Hanson privacy policy
Hanson UK, being the entities listed in section 8 below, ("we", "Hanson") and our group are committed to protecting and respecting your privacy. This policy sets out: (i) the types of information we collect about you; where we collect information from; (iii) where your information is stored; (iv) the basis on which any personal data we collect from you, or that you provide to us, will be processed by us; (v) how long we keep your information for; and (vi) your rights in relation to the processing of your personal data. Please note any other use of our website is subject to our terms of use https://www.hanson.co.uk/en/terms-and-conditions-of-use-policy.
This policy applies to any personal data we collect about you when you:
- use any of our websites set out in section 9 below;
- use any of our apps;
- use of any of our IT systems, including messaging and collaboration platforms ("IT Systems");
- contact us or when we contact you;
- apply for one of our vacancies;
- purchase goods or services from us;
- provide services or goods to us (where, for example, you are a sole trader, partnership or where you are providing services or goods on behalf of your employer/contractor); and/or
- visit our sites.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.The details of the applicable data controller depending on which area of Hanson UK you are dealing with are set out in section 8 at the end of this policy.
If you have any questions, comments or requests regarding our data processing practices, please contact the Hanson Legal Team in writing at either Hanson UK, Hanson House, 14 Castle Hill, Maidenhead, SL6 4JJ or by email at heidelberg.compliance@hanson.com.
-
1. INFORMATION WE MAY COLLECT ABOUT YOU
1.
INFORMATION WE MAY COLLECT ABOUT YOU
We collect and process the following information about you in the following circumstances:
1.1 Information you give us: This is information about you that you give to us by filling in forms on our websites, our apps or when you join or use our IT Systems, or by corresponding with us by phone, face-to-face, e-mail or otherwise. This includes information that you provide when you send an enquiry via our websites, register to receive updates or access our online library, register to use our apps or IT Systems, register for our Academy, use our interactive "tech-talk" feature, post material in our "Ask Hanson" technical forum, sign up to receive our company newsletter, place an order for our goods and/or services, enter any of our promotions or competitions, report issues or complaints to us, submit job applications or your CV to us (including completing psychometric tests), when you sign in at reception on one of our sites and/or when you provide us with contact details or other details in respect of any goods and/or services you may be providing to Hanson. The information you give us may include your name, address, date of birth, e-mail address, phone number, user-name and password, details of any comments or feedback that you provide to us, financial and credit card information, details of your training and competencies in respect of providing services to us, location, photo (voluntary), present status, message content, email content and time stamp and your response to any meeting request sent to you through the IT systems; in the context of our customer relationship management you may also share with us your date of birth, membership in professional groups, family members, anniversaries, hobbies and special interests. Other information you give us may include feedback regarding our services, our websites, our apps, or our sites, and responses to surveys and/or market research (although you do not have to respond to such surveys or requests). We may also collect and process records of any correspondence and communications with us in whatever format you send these to us. Inbound and outbound telephone calls may also be recorded.
