Privacy Policy

1. Introduction

EJT63 Limited, trading as Millstar Plant (“Millstar Plant”, “we”, “us” or “our”), is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store and disclose personal data when you visit our website at www.millstarplant.co.uk, request a quote, contact us, or otherwise engage with our operated plant hire services.

This policy is issued on behalf of EJT63 Limited and applies to all personal data we process. It should be read alongside any other notices we may provide to you at the time we collect or process personal data about you.

For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, the data controller is EJT63 Limited.

2. Who We Are & How to Contact Us

EJT63 Limited (trading as Millstar Plant) is a company registered in England and Wales, providing operated plant hire services including road sweeping, gully sucking, dust suppression, beam sweeping and drain surveys and remediation.

• Registered office: C/O Xeinadin South Essex Ltd The Rivendell Centre, White Horse Lane, Maldon, England, CM9 5QP
• Email: mail@millstarplant.co.uk
• Telephone: 0800 099 6020
• Website: www.millstarplant.co.uk

We have not appointed a dedicated Data Protection Officer as we are not legally required to do so. If you have any questions about this Privacy Policy or our data practices, please contact us using the details above and mark your correspondence for the attention of the Data Protection Lead.

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Information you provide to us

• Identity data: first name, last name.
• Contact data: email address, telephone number, postal address, site address.
• Business data: company or organisation name, job role, and the category of customer you represent (e.g. construction company, local council, farm owner, highway agency).
• Enquiry and transactional data: details of services you have enquired about, quotes requested, projects discussed, and any correspondence between you and us.
• Financial data: billing address, purchase order numbers and payment details processed through our invoicing process.
• Communications data: any other information you choose to share with us in the “Message” field of our quote form, by email, over the telephone or in person.

3.2 Information we collect automatically

When you visit our website, we may automatically collect the following data:

• Technical data: internet protocol (IP) address, browser type and version, time zone setting and location, operating system, device type, and other technology identifiers on the devices you use to access our website.
• Usage data: information about how you use our website, including pages visited, time spent, links clicked and referring website.
• Cookie data: data collected via cookies and similar technologies – see Section 10 (Cookies) below.

3.3 Information from third parties

We may receive personal data about you from third parties, such as referrals from business partners, publicly available business directories (e.g. Companies House), credit reference or fraud prevention agencies, and social media platforms where you engage with our content (Facebook, Instagram, LinkedIn).

We do not knowingly collect personal data from children under 16. Our services are directed at businesses and public sector organisations, not individuals under 16.

4. How We Collect Your Personal Data

We use different methods to collect personal data, including through:

• Direct interactions: when you complete our “Get a Quote” form, email us, telephone us or otherwise correspond with us.
• Automated technologies: as you interact with our website, we automatically collect technical data about your equipment, browsing actions and patterns using cookies and similar technologies.
• Third parties: from analytics providers, hosting providers, business partners, and publicly available sources.

5. How We Use Your Personal Data and Our Lawful Bases

Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following lawful bases:

5.1 Performance of a contract

We process your personal data where it is necessary to take steps at your request before entering into a contract, or to perform a contract with you or the organisation you represent. This includes providing quotations, arranging plant hire, invoicing and delivering our services.

5.2 Legitimate interests

We process your personal data where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interests include:

• responding to enquiries and quote requests;
• managing, operating and improving our business, website and services;
• maintaining records of our dealings with customers, suppliers and prospects;
• network and information security;
• preventing fraud and recovering debts;
• sending business-to-business marketing about services similar to those you have enquired about.

5.3 Legal obligation

We process your personal data where it is necessary to comply with a legal or regulatory obligation, such as our obligations under tax, accounting, health and safety, employment and anti-money-laundering legislation.

5.4 Consent

In limited circumstances, we rely on your consent to process your personal data – for example, when you opt in to receive marketing communications by email, or when you consent to non-essential cookies. You may withdraw your consent at any time by contacting us or by using the unsubscribe link in any marketing email.

6. Purposes for Which We Use Your Personal Data

We use your personal data for the following purposes:

• Quotation and enquiries: to respond to quotation requests and enquiries you submit via our website, email or telephone.
• Service delivery: to enter into and perform contracts for plant hire and associated services, including scheduling jobs, liaising on site and communicating about works.
• Invoicing and payment: to process payments, issue invoices and maintain accounting records.
• Marketing: to send you information about our services, industry updates or offers that may be of interest, where you have consented or where we are legally permitted to do so.
• Website and service improvement: to analyse how our website is used, improve functionality and user experience, and ensure our services meet your needs.
• Security and fraud prevention: to protect our business and website from fraud, misuse, and security threats.
• Legal compliance: to comply with legal, regulatory, accounting and reporting obligations.

