Company Privacy Policy


Challenger Site Services LLP is committed to protecting the privacy of all personal information collected in the course of business. Challenger Site Services LLP complies with all data protection laws applicable to the United Kingdom.

This privacy policy explains how and why personal information is collected; who the information is shared with, why and on what basis; and what rights a person has with regards to their personal information.

This privacy policy applies to personal information about:

Visitors to the website -
Customers who purchase goods or services from Challenger Site Services LLP
Suppliers who supply goods or services to Challenger Site Services LLP
Members of the public who have contacted Challenger Site Services LLP

Personal information is any information that could be used (directly or indirectly) to identify a person. That could be anything from a name and address, bank details, email address, an image or recording, IP address or any other information that could be used to identify someone.

Personal information may include “special category data” relating to racial or ethnic origin, political opinions, religious beliefs, membership of a trade union, physical or mental health and criminal records and allegations. As a rule, “special category data” is not collected. The exception is where suspected criminal activity is identified such as use of stolen payment card details. In this case, details of the suspected criminal activity will be recorded, and appropriate action may be taken, including refusing to accept orders, make payments or give refunds. The incident may also be reported to the relevant bank or payment card issuer or to the police or other appropriate authority.

Processing simply means doing something with personal information. That could be as straightforward as collecting it or sharing it, or as complex as modelling the information or appending values to the information.

Data Controller

Challenger Site Services LLP is a data controller and as such is responsible for determining what happens to any personal information collected and how it is processed. Responsibilities also include monitoring and approving any data processors that the information is passed to.

Data Processor

Challenger Site Services LLP use data processors to provide personal information processing services. A data processor carries out processing on behalf of the data controller. As an example, Challenger Site Services LLP (the data controller) may ask another company (the data processor) to send emails to customers. As a result, the data controller will provide the data processor with the personal information required to carry out this request.

Legal Basis

Some of the personal information collected is provided voluntarily (and therefore with permission), for example when signing up to join a mailing list or submitting a query.

If products or services are purchased or supplied, most of the information collected is necessary for the fulfilment of the contract between Challenger Site Services LLP and its customer/supplier.

The remainder of the information is collected for legitimate business purposes, which include:

To keep in touch with current, past and prospective customers
To manage the relationship with customers and suppliers
To gain an understanding of customer interaction to provide the most relevant products and services
To monitor the use of the website, provide a more personalised online experience and improve its facilities
To identify suspected criminal activity and take appropriate action

Personal information may also be used in order to meet legal or regulatory obligations that Challenger Site Services LLP may be subject to.

The Information Collected

Challenger Site Services LLP may use the personal information collected from people who have previously signed up to the mailing list or have previously enquired or purchased products or services to let them know about similar products or services which may be of interest to them and to keep them updated with information about promotional offers.  

Email or text marketing can be opted out of at any time by using the unsubscribe option in the message. Postal and/or telephone marketing can be opted out of at any time by contacting us at the address at the end of the policy.


If products or services are purchased or enquiries are made, personal information will be collected and stored on a secure centralised database and may be used in the following ways:

to respond to enquiries;
to keep customers informed about our products and services;
to process orders and to follow up on orders that are not completed;
to process initial and ongoing payments for orders;
to manage deliveries and collections;
to manage a customer’s account or credit account if applicable including carrying out credit/trade references;
for market research purposes;
to track activity on the website and to provide a more personalised online experience;
to link with social media sites and services
to notify customers about important changes or developments to the website or services;
to deal with enquiries and complaints;
for claims management and insurance purposes;
for record keeping purposes; and
for testimonials.


If products or services are supplied, personal information will be collected and stored on a secure centralised database and may be used in the following ways:

for order processing and management;
to manage deliveries/collections, installations, returns and refunds;
to manage a Supplier’s account, including conducting credit, trade and other background checks where applicable;
for market research purposes;
to notify Suppliers about important changes or developments to the website or services;
for supply chain management;
to deal with enquiries and complaints;
for claims management and insurance purposes; and
for record keeping purposes.