1.2 Information we collect about you: We may collect the following information about you:
1.2.1 details of your visits to our websites or use of our apps including, but not limited to, the Internet Protocol (IP) address used to connect your computer to the internet, MAC addresses, traffic data, location data, your login information, time-zone setting browser type and version, browser plug-in types and versions, operating system and platform, weblogs, information collected by cookies, and other communication data, and the resources that you access. For more information please see our Cookie Policy; 1.2.2 information about your use of the IT systems including, but not limited to your activities, shared files in 1 to 1 chat, Team users or Skype for Business users, membership in which teams, posts in the teams, shared files in the teams, file last changed, files modified, articles liked, comments posted, whether you have joined or left a team, calls (name, number, date, time), voicemail, recording , participation in meetings, videos, survey responses, history (who called and when), planner details and when you were last online. 1.2.3 information about your visits to our sites, including CCTV images; 1.2.4 information about your calls to our contact centre, including a recording of such call and information about your orders for goods or services; 1.2.5 information about services or goods that you provide to us including, for example, in connection with accidents or incidents as part of the service delivery; 1.2.6 information about your buying habits and patterns when you purchase goods from us. 1.3 Information we receive from other sources: We may receive information about you from other sources including when we use third party providers to assist us with financial verification checks when you are seeking to open a credit account with us and/or from third party vendors if we use customer lists from such third parties and from other third parties who work with us in connection with our goods or services. We also receive information from third party registers of suppliers where it is a condition of our contract with your employer (for example, to ensure that our supplier has appropriate insurance) when you are involved in the provision of goods or services to us. Third-party service providers may, without limitation, be appointed to run survey campaigns. We may also receive information about you where we request references (for example, where you are applying for a vacancy with Hanson). 1.4 Call recording and call monitoring: Please note that telephone calls into and out of our contact centres are recorded and may also be monitored live for the purposes of training and verifying your order. We record and monitor telephone calls where this is necessary for entering into a contract, or negotiating a contract, with you, or for our legitimate business interests, as detailed further below. Call recordings are retained for up to 6 years for evidential purposes. We will also notify you of call recording at the time via a message given at the start of the call unless i) you are calling from a mobile phone number, in which case you will only receive the notification message on your first call of the day from your mobile number but subsequent calls to your mobile number on that same day will also be recorded; or ii) you are a driver providing haulage services to Hanson, in which case due to the large number of calls our agents make to you in any day, then on any outbound call to you from our agent you will not receive the notification of call recording message but your call will be recorded; you will receive the notification of call recording message on all inbound calls. 1.5 CCTV and photographs/image recording: Please note that CCTV and other image capturing devices are used across our sites and that your image may be captured by CCTV when you visit one of our sites. Some of our vehicles also use dashboard CCTV devices and your image may also be captured when you come into contact with one of our vehicles. We may also take photographs or record images of visitors to our sites on our site open days for publicity purposes. You have the right to object to having your photograph or image taken, at any time. -
2. WHERE WE STORE YOUR INFORMATION
2. WHERE WE STORE YOUR INFORMATION 2.1 All information you provide to us is stored on our secure servers, or those of our group or those of our service providers, within the European Economic Area ("EEA"). 2.2 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, apps and IT Systems (as applicable), you are responsible for keeping this password confidential. We ask you not to share a password with anyone. 2.3 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our websites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, including keeping security patches up to date wherever possible, and by constantly investigating new ways to keep data secure. 2.4 The data that we collect from you may occasionally be transferred to, and stored at, a destination outside the EEA, We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy, including putting in place any ICO approved contract clauses for such a situation. 2.4.1 a data sharing agreement in place between Hanson's relevant group companies which protects your personal data. -
3. HOW WE USE YOUR INFORMATION