7. Who We Share Your Personal Data With

We do not sell your personal data. We may share your personal data with the following categories of recipients, who act either as separate data controllers or as our data processors bound by written contracts:

• IT and hosting service providers: cloud hosting providers (including our website host, Webflow, Inc.), email providers, IT support, backup and customer-relationship-management (CRM) providers.
• Analytics providers: website analytics, advertising and performance-measurement providers used on our website (subject to your cookie preferences).
• Professional advisers: accountants, auditors, tax advisers, insurers and legal advisers.
• Payment processors: providers of invoicing, credit-control and card-payment services.
• Government bodies and regulators: such as HM Revenue & Customs, regulators and law-enforcement agencies where required by law.
• Subcontractors and partners: subcontractors we engage to help deliver a specific job on your behalf, where necessary to perform our services.
• Business transfers: in the event of a sale, merger, reorganisation, insolvency or similar event, we may share your personal data with potential or actual buyers and their advisers.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not permit our processors to use your personal data for their own purposes.

8. International Transfers

Some of our third-party service providers (for example, our website host and certain analytics providers) are based outside the United Kingdom, which means that processing your personal data may involve a transfer of data outside the UK.

Whenever we transfer your personal data outside the UK, we ensure a similar degree of protection is afforded to it by using at least one of the following safeguards:

• transferring to countries that have been deemed by the UK Government to provide an adequate level of protection for personal data (“adequacy regulations”);
• using specific contracts approved for use in the UK (such as the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses);
• relying on other lawful transfer mechanisms recognised under the UK GDPR.

Please contact us if you would like further information on the specific mechanism used when transferring your personal data outside the UK.

9. How Long We Keep Your Personal Data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, and applicable legal requirements.

As a general guide:

• Enquiries and quotations that do not lead to a contract: typically retained for up to 12 months if they do not lead to a contract.
• Customer and contract records: retained for the duration of our relationship and for at least 6 years after the end of that relationship, to comply with our legal and accounting obligations.
• Accounting and tax records: retained for a minimum of 6 years as required by HMRC.
• Marketing preferences: retained until you withdraw your consent or object to further marketing.
• Website analytics and cookie data: retained for as long as is necessary for the purpose for which they were set – see Section 10 (Cookies).

Once retention periods have expired, we will securely delete or anonymise your personal data.

10. Cookies

Our website uses cookies and similar technologies to distinguish you from other users, remember your preferences, understand how our website is used and help us improve it.

Cookies are small text files placed on your device. We use:

• Strictly necessary cookies: necessary for the operation of our website and cannot be switched off.
• Analytics/performance cookies: help us to understand how visitors interact with our website.
• Functionality cookies: remember choices you make to improve your experience.

We only set non-essential cookies with your consent. You can manage your cookie preferences at any time via the “Cookie Settings” link in the footer of our website, or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of the website.

11. Data Security

We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, accessed, altered or disclosed in an unauthorised way. These measures include restricting access to personal data to employees, agents and contractors who have a genuine business need to know, and requiring them to handle your data only on our instructions and subject to a duty of confidentiality.

We have procedures in place to deal with any suspected personal data breach and will notify you and the Information Commissioner’s Office (“ICO”) of a breach where we are legally required to do so.

12. Your Rights Under the UK GDPR

Under the UK GDPR, you have the following rights in relation to your personal data:

• The right to be informed: to be informed about how and why we use your personal data (this Privacy Policy).
• The right of access: to obtain a copy of the personal data we hold about you.
• The right to rectification: to have inaccurate or incomplete personal data corrected.
• The right to erasure (“right to be forgotten”): to request deletion of your personal data in certain circumstances.
• The right to restrict processing: to restrict our use of your personal data in certain circumstances.
• The right to data portability: to receive the personal data you have provided to us in a structured, commonly used, machine-readable format, and to transmit it to another controller, where we rely on consent or contract as our lawful basis.
• The right to object: to object to our processing of your personal data where we rely on legitimate interests, or for direct marketing purposes.
• Rights related to automated decision-making and profiling: we do not currently carry out any automated decision-making that produces legal or similarly significant effects about you.
• The right to withdraw consent: where we rely on your consent, you may withdraw it at any time.

You can exercise any of these rights by contacting us at mail@millstarplant.co.uk or by writing to us at Millstar Plant, Mill Works, CM3 6QT. We will respond to your request within one month. We may ask you for information to confirm your identity before we take action on your request. Exercising your rights is free of charge, although we may charge a reasonable fee or refuse to act if your request is clearly unfounded or excessive.

13. Your Right to Complain to the ICO

If you are unhappy with the way we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:

• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• Helpline: 0303 123 1113
• Website: www.ico.org.uk

We would, however, appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.

14. Third-Party Links

Our website may include links to third-party websites, plug-ins and applications (including our social-media channels on Facebook, Instagram and LinkedIn). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. When we make changes, we will update the “Last updated” date at the top of this policy. Where changes are significant, we will take reasonable steps to bring them to your attention, for example by posting a notice on our website or contacting you directly.

16. Contact Us

If you have any questions about this Privacy Policy, our data-protection practices, or to exercise any of your rights, please contact us:

• Company: EJT63 Limited (trading as Millstar Plant)
• Address: Millstar Plant, Mill Works, CM3 6QT, United Kingdom
• Email: mail@millstarplant.co.uk
• Telephone: 0800 099 6020