1. Background

On 25^th May 2018 a new law comes into place. It is known as the General Data Protection Regulations (GDPR) and is about how personal information about individuals is collected, used and looked after. This document sets out the detail about how the personal information provided by you will be used and looked after and explains your rights in relation to it.

In providing Distribution and Warehouse services you, the Customer, is the Data Controller and Hackling’s (the Supplier) is the Data Processor. The meanings as defined in the Data Protection Legislation are as follows: –

“Controller – means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data”

“Processor – means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.”

2. Our commitment to you

Our commitment is to:

• Keep personal information provided by you safe and private;
• Not use personal information for any purposes other than in connection with undertaking work for you, for the effective running of our business, for account management purposes and keeping you informed of information about our business and its activities;
• Make it easy for you to approach us if you have any concerns or questions relating to the holding of personal information.

3. Who we are and how we operate

Hackling’s provides Distribution & Warehouse services to a wide range of businesses in the Gloucestershire, Oxfordshire and Wiltshire areas. As a member of the Palletline and Hazchem Networks, we specialise in the delivery of single or multi pallet consignments anywhere in the UK and Europe, overnight and economy or in line with our Customers’ requirements.

4. How information is collected from you

Information will be collected directly from you. This will be when we are dealing with your questions about the services which we provide or when we start providing services to you. Further personal information will be collected while work proceeds if required. Information may be collected electronically through our online systems, by email, face-to-face meetings or by telephone.

Please ensure that all personal information is accurately provided as the information which is held is only as accurate as the information provided in the first place.

It is possible that we may obtain information about you from other sources, for example if we are informed by someone else that they have recommended you to us or when information is provided to us by others involved in the work which we are carrying out for you.

5. What personal information will we collect from you?

We will require contact details such as:

1. Your Details

• Name;
• Address;
• Telephone number;
• Email address.

1. Your Customer Details

• Name;
• Address;
• Telephone number;
• Email address.

We will also collect such personal information as we reasonably require from you in order to effectively carry out the work which you require us to do.

The Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Supplier for the duration and purposes of our agreement.

The Supplier shall, in relation to any Personal Data processed in connection with the performance by the Supplier of its obligations under this agreement:

• process that Personal Data only on the written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier to process Personal Data (Applicable Laws). Where the Supplier is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer;

• ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);

• ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and

• not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled:

• the Customer or the Supplier has provided appropriate safeguards in relation to the transfer;
• the data subject has enforceable rights and effective legal remedies;
• the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and;
• the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data;

• assist the Customer, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

• notify the Customer without undue delay on becoming aware of a Personal Data breach;

• at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the Personal Data; and

• maintain complete and accurate records and information to demonstrate its compliance with this clause and allow for audits by the Customer or the Customer’s designated auditor.

6. Who will personal information be provided to?

We will not provide your personal information to anyone else save in the circumstances set out at 7 and 8 below or where you consent to us doing so.

7. What about outsourcing?

We may pass personal information to certain trusted third parties to assist in the performance of our services such as Palletline, The Hazchem Network and other delivery companies. We will share your personal information with these third parties, but only to the extent necessary to perform our services. This is likely to include holding personal information in electronic form, to assist with efficient administration and running of Hackling’s, for the purpose of maintaining databases and customer relationship management.

8. What will the personal information be used for?

• To fulfil our contractual obligations towards you:

• To progress the consignments, or orders, upon which you have asked us to help;
• To properly record the progress of the consignments, or orders, in respect of which you have asked us to work on;
• To regulate the quality of the work performed on your behalf;
• We may from time to time provide personal information to those outside of Hacklings to assist us in providing this service to you. For example, sometimes we may wish to obtain information from a Palletline Depot in relation to a particular consignment.

• When it is our legal obligation

In very rare circumstances we may be required to provide information to local or public authorities including the police.

• When legitimate interests apply

It is possible that from time to time we may wish to communicate with you concerning matters which may be of interest to you. The nature of such contact will be:

• To inform you of any changes to our services or new services;
• To communicate about events or promotions which we may be providing;
• To communicate other developments at Hackling’s.

We will not communicate to you under this heading where there is any perceived detriment to you in receiving the communication.

