Privacy Policy
1. Introduction
This Privacy Policy explains in detail the types of personal data and the manner in which HYDROP E.C.S. LTD collects, uses, maintains and discloses information, which is collected when you provide us with your permission and when you engage in our services. It also explains how we will store and handle that data and keep it safe. The policy is the basis for our commitment to, and compliance with the requirements of the General Data Protection Regulations, which are in force from 25th May 2018, and the Data Protection Act (as amended).
2. Definitions
Personal data
The UK GDPR applies to ‘personal data’, meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
This includes a wide range of personal identifiers, which constitute as personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
The UK GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
Personal data that has been pseudonymised (e.g. key-coded) can fall within the scope of the UK GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
For the purpose of the policy, HYDROP E.C.S. LTD is the data controller.
We are the data controller for the purpose of data protection law, in respect of your personal information collected and used through your use of the products and services that we provide or your other interactions with us, including through our website. We are the data controller because we determine the purpose for which your personal information is used and how we use your personal information.
References to we, us or our means HYDROP E.C.S. LTD and references to you or your means the person whose personal information that we collect, use and process. This includes anyone who contacts us in connection with the services we provide or otherwise interacts with us.
3. How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data we store.
4. Third party websites
Users may find other content on our website that links to the sites and services of our Certification Bodies, Accreditation Bodies, social media providers through our profile link or other third parties through any news items we may post on our site. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to, or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website's own terms and policies.
5. What personal information do we collect about you?
We collect and use personal information about you in the course of providing our services.
The personal information we collect includes information that you provide to us, which may consist of the following:
| Type of Personal Information |
Examples |
| General |
| Contact information |
Name, address, email and telephone number, name and contact details for your next of kin or other family members (for our employees) |
| General information |
Gender and date of birth |
|
| Financial |
| Financial information and account details |
Bank account number, or other financial account number and account details |
|
| Order History |
| Order and quotation history |
Information regarding the services that we provide to you, as well as with proposals we have made for you, following your request for a quotation |
|
| Marketing Preferences |
| Marketing preferences, marketing activities and customer feedback |
Marketing preferences, to provide you with updates regarding our products and services (including our newsletter) |
|
This information may be provided:
- by filling in forms, including those on our Website;
- when you carry out transactions with us;
- when you communicate with us (including by telephone, email and SMS);
- when you use our services;
- if you report a problem with our services;
- when you apply for a vacancy with us; and
- when you become part of our team as an employee.
Information we collect from you
| Type of Information |
Method of data collection |
Examples |
| Technical information |
Through your internet browser or electronic device |
Certain information is collected by most websites or automatically through your electronic device, such as your IP address (i.e. your computer’s address on the internet), screen resolution, operating system type (Windows or Mac) and version, internet browser type and version, electronic device manufacturer and model, language, time of the visit, pages visited, and the name and version of the services (such as the App) you are using. We use this information to ensure that the services function properly. |
| Technical information |
Through your use of an App |
When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your electronic device accesses our servers and what information and files have been downloaded to the App based on your device number. We may also need to access external storage for logs, location access for beacon identification, access to photos media and files and Bluetooth connection information. |
| Technical information |
Using cookies and online tracking |
Cookies are pieces of information stored directly on the device you are using. Cookies allow us to recognise your device and to collect information such as internet browser type, time spent using the Website, pages visited, language preferences and relevant country website. For more detailed information about the cookie and tracking technology we use, see the Web browser cookies section below. |
Information we receive from other sources:
- lead information from third parties regarding your interest in our services;
- information we obtain from publicly-available sources, such as Facebook or LinkedIn, and;
- information from recruitment agencies for potential candidates.
6. How do we use the personal information we collect about you?
We use your personal information in connection with the provision of our services to you. In particular, your personal information may be used by us, our employees, service providers, and disclosed to third parties for the following purposes. For each of these purposes, we have set out the legal basis on which we use your personal information.
| Purpose |
Legal Basis
The processing below is carried out for HYDROP E.C.S. LTD's legitimate business purposes because: |
| To carry out our obligations arising from any contracts entered into between you and us and to provide you with the services |
it is necessary for the performance of a contract between you and us. For example, the use of personal data to enable the provisions of services or to process payment information from you for our services. |
| To sell and supply our services |
it is provided with your request for quotations and subsequently your order to supply our services. |
| To notify you about changes to our services |
it enables us to provide you with service communications regarding our services. |
| To improve the quality of our services |
it helps to evolve HYDROP E.C.S. LTD's commercial aims and objectives and enables us to improve our services. |
| To manage complaints, feedback and queries |
it helps to evolve HYDROP E.C.S. LTD's commercial aims and objectives, it helps us monitor our quality performance with regards to our quality policy and procedures, which are certified to international quality standards ISO 9001:2015 and accredited to international quality standard ISO/IEC 17020:2012 for Legionella risk assessments, it allows us to respond to complaints, feedback and queries and enables us to improve our services. |
| To carry out satisfaction surveys, market research and analysis |
it helps to evolve the HYDROP E.C.S. LTD's commercial aims and objectives and enables us to improve our services. |
| To provide you with information about the services we offer (including details of services which we believe may be of interest to you) in accordance with your preferences as indicated when you entered into any agreement with us, including any marketing consent preferences |
of the consent given by you through our opt-in option in our email communication. This helps to evolve HYDROP E.C.S. LTD's commercial aims and objectives and enables HYDROP E.C.S. LTD to communicate with you about future services. We may also communicate with you to perform any contractual obligations in relation to the provision of the past and current services.
We keep a record of how and when you gave us your consent. |
| To comply with any legal or regulatory obligations (including in connection with a court order in the unlikely event) |
it is necessary for us to comply with the law. |
| To enforce or apply the agreements concerning you (including agreements between you and us) |
it is necessary in order to conduct and manage our business, depending on the circumstances, or in connection with legal proceedings (i.e. the establishment, exercise or defence of legal claims in the unlikely event). |
| To satisfy our legal obligations for employee taxation, to disclose employee salary details to HMRC and to our accountants |
it is necessary for us to comply with the law. |
7. Managing consent
Our procedures for achieving the principles below are contained within this Policy:
- We regularly review consents to check that the relationship, the processing and the purposes have not changed.
- We have processes in place to refresh consent at appropriate intervals.
- We make it easy for individuals to withdraw their consent at any time and publicise how to do so.
- We act on withdrawals of consent as soon as we can.
- We don’t penalise individuals who wish to withdraw consent.
8. Who may we disclose your personal information to?
Sharing your personal information
We do not sell, trade, or rent your personal data to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors to and users of our website with our business partners, trusted affiliates and advertisers for the purposes outlined in the How do we use the personal information we collect about you? section above.
You agree that we may share your personal information with:
| Type of third party |
Examples |
| General |
| Our service providers and business partners |
Including ILM and City & Guilds (for our accredited training), and our Certification Body BSi and Accreditation Body UKAS (for demonstrating our compliance to the related standards and for monitoring performance against our Quality and Environmental targets). |
| Our professional advisers |
Including accountants, health and safety advisors, lawyers and other professional advisers that assist us in carrying out our business activities. |
| Our marketing communication platform providers |
Including, for example, Mailchimp |
|
| Law Enforcement and Regulation |
| Police and law enforcement agencies |
We may share personal information with the police and other law enforcement agencies in connection with the prevention and detection of crime |
| Regulatory bodies |
We may share personal information with third parties in the unlikely event, if we are under a duty to disclose or share your personal information in order to comply with any legal obligation or instructions of a regulatory body (including in connection with a court order), or in order to enforce or apply the terms of any agreements we have with or otherwise concerning you (including agreements between you and us) or to protect our rights, property or safety of our clients, employees or other third parties. |
|
We may also disclose your personal information to other third parties, for example:
- in the event that we sell or buy any business or assets we will disclose your personal information to the prospective seller or buyer of such business or assets;
- if we, or substantially all of our assets are acquired by a third party (personal information held by us will be one of the transferred assets); and
- if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply an agreement that we have entered into with you.
9. Where will we transfer your personal information?
If we transfer personal information outside the European Economic Area (EEA), we will implement appropriate and suitable safeguards to ensure that such data will be protected as required by applicable data protection law.
If we transfer personal information outside the EEA we will take reasonable steps to ensure that such information will be adequately protected, as required by applicable data protection law.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the website and any transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to try to prevent unauthorised access.
10. How long will we keep your personal information?
We will hold onto your information for as long as required to either continue the business relationship or for as long as you wish to be provided with our services or marketing information. We may also be required to keep details in order that we can fulfil our legal accounting and health and safety obligations. We may need to hold onto the information for longer in cases where you may have dealt with our customer care team and the information is required until the issue is resolved.
If it is reasonably-necessary, we may also be required to retain data to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
11. Your rights
You have certain rights with respect to your personal information. The rights may only apply in certain circumstances and are subject to certain exemptions. Please see the table below for a summary of your rights. You can exercise these rights using the contact details below.
| Right |
Summary of your rights
(please contact us though the details at the end of the policy): |
| Right of access to your personal information |
Subject access request.
You have the right to receive a copy of the personal information that we hold about you, subject to certain exemptions. We may also require further information in order to respond to your request (for instance, evidence of your identity and information to enable us to locate the specific personal information you require).
Is there a charge for satisfying a subject access request?
In most cases we will not charge a fee to comply with a subject access request. However, where the request is manifestly unfounded or excessive we may charge a “reasonable fee” for the administrative costs of complying with the request. We may also charge a reasonable fee if an individual requests further copies of their data following a request. We will base the fee only on the administrative costs of providing further copies.
How long do we have to satisfying a subject access request?
We commit to acting on the subject access request without undue delay and at the latest within one month of receipt. We will calculate the time limit from the day after we receive the request (whether the day after is a working day or not) until the corresponding calendar date in the next month.
|
| Right to rectify your personal information |
You have the right to ask us to correct your personal information that we hold where it is incorrect or incomplete. |
| Right to withdraw consent |
You have the right to withdraw your consent at any time where we rely on consent to use your personal information. |
| Right to complain to the relevant data protection authority |
You have the right to complain to the relevant data protection authority, which is, in the case of HYDROP E.C.S. LTD, the Information Commissioner's Office, where you think we have not used your personal information in accordance with data protection law. |
| Right to erasure of your personal information |
You have the right to ask that your personal information be deleted in certain circumstances. For example; where your personal information is no longer necessary in relation to the purposes for which they were collected or otherwise used; if you withdraw your consent and there is no other legal ground for which we rely on for the continued use of your personal information; if you object to the use of your personal information (as set out above); if we have used your personal information unlawfully; or if your personal information needs to be erased to comply with our legal obligations. We may still be able to use your personal information to fulfil any legal obligations we may have and for the establishment, exercise or defence of legal claims. We will act on applicable requests to erase your data within the time required by UK GDPR. We will record and keep a log of the requests and details of the type of information and when we deleted it. |
| Right to restrict the use of your personal information |
You have the right to suspend our use of your personal information in certain circumstances. For example; where you think your personal information is inaccurate and only for such period to enable us to verify the accuracy of your personal information; the use of your personal information is unlawful and you oppose the erasure of your personal information and request that it is suspended instead; we no longer need your personal information, but your personal information is required by you for the establishment, exercise or defence of legal claims; or you have objected to the use of your personal information (as set out below) and we are verifying whether our grounds for the use of your personal information override your objection. |
| Right to data portability |
You have the right to obtain your personal information in a structured, commonly used and machine-readable format and for it to be transferred to another organisation, where it is technically feasible. The right only applies where the use of your personal information is based on your consent or for the performance of a contract, and when the use of your personal information is carried out by automated (i.e. electronic) means. |
| Right to object to the use of your personal information |
You have the right to object to the use of your personal information in certain circumstances. For example; where you have grounds relating to your particular situation and we use your personal information for our legitimate interests (or those of a third party). |
If we are processing your data on the basis of a legal obligation, you do not have a right to erasure, a right to data portability, or a right to object.
12. Protecting your personal information
Your privacy is very important to HYDROP E.C.S. LTD, and we take all the necessary measures to ensure your personal information is properly protected and secured. This includes having appropriate technical and organisational arrangements to secure your information, such as 3-tier password protection for electronic data and robust physical security systems for hard-copy data. Full details are contained within our confidentiality agreement that we enter into with all our employees, “HYDROP E.C.S. LTD Confidentiality Agreement” and within our Quality Process “Control of Records - HYP023”. We maintain suitable data back-up systems to protect against accidental loss, destruction or damage of data, which are detailed within our Quality Procedure “Electronic Data Back-Up Procedure - HYP036”. HYDROP E.C.S. LTD will never send an unsolicited message asking you to provide your password, financial details or other sensitive information by email or through a link.
13. Data breaches
What is a personal data breach?
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.
We monitor our data processing systems to detect any breaches though our Quality Procedure for Internal Auditing. We will notify the ICO of a breach where it is likely to result in a risk to the rights and freedoms of individuals – if, for example, it could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. We commit to do this within 72 hours of becoming aware of the breach, where feasible.
Where a breach is likely to result in a high risk to the rights and freedoms of individuals, we will also inform those concerned directly as is applicable and necessary.
In addition, we will investigate any breaches through our Quality Procedure “Non-Conformities and Corrective Action – HYP0025”. We will establish the route cause and consider the impacts, then plan and manage the implementation of corrective action.
We will also include any breaches in our Management Reviews to ensure these are known and considered by our most senior personnel.
14. Data Protection Impact Assessments
We will conduct a Data Protection Impact Assessment (DPIA) in situations where data processing is likely to result in high risk to individuals, for example:
- where a new technology is being deployed for processing our data
If a DPIA indicates that the data processing is high risk, and we cannot sufficiently address the risk, we will consult the ICO to seek its opinion as to whether the processing operation complies with the UK GDPR.
15. Web browser cookies
Our Site may use "cookies" to enhance User experience. User's web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. A User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, some parts of the Site may not function properly.
16. Changes to this privacy policy
HYDROP E.C.S. LTD has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect.
17. Contacting us
If you have any questions about this Privacy Policy, to make a Subject Access Request, or for any of the other requests detailed above, please contact our Data Protection Officer, Mario Koumi, at:
- Wrens Court
- 55 Lower Queen Street
- Sutton Coldfield
- West Midlands
- B72 1RT
-
- 0121 354 2030
- 0121 314 3494
mario@hydrop.com
HYDROP E.C.S. LTD (www.hydrop.com)
This document was last updated on November 21st, 2024