Sign in - FortuneVantage

Terms and Conditions

Notice: By accessing and using this system, you acknowledge that you have read, understood, and agree to be bound by all terms and conditions set forth in this document. If you do not agree to these terms, you must immediately cease all use of this system and contact your system administrator.

Terms of Use & Authorized Access

Eligibility & Authorization

This system is the exclusive property of Fortune Foods UK LTD and is intended solely for use by authorized employees of the company. Access to this system is granted on a need-to-know basis and is subject to the following conditions:

You must be a current, active employee of Fortune Foods UK LTD
You must have been granted explicit written or electronic authorization to access this system
Your access must be necessary for the performance of your job duties
You must comply with all company policies, including but not limited to IT security policies, data protection policies, and acceptable use policies
Your authorization may be revoked at any time at the discretion of Fortune Foods UK LTD

Prohibited Activities

The following activities are strictly prohibited and constitute a violation of these terms:

Sharing, disclosing, or transferring your login credentials to any other person, including colleagues, family members, or third parties
Attempting to access data, systems, or functions beyond your authorized scope or permission level
Using the system for any purpose other than legitimate business activities of Fortune Foods UK LTD
Attempting to circumvent security measures, authentication mechanisms, or access controls
Introducing malicious software, viruses, or other harmful code into the system
Modifying, deleting, or tampering with system logs, audit trails, or security records
Unauthorized copying, downloading, or distribution of data or information from the system
Using automated tools, scripts, or bots to access the system without explicit authorization
Reverse engineering, decompiling, or attempting to discover the underlying code or architecture

Consequences of Unauthorized Access

Unauthorized access to this system is strictly prohibited and may result in:

Immediate Termination: Your access to the system will be immediately terminated without notice
Employment Consequences: Violations may result in disciplinary action, up to and including termination of employment
Legal Action: Fortune Foods UK LTD reserves the right to pursue legal action under applicable laws, including but not limited to:
- The Computer Misuse Act 1990 (UK)
- The Data Protection Act 2018
- The General Data Protection Regulation (GDPR)
- Other applicable UK and international laws
Civil and Criminal Penalties: Unauthorized access may result in both civil liability and criminal prosecution
Law Enforcement Reporting: All unauthorized access attempts will be reported to relevant law enforcement authorities, including but not limited to the National Cyber Security Centre (NCSC) and local police
Financial Liability: You may be held financially responsible for any damages, losses, or costs resulting from unauthorized access

User Responsibilities

As an authorized user, you are responsible for:

Maintaining the confidentiality and security of your login credentials
Using strong, unique passwords and changing them regularly as required by company policy
Logging out of the system when not in use, especially on shared or public computers
Reporting any suspected security breaches, unauthorized access attempts, or system vulnerabilities immediately to the IT Security team
Complying with all applicable laws, regulations, and company policies while using the system
Ensuring that any data accessed, processed, or stored through the system is handled in accordance with data protection laws and company policies

Privacy Policy & Data Collection

Fortune Foods UK LTD is committed to protecting your privacy and securing your data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws. This privacy policy provides comprehensive information about what data we collect, why we collect it, how we use it, and your rights regarding this data.

1. Rate Limiting & Security Monitoring

To protect against unauthorized access, brute-force attacks, and ensure system security and availability, we implement comprehensive rate limiting and security monitoring. This system automatically collects and stores the following information for each login attempt:

IP Address: Your Internet Protocol (IP) address is recorded for each login attempt. This includes both IPv4 and IPv6 addresses. IP addresses are used to:
- Identify and prevent abuse, brute-force attacks, and unauthorized access attempts
- Geolocate access attempts for security analysis
- Enforce IP-based access controls and whitelisting
- Track patterns of suspicious activity
Login Attempt Frequency: The number and frequency of login attempts from your IP address are continuously monitored and analyzed
Timestamp: The precise date and time (including timezone) of each login attempt is recorded with millisecond precision
User Agent String: Information about your browser, operating system, and device (e.g., browser type, version, device type) is collected for:
- Security analysis and anomaly detection
- Identifying automated tools and bots
- Compatibility and troubleshooting purposes
Request Headers: Additional HTTP headers may be logged for security analysis, including referrer information and proxy headers

Legal Basis & Purpose: This data collection is necessary for our legitimate interests in:

Preventing automated attacks, brute-force login attempts, and distributed denial-of-service (DDoS) attacks
Identifying and blocking suspicious activity patterns and potential security threats
Enforcing rate limits to protect system availability and prevent system abuse
Investigating security incidents and potential breaches
Complying with legal obligations and regulatory requirements
Protecting the rights and security of all authorized users

2. Comprehensive Audit Logging

All authentication attempts, system access events, and user activities are comprehensively logged in our secure audit system. This includes both successful and failed attempts. The following detailed information is collected and retained:

For All Login Attempts:

Username/Account Identifier: The username or account identifier used in the login attempt (stored in encrypted format)
IP Address: The complete IP address from which the login attempt originated (including source port information where available)
Precise Timestamp: The exact date and time of the login attempt, including timezone information and millisecond precision
Authentication Result: Whether the login attempt was successful, failed, or blocked
Failure Classification: For failed attempts, detailed reason codes including:
- Incorrect password
- Account locked due to excessive failed attempts
- IP address not whitelisted
- Account disabled or suspended
- Session expired or invalid
- Rate limit exceeded
- Other security-related blocks

For Successful Logins:

Session Identifier: Unique session tokens and identifiers for tracking active sessions
Session Duration: Login time, last activity timestamp, and session expiration time
Access Level: User role, permissions, and access scope granted
Initial Access Point: The specific page or function first accessed after login

For Failed Login Attempts:

Failure Reason Code: Detailed classification of why the login failed
Account Status: Whether the account exists, is active, locked, or disabled
Consecutive Failure Count: Number of consecutive failed attempts from the same IP/username combination
Lockout Status: Whether the account or IP was locked as a result of the failed attempt

Legal Basis & Purpose of Audit Logging:

Security & Threat Detection: Continuous security monitoring, threat detection, and early warning of potential security incidents
Incident Investigation: Comprehensive forensic analysis of security incidents, unauthorized access attempts, and system breaches
Regulatory Compliance: Compliance with data protection regulations (UK GDPR, Data Protection Act 2018), industry standards (ISO 27001, SOC 2), and sector-specific requirements
Account Activity Tracking: Monitoring and tracking of authorized user activities for security, compliance, and operational purposes
Forensic Analysis: Detailed investigation capabilities in the event of security breaches, data leaks, or unauthorized access
Legal Obligations: Fulfillment of legal obligations to maintain security records and assist law enforcement when required
Risk Management: Identification and mitigation of security risks and vulnerabilities

3. Data Retention & Storage

Audit log data and security monitoring information are retained in accordance with legal requirements, regulatory obligations, and company data retention policies. Retention periods are determined based on:

Legal Requirements: Minimum retention periods mandated by UK law, including but not limited to:
- Data Protection Act 2018 requirements
- Financial services regulations (if applicable)
- Employment law requirements
- Other sector-specific regulations
Regulatory Compliance: Industry standards and regulatory frameworks such as ISO 27001, GDPR, and sector-specific requirements
Ongoing Investigations: Extended retention for data related to active security investigations or legal proceedings
Company Policy: Internal data retention policies designed to balance security needs with privacy considerations
Operational Requirements: Retention necessary for system operations, troubleshooting, and historical analysis

Typical Retention Periods: While retention periods may vary, typical retention periods include:

Active security monitoring data: 90 days to 1 year
Audit logs: 2 to 7 years (depending on the nature of the data and legal requirements)
Data related to security incidents: Extended retention until investigation and legal proceedings are concluded
Data subject to legal hold: Retained until the legal hold is released

4. Data Security & Protection Measures

Fortune Foods UK LTD employs industry-standard security measures to protect all collected data:

Encryption: All sensitive data, including IP addresses and usernames, is encrypted at rest using AES-256 encryption and in transit using TLS 1.3
Access Controls: Strict access controls ensure that audit logs and security monitoring data are accessible only to:
- Authorized IT Security personnel
- System administrators with appropriate clearance
- Compliance and audit teams
- Law enforcement when legally required
Network Security: Data is stored on secure, isolated networks with multiple layers of firewall protection
Physical Security: Servers and storage systems are housed in secure, access-controlled facilities
Regular Security Audits: Regular security assessments, penetration testing, and vulnerability scanning
Incident Response: Comprehensive incident response procedures in the event of a security breach
Data Backup & Recovery: Regular, encrypted backups with tested recovery procedures

5. Your Data Protection Rights

Under UK GDPR and the Data Protection Act 2018, you have certain rights regarding your personal data. However, please note that:

Right of Access: You have the right to request access to your personal data. However, access to certain security-related data may be restricted to prevent compromising ongoing security investigations or revealing security measures
Right to Rectification: You may request correction of inaccurate personal data, subject to verification and security considerations
Right to Erasure: You may request deletion of your personal data, but this right may be limited when:
- Data retention is required by law or regulatory obligations
- Data is necessary for ongoing security investigations
- Data is required for the establishment, exercise, or defense of legal claims
Right to Restrict Processing: You may request restriction of processing in certain circumstances
Right to Data Portability: Where applicable, you may request transfer of your data
Right to Object: You may object to processing based on legitimate interests, though this may be limited for security purposes

Exercising Your Rights: To exercise any of these rights, please contact:

Email: info@fortunefoods.co.uk

6. Additional Information

Data Sharing: We do not sell, rent, or trade your personal data. Data may be shared only in the following circumstances:

With law enforcement agencies when legally required or in response to valid legal requests
With regulatory authorities for compliance purposes
With trusted service providers who assist in system operations, subject to strict confidentiality agreements
In the event of a business transfer, merger, or acquisition, subject to appropriate safeguards

International Transfers: Data is primarily stored and processed within the United Kingdom. Any international transfers comply with UK GDPR requirements and appropriate safeguards.

Updates to This Policy: This privacy policy may be updated periodically to reflect changes in our practices, legal requirements, or system functionality. Material changes will be communicated to users through appropriate channels.

Important Legal Notice: By proceeding to log in to this system, you explicitly acknowledge and confirm that:

You have read, understood, and agree to be bound by all terms and conditions set forth in this Privacy Policy and Terms of Use document
You understand the data collection practices described herein
You consent to the collection, processing, and retention of your data as described
You are aware of the consequences of unauthorized access or misuse of the system

If you do not agree to these terms, you must immediately cease all attempts to access this system and contact your system administrator.

Contact Information

For questions, concerns, or to exercise your data protection rights regarding this policy, please contact:

Email: info@fortunefoods.co.uk

Last Updated: 31st December 2025
Document Version: 1.0
This policy complies with UK GDPR, Data Protection Act 2018, and applicable UK data protection laws.