Privacy Notice

phs Group is most famous for washroom services and products. However, as one of the UK’s leading provider of workplace services, we do much more than just washrooms; we offer a broad range of solutions to help keep organisations running smoothly. In fact, we take care of over 200,000 customers at over 450,000 locations across the UK and Europe.



phs has 50 years of history, and over that time we have developed an expert understanding of the practical and legislative issues that our customers face daily in their workplace. Our business comprises of an extensive product and service range, addressing customer needs across two key areas - Hygiene and Specialist.



Although our customers are primarily businesses, we do collect and use personal information relating to individuals as part of our day-to-day activities.  This is generally in order to provide services directly to individuals, or when we work with individuals in our customer or supplier businesses.  We also collect personal information about individuals who use our websites, wish to receive information about our services or who wish to work for us.



This privacy policy sets out how the phs Group collects and uses personal information about these individuals.  In this policy “PHS”, “we”, “us” and “our” means Personnel Hygiene Services Limited and its UK subsidiaries. The names of the subsidiaries, as stated on the Data Protection Register held by the Information Commissioner’s Office, are Direct365online Limited, phs Compliance Limited and Teacrate Rentals Limited. Personnel Hygiene Services Limited also uses the following trading names: phs Washrooms, phs Floorcare, phs Wastemanagement, phs Besafe, phsGreenleaf, phs Wastekit, Warner Howard, Syncros and Matta.



What lawful basis do we use to process personal information about you?. 1

Why we need your personal information and how will we use it?. 2

How do we protect your information?. 4

Transferring your information overseas. 5

Social media. 5

How long we keep your data. 5

Your rights. 6

Cookies. 6

Other websites. 6

How to contact us?. 7



What lawful basis do we use to process personal information about you?



  • Under data protection law, we are required to only collect and use personal information in accordance with at least one of six lawful bases (or 'conditions').  Some of these conditions overlap and more than one may apply.
  • We have reviewed the purposes of our processing activities, and indicated in the table below the lawful basis (or bases) for each activity.
  • We have checked that the processing is necessary for the relevant purpose, and are satisfied that there is no other reasonable way to achieve that purpose.
  • We have documented our decision on which lawful basis applies to help us demonstrate compliance.
  • We have included information about both the purposes of the processing and the lawful basis for the processing in our privacy notice
  • Data protection law affords additional protection to certain categories of personal information (known as 'special categories').  These includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information for uniquely identifying a person, information concerning health, and information concerning a person's sex life or sexual orientation.
  • Where we process special categories of personal information, we have also identified a condition for processing such categories, and have documented this.



Ref

Lawful Basis to process personal data

1

Processing is necessary for phs and its subsidiaries to carry out their services or deliver their products, to defend ourselves in legal claims and to respond to queries from regulators or legislators; except where it would negatively impact on the fundamental rights and freedoms of the individual (data subject), or where their personal data requires protection, particularly if the individual is a child.

2

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

3

Processing is necessary for compliance with a legal obligation to which we are subject.

4

The data subject has given consent to the processing of his or her personal data for one or more specific purposes.



Why we need your personal information and how will we use it?



To provide an outstanding service to our customers, employees and suppliers, we collect and process personal information in the following ways.

Service Provided

Scenario

How will we use your information

Lawful Basis Ref

Marketing, Lead and Prospect Customer Information

Informing our current and prospective customers of phs products and services

Request a quotation for our products, services or place an order by corresponding with us by telephone, email, post or through our website (website usage information is collected using cookies)

For customers and prospective customers, we will use your information to provide any products and services you’ve requested and for other purposes, for example:

  • To confirm your identity and address.
  • To process your order, manage your account and, unless you opt out, to email you about products, services and promotions that may be of interest to you to ensure we are offering you the services.
  • To continually improve our products and services
  • To administer our applications and for internal operations, including data analysis, testing, research and survey purposes.
  • To measure and understand the effectiveness of the advertising we serve to our customers and to ensure we deliver relevant advertising to them.
  • phs will only share your information for marketing purposes with its subsidiary companies, as listed at the start of this privacy notice.
  • Where appropriate we will ask for your consent.  You can opt-out at any time using the functionality built into all of our marketing messages.

1

Marketing to prospective or current customers

We also purchase contact information from a third-party data seller.

  • Data is used to generate business leads and to contact prospective customers who may be interested in our products or services.

Note phs will not share your information for marketing purposes with companies outside of our group.

1

Current Customer Information



Sale Orders Processing

You purchase one off or ad-hoc goods from us. Over the phone or our websites





  • We only collect the minimum personal data needed to process an order, manage an account or enter into a contract.  Without this information we will not be able to conduct business with you.
  • In processing your order, we may send your details to, and also use information from credit reference agencies.
  • We may credit check new customer accounts >£1k in value using a credit reference agency, where ratings do not meet the required criteria, these businesses are placed on a monitoring list. We do not credit check sole traders or those customers who fall under the Consumer Credit Act.
  • To ensure that we are compliant with HMRC VAT regulations.

1,2 and 4

Contractual Business for  prospective or current customers

You enter into a contractual relationship with us to provide goods or services

  • We only collect the minimum personal data needed to process an order, manage an account or enter into a contract.  Without this information we will not be able to conduct business with you.



  • To ensure that we are compliant with HMRC VAT regulations.

2

Customer Portal

Billing for goods or services provided by phs

  • To provide you with online VAT invoices and supporting information such as your service history (as an alternative to post) via our third party provider where you have opted in through the Myphs online portal.