Members of the public:

If contact is made with members of the public, personal information will be collected and stored on a secure centralised database and may be used in the following ways:

to deal with enquiries and complaints; and
for claims management and insurance purposes

Call Monitoring:

Some telephone calls may be monitored for the following purposes:

training and quality control;
as evidence of conversations; and/or
for the prevention or detection of crime (e.g. fraudulent claims).


CCTV systems are used within the offices, workshop and yard area for the safety and security of the staff, buildings, assets and information located or stored on the premises and will not be used for any other purpose without prior consultation of the Partners.

The CCTV System may be used to:

Investigate security incidents in order to secure evidence, should such incidents occur.
Monitor the progress of staff or individuals in the ordinary course of lawful business in the area under surveillance.
Observe staff working practices, time keeping or to assist in the day-to-day management of staff.
Capture images for training purposes.
In exceptional circumstances, where it is considered appropriate, the CCTV system may be used to visually monitor the health and/or behaviour of the staff.

Challenger Site Services LLP is committed to respecting people’s rights to privacy and supports the individual’s entitlement to go about their lawful business, although there will inevitably be some loss of privacy when CCTV cameras are installed and so it is crucial that serious consideration is given to the necessity for cameras in a given location.  It is also essential that CCTV equipment is sited in such a way that it only monitors those areas intended to be covered. If it is not possible to restrict coverage, the owner of a property or space being overlooked should be consulted. Cameras are not to be installed in such a way that they can look into private space such as toilets.

It is essential that legible ‘CCTV Recording in Use’ signs are displayed in a prominent place where CCTV is in use and only where it is in use (except where ‘covert’ cameras have been authorised for deployment). The signs will act as an additional deterrent. All signs of this nature should have a yellow background with all writing in clear black print and should contain the following information:

Identify Challenger Site Services LLP as responsible for the surveillance,
Purpose of the surveillance,
Contact details,
An image of a camera.

CCTV recordings are only to be reviewed by Company Partners. Images provided to the Police or other enforcement agencies or for internal investigations shall at no time be used for anything other than the purposes for which they were originally released. All images will remain the property and copyright of Challenger Site Services LLP. All media will be disposed of securely when no longer required.

Website and Social Media:

Visitors to the website and Challenger Site Services LLP social media platforms may choose to provide contact details (name, address, email address, telephone number) for any of the following reasons:

Signing up to a mailing list
Submitting a query or requesting a quote or other information
Contacting Challenger Site Services LLP or requesting contact to be made
Blog comments
Social media posts

Website Cookies:

The website can be visited and browsed without providing a name or contact details, however, like many websites, cookies are used to analyse how the site is used by visitors and to provide a more personalised online experience.

Cookies are a standard feature of most websites and allow small amounts of data to be stored on a computer. Cookies provide the following benefits;

Determine whether the website has previously been visited or not.
Make it easier to maintain preferences and enable certain features of the website to work.
Tailor the information or adverts shown on the website.
Insights into which areas of the website are useful and which areas need improvement.

There are three different types of cookies:

Session cookies: these are mainly used by online shops and allow visitors to keep items in their basket when shopping online. These cookies expire when the browser is closed
Permanent cookies: these are kept even when the browser is closed and saved on the computer for up to 6 months. They are used to remember each visitor’s preferences from one visit to the next.
Third-party cookies: these are installed by third parties with the aim of collecting certain information to carry out various research into behaviour, demographics etc.

Details of the cookies used on the website are:

Essential cookies -  Used to perform a variety of functions in order to make sure the information is displayed correctly on the website and records whether or not additional cookies have been accepted
Analytics cookies - Google Analytics is used to assess how visitors use the website, to understand how users arrived at the website, to monitor how long they remained on the website, when they returned and to control website traffic at busy times. These cookies use anonymous information only and are deleted after 26 months.
Functionality cookies -  Used to enable certain features of the website work such as email services, surveys, live chat features, contact forms and video.

