Privacy Policy
Heming Group Ltd and its’ subsidiary companies being: Heming Services Ltd, Heming Engineering Ltd, Heming Plant Hire, Ford Electrical Ltd, Major Refrigeration & Air Conditioning Services Ltd and Major Building Ltd are committed to protecting your personal information. In this policy, references to ‘we’ or ‘us’ mean Heming Group Ltd and its’ subsidiaries. This policy explains how we collect and use the personal information about you for the purposes of running our website, informing you of our commitment to the UK Data Protect Act 2018 (DPA) and the EU General Data Protection Regulation 2018 (GDPR).
Introduction
• This Privacy Policy explains what we do with your personal data, whether we are in the process of dealing with an enquiry, processing an order, continuing our ongoing customer relationship with you, receiving a service from you, requesting your feedback, or you are visiting our website.
• It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
• This Privacy Policy applies to the personal data of our Customers, Potential Customers, Suppliers, Sub Contractors and Employees. If you are a Heming Group Employee (or one of its’ subsidiary companies being: Heming Services Ltd, Heming Engineering Ltd, Heming Plant Hire, Ford Electrical Ltd, Major Refrigeration & Air Conditioning Services Ltd and Major Building Ltd) you should refer to your updated company contract and our Employee Privacy Policy Document found in the company hand book
• It is important to note that any amends to our Privacy Policy will posted to this page, for updates to our policy please navigate to this page.
What kind of personal data do we collect?
• Customer Data:
In order to provide the best possible products and services to our customer’s we need to process certain information. Heming Group Ltd and its’ subsidiaries only ask for details that will genuinely help us to deliver these products and services, such as your name, address, contact and contract details; including but not limited to: Telephone number, email address, first and last name. Where Heming Group Ltd and its’ subsidiaries are required by you to process payments for goods and services by way of debit or credit card we will also process these details, but only for this purpose.
We may also collect information regarding your website activity and visits’ in order to further enhance your customer experience.
• Supplier Data:
We collect a minimum amount of data from our suppliers to ensure that we can easily process transactions. Heming Group Ltd and its’ subsidiaries will collect contact details for the main contact and any associate contacts within the business that assist us in processing any number of transactions. We also need other information such as your bank details so that we can pay for the goods and services you provide (if this is part of the contractual arrangements between us).
• Sub-contractor data:
We collect and store information required so that we can process contractual obligations between us. These details include personal and business email addresses, telephone numbers, address details, bank account details, qualifications, UTR and National Insurance Number and Insurances.
• End-user data:
Where we are obligated to carry out work for a third-party contractor we reserve the right to obtain and process data including site addresses, email addresses and telephone numbers, this enables Heming Group Ltd and its’ subsidiaries to fulfil our contractual obligation to you and our customer.
How do we collect your personal data?
• Customer Data:
We collect customer data in the following ways:
1. Directly from you
2. From third party software detailing ongoing project data
3. From websites
4. From social media platforms
5. From your work colleagues
6. From exhibitions or events attended by Heming Group Ltd and its’ subsidiaries employees
• When viewing or interacting with data and information on our websites or on an email from us, we may also collect certain data automatically or through you providing it to us.
• Supplier Data:
We collect supplier data in the following ways:
1. Directly from you
2. From your work colleagues
3. Your website / Internet
• Sub-contractor data:
1. Directly from you
2. From your work colleagues
3. Your website / Internet
4. End-user Data
• End-user data:
We collect end-user data in the following ways:
1. Via third party contractors or suppliers who are using the services of Heming Group Ltd and its’ subsidiaries to fulfil a project
• Website Users
We collect your data automatically via cookies when you visit our website, in line with cookie settings in your browser. We will also collect data from you when you contact us via the website, for example by using the contact forms.
How do we use your personal data?
• Customer data:
There are two main reasons for using your personal details. Firstly, details will be used to help Heming Group Ltd and its’ subsidiaries to process ongoing requests that you have made with us, i.e. raising a quote or processing an order, through to delivery of that order and potentially requesting feedback (in the form of a survey). Heming Group Ltd and its’ subsidiaries will also store and process data for the purposes of direct marketing, via email, telephone and post. Review the section below; How can I unsubscribe from all or individual types of direct marketing, should you wish to opt out of any form of direct marketing from Heming Group Ltd and its’ subsidiaries.
• Supplier data:
• The main reasons for storing and processing your personal data is to ensure that we can complete the contractual arrangements between us and comply with any legal and binding requirements.
• Sub-contractor:
The main reasons for storing and processing your personal data is to ensure that we can complete the contractual arrangements between us and comply with any legal and binding requirements.
• End-user data:
The main reason that we process end user data is to ensure that we can contractually deliver on products and services which have been requested via a third party
• Website users:
We use data collected via our website to help us to improve your experience when using our website, for example by analysing your recent search trends to help us present recently viewed products. If you are a customer, we may use data from your use of our websites to enhance other aspects of our communications with you, for example email communications.
Who do we share your personal data with?