3. HOW WE USE YOUR INFORMATION 3.1 We use information held about you in the following ways: 3.1.1 to provide you with information that you request from us or which we feel may interest you. We may, on occasion and, where appropriate where you have consented, send you marketing information by email or post. This can include notifications about the launch of new goods, competitions, offers or other relevant news articles that you might find interesting. If you would like to stop receiving such information from us, please click on the "unsubscribe" link in any such emails that we send to you, or use the contact details at the beginning of this policy; 3.1.2 to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, goods and services that you request from us including in setting up credit accounts, in relation to our rights under any such contracts and also to contact you via phone calls, text messages or emails regarding the goods we are delivering to you and the progress of your delivery; 3.1.3 in the case of call recordings, to train our staff, monitor staff performance and verify your order, for our legitimate business interests; 3.1.4 to carry out our obligations arising from any contracts entered into between you and us where you are providing goods and/or services to us including in setting up a vendor account on our system to enable us to pay you, in relation to our rights under any such contracts and also to contact you via phone calls, text messages, emails or otherwise through our IT Systems where you are a member of a messaging Team, regarding the goods and/or services you delivering to us and the progress of your delivery or otherwise; 3.1.5 to allow you to participate in interactive features on our websites, our apps, IT systems and in relation to our services, when you choose to do so; 3.1.6 to notify you about changes to our services and goods; 3.1.7 to provide customer support; 3.1.8 to ensure that content from our websites, our apps and our IT systems is presented in the most effective manner for you and for your computer; 3.1.9 to review your CV and suitability for a role; 3.1.10 to manage the services/goods that you are delivering to Hanson, for example to sign you in when you visit our site or to manage the goods you are delivering for Hanson, for example if you are a haulier and delivering our goods on our behalf to our customers (in which case, your name will appear on our delivery tickets); 3.1.11 to allow us to open a credit account for you (for example, by running financial and security checks (in particular in relation to trade sanctions)); 3.1.12 to administer our websites, our apps and IT systems and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; 3.1.13 to improve our websites, our apps and IT systems to ensure that content is presented in the most effective manner for you and for your computer; 3.1.14 to enhance our websites, our apps and IT systems, and the customer service experience generally (for example, through call recording) to ensure you receive a personalised and continuously improving customer service; 3.1.15 to improve our processes and procedures, including training of our staff to improve our service to you; 3.1.16 to allow you to participate in interactive features of our websites, our apps and IT systems, when you choose to do so; 3.1.17 as part of our efforts to keep our sites and vehicles safe and secure and to improve our processes (for example, through the use of CCTV, dashboard CCTV and any other relevant image recording, and through incident reporting); 3.1.18 to analyse your spending and buying habits when purchasing goods from us to improve our own goods and services; 3.1.19 to measure, understand or monitor the effectiveness of advertising, promotions, marketing material and content and any joint initiatives with our affiliates, suppliers, partners, subcontractors and other selected third parties; 3.1.20 to make suggestions and recommendations to you and other users of our websites, our apps and IT systems or services about goods or services that may interest you or them; 3.1.21 to comply with our legal and regulatory obligations and for the purposes of assisting with the prevention and detection of crime; 3.1.22 to demonstrate and publicise our commitment to local communities and the environment by inviting local residents to visit our site open days and publishing photographs or releasing images of these events; and 3.1.23 to enable smooth cooperation, communication and joint working of distributed teams; for user identification and ensuring authorised access to our IT Systems. -
4. USING YOUR INFORMATION IN ACCORDANCE WITH DATA PROTECTION LAWS
4. USING YOUR INFORMATION IN ACCORDANCE WITH DATA PROTECTION LAWS 4.1 Data protection laws, including the Data Protection Act 2018 and the European Union General Data Protection Regulation 2016 as retained by the UK post Brexit (the “UK GDPR”) as supplemented in the Data Protection Act 2018, require that we meet certain conditions before we are allowed to use your data in the manner described in this privacy policy. To use your personal data, we will rely on four conditions, depending on the activities we are carrying out: 4.1.1 Compliance with legal obligations: We may need to process your personal data to comply with our regulatory and statutory obligations, for example when you enter our sites in the context of health and safety, or where required to assist with the prevention and detection of crime. Failure to provide the requisite personal information on sign-in at one of our sites will unfortunately mean that you will be unable to remain on the relevant site, as we must have clarity over who is on our sites at any one time. You will not be able to object to this processing or ask for the deletion of your personal information insofar as it falls under this category. 4.1.2 Necessary for the entry into / performance of a contract: When you enter into a transaction with us, a contract between you and us will have been entered into. In order for us to fulfil our obligations under such contract (e.g. to allow you to place an order for goods), we will need to collect, process and share (as further detailed below) your personal information. Failure to provide the requisite personal information when placing your order and financial information on entering into the transaction or objecting to this type of processing / exercising your deletion rights will unfortunately mean we cannot provide our goods and/or services to you. 4.1.3 Consent: We may, on occasion, send you marketing messages by email and post about us and our events and offers where you have not unsubscribed and where you have purchased goods or services from us, or where you have otherwise consented.If you are not a customer of ours but have provided us with consent to use your details for marketing purposes, then we may also contact you about our events, goods and services.