Accepting cookies is a choice and this decision can be made and changed at any time using the settings on the web browser. However, disabling cookies, can diminish the website experience and prevent features from working as intended. For details on how to accept, block and delete cookies you can use the “help” feature on the web browser or visit To opt-out of Google Analytics for the web, visit the Google Analytics opt-out page  to install the Google Analytics opt-out add-on for your browser.


Challenger Site Services LLP is committed to safeguarding personal information that is provided in the course of business. Employees handling personal information should ensure that they:

Keep passwords and accounts secure.
Do not install software or hardware, including modems and wireless access without explicit approval from a Company Partner.
Report any suspicious behaviour and/or breaches of this policy to a Company Partner without delay.
Exercise good judgment regarding the reasonableness of personal use of IT equipment.
Take all necessary steps to prevent unauthorised access to confidential data.
Special care should be exercised when using information contained on portable computers.

All employees must sign a ‘Confidentiality Agreement’, which prohibits them from making any material available for purposes other than those stated in this Policy. Once signed, the Confidentiality Statement will be placed in the persons Personnel file.

Physical Security

Access to sensitive information in both hard and soft media format must be physically restricted to prevent unauthorised individuals from obtaining sensitive data.

Visitors must always be escorted by a trusted employee when in areas that hold confidential data and information.
A schedule of devices should be maintained. The list should include make, model, serial number and location of the device.
Personnel using the devices should report suspicious behaviour and indications of tampering of the devices to a Company Partner without delay.

Network Security

A high-level network diagram of the network is maintained and reviewed on a yearly basis and can be found in the Office Handbook.  Other forms of network security in place are;

The allocation of privilege rights shall be restricted and controlled, and authorisation provided jointly by the system owner and IT Services.
Access to confidential information will be limited to authorised persons whose job responsibilities require it.
No external access for remote users shall be permitted to any network device or networked system without prior authorisation from a Company Partner.
All data must be securely disposed of when no longer required by Challenger Site Services LLP, regardless of the media or application type on which it is stored.
Challenger Site Services LLP will arrange for the destruction of hardcopy materials.
Bulk download of personal information is not possible via Challenger Site Services LLP centralised IT systems without administrator access. All documents and files that are backed-up are encrypted.

Cardholder Security

Challenger Site Services LLP uses a PCI-compliant virtual terminal to process card payments; this reduces the risk of a security breach as no cardholder details are stored on local machines.

In order to prevent a breach of cardholder data or sensitive cardholder information Challenger Site Services LLP and its employees will ensure:

All sensitive cardholder data stored and handled by Challenger Site Services LLP and its employees must be securely protected against unauthorised use at all times.
Any display of the cardholder should be restricted at a minimum to the first 6 and the last 4 digits of the cardholder data.
All sensitive cardholder data must be protected securely if it is to be transmitted. Cardholder data must never be sent over the internet via email, instant chat or any other end user technologies.
All hard copies of cardholder data must be manually destroyed when no longer required for valid and justified business reasons.
All cardholder information awaiting destruction must be held in lockable storage containers clearly marked - access to these containers must be restricted.

It is also strictly prohibited to store:

The contents of the payment card magnetic stripe (track data) on any media whatsoever.
The CVV/CVC on any media whatsoever.
The PIN or the encrypted PIN Block under any circumstance.


Appropriate measures are used to protect the information that is submitted through the website as well as the information collected and stored about customers. Unfortunately, the transmission of information via the internet is not completely secure. Although personal information will be protected as much as possible, the security of information submitted via the website cannot be guaranteed. Any transmission is done so at the risk to the individual.

Once the information has been received, appropriate and a generally accepted standard of technology and operational security has been implemented to safeguard personal information against loss, theft and unauthorised use, access or modification. In the event of any breach which might expose a person to a serious risk, they will be notified promptly.

