The HR Dept Group Privacy Notice
In The Health & Safety Dept, we want to get to know you, but we want you to know that we are committed to protecting and respecting your privacy. This privacy notice explains how and why we use your personal data, to make sure you stay informed and can be confident about entrusting us with your data.
Your Privacy Dashboard
We are The Health & Safety Dept Ltd, part of a group company called The HR Dept Group Ltd (also known as “Health & Safety Network” or just “Health & Safety Dept”).
Here is a short summary of how we process and protect your data and respect your privacy.
Types of data we collect | When and how we collect data | How we use your data |
| We collect data from people browsing our website, chatting to us online, on social media or on the phone. Sometimes you provide us with data, sometimes data about you is collected automatically or provided to us by another organisation. Here is a visual representation that explains when and how we do this. |
|
Third Parties who process your data | Know your rights | We use cookies |
The following are some of the services that help us keep The Health & Safety Dept running by storing or processing your data:
| Your rights include:
|
|
About this privacy notice
In compliance with data protection regulations, this privacy policy explains what personal information we collect from you when you visit our website, interact with us or use our services. We are committed to processing personal information in ways that comply with our legal and regulatory obligations, and to being clear with you about what we do with your personal information. We are committed to protecting and respecting your privacy and we do not share personal information with other companies for marketing purposes. |
Who are we?
The Health & Safety Dept Ltd is part of a group company called The HR Dept Group Ltd. The Health & Safety Dept operates as a franchise, which means that Health & Safety Dept offices around the UK and Ireland are individual registered companies operating under licence to use Health & Safety Dept brand and resources. We refer to this as The Health & Safety Dept. In this Privacy Policy, whenever you see the words ‘we’, ‘us’, ‘our’ it refers to The Health & Safety Dept. How can you contact our team? Telephone: 0345 208 1120 Email: dataprotection@hsdept.co.uk Post: The Health & Safety Dept Ltd, First Floor, 3 Brook Office Park, Emersons Green, Bristol, BS16 7FL |
Our responsibilities and role in your privacy
If you are a Health & Safety Dept customer or Licensee, are an organisation that receives health and safety support from us, if you use or supply us with products or services, enquire about our services, take part in our market research activities, interact with us online, email, live chat, call or write to us, or just visit our website, this Privacy Policy applies to you. Due to the nature of our business, sometimes we may act as a data controller, sometimes we act as a data processor. Where we act as the ‘data controller’ of your personal data, this means we determine how and why your personal data is processed and this privacy notice will apply to you. Where we act as the ‘data processor’ of your personal data (for example, if your employer uses the services of The Health & Safety Dept) this means we are acting on their behalf and processing your personal data under their instructions, and we would recommend you review their data privacy information; it is likely that they are the data controller and will be best placed to help. If you are an employee of The Health & Safety Dept current team customer, job applicant or previous team customer we have created specific policies for you, and they will have been made available to you at the appropriate point in time. We are registered as a data controller at the UK Information Commissioner’s Office under number Z9156222. |
The type of personal information we collect and where it comes from
In line with the expectations of the Data Protection Act (2018) and the GDPR regulations, we only collect necessary information that is required to allow us to promote and deliver our services fairly and effectively. The Health & Safety Dept may collect and process information about you from several sources or processes which are outlined here:
|
Why we have your personal information
We collect and process your data for different reasons in different circumstances, but we’ll only collect and process your data where we have a legal basis for doing so. Our purposes and legal basis for using each type of data are set out below. Personal information is provided to us in a number of ways and depends on your relationship with us. Personal data may be provided to us by our corporate clients who subscribe to our services, or it may be provided to us directly, for example if you are a Health & Safety Dept Licensee. A small amount may also come from publicly available sources: e.g., Companies House, company websites etc. We then process it for one of the following reasons:
Here are some further examples of how we use your personal data:
If you provide your information to us through this website, we consider this to mean you have a legitimate interest in our services, that you are happy to be contacted in relation to those services, and that you are happy for us to share this with our relevant data sub-processors outlined below in order for our services to be delivered to you. |
Where we process your personal data so you cannot be identified anymore
We may anonymise and aggregate any of the personal data we hold (so that you can no longer be identified by it). We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our site, apps and developing new products and services. |
Data sharing
Sometimes we might share your data with third parties. This could include:
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
|
Third party (Sub-Processor) organisations
For our general day-to-day data processing activities, we use third party organisations to help us administer and monitor the services we provide:
Access to your personal information is only allowed when required by the law or is required as part our fulfilling our service obligations. We do not, and will never, sell your personal information to other third parties. |