If and as far as you have agreed to the use of your personal data in order to be contacted for customer management purposes via certain communication channels, the legal basis of any such processing of your personal data is Art. 6 (1) a) GDPR. This applies to your contact data (name, title, academic title, customer name for which you are acting, job title, address, telephone number, e-mail address, country of residence).
In each of the situations above, you have the right to withdraw your consent at any time and can object to processing of this nature.
Please note that whenever you provide us with further personal information regarding e.g. your date of birth, membership in professional groups, family members, anniversaries, hobbies and special interests, we might use such information for customer management purposes as well. By disclosing such personal data to us, you agree that we may use this personal data to foster the existing business relationship. Please note that you may withdraw this consent at any given time entirely or partially with future effect by contacting your local sales representative of the relevant data controller entity listed in section 8 of this Policy. Any such collection and/or use of this type of personal data is based on Art. 6 (1) a) UK GDPR.
4.1.4 Legitimate interests: To use your personal data for any other purpose described in this privacy policy, we will rely on a condition known as "legitimate interests". It is in our legitimate interests to collect your personal data as it provides us with the information that we need to provide our goods and services to you more effectively, for you to provide your goods and services to us effectively or for us to communicate and engage with you as part of the operation of our business. We are required to carry out a balancing test of our interests in using your personal data, against the interests you have as a citizen and the rights you have under data protection laws (for example, not to use CCTV in a way that would be unjustifiably intrusive to your privacy). As a result of this balancing test (which is detailed below) we have determined that, acting reasonably and considering all circumstances, that we are able to process your personal data in accordance with the relevant data protection laws on the basis that we have a legitimate interest. Legitimate interest We have a legitimate interest in processing your information as:
- we would be unable to provide our goods and services without processing your information;
- we will both benefit from the effective provision of goods and services, and we have a legitimate interest in monitoring staff performance, training staff, and improving our processes, including by reviewing buying habits;
- we will both benefit from the ability to enforce or apply rights under any contract between us;
- we will both benefit from the customer account/any credit account services that we provide;
- we will both benefit from the use of interactive features on our websites, our apps and our IT Systems, from the most effective presentation of information on our websites and IT Systems, and from properly working websites and IT Systems;
- we are required to ensure health and safety of our sites and vehicles and have a legitimate interest in ensuring any processes are effective;
- we have a legitimate interest in ensuring the security of our sites and vehicles, and in assisting with the prevention and detection of crime, including theft and fraud;
- we may both benefit from the assessment of any job application that you make to us;
- we have a legitimate interest in processing your information in connection with any mergers, acquisitions or reorganisation of our business, in which case some of your information may be shared with a prospective buyer or otherwise but only so far as is strictly necessary for the purposes of such sale or administration;
- we have a legitimate interest in promoting our activities to support local communities where our sites are situated and to demonstrate our commitment to the environment, through the publication of photographs and images of our open days.
