Ashtead Technology Limited (the “Company”) is committed to respecting your individual data rights.
Privacy, confidentiality and trust are integral to our business and we believe that everyone who communicates with us, visits our website or interacts with the Company in another way should be confident that we will act transparently and fairly and that we will hold personal data securely and in accordance with the law.
Purpose of this privacy notice
This policy describes how we protect your individual rights and it provides information on how we collect and process your personal data when you are in touch with us whether that is in writing by e-mail or letter, if you sign up to receive our newsletter, submit an enquiry regarding our services, log in to Aperto or simply visit our website.
It is important that you read this privacy notice and any other privacy notice or fair processing notice we may provide so that you are fully aware of how and why we use your data.
The Company is the data controller and is responsible for personal data it receives or which is collected by our website including via Aperto. This privacy notice applies to personal data in e-mails or other written enquiries received at the Company’s head office in Aberdeen or at one of our other sites in the UK from anywhere in the world. It also applies to personal data collected by our website no matter where you may be situated.
The Company will, occasionally, transfer personal data to another of the Ashtead Technology group companies and (as explained below) arrangements are in place to ensure that, in that event, you and your personal data have the protection provided by the law in the UK.
The data we collect
When you communicate with the Company or visit our website, depending upon how you use our website, we may collect and use the following kinds of information:
- Identity Data including your name, username or similar identifier, title and gender.
- Contact Data including billing and delivery address, email address and telephone numbers.
- Financial Data such as payment card, bank or account details.
- Transaction Data including details of payments from you and the products and services you have requested or purchased from us.
- Technical Data including your internet protocol (IP) address, Aperto login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use when accessing our website.
- Profile Data includes previous requests, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data including information about how you communicate with us and if and how you use our website, products and services.
- Marketing and Communications Data including your preferences regarding receiving marketing material from us and your communication preferences.
We may also obtain some personal data from publicly available sources.
We do not collect personal data from automated technologies. Nor do we collect any special categories of personal data, criminal convictions and offences. Special category data concerns:
- ethnic origin;
- trade union membership;
- sex life; or
- sexual orientation.
Our website is not intended for children (under 16) and we do not knowingly collect data from or concerning children.
How is your personal data collected?
We use different methods to collect data from and about you including:
- Direct interaction. You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email, via Aperto or otherwise. This includes personal data you provide when you
- Request or order our products or services;
- create an account or join Aperto;
- request marketing such as our newsletter; or
- provide feedback on our products or service provision.
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as follows:
- Technical Data from the following parties:
- a) analytics providers such as Google based outside the EU;
- b) responses to advertising placed with third parties inside and outside the EU; and
- Denied parties screening services, which check that individuals or entities are not on US, EU or similar Government sanctions and embargo lists.
- Contact, financial and transaction data from providers of technical, payment and delivery services.
- Identity and contact data from publicly availably sources such as Companies House.
The use of the data we collect
We will only use your personal data when the law allows it. Most commonly, we will use your personal data in the following circumstances:
- if you are a customer or have expressed an interest in becoming a customer of Ashtead Technology and we have contracted with you or the data is necessary to take steps at your request prior to entering into a contract;
- the data is necessary for the Company’s legitimate interest in record keeping and in marketing our products and services and that interest is not overridden by your interests and fundamental rights and freedoms which require protection of your personal data; or
- where we need to comply with a legal or regulatory obligation such as to HMRC.
We will not normally rely on your consent as a basis for storing or processing your personal data. In the unlikely event we have asked for your consent for a particular matter you have the right to withdraw your consent at any time.
We will only use your personal data for one of the purposes listed above. If we reasonably consider that we need to use it for another purpose, the alternative will be a purpose, which is compatible with the purpose we relied upon when we first collected the personal data. Before we use the personal data for an alternative purpose, we will also take into account:
- any link between the purpose for which the data was originally collected and the alternative purpose;
- the context in which we collected the data and in particular, the extent of the relationship we have with you;
- the nature of the data concerned and particularly whether there is any special category data or data concerning criminal convictions or offences;
- the consequences of using the data for any alternative purpose; and
- the existence of appropriate safeguards including encryption and pseudonymisation.
Disclosure of your personal data
We may have to share your personal data with the parties set out below for the purposes described above.
Other Ashtead Technology group companies and locations. If we feel that another of the Ashtead Technology group companies could better serve your requirements and it would be of benefit to you, we may pass on your contact details and brief information on the nature of your enquiry to a more appropriately situated member of the Ashtead Technology group.
External Third Parties – where it is necessary to implement an agreement we have with you that we contact a third party to arrange transport or access of equipment or staff to locations operated or managed by a third party (such as offshore platforms) we may need to share your contact details with the third party so as to ensure progress in providing the service.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in accordance with this privacy notice.
