to solely automated decisions that would:
We do not make solely automated decisions that would affect your legal rights or similarly significantly impact you. While we may use AI and automated systems for various purposes, (see How and Why We Use Your Personal Data) all significant decisions - such as contract approval, service termination, or credit decisions - involve human review and judgement |
Right to Withdraw Consent |
Where we rely on consent as our legal basis, you can withdraw consent at any time. This won't affect the lawfulness of processing before withdrawal. |
How to exercise your rights: |
To exercise any of these rights, contact our Data Protection Officer ([email protected]). We will respond to your request within one month, though this may be extended by two further months for complex requests. We will keep you informed of any extension. We may need to verify your identity before processing your request. We will not charge a fee for processing requests unless they are manifestly unfounded, or excessive, in which case we may charge a reasonable fee or refuse to act on the request. |
Links to Other Websites
Our website may contain links to third-party websites, including our partners and affiliates. We are not responsible for the privacy practices of these external sites. We recommend reviewing their privacy notices before providing any personal data.
Changes to This Privacy Notice
We may update this privacy notice from time to time to reflect changes in our practices, legal requirements, or services. Significant changes will be communicated via our website, and where appropriate, by email.
The "Last updated" date at the top of this notice shows when it was last revised.
How to Complain
If you have concerns about how we handle your personal data, please contact our Data Protection Officer first using the details above. We will investigate and respond to your complaint.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority:
Information Commissioner's Office
- Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Telephone: 0303 123 1113
- Website: www.ico.org.uk
We would appreciate the opportunity to address your concerns before you contact the ICO, but you have the right to contact them at any time and approaching us first is not a condition of exercising that right.