Links may be provided on the website to other websites that are not operated by Challenger Site Services LLP. Use of these links, will result in leaving the website. Challenger Site Services LLP are not responsible for the contents of any third-party website.


Like most organisations, Challenger Site Services LLP engage service providers to run the website and IT systems, conduct credit/trade reference checks, perform debt collection and handle marketing campaigns. A number of suppliers also provide products and delivery services to/for Challenger Site Services LLP.

These companies will only be provided with the information they need to deliver the service they have been engaged for and are prohibited from using that information for any other purpose.

Whenever personal information about customers or visitors to the website is shared with service providers, agreements will be put in place which require the service provider to protect the information and keep it secure.

Some of the companies who provide services to Challenger Site Services LLP may be located outside the United Kingdom; Marketing service providers who are located in the United States, for example. As a result, personal information may be transferred outside the UK.

Challenger Site Services LLP will ensure that those service providers comply with any legal requirements that apply to the transfer of personal information outside the UK, including, where appropriate, requiring the service provider to sign the approved European Commission Standard Contractual Clauses for the transfer of personal information to third countries.

Personal information may be disclosed to the following third parties for the purposes described above:

Tax, customs and excise authorities
Regulators, courts and the police
Fraud screening agencies
Central and local government
Insurance companies
Other professional advisors
Tax, customs and excise authorities
Regulators, courts and the police
Fraud screening agencies
Central and local government
Insurance companies
Other professional advisors

Challenger Site Services LLP may also disclose personal information if it is believed that the disclosure is necessary to enforce or apply its terms and conditions or otherwise protect and defend its rights, property or the safety of its customers and other users of the website.

Challenger Site Services LLP may disclose and/or transfer personal information in connection with the sale of any part of the business or assets.

Breach Procedure

If a breach were to take place the following procedure should be carried out by a Company Partner:

Ensure the compromised system is isolated from the network.
Investigate the incident.
Gather, review and analyse the logs and related information.
Conduct appropriate forensic analysis of compromised system.
Make findings available to and assist appropriate law enforcement or card industry security personnel.
Resolve the problem to the satisfaction of all parties involved, including reporting the incident and findings to the appropriate parties as necessary, which could include:
Merchant provider card brands.
Internet service provider.
Insurance carrier.
Card providers.
The Partner will determine if policies and processes need to be updated to avoid a similar incident in the future, and whether additional safeguards are required in the environment where the incident occurred.


Challenger Site Services LLP will retain the minimum amount of personal information for no longer time than is necessary for the legitimate business purposes described above. Information from website visitor enquiries will be retained for a limited period in order to respond to any queries, provide information and send updates on products and services unless these communications are opted out of. Information may be retained for longer if there are valid legal grounds to do so, for example if required by law or court order, or as needed to defend or pursue legal claims.

Changes To This Policy

Challenger Site Services LLP reserve the right to amend this policy from time to time without prior notice.  Regular review of the website is advised to stay informed of any changes.

Your Rights

The following rights are given to a person in relation to personal information:

The right to be informed by way of this policy
The right to correct or update any personal information held by Challenger Site Services LLP.
In certain circumstances, to restrict or object to the processing of personal information, or request that personal information is deleted
Where personal information has been provided voluntarily, or otherwise consented to its use, the right to withdraw consent
In certain circumstances, the right to receive a copy of the personal information which has been provided to us, in a structured, commonly used and machine-readable format or to request that the information is transferred to another party (known as “data portability”)
the right to complain to a Data Protection Authority (see further below)

Questions, requests for additional information or requests to exercise the rights of a person may require identification and should be made to Robert Allen by writing to:

Challenger Site Services LLP
50 Winton Street

0161 344 2581

If the use of personal information or the response to questions or requests regarding personal information is unsatisfactory, a person has a right to complain to the Information Commissioner.  

Information Commissioner’s Office
Wycliffe House
Water Lane

0303 123 1113.