Privacy Policy

Elddis Transport (Consett) Limited

Privacy Policy (Customer, Supplier, Visitor and Website Visitor’s Data)

Contents

Clause Page
1. About this document 1
2. What information do we collect about you? 1
3. How we collect your personal information 2
4. Why we collect personal information about you and how we use that information 3
5. Ensuring your personal information is accurate 7
6. Retaining your personal information 7
7. What rights do you have in respect of your personal information? 8
8. How we keep your data secure 10
9. Providing information to third parties 10
10. Transferring your personal information outside the United Kingdom 11
11. Breaches of data protection laws 11
12. Right to lodge a complaint 12

1. About this document

1.1. Your personal privacy is of great importance to us. We will only use your personal information in accordance with this privacy policy (“Policy”).

1.2. By using our website, purchasing our goods, providing or selling us good or services, or visiting our site, you’re agreeing to be bound by this Policy. You should read this privacy policy carefully so that you understand how we will handle your personal information.

1.3. During the course of our activities we, Elddis Transport (Consett) Limited of Delves Lane, Consett, Co Durham, DH8 7LH, will process personal information (which may be held on paper, electronically, or otherwise) about our customers, website users, visitors and suppliers, and we recognise the need to treat it in an appropriate and lawful manner, in accordance with the UK’s General Data Protection Regulation (“UK GDPR”). The purpose of this privacy policy is to explain to you how we will handle your personal information.

1.4. The board of directors (“Board”) has overall responsibility for the effective operation of this policy. The Board has delegated responsibility for overseeing its implementation to Wayne White, Business Operations Manager. If you have any questions regarding this Policy you can contact our data protection team at dataprotection@elddis.net

1.5. We are registered with the Information Commissioner’s Office under registration number Z2592154.

1.6. This policy is provided in a layered format so you can click through to the specific areas you’re interested in set out below.

[What information do we collect about you?]

[How we collect your personal information]

[Why we collect personal information about you and how we use that information]

[Ensuring your personal information is accurate]

[Retaining your personal information]

[What rights do you have in respect of your personal information?]

[How we keep your personal information secure]

[Providing information to us]

[Providing information to third parties]

[Breaches of data protection laws]

[Right to lodge a complaint]

2. What information do we collect about you?

2.1. Personal data means any information about an individual from which that person can be identified. It does not include data which has been anonymised.

2.2. We will collect personal data from you when you visit our website or interact with our social media platforms, buy a service or product from us, visit our site, supply us with a good or service, make enquiries or otherwise provide us with your personal data.

2.3. The categories of personal information we may collect for the purpose of managing your engagement with us as either a customer, supplier, visitor or website visitor include:-

2.3.1. Contact Data: Your name and title, address, telephone number(s), social media usernames, personal or work e-mail address and any other contact details you may provide. If you are a corporate customer or supplier this could include the organisation you work for and details of your job title and other business contact data;

2.3.2. Identification Data: Your internet protocol (IP) address and information regarding which website pages you accessed and when, the license plate number of any vehicles which access our site;

2.3.3. Video Surveillance Data: We use CCTV and automatic numberplate recognition (ANPR) to record data about individuals at our site. We also use dash cams in our fleet of vehicles which provide video and audio footage to help prevent accidents. Please see our CCTV Policy for further information.

2.3.4. Marketing Data: We may collect information about your marketing preferences and records of consent if we are entitled to send you marketing materials;

2.3.5. Skills, Experience and Procurement Data: If you offer services we may want to know what relevant qualifications, skills and experience you or your business has to make sure you are suitable for the position;

2.3.6. Financial Data: We may collect bank account and payment card details if you have an account and order from us. This includes financial data if you are communicating with us as an individual, sole trader or unlimited liability partnership;

2.3.7. Attendance Data: Information related to your attendance at our site. This may include information about incidents which occur while you are attending our site; and

2.3.8. Complaints and Investigations Data: We may collect personal information for dealing with queries, complaints, incident investigations or claims.

3. How we collect your personal information

3.1. We will collect your personal information in the following ways:

3.1.1. Information you give us. This is information (including Contact Data, Identification Data, Skills, Experience and Procurement Data and Financial Data) you provide to us by: visiting our website, ordering from us, providing us with your business details, interactions on site if and when required. We may also get some personal data by you corresponding with us (for example, by email, text or in-app messaging services).

3.1.2. Information we observe. We will gather personal information about you through the monitoring of our systems including use of telephones and the internet, through the use of CCTV, and other video surveillance we use including dash cams and other technologies.

3.1.3. Information acquired through automated technologies or interactions. As you interact with our website, we will automatically collect personal data about you that distinguishes you from other users by using cookies. Please see our Cookie Policy on our website for more details.

3.1.4. Information we create. We will create information about you where we create an account for you/your business and where we keep records of our interactions with you including payments you make. We may also store data in our customer relationship management systems. Visitors may receive a visitor badge stating their name and the name of their employer, where applicable, which must be worn in a prominent position for the entirety of the visit.

4. Why we collect personal information about you and how we use that information

4.1. We process your personal information for a variety of commercial purposes and will also process your personal information, including special category personal information where necessary for us to provide special assistance or comply with any statutory duties, to which we are subject.

4.2. In the table below, where we outline the lawful basis (processing condition) which we rely on to use your personal information, a number of bases are mentioned for processing personal information. All data needs one of the “General” processing conditions. We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

4.3. The purposes for which we process your personal information and the lawful bases for such processing are as follows:

Why we use your personal information including type of data Type of data (please see above list of data types) Lawful basis for processing (please see below for more information on legal bases)
Managing our contractual relationship with you or your company/employer; Contact Data, Identification Data, Financial Data, Transaction Data, Attendance Data Contract: the use of your personal information is necessary for the management and administration of your/your company’s contract with us and our responsibilities to you. Where you purchase services from us using a personal bank account, we will process your financial data for collection of payment due under our contract with you.

Legitimate interests: it is a legitimate interest of ours to keep various information about you which is in addition to that which we need to fulfil our contractual obligations to you and to deal with our interactions with you and your company.
Customer correspondence and engagement including social media, complaints and feedback; Contact Data, Identification Data Legal obligation: the use of your personal information is necessary so that we can respond to and investigate complaints.

Legitimate interest: it is a legitimate interest of ours to keep various information about you which will allow us to respond to your correspondence, interact with you via various platforms and improve our service for you and others.
Meeting customers’ needs and requirements – including management of a customer account; Contact Data, Identification Data Legitimate Interests: it is our legitimate interest to gather data about you and/or your company which is useful for building a complete view of our customers’ use of our website and services. This includes understanding our customers’ behaviour, activities, preferences and needs. This helps to ensure the effective running of our business through the development, improvement and provision of products and services which meet our customer needs and expectations.
Management of our approach to and policies in respect of health and safety matters; Video Surveillance Data, Attendance Data Legal Obligation: we have a number of legal obligations in respect of health and safety and will process your personal information in accordance with those obligations.
Data analytics to improve our website, products/services, marketing, customer relationships and experiences; Identification Data Consent: we rely on consent to analyse the data we hold about you to improve our website and services and to enable us to deliver content to you which takes account of your likes and dislikes. We obtain your consent through the cookie consent notice. You can opt out of such analytics through the cookie consent notice.
Marketing purposes; Contact Data, Identification Data, Marketing Data Consent: If you have ticked the opt in box, we will send you electronic marketing information via your email address and via letter based on the marketing preferences you’ve given to us. This would include information about current services and offerings or direct contact from our field representatives.

Legitimate interests: it is in our legitimate interest to keep various information about you which will allow us to market our services and products to you in order to make new sales, or carry out after sales servicing, distribution of our newsletter and send out invitations to trade fairs or allow our field representatives to contact you with information relevant to your industry. Where we have already obtained or have sought consent, we will not rely on legitimate interests. Where we have already obtained or have sought consent, we will not rely on legitimate interests.
Network Security; Contact Data, Identification Data Legitimate Interests: we will monitor our network and your use of it. It is a legitimate interest of ours to make sure that your use of our network and systems does not compromise our network and systems security.
Site Security; Contact Data, Identification Data, Attendance Data, Video Surveillance Data, Skills, Experience and Procurement Data Legal Obligation: we have a number of legal obligations in respect of health and safety and will process your personal information in accordance with those obligations.

Legitimate Interests: it is a legitimate interest of ours to keep our site secure to deter theft and keep our employees safe. We use CCTV to monitor our sites and dash cams in our fleet of vehicles to help prevent accidents and to protect our staff and the general public. We use ANPR to recognise our employee numberplates and allow access to our sites for security purposes, so if you visit our site your numberplate will be read on entry.
Insurance and claims, to procure insurance policies and to respond to and defend legal claims. Contact Data, Identification Data, Video surveillance Data, Attendance Data Legitimate interests: it is in our legitimate interests to use your personal information where necessary in the purchase of insurance policies and to respond to and defend legal claims.