To fulfil legal or regulatory obligations.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will store all personal data responsibly on our secure servers and will take all reasonable precautions to prevent personal data from being lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to your personal data to members of staff, agents or third parties who have a business need to know. Your personal data will be used only on our instructions and subject to strict obligations of confidentiality. We will not sell, distribute or lease to a third party any of the personal data we collect.
In the unlikely event that we suffer a data breach, we will notify you and any applicable supervisory authority, when we are required to do so.
We will not share your personal data with third parties other than as described above. We may pass the information to other members of the Ashtead Technology group and other Ashtead locations some of which are not in the European Economic Area (EEA). That will occur only where it appears another Ashtead Technology group company or location could provide a more relevant service to you. The Ashtead Technology group maintains the integrity of personal data wherever located. All of the Ashtead Technology group maintain a high level of protection for your personal data and all appreciate the importance of maintaining the security and integrity of personal data.
We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for and for no longer, particularly after the purpose(s) are completed.
To determine the appropriate retention period for personal data, we take into account the extent, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we acquired your personal data, whether we can achieve those purposes by other means, and any applicable legal requirements. Where we wish to retain personal data after the purpose is complete, whenever possible the data will be encrypted or otherwise anonymised.
Any information we use for marketing purposes will be stored and used until you notify us that you no longer agree to us holding your personal data or, where our only contact is sending you a newsletter, you “unsubscribe” from our newsletter.
Failure to provide data
Where Ashtead Technology need to collect personal data by law, or in connection with a contract we have with you, if you fail to provide the data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In that case, we may have to cancel a product or service you have with us. We will bring any issue of this kind to your attention at the earliest opportunity.
Third party links
Our website may from time to time include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control third-party websites and cannot be responsible for their privacy arrangements. If you follow a third party link you will leave our website. We encourage you to read the privacy notice of every website you visit.
You have certain rights concerning personal data we hold or use. If you wish to exercise any of the rights described below, please submit a request in writing to our data privacy manager, details of whom are provided below. You have a right to:
- Request access to your personal information (commonly known as a "data subject access request"). You can request a copy of the personal data held about you to check that it is accurate and is being used for the appropriate purpose.
- Request correction of your personal data. You can have any incomplete or inaccurate information held about you corrected.
- Request erasure of your personal data. You may request that we delete or remove your personal data from storage where there is no good reason for continuing to hold it. You also have the right to ask us to delete or remove your personal data if you have exercised your right to object to processing (see below).
- Object to processing of your personal data. Where we rely on a legitimate interest (or that of a third party) as the basis for processing your personal data and there is something about your particular situation which raises a concern or objection to processing on that basis you may object to our continuing to process on that basis. You also have the right to object if we use your personal data for direct marketing purposes. Direct marketing occurs if we send (by whatever means) any advertising or marketing material directed to particular individuals.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend processing of personal data about you. This would allow you to suspend processing, for example, to allow you to establish the accuracy of the data or the reason for processing it.
- Request the transfer of your personal data to another party.
- Withdraw consent at any time where we are relying on consent to process your personal data. We will not normally use consent as the basis for processing but if we do, you may withdraw that consent at any time by notifying the data privacy manager. Please note that this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. For the avoidance of doubt, Ashtead Technology does not rely on consent to process your personal data.
If you wish to make any of the above requests please contact the data privacy manager. Please be aware that we will need to confirm your identity on every occasion that you make a request. That is for your protection. To that end we may request specific information from you to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights) is secure. To expedite our response, we may contact you to ask you for further information in relation to your request.
In general, you will not have to pay a fee to access your personal data or to exercise any of your rights. However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. In those circumstances, we may also refuse to comply with your request.
We try to respond to all requests within one month. Some complex requests may take us longer. In that event, we will notify you and keep you updated.
At any time, you can ask us to stop sending you marketing messages by contacting our data privacy manager, the details of whom are noted below.
Data Privacy Manager
We have appointed a data privacy manager who is the point of contact and is responsible for addressing any questions or concerns you may have concerning this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data protection manager using the details below
Our full contact details are:
- Name: Ashtead Technology Limited,
- Address: Discovery Drive, Arnhall Business Park, Westhill, Aberdeenshire, AB32 6FG, Scotland
- Data privacy manager: Peter Simpson
- Email address: firstname.lastname@example.org
- Telephone number: +44 (0)1224 771888
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (https://ico.org.uk). We would, however, appreciate the chance to address any of your concerns before you approach the ICO so please contact us in the first instance.
This Privacy Notice was last updated on 17 May 2018.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.