The Health & Safety Dept Mid East Lothian Privacy Notice 

In The Health & Safety Dept, we want to get to know you, but we want you to know that we are committed to protecting and respecting your privacy. This privacy notice explains how and why we use your personal data, to make sure you stay informed and can be confident about entrusting us with your data.

 

Your Privacy Dashboard

 

We are The Health & Safety Dept Mid East Lothian, part of a franchise company called The Health & Safety Dept Ltd. (also known as “Health & Safety Network” or just “Health & Safety Dept”).

Here is a short summary of how we process and protect your data and respect your privacy.

Types of data we collectWhen and how we collect dataHow we use your data
  • Contact details 
  • Business information 
  • Account information 
  • Financial information 
  • Data that identifies you and other people 
  • Data on how you use Health & Safety Dept services 

We collect data from people browsing our website, chatting to us online, on social media or on the phone.  

Sometimes you provide us with data, sometimes data about you is collected automatically or provided to us by another organisation. Here is a visual representation that explains when and how we do this.  

  • To provide you with services to help businesses prevent people problems 
  • To keep The Health & Safety Dept running 
  • To help us improve The Health & Safety Dept 
  • To give personalised licensee, client and customer support and information 
  • To send you marketing messages (but only if you tell us to)
Third Parties who process your dataKnow your rightsWe use cookies

The following are some of the services that help us keep The Health & Safety Dept running by storing or processing your data: 

  • Infrastructure: Microsoft  
  • Communications: Microsoft 
  • Analytics: Google Analytics 
  • Integrations: (by your request) Facebook 
  • Sector specialist Partners: Ward Hadaway LLP

Your rights include:

  • Accessing information we hold on you 
  • Having your data corrected 
  • Opting out of marketing communications 
  • Porting your data to another service 
  • Being forgotten by The Health & Safety Dept 
  • Complaining about us 
  • Why? We use necessary cookies to run and improve the service to you 
  • Our third-party service providers use cookies too, which they control 
  • You can turn off cookies but this will mean, for example, that we can’t recognise you online or resolve issues as efficiently 

 

About this privacy notice

In compliance with data protection regulations, this privacy policy explains what personal information we collect from you when you visit our website, interact with us or use our services.

We are committed to processing personal information in ways that comply with our legal and regulatory obligations, and to being clear with you about what we do with your personal information.

We are committed to protecting and respecting your privacy and we do not share personal information with other companies for marketing purposes.

 

Who are we?

The Health & Safety Dept Mid East Lothian is part of a franchise company called The Health & Safety Dept.

The Health & Safety Dept operates as a franchise, which means that Health & Safety Dept offices around the UK and Ireland are individual registered companies operating under licence to use Health & Safety Dept brand and resources. We refer to this as The Health & Safety Dept.

In this Privacy Policy, whenever you see the words ‘we’, ‘us’, ‘our’ it refers to The Health & Safety Dept.

How can you contact our team?

Telephone: 0131 297 7545

Email: ciara.mcgovern@hrdept.co.uk

Post: 5 South Charlotte Street, Edinburgh, EH2 4AN

Our responsibilities and role in your privacy

If you are a Health & Safety Dept customer or Licensee, are an organisation that receives health and safety support from us, if you use or supply us with products or services, enquire about our services, take part in our market research activities, interact with us online, email, live chat, call or write to us, or just visit our website, this Privacy Policy applies to you.

Due to the nature of our business, sometimes we may act as a data controller, sometimes we act as a data processor.

Where we act as the ‘data controller’ of your personal data, this means we determine how and why your personal data is processed and this privacy notice will apply to you.

Where we act as the ‘data processor’ of your personal data (for example, if your employer uses the services of The Health & Safety Dept) this means we are acting on their behalf and processing your personal data under their instructions, and we would recommend you review their data privacy information; it is likely that they are the data controller and will be best placed to help.

If you are an employee of The Health & Safety Dept current team customer, job applicant or previous team customer we have created specific policies for you, and they will have been made available to you at the appropriate point in time.

We are registered as a data controller at the UK Information Commissioner’s Office under number Z9156222.

The type of personal information we collect and where it comes from

In line with the expectations of the Data Protection Act (2018) and the GDPR regulations, we only collect necessary information that is required to allow us to promote and deliver our services fairly and effectively.

The Health & Safety Dept may collect and process information about you from several sources or processes which are outlined here:

  • When you use our website or subscribe to our newsletter.
  • When information is received through networking activity by a staff member of any business in The Health & Safety Dept about yourself or your company, and where it is understood there is a legitimate interest in you receiving health and safety services from The Health & Safety Dept. The data controller would be the business within The Health & Safety Dept you provided the information to, and The Health & Safety Dept Ltd is a sub-processor.
  • When your company or employing company enters into a client agreement with a business in The Health & Safety Dept and provides information about you to that Health & Safety Dept business for the purposes of receiving health and safety services. In this case, only information about you that is relevant to the delivery of these services should be shared by your employer with The Health & Safety Dept. The data controller for this information is your company or employing company. The business within The Health & Safety Dept you provided the information to, and The Health & Safety Dept Ltd, are sub-processors.
  • When you submit personal information, a CV or other application information to an Health & Safety Dept office for the purposes of recruitment, that Health & Safety Dept office’s registered limited company is the data controller. That Health & Safety Dept office will process your information in accordance with the purpose for which it was submitted only. For the purposes of recruitment on behalf of one of its clients, that Health & Safety Dept office will share with its recruiting client only the appropriate data necessary for the purposes of undertaking the recruitment application for which you submitted your data. From time to time, Health & Safety Dept offices may use recruitment companies or similar third parties to support them with recruitment activity. In such circumstances, the data privacy notice for the third-party recruitment company will be available through their own website.
Why we have your personal information

 

We collect and process your data for different reasons in different circumstances, but we’ll only collect and process your data where we have a legal basis for doing so. Our purposes and legal basis for using each type of data are set out below.

Personal information is provided to us in a number of ways and depends on your relationship with us. Personal data may be provided to us by our corporate clients who subscribe to our services, or it may be provided to us directly, for example if you are a Health & Safety Dept Licensee.

A small amount may also come from publicly available sources: e.g., Companies House, company websites etc.

We then process it for one of the following reasons:

  • To manage our relationship with you
  • To respond to your enquiries
  • To manage the services we provide to you
  • To take pre-contractual and contractual steps with you
  • To comply with our legal obligations as a business

Here are some further examples of how we use your personal data:

  • To analyse website usage so we can determine how we can make improvements and if you subscribe to our newsletter, to email you about other directly related products and services we think may be of interest to you based on our understanding of your legitimate interest.
  • To personalise your repeat visits to our website. If you submit your information on a contact form with interest in accessing health and safety services through The Health & Safety Dept, we will pass on your information to a franchise business operating under license from The Health & Safety Dept Ltd that is located closest to you or can appropriately service you, so that they may offer you their products and services.
  • To survey contacts about activity directly related to Health & Safety Dept marketing activity, service delivery or directly related projects undertaken by The Health & Safety Dept Ltd.
  • To provide outsourced health and safety services to your company or employing company in line with client agreements made with the company.
  • To provide recruitment services to its client companies for which you have submitted your data for the purposes of/in relation to an application for employment.

If you provide your information to us through this website, we consider this to mean you have a legitimate interest in our services, that you are happy to be contacted in relation to those services, and that you are happy for us to share this with our relevant data sub-processors outlined below in order for our services to be delivered to you.

Where we process your personal data so you cannot be identified anymore

We may anonymise and aggregate any of the personal data we hold (so that you can no longer be identified by it).

We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our site, apps and developing new products and services.

Data sharing

Sometimes we might share your data with third parties. This could include:

  • Service providers we use for specific purposes, such as for our IT systems.
  • Regulatory authorities, law enforcement agencies and courts.
  • In the event of a sale of all or a part of our business, the buyer and its professional advisers.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  • Your consent. Where consent has been given, you are able to remove your consent at any time. You can do this by contacting us
  • We have a contractual obligation
  • We have a legal obligation
  • We have a vital interest
  • We have a legitimate interest
Third party (Sub-Processor) organisations

 

For our general day-to-day data processing activities, we use third party organisations to help us administer and monitor the services we provide:

  • For the provision of IT and software services to enable the management of our customers, staff and office administration.
  • For financial accounting.
  • To share newsletters, promotional detail, industry news or other information that may be of interest to you.
  • To help us improve our services.
  • For the administration of our website and customer interactions.
  • For any legal guidance in the provision of our services.

Access to your personal information is only allowed when required by the law or is required as part our fulfilling our service obligations.  We do not, and will never, sell your personal information to other third parties.

International transfers of data
Where we have partners and service providers based outside of the UK (e.g. Microsoft for our IT Services), your personal data may be accessed or otherwise processed in other countries. We have implemented measures and safeguards to ensure that any transfer of data is compliant with our data protection laws. For example, we ensure that Standard Contractual Clauses or International Data Transfer Agreements that are approved by the Information Commissioners Office (ICO), the UK Government and/or European Commission are in place after carrying out a detailed assessment to ensure the companies receiving your data can comply with these Clauses. Please contact us if you wish to know more.
Keeping your information correct
We are committed to keeping your information up to date. If you believe that we have made an error, then please contact us as we have outlined below, and we will use reasonable endeavours to correct it.
Keeping your information safe and secure

We are committed to keeping personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost. We endeavour to ensure that our suppliers take similar steps to keep your data secure. We take organisational measures to keep information secure and provide regular training for staff on data protection.

However, we understand that even the best laid plans can sometimes go wrong, and therefore we have developed and rehearsed a breach management process. In the unlikely event that we, or one of our partners or suppliers, accidentally compromise the confidentiality, integrity or availability of your data, then we will endeavour, where required, to notify you, and other relevant parties such as the ICO, within 72 hours of becoming aware of the incident. We will do this by informing you via the contact details that we have recorded for you.

How long we keep your data

We will only store your personal data for as long as is necessary to fulfill the purposes outlined in this Privacy Policy or for as long as we reasonably consider necessary to establish, exercise or defend our legal rights.

This means that your data will be retained in line with statutory and regulatory requirements. For example, we retain details on services and products delivered for a minimum period of 6 years post the end of the transaction.

The Health & Safety Dept must retain some information for periods in line with regulatory or legislative requirements. If there is no regulatory or legal requirement to retain your information, the criteria used to determine these retention periods includes:

  • To comply with the minimum regulatory retention requirements as set in law.
  • To comply with the statutory retention periods for accounting records, as set by the Companies Act and HM Revenue & Customs (HMRC).

Where our retention periods are not governed by legislation, our retention policy is based on commercial justifications, which have been set in accordance with the principle of retaining personal data for no longer than is necessary for the purposes for which it is processed. These include:

  • To enable us to provide you with our products and services.
  • To allow us to resolve any disputes or complaints.
  • For the detection and prevention of fraud.
Keeping your information accurate
If you believe any information held by The Health & Safety Dept is incorrect and wish to amend it, please contact us at ciara.mcgovern@hrdept.co.uk
Links to other websites
Our website may contain links to other external websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.
Your data protection rights

 

You have various rights in relation to your personal information. You only have the benefits of some of the rights in limited circumstances, which depend on the legal reason why we collected your personal data.

Your right of access – You have the right to ask us for copies of your personal information.

Some or all of the personal data may be exempt from such requests in a particular circumstance. If an exemption applies, we will tell you this when responding to your request. Should you wish to exercise this right, please contact us with a description of the information you would like to see.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances. The right to erase your personal data can be made on the following grounds:

  • Your personal data is no longer necessary in relation to the purpose for which it was collected or processed.
  • If the processing is based on consent, you choose to withdraw your consent and there is no other legal ground for processing.
  • You object to processing, and there are no overriding legitimate grounds to continue the processing.
  • Your personal data has been processed unlawfully.
  • Your personal data must be erased for compliance with a legal obligation.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information under specific conditions, unless we have a lawful reason to continue, such as for the establishment, exercise or defense of legal claims.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights.

We’ll try to respond to all requests within one month. If your request is complex or if you make lots of requests, we may extend our time to respond – if this is the case, we’ll let you know.

Where requests are manifestly unfounded or excessive, in particular because they are repetitive, we may charge a reasonable fee taking into account the administrative costs of providing the information or refuse to provide the information.

The ICO website has some useful information on your rights as a data subject.

Please contact us if you wish to make a request.

Who to contact

Our contact details

Registered Office: 5 South Charlotte Street, Edinburgh, EH2 4AN

Tel: 0131 297 7545

Email: ciara.mcgovern@hrdept.co.uk

Company number: SC476281

Making a complaint

If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details above. We would ask that if you do wish to do this that you please tell us first so that we have a chance to address your concerns.

If you are not satisfied with our response or you are unhappy with how we have used your data, you can also complain to the ICO.

The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Document History

Date this Privacy Notice was last reviewed: August 2023

Looking for expert HR support?

We can help you focus on your business by taking care of all your human resources needs.

Let us know how we can help or ask about our free initial HR review.

Preventing People Problems

Subscribe to our monthly newsletter

Office Address: 5 South Charlotte Street, Edinburgh, EH2 4AN | VAT Number: 189940449 | Registration Number: SC476281

Copyright © 2007 – 2021 The HR Dept Ltd. HR DEPT is a registered trademark belonging to The HR Dept Limited.