4.4. Data protection laws require us to have a general data processing condition (such as consent, or processing required by law) for processing data. The general data bases we use to process personal data are:

4.4.1. Consent: your consent to one or more specific purposes. We will set out the basis for consent in a consent notice or in some other form of notice where it is clear we are asking for your consent. Where we do not get your consent, we will not use your data for that purpose;

4.4.2. Contract: in order to enter into any contract we may have with you and to meet our obligations under that contract;

4.4.3. Legitimate interests: we’ve identified this type of processing is a legitimate interest of ours or a third party; we consider that use of your personal information is necessary to achieve that legitimate interest; and we’ve balanced all that against your interests, rights and freedoms. We set out more detail on our legitimate interest processing below at section 4.5

4.4.4. Legal obligation: we’re required by law to process this data.

Our Legitimate Interests

4.5. We sometimes process personal information on the basis that it is in our legitimate interests to do so. The occasions where we will rely on legitimate interests as our processing condition are set out above. The legitimate interests are as follows:

4.5.1. To maintain up to date information about you: we sometimes gather data about you which is useful for building a complete view of your website use. Although some of this data is not strictly required by law, it is nevertheless useful to us and we consider it in our legitimate interest of running a successful, profitable business and providing reliable, efficient transport and logistics services.

4.5.2. To respond to your complaints or correspondence: we will process your information where we need to contact or respond to you directly in respect of your interactions or contractual relationship with us.

4.5.3. Network and information security: we will monitor our network and your use of it. It is a legitimate interest of ours to make sure that your use of our network and systems does not compromise our information security.

4.5.4. To procure insurance policies and to respond to and defend legal claims: it is in our legitimate interests to use your personal information where necessary in the purchase of insurance policies and to respond to and defend legal claims.

4.5.5. To keep our site safe and secure: we have various health and safety legal obligations to maintain a safe working environment for our employees and site visitors. It is also in our legitimate interest to keep our site secure to deter crime and protect our assets.

4.5.6. To market our services: it is in our legitimate interest to keep and process certain information about you which will allow us to market our services to you in order to promote our transport and logistics services.

5. Ensuring your personal information is accurate

We will keep the personal information we store about you accurate and up to date. We will take every reasonable step to erase or rectify inaccurate data without delay. Please tell us if your personal details change or if you become aware of any inaccuracies in the personal information we hold about you. We may contact you from time to time to check your details are still up-to-date. We will also contact you if we become aware of any event which is likely to result in a change to your personal information.

6. Retaining your personal information

6.1. We will not keep your personal information for longer than is necessary for the purpose(s) for which we process it. This means that information will be destroyed or erased from our systems when it is no longer required.

6.2. For further guidance on how long certain information is likely to be kept before being destroyed, contact our data protection team at dataprotection@elddis.net

7. What rights do you have in respect of your personal information?

7.1. You have the right to:

7.2. Request access to any personal information we hold about you:

7.2.1. You have a right to access a copy of your own personal information. We try to respond to all requests within one (1) calendar month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.

  • 7.2.2. We will request information from you in order to help us confirm your identity and ensure you have a right to access the personal information you have requested to see. This is a security measure to ensure that we do not disclose personal information to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request.
  • 7.2.3. You will normally not have to pay a fee to access your personal information. However, we may charge a reasonable fee if your request is clearly unfounded or excessive (particularly where requests are repetitive). Alternatively, if your request is clearly unfounded or excessive we may refuse to comply with your request.
  1. 7.3. Require us to rectify any personal information which we hold about you which is inaccurate.
    1. 7.3.1. Rectification enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  1. 7.4. Have personal information erased, in certain circumstances.
    1. 7.4.1. This right enables you to have your data erased (the so-called “right to be forgotten”). The right relates only to personal information we hold at the time you make the request. There are also some important restrictions on this right.
    2. 7.4.2. The right to have personal information erased applies where:-
      1. 7.4.2.1. our use of your personal information is no longer necessary for the purpose for which we gathered it. Most of the personal information we hold about you in the course of your engagement with Elddis Transport is needed by us to manage you as site visitor, website user, customer or supplier. However, we will review the information we hold about you if you ask us to erase it, to check we need all of the information we hold;
      2. 7.4.2.2. we have relied on consent as the basis for processing and you withdraw your consent;
      3. 7.4.2.3. we are processing your personal information on the basis of legitimate interests unless we have an overriding interest to continue the processing;
      4. 7.4.2.4. we are processing your personal information unlawfully.
    1. 7.4.3. The right to erasure does not apply in certain circumstances including where:
      1. 7.4.3.1. we have to process the personal information to comply with a legal obligation; or
      2. 7.4.3.2. where we use the personal information to carry a task in the public interest such as where we are investigating fraud or preventing or detecting other unlawful acts.
  1. 7.5. Have the processing of your personal information restricted, in certain circumstances.
    1. 7.5.1. This enables you to ask us to suspend the processing of your personal information in the following scenarios:
      1. 7.5.1.1. if you want us to establish the information’s accuracy;
      2. 7.5.1.2. where our use of the information is unlawful but you do not want us to erase it;
      3. 7.5.1.3. where you need us to hold the information, even if we no longer require it as you need it to establish, exercise or defend legal claims; or
      4. 7.5.1.4. you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
  1. 7.6. In certain circumstances, be provided with the personal information that you have supplied to us, in a portable format that can be transmitted to another controller without hindrance.
    1. 7.6.1. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you
  1. 7.7. Object to certain types of processing, including legitimate interests based processing and automated processing (which includes profiling)
    1. 7.7.1. You can object where we are processing personal data on the basis of legitimate interests and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your interests, fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your interests, rights and freedoms or that the processing is required for the establishment, exercise or defence of legal claims.
  1. 7.8. The right to withdraw consent
    1. 7.8.1. If we are processing any of your personal information based on you having given us consent to do so, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of any processing we may have undertaken based on your consent before it is withdrawn.
  1. 7.9. In certain circumstances, the right not to be subject to a decision that is based solely on automated processing which produces a legal effect or which has a similar significant effect for you.
    1. 7.9.1. We will not engage in any fully automated decision-making in our processing of your personal information that produces legal or significant effects.
    1. 7.10. If you wish to exercise any of the rights set out above, you must make the request in writing to our data protection team at dataprotection@elddis.net
    2. 7.11. If you provided your consent to any of the processing of your personal information, you have the right to withdraw your consent to that processing at any time, where relevant. Please contact the Data Protection Representative if you wish to do so.