If you do not wish to receive communications under this heading please contact Stuart Mitchell (stuartm@hacklings.co.uk). In making contact please confirm the type of communications listed which you do not wish to receive or that you do not wish to receive any communications of the type listed.

• When you consent

There are certain uses to which we will not put personal information without your specific consent. For example, we will not provide any information about you in publicity material without your consent. If we wish to use your personal information for any purpose other than those listed under the other heads we will seek your specific consent.

• Other

We may also use personal information for management and statistical purposes to enable the efficient running of Hackling’s.

9. What happens if I don’t wish to provide personal information to Hacklings?

We seek personal information for the purposes set out above including contact details. We will also require all information necessary in order for us to effectively provide Distribution and Warehouse related services. Without the information referred to, we may not be able to provide the services to you or at the very least our effectiveness will be restricted.

10. How long will Hackling’s keep personal information for?

We will only retain personal information:

• For as long as necessary to fulfil the purposes it was collected for as set out in this Privacy Notice;

• In relation to those that enquire about our services or whom we are informed may have an interest in our services but don’t then instruct us, we would not normally keep that information for longer than twelve months after the last communication from the enquirer, or if we do not receive a response after initial contact no longer than six months from the communication date;

• If we carry out work for you we will retain the information throughout the duration of the work and usually for 2 years thereafter.

In some circumstances you have the right to request erasure of personal information held. This will be addressed below.

.

11. Your rights in relation to the information held in relation to you

• Access – the right to make what is known as a Subject Access Request to obtain a copy of the personal information which we hold about you. If you make such a request we are required, in most circumstances, to provide a copy of the personal information without charge and within 30 days.

You may also seek confirmation of the nature of personal information which we hold about you without seeking a copy of the information itself.

• Correction – it is important that you keep us up to date with any changes to the personal information provided. Subject to that you have the right to ask us to correct or complete any inaccurate or incomplete data held about you. It is possible that evidence will be required of the new information provided.

• Erasure – you are entitled to ask us to delete or remove personal information held where there is no good reason for us to continue to hold it. It may not always be possible to comply with your request due to ongoing obligations in relation to the personal information. Where this is the case you will be informed and be told of the reasons why it is not possible to comply with the request.

• Object to processing – you may object to us processing personal information. There are some circumstances in which it will not be possible to comply with your request, for example if it is necessary to process the information in connection with obligations which we have and which have been explained to you in this document. If you object to us processing information which has been processed under the legitimate interest head, we will in nearly all instances stop processing it. If we intend to continue processing it we will consult with you about it.

• Restriction of processing – you may ask us to suspend processing of personal information in the following situations:

• If you want the data accuracy to be established;
• Where the use of the personal information is unlawful, but you do not want it to be erased;
• You need the data to be held even though we no longer require it as you need it to establish, exercise, or defend legal claims; or
• You have objected to the use of the data by us, but we need time to determine whether we have overriding legitimate grounds to process it.

• Request the transfer of information – sometimes rights apply to request a transfer of personal information held to other organisations, such as a new haulier.

This right only applies to personal information that is processed by automated means and is held because it was necessary for the performance of the contract with you or personal information which is processed on the basis of your consent.

12. Keeping personal information safe

We have put in place appropriate security measures to prevent the personal information provided from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access to personal information is limited to those employees and contractors who have a business need to know the personal information. Passwords and encryption are used. Personal information will only be processed upon instructions from ourselves. Procedures have been put in place to deal with any suspected breach of the requirements under the GDPRs. You and/or the Regulator referred to below will be notified of any potentially significant breach.

13. What happens if you want to complain?

It is hoped that you will not have cause to complain. If you do complaints should be referred to Stuart Mitchell in the first place where possible. In the event that it is not possible or appropriate to refer a complaint to Stuart Mitchell it may be referred to the Regulator, the Information Commissioner’s Office (ICO) whose address is:

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

14. Miscellaneous

• It is not anticipated that any personal information will be transferred outside of the European Union. We will notify you if this position changes.

• We don’t anticipate using automated decision making in relation to the personal information provided.

15. If I have any questions who do I ask?

Please ask the individual with responsibility for dealing with your matter. If this person cannot help or if it is inappropriate to contact him or her then please contact Stuart Mitchell.