About this policy

Hitachi Construction Machinery UK Limited (“HCMUK”) respects individuals rights to data privacy and protection when you communicate (online or offline) with us through our websites, mobile applications, offline programs and events.

HCMUK which operates the website you are visiting or service you are receiving is the Data Controller of any personal information. We may collect personal information, sensitive or special category data in certain situations. We may combine personal information that we collect via one method (e.g., a website) with personal information that we collect via another method (e.g., an offline event). We do this to get a more complete view of our suppliers and consumers, which, in turn, allows us to serve you better and with more customisation.

This privacy policy sets out how we look after your personal data including when you visit our website www.hitachicm.co.uk (regardless of where you visit it from), your privacy rights and how the law protects you. Our website is not intended for children, and we do not knowingly collect data relating to children.

Please read this privacy policy together with any other privacy or fair processing notice we may provide on specific occasions when we are collecting or processing your personal data. This privacy policy supplements the other notices and is not intended to override them. We reserve the right to make changes to our Privacy Notice at any time. Changes will be notified on our website or platform where this Privacy Notice applies or will be communicated to you, prior to the change becoming effective.

Our website may include links to third-party websites, plug-ins and applications which we do not control, and we are not responsible for their privacy statements.

Who this Policy applies to?

This policy applies to you if you are:

A customer: a private individual, sole trader, partnership or a contact at a corporate customer or a prospective customer;
A supplier an independent supplier, sole trader, partnership or a contact at a corporate supplier who provides services to us as a business;
A prospective employee: a job applicant/prospective employee, or a work placement or work experience student;
An interested person: an individual who is not a customer but is interested in our services, updates or events and who may receive updates or attend events, or who makes an enquiry;
A relative of a member of our staff: a close family member or next of kin of a member of our staff, or
A website visitor. a visitor to our website who isn’t in any of the categories above.

 

We encourage you to regularly review this Privacy Notice to make sure you are aware of any changes and how your information may be used. By using our websites, applications or by otherwise giving us your personal information you are accepting the practices described in this Privacy Notice. If you do not agree to this Privacy Notice, please do not use our websites or applications or share any of your personal information with us.

Data protection officer and queries

For the purpose of the UK General Data Protection Regulation (UK GDPR), the data controller is HCMUK, a company incorporated in England with company number 01082975. Our registered office address is Monkton Business Park North, Hebburn, Tyne and Wear, NE31 2JZ.

Telephone +44 (0)191 430 8400
Email dataprotection@hitachicm.co.uk

 

We do not have a data protection officer. For queries, comments or complaints, please contact our Legal & Compliance Department using the contact details above. Where calling, please identify that you have a Data Information enquiry and please mark any correspondence for the attention of the Legal & Compliance Department.

We are entered in the Information Commissioner’s register of data controllers with registration number Z9855873. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

What is “personal information”?

In general, it means any information relating to you, which identifies you or allows you to be identified. That may be your name, an ID number, location, an online identifier or factors specific to you (e.g. physical, physiology (thoughts, feelings), genetic, mental, economic, cultural or social factors).

What is “sensitive personal information”?

Technically known as “special categories” and refers to personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health or data concerning an individual’s sex life or sexual orientation. It can also refer to criminal data such as criminal offences or related security measures, including the alleged commission of offences, proceedings for an offence committed or alleged to have been committed or the disposal of those proceedings, including sentencing.

What is the “UK GDPR”?

We mean the UK GDPR created by UK data protection law (the Data Protection Act 2018) on or after the UK’s exit from the European Union.

Personal Information which we may collect:

Types of personal information Description
Identity Data this includes first name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data this includes postal address, email address and telephone numbers.
Financial Data this includes bank account details.
Transaction Data this includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data this includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
Profile Data this includes purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data this includes information about how you use our website, products and services.
Marketing and Communications Data this includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Employment Data this incudes your employment history, academic qualifications, background checks and information provided in references.

 

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

Criminal convictions

We may only use information relating to criminal convictions where the law allows us to do so. We are allowed to use your personal information in this way for the purpose of our legitimate interest and pursuant to law. This will usually be where such processing is necessary to carry out our obligations and provided, we do so in line with this Privacy Policy.

We envisage that we will hold information about criminal convictions. We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. We will use information about criminal convictions and offences in the following ways: i) For our recruitment activities; and ii) For the provision of our services to any customers.

Summary of our purposes

Here is a summary of the purposes for which we use personal information and the legal bases for our use:

Our purposes Legal basis
To enable us to provide products or services Consent; Contract; Legal obligation; Legitimate interests
To enable us to provide certain financial products and services as part of our normal services Consent; Contract; Legal obligation; Legitimate interests
To enable us to purchase products or services Consent; Contract; Legal obligation; Legitimate interests
To maintain our accounts and records Contract; Legal obligation; Legitimate interests
To promote and advertise our services Consent; Legitimate interests
To support and manage and train our prospective employees (where appropriate) Consent; Contract; Legal obligation; Vital interest; Legitimate interests
To analyse data and produce reports for business planning and management Legitimate interests

 

Legal basis

The following provides a description of each legal basis:

Legal basis Definition
Consent your consent to one or more specific purposes
Contract entering into a contract with you or performing a contract with you
Legal obligation we are required by law to do this
Vital interest to protect yours or another individual’s vital interests (e.g. life or death situation)
Public task we are required to do this because it is required in the public interest
Legitimate interests we have identified this as a legitimate interest of ours or a third party; we consider that use of your personal information is necessary to achieve that legitimate interest; and we have balanced all that against your interests, rights and freedoms.