8. How we keep your data secure

  1. 8.1. Keeping your data secure is important to us. We use reasonable and up to date security methods to keep your personal information secure and to prevent unauthorised or unlawful access to your personal information, and against the accidental loss of, or damage to, personal information.
  2. 8.2. We have in place procedures and technologies to maintain the security of all personal information from the point of collection to the point of destruction. These include adhering to various security standards, including physical and technological protection, data encryption, patching and software update management, management of access rights, vulnerability scanning and penetration testing, network configuration and monitoring. We will ensure your personal information is only accessible by those who need to see your information for their specific role. We will only transfer personal information to a third party if that third party agrees to comply with those procedures and policies, or if they put in place adequate measures themselves.
  3. 8.3. Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal information.

9. Providing information to third parties

  1. 9.1. Our employees who need to access your data will view it in order that we can manage your engagement with us and comply with our legal and statutory duties. All of our employees have been trained in data protection and understand the need to keep your information confidential.
  2. 9.2. In addition to our employees, we may also use service providers who may process personal information on our behalf (for example by passing details to third parties such as payment providers, business consultants, IT support and legal professionals). Apart from our employees and service providers, we will not disclose your personal information to a third party without your consent unless we are satisfied that they are legally entitled to the data. Where we do disclose your personal information to a third party, we will put in place arrangements to make sure your information is well protected and processed strictly in accordance with data protection laws.
  3. 9.3. We may disclose your personal information to third parties:
    1. 9.3.1. in the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets;
    2. 9.3.2. if we or substantially all of our assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets; and
    3. 9.3.3. if we are under a duty to disclose or share your personal information in order to comply with legal obligations or to protect our rights, property, or safety of our customers, suppliers or other employees. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  1. 9.4. If your personal information is provided to any third parties, you are entitled to request details of the recipients of your personal information or the categories of recipients of your personal information.

10. Transferring your personal information outside the United Kingdom

10.1. We will not transfer your personal information outside the UK unless such transfer is compliant with the UK GDPR. This means that we cannot transfer any of your personal information outside the UK unless:

  1. 10.1.1. the UK government has decided that another country or international organisation ensures an adequate level of protection for your personal information; or
  2. 10.1.2. the transfer of your personal information is subject to appropriate safeguards, which may include:
    1. 10.1.2.1. binding corporate rules; or
    2. 10.1.2.2. the International Data Transfer Agreement or the UK Addendum.
    1. 10.1.3. one of the derogations in the UK GDPR applies (including if you explicitly consent to the proposed transfer).

11. Breaches of data protection laws

If you consider that we have not complied with data protection laws in respect of personal information about yourself or others, you should raise the matter with our data protection team at dataprotection@elddis.net. We will take any breach of the UK GDPR seriously.

12. Right to lodge a complaint

      1. 12.1. If you have any issues with our processing of your personal information and would like to make a complaint, you may submit a complaint to us in accordance with our complaints procedure.
      2. 12.2. If you have any issues with our processing of your personal information and would like to make a complaint, you may contact the Information Commissioner’s Office at https://www.ico.org.uk/make-a-complaint, on 0303 123 1113 or at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.