2

Credit control and debt management

You fail to pay for your goods or services within agreed contractual payment terms resulting in credit control and debt management processes

  • As we invoice in advance, our credit cycles take care of debt at early stages where we apply sanctions such as debt collection, service suspension and ultimately termination of contracts due to protracted default.
  • All information we use is on contracts or public information generated from Companies House. We do not credit check sole traders or those customers who fall under the Consumer Credit Act.

2,3

Legal or Regulatory obligations

To satisfy Environment Agency (EA) legal obligations

  • If you are a producer of Hazardous waste for which phs issue consignment and destruction notices that may be audited by the Environment Agency (EA).

2,3

Supplier Information



Supplier Request for Information (RFI) or Request for Proposal (RFP)

You take part in a Request for Information (RFI) or Request for Proposal (RFP) supplier selection process

For suppliers, we will use your information:

  • To confirm your identify and address.
  • To set you up on our preferred suppliers list.



2

Supplier Purchase Order and Invoicing

You submit an invoice for payment for services provided to phs

  • To manage our working relationship and communications to ensure work is carried out efficiently.
  • To report any queries or concerns .
  • For payment of work.

2

Other Personal Data



Site visitors

If you are a visitor to one of our sites and are not an employee, customer or supplier /contractor i.e. perhaps a family member of one of our employees

  • In order to give you a visitors pass we ask for some basic details about you including your name, email, mobile number and car registration (if you drive to the site). In these instances we do this for compliance with Health & Safety and Fire regulations.

1, 3



How do we protect your information?

phs implements industry standard security measures to protect personal information in our own and 3rd party supplier data centres. These controls cover information that is stored (at rest) and when copied from one system to another (in motion).

Services that are internet facing are further independently checked for all known security risks by accredited security specialists.

In general, personal information is only accessible to staff on a need to know basis and appropriate security measures are in place.



Transferring your information overseas

phs consciously selects suppliers that have a European Economic Area (EEA) presence for the storage and maintenance of personal data and information.  In a small number of very niche cases data is stored outside the EEA.  Any data stored outside the EEA is protected by the EU Model Clauses which are EU-approved standardised contractual clauses.  These clauses ensure that any personal data leaving the EEA will be transferred in compliance with EU data protection laws.  These clauses also mean that the third party has adequate security measures and controls in place to protect personal data.

All the personal data we process is processed by our staff or the staff of carefully selected suppliers in the UK or by our Business Intelligence partner in Chennai, India. For the purposes of IT hosting and maintenance this information is located on servers within the European Economic Area (EEA).



Social media

We use our social media channels, LinkedIn, Instagram, Facebook, Twitter and YouTube to build brand awareness, promote content and share information through thought leadership pieces, including articles, blogs and videos. We do not monitor our social media channels for subject access requests.

In exceptional circumstances, we do manage customer complaints through some of our channels to maintain the highest quality of customer service.

How long we keep your data

We’ll keep your information for as long as you have a relationship with us. After the relationship ends, we’ll keep it where we have a legitimate interest e.g. to help us respond to queries or complaints, or for compliance with a regulatory or legal obligation such as but not limited to the following legislation which have their own data retention rules

  • Equality Act 2010
  • Employment Rights Act 1996
  • Health and Safety at Work Act 1974
  • Limitation Act 1980
  • National Minimum Wage regulations 1998
  • The Control of Substances Hazardous to Health Regulations 1999 and 2002
  • The Retirement Benefits Schemes (Information Powers) Regulations 1995(SI 1995/3103)
  • The General Data Protection Regulation
  • Companies Act 1985, 1989 and 2006
  • The Income Tax (PAYE) Regulations 2003/2682
  • The Statutory Sick Pay Regulations 2014
  • VAT Act 1994
  • Corporation Tax Act 2010
  • The Environmental Protection (Duty of Care) Regulations 1991
  • The Special Waste Regulations 1996



Your rights

You have a number of rights relating to your information e.g.  to see what we hold, to ask us to update incorrect or incomplete details, to object to or restrict processing of it, to make a complaint, etc.

If you would like a copy of some or all of your personal information, please email dataprotection@phs.co.uk  or write to us.  Please see the how to contact us section below.

If at any point, you believe the information we process on you is incorrect you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact us via email to have the matter investigated – dataprotection@phs.co.uk or by writing to the address below.

If you are not satisfied with our response or believe we are processing your personal data other than in accordance with the law, you can complain to the Information Commissioner’s Office.  You can find advice on the ICO’s website [ico.org.uk/sar] and information on their powers and the action they can take [ico.org.uk/action] or call them on 0303 123 1113.



Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

For further information visit www.moreaboutcookies.org or www.allaboutcookies.org

You can set your browser to not accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.



Other websites

Our website https://www.phs.co.uk/ contains links to other websites which are not limited to those listed below. Variations to this policy that are applicable to Direct365online Limited, PHS Compliance Limited or Teacrate Rentals Limited websites are included in the specific privacy statements for these businesses.



How to contact us?

Depending on your enquiry, there are a number of ways you can get in touch:

Type of enquiry

Contact details

Data request/complaint

dataprotection@phs.co.uk

General enquiries

02920 851000

Sales

02920 809098

Service

02920 851000

Other

02920 851000

Customer Complaint

02920 851000



Please contact us if you have any question about our Privacy Notice or information we hold about you:

Data Protection Officer

PHS Group

Unit B

Western Industrial Estate

Caerphilly

CF83 1XH



Version History

Version

Next review Date

Author

1.0

25/05/2019

D Finlayson