Hitachi Construction Machinery UK Limited (“HCMUK”) respects individuals rights to data privacy and protection when you communicate (online or offline) with us through our websites, mobile applications, offline programs and events.
HCMUK which operates the website you are visiting or service you are receiving is the Data Controller of any personal information. We may collect personal information, sensitive or special category data in certain situations. We may combine personal information that we collect via one method (e.g., a website) with personal information that we collect via another method (e.g., an offline event). We do this to get a more complete view of our suppliers and consumers, which, in turn, allows us to serve you better and with more customisation.
This privacy policy sets out how we look after your personal data including when you visit our website www.hitachicm.co.uk (regardless of where you visit it from), your privacy rights and how the law protects you. Our website is not intended for children, and we do not knowingly collect data relating to children.
Please read this privacy policy together with any other privacy or fair processing notice we may provide on specific occasions when we are collecting or processing your personal data. This privacy policy supplements the other notices and is not intended to override them. We reserve the right to make changes to our Privacy Notice at any time. Changes will be notified on our website or platform where this Privacy Notice applies or will be communicated to you, prior to the change becoming effective.
Our website may include links to third-party websites, plug-ins and applications which we do not control, and we are not responsible for their privacy statements.
This policy applies to you if you are:
A customer: | a private individual, sole trader, partnership or a contact at a corporate customer or a prospective customer; |
A supplier | an independent supplier, sole trader, partnership or a contact at a corporate supplier who provides services to us as a business; |
A prospective employee: | a job applicant/prospective employee, or a work placement or work experience student; |
An interested person: | an individual who is not a customer but is interested in our services, updates or events and who may receive updates or attend events, or who makes an enquiry; |
A relative of a member of our staff: | a close family member or next of kin of a member of our staff, or |
A website visitor. | a visitor to our website who isn’t in any of the categories above. |
We encourage you to regularly review this Privacy Notice to make sure you are aware of any changes and how your information may be used. By using our websites, applications or by otherwise giving us your personal information you are accepting the practices described in this Privacy Notice. If you do not agree to this Privacy Notice, please do not use our websites or applications or share any of your personal information with us.
Data protection officer and queries
For the purpose of the UK General Data Protection Regulation (UK GDPR), the data controller is HCMUK, a company incorporated in England with company number 01082975. Our registered office address is Monkton Business Park North, Hebburn, Tyne and Wear, NE31 2JZ.
Telephone | +44 (0)191 430 8400 |
dataprotection@hitachicm.co.uk |
We do not have a data protection officer. For queries, comments or complaints, please contact our Legal & Compliance Department using the contact details above. Where calling, please identify that you have a Data Information enquiry and please mark any correspondence for the attention of the Legal & Compliance Department.
We are entered in the Information Commissioner’s register of data controllers with registration number Z9855873. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
What is “personal information”?
In general, it means any information relating to you, which identifies you or allows you to be identified. That may be your name, an ID number, location, an online identifier or factors specific to you (e.g. physical, physiology (thoughts, feelings), genetic, mental, economic, cultural or social factors).
What is “sensitive personal information”?
Technically known as “special categories” and refers to personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health or data concerning an individual’s sex life or sexual orientation. It can also refer to criminal data such as criminal offences or related security measures, including the alleged commission of offences, proceedings for an offence committed or alleged to have been committed or the disposal of those proceedings, including sentencing.
We mean the UK GDPR created by UK data protection law (the Data Protection Act 2018) on or after the UK’s exit from the European Union.
Personal Information which we may collect:
Types of personal information | Description |
Identity Data | this includes first name, last name, username or similar identifier, marital status, title, date of birth and gender. |
Contact Data | this includes postal address, email address and telephone numbers. |
Financial Data | this includes bank account details. |
Transaction Data | this includes details about payments to and from you and other details of products and services you have purchased from us. |
Technical Data | this includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. |
Profile Data | this includes purchases or orders made by you, your interests, preferences, feedback and survey responses. |
Usage Data | this includes information about how you use our website, products and services. |
Marketing and Communications Data | this includes your preferences in receiving marketing from us and our third parties and your communication preferences. |
Employment Data | this incudes your employment history, academic qualifications, background checks and information provided in references. |
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
Criminal convictions
We may only use information relating to criminal convictions where the law allows us to do so. We are allowed to use your personal information in this way for the purpose of our legitimate interest and pursuant to law. This will usually be where such processing is necessary to carry out our obligations and provided, we do so in line with this Privacy Policy.
We envisage that we will hold information about criminal convictions. We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. We will use information about criminal convictions and offences in the following ways: i) For our recruitment activities; and ii) For the provision of our services to any customers.
Here is a summary of the purposes for which we use personal information and the legal bases for our use:
Our purposes | Legal basis |
To enable us to provide products or services | Consent; Contract; Legal obligation; Legitimate interests |
To enable us to provide certain financial products and services as part of our normal services | Consent; Contract; Legal obligation; Legitimate interests |
To enable us to purchase products or services | Consent; Contract; Legal obligation; Legitimate interests |
To maintain our accounts and records | Contract; Legal obligation; Legitimate interests |
To promote and advertise our services | Consent; Legitimate interests |
To support and manage and train our prospective employees (where appropriate) | Consent; Contract; Legal obligation; Vital interest; Legitimate interests |
To analyse data and produce reports for business planning and management | Legitimate interests |
The following provides a description of each legal basis:
Legal basis | Definition |
Consent | your consent to one or more specific purposes |
Contract | entering into a contract with you or performing a contract with you |
Legal obligation | we are required by law to do this |
Vital interest | to protect yours or another individual’s vital interests (e.g. life or death situation) |
Public task | we are required to do this because it is required in the public interest |
Legitimate interests | we have identified this as a legitimate interest of ours or a third party; we consider that use of your personal information is necessary to achieve that legitimate interest; and we have balanced all that against your interests, rights and freedoms.
This may include information to operate and improve our services; manage our relationship with you or provide direct marketing and promoting our services. |
We use different methods to collect data from and about you including through:
Disclosure of personal data
We may share your personal information with:
We may process your personal data or disclose it to third parties, without your knowledge or consent, where this is permitted by law or where we are under a duty to process or disclose your personal data in order to comply with any legal obligation.
Transfers to third countries or HCM Group Companies
We collect machine operating information when you use HCM machines equipped with Global e-Service. Information is shared with HCM Group Companies, including Hitachi Construction Machinery Ltd. (Japan). Applicable information includes CO2 emissions, distance travelled, idling time, fuel consumption levels of machines during work, machine operating hours, machine geolocation information. We collect, use and store your personal contact data for the purpose of performing our contract that we have with you or where relevant with the owner of the HCM machine.
The Global e-Service system is hosted in Japan. All transfers of personal data from the UK/EU to Japan are covered by an adequacy decision. We are joint controllers of this information with HCM distributors, dealers and corporate owners of HCM machines (e.g. your employer, your rental company). We share information with them to allow us and them to better understand how our machines are used and for instance when maintenance actions are needed. You can obtain the essence our joint controller arrangement with them by using the contact details set out in this policy.
We will also share this information with HCM affiliates as necessary to provide the contemplated Global e-Service services equipping our HCM machines. Information will also be shared with third party service providers, who will process it on our behalf for the purposes identified above. In particular, service providers of data hosting, cloud computing capabilities, testing, debugging, error reporting, and usage analytics, as well as suppliers of mobile telecommunication services that may include cellular, satellite, and other wireless communication services used to collect information about the machines.
The Company records CCTV at our premises for the purpose of crime prevention, security and health and safety. Areas covered by CCTV are clearly sign posted. Images are retained for a minimal amount of time. After which images are disposed of in line with the Company’s CCTV and Document Retention policies.
We take all necessary technical and organisational measures to protect the confidentiality and security of your personal information which we collect. Including; storing personal information in secure operating environments that are not available to the public and that are only accessible to authorized HCMUK employees, service providers/agents and those with whom we have contracts; using industry-standard SSL/TLS encryption (or similar) to protect the security of certain sensitive personal information (such as credit card information, health or patient information) during transmission, and, verifying the identities in relation to subject access requests.
How long do we keep your personal information?
We may store the personal information through the various methods described in this Privacy Notice in our databases such as our Customer Relationship database. We will only keep your personal information for as long as it is reasonably necessary taking into consideration our need to answer queries or resolve problems, provide improved and new services and comply with legal requirements under applicable law(s).
This means that we may retain your personal information for a reasonable period after you stop using our services (including our website or applications). After this period, your personal information will be removed from our systems. We remind you that you have a right to have your personal information deleted at any time.
The Company has put in place processes to enable data subjects to exercise their legal rights and provide information requested by a Data Subject pursuant to their rights under the UK GDPR without undue delay and, in any event, within one month of receipt of a request. This period may be extended by a further two months, if for example there are a number of requests made or a request is particularly complex.
As Data Subject you have the following rights under the UK GDPR:
In certain circumstances:
Risks
Negative brand image
Information technology
Cyber breach / ransomware attack
Economic, Political and social risk
UK GDPR
How to raise concerns
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of HCMUK’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to dataprotection@hitachicm.co.uk.
We endeavour to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about data usage very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
References
Document Retention policy
CCTV Policy
Data Protection Policy