Health and Safety Department – Audit and Risk - privacy notice

What personal information is being processed and what for

We collect personal data such as name, address, contact details, gender, employer details, training records, and incident details. We also collect ‘special category’ data such as health information and criminal conviction details.

“The Health and Safety Team processes your personal data to provide health and safety advice, support the council in meeting its legal obligations, and manage related systems effectively.”

Why we are allowed to use your information

We use your personal data to help us meet our ‘legal obligations’. We use your ‘special category’ data where there is a ‘substantial public interest’ based in law for statutory and government purposes

Who we will share your information with

Personal information will be shared with third-party organisations where the law allows, including the Health and Safety Executive, police and insurance companies. It may also be accessible to ICT and admin support functions in the event of system related queries and technical matters.

Where we get your information from

We receive your data from reports submitted onto the system in such a scenario whereby you suffer an injury or are involved in an incident at work or a member of the public in a public setting: requiring resolution or remedy.

We collect information directly from you through phone calls, emails, and forms. We also receive information from other organisations or third parties such as the police.

How long we will keep your personal information

We maintain historic information for the purpose of legal, insurance, occupational health and other mandatory requirements. We utilise non personal data associated with records to produce historical performance statistics, data utilised does not identify any individuals in this scenario, it is year on year quantitative categories or types of injuries as a count for example. We review information and will delete where possible any surplus to requirement data as opportunities arise.

How your information is stored

We use the following measures to ensure that your personal data is secure: data protection and security policies, information security incident reporting, data and device encryption, system and data access controls, user accounts and passwords, physical and environmental security, staff vetting practices, staff training and awareness, data back-ups, ICT network penetration testing, and business continuity and disaster recovery plans

What happens if you don’t provide us with your information

We are less likely to be able to respond appropriately to accidents and incidents and will be unable to investigate fully.

Information fields are based on the data required by statutory requirements, for example reporting Health and Safety Executive (HSE)  RIDDORS and we may need the information in the event of criminal or civil action, or insurance related claims.

Will your information be used to make automated decisions

No

Your rights

You have a number of rights regarding your personal data, including withdrawing your consent where we have asked for it. You can also ask for a copy of the information we hold about you and ask us to correct anything that is wrong.

For detailed information about your rights please see our privacy notice.