Personal information we collect
Listed below are the data we currently collect from customers, suppliers, contractors and third parties with whom we come into contact as part of our normal business activities.
If you have previously applied for a job with us, or have worked for us in the past, then please see our staff privacy notice, a copy of which you can find here.
- Name and title
- Contact details (work address, telephone numbers and email addresses)
- Social media handles/contact details
- Moving image (if you have visited our site and been captured on CCTV)
- Vehicle registration number (if you have visited our site and been captured on CCTV)
- IP address (if you have visited our website)
- Location history (if you have visited our premises -- dates and times)
- Bank account number, name and sort code (if you have made a payment to us from a personal bank account or have asked us to make one to you)
- Qualifications and training history (if we need to determine if you are a suitable person to carry out work for us)
How we get your personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- In order to do business with us (buy our services, or sell your services or products to us, or because you are considering doing so)
- Because you work for a public authority, regulator or enforcement agency and have an interest in our business.
We may also have obtained your personal information because:
- You have given your permission to a third party to share it with us.
- It is freely available online– for example, on your organisation’s website.
We may share your information with the following organisations for the following reasons:
- Our accountants, Caerwyn Jones (in order that they may audit and prepare the company’s accounts)
- Competent agencies, including the police and HSE (in order to assist a legitimate investigation)
- Courier and haulage companies, various (in order that they may deliver or collect goods)
- LeadForensics (if you visit our website, so that we can identify the organisation you work for and decide it we’d like to get in touch)
- Our bank, Lloyds (in order to process payments)
- Our insurance broker and underwriters, various (if you are undertaking dangerous work on our site or if we are involved in a dispute with you)
- Our solicitors, various (if we are involved in a dispute with you or a negotiation outside the scope of our day-to-day activities)
- Our security contractor, Vanguard Alarms (in order for them to maintain our company CCTV system)
- Our IT support contractor, Vector Systems (in order for them to maintain our IT infrastructure and security)
- Our website developer, InfluxDigital (in order for them to verify that the website is functioning as expected)
- Webflow (who host our website and hold the access log files).
You should also note that visitors to our site are asked to sign in and out and that our visitor books are freely accessible in our reception and despatch areas.
Our legal bases for processing
We rely on several of the lawful bases for processing data that are outlined in the UK General Data Protection Regulation (UK GDPR). Specifically:
Contractual obligations
- For example, if you want to buy our services, or supply us with goods and services, and we need to be able to communicate with you, process payments and/or assess you are suitably qualified.
Legitimate interests
- For example, if you have visited us and we have captured your image on the CCTV system that we use to monitor health, safety and security on our site or you have written your name in our visitors book
or, if we have found your contact details online on a business website and have used them to contact you to see if you are interested in working with us.
Legal obligation
- For example, if you are involved in an accident or incident on our site and we are obliged to report it.
How we store your information and how long we retain it.
We store almost all personal information on our local servers, which are backed-up to Microsoft (cloud) servers located in the UK.
Our website is hosted by Webflow, which is based in the United States. Webflow has SOC 2 certification and encrypts data in transit and at rest. For more information, view Webflow’s FAQs here.
Our CCTV footage is stored to a local hard-drive, which is kept in a secure room onsite.
Our visitors’ books are held in our reception and despatch areas, which are locked when the building is unoccupied.
Publicly available customer and supplier data is retained indefinitely, but anonymised (contact details deleted) if we have not traded with a company for 8 years or more.
Website access logs are not visible to the Hitherbest team. They are automatically deleted by Webflow after 30 days. IP address data processed by Lead Forensics is automatically deleted after data from static IP addresses (such as location and company name) has been extracted.
Our CCTV footage is automatically re-written after 3 months, unless we snip and retain a section of footage to support an accident or criminal investigation, in which case it will be kept for the duration of the relevant proceedings or until the statutory limitation period expires.
Visitors books are shredded after use.
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You will not ordinarily be required to pay any charge for exercising your rights, unless you make a request which is manifestly unfounded or excessive (see the company Data Protection Policy for further details). If you make a request, we will normally respond to you within one month of receiving your request (see the company Data Protection Policy for more information).
How to complain
If you have any concerns about how Hitherbest uses your personal information, you should contact the Managing Director at:
Hitherbest Limited
Heath Hill Court
Heath Hill Industrial Estate
Dawley
Telford TF4 2RH
You can also telephone Hitherbest on 01952 632100.
If you are unhappy with how we have used your personal data, you can complain to the Information Commissioner’s Office.
The ICO’s address is:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK95AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk