Let’s start with introductions
Your personal information is collected and processed by Sunbelt Rentals Limited (“Sunbelt Rentals”, we”, “us” or “our”).
We’re protecting your data
We are committed to safeguarding your personal data. The protection and integrity of your personal data is very important to us.
A culture of privacy and data security
Data protection and privacy is ever changing and enhancing the rights of our customers. As such, we review our uses of personal data and may amend this Policy from time to time to reflect changes in applicable laws or the way we handle personal data. Any updated Policy will supersede earlier versions.
You are encouraged to re-visit our Policy from time to time so that you are aware of our culture of privacy and relevant updates we have made to our Policy. We will notify you of any significant changes.
Personal data provided by you and others
What is personal data?
Personal data is any information about you. The UK GDPR defines personal data as:
“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Accuracy and completeness of personal data
It is important that the personal data we hold about you is accurate and up to date. We would ask you to inform us if there are any inaccuracies with the personal data that we have recorded about you and we will act to update your personal data as required.
If you decide to create an account on our website, you’ll be able to update your information whenever you want to. We see it as your responsibility to ensure that all personal data is accurate and complete, and to inform us of relevant changes to your personal data.
Categories of personal data we may collect
Depending on how you interact with this, we may collect, use, store and transfer different kinds of personal data about you which we have categorised as follows:
Identity Data and Contact Data
Data specifically related to identity, such as your, first name and last name, your job title and details of the organisation you work for (where applicable) and your contact details, such as your email address, telephone number, postal address details and if you connect with us on social media, we’ll know your social media account name.
As part of any transaction with you, we may process financial data, which in most cases will be payment card details. But we don’t handle card processing on our website, we’ll transfer you to our secure payment partner.
Technical and Useage Data
When you create an account on our website, we’ll collect your email address and password to facilitate the security of your account.
How we may collect personal data.
Personal data you voluntarily provide to us.
We collect personal data that is relevant to our relationship with you. Your personal data may be collected by us, directly or indirectly, for instance:
- when you communicate with us by telephone, email, via our website or through other communication channels, for example, through social media platforms;
- if you attend events or meetings organised by us, or conducted at our offices, for example, sales events, promotional and marketing events, training sessions and social events;
- when you use our services or enter into transactions with us, or express an interest in doing so, including services, products and transactions which you utilise in-person or electronically;
- when you submit your personal data to us for any other reason.
You do not have to give us your personal data, but if you do not provide us with certain information, we may not be able to provide you with the products or services that you have requested from us or deal with your enquiry.
Personal data that has been provided by others.
Depending on your relationship with us, we may also collect your personal data from third party sources, for example:
- your colleagues who provide your personal data to us on your behalf;
- from credit referencing agencies that we engage with to assess our credit account decisions on an ongoing basis; or
- from public agencies or other public sources, for example, the Electoral Register or Companies House.
Personal data that can be collected automatically.
As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We’ve structured our website in a way that asks for your consent for certain cookies, in accordance with data protection laws.
External links on our website.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy notice. You should exercise caution and look at the privacy notices applicable to the website in question.
Specific purposes and legal basis for processing your information.
We will only use your personal data where we have a lawful basis to use it. This will usually be where we need to use your data to enter into or perform our contract with you (for example, to provide you with the products or services you have requested), or in a way which might reasonably be expected as part of running our business and which does not adversely impact you. For example, we might use your personal data to allow us to improve our website, products and services or to ensure that your data is kept secure. When processing your personal information is a based our legitimate interests, we undertake legitimate interest assessments to ensure that our processing is not overridden by your interests, rights and freedoms. Please contact us using the details below if you would like further information about this.
In some cases, we may ask for your consent to process your data, for example, if you are featured in a photograph or video footage from one of our events.
We may sometimes need to use personal data to comply with our legal obligations (for example, to pass on details of people who are involved in fraud) or to implement appropriate data security measures.
Further detail about our use of personal data is provided below:
|Processing type||Data category|
Our legal basis
To provide our products/services, respond to enquiries or complaints and for accounts administration and customer relations purposes.
|Identity & Contact data, Financial data and customer feedback||Legitimate interests /performance of a contract|
In order to provide you/your business with the services or products that you have ordered (including to take payments/invoicing), to administer your account or to provide you with information you have requested and to facilitate our relationship with you, your business or colleagues and to ensure the smooth operation of our business, effective planning and an efficient customer experience.
We may contact you during and after the fulfilment of the products/services you request from us to understand how well we’ve done or if there are areas we could improve on, to help us to improve our products and services.
|Recording of telephone calls|
Identity & Contact data and the content of the call
We record phone calls that are made to our call centres for the purpose of ensuring the high standards of our services and to aid in our commitments to combatting fraud.
|Training and other corporate events|
Identity & Contact data, Special category health data
|Legitimate Interest / Consent|
The information you provide will be used to communicate with you about your attendance at the event, to facilitate your attendance and to follow-up on your experience post-event. We will ask for your consent to process any health related data you choose to provide.
|Email marketing to other businesses||Identity & Contact data (email address)|
|Where we are looking to have, or we already have a business to business relationship with you or your organisation, we will look to provide you with interesting and relevant services, products and projects. You can opt out of receiving our marketing information by using the Unsubscribe feature in our emails or by contacting us.|
|Telephone marketing to other businesses||Identity & Contact data (phone number)|
We're not fans of nuisance phone calls, so we won't be spamming anyone with lots of unnecessary calls, but from time to time we may contact customers or prospective customers to inform them about our products and services and any new offers.
You can ‘opt-out’ of telephone marketing by either letting our team members know or by contacting us at any point. In any case we check the Telephone Preference Service and Corporate Telephone Preference Services before making marketing calls.
|Images and film footage at events||Images/Video footage||Consent & Legitimate interest|
We may take photographs and/or video footage at events we host, which could capture personal data. We will always notify participants when a photographer or filmmaker is present at our events and you can opt-out of being included in photographs/video footage. We will respect the wishes of anyone who signals their desire not to have their image captured.
We have a legitimate interest taking photos/video footage in a crowd setting in order to publicise our events, but we will ask for your consent when identifiable from the photograph or video footage and where photos are to be published alongside a name or other personal identifier. Where you consent, you have the right to withdraw it at any time.
|Collection/analysis of statistical information about website usage||Technical & Usage data||Consent / Legitimate Interest||To manage and improve how people engage with our public-facing channels. The information we collect tells us about how you use our website, what links you follow and tells us what you’re most interested in. We use this information to improve our website, to ensure it is presented in the most effective manner for you and to give you the best website experience.|
|Sharing information with Companies House, Accountants, legal advisors, HMRC and Statutory authorities|
Identity & Contact data and Financial data
|Legitimate Interest & Legal Obligation|
As a registered UK business, we are subject to UK company law and therefore have specific legal obligations. We process our accounts in accordance with UK law and therefore use external accountants, which is our legitimate interest, to submit our statutory accounting records. We are subject to audits and assessments from industry standard bodies and in the protection of our interests and to comply with UK law, we may be obligated to share information with the statutory authorities.
|Security and Safety|
Identity, Contact, Technical & Usage data, Financial data and Security Credentials, door access logs or visitor's logs
Legal Obligation & Legitimate Interest
We may process personal data for the specific purposes of security, safety and fraud prevention. This is in connection with the safety and security of our staff, the buildings and equipment that we own and/or rent, or events organised by us or conducted at the buildings we own and/or use; for data security purposes through the systems that we operate throughout the organisation and for fraud prevention.
Identity, Technical & Useage data
|Consent / Legitimate interest|
When you provide consent to processing.
Where you have given your consent for us to process your personal data, you can withdraw your consent at any time. Where consent has been used as the lawful basis for processing data, you will have been fully informed about how we intend to use your data and you will have the power to decide whether you give consent.
Disclosures of your personal data.
We share your personal data with trusted third parties to allow us to achieve the purposes set out above. When we do share your data with these third parties we have written contracts in place with them which require them to only use your data for the purpose we specify to them and that your privacy is secure and respected.
These trusted third parties include the following:
- Those providing services such as hosting and maintenance services, analysis services, e-mail messaging services, delivery/logistics services, handling of payment transactions, marketing, and professional services);
- Debt collection agencies for the purpose of tracing debtors and collecting debt; and
- Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud.
We may also share your personal data:
- in connection with a business transition (such as a merger, acquisition by another company, or a sale of all of or portion of our assets). In these circumstances, we may need to share your personal data with a prospective buyer and external professional advisors such as accountants, insurers, lawyers or financial institutions.
- where we have a duty or a legal obligation to do so, such as with the police, administrative authorities, other enforcement, regulatory or Government bodies, or in order to enforce or apply any agreements which we enter into with you.
Data being transferred internationally.
Some of our service providers may be located in (or may access your personal data from) outside the UK/EEA. The UK GDPR contains strict rules about data transfers to other countries, which we adhere to. Unless the recipient country has been deemed by the Information Commissioner’s Office to provide adequate protection for personal data, we will put appropriate safeguards in place, such as Standard Contractual Clauses, that require the recipient of the data to process it in line with UK data protection laws. Please contact us using the details provided at the end of this policy for further details, including a copy of these clauses.
The security of your personal data.
We have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to your personal data to those employees, agents, contractors and other third parties who have been authorised to access your personal data.
We have put in place procedures to deal with any suspected personal data breach and will notify you and the appropriate supervisory authority of a breach where we are legally required to do so.
However, we cannot guarantee that our systems or applications are invulnerable to security breaches, nor do we make any warranty, guarantee, or representation that your use of our systems or applications is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities.
We also cannot guarantee the security of data that you choose to send us electronically. Sending such data is entirely at your own risk.
How long we keep personal data.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available by contacting our Data Protection Officer.
By law we may have to keep certain information about our customers and this data will be held solely and securely for those legal purposes.
Personal data belonging to children.
Our website and our services are not intended for children and we do not knowingly collect data relating to children.
You have rights when it comes to your personal data.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Right of access
You have the right to request a copy of the personal data that we hold about you and certain additional information about our processing of your personal data. Access to a copy of your personal information is often known as a Subject Access Request, is usually free of charge and we have a one-month time period with which to respond.
If requests for information are particularly complex or you have submitted multiple requests, the law permits an extension to the one-month timeline of up to two further months. It also permits us to apply a fair administration fee for access requests that are deemed manifestly unfounded or excessive or if further copies of data are requested.
Finally, the law allows an organisation to refuse a Subject Access request where the request is deemed to be manifestly unfounded or excessive. Any such decision would need to be made on a case-by-case basis.
Right of rectification
You have a right to review and correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten
In certain circumstances you can ask for the data we hold about you to be erased from our records, for example, where there is no good reason for us continuing to process it or where you have exercised your right to object to processing (see below).
Right to restriction of processing
In certain conditions you can exercise a right to restrict the processing of personal data, for example if you want to establish its accuracy or the reason for processing it.
Right of portability
You have the right to obtain a copy of the personal data that you have provided to us, for the fulfilment of a contract or where you have provided your consent and to reuse it elsewhere or have it transferred in a structured and machine-readable format to another organisation.
Right to object
Where we are processing your personal data on the basis of our legitimate interests, you can ask us to stop processing it and we must do so unless we believe we have an overriding legitimate reason to continue processing your personal data or we need to process it for the establishment, exercise or defence of legal claims. You can also ask us to stop using your personal data for marketing purposes at any time.
What forms of ID will I need to provide to access my data?
We will assess the information we process on your behalf, and if we are unable to verify your identity through existing security checks, we may request additional identification that could include: -
Passport, driving licence, birth certificate, utility bill from last 3 months. This is a security measure to protect your data.
We do not currently carry out automated decision-making using information we hold about you.
Right to Complain - What to do when things don't go as planned.
In the event that you wish to make a complaint about how your personal data is being processed by us, or how your complaint has been handled, you have the right to lodge a complaint directly with the relevant supervisory authority.
In the UK, this is the Information Commissioner's Office (ICO). You can make a complaint to the ICO by calling their helpline on 0303 123 1113 or on their website at www.ico.org.uk/concerns.
Data Protection Officer.
URM Consulting Services Limited
Manor Farm Road
Telephone: 0118 206 5410
Our company registration details are:
Sunbelt Rentals Limited is a company incorporated in England and Wales.
Registration number 12431937
Registered office: 100 Cheapside, London, EC2V 6DT
Our ICO registration details are: -
Registration number: Z8882159
Date registered: 02 February 2005
Registration expires: 01 February 2022
Data controller: Sunbelt Rentals Limited