PRIVACY NOTICE ISSUED BY RAMSAY SAFETY SOLUTIONS LTD
Introduction
The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”), impose certain legal obligations in connection with the processing of personal data.
Ramsay Safety Solutions Ltd is a data controller within the meaning of the GDPR. The Company’s contact details are as follows:
Directors: Calogero Gattuso & Alfonsina Gattuso
Data Protection Officer: Alfonsina Gattuso
We may amend this Privacy Notice from time to time. If we do so, we will supply you with and/or otherwise make available to you a copy of the amended Privacy Notice.
The purposes for which we intend to process personal data
We intend to process personal data for the following purposes:
- To enable us to supply professional services to you as our client.
- To comply with professional obligations to which we are subject as a member of the IOSH (Institution of Occupational Safety and Health), IIRSM (International Institute of Risk and Safety Management), OSHCR (Occupational Safety and Health Consultant’s Register).
- To enable us to invoice you for our services and investigate/address any fee disputes that may arise.
- To contact you about other services we provide which may be of interest to you, if you have consented for us to do so.
The legal reasons for our intended processing of personal data
Our intended processing of personal data is for the following legal reasons:
- At the time you instructed us to act, you gave consent to our processing your personal data for the purposes listed above.
- The processing is necessary for the performance of our contract with you, and for the production of legal Health & Safety documents for your use.
- The processing is necessary for compliance with legal obligations.
It is a requirement of our contract with you that you provide us with the personal data that we request. If you do not provide the information we require, we may not be able to provide professional services to you. If this is the case, we will not be able to commence acting or will need to cease to act.
Persons/Organisations to whom we may give data
We may share your personal data with:
- Any third parties with whom you require or permit us to correspond.
- Sub-contractors
- An alternate appointed by us, in the event of incapacity or death.
- Professional indemnity Insurers.
If the law allows or requires us to do so, we may share your personal data with:
- Any professional body requesting information in writing, e.g. Health & Safety Executive, Fire Authorities, Police, Insurers, Councils etc., where the withholding of information will obstruct any legal investigation.
Any information shared will be communicated back to you. We reserve the right to share any information of a Health & Safety nature or a breach of statutory duty with legal enforcers.
We may need to share your personal data with the third parties identified above, in order to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties, we may need to cease to act for you.
We reserve the right to report any Health & Safety Accreditation Scheme, which we believe has been obtained by fraudulent means.
Transfers of personal data outside the EU
Your personal data will be processed in the UK only.
Retention of personal data
When acting as a data controller, and in accordance with recognised good practice with the Health & Safety compliance sector, we will retain the following records relating to you on our Server as stated below: (In brackets)
- Any Accident Investigation records. This will include any relevant Risk Assessments. (3 Years)
- Any Prohibition or Improvement Notices our clients may be served with. (4 years)
- Any RIDDOR reportable statutory incidents / accidents/ diseases. (3 Years)
- Any type of relevant Risk Assessments or Policies. (3 Years)
- Any type of Training Records and Certificates. (3 Years)
- Any Site Inspections conducted on behalf of the client. (3 Years)
- Any Audits or Fire Risk Assessments as requested by the client. (3 Years)
- Any Health Surveillance records, including “Fit Testing”. (40 Years)
- Any Minutes of Health & Safety Meetings we have attended. (3 Years)
Our contractual terms provide for the destruction of documents after 5 years, this excludes Any Health Surveillance records including “Fit Testing” and therefore, agreement is taken as the retention of records for the period, and to their destruction thereafter.
You are responsible