Privacy Notice (Version: 2024/02)
phs Group is the leading hygiene services provider in the UK, Spain and Ireland. With over 90,000 customers over 300,000 locations, we meet the needs of up to 100 million people.
Who we are:
- Team of over 3,000 expert personnel providing service to more than 300,000 locations
- A network giving full coverage to a population of more than 100 million
- Over 50 years of innovation and investment, transforming the future
- More than 90,000 customers – everything from beach bars in Ibiza to Buckingham Palace.
Healthcare, Washroom, Floorcare Hygiene and Specialist are our business. We stay on top of all the legislative developments affecting your industry to provide you with expert advice on what you need to do to ensure that your business is legally compliant.
Although our customers are primarily businesses, we do collect and use personal information relating to individuals as part of our day-to-day activities. This is generally in order to provide services directly to individuals, or when we work with individuals in our customer or supplier businesses. We also collect personal information about individuals who use our websites, wish to receive information about our services or who wish to work for us.
In this notice “phs”, “we”, “us” and “our” means Personnel Hygiene Services Limited and its UK subsidiaries. The names of the subsidiaries, as stated on the Data Protection Register held by the Information Commissioner’s Office, are Direct365online Limited, PHS Compliance Limited and Teacrate Rentals Limited. Personnel Hygiene Services Limited also uses the following trading names: PHS Washrooms, PHS Floorcare, PHS Wastemanagement, PHS Besafe, PHS Greenleaf, PHS Wastekit, Warner Howard, Syncros and Matta.
This privacy notice explains in the following sections how we use any personal information we collect about you when you use our website.
- What lawful basis do we use to process personal information about you?
- Why we need your personal information and how will we use it?
- How do we protect your information?
- Transferring your information overseas
- Social media
- How long we keep your data
- Your rights
- Cookies
- Other websites
- How to contact us?
What lawful basis do we use to process personal information about you?
- We have reviewed the purposes of our processing activities and selected the most appropriate lawful basis (or bases) for each activity.
- We have checked that the processing is necessary for the relevant purpose and are satisfied that there is no other reasonable way to achieve that purpose.
- We have documented our decision on which lawful basis applies to help us demonstrate compliance.
- We have included information about both the purposes of the processing and the lawful basis for the processing in our privacy notice
- Where we process special category data, we have also identified a condition for processing special category data and have documented this.
Ref | Lawful Basis to process personal data |
1 |
Processing is necessary for phs and its subsidiaries to carry out their services or deliver their products, to defend ourselves in legal claims and to respond to queries from regulators or legislators; except where it would negatively impact on the fundamental rights and freedoms of the individual (data subject), or where their personal data requires protection, particularly if the individual is a child. |
2 | Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. |
3 | Processing is necessary for compliance with a legal obligation to which the data controller is subject. |
4 | Processing is necessary to allow phs to pursue its legitimate interests in contacting stakeholders within organisations that have shown an interest in phs products and/or services. |
5 | Processing is necessary to allow phs to pursue its legitimate interests in the prevention and detection of fraud / crime. |
6 | The data subject has given consent to the processing of his or her personal data for one or more specific purposes. |
7 | Processing is necessary to allow phs to pursue its legitimate interests in offering benefits to its employees via third-party providers. |
Why we need your personal information and how will we use it?
To provide an outstanding service to our customers, employees and suppliers, we collect and process information in the following ways.
Service Provided |
Scenario |
How will we use your information |
Lawful Basis Ref |
Marketing, Lead and Prospect Customer Information |
|||
Informing our current and prospective customers of phs products and services |
Request a quotation for our products, services or place an order by corresponding with us by telephone, email, post or through our website (website usage information is collected using cookies) |
For customers and prospective customers, we will use your information to provide any products and services you’ve requested and for other purposes, for example:
|
1 |
Marketing to prospective or current customers |
We also purchase contact information from a third-party data seller. |
Note PHS will not share your information for marketing purposes with companies outside of our group. |
1 |
Marketing to organisations who have visited our website |
PHS Group utilises reverse IP tracking software called Web Insights. This software allows us to capture the IP address of our business website visitors, to help us identify which organisations are engaging with our website content. |
We use this data to provide insights to our sales and marketing functions in order to approach relevant stakeholders within those organisations, providing information about products and services offered by PHS. |
4 |
Current Customer Information |
|
||
Sale Orders Processing |
You purchase one off or ad-hoc goods from us. Over the phone or our websites
|
|
1,2 and 6 |
Contractual Business for prospective or current customers |
You enter into a contractual relationship with us to provide goods or services |
· To ensure that we are compliant with HMRC VAT regulations. |
2 |
Customer Portal |
Billing for goods or services provided by PHS |
|
2 |
Credit control and debt management |
You fail to pay for your goods or services within agreed contractual payment terms resulting in credit control and debt management processes |
|
2,3 |
Legal or Regulatory obligations |
To satisfy Environment Agency (EA) legal obligations |
|
2,3 |
Employee Information |
|
||
Recruitment and selection |
You are not a current employee and do not have a contract of employment but have given consent for phs to process and store your data for current or future positions with phs for which you may be suitable
|
For applicants, we will use your information:
· Disclosure and Barring Service (DBS) security checks for employees or criminal declaration |
6 |
Contractors |
|
For contractors, we will use your information:
· To ensure if you are a company vehicle user that you are compliant with the Highways Agency and other Transport related regulations. |
1,6 |
Employees (Permanent Full / Part time and Temporary) |
You are an employee of phs and have signed a contract of employment |
For employees, we will use your information:
· To contact your next of kin or beneficiary. · To provide information to other Bidvest group companies for audit and fraud prevention purposes. |
1,2,5,6,7 |
Employees (in customer facing teams) |
You are an employee of phs and a significant part of your role involves telephone contact with customers |
Telephone calls are recorded for the following purposes:
|
1,5,6 |
Supplier Information |
|
||
Supplier Request for Information (RFI) or Request for Proposal (RFP) |
You take part in a Request for Information (RFI) or Request for Proposal (RFP) supplier selection process |
For suppliers, we will use your information:
|
2 |
Supplier Purchase Order and Invoicing |
You submit an invoice for payment for services provided to PHS |
|
2 |
Other Personal Data |
|
||
Site visitors |
You are a visitor to one of our sites |
|
1, 3 |
How do we protect your information?
