Privacy Policy
Last updated: 21 August 2025
This privacy policy explains what personal data we collect when you use our websites and services, how we use it, and the rights you have. When we decide why and how personal data is processed, we act as the data controller.
Who we are
Michael Williams Engineering Ltd (manufacturer of Big Brute industrial vacuum cleaners)
Queen’s Business Park, Wilbraham Road, Fulbourn, Cambridge CB21 5ET, UK
Email: mydata@bigbrute.co.uk • Tel: +44 (0)1223 88 22 22
We are not required to appoint a Data Protection Officer. Questions about this policy or how we handle personal data can be sent to the contact details above.
What data we collect
Depending on how you interact with us, we may collect:
- Identification and contact details (name, email, phone, company, job title, postal address)
- Enquiry, quotation and purchase information (requirements, specifications, order history, delivery details, communications)
- Website and device data (IP address, browser type/version, pages visited, time on site, referrers, cookie identifiers—see our Cookie Policy)
- Feedback and support interactions
We do not intentionally collect special category data.
How we collect data
- Directly from you (website forms, email, phone, events)
- Automatically via our websites and cookies/analytics (see Cookie Policy)
- From our authorised distributors when you ask them to contact you
How we use your data
We use personal data to:
- Operate and secure our websites and systems
- Respond to enquiries, provide quotations and technical guidance
- Process payments, fulfil orders, deliver products, and provide after-sales support
- Improve our products and services
- Send marketing about Big Brute products where permitted (you can opt out at any time)
- Meet legal, accounting and tax obligations; prevent fraud and misuse
We do not use your information to make automated decisions that legally or similarly significantly affect you.
Our legal bases for using your data
Under the UK GDPR and Data Protection Act 2018 we rely on:
- Contract – taking steps at your request (e.g. quotes) and performing our contract with you (orders, delivery, invoicing).
- Legitimate interests – operating and protecting our websites/systems; handling and following up enquiries; maintaining records; preventing fraud; and marketing our own similar products to existing customers (you can object at any time).
- Consent – for marketing to new prospects and for non-essential cookies/analytics; you can withdraw consent at any time.
- Legal obligation – complying with tax, accounting and other laws that require certain records.
Cookies
Our site uses necessary cookies to function and optional analytics/marketing cookies only with your consent. You can change your choices at any time via our cookie banner. See our Cookie Policy for details.
When you submit an enquiry
We ask for your name, email, company, phone and a brief description of your application. We use this to respond and follow up to ensure we’ve answered your query (legitimate interests).
If you consent, we may also send marketing by email/phone/post about relevant products (consent). For existing customers, we may rely on the soft opt-in under PECR for our own similar products (you can opt out at any time).
Storage: enquiry/CRM records are stored in the UK and/or EEA (see “Where we store and transfer data”).
Retention: enquiry emails are kept 18 months, then archived for seven years before deletion. CRM records are kept three years after last contact, then reviewed or deleted.
When you purchase from us
We ask for your name, contact details, billing/delivery addresses and, where applicable, payment details. We use this to take payment, fulfil your order, deliver products, and send invoices (contract); and to meet tax/accounting obligations (legal obligation). We may also request feedback (legitimate interests).
Storage: order data is stored in the UK and/or EEA.
Retention: order information is kept for 10 years to support product lifecycle and legal requirements.
Direct marketing (PECR)
We only send direct marketing to individuals in line with PECR—either with your consent or under the soft opt-in for our own similar products where you’ve bought from us or discussed a purchase. You can opt out at any time via the unsubscribe link or by contacting us.
Marketing lists are retained until you withdraw consent or we detect prolonged inactivity; we keep a minimal suppression record to honour your opt-out.
Who we share your data with
We share personal data, where necessary, with trusted service providers acting on our instructions, including: website hosting and security, CRM, email delivery, analytics, payment processors, couriers/logistics, and professional advisers. These providers are bound by contract to keep your data secure and use it only for our specified purposes. We may also share data with authorities if required by law and with our authorised distributors where you ask us to do so.
Where we store and transfer data
We store personal data in the United Kingdom and the European Economic Area (EEA). If we need to transfer personal data outside the UK/EEA, we will use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum, and take additional protective steps where required.
Your rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Portability (for data processed by consent or contract)
- Erasure and restriction (in certain circumstances)
- Withdraw consent where we rely on consent
- Object to processing based on our legitimate interests and an absolute right to object to direct marketing at any time
To exercise your rights, contact us using the details above. We may need to verify your identity.
Your right to complain
Please contact us first if you have a concern. You can also complain to the Information Commissioner’s Office (ICO):
ico.org.uk/make-a-complaint
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Changes to this policy
We review this policy regularly and will update it as our services and use of personal data evolve. If we intend to use personal data for a new purpose, we will inform you and, if needed, seek consent. We will update the date at the top each time we make changes.
Australia Privacy Addendum (APPs)
Who this applies to
This section applies to individuals in Australia and to personal information we collect in connection with our activities in Australia. “Personal information” has the meaning in the Privacy Act 1988 (Cth).
Who we are & how to contact us
Michael Williams Engineering Ltd (Big Brute) (“we”, “us”).
