Privacy Policy

Privacy Notice (Version: 2023/01)

phs Group is the leading hygiene services provider in the UK, Spain and Ireland. With over 90,000 customers over 300,000 locations, we meet the needs of up to 100 million people.

Who we are:

  • Team of over 3,000 expert personnel providing service to more than 300,000 locations
  • A network giving full coverage to a population of more than 100 million
  • Over 50 years of innovation and investment, transforming the future
  • More than 90,000 customers – everything from beach bars in Ibiza to Buckingham Palace.

Healthcare, Washroom, Floorcare Hygiene and Specialist are our business. We stay on top of all the legislative developments affecting your industry to provide you with expert advice on what you need to do to ensure that your business is legally compliant. 

Although our customers are primarily businesses, we do collect and use personal information relating to individuals as part of our day-to-day activities. This is generally in order to provide services directly to individuals, or when we work with individuals in our customer or supplier businesses. We also collect personal information about individuals who use our websites, wish to receive information about our services or who wish to work for us.

In this notice “phs”, “we”, “us” and “our” means Personnel Hygiene Services Limited and its UK subsidiaries. The names of the subsidiaries, as stated on the Data Protection Register held by the Information Commissioner’s Office, are Direct365online Limited, PHS Compliance Limited and Teacrate Rentals Limited. Personnel Hygiene Services Limited also uses the following trading names: PHS Washrooms, PHS Floorcare, PHS Wastemanagement, PHS Besafe, PHS Greenleaf, PHS Wastekit, Warner Howard, Syncros and Matta.

This privacy notice explains in the following sections how we use any personal information we collect about you when you use our website.

What lawful basis do we use to process personal information about you?

  • We have reviewed the purposes of our processing activities and selected the most appropriate lawful basis (or bases) for each activity.
  • We have checked that the processing is necessary for the relevant purpose and are satisfied that there is no other reasonable way to achieve that purpose.
  • We have documented our decision on which lawful basis applies to help us demonstrate compliance.
  • We have included information about both the purposes of the processing and the lawful basis for the processing in our privacy notice
  • Where we process special category data, we have also identified a condition for processing special category data and have documented this.



Lawful Basis to process personal data


Processing is necessary for phs and its subsidiaries to carry out their services or deliver their products, to defend ourselves in legal claims and to respond to queries from regulators or legislators; except where it would negatively impact on the fundamental rights and freedoms of the individual (data subject), or where their personal data requires protection, particularly if the individual is a child.


Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.


Processing is necessary for compliance with a legal obligation to which the data controller is subject.


Processing is necessary to allow phs to pursue its legitimate interests in contacting stakeholders within organisations that have shown an interest in phs products and/or services.


Processing is necessary to allow phs to pursue its legitimate interests in the prevention and detection of fraud / crime.


The data subject has given consent to the processing of his or her personal data for one or more specific purposes. 


Processing is necessary to allow phs to pursue its legitimate interests in offering benefits to its employees via third-party providers.


Why we need your personal information and how will we use it?

To provide an outstanding service to our customers, employees and suppliers, we collect and process information in the following ways.

Service Provided


How will we use your information

Lawful Basis Ref

Marketing, Lead and Prospect Customer Information

Informing our current and prospective customers of phs products and services 

Request a quotation for our products, services or place an order by corresponding with us by telephone, email, post or through our website (website usage information is collected using cookies)

For customers and prospective customers, we will use your information to provide any products and services you’ve requested and for other purposes, for example:

  • To confirm your identity and address.
  • To process your order, manage your account and, unless you opt out, to email you about products, services and promotions that may be of interest to you to ensure we are offering you the services.
  • To continually improve our products and services
  • To administer our applications and for internal operations, including data analysis, testing, research and survey purposes.
  • To measure and understand the effectiveness of the advertising we serve to our customers and to ensure we deliver relevant advertising to them.
  • PHS Group will only share your information for marketing purposes with its subsidiary companies, as listed near the top of this privacy notice.
  • PHS Group will only share your information with sub-contractors in order to fulfil quote, product sale or service.
  • Where appropriate we will ask for your consent. You can opt-out at any time using the functionality built into all of our marketing messages.


