Privacy Policy
In The H&S Dept, we want to get to know you, but we want you to know that we are committed to protecting and respecting your privacy. This privacy policy explains how and why we use your personal data, to make sure you stay informed and can be confident about entrusting us with your data.
We are The H&S Dept Ltd, part of a group company called The HR Dept Group Limited (also known as “H&S Dept”).
Here is a short summary of how we process and protect your data and respect your privacy.
Types of data we collect
Contact details
Business information
Account information
Financial information
Data that identifies you and other people
Data on how you use our health & safety services
When and how we collect data
We collect data from people browsing our website, chatting to us online, on social media or on the phone.
Sometimes you provide us with data, sometimes data about you is collected automatically or provided to us by another organisation. Here is a visual representation that explains when and how we do this.
How we use your data
To provide you with services to help businesses prevent people problems
To keep The H&S Dept running
To help us improve The H&S Dept
To give personalised licensee, client and customer support and information
To send you marketing messages (but only if you tell us to)
Third Parties who process your data
The following are some of the services that help us keep The H&S Dept running by storing or processing your data:
Infrastructure: Microsoft
Communications: Microsoft
Analytics: Google Analytics
Integrations: (by your request)
Sector specialist Partners: The HR Dept, Ward Hadaway LLP
Know your rights
Your rights include:
Accessing information we hold on you
Having your data corrected
Opting out of marketing communications
Porting your data to another service
Being forgotten by The H&S Dept
Complaining about us
We use cookies
Why? We use necessary cookies to run and improve the service to you
Our third-party service providers use cookies too, which they control
You can turn off cookies but this will mean, for example, that we can’t recognise you online or resolve issues as efficiently
|
In compliance with data protection regulations, this privacy policy explains what personal information we collect from you when you visit our website, interact with us or use our services. We are committed to processing personal information in ways that comply with our legal and regulatory obligations, and to being clear with you about what we do with your personal information. We are committed to protecting and respecting your privacy and we do not share personal information with other companies for marketing purposes. |
 |
If you are a Health & Safety Dept client or Licensee, are an organisation that receives health and safety support from us, if you use or supply us with products or services, enquire about our services, take part in our market research activities, interact with us online, email, live chat, call or write to us, or just visit our website, this Privacy Policy applies to you.
Due to the nature of our business, sometimes we may act as a data controller, sometimes we act as a data processor.
Where we act as the ‘data controller’ of your personal data, this means we determine how and why your personal data is processed and this privacy notice will apply to you.
Where we act as the ‘data processor’ of your personal data (for example, if your employer uses the services of The Health & Safety Dept) this means we are acting on their behalf and processing your personal data under their instructions, and we would recommend you review their data privacy information; it is likely that they are the data controller and will be best placed to help.
If you are an employee of The Health & Safety Dept client, job applicant or previous team customer we have created specific policies for you, and they will have been made available to you at the appropriate point in time.
The HS Dept Ltd is registered as a data controller at the UK Information Commissioner’s Office under number Z9156222.
The H&S Dept franchise office in Scotland is also registered at the UK Information Commissioner's Office, where you can search for them here: https://ico.org.uk/esdwebpages/search
The Health & Safety Dept Ltd is part of a group company called The HR Dept Group Ltd.
The Health & Safety Dept operates nationally with one franchise company in the Lothians of Scotland, which means that Health & Safety Dept offices around the UK are individual registered companies operating under licence to use Health & Safety Dept brand and resources. We refer to this as The Health & Safety Dept.
In this Privacy Policy, whenever you see the words ‘we’, ‘us’, ‘our’ it refers to The Health & Safety Dept.
How can you contact our team?
Telephone: 0345 872 3639
Email: dataprotection@hsdept.co.uk
Post: The H&S Dept Ltd, First Floor, 3 Brook Office Park, Emersons Green, Bristol, BS16 7FL
Our contact details
Registered Office:
The H&S Dept Ltd, First Floor, 3 Brook Office Park, Emersons Green, Bristol, BS16 7FL
Tel: 0345 208 1120
Email: dataprotection@hsdept.co.uk
Company number: 06295311
Please note: If you do not have a direct relationship with The HS Dept, for example if you are an employee, then you should review your employer's data privacy information; it is likely that they are the Data Controller and will be best placed to help you.
|
In line with the expectations of the Data Protection Act (2018) and the GDPR regulations, we only collect necessary information that is required to allow us to promote and deliver our services fairly and effectively. The Health & Safety Dept may collect and process information about you from several sources or processes which are outlined here:
|
 |
We collect and process your data for different reasons in different circumstances, but we’ll only collect and process your data where we have a legal basis for doing so. Our purposes and legal basis for using each type of data are set out below.
Personal information is provided to us in a number of ways and depends on your relationship with us. Personal data may be provided to us by our corporate clients who subscribe to our services, or it may be provided to us directly, for example if you are a Health & Safety Dept Licensee.
A small amount may also come from publicly available sources: e.g., Companies House, company websites etc.
We then process it for one of the following reasons:
To manage our relationship with you
To respond to your enquiries
To manage the services we provide to you
To take pre-contractual and contractual steps with you
To comply with our legal obligations as a business
Here are some further examples of how we use your personal data:
To analyse website usage so we can determine how we can make improvements and if you subscribe to our newsletter, to email you about other directly related products and services we think may be of interest to you based on our understanding of your legitimate interest.
To personalise your repeat visits to our website. If you submit your information on a contact form with interest in accessing health and safety services through The Health & Safety Dept, we will pass on your information to a franchise business operating under license from The HS Dept Ltd that is located closest to you or can appropriately service you, so that they may offer you their products and services.
To survey contacts about activity directly related to H&S Dept marketing activity, service delivery or directly related projects undertaken by The HS Dept Ltd.
To provide outsourced health and safety services to your company or employing company in line with client agreements made with the company.
To provide recruitment services to its client companies for which you have submitted your data for the purposes of/in relation to an application for employment.
If you provide your information to us through this website, we consider this to mean you have a legitimate interest in our services, that you are happy to be contacted in relation to those services, and that you are happy for us to share this with our relevant data sub-processors outlined below in order for our services to be delivered to you.
| Our website may contain links to other external websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement. |  |
|
We may anonymise and aggregate any of the personal data we hold (so that you can no longer be identified by it). We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our site, apps and developing new products and services. |
 |
We will only store your personal data for as long as is necessary to fulfill the purposes outlined in this Privacy Policy or for as long as we reasonably consider necessary to establish, exercise or defend our legal rights.
This means that your data will be retained in line with statutory and regulatory requirements. For example, we retain details on services and products delivered for a minimum period of 7 years post the end of the transaction.
The Health & Safety Dept must retain some information for periods in line with regulatory or legislative requirements. If there is no regulatory or legal requirement to retain your information, the criteria used to determine these retention periods includes:
To comply with the minimum regulatory retention requirements as set in law.
To comply with the statutory retention periods for accounting records, as set by the Companies Act and HM Revenue & Customs (HMRC).
Where our retention periods are not governed by legislation, our retention policy is based on commercial justifications, which have been set in accordance with the principle of retaining personal data for no longer than is necessary for the purposes for which it is processed. These include:
To enable us to provide you with our products and services.
To allow us to resolve any disputes or complaints.
For the detection and prevention of fraud.
| We are committed to keeping your information up to date. If you believe that we have made an error, then please contact us as we have outlined below, and we will use reasonable endeavours to correct it. |  |
| If you believe any information held by The Health & Safety Dept is incorrect and wish to amend it, please contact us at dataprotection@hsdept.co.uk |  |
We are committed to keeping personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost. We endeavour to ensure that our suppliers take similar steps to keep your data secure. We take organisational measures to keep information secure and provide regular training for staff on data protection. The HS Dept, part of The HR Dept Group Limited, are also certified with Cyber Essentials provisioned by IASME and MOORE ClearComm.
However, we understand that even the best laid plans can sometimes go wrong, and therefore we have developed and rehearsed a breach management process. In the unlikely event that we, or one of our partners or suppliers, accidentally compromise the confidentiality, integrity or availability of your data, then we will endeavour, where required, to notify you, and other relevant parties such as the ICO, within 72 hours of becoming aware of the incident. We will do this by informing you via the contact details that we have recorded for you.
Date this Privacy Notice was last reviewed: June 2026.
If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details above. We would ask that if you do wish to do this that you please tell us first, so that we have a chance to address your concerns.
We will acknowledge your complaint within 30 days of receipt of your communication. Whilst we investigate your complaint, we will keep you informed of progress and explain the outcome of our investigations without undue delay.
Please include your name, contact details, and sufficient information about your complaint to help us respond promptly. We may ask for additional information to allow us to confirm your identity and to enable us to effectively investigate your complaint. We recognise that you have the right to contact us through any media eg. post, telephone, email and social media. However, in line with guidance provide by the Information Commissioners Office (ICO), we will not respond to complaints via social media as this is not a secure way of providing information.
If you make a complaint on behalf of another person, we may ask you to provide evidence that you are authorised to act on the other person’s behalf. The form of evidence you will depend on the circumstances of the complaint, but some examples are:
- an appropriate power of attorney; or
- a signed letter of authority from the person they are acting on behalf of.
As required by the legislation, if we do not receive substantive evidence, we are unable to process your complaint.
Furthermore, if you are not satisfied with our response or you are unhappy with how we have used your data, you can also complain to the ICO.
The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
For our general day-to-day data processing activities, we use third party organisations to help us administer and monitor the services we provide:
For the provision of IT and software services to enable the management of our customers, staff and office administration.
For financial accounting.
To share newsletters, promotional detail, industry news or other information that may be of interest to you.
To help us improve our services.
For the administration of our website and customer interactions.
For any legal guidance in the provision of our services.
Access to your personal information is only allowed when required by the law or is required as part our fulfilling our service obligations. We do not, and will never, sell your personal information to other third parties.
|
Sometimes we might share your data with third parties. This could include:
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
|
 |
| Where we have partners and service providers based outside of the UK (e.g. Microsoft for our IT Services), your personal data may be accessed or otherwise processed in other countries. We have implemented measures and safeguards to ensure that any transfer of data is compliant with our data protection laws. For example, we ensure that Standard Contractual Clauses or International Data Transfer Agreements that are approved by the Information Commissioners Office (ICO), the UK Government and/or European Commission are in place after carrying out a detailed assessment to ensure the companies receiving your data can comply with these Clauses. Please contact us if you wish to know more. |  |
| You have various rights in relation to your personal information. You only have the benefits of some of the rights in limited circumstances, which depend on the legal reason why we collected your personal data. |
|
Your right of access – You have the right to ask us for copies of your personal information. Some or all of the personal data may be exempt from such requests in a particular circumstance. If an exemption applies, we will tell you this when responding to your request. Should you wish to exercise this right, please contact us with a description of the information you would like to see. |
 |
| Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. |  |
|
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances. The right to erase your personal data can be made on the following grounds:
|
 |
| Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information under specific conditions, unless we have a lawful reason to continue, such as for the establishment, exercise or defense of legal claims. |  |
| Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances. |  |
| Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. |  |
You are not required to pay any charge for exercising your rights.
We’ll try to respond to all requests within one month. If your request is complex or if you make lots of requests, we may extend our time to respond – if this is the case, we’ll let you know.
Where requests are manifestly unfounded or excessive, in particular because they are repetitive, we may charge a reasonable fee taking into account the administrative costs of providing the information or refuse to provide the information.
The ICO website has some useful information on your rights as a data subject.
Please contact us if you wish to make a request.
