Privacy Policy

Expo Direct (trading name of Expo Hire UK Limited, company number: 06263884, registered address: 30 Chester Street, Aston, Birmingham, B6 4BE) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our website, place orders, or interact with us. It also outlines your rights under UK General Data Protection Regulation (UK GDPR).

Who We Are (Data Controller)

For the purposes of UK GDPR, Expo Hire UK Limited, trading as Expo Direct, is the data controller responsible for your personal data. This means we determine the purposes and means of processing your data.

Information We Collect

We collect personal information when you interact with our website, create an account, place an order, request a quote, or contact us. This may include:

• Contact Information: Your name, email address, phone number, company name, and billing/delivery addresses.
• Order Information: Details of the products or services you order, quantities, prices, delivery preferences, and special instructions.
• Payment Information: While we do not store your full payment card details on our servers, payment information is securely processed by our third-party payment provider, Stripe. We may receive confirmation of payment status.
• Account Information: If you create an account with us, we store your username and encrypted password.
• Communications: Records of your correspondence with us via email, phone, or online chat, including enquiries and support requests.
• Website Usage and Technical Information: Your IP address, browser type and version, device information, operating system, pages visited, time spent on our site, and other analytical data collected via cookies.

How We Use Your Information

We use your personal data for the following essential purposes:

• Order Processing and Fulfilment: To process your orders, arrange delivery or collection, and manage returns.
• Communication: To send you order confirmations, delivery updates, service announcements, and respond to your enquiries.
• Customer Service: To provide support, assist with troubleshooting, and manage your account.
• Legal and Regulatory Compliance: To comply with our legal obligations, including tax, accounting, and health & safety requirements.
• Business Operations and Improvement: To improve our website functionality, product offerings, and overall service experience; for internal record keeping and administrative purposes.
• Marketing Communications: To send you promotional emails about our products, services, or special offers, but only if you have explicitly consented to receive them. You can withdraw your consent at any time.

Legal Basis for Processing

We rely on the following legal bases under UK GDPR to process your personal data:

• Contract Performance: Processing necessary for the performance of a contract with you (e.g., fulfilling your order) or to take steps at your request before entering into such a contract (e.g., providing a quote).
• Legal Obligation: Processing necessary for compliance with a legal obligation to which we are subject (e.g., tax and accounting laws).
• Legitimate Interest: Processing necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests (e.g., operating and improving our business, fraud prevention, network security).
• Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., sending marketing emails). You have the right to withdraw this consent at any time.

Information Sharing

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We may share your information with:

• Payment Processors: Such as Stripe, to securely process payments for your orders.
• Delivery and Logistics Partners: If you arrange delivery or collection of equipment through us, we share necessary contact and address details.
• Professional Advisers: Including accountants, auditors, and lawyers, where necessary to obtain professional advice.
• IT and System Providers: Who support our website, data storage, and business operations (e.g., hosting providers, email service providers).
• Law Enforcement or Regulatory Bodies: If required by law, court order, or to protect our rights, property, or safety, and the safety of others.

We ensure all third-party service providers are contractually obligated to respect the security of your personal data and use it only for the specific purposes we instruct.

International Data Transfers

Your personal data is primarily processed and stored within the UK. However, some of our third-party service providers (e.g., cloud hosting, email service, analytics providers) may operate in countries outside the UK, including the European Economic Area (EEA) or other regions. In such cases, we ensure that your data is protected by appropriate safeguards, such as standard contractual clauses approved by the UK Information Commissioner's Office (ICO), or by ensuring the recipient country has been deemed to provide an adequate level of protection.

Data Retention

We retain your personal data only for as long as necessary to:

• Fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.
• Comply with our statutory obligations (e.g., financial records are typically kept for 6-7 years).
• Resolve disputes and enforce our agreements.

Once the retention period expires, your personal data will be securely deleted or anonymised.

Data Security

We implement robust technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:

• Secure Socket Layer (SSL/TLS) encryption for all data transmitted via our website.
• Access controls and authentication procedures for internal systems.
• Regular security audits, software updates, and vulnerability testing.
• Employee training on data protection and privacy best practices.
• Maintaining appropriate physical security measures at our premises.

While we strive to protect your personal data, no internet transmission or storage method is 100% secure. We cannot guarantee absolute security but commit to continuously improving our security practices.

Cookies

Our website uses cookies and similar technologies to enhance your browsing experience. Cookies help us to:

• Remember items in your shopping basket.
• Keep you logged into your account (if applicable).
• Understand how visitors use our website and improve its performance.
• Provide relevant content and improve overall user experience.

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For detailed information on the cookies we use and your choices, please refer to our dedicated Cookies Policy.

Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data we hold about you.
• Right to Erasure (“Right to be Forgotten”): Ask us to delete your personal data in certain circumstances (subject to legal retention requirements).
• Right to Restriction of Processing: Request us to limit the way we use your data in certain situations.
• Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to Object: Object to the processing of your personal data where we are relying on a legitimate interest as the legal basis.
• Right to Withdraw Consent: Withdraw your consent for marketing communications at any time.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month.

Children's Privacy

Our website and services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete that information as quickly as possible.

Third-Party Links

Our website may contain links to third-party websites for your convenience or information. We are not responsible for the privacy practices or content of these external sites. We encourage you to review their privacy policies before providing any personal data.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Any updates will be posted on this page with an updated “Last updated” date. We encourage you to review this policy regularly.