Marketing to prospective or current customers

We also purchase contact information from a third-party data seller.

  • Data is used to generate business leads and to contact prospective customers who may be interested in our products or services.

Note PHS will not share your information for marketing purposes with companies outside of our group.


Marketing to organisations who have visited our website

PHS Group utilises reverse IP tracking software called Web Insights. This software allows us to capture the IP address of our business website visitors, to help us identify which organisations are engaging with our website content.

We use this data to provide insights to our sales and marketing functions in order to approach relevant stakeholders within those organisations, providing information about products and services offered by PHS.


Current Customer Information


Sale Orders Processing

You purchase one off or ad-hoc goods from us. Over the phone or our websites



  • We only collect the minimum personal data needed to process an order, manage an account or enter into a contract. Without this information we will not be able to conduct business with you.
  • In processing your order, we may send your details to, and also use information from credit reference agencies.
  • We credit check new business accounts >£1k using a credit reference agency, where ratings do not meet the required criteria, these businesses are placed on a monitoring list.

1,2 and 6

Contractual Business for prospective or current customers

You enter into a contractual relationship with us to provide goods or services

  • We only collect the minimum personal data needed to process an order, manage an account or enter into a contract. Without this information we will not be able to conduct business with you.

To ensure that we are compliant with HMRC VAT regulations.


Customer Portal

Billing for goods or services provided by PHS

  • To send your VAT invoices by post via the 3rd party or where you have opted in through the MyPHS online portal.


Credit control and debt management

You fail to pay for your goods or services within agreed contractual payment terms resulting in credit control and debt management processes

  • As we invoice in advance, our credit cycles take care of debt at early stages where we apply sanctions such as debt collection, service suspension and ultimately termination of contracts due to protracted default. All information we use is on contracts or public information generated from Companies House. We do not credit check sole traders or those customers who fall under the Consumer Credit Act.


Legal or Regulatory obligations

To satisfy Environment Agency (EA) legal obligations

  • You are a producer of Hazardous waste for which phs issue consignment and destruction notices that may be audited by the Environment Agency (EA).


Employee Information


Recruitment and selection

You are not a current employee and do not have a contract of employment but have given consent for phs to process and store your data for current or future positions with phs

for which you may be suitable


For applicants, we will use your information:

  • To confirm your identity, address and other details.
  • Checking of references.
  • Checking of Home Office Department of Work and Pensions right to work regulations.
  • Checking whether a medical is required for predisposed conditions.

Disclosure and Barring Service (DBS) security checks for employees or criminal declaration




For contractors, we will use your information:

  • To confirm your identity, address and emergency contact details.
  • To make payments to you.
  • To ensure we are compliant with Health and Safety and Duty of Care regulations.
  • To ensure you are meeting your contractual obligations as an employee.

To ensure if you are a company vehicle user that you are compliant with the Highways Agency and other Transport related regulations.




Full / Part time and Temporary 

You are an employee of phs and have signed a contract of employment 

For employees, we will use your information:

  • To confirm your identity, address and emergency contact details.
  • To pay your salary.
  • To ensure we are compliant with Health and Safety and Duty of Care regulations.
  • To ensure you are meeting your contractual obligations as an employee.
  • To ensure if you are a company vehicle user that you are compliant with the Highways Agency and other Transport-related regulations.
  • To allow you to be identified as a phs employee in the systems of third-party providers of employee benefits.

To contact your next of kin or beneficiary. 

To provide information to other Bidvest group companies for audit and fraud prevention purposes.


Supplier Information


Supplier Request for Information (RFI) or Request for Proposal (RFP)

You take part in a Request for Information (RFI) or Request for Proposal (RFP) supplier selection process

For suppliers, we will use your information:

  • To confirm your identify and address.
  • To set you up on our preferred suppliers list.



