Hoshizaki Europe Limited (the ‘Company’) Privacy Notice and Consent

This notice explains how information about you is used.
The Company will be the data controller and can be contacted as follows:
By post: Data Protection Manager, Hoshizaki Europe Limited, Telford 70, Stafford Park 7, Telford, Shropshire, TF3 3BQ
By e-mail: [email protected]
By phone: 01952 291777

The information we gather
The Company gathers certain information about you. Information about you is also used by our affiliated entities and group companies, including Hoshizaki Corporation of 3-16 Minamiyakata Sakae-Cho, Toyoake City, Aichi Prefecture, Japan (our ‘group companies’). When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and the Data Protection Act 2018 and we are responsible for that personal information for the purposes of those laws.
In this notice, references to ‘we’ or ‘us’ means the Company and our group companies.
Information that we gather about you may include without limitation your name and contact details. The provision of information by you is entirely voluntary, but if you fail to provide certain information we may be unable to provide our services.
We may also obtain information about you from third parties, such as our group companies, service providers and agents and credit reference agencies.
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

The legal basis for processing
This privacy notice sets out how we will process your data.
Processing can take place based on our legitimate interests or those of a third party. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. Our legitimate interests may be that we are carrying or may carry on business with your employer. There is a limited privacy impact on you, and we think that you will expect that we will process your data in this way.
Processing could take place when it is necessary to perform a contract between us, or where we are both taking steps to enter into a contract. Sometimes processing will take place based on your consent, such as when you give us your clear and express permission to do something with your personal data. Whenever you have given consent you can withdraw it at any time.

We process information about you for the following reasons:

What we use your information for

Our reasons

To provide our services, such as when manufacturing our
quality commercial kitchen equipment and providing related services

For our legitimate interests or those of a third party, i.e.
to allow us to contract with your employer, or for the performance of our
contract with you or to take steps at your request before entering into a
contract

Providing customer services, analysing preferences and
improving services

For the performance of our contract with you, for our
legitimate interests or those of a third party, i.e. to be as efficient as we
can so we can deliver the best service for you at the best price, and to
comply with our legal and regulatory obligations

To improve user experience

 

For our legitimate interests or those of a third party,
i.e. to be as efficient as we can so we can deliver the best service for you
at the best price

Operational reasons, such as recording transactions,
training and quality control, and ensuring business policies are adhered to

For our legitimate interests or those of a third party, i.e.
to be as efficient as we can so we can deliver the best service for you at
the best price

Conducting checks to identify our
customers and verify their identity, screening for financial and other
sanctions or embargoes, and other processing necessary to comply with
professional, legal and regulatory obligations, corporate governance
obligations and good practices that apply to our business, e.g. under health
and safety regulation or rules issued by any regulator, including for the
purposes of preventing money laundering

For our legitimate interests or those of a third party,
i.e. to minimize fraud that could be damaging for us and for you; to comply
with our legal obligations; and, in certain circumstances, based on your
consent

Gathering information as part of investigations by
regulatory bodies or in connection with legal proceedings or requests

To comply with our legal and regulatory obligations

Security vetting, credit scoring and checking, preventing
fraud, investigating claims, complaints and allegations of criminal offences

For our legitimate interests or those of a third party,
i.e. to minimize fraud that could be damaging for us and for you, and to
comply with our legal obligations

Ensuring the confidentiality of commercially sensitive
information

For our legitimate interests or those of a third party, i.e.
to protect trade secrets and other commercially valuable information, and to
comply with our legal and regulatory obligations

Statistical analysis to help us manage our business, e.g.
in relation to our financial performance, customer base, product range or
other efficiency measures

For our legitimate interests or those of a third party, i.e.
to be as efficient as we can so we can deliver the best service for you at
the best price

 

Preventing unauthorised access and modifications to systems

For our legitimate interests or those of a third party, i.e.
to prevent and detect criminal activity that could be damaging for us and for
you, and to comply with our legal and regulatory obligations

