Our Policies

Our Policies

Bragd is committed to the principle of equal opportunities. The team at Bragd ensures a reasonable and practicable approach to prevent unlawful discrimination of any form.

Bragd will strive to make certain that all staff and trainees are recruited and promoted on the basis of their ability and other objective relevant criteria. We recognise a need to be committed to equality of opportunity for all people and to protect against all forms of discrimination, with particular regard to age, disability, gender, gender reassignment, marriage and civil partnership, pregnancy and maternity, race and ethnicity, religion and belief, sexual orientation or any other unjustifiable factor.

Bragd will scrutinise the recruitment process to ensure that we do not discriminate or discourage applications from any section of the community. We will also ensure that all the team that are part of the recruitment and training process are trained in dealing with any equalities issues. Whilst recognising that individuals may experience disadvantage on more than one level, all staff working within or on behalf of Bragd will:

  • offer services fairly to all people, ensuring that anyone in contact with the organisation is treated with respect, making provision for those groups whose needs and expectations are less well met
  • make this policy known to all learners, apprentices and employers in their handbook
  • ensure all staff and learners are given equal access to suitable and sufficient learning and assessment opportunities. When considering the most appropriate learning and assessment arrangements, each person is treated as an individual who may have a diverse range of needs
  • ensure all team members are trained in this policy during their induction
  • promote this policy on our website and in all learner, client and team handbooks
  • comply with all legislation dealing with discrimination and the promotion of equality, following the codes of practice issued to support this legislation
  • ensure all employment policies procedures, guidelines and circulars reflect and reinforce the company’s commitment to equality
  • encourage disadvantaged groups and individuals to participate
  • make this policy known to all job applicants and organisations
  • periodically review our equal opportunities demographic profile and review this Equal Opportunities policy to ensure commitment throughout Bragd.


Integrity and equality are part of Bragd’s ethos. As such, equality forms part of the framework within which other policies, procedures and practices are implemented.

Bragd acknowledges the duty of care to safeguard and promote the welfare of children and vulnerable adults and is committed to ensuring safeguarding practice reflects statutory responsibilities, government guidance and complies with best practice and legal requirements. The Care Act 2014 defines safeguarding as ‘protecting of an adult’s rights to live in safety, free from abuse and neglect’. It also describes a ‘vulnerable adult’ as someone:

  • over 18
  • who has care or support needs
  • who is experiencing or at risk of experiencing abuse or neglect
  • who, as a result of those care and support needs, is unable to protect themselves from either the risk of, or the experience of, abuse or neglect.

The policy recognises that the welfare and interests of children and vulnerable adults are paramount in all circumstances. It aims to ensure that regardless of age, ability or disability, gender reassignment, race, religion or belief, sex or sexual orientation, socio-economic background, all children and vulnerable adults:

  • have a positive and enjoyable experience in all their interactions with Bragd in a safe and appropriate environment
  • are protected from abuse whilst engaged with any Bragd activity.

We acknowledge that vulnerable adults and some children, including disabled children and young people or those from ethnic minority communities, can be particularly vulnerable to abuse and we accept the responsibility to take reasonable and appropriate steps to ensure their welfare. As part of our safeguarding policy we will:

  • promote and prioritise the safety and wellbeing of children, young people and vulnerable adults
  • ensure all team members are trained in this policy during their induction
  • make this policy known to all staff, learners, apprentices and employers in their handbook
  • ensure everyone understands their roles and responsibilities in respect of safeguarding and is provided with appropriate learning opportunities to recognise, identify and respond to signs of abuse, neglect and other safeguarding concerns relating to children, young people and vulnerable adults
  • ensure appropriate action is taken in the event of incidents/concerns of abuse and support provided to the individual/s who raise or disclose the concern
  • promote this policy on our website and in all learner, client and team handbooks
  • ensure that confidential, detailed and accurate records of all safeguarding concerns are maintained and securely stored
  • prevent the employment/deployment of unsuitable individuals
  • ensure robust safeguarding arrangements and procedures are in operation.

The policy and procedures will be widely promoted and are mandatory for all members of the Bragd team to follow. Failure to comply with the policy and procedures will be addressed without delay and may ultimately result in dismissal/exclusion from the organisation. Further support & guidance can be sought from https://learning.nspcc.org.uk/.

Any disclosures can be made at anytime to any member of the Bragd team. Disclosures can also be made by contacting Bragd directly on 01383 630 444 or by emailing safeguarding@bragd.co.uk.

Six Principles
The six safeguarding principles within the Care Act 2014 were originally produced for the safeguarding of adults but can also be applied to the safeguarding of children. These 6 principles underpin our policy and procedure as follows:

  1. Empowerment: people being supported and encouraged to make their own decisions and give informed consent
  2. Prevention: it is better to take action before harm occurs
  3. Proportionality: the least intrusive response appropriate to the risk presented
  4. Protection: support and representation for those in greatest need
  5. Partnership: local solutions through services working with their communities – communities have a part to play in preventing, detecting and reporting neglect and abuse
  6. Accountability: accountability and transparency in safeguarding practice.

Designated Safeguarding Lead (DSL)
The DSL is the person at Bragd LLP appointed to take the lead responsibility for safeguarding issues. Pam Stirling, as the appointed DSL, is the first point of contact for all staff to go to for advice if they are concerned about a child, young person or vulnerable adult.

Key roles of the DSL include:

  • Being alert and recognising any child, young person or vulnerable adult safeguarding issues
  • Raising and sharing any concerns they may have about a person
  • Recognising when it is appropriate to make a referral to social care and contacting them if necessary
  • Where necessary, contributing to any plans and decisions regarding a child, young person or vulnerable adult
  • Understanding the importance of, and follow safer recruitment procedures
  • Participating in regular training and ensuring that their knowledge is up to date
  • Ensuring other staff members are trained adequately in safeguarding and follow correct procedures
  • Challenging poor safeguarding practice in the workplace
  • Ensuring safeguarding policies and procedures are effective and regularly looked at and updated.

This policy will be reviewed a year after development and then every three years, or in the following circumstances:

  • changes in legislation and/or government guidance
  • as a result of any other significant change or event.

The aim of this policy, in addition to BPO 020 Safeguarding Policy, is to outline our approach to supporting the national ‘Prevent’ Agenda linked to the safeguarding of our learners and staff. This policy is written with reference to the Prevent Duty contained within Section 26 of the Counter Terrorism and Security Act 2015. The Duty states that specified authorities, including schools, in the exercise of their functions must have “due regard to the need to prevent people from being drawn into terrorism”.

Prevent forms one part of the Government’s overall counter terrorism strategy ‘CONTEST’ which is led by the Home Office. ‘CONTEST’ is primarily organised around four key principles or work streams, each with a specific objective:

  • PREVENT: To stop individuals becoming terrorists or supporting terrorism.
  • PURSUE: To disrupt or stop terrorist attacks occurring.
  • PROTECT: To strengthen our borders, infrastructure, buildings and public spaces from a terrorist attack.
  • PREPARE To reduce the impact of an attack if an act of terrorism occurs.

Any student or member of the Bragd team may become concerned that an individual is at risk of being drawn into terrorism. Concerns can be about terrorism, radicalisation and violent extremism, or where individuals are at risk of moving from extremist (albeit legal) groups into terrorist-related activity. Our team and our learners are encouraged to be mindful of conduct by individuals that may indicate that they are at risk of being drawn into terrorism and to act appropriately to balance supporting those individuals with safeguarding others both within the Bragd team and the wider people we engage with.

If anyone has any concerns of this nature, they must not raise these with the individual concerned, they must raise these directly with one of the Partners at Bragd immediately. If there is an immediate threat to any individual or property, the police should be notified by calling 999.

This policy will be reviewed a year after development and then every three years, or in the following circumstances:

  • changes in legislation and/or government guidance
  • as a result of any other significant change or event.

Our Complaints Policy aims to resolve complaints quickly, fairly and effectively.

We will:

  • Aim to put things right quickly for our candidates and clients when they go wrong
  • Keep our candidates and clients informed of the progress of their complaint and the results of any investigation
  • Seek to learn from each complaint to improve future performance
  • Set performance targets for responding to complaints and monitor our performance against these targets
  • Advise our candidates and clients of their right to appeal if they remain dissatisfied after their complaint has been through all stages of the internal complaints procedure.

In order to do this, we will:

  • Inform the candidate and client at any induction, of the Complaints and Appeals Policies and procedures
  • Acknowledged any complaint within two working days of receipt
  • Attempt to resolve complaints to the satisfaction of all parties within ten working days of receipt.
  • Record, track and validate any complaints
  • Keep complaint records for inspection by the awarding body for a minimum of 18 months
  • Monitor complaints to inform quality improvement.

This policy will be reviewed every 12 months.

Our Data Protection Policy sets out our commitment to protecting personal data and how we implement that commitment with regards to the collection and use of personal data. This policy applies to all personal data processed by Bragd LLP. Pam Stirling, as the GDPR Owner shall take responsibility for Bragd’s ongoing compliance with this policy. Any enquiries about data protection shall be referred to the GDPR Owner. This policy shall be reviewed at least annually in line with our BQMS update and review procedure BPR 001. We are registered as Bragd LLP with the Information Commissioner’s Office as a Data Controller. Our registration reference is Z9511826.

This policy applies to personal data processed in a structured file system whether automated or paper-based. This policy applies to all EU citizen personal data pertaining to a natural person that Bragd LLP holds and processes. It also applies to office(s) outside of EU that offer goods, services or monitors behaviour of EU citizens. Generally, transfer of personal data to a non-EEA country is strictly prohibited, unless explicit consent has been sort from the data subject.

Asset Register
Our tool for understanding the infrastructure and data within Bragd LLP.

If the data subject is under the age of 13 then they are classified as a child and parent/guardian consent must be gained before processing, their data (see Safeguarding Policy BPO 020).

Data Controller
The natural person or legal entity which alone or jointly with others, determines the purpose and means of the processing of personal data.

Data Processor
A natural person or legal entity who processes data with the specific authority of the data controller.

Data Flow Map
The process of data flow mapping identifies where all data within Bragd LLP originates, and tracks it on its journey through Bragd to the point at which it is destroyed.

Data Subject
Any living individual whose personal data is processed by Bragd LLP.

Data Subject Consent
Consent can only be regarded as obtained if it is freely given, specific, unambiguous. It should reflect the wishes of the data subject given by clear, affirmative action.

Natural Person
An individual who is alive, does not apply to other legal entities.

Personal Data
Any information referring to an identified or identifiable natural person, an identifiable natural person is someone who can be identified directly or indirectly by reference including:

  • Name
  • ID Number
  • Location data – Address, GPS location, Online location
  • Online Identifier – persistent cookies, RDIF tags, IP address etc.
  • Factors relating to physical, economic, cultural, social identity.

Personal Data Breach
Breach of security leading to accidental or unlawful:

  • Destruction
  • Loss
  • Alteration
  • Unauthorised disclosure
  • Unauthorised access.

This list is non-exhaustive. Please see BPR 042 Data Breach Procedure and also BTR 014 Data Security Breach Register.

Any operation or set of operations including collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consolidation, disclosure by transmission, making available, alignment or combination, restriction, erasure or destruction.

Automated processing intended to evaluate certain personal aspect relating to a natural person to analyse or predict performance at work, economic situation, location, health, personal preference, reliability or behaviour.

Special Category Personal Data
Personal Data that relates to:

  • Beliefs (religious, philosophical, trade union, political)
  • Racial or ethnic origin
  • Health
  • Genetic information
  • Biometric data
  • Sexual activity and orientation.

Policy Statement
The Partners and management of Bragd LLP are committed to compliance will all UK and EU regulations in respect to personal data and the protection of the “rights and freedoms” of the data subject’s information held by Bragd LLP.

This policy applies to all personal data held by Bragd LLP and all processing activities of such data. This policy applies to all employees of Bragd LLP included outsource suppliers. Any breaches of this policy or related policies and procedure will be dealt with using Bragd LLP disciplinary procedures. Sub-contractors and any third parties working with or for Bragd LLP, and who have access to personal data must have read, understood and comply with this policy. (See Contracting Policy BPO 023). Sub-contractors and third parties may only access the personal data held by Bragd LLP after signing a confidentiality agreement (see BFO 048 Non-disclosure Form),

Compliance with the General Data Protection Regulations (GDPR) (as enacted by the Data Protection Act (2018)) is described in this policy and other relevant policies. Pam Stirling, as GDPR Owner is responsible for reviewing the register of processing annually considering changes of processing performed by Bragd LLP

Roles and Responsibilities
Depending on the contract, Bragd LLP can be both a data controller or a processor under the Data Protection Act (2018). The GDPR Owner is responsible for the development and implementation of the GDPR as required by this policy and security and risk management in relation for compliance with this policy. The GDPR Owner has specific responsibilities in respect to Subject Access Requests and complaints, they are also the first point of contact for employees seeking clarification on any aspect of data protection compliance.

Compliance with this policy and the data protection regulations is the responsibility of all employees who process personal data. Employees of Bragd LLP are responsible for ensuring the accuracy of any personal information supplied by them and processed by Bragd LLP.

Data Protection Principles
All personal data processing activities must adhere to the data protection principles, as laid out in Article 5 of the GDPR. All processing must be “fair, lawful and transparent”. These principles are:

Fair- for the processing to be fair, the data controller has to ensure that certain information is made available to the data subjects at the point of collection or if the personal data was collected indirectly (See “Transparent” below).

Lawful – The processing of each piece of personal data must have a lawful basis before processing can begin.

Transparent – Privacy notices describing the purpose of use of the personal data being collected must be given to the data subject when collecting data, this includes:

  • Identity and contact details of the controller
  • Purposes of processing
  • Lawful basis for processing
  • The retention period of the data
  • The rights of the data subject in respect of access, rectification, erasure, restriction and objection
  • The categories of personal data being collected
  • The recipients of the personal data, if applicable
  • Whether the data will be transferred to a third party.

See BPR 040 Privacy Notice Procedure, including the need for date and time of consent, for more details.

Data can only be collected for specific, explicit and legitimate purposes
Bragd LLP will ensure that data is only obtained for specific purposes will not be used for purposes that are different from the purpose for which it was originally obtained.

Personal data must be adequate, relevant and limited for what is necessary for purposes
Bragd LLP will ensure that it will not collect more data than is necessary to perform the processing.

Personal data must be accurate and kept up to date with every effort to erase or rectify without undue delay
Bragd LLP will ensure that stored data must be reviewed and updated as necessary. Data will not be kept unless it is reasonable to assume that it is up to date. The GDPR Owner is responsible for responding to requests for rectification within 1 month of receipt of the request. The GDPR Owner is responsible for ensuring that if data is rectified then all organisations that the data has been past to have been notified of the change.

Personal data must be kept in a form such that the data subject can be identified only as long as is necessary for processing
Personal data will only be kept for the retention period identified and recorded in the Asset Register (see BTR 013 GDPR Asset Register). Once expired, personal data will be securely disposed of as detailed in Asset Register. When personal data is deleted this should be done safely such that the data is irrecoverable. Where personal data is kept beyond the processing date it shall be encrypted and minimised to protect the identity of the data subject. The GDPR Owner must specifically authorise any data retention beyond the retention periods defined in the Asset Register and must ensure that any justification is recorded and is in line with the GDPR (see BTR 013 GDPR Asset Register).

Personal data must be processed in a manner that ensures the appropriate security of the data
The GDPR Owner is will carry out a risk assessment taking into account all of Bragd LLP data security controls and processing procedures (see risk rating section in BTR 013 GDPR Asset Register). The GDPR Owner will assess the risks against the requirements of the company and risks to the data subjects and ensure that the risks are mitigated (including technical controls) and signed off by the Partners. Bragd shall also ensure that personal data is stored securely using modern software that is kept-up-to-date. Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information. Appropriate back-up and disaster recovery solutions are in place.

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, Bragd shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).

General Provisions
The GDPR Owner must be able to demonstrate compliance with the GDPR’s other principles to show accountability and governance; these complement the data protection principles and allows the controller or processor to demonstrate compliance with the data protection principles.

Bragd LLP demonstrate compliance by:

  • Implementing the Data Protection Policy and associated procedures including our BPR 019 Computer Security Procedure and BPR 041 Information Security Procedure
  • Adhering to relevant codes of conduct
  • Implementing appropriate technical and organisation controls to protect the data*
  • Documenting the use and location of personal data in Bragd LLP*
  • Mapping the flows of personal data into and out of Bragd LLP (See BDF documents in our BQMS).

* See BTR 013 GDPR Asset Register.

Data Subject Rights
Bragd LLP has procedures in place to ensure that the data subjects rights are upheld (See BPN 001 Customer Privacy Notice) including:

  • The right to access the personal information held about them, along with the purpose and legal basis for holding the data
  • The right to rectify inaccurate data held about them
  • The right to restrict processing of data if they suspect it is being used unlawfully
  • The right to has data that is held about them erased if there is no other lawful reason to keep it
  • The right to object to data being processed under legitimate interest
  • The right to object to automated profiling using their personal data
  • The right to raise a complaint to the ICO if they feel Bragd LLP has contravened a provision of the GDPR.

If data is corrected, erased or restricted from processing, then all recipients of the data must be informed. Data subjects have the right to complain to Bragd LLP about how their data is being handled, contact for complaints must be made clear at the point of collection of the data.

This Cookie Policy explains how Bragd LLP (‘Company’, ‘we’, ‘us’, and ‘our’) uses cookies and similar technologies to recognize you when you visit our websites at https://www.bragd.co.uk, (‘websites’). It explains what these technologies are and why we use them, as well as your rights to control our use of them. In some cases, we may use cookies to collect personal information, or that becomes personal information if we combine it with other information.

What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

Cookies set by the website owner (in this case, Bragd LLP) are called ‘first party cookies’. Cookies set by parties other than the website owner are called ‘third party cookies’. Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like advertising, interactive content and analytics). The parties that set these third party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.

Why do we use cookies?
We use first and third party cookies for several reasons. Some cookies are required for technical reasons in order for our websites to operate, and we refer to these as ‘essential’ or ‘strictly necessary’ cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Online Properties. Third parties serve cookies through our websites for advertising, analytics and other purposes. This is described in more detail below.

The specific types of first and third party cookies served through our websites and the purposes they perform are described below (please note that the specific cookies served may vary depending on the specific Online Properties you visit).

How can I control cookies?
You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services.

The Cookie Consent Manager can be found in the notification banner and on our website. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of our website may be restricted. You may also set or amend your web browser controls to accept or refuse cookies. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser’s help menu for more information.

In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit http://www.aboutads.info/choices/ or http://www.youronlinechoices.com.

The specific types of first and third party cookies served through our websites and the purposes they perform are described in the table below (please note that the specific cookies served may vary depending on the specific online properties you visit):

Essential website cookies:
These cookies are strictly necessary to provide you with services available through our websites and to use some of its features, such as access to secure areas.

Analytics and customization cookies:
These cookies collect information that is used either in aggregate form to help us understand how our websites are being used or how effective our marketing campaigns are, or to help us customize our websites for you.

What about other tracking technologies, like web beacons?
Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called ‘tracking pixels’ or ‘clear gifs’). These are tiny graphics files that contain a unique identifier that enable us to recognize when someone has visited our websites or opened an e-mail including them. This allows us, for example, to monitor the traffic patterns of users from one page within a website to another, to deliver or communicate with cookies, to understand whether you have come to the website from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of e-mail marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.

Do you use Flash cookies or Local Shared Objects?
Websites may also use so-called ‘Flash Cookies’ (also known as Local Shared Objects or ‘LSOs’) to, among other things, collect and store information about your use of our services, fraud prevention and for other site operations.

If you do not want Flash Cookies stored on your computer, you can adjust the settings of your Flash player to block Flash Cookies storage using the tools contained in the website Storage Settings Panel. You can also control Flash Cookies by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash Cookies (referred to ‘information’ on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash Cookies that are not being delivered by the operator of the page you are on at the time).

Please note that setting the Flash Player to restrict or limit acceptance of Flash Cookies may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with our services or online content.

Do you serve targeted advertising?
Third parties may serve cookies on your computer or mobile device to serve advertising through our websites. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. This can be accomplished by them using cookies or web beacons to collect information about your visits to this and other sites in order to provide relevant advertisements about goods and services of potential interest to you. The information collected through this process does not enable us or them to identify your name, contact details or other details that directly identify you unless you choose to provide these.

We may update this Cookie Policy from time to time in order to reflect, for example, changes to the cookies we use or for other operational, legal or regulatory reasons. Please therefore re-visit this Cookie Policy regularly to stay informed about our use of cookies and related technologies. The date at the top of this Cookie Policy indicates when it was last updated.

Where can I get further information?
If you have any questions about our use of cookies or other technologies, please email us at hello@bragd.co.uk or by post to:

Bragd LLP
Buchan House
Carnegie Campus
Enterprise Way
KY11 8PL