This may include information to operate and improve our services; manage our relationship with you or provide direct marketing and promoting our services.

 

How we collect personal data

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
    • make an enquiry about, or engage us to provide, our products and services;
    • subscribe to our mailing list, participate or view our webinars or download any publications from our website;
    • request marketing to be sent to you;
    • enter a survey; or
    • provide us with feedback.
  • Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data or Technical Computer Information about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Examples may include your computer’s IP address, operating system type, and web browser type. For mobile device users, the collected information may also include your phone’s unique device ID, or other similar mobile device data. Please see our Cookie Policy for further details.
  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
    • Technical Data from analytics providers such as Google
    • Identity and Contact Data from publicly availably sources such as Companies House or credit reference agencies.

Disclosure of personal data

We may share your personal information with:

  • any member of the HCM group of companies, acting as joint controllers or processors (including any group companies who are based in India, Japan, the USA, Canada, & Europe) and who provide IT and system administration services.
  • Selected third parties as follows:
    • business partners, suppliers and contractors acting as processors (based in the UK or country in which we are providing services to you) who provide IT and system administration services and where required for the performance of any contract we enter into with you.
    • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers (based in the UK or country in which we are providing services to you) who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers (based in the UK or country in which we are providing services to you).
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We may process your personal data or disclose it to third parties, without your knowledge or consent, where this is permitted by law or where we are under a duty to process or disclose your personal data in order to comply with any legal obligation.

Transfers to third countries or HCM Group Companies

We collect machine operating information when you use HCM machines equipped with Global e-Service. Information is shared with HCM Group Companies, including Hitachi Construction Machinery Ltd. (Japan). Applicable information includes CO2 emissions, distance travelled, idling time, fuel consumption levels of machines during work, machine operating hours, machine geolocation information. We collect, use and store your personal contact data for the purpose of performing our contract that we have with you or where relevant with the owner of the HCM machine.

The Global e-Service system is hosted in Japan. All transfers of personal data from the UK/EU to Japan are covered by an adequacy decision. We are joint controllers of this information with HCM distributors, dealers and corporate owners of HCM machines (e.g. your employer, your rental company). We share information with them to allow us and them to better understand how our machines are used and for instance when maintenance actions are needed. You can obtain the essence our joint controller arrangement with them by using the contact details set out in this policy.

We will also share this information with HCM affiliates as necessary to provide the contemplated Global e-Service services equipping our HCM machines. Information will also be shared with third party service providers, who will process it on our behalf for the purposes identified above. In particular, service providers of data hosting, cloud computing capabilities, testing, debugging, error reporting, and usage analytics, as well as suppliers of mobile telecommunication services that may include cellular, satellite, and other wireless communication services used to collect information about the machines.

CCTV

The Company records CCTV at our premises for the purpose of crime prevention, security and health and safety. Areas covered by CCTV are clearly sign posted. Images are retained for a minimal amount of time. After which images are disposed of in line with the Company’s CCTV and Document Retention policies.

How Do We Protect Your Data?

We take all necessary technical and organisational measures to protect the confidentiality and security of your personal information which we collect. Including; storing personal information in secure operating environments that are not available to the public and that are only accessible to authorized HCMUK employees, service providers/agents and those with whom we have contracts; using industry-standard SSL/TLS encryption (or similar) to protect the security of certain sensitive personal information (such as credit card information, health or patient information) during transmission, and, verifying the identities in relation to subject access requests.

How long do we keep your personal information?

We may store the personal information through the various methods described in this Privacy Notice in our databases such as our Customer Relationship database. We will only keep your personal information for as long as it is reasonably necessary taking into consideration our need to answer queries or resolve problems, provide improved and new services and comply with legal requirements under applicable law(s).

This means that we may retain your personal information for a reasonable period after you stop using our services (including our website or applications). After this period, your personal information will be removed from our systems. We remind you that you have a right to have your personal information deleted at any time.

Rights of a Data Subject

The Company has put in place processes to enable data subjects to exercise their legal rights and provide information requested by a Data Subject pursuant to their rights under the UK GDPR without undue delay and, in any event, within one month of receipt of a request. This period may be extended by a further two months, if for example there are a number of requests made or a request is particularly complex.

As Data Subject you have the following rights under the UK GDPR:

  • right of access to personal data and certain other information;
  • a right to have any personal data which we hold, which is inaccurate rectified;
  • right to have incomplete personal data completed;

In certain circumstances:

  • a right to have personal data erased, including where the personal data is no longer necessary for the purposes for which it was collected or processed , or if the personal data has been unlawfully processed;
  • a right for the processing of personal data to be restricted, including where a data subject contests the accuracy of the personal data held about them, or if the processing of their personal data is unlawful;
  • the right to receive the personal data in a portable format that can be transmitted to another data controller without hindrance;
  • the right to object to certain types of processing, profiling and processing for direct marketing purposes; and
  • the right not to be subject to a decision which is based solely on automated processing and which produces a legal effect which significantly affects the Data Subject, for example, where we make a processing decision based on an individual’s age or on the postcode in which they live.

Risks

Negative brand image

Information technology

Cyber breach / ransomware attack

Economic, Political and social risk

UK GDPR

How to raise concerns

Privacy Notice

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of HCMUK’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to dataprotection@hitachicm.co.uk.

We endeavour to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about data usage very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

References

https://ico.org.uk/

Document Retention policy

CCTV Policy

Data Protection Policy

Hitachi Used Construction Machinery (UK)

digger