Privacy Policy

The purpose of this notice

In this privacy notice we explain how we will process your personal information obtained through your use of our website and through other interactions with you, for example, when you visit our social media pages.
It is important that you read this privacy notice, together with any other privacy notice we may provide on specific occasions, so that you are fully aware of how and why we are using your data, and what data protection rights you have.

About Black Hills Products Limited

Black Hills Products Limited is involved in the design and manufacture of metal products to customer specification. Black Hills Products Limited collects the personal data of its customers in the course of providing its products/services.

What does this notice cover:

Who we are and how to contact us

When we say we, us or our in this privacy notice, we mean Black Hills Products Limited, a company incorporated and registered in England and Wales with company number 11086966 and whose registered office is at 1 B Fergusons Business Park West, Sleekburn, Northumberland, NE22 7DH.
For the purposes of the Data Protection Legislation, we are the controller of your personal data. This means that we are responsible for deciding how we hold and use personal information about you.
If you have any questions in regard to any part of this notice, please contact us by sending an email to

Data Protection Legislation

We are committed to protecting your privacy and safeguarding your personal data. Our use of your personal data is subject to the UK General Data Protection Regulation, the UK Data Protection Act 2018 and other UK privacy laws (together UK Data Protection Legislation).

Personal data we collect

Personal data means information which relates to an identified or an identifiable individual.

Types of personal data we may collect Examples
Identity data
title; first name; last name; user name
Contact data
address; email; telephone number
Financial and transactional data
details of orders made and processed; details of payment received/made; details of invoices received/issued
Contract data
details of your contracts with us
Usage data
how you use and navigate our website; services you signed up to (e.g. our blogs); events you attended or expressed interest in;
Advertising profile data
interests; preferences; feedback and survey responses; assumptions about your predicted buying behaviour and interests based on the usage data collected by us and personal data held about you by online advertisers such as Google, LinkedIn
Communication data
details of enquiries submitted by you through our website or emailed to us; information obtained through networking

Anonymised data

We may also collect, use and share anonymised, aggregated data such as statistical or demographic data for any purpose. Anonymised data may be derived from your personal data but is not considered personal information in law as this information does not directly or indirectly reveal your identity. For example, we may aggregate information on how you use our website and/or app to calculate the percentage of users accessing a specific website and/or app feature.

How we collect personal data

We collect most of this information from you direct. However, we may also collect information from other sources.

Type of source Examples
Your use of our website
when you complete and submit our website contact form;
Your use of our social media pages
when you follow, post on, or interact with our post on our Facebook or LinkedIn page or such other social media pages as we operate from time to time
Direct interactions with you
when you contact us (e.g. by phone or email); when you participate in our user research activities (e.g. provide us with feedback or respond to our questionnaires); when you network with us (e.g. contact us via our social media); when you register interest in our products or services.
From publicly accessible sources
your profiles on social media platforms (e.g. LinkedIn, Facebook, Twitter); professional networking groups and databases.
Third parties
from another organisation or professional who told us that you would like to hear from us; or if you visit our website by clicking on our advertisement on social media or another website or app.

How and why we use personal data

  • Consent. Generally, we do not rely on consent as a legal basis for processing your personal data other than to:
    • place cookies and similar tracking technologies on your device (for further details please see our Cookies Notice and
    • send you our blogs, newsletters or other electronic marketing communication if you are not our existing customer or if you request or expressly agree to receive such communication.

Where your permission is required, we will clearly ask you for such consent separately from the body of this privacy notice.
You have the right to withdraw consent by:

    • emailing us at;
    • changing your privacy settings within your account on our website or app;
    • in case of marketing emails, by using the ‘unsubscribe’ link in our marketing emails; or
    • in case of cookies, by using the cookie preferences settings on our website.

Even if we are not required to obtain your consent for marketing purposes, you can still opt-out of receiving marketing communications at any time, so you are still in control.

  • Contract. We will use your personal data if we need to do it to perform our obligations under a contract with you, or if it is necessary for a contract which we are about to enter with you. For example, if we need to:
    • register you as a new customer and administer your account (e.g. manage your orders, administer invoicing and payments);
    • provide our products/services to you;
    • manage our relationship with you (e.g. to respond to your enquiries or to notify you about changes to our products/services);
    • provide after sale care services (e.g. technical support).
  • Legitimate interests. We may process your personal data when we (or a third party) have a legitimate reason to use it, so long as this is not overridden by your own rights and interests. For example:
    • to administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
    • to manage your account and our relationship with you;
  • to manage payments, fees, charges, and to collect debts which you may owe to us;
  • to interact with you professionally (e.g. if you represent our current or prospective customer, supplier or business partner) to manage our relationship with the organisation you represent;
  • to deal with your enquiry unrelated to a contract which we may have with you;
  • to ask you to leave a review or complete a survey;
  • to send you our email updates or other electronic marketing communications if you are our existing client;
  • to increase our business or promote our brand through delivering relevant website content, advertisements, and marketing communications to you;
  • to measure or understand the effectiveness of the advertising we provide to you;
  • to improve our website, products, services, marketing, and customer relationships;
  • for the prevention and detection of fraud and spam; and
  • for the establishment, exercise or defence of our rights under our contract with you and/or legal claims.
  • Legal obligation. We may process your personal data to comply with our legal obligation. For example, to:
    • notify you about changes to our terms or privacy notice;
    • address your complaint; and
    • comply with a request from a competent authority.


Our marketing emails

We may send you emails about our products if you are our existing customer (on the basis of our legitimate interests) or, if you are our prospective customer, when you expressly agree to that (for example, by signing up to our newsletter).


If you are our existing customer, we may use the information we have about you (such as what product you previously bought from us, where you live, how old you are, how you use our website and app) to make predictions on what other products may be of interest to you. We will use that information to make our marketing emails and offers relevant to you. This type of personal data use is called ‘profiling’. We will do that on the basis of our legitimate interests.

Cookies and similar technologies

We may also use cookies and similar tracking technologies (for example tracking pixels in our marketing emails and website/app advertisements) and analytics services (such as Google Analytics) to collect information about your use of our website, app, services and your interactions with our marketing emails and advertisements.
In addition, third party advertising platforms (for example, Facebook and Google) may also use their advertising pixels and other cookies on our website and in our emails with our permission. Their cookies are used to track visitors across websites in order to deliver adverts more relevant to them and their interests. The advertisers may use information about your visit to our website to target advertising to you on other websites.
We will ask for your consent to the use of non-essential cookies, including third party cookies. You can find further information about the cookies used on our website and the purposes they are used for by reading our Cookies Notice.

Right to withdraw consent or to object to processing

You can always ask us to stop using your personal information for marketing purposes by:

  • emailing us at;
  • changing your marketing preferences within your account on our website or app;
  • in case of marketing emails, by using the ‘unsubscribe’ link in our marketing emails; or
  • in case of cookies, by using the cookie preferences settings on our website.

From time to time, we may ask you to confirm or update your marketing preferences.

Who we share personal data with

We may share your information with third parties for the purposes set out in this notice.

Service provision

We share your personal data with DPD or any other courier as specified for fulfilment from time to time as necessary for fulfilment of your order.

IT and technology

We also share data with providers of IT, digital, and technology products and services, which we use to operate our business. For example, providers of website hosting services, website and app analytics services, customer email services, digital marketing and geo-fencing services. We impose contractual obligations on the above providers to ensure that your personal data is protected.

Other sharing

We may also:

  • share your personal data with members of our staff;
  • disclose your personal data to professional advisers (e.g. lawyers, accountants, auditors or insurers) who provide professional services to us;
  • disclose your personal data to certain third parties if specifically requested or agreed with you (e.g. if you ask us to introduce you to a third party);
  • disclose and exchange certain information with law enforcement agencies and regulatory bodies to comply with our legal obligations; and
  • share some personal data with other parties, such as potential buyers of some or all of our business, potential investors, or group companies if our business undergoes a corporate re-structure.

Such data recipients will be bound by confidentiality obligations.

International data transfers outside the United Kingdom

Transfers of personal data outside the United Kingdom are subject to special rules under the UK Data Protection Legislation.
We may transfer your personal data to providers based in the European Economic Area (EEA). The UK Government has recognised the EEA as providing an appropriate level of protection to the data protection rights of individuals.
We may also transfer your personal data to the US. To protect your information, we have entered into the standard contractual data protection provisions (Standard Contractual Clauses) with the third parties in those territories with whom we share your data. The Standard Contractual Clauses are one of the appropriate data transfer safeguards specified in the UK Data Protection Legislation.

How long we keep personal data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.


For example:

  • we are required to keep accounting records for seven years for tax audit purposes;
  • if you have a contract with us, we will keep your data for up to six years after the end of that contract;
  • if you subscribe to our updates, we will hold your data for that purpose until you unsubscribe or otherwise tell us that you no longer wish to receive such communications;
  • if you enquire or purchase our business-to-business services, we will keep your personal data for marketing purposes for two years from when we last heard from you, unless you earlier opt-out from receiving marketing communications;
  • if you represent our prospective customer, we will generally keep your data for six months from when we obtained your data or our last interaction with you; and

We may also anonymise your personal data (so that it can no longer be associated with you) for analytics, research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Your rights

You have a number of rights in relation to your personal data, which allow you to access and control your information in certain circumstances. You can exercise these rights free of charge, unless your request is manifestly unfounded or excessive (in which case we may charge a reasonable administrative fee or refuse to respond to such request).

Your right Explanation
This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
The right to require us to correct any inaccuracies in your personal data.
Erasure (to be forgotten)
The right to require us to delete your personal data in certain situations.
Restriction of processing
The right to require us to restrict processing of your personal data in certain circumstances (e.g. if you contest the accuracy of the data we hold).
Data portability
The right to receive, in certain situations, the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party.
To withdraw consent
The right to withdraw your consent, if we rely on your consent to use your information.
To object
The right to object at any time to your personal data being processed for direct marketing (including profiling) or, in certain other situations, to our continued processing of your personal data (e.g. processing carried out for the purpose of our legitimate interests).
Not to be subject to automated individual decision-making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you, or similarly significantly affects you.

If you would like to exercise any of those rights, please contact us at Please let us know what right you want to exercise and the information to which your request relates.

Information security

We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.


We hope that we can resolve any query or concern you may raise about our use of your information. You may contact us by using the contact methods set out in the How to contact us section of this privacy notice.
The Data Protection Legislation also gives you a right to lodge a complaint with a supervisory authority, in the country where you work, normally live or where any alleged infringement of data protection laws has occurred. The supervisory authority in the United Kingdom is the Information Commissioner, who may be contacted at, telephone on 0303 123 1113, or by post to: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

Changes to this privacy notice

This privacy notice was last updated on 05/04/2022.
We may change this privacy notice from time to time; when we do, we will publish the new version of the privacy notice on our website. If you are our customer, we may also inform you via email or post.