The Hills Group Privacy Statement
(last updated May 2021)
11. Your rights
This privacy statement provides detail on the type of personal data we collect, the legal grounds for how we use this data, how we hold data securely and the rights you have over the data we hold. This privacy statement covers the personal data that we collect when conducting our business with you either as a customer, supplier or private individual in accordance with the Data Protection Act 2018 (DPA) and the EU retained version of the General Data Protection Regulation (UK GDPR).
Please note that we have additional privacy statements applicable to cover recruitment which can be found at www.hills-group.co.uk/about-us/work-for-us We may also issue other specific privacy statements from time to time. These statements should be read in conjunction with this notice and any other privacy notice that we have in place from time to time.
1. Who collects your personal data
Hills or The Hills Group collects and is responsible for your personal data. The Hills Group comprises Hills UK Ltd and its subsidiary companies including, but not limited to, The Hills Group Ltd, Hills Waste Solutions Ltd, Hills Quarry Products Ltd, Hills Homes Developments Limited and Hills Municipal Collections Ltd. Where a Hills Group company is providing you with goods and services your data will be controlled by the company that is providing those goods and services. We can provide further information on request.
2. The type of personal data we collect
The personal data we collect may include:
- Contact information, such as your name, job title, business address, postal address (including your home address, where you have provided this to us), telephone number, mobile phone number, fax number and email address
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers, bank account numbers and sort codes and other related invoicing information
- Further information necessarily processed in a contractual relationship or provided by you to the company, such as specific instructions connected to delivering our goods or services to you or contract enquiries
- Information collected from publicly available resources, databases and credit reference agencies
- Details of our visits to your house or premises when a Hills company provides you with goods or services which may include images, audio and video captured by handheld devices or by vehicle based cameras
- Record of entry and egress of land, buildings and premises owned or occupied by the company from fixed or mobile CCTV or other electronic or physical means
- Other personal data captured by vehicle based cameras or handheld devices which may include still images, audio and video.
3. How we collect personal data
We may collect personal data about you in a number of circumstances, including:
- When you or the business you represent enters into an agreement with us to provide goods or services
- When you or the business you represent make an enquiry, contact us via our website, social media post or by telephone
- When you attend a trade show or event where we are present or visit a Hills company site or office
- When we attend a site or premises to deliver goods or provide services
- When we or the vehicles we operate are in close proximity to you
- When you or the business you represent offer to provide or provide goods or services to Hills.
Where we have a legitimate business reason, we may collect personal data about you or the business you represent from a third party, such as a credit reporting agency, government agencies, your business, other organisations with whom you or the business you represent have dealings or from publicly available records. Where required we will obtain your consent to obtain this personal data.
4. How your personal data may be used
We may use your personal data to:
- Provide you or the business you represent with goods and services we are contracted to provide
- Managing and administering our supplier and customer business relationship with the company, including processing payments, accounting, auditing, invoice and debt collection, support services
- Meeting our legal obligations (such as accounting records), compliance screening of suppliers or recording obligations (e.g. for financial and credit check and fraud and crime prevention and detection purposes), which may include checks of your contact data or other information you provide
- To analyse our performance and improve our services
- To protect the security of our sites and offices and the assets at these locations, vehicles and equipment, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities
- For insurance purposes including dealing with claims made against or by Hills and pass relevant personal data to our insurers, insurance claims handlers, loss adjusters or legal advisers
- For monitoring and assessing compliance with our policies and standards
- To confirm the identity of persons attending our sites or offices acting on behalf of our customers or suppliers or persons representing our appointed contractors
- To comply with our legal and regulatory obligations
- To exercise and/or defend our legal rights
- To investigate and respond to complaints; and
- For any purpose that is reasonably connected to any of the above or any other purpose for which you provided us with your personal data.
With regard to marketing-related communication, we operate in accordance with the principles of the Privacy and Electronic Communication Regulations. Where you are a private individual and you contact us by email or via our website we will only provide you with information you have requested or that you have opted in to receive.
In all electronic marketing communications we will provide the opportunity to opt out of receiving further marketing-related communication from us.