• Customer data:
We may share your personal data with suppliers or sub-contractors but only where it is necessary for them to deliver a contractual obligation such as delivery or installation of our products or services. Customer’s details that are being used for the purposes of e-marketing will be uploaded to a secure external system which is provided by a third-party organisation. If prior agreement is provided by you, we will pass your details on to alternative companies who we believe will be able to fulfil your requirement when Heming Group Ltd and its’ subsidiaries cannot.
• Supplier data:
By way of a referral we may share your personal data with potential customers who would also benefit from your products and services.
• Sub-contractor data:
Where a contractual agreement has been agreed for you to carry out work on behalf of Heming Group Ltd and its’ subsidiaries at a customer’s site, we will provide your personal data to the customer, in order for them to complete their internal processes. Where requested by the customer/end-user Heming Group Ltd and its’ subsidiaries will also provide photographic id.
• End-user data:
When entering in to a contractual agreement with Heming Group Ltd and its’ subsidiaries we will pass on the minimum amount of your personal data as deemed appropriate for a supplier or sub-contractor of Heming Group Ltd and its’ subsidiaries to carry out their contractual obligation to us.
• Website user:
No details obtained from our website will be processed outside of Heming Group Ltd and its’ subsidiaries. Any data used to process and target specific information to you will be done so using a Heming Group Ltd and its’ subsidiaries managed system
How do we safeguard your personal data?
• We care about protecting your information. That’s why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data.
Those processes include but are not limited to; encrypted server access, Laptop devises are encrypted, all antivirus and government gateway security settings are up to date and monitored.
How long do we keep your personal data for?
• Data stored and processed in our CRM system
If we have not had meaningful contact with you for a period of five years, we will remove your personal data from our systems unless we believe another processing requirement, such as legal or contractual regulation requires us to retain it.
• Printed and digital archived project information
Due to the nature of our products we deem it appropriate to store project information for up to 20 years, this allows us the ability to recall previous project information should you the customer require it.
How can you access, amend or take back the personal data that you have given to us?
• If we are holding or using your personal information, you may change your mind at any time by writing to Heming Group Ltd, Collin Lane, Willersey, Broadway, WR12 7PE or emailing donna@heming-group.co.uk We will process the restriction of use in our marketing communications or removal of your personal information within 10 days, sometimes sooner. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
• Right to object
If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
• Right to erasure
In certain situations, you have the right to request us to “erase” your personal data. We will respond to your request within a maximum of 30 days and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will remove your data. We will assume that you would prefer us to keep a note of your name on our system as a person who would prefer not to be contacted by Heming Group Ltd and its’ subsidiaries as this will ensure that we can minimise the future risk of your data being resubmitted and used in the future. If you would prefer that this is not the case, please let us know.
Any data within the e-marketing system will be moved to a suppressed list and be unable to be resubmitted for direct marketing use without prior agreement from you.
• Right to lodge a complaint
Please submit your complaint in writing to us at Heming Group Ltd, Collin Lane, Willersey, Broadway, Worcestershire, WR12 7PE in the first instance, however, you have the right to lodge a complaint with details of which can be found here
How can I unsubscribe from all or individual types of direct marketing?
• Email Marketing
All e-marketing communications sent by Heming Group Ltd and its’ subsidiaries using our third-party e-marketing software will contain an unsubscribe button, on clicking to unsubscribe you will be requested to submit your email address in order to authenticate your permission to suppress the email address. Any emails sent to you using one of our outlook email addresses can be directly replied to or you can forward the email to donna@heming-group.co.uk in order to request you are removed from future direct marketing email communications.
• Telephone Marketing
A request can be made with the person whom you are directly on the phone with at the time, and they will process this request in our centralised CRM system. If you are unsure as to whether you are registered on our systems for telephone marketing and wish to remove your details, you can contact us either via email; donna@heming-group.co.uk or by telephone on 01386 853295. Your details will be updated within 5 working days or sooner.
• Postal Marketing
If you would like to remove your personal details to prevent receiving postal marketing communications, you can email your request to donna@heming-group.co.uk or telephone 01386 853295. Your details will be updated within 5 working days or sooner.
What are cookies, how do we use them and how to opt out?
• A “cookie” is a bite-sized piece of data that is stored on your computer’s hard drive. They are used by nearly all websites and do not harm your system.
• Heming Group Ltd and its’ subsidiaries use cookies to track your activity and help us to improve your experience when visiting our website. We can also use the information from cookies to tailor other forms of direct marketing, to ensure that you see information relevant to you and any current requirements. We can also use cookies to analyse traffic and for advertising purposes.
• If you want to check or change what types of cookies you accept or opt out from cookies being used in the ways mentioned above, this can usually be altered within your browser settings.
• Most web browsers will automatically accept cookies but if you would rather we didn’t collect data you can choose to reject some or all cookies in your browser’s privacy settings. Please be advised that rejecting all cookies means that you may not be able to use all functions of our website.