Supplier Purchase Order and Invoicing

You submit an invoice for payment for services provided to PHS

  • To manage our working relationship and communications to ensure work is carried out efficiently.
  • To report any queries or concerns .
  • For payment of work.


Other Personal Data


Site visitors

You are a visitor to one of our sites

  • In order to give you a visitor’s pass we ask for some basic details about you including your name, email, mobile number and car registration (if you drive to the site). We do this for compliance with Health & Safety and Fire regulations.

1, 3


How do we protect your information?

phs implements a number of industry standard security measures to protect personal information in our own and partner data centres. These cover information that is stored (at rest) and when copied from one system to another (in motion). 

Services that are internet facing are further independently checked for all known security risks by accredited security specialists.

In general, personal information is only accessible to staff on a need to know basis and appropriate security measures are in place.

Transferring your information overseas

phs consciously selects suppliers that have a European Economic Area (EEA) presence for the storage and maintenance of personal data and information. In a small number of very niche cases data is stored outside the EEA. Any data stored outside the EEA is protected by the EU Model Clauses which are EU-approved standardised contractual clauses. These clauses ensure that any personal data leaving the EEA will be transferred in compliance with EU data-protection laws. These clauses also mean that the third party has adequate security measures and controls in place to protect personal data.

All the personal data we process is processed by our staff or the staff of carefully selected suppliers in the UK or by our Business Intelligence partner Hexaware Plc in Chennai, India. For the purposes of IT hosting and maintenance this information is located on servers within the European Economic Area (EEA). 

Social media

We use our social media channels, LinkedIn, Instagram, Facebook, Twitter and YouTube to build brand awareness, promote content and share information through thought leadership pieces, including articles, blogs and videos. We do not monitor our social media channels for subject access requests.

In exceptional circumstances, we do manage customer complaints through some of our channels to maintain the highest quality of customer service.

How long we keep your data

  • We’ll keep your information for as long as you have a relationship with us. After the relationship ends, we’ll keep it where we have a legitimate interest e.g. to market products and services that may be of interest to you; to help us respond to queries or complaints, or for compliance with a regulatory or legal obligation such as but not limited to the following legislation which have their own data retention rules.
  • Equality Act 2010
  • Employment Rights Act 1996
  • Health and Safety at Work Act 1974
  • Limitation Act 1980
  • National Minimum Wage regulations 1998
  • The Control of Substances Hazardous to Health Regulations 1999 and 2002
  • The Retirement Benefits Schemes (Information Powers) Regulations 1995(SI 1995/3103)
  • The General Data Protection Regulation
  • Companies Act 1985, 1989 and 2006
  • The Income Tax (PAYE) Regulations 2003/2682
  • The Statutory Sick Pay Regulations 2014
  • VAT Act 1994
  • Corporation Tax Act 2010
  • The Environmental Protection (Duty of Care) Regulations 1991
  • The Special Waste Regulations 1996

Your rights

You have a number of rights relating to your information e.g. to see what we hold, to ask us to update incorrect or incomplete details, to object to or restrict processing of it, to make a complaint, etc.

If you would like a copy of some or all of your personal information, please email or write to us. Please see the how to contact us section below. 

If at any point, you believe the information we process on you is incorrect you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact us via email to have the matter investigated – or by writing to the address below.

If you are not satisfied with our response or believe we are processing your personal data other than in accordance with the law, you can complain to the Information Commissioner’s Office. You can find advice on the ICO’s website [] and information on their powers and the action they can take [] or call them on 0303 123 1113.


Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. 

For further information visit

You can set your browser to not accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.

Other websites

This website contains links to other phs group websites, which may not be limited to those listed below.


How to contact us?

Depending on your enquiry, there are a number of ways you can get in touch:

Type of enquiry

Contact details

Customer Complaint

02920 851000

Data request/complaint

General enquiries

02920 851000


02920 809098


02920 851000


02920 851000


Please contact us if you have any question about our Privacy Notice or information we hold about you:

Mr. David Finlayson
Data Protection Officer
phs Group
Unit B
Western Industrial Estate
Caerphilly CF83 1XH