Registered office: Staffords Chartered Accountants, Unit 1, Cambridge House, Camboro Business Park, Oakington Road, Girton, Cambridge, CB3 0QH, UK
Email: mydata@bigbrute.co.uk • Tel: +44 1223 88 22 22
Australian contact (privacy queries): mydata@bigbrute.co.uk
What we collect
Contact details (name, email, phone), company details, job title, location, enquiry content, purchase/quotation records, support history, and site/device data such as IP address, browser and analytics identifiers (see our Cookie Policy).
How we collect it
Directly from you (web forms, email, phone, at events) and from our authorised distributor(s) when you ask them to contact you (e.g., Bruce D Harrison for Australia). We also use cookies/analytics on our websites.
Why we use it
To respond to enquiries, assess applications and specifications, provide quotes, supply and support Big Brute products, improve our services, run security/fraud checks, meet legal obligations, and send marketing where permitted (you can opt out at any time).
Disclosing your information
We disclose personal information to:
- our authorised distributor(s) and representatives (including in Australia and New Zealand) so they can support you;
- service providers (hosting, CRM, email delivery, analytics, payment and logistics), and our professional advisers;
- authorities where required by law.
Overseas disclosures (APP 8)
If you are in Australia, we are likely to disclose personal information to recipients in the United Kingdom (for hosting and operations) and, where relevant, to other countries where our service providers operate (e.g., the EEA). We take reasonable steps to ensure overseas recipients protect personal information consistently with the APPs, including by using contractual safeguards and vendor due diligence.
Security & retention
We use administrative, technical and physical safeguards appropriate to the sensitivity of the information. We keep personal information only as long as needed for the purposes above or to comply with legal/record-keeping requirements, after which we delete or de-identify it.
Access & correction (APP 12/13)
You can request access to, or correction of, your personal information by emailing privacy@bigbrute.co.uk. We will respond within a reasonable time and may ask for information to verify your identity.
Marketing & opt-out
You can opt out of marketing at any time using the unsubscribe link in our emails or by emailing mydata@bigbrute.co.uk.
Complaints (APP 1.4(f))
If you believe we have breached the APPs, contact mydata@bigbrute.co.uk. We’ll investigate and respond. If you’re not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC): oaic.gov.au • 1300 363 992 • GPO Box 5218 Sydney NSW 2001.
Changes to this addendum
We may update this addendum from time to time. Last updated: 21st August 2025
New Zealand Privacy Addendum (Privacy Act 2020)
Who this applies to
This section applies to individuals in New Zealand and to personal information we collect in connection with our activities in New Zealand. The Privacy Act 2020 (NZ) may apply to overseas organisations carrying on business in New Zealand.
Who we are & contact
Michael Williams Engineering Ltd (Big Brute)
Queen’s Business Park, Wilbraham Road, Fulbourn, Cambridge CB21 5ET, UK
Email: mydata@bigbrute.co.uk • Tel: +44 (0)1223 88 22 22
What we collect & how
We collect the personal information described in our main policy, directly from you (web forms, email, phone, events) and, where you ask us to, from our authorised distributor(s). We also collect website/analytics data (see Cookie Policy). When we collect information from you, we take reasonable steps to tell you why and how we’ll use it, who we’ll share it with, and how to contact us.
Why we use and disclose personal information
To respond to enquiries, assess applications/specifications, provide quotes, manufacture/supply/deliver products, improve our services, send marketing where permitted (you can opt out any time), and meet legal obligations. We may disclose personal information to our authorised distributors/representatives, service providers (hosting, CRM, email delivery, analytics, payment, logistics), professional advisers, and authorities where required by law. (See “Sending information overseas” below.)
Sending information overseas (IPP 12)
If you are in New Zealand, your personal information may be disclosed to recipients in the United Kingdom (for hosting and operations) and, where relevant, to other countries where our service providers operate (e.g., within the EEA). We take reasonable steps to ensure overseas recipients protect personal information consistently with the NZ Privacy Act—for example by using contractual safeguards or dealing with recipients subject to comparable laws. If none of those apply, we will only disclose with your express authorisation after telling you the information may not be protected the same way.
Security & retention
We use administrative, technical and physical safeguards appropriate to the sensitivity of the information. We retain personal information only as long as needed for the purposes above or to meet legal/record-keeping requirements, then delete or de-identify it.
Access & correction
You may request access to or correction of your personal information by contacting us. We’ll respond within a reasonable time and may ask for information to verify your identity. (See IPP 6 & 7.)
Marketing & unsubscribe (UEMA)
We comply with NZ’s Unsolicited Electronic Messages Act 2007. We send commercial electronic messages only with consent (express, inferred or deemed where permitted), we identify the sender accurately, and we provide a functional unsubscribe that is free, easy to use, remains valid for at least 30 days, and is actioned within 5 working days. You can opt out at any time.
Privacy breaches
If a privacy breach is likely to cause serious harm, we will notify the Office of the Privacy Commissioner (OPC) and affected individuals as soon as practicable (the OPC expects within about 72 hours where feasible).
Complaints
If you believe we have breached the Privacy Act, contact us first. You may also contact the OPC: privacy.org.nz • 0800 803 909.
Changes to this addendum
We may update this addendum from time to time. Last updated: 21st August 2025.