Updating and
enhancing customer records

For the performance of our contract with you or to take
steps at your request before entering into a contract, to comply with our
legal and regulatory obligations, and for our legitimate interests or those
of a third party, e.g. making sure that we can keep in touch with our
customers about existing orders and new products

Ensuring safe working practices, staff administration and
assessments

To comply with our legal and regulatory obligations, and for
our legitimate interests or those of a third party, e.g. to make sure we are
following our own internal procedures and working efficiently so we can
deliver the best service to you

External audits and quality checks, e.g. for ISO or
Investors in People accreditation and the audit of our accounts

For our legitimate interests or a those of a third party, i.e.
to maintain our accreditations so we can demonstrate we operate at the
highest standard, and to comply with our legal and regulatory obligations

Marketing our business and those of our group

For our legitimate interests or those of a third party, i.e.
to promote our business to existing and former customers

Information about third parties
Information we process as described in this notice may also include information about third parties such as people whose details you supply to us.

Systems used to process data
We gather information directly from you and also via our website and other technical systems. These may include, for example, our:
• computer networks and connections
• communications systems
• trading platforms
• email and instant messaging systems
• intranet and Internet facilities
• telephones, voicemail, mobile phone records
• and other hardware and software owned, used or provided by or on behalf of us and our group companies.

Some limited personal data may be collected from monitoring devices such as CCTV, door entry and visitor registration systems, if you attend our offices.

Cookies
When you use our website we may gather information about you through Internet access logs, cookies and other technical means. ‘Cookies’ are text files placed on your computer to collect Internet log information and user behaviour information. These are used to track website usage and monitor website activity and for other data processing reasons set out below.
Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work. To find out more about the cookies we use and how to disable them, please visit https://hoshizaki-europe.com/privacy-policy.

Disclosures and exchange of information and transfers outside the EEA
We may disclose and exchange information with our group companies, credit reference agencies, service providers, representatives and agents, as well as with law enforcement agencies and regulatory bodies for the above reasons.
We only share information with such third parties if we are happy that they take appropriate measures to protect your personal information.
We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
Information may be transferred internationally to Japan and other countries around the world, including those without data protection laws equivalent to those in the UK, for the reasons described above. We have security measures in place to seek to ensure that there is appropriate security for information we hold including those measures detailed in our information security and data protection policies, which are available on request. Japan has received a finding of adequacy, so you can be sure that when your data is transferred there your data rights and freedoms will not be affected. International data transfers outside the European Economic Area and Japan are protected by Standard Contractual Clauses, as per GDPR Article 46(2).
If you would like further information please contact our Data Protection Manager (see above). We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

Retention periods
Your data will be held in accordance with the Company’s retention policy, which is available on request. Your data will be kept so that we can respond to any questions, complaints or claims made by you or on your behalf; to show that we treated you fairly; and to keep records required by law. In general, your data will be stored for the duration of your relationship with us, plus 6 years.

Your rights
You have a number of important rights, which can be exercised free of charge. You have the right to request:
• access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
• require us to correct any mistakes in your information which we hold
• require the erasure of personal information concerning you in certain situations
• receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
• object at any time to processing of personal information concerning you for direct marketing
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• object in certain other situations to our continued processing of your personal information
• otherwise restrict our processing of your personal information in certain circumstances.

Where you have given consent to any data processing, you have the right to withdraw that consent at any time. We will not do anything with your data not outlined in this notice.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of these rights, please contact our Data Protection Manager in writing (see above), providing enough information to identify you and let us know which information to which your request relates.

If you are not satisfied with any complaint you have with us, you also have the right to make a complaint to the Information Commissioners Office, which is the supervising authority in the UK in relation to data processing. You can contact the Information Commissioner at ico.org.uk/concerns/ or by telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.

We may change this privacy notice from time to time, when we do we will inform you via e-mail.

This policy was last updated in August 2019.