phs implements a number of industry standard security measures to protect personal information in our own and partner data centres. These cover information that is stored (at rest) and when copied from one system to another (in motion).
Services that are internet facing are further independently checked for all known security risks by accredited security specialists.
In general, personal information is only accessible to staff on a need to know basis and appropriate security measures are in place.
Transferring your information overseas
phs consciously selects suppliers that have a UK or European Economic Area (EEA) presence for the storage and maintenance of personal data and information. In a small number of very niche cases data is stored outside the UK/EEA. Any data stored outside the UK/EEA is protected by the EU Model Clauses which are EU-approved standardised contractual clauses. These clauses ensure that any personal data leaving the UK/EEA will be transferred in compliance with UK and EU data-protection laws. These clauses also mean that the third party has adequate security measures and controls in place to protect personal data.
All the personal data we process is processed by our staff or the staff of carefully selected suppliers in the UK or by our Business Intelligence partner Hexaware Plc in Chennai, India. For the purposes of IT hosting and maintenance this information is located on servers within the UK European Economic Area (EEA).
We use our social media channels, LinkedIn, Instagram, Facebook, Twitter and YouTube to build brand awareness, promote content and share information through thought leadership pieces, including articles, blogs and videos. We do not monitor our social media channels for subject access requests.
In exceptional circumstances, we do manage customer complaints through some of our channels to maintain the highest quality of customer service.
How long we keep your data
- We’ll keep your information for as long as you have a relationship with us. After the relationship ends, we’ll keep it where we have a legitimate interest e.g. to market products and services that may be of interest to you; to help us respond to queries or complaints, or for compliance with a regulatory or legal obligation such as but not limited to the following legislation which have their own data retention rules.
- Equality Act 2010
- Employment Rights Act 1996
- Health and Safety at Work Act 1974
- Limitation Act 1980
- National Minimum Wage regulations 1998
- The Control of Substances Hazardous to Health Regulations 1999 and 2002
- The Retirement Benefits Schemes (Information Powers) Regulations 1995(SI 1995/3103)
- The General Data Protection Regulation
- Companies Act 1985, 1989 and 2006
- The Income Tax (PAYE) Regulations 2003/2682
- The Statutory Sick Pay Regulations 2014
- VAT Act 1994
- Corporation Tax Act 2010
- The Environmental Protection (Duty of Care) Regulations 1991
- The Special Waste Regulations 1996
You have a number of rights relating to your information e.g. to see what we hold, to ask us to update incorrect or incomplete details, to object to or restrict processing of it, to make a complaint, etc.
If you would like a copy of some or all of your personal information, please email dataprotection@phs.co.uk or write to us. Please see the how to contact us section below.
If at any point, you believe the information we process on you is incorrect you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact us via email to have the matter investigated – dataprotection@phs.co.uk or by writing to the address below.
If you are not satisfied with our response or believe we are processing your personal data other than in accordance with the law, you can complain to the Information Commissioner’s Office. You can find advice on the ICO’s website [ico.org.uk/sar] and information on their powers and the action they can take [ico.org.uk/action] or call them on 0303 123 1113.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
For further information visit www.allaboutcookies.org
You can set your browser to not accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
This website contains links to other phs group websites, which may not be limited to those listed below.
http://www.phswaterandenergysavings.co.uk/
http://www.phsspillcontrol.co.uk
http://www.phswastemanagement.co.uk
https://mycompliance.phs.co.uk
https://www.phsgreenleaf.co.uk
Depending on your enquiry, there are a number of ways you can get in touch:
Type of enquiry |
Contact details |
Customer Complaint |
02920 851000 |
Data request/complaint |
dataprotection@phs.co.uk |
General enquiries |
02920 851000 |
Sales |
02920 809098 |
Service |
02920 851000 |
Other |
02920 851000 |
Please contact us if you have any question about our Privacy Notice or information we hold about you:
Mr. David Finlayson
Data Protection Officer
phs Group
Unit B
Western Industrial Estate
Caerphilly CF83 1XH