5. What is the legal basis that permits us to use your personal data?
We process personal data on one or more of the following legal grounds:
- For the performance of a contract with you or the business you represent, or to take steps to enter into a contract
- For compliance with a legal obligation (e.g. to comply with health and safety regulations, meet our legal reporting obligations)
- For the purposes of our legitimate interests (e.g. to enforce a contract, measure our performance, protect our business assets, to prevent fraud, to meet our contractual requirements) or those of a third party, but only if these legitimate interests are not overridden by your interests, rights or freedoms
- To protect our legal position in the event of legal proceedings.
Certain processing may be based on your consent where you have expressly given that to us.
6. Personal data you provide us
Any personal data we request or supplied to us by you is used as detailed in this statement. If you do not provide certain information to us we may not be able to do business or deal with your request or query, for example where personal data is required to provide you with goods or services, you need to demonstrate your competency in a specialist area to act on our behalf, or to process your requests or deal with queries or complaints connected with our activities and advise you accordingly.
7. How we may share your personal data?
We may share your personal data:
- With other Hills Group companies where required for the purpose of providing goods and services and for administrative, invoicing and other business purposes (such as ensuring health and safety of visitors to our sites).
- With company appointed contractors or suppliers to meet our contractual obligations to you, for instance goods or service delivery details, or pursuant to our legitimate interests to provide services to us. In these circumstances they will only have access to the personal data required to meet this obligation on our behalf and may not use it other than for the purpose we have supplied it to them and in accordance with this Privacy Statement.
- If we are legally obliged to do so (e.g. when we are required by applicable law or to report to relevant regulatory authorities)
- The business has an overriding legitimate business reason (e.g. with our legal advisers, insurance companies or as required to investigate actual or suspected fraudulent or criminal activities)
- To our customer, where you are making a complaint or compliment about a service we provide on behalf of that customer.
Otherwise, we will only disclose your personal data when you direct us or give us permission.
8. Personal data you provide to us about other people and updating personal data
If you provide us with personal data about individuals such as directors, employees, or business references you must ensure that you are permitted to disclose that personal data to us and have advised the individuals accordingly and place no obligation on us to take action to confirm that we may hold, use and disclose that personal data as described in this Privacy Statement. If you are a Hills approved supplier or supplier wishing to become approved, please see our Responsible Purchasing Policy for more information on the type of information.
If any of the personal data that you have provided to us changes, for example if you change your email address or you become aware we have any inaccurate personal data about you, please contact us through your normal contact channels within Hills or see 11 below.
We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
9. Security of storing personal data
We know how important it is to protect and manage your personal data.
We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our office areas and files to keep this data safe. We only authorise access to employees who need it to carry out their job responsibilities.
Our procedures mean that we may request proof of identity before we share your personal information with you.
In the unlikely event that we do suffer a security breach which compromises our protection of your personal information and we need to let you know about it, we will do so by email if we believe that you are or may be affected and/or by notice on our website in the event if appropriate.
In limited and necessary circumstances, your information may be transferred outside of the EEA. If this is required we will ensure adequate safeguards are in place to ensure the security of your data in accordance with the DPA and UK GDPR. When doing so we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal data.
10. How long do we keep your personal data?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, or other requirements.
Details of retention periods for different aspects of your personal data are available on request, please contact us for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
11. Your rights
Under the UK GDPR and DPA you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn. If you withdraw your consent for the company to process certain types of data the practical implications and possible outcomes of doing so will be explained to you.
You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the UK GDPR or DPA with regard to your personal data.
If you have any concerns as to how your data is processed you can contact: The company secretary who acts as the data protection officer at firstname.lastname@example.org or you can write to the Company secretary, Wiltshire House, County Park Business Centre, Shrivenham Road, Swindon, SN1 2NR.
12. This statement and changes to this statement
Hills reserve the right to update and change this Privacy Statement to reflect any changes to the way in which we process personal data to meet our legal data privacy requirements. Updates to this Privacy Statement will be referenced and dated and published on our website or published otherwise.