1 HSC Group: Legal Entities

The Hire Supply Company (UK) Limited – Company Registration Number 03093252

2 Commitment to Information Security

We are providing you with this Privacy Notice in demonstration of our commitment to information security.  We are registered with the Information Commissioner’s Office under reference: ZA355050

3 Information Security Management System (ISMS)

HSC Group operates and maintains an Information Security Management System (ISMS) in order to control its information assets and the information assets of its customers correctly.  The ISMS is part of our ‘privacy by design’ approach to data management and consists of the following components:

3.1 Contractual Agreements

HSC Group issues the following contractual documentation, which incorporate binding information security clauses, to employees, contractors, customers and suppliers:

3.2 Policies & Protocols

 HSC Group maintains operating policies and protocols to cover:

  • Confidentiality
  • Monitoring of communications
  • Data breach reporting

HSC Group’s relevant policies and protocols help us to fully realise our commitment to lawful, fair and transparent data processing.

3.4 Guidelines & Training

HSC Group commits to oversee the competence of all our human resources in respect of compliance with GDPR. This includes the issue of contractual and procedural documentation, as described above, as well as the implementation of training for all relevant members of staff. Training is provided either directly by HSC Group or by their suppliers to enable employees and contractors to operate consistently within our ISMS.

3.5 Risk Assessment

HSC Group has run a GDPR audit to determine that our physical office environment, our IT systems, our personnel, our policies and our practices conform to the standards of the General Data Protection Regulation.

We are registered with the Information Commissioner’s Office and we operate a formal incident management process to identify, contain and recover from a data breach, should one occur.  Our employees are trained to report any suspicion of data breach to our Data Protection Officer in line with our Data Protection Policy. 

4 Your Personal Information

4.1 Why we process your personal information

In the course of transacting with us you may be required to provide personal information to include: your name, address, date of birth, telephone number, email address, bank account and payment card details and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media.

Your personal information may be used by us to:

  • Make our services and products available to you;
  • Process your orders;
  • Take payment from you or give you a refund;
  • Help us ensure that our customers are genuine and to prevent fraud;
  • Find ways to improve our services and products;
  • Contact you about services and products and services from us;
  • Help answer your questions and solve any issues you have.

4.2 Your rights

4.2.i Access and correction

You have the right to access the personal information that we hold about you in many circumstances. This is sometimes called a 'Subject Access Request'. I f we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge.

Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.

If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.  If you would like to exercise these rights, please contact our Data Protection Officer by emailing:

4.2.ii Right to stop or limit our processing of your data

You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.  If you would like to exercise this right, please contact our Data Protection Representative, as detailed above.

4.2.iii How long will we keep your information?

We will retain a record of your personal information only for as long as it is necessary to do so.  Our objective is to provide you with a high quality and consistent service across our group. We will always retain your personal information in accordance with law and regulation.

5 Our Suppliers & Third Parties

Qualifying the compliance of suppliers and third parties is essential to establishing our own Statement of Compliance with GDPR.  Should any suppliers or third parties with whom we share personal information – either as data controllers or data processors – fail to evidence conformity to the requirements of GDPR (or fail to ameliorate their non-conformity under notice) we will terminate our relationship with them.

Our current key suppliers/third party in the context of personal information data processing have documented evidence of their compliance with GDPR.

6 Physical Security

HSC Group commits to protecting data through appropriate physical measures, these can be broken down into:

6.1 Premises Access Control

No individual can access our office environment without a key card during business hours of 8:00am to 5:30pm.  Office key holders are restricted only to senior personnel with a register of key holders maintained at all times.

6.2 Server Access Control (Physical)

Server, routers and other business critical equipment is stored securely under locked cover with keypad access restricted to office key holders only.

6.3 Server Access Control (Digital)

Remote access to servers is carefully managed and monitored with enhanced security protocols in place.