International transfers of data
Where we have partners and service providers based outside of the UK (e.g. Microsoft for our IT Services), your personal data may be accessed or otherwise processed in other countries. We have implemented measures and safeguards to ensure that any transfer of data is compliant with our data protection laws. For example, we ensure that Standard Contractual Clauses or International Data Transfer Agreements that are approved by the Information Commissioners Office (ICO), the UK Government and/or European Commission are in place after carrying out a detailed assessment to ensure the companies receiving your data can comply with these Clauses. Please contact us if you wish to know more. |
Keeping your information correct
We are committed to keeping your information up to date. If you believe that we have made an error, then please contact us as we have outlined below, and we will use reasonable endeavours to correct it. |
Keeping your information safe and secure
We are committed to keeping personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost. We endeavour to ensure that our suppliers take similar steps to keep your data secure. We take organisational measures to keep information secure and provide regular training for staff on data protection. However, we understand that even the best laid plans can sometimes go wrong, and therefore we have developed and rehearsed a breach management process. In the unlikely event that we, or one of our partners or suppliers, accidentally compromise the confidentiality, integrity or availability of your data, then we will endeavour, where required, to notify you, and other relevant parties such as the ICO, within 72 hours of becoming aware of the incident. We will do this by informing you via the contact details that we have recorded for you. |
How long we keep your data
We will only store your personal data for as long as is necessary to fulfill the purposes outlined in this Privacy Policy or for as long as we reasonably consider necessary to establish, exercise or defend our legal rights. This means that your data will be retained in line with statutory and regulatory requirements. For example, we retain details on services and products delivered for a minimum period of 6 years post the end of the transaction. The Health & Safety Dept must retain some information for periods in line with regulatory or legislative requirements. If there is no regulatory or legal requirement to retain your information, the criteria used to determine these retention periods includes:
Where our retention periods are not governed by legislation, our retention policy is based on commercial justifications, which have been set in accordance with the principle of retaining personal data for no longer than is necessary for the purposes for which it is processed. These include:
|
Keeping your information accurate
If you believe any information held by The Health & Safety Dept is incorrect and wish to amend it, please contact us at dataprotection@hsdept.co.uk |
Links to other websites
Our website may contain links to other external websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement. |
Your data protection rights
You have various rights in relation to your personal information. You only have the benefits of some of the rights in limited circumstances, which depend on the legal reason why we collected your personal data. |
Your right of access – You have the right to ask us for copies of your personal information. Some or all of the personal data may be exempt from such requests in a particular circumstance. If an exemption applies, we will tell you this when responding to your request. Should you wish to exercise this right, please contact us with a description of the information you would like to see. | |
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. | |
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances. The right to erase your personal data can be made on the following grounds:
| |
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information under specific conditions, unless we have a lawful reason to continue, such as for the establishment, exercise or defense of legal claims. | |
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances. | |
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. |
You are not required to pay any charge for exercising your rights.
We’ll try to respond to all requests within one month. If your request is complex or if you make lots of requests, we may extend our time to respond – if this is the case, we’ll let you know.
Where requests are manifestly unfounded or excessive, in particular because they are repetitive, we may charge a reasonable fee taking into account the administrative costs of providing the information or refuse to provide the information.
The ICO website has some useful information on your rights as a data subject.
Please contact us if you wish to make a request.
Who to contact
Our contact details Registered Office: The Health & Safety Dept Ltd, First Floor, 3 Brook Office Park, Emersons Green, Bristol, BS16 7FL Tel: 0345 208 1120 Email: dataprotection@hsdept.co.uk Company number: 04479417 |
Making a complaint
If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details above. We would ask that if you do wish to do this that you please tell us first so that we have a chance to address your concerns. If you are not satisfied with our response or you are unhappy with how we have used your data, you can also complain to the ICO. The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk |
Document History
Date this Privacy Notice was last reviewed: December 2022
Looking for expert HR support?
We can help you focus on your business by taking care of all your human resources needs.
Let us know how we can help or ask about our free initial HR review.
Preventing People Problems
Get in Touch
Subscribe to our monthly newsletter
| VAT Number: 900674738 | Registration Number: 06316590
Copyright © 2007 – 2021 The HR Dept Ltd. HR DEPT is a registered trademark belonging to The HR Dept Limited.