OUR LEGAL BASES FOR PROCESSING YOUR DATA
LEGITIMATE INTERESTS
• Article 6(1)(f) of the GDPR states that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
• Customer data:
• We think it reasonable that if you have communicated with us in the past or we have had meaningful contact with you within the past 5 years that there is legitimate interest that you will continue to benefit from our range of solutions, and thus we will keep you updated via forms of direct marketing.
• We want to provide potential customers with the opportunity to hear about our products and services and request additional information. We therefore deem it that if you operate in a sector that regularly benefits’ from our products and services and your information has been made available in the public domain that we can contact you to advise you of our products and services. We will have an upfront and honest approach to this and provide you with the opportunity to opt out of any further communications from us.
• Where we subscribe to third party services who collate and enter data relating to ongoing projects in our industry, we will deem it that you are in a position where you wish to be contacted regarding suitable products and services. We will therefore process your data for the purposes of direct marketing in order to establish if you have a requirement.
• Where you have made contact with us we will process your request in line with our business processes and in order to provide you with the requested products and services. This will include processes such as arranging and attending your site and processing information that will enable us to design, manufacture and install your solution. Information obtained will be stored on our systems now and in the future to further enable us to process your requests and to keep you updated on product, service and company updates via forms of direct marketing.
• Personal details may be used too for administrative purposes including invoicing and project management
• Supplier data:
• We store and process the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our suppliers. We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within legitimate interests.
CONTRACTUAL
• Article 6(1)(b) of the GDPR gives us lawful basis for processing personal data where; “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”
• In this context, a contract does not have to be a formal signed document, or even written down, as long as there is an agreement which meets the requirements of contract law. Broadly speaking, this means that the terms have been offered and accepted, you both intend them to be legally binding, and there is an element of exchange (usually an exchange of goods or services for money, but this can be anything of value)
• Customer data:
• Where you and ourselves have entered in a contractual agreement to deliver products and services we will process the appropriate and required information in order to do so. i.e. address details of the company and installation site. In order to provide a smooth and seamless service we will also deem it reasonable to process such information as appropriate to send updates on the progress of your contract with us. Some of these updates and notifications will be automated and sent from a third-party e-marketing system.
• End user:
Where Heming Group Ltd and its’ subsidiaries have been requested to act as a sub-contractor to supply products and services to you as an end-user, we deem it appropriate to process any personal details provided to us in order to fulfil our contractual obligation to your supplier. We will also collect; directly from you, additional personal data in order to fulfil our processes and ensure a seamless service. We may also store and process personal data in order to provide additional services such as collections, deliveries and maintenance. Finally, data may be used on job completion to request feedback in the form of a survey, this enables Heming Group Ltd and its’ subsidiaries to confirm satisfaction or dissatisfaction with the work we have carried out, and action accordingly.
GLOSSARY
• Customer(s) – includes companies and individuals that have previously been supplied with products or services from Heming Group Ltd and its’ subsidiaries. Companies and individuals are also referred to as customers if they have previously made contact with Heming Group Ltd and its’ subsidiaries to enquire about projects and services. Customers in the context of this privacy policy also refer to the companies that Heming Group Ltd and its’ subsidiaries deem appropriate to direct market with information about our products and services but may not have had previous communication.
• Suppliers – refers to partnerships and companies (including sole traders), independent contractors and freelance workers, who provide services to Heming Group Ltd and its’ subsidiaries.
• End-user data – refers to the personal data of individuals within a business where Heming Group Ltd and its’ subsidiaries have been requested to carry out contractual services, as requested by the end-user via a third-party supplier.
• Sub-contractors – refers to independent ltd companies or sole traders who are contracted by Heming Group Ltd and its’ subsidiaries to carry out services on behalf of end-users.
• General Data Protection Regulation (GDPR) – a European Union statutory instrument which aims to harmonise European data protection laws. It has an effective date of 25 May 2018, and any references to it should be construed accordingly to include any national legislation implementing it.
• Website Users – any individual who accesses the Heming Group Ltd and its’ subsidiaries website.
• Other terms – “We” refers to Heming Group Ltd and its’ subsidiaries the controller and processor of personal data; “You” refers to the customer, supplier, end-user, employee and individual who is protected by the rights and freedoms of GDPR and data protection.
Enquiries and Complaints
The data protection contact is the first point of contact regarding any enquiries arising from this privacy notice. Where possible, please raise all enquiries in writing.
If you are unhappy with our work or something that we have done or failed to do, please inform us in writing. Heming Group Ltd will acknowledge receipt of all complaints and will endeavour to investigate the complaint within thirty working days.
All complaints should be sent to:
Heming Group Ltd, Collin Lane, Willersey, Broadway, Worcs, WR12 7PE
You may also complain directly to the Information Commissioner’s Office if you are concerned with how we are handling your personal information using their online form which can be found here.
Changes to this Notice
We may change this privacy policy from time to time. If you use our site regularly, please visit this page from time to time to check this policy.
This privacy policy was last updated 22nd May 2018