Website address: https://www.ashbrook.ltd

J K Ashbrook address: ASHBROOK House, Holmes Chapel Rd, Congleton, Cheshire CW12 4SN

Ashbroook (Warrington) Ltd address: Woodside, Northwich Road, Dutton, Warrington, WA4 4LJ

J K Ashbrook telephone: 01260 270817

Ashbroook (Warrington) Ltd: 01925 599080

Our Data Protection Officer is Mike Ashbrook who can be contacted on office@ashbrook.ltd

1. What data we collect

Whether or not you are a current customer, we’ll use the personal data for reasons set out below and if you are a current customer we will continue to use it to manage the account. Personal Data we use may be about you as a personal or business customer.

1.1 Online processes

The personal data we collect from you includes:

• full name, address, contact telephone number, and profile photos into your account section
• questions, queries, or feedback you leave, including your email address if you contact ASHBROOK using our contact forms
• your email address and subscription preferences when you sign up for our email alerts
• how you use our emails – for example, whether you open them and which links you click on
• your Internet Protocol (IP) address, details of which version of web browser you used, and browser user agent string to help spam detection
• information on how you use the site, using cookies and page tagging techniques

We use Google Analytics software to collect information about how you use ASHBROOK.ltd. This includes IP addresses. The data is anonymised before being used for analytics processing.

Google Analytics processes anonymised information about:

• the pages you visit on ASHBROOK.ltd
• how long you spend on each of our webpages
• how you got to the site
• what you click on while you’re visiting the site
• what device you visited the site on
• the engagement levels of our social media post.

We do not store your personal information through Google Analytics (for example your name or address).

We will not identify you through analytics information, and we will not combine analytics information with other data sets in a way that would identify who you are.

1.2 Offline processes

Information collected may include:

• full name and personal details including contact information (e.g. home and business address and address history, email address, home, business, and mobile phone numbers)
• date of birth and/or age (e.g. to make sure you are eligible to apply for a customer account)
• financial details to ascertain creditworthiness and prevent fraud
• information from credit reference agencies and other publicly available sources for credit and fraud prevention purposes
• information from your insurer or insurance broker to confirm that you are fully insured to cover the machinery on hire.

2. Providing your personal data

We will advise you if some personal data is optional, including if we ask for your consent to process it. In all other cases, you must provide your personal data to allow us to open and process your account with us. (Unless you are already a customer and we already hold your details).

3. Why we need your data

We collect information through Google Analytics to see how you use the ASHBROOK.ltd. We do this to help:

• make sure the site is meeting the needs of its users
• make improvements, for example improving site search.

We also collect data in order to:

• gather feedback to improve our services, for example, our email newsletter and social media posts
• respond to any feedback you send us if you’ve asked us to
• send email newsletters to users who request them
• allow you to request quotes for machinery hire
• provide you with information about machinery hire
• enable you to hire items from us.

4. Our legal basis for processing your data

We’ll process your personal data:

1. As necessary to hold an account with us

a. To take steps at your request prior to entering into it;

b. To decide whether to enter into it;

c. To manage and perform the account;

d. To update our records; and

e. To trace your whereabouts to contact you about your account and/or recovering debt.

2. As necessary for our own legitimate interests

a. For good governance, accounting and managing and auditing your business operations;

b. To search credit reference agencies to apply for a credit limit for your account with us

c. To monitor emails, calls, other communications, and activities on your account

d. For market research, analysis, and developing statistics; and

e. To send you marketing communications, including automated decision making relating

to this.

3. As necessary to comply with a legal obligation

a. When we exercise our rights under data protection law and make requests;

b. For compliance with legal and regulatory requirements and related disclosures;

c. For establishment and defense of legal rights

d. For activities relating to the prevention, detection, and investigation of crime;

e. To verify your identity, make credit, fraud prevention, and anti-money laundering checks;

and

f. To monitor calls, emails, other communications, and activity on your account.

4. Based on your consent, e.g

a. To send you marketing communications where you’ve asked for your consent to do so.

b. To process anonymised data for google analytics.

5. What we do with your data

5.1 Sharing of your personal data

Subject to applicable data protection law we may share your personal data with:

• the ASHBROOK group of companies in which we have employees, officers, agents, or professional advisors of these companies;
• subcontractors and other persons who help us provide you with the product or service;
• our legal and other professional advisors, including auditors;
• credit reference agencies and debt collection agencies periodically or service management;
• government bodies and agencies in the UK (e.g HMRC)
• market research organisations and marketing support services who help to improve our products and services
• payment systems which are necessary to operate your account and for regulatory purposes, to process transactions, and for statistical purposes
• external sources of publicly available information such as Companies House and credit reference agencies.
• Anyone else where we have your consent or as required by law.

5.2 Automated Decision Making

We’ve described new ways of processing your personal data relating to automated decision-making. This includes profiling for marketing and tailoring marketing communications. This doesn’t mean we will start to send you direct marketing if you’ve told us you don’t want to hear from us as we’ll only contact you according to your preferences. We will without human intervention evaluate your personal situation such as personal preferences, interests, past transactions and triggers, and events such as account opening anniversaries or seasonality business promotions. We may do this to decide what marketing communications are suitable for you and to analyse statistics. All this activity is on the basis of our legitimate interests and to develop and improve our products and services.

5.3 Monitoring of communications

Subject to applicable laws, we’ll monitor and record your calls, emails, text messages, social media messages, and other communications relating to our dealings with you. We’ll do this for regulatory compliance, self–regulatory practices, crime prevention, and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what’s been said.

5.4 Data anonymisation and aggregation

Your personal data may be converted into statistical or aggregated data which can’t be used to identify you but then used to produce statistical research and reports.

5.5 Credit Reference Checks

If you apply to open an account with us or part of an annual review of your account, we’ll perform a credit and identity check on the registered address with one or more credit reference agencies. To do this we’ll supply your personal data to the credit reference agencies and they’ll give us information about you.

5.6 Marketing Preference and related searches

We may use your address, phone number, or email address to contact you according to your preference. You can change your preference at any time by contacting us.

6. Embedded content from other websites

Articles on our website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with that content, please view their Privacy Policies for details.

7. How long do we keep your data

The following criteria are used to determine data retention periods for your personal data for both customers and non-customers.

• Retention in case of queries. We will retain the personal information that we need to keep in case of queries from you for seven (7) years, unless we have to keep it for a longer period (see directly below);
• Retention in case of claims. We will retain the personal information that we need to keep for the period in which you might legally bring claims against us which in practice means seven (7) years, unless we have to keep it for a longer period (see directly below); and
• Retention in accordance with legal and regulatory requirements. We will retain the personal information that we need to keep even after the relevent contract you have with us has come to an end for ten (10) years and this will be to satisfy our legal and regulatory requirements.

8. Children’s privacy protection

Our services are not designed for, or intentionally targeted at children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.

9. Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.

All personal data is stored in the European Economic Area (EEA). Data collected by Google Analytics data may be transferred outside the EEA for processing.

10. How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data – for example, we protect your data using varying levels of encryption.

We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.

11. Your rights under the applicable data protection law

Your rights are as follows (noting that these rights don’t apply in all circumstances and that data portability is only relevant from May 2018)

• The right to be informed about the processing of your personal data;
• The right to have your personal data corrected if it is inaccurate;
• The right to object to the processing of your personal data;
• The right to restrict the processing of your personal data;
• The right to have your personal data erased;
• The right to request access to your personal data and information about how we process it;
• Rights in relation to automated decision-making including profiling.

If you have any of these requests, get in contact with our Data Protection Officer.

You have the right to complain to the information commissioner’s office. It has enforcement power and can investigate compliance with data protection law.

We may change this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.

If these changes affect how your personal data is processed, we will take reasonable steps to let you know.

Last updated March 2021