GDPR Compliance & Your Data Rights

Last updated: November 2024

RMC Cherry Picker Hire is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we protect your personal data and your rights under these regulations.

1. Our Commitment to GDPR Compliance

We take data protection seriously and have implemented comprehensive measures to ensure we comply with UK GDPR requirements. Our commitment includes:

  • Lawful, fair, and transparent processing of personal data
  • Collection of data only for specified, explicit, and legitimate purposes
  • Data minimisation - we only collect what is necessary
  • Accuracy and keeping data up to date
  • Limited storage periods based on necessity
  • Security, integrity, and confidentiality of your data
  • Accountability and demonstrable compliance

2. Data Controller Information

Data Controller: RMC Cherry Picker Hire
Contact Email: hello@rmccherrypickerhire.co.uk
Phone: 0800 852 7795

As the data controller, we determine the purposes and means of processing your personal data.

3. What Personal Data We Process

We process the following categories of personal data:

  • Identity Data: Name, title, company name
  • Contact Data: Email address, telephone number, postal address, job site location
  • Transaction Data: Booking details, payment information, invoicing records
  • Technical Data: IP address, browser type, device information (collected automatically)
  • Usage Data: Information about how you use our website and services
  • Marketing Data: Your preferences for receiving marketing communications

We do not collect Special Category Data (such as health information, racial or ethnic origin, political opinions, religious beliefs) unless specifically required for service delivery with your explicit consent.

4. Legal Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on:

Contract Performance (Article 6(1)(b))

Processing is necessary to fulfil our contract with you when you book our cherry picker hire services, including:

  • Processing your booking request
  • Delivering the hired equipment and operator
  • Invoicing and payment processing
  • Providing customer support

Legitimate Interests (Article 6(1)(f))

Processing is necessary for our legitimate business interests, such as:

  • Improving our services and website
  • Fraud prevention and security
  • Network and information security
  • Business development and marketing (where not based on consent)

Legal Obligation (Article 6(1)(c))

Processing is necessary to comply with legal requirements, including:

  • Tax and accounting obligations
  • Health and safety regulations
  • LOLER certification and compliance records

Consent (Article 6(1)(a))

Where we rely on your consent (e.g., marketing emails), you have the right to withdraw consent at any time.

5. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access (Article 15)

You can request a copy of the personal data we hold about you. This is commonly known as a "subject access request" and is free of charge. We will provide this within one month of your request.

Right to Rectification (Article 16)

You can ask us to correct inaccurate or incomplete personal data we hold about you.

Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data in certain circumstances, such as:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed

Note: This right is not absolute. We may need to retain certain data to comply with legal obligations (e.g., accounting records for 7 years).

Right to Restriction of Processing (Article 18)

You can request that we limit how we use your personal data in certain situations, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20)

You can request to receive your personal data in a structured, commonly used, machine-readable format and have it transferred to another controller.

Right to Object (Article 21)

You have the right to object to:

  • Processing based on legitimate interests
  • Direct marketing (including profiling)
  • Processing for scientific/historical research and statistics

Rights Related to Automated Decision Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not currently use automated decision-making processes.

6. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Email: hello@rmccherrypickerhire.co.uk
Phone: 0800 852 7795

When making a request, please provide:

  • Your full name and contact details
  • Details of your specific request
  • Proof of identity (for security purposes)

Response Time: We will respond to your request within one month. If your request is complex, we may extend this by a further two months and will inform you of the extension and reasons.

No Fee: You will not usually have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

7. Data Security Measures

We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption: SSL/TLS encryption for data in transit
  • Access Controls: Restricted access to personal data on a need-to-know basis
  • Staff Training: Regular data protection training for all staff
  • Secure Storage: Protected databases and secure backup procedures
  • Regular Reviews: Ongoing security assessments and updates
  • Incident Response: Procedures for detecting, reporting, and investigating data breaches

8. Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware
  • Inform affected individuals without undue delay if the breach is likely to result in a high risk to their rights
  • Document all data breaches, including facts, effects, and remedial actions taken

9. Data Retention Periods

We only retain personal data for as long as necessary for the purposes for which it was collected:

  • Booking Records: 7 years (for accounting and legal compliance)
  • LOLER/Safety Records: 7 years (legal requirement)
  • Marketing Data: Until you unsubscribe or request deletion
  • Website Analytics: Up to 26 months
  • Enquiry Forms: 2 years if not converted to booking

After the retention period expires, we will securely delete or anonymise your personal data.

10. Third-Party Data Processors

We may use third-party service providers to process personal data on our behalf. All processors are carefully selected and must:

  • Provide sufficient guarantees of appropriate technical and organisational security measures
  • Process data only on our documented instructions
  • Ensure confidentiality of personal data
  • Implement appropriate security measures
  • Assist us in meeting our GDPR obligations

We have Data Processing Agreements in place with all third-party processors.

11. International Transfers

If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the ICO
  • Adequacy decisions recognising equivalent data protection
  • Binding Corporate Rules for intra-group transfers

12. Children's Data

Our services are not directed at children under 18. We do not knowingly collect or process personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

13. Updates to This GDPR Statement

We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date.

14. Making a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Website: www.ico.org.uk
Helpline: 0303 123 1113
Email: casework@ico.org.uk

However, we encourage you to contact us first so we can try to resolve any concerns directly.

15. Further Information

For more detailed information about how we process your data, please see our Privacy Policy.

If you have any questions about our GDPR compliance or your data rights, please contact us:

Email: hello@rmccherrypickerhire.co.uk
Phone: 0800 852 7795