PRIVACY NOTICE & DATA PROTECTION
Hoist Hire Services Ltd [“The Company”] is committed to maintaining the accuracy, confidentiality and security of the personal information for individuals whose data we process as part of doing business.
This Privacy Notice describes what personal information the company collects from or about each individual, how it is used, why it is used and to whom it may be disclosed.
It applies to all individuals such as Employees, Customers, Suppliers, Third-Party sources and the general public who may come into contact with the company.
We gather and use certain information about individuals to conduct our business effectively.
This Privacy Notice may be updated from time to time. This Privacy Notice is effective from 14 May 2019.
The company is committed to processing all data in accordance with its responsibilities under the Data Protection Act 2018 [DPA 2018] and the Generation Data Protection Regulation [GDPR]. The DPA 2018 and GDPR requires that any personal data held shall follow the rules called ‘data protection principles’. Personal data shall be;
- processed fairly, lawfully, and in a transparent manner in relation to individuals;
- obtained and processed only for specified and lawful purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- accurate and kept up to date;
- held securely and kept for no longer than necessary;
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage; and
- not transferred to a country outside the European Economic Area unless there is an adequate level of data protection in that country.
If you have any questions about this notice, please email firstname.lastname@example.org or write to: Data Protection Officer, Hoist Hire Services Ltd, Mardle Way, Buckfastleigh, Devon, TQ11 ONR.
How we obtain information about you
For all individuals we may collect:
- If you contact us directly via our website, email or telephone to request information about our products and services.
- If you procure a service directly from us.
- If, with your permission where necessary, your contact details are passed to us by a Partner or other third party.
- When you report a problem with our website.
- When you contact us or we contact you, we may keep a record of that correspondence (e.g. telephone calls and written communication).
- We may ask you to complete surveys that we use for research purposes.
- From third party suppliers with whom we have a contract to supply services.
- If we acquired your personal data from other sources (such as private companies or institutions, public registers, social media sites) with your permission.
For individuals who work on behalf of the company:
- We collect personal information about applicants, employees and workers through the application and recruitment process, either directly from candidates or sometimes from an employment agency.
- We may sometimes collect additional information from third parties including former employers, referees, credit reference agencies or other background check agencies.
- In addition, we will collect additional personal information in the course of job-related activities throughout the period of you working forus.
- If you operate a company vehicle.
If you are under 16 please do not provide us with any of your information unless you have the permission of your parent or guardian.
Please help us to keep your information up to date by informing us of any changes to your contact details.
You may request a change to your personal information by emailing us at email@example.com.
What information we gather from you
For all individuals we may collect:
- Name and job title.
- Contact information including email address and phone number.
- Demographic information, such as postcode, preferences and interests.
- Home address contact details for the purpose of sending postal communications.
- Information you provide us about your interests.
- Information relating to purchases and services, including complaints and claim.
For individuals who work on behalf of the company:
- We may collect, store and use various categories of personal information about you such as your personal details, emergency contact information, recruitment information, employment records, payment details, performance information, disciplinary and grievance information and information about your use of our IT and communications systems.
- We may also collect, store and use “special categories” of more sensitive personal information such as information about your race or ethnicity, religious beliefs and sexual orientation, your health and about any criminal convictions and offences.
How we use this information
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances;
- where we need to perform the contract we have entered into with you;
- where we need to comply with a legal obligation; and
- where it is necessary for our legitimate interests (or those of a third party), apart from where your interests, freedoms or fundamental rights override those interests.
We may also use your personal information in the following situations, which are likely to be rare;
- where we need to protect your interests (or someone else’s interests); and
- where it is needed in the public interest.
Collecting this data helps us operate our business effectively and offer improved client and employee
Below are some specific examples of how your data might be used.
For all individuals:
- For our own internal records.
- To carry out our obligations arising from any contracts entered by you, your company and us.
- To contact you in response to a specific enquiry.
- To seek your views or comments on the services we provide.
- To notify you of changes to our services.
- To customise and secure our IT services.
- To contact you with information about company updates, services, and other things we think might be relevant to you.
For individuals working on behalf of the company:
- Making a decision about your recruitment, appointment and potential promotions.
- Conducting performance reviews, managing performance and determining performance requirements.
- Making decisions about pay reviews.
- Gathering evidence for possible grievance or disciplinary hearings.
- Dealing with legal proceedings involving you, or other employees, workers and contractors, including accidents at work.
- Ascertaining your fitness to work.
- Managing sickness absence.
- Complying with health and safety obligations.
- To prevent fraud.
- To monitor your use of our IT and communication systems to ensure compliance with our IT policies.
- For equal opportunities monitoring.
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider we need to use it for another reason and that reason is compatible with the original purpose.
Controlling information about you
We will never share your personal information to third parties unless we have your permission or the law requires us to.
Third Party Service Providers working on our behalf: We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes.
Please be reassured that we will not release your information to third parties for them to use for their own purposes, unless you have requested us to do so or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
Any personal information we hold about you is stored and processed under our data protection policy, in line with the GDPR.
To prevent unauthorised disclosure or access to your information, we have implemented physical and electronic security safeguards. When you give us personal information the Company shall ensure;
- steps are taken to ensure that it’s treated securely, both in locked paper filing systems and through secure electronic records through a layer of password security whilst using modern software that is kept-up-to-date;
- access is limited to personnel who need access and appropriate security will be in place toavoid unauthorised access or sharing of information;
- any deletion of personal data is done safely such that the data is irrecoverable; and
- appropriate back-up and disaster recovery solutions are in place.
Where we have given you (or where you have chosen) a password which enables you to access company IT services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We also take necessary steps to ensure we work with all personal data in line with the GDPR.
Under certain circumstances, you have the right to review, verify, correct or request erasure of your personal information, object to the processing of it, or request that we transfer a copy of your personal information to another party.
However, if you fail to provide certain information when requested, or object to its processing, we may not be able to perform the contract we have entered into with you (such as paying you or providing a service / benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our staff).
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) (the UK supervisory authority for data protection issues) on individual’s rights under the GDPR. If you would like to exercise any of those rights or have any queries in relation to your personal information, please email us on firstname.lastname@example.org or write to: Data Protection Officer, Hoist Hire Services Ltd, Mardle Way, Buckfastleigh, Devon, TQ11 ONR.
If you are unsatisfied with our response to any data protection issues you raise with us, you have the right to make a complaint to the ICO.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the Company shall promptly assess the risk to employee’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).
Policy Dated 14/05/19