Necessity It is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above. We process your personal data only so far as is necessary to achieve the purposes outlined in this privacy policy. We may process your personal data based on Art. 6(1) b) GDPR as far as this is necessary in order to carry out a project or a business relationship with your employer or any other party for which you are acting as our contact person. This applies to
(a) your contact data, such as name, title, academic title, customer for which you are acting, job title, address, telephone number, e-mail address, country of residence; (b) information from sources available to the public, such as (commercial) information databases or credit agencies as far as this is related to our customer (c) as well as other data, which you provide to us within the scope of a project or a contractual relationship or at the initiation of a business relationship. Impact of processing We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as the processing of your personal data does not unreasonably intrude on your privacy. -
5. HOW LONG WE KEEP YOUR INFORMATION FOR
5. HOW LONG WE KEEP YOUR INFORMATION FOR 5.1 When your data is no longer required for the purposes listed above, we will delete it within the periods set out below: 5.1.1 Marketing emails and other communications where possible will typically be deleted after 24 months, unless we are required for legal and regulatory purposes to retain such communications for a longer period; 5.1.2 Call recordings with customers, suppliers and other third parties will typically be deleted after 6 years; 5.1.3 CCTV will typically be deleted after 60 days; 5.1.4 In respect of our customer relationship management, your personal data will be deleted once it is no longer necessary for such purposes and as far as we process your personal data based on your consent, we will delete your personal data the later of either withdrawal of your consent or reaching the deletion deadlines set out herein. In this respect, please inform your local sales representative of Hanson UK if you are no longer our contact person for our customer. We will in this case delete your personal data as our Contact, unless we are subject to a statutory obligation to retain your data. 5.1.5 Job applications, including CVs, interview notes, and psychometric test results, which have not resulted in a role with Hanson on this occasion will typically be deleted within 6 months; 5.1.6 Photographs and images from our site open days will typically be deleted and not used further after 2 years; 5.1.7 Any other information will typically be deleted after 6 years from the date of our last positive interaction with you or sooner wherever possible. Data will be archived at appropriate intervals depending on the type of information and the frequency of our interactions with you. 5.2 We may keep your personal information for up to 6 years, to enable us to retain the information we may require for legal and regulatory purposes. Some information, for example information relating to health and safety, may be kept for up to 40 years. -
6. DISCLOSURE OF YOUR INFORMATION
6. DISCLOSURE OF YOUR INFORMATION 6.1 We may disclose your personal information to any member of our group, including in particular HeidelbergCement AG and we have in place the required security protections for such arrangements via an intra-group data sharing agreement. 6.2 We may share your personal information with HeidelbergCement AG where they provide us with processing services on our behalf where we share common IT platforms. 6.3 We may disclose your personal information: 6.3.1 to business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you, for example where we use a third party to provide services to enable us to deliver goods and/or services to you; 6.3.2 to credit reference companies for the purposes of running credit checks (specifically Dunn & Bradstreet and Experian); 6.3.3 to members of the our group and third party suppliers and service providers for the purposes listed under section 3 above, for example where we use a third party to provide services to enable us to deliver goods and/or services to you or who host and provide IT services and Systems for us or where we share IT platforms or processes with our group; 6.3.4 to our customers, where you are an external haulier delivering our goods to our customers (in which case we may disclose your name to the relevant customer for the purposes of managing the delivery); 6.3.5 to analytics and search engine providers and other selected third parties that assist us in the improvement and optimisation of our websites and our apps; 6.3.6 to our regulators, law enforcement or fraud prevention agencies, as well as our advisors (including legal advisors and auditors), courts, any other authorised bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters etc; 6.3.7 to the public generally, if we publish your photograph or use your image on our website for publicity purposes or to demonstrate our commitment to local communities and the environment. We may also use such images in our marketing brochures and therefore disclose your image to any of our customers who receive such brochures; 6.3.8 in the event of a merger, acquisition or other similar event, to a prospective buyer or otherwise of our business or assets, in which case we will disclose your personal data to such prospective buyer or otherwise of such business or assets; 6.3.9 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Hanson UK , our customers, or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; and 6.3.10 to legal advisors and otherwise in connection with legal proceedings in order to enforce or apply our rights under any contract. -
7. YOUR RIGHTS
7. YOUR RIGHTS 7.1 You have a number of rights under data protection law in relation to the way we process your personal data. These are set out below. You may contact us by writing to the Hanson Legal Team at either Hanson UK, Hanson House, 14 Castle Hill, Maidenhead, SL6 4JJ or by email at Heidelberg.compliance@hanson.com to exercise any of these rights, and we will respond to any request received from you within one month from the date of the request.
DESCRIPTION OF RIGHT (1) A right to access personal data held by us about you.
(2) A right to require us to rectify any inaccurate personal data held by us about you.
(3) A right to require us to erase personal data held by us about you. This right will only apply where (for example): we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with your right to object as set out below).
(4) A right to restrict our processing of personal data held by us about you. This right will only apply where (for example): you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but we require the data for the purposes of dealing with legal claims.
(5) A right to receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation, at your request.
(6) A right to object to our processing of personal data held by us about you where the processing of such data is necessary for the purposes of our legitimate interests, unless we are able to demonstrate, on balance, legitimate grounds for continuing to process personal data which override your rights or which are for the establishment, exercise or defence of legal claims.
(7) A right for you not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affect you.
(8) A right to withdraw your consent, where we are relying on it to use your personal data (for example, to provide you with marketing information about our services or goods).
7.2 If you have any concerns regarding our processing of your personal data, or are not satisfied with our handling of any request by you in relation to your rights, you also have the right to make a complaint to the Information Commissioner's Office. Their address is:
First Contact Team
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF7.3 Our websites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. -
8. DETAILS OF THE DATA CONTROLLER
8. DETAILS OF THE DATA CONTROLLER 8.1 For the purpose of applicable data protection legislation, the data controller is:
8.1.1 where you are dealing with our concrete, aggregates, asphalt and contracting business or our BuildR app, Hanson Quarry Products Europe Limited (registered no. 300002);
8.1.2 where you are dealing with our packed products business, Hanson Packed Products Limited (registered no. 026306); 8.1.3 where you are dealing with our marine aggregates business, Hanson Aggregates Marine Limited (registered no. 485700); 8.1.4 where you are dealing with our cementitious business, Castle Cement Limited (registered no. 2182762); 8.1.5 where you are dealing with our regen business, Civil and Marine Limited (registered no. 2301423); 8.1.6 where you are dealing with our Midland Quarry Products business, Midland Quarry Products Limited (registered no. 3173418); 8.1.7 where you are dealing with our building contractor business, Irvine-Whitlock Limited (registered no. 870262); 8.1.8 where you are dealing with our legacy businesses, then as appropriate Cumbrian Industrials Limited (registered no. 1005899), Hanson Building Materials Limited (registered no.488067), Hanson Limited (registered no. 4626078) and Lehigh UK Limited (registered no. 4113976). all with registered office at Hanson House, 14 Castle Hill, Maidenhead, SL6 4JJ, United Kingdom (together "Hanson UK"). 8.1.9 additionally, if you report a matter through our compliance reporting system SpeakUp, then there are joint data controllers of your data, being Hanson Quarry Products Europe Ltd (details above) and also HeidelbergCement AG, Berliner Strasse 6, 69120 Heidelberg, Germany (“HCAG”). -
9. OUR WEBSITES
9. OUR WEBSITES 9.1 9.1 This policy applies to the following websites: www.hanson.co.uk, www.hanson-sustainability.co.uk, www.hanson-communities.co.uk, www.calumite.co.uk, www.hanson-drivers.co.uk, www.hansonpensions.co.uk, www.irvine-whitlock.co.uk, www.mqp.co.uk, www.hanson-packedproducts.co.uk, www.hanson-academy.co.uk, www.2015.hanson-sustainability.co.uk, www.2016.hanson-sustainability.co.uk, www.2017.hanson-sustainability.co.uk and www.buildr-app.com, www. 2018.hanson-sustainability.co.uk, www. 2019.hanson-sustainability.co.uk, www. 2020.hanson-sustainability.co.uk, www.cleansite-safesite.co.uk, www.hanson-careers.co.uk, www.hansoncollect.co.uk, www.myhanson.co.uk.(the "websites") -
10. CHANGES TO OUR PRIVACY POLICY
10. CHANGES TO OUR PRIVACY POLICY 10.1 We will take reasonable measures necessary to communicate any changes to this privacy policy to you. In any event, all updated privacy policies will be posted on this page. 10.2 This policy was last reviewed and updated: May 2022