← Back to sign in

Privacy Notice

Last updated 16 June 2026

This notice explains how your personal data is collected and used within AG-HR, the HR automation console operated by Granger & Co. We process personal data in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who we are (data controller)

The data controller is Sydney Food Limited (trading as Granger & Co.), registered office 237–239 Pavilion Road, London SW1X 0BP, company number 7443090.

For any privacy query, or to exercise your rights, contact our data protection lead at privacy@grangerandco.com.

2. The personal data we process

Depending on your role and the task, AG-HR may process:

  • Employee identity and contact details (name, address, email, telephone);
  • Employment records (job title, branch, contract type, dates, line manager, leave);
  • Payroll-related data (salary, hourly rate, pension enrolment);
  • National Insurance numbers and other identifiers;
  • Correspondence received in the HR inbox and letters generated in response;
  • Account and audit data for users of this console (sign-in, actions taken).

3. Why we process it, and our lawful bases

  • Performance of a contract — administering the employment relationship (e.g. issuing HR letters, managing leave and resignations).
  • Legal obligation — meeting employment, tax and record-keeping duties.
  • Legitimate interests — running HR operations efficiently and securely, provided these are not overridden by your rights.

National Insurance numbers and salary are treated as sensitive identifiers, are encrypted at rest, and are accessible only to authorised HR users.

4. AI-assisted drafting

AG-HR uses AI (provided by Anthropic, acting as our processor) to draft HR letters and suggest replies. Drafts are always reviewed and approved by a member of staff before anything is sent — there is no solely automated decision-making that produces legal or similarly significant effects on you.

5. Who we share it with

We share personal data only with service providers acting on our instructions under written agreements — including our cloud hosting, email delivery, HRIS, and AI drafting providers — and with third parties where required by law. We do not sell personal data.

6. International transfers

Some providers process data outside the UK. Where that happens, transfers are protected by appropriate safeguards such as UK adequacy regulations or the International Data Transfer Agreement (IDTA) / Addendum to the EU Standard Contractual Clauses.

7. How long we keep it

Personal data is retained only for as long as necessary for the purposes above and to meet legal and HR record-keeping requirements, after which it is securely deleted or anonymised.

8. Your rights

Under the UK GDPR you have the right to:

  • access a copy of your personal data;
  • have inaccurate data corrected;
  • have data erased, or its processing restricted, in certain circumstances;
  • object to processing based on legitimate interests;
  • data portability where applicable;
  • withdraw consent where processing relies on it.

To exercise any of these, contact privacy@grangerandco.com.

9. Complaints

If you have a concern, please contact us first. You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority, at ico.org.uk or 0303 123 1113.

This notice is provided for demonstration purposes and should be reviewed by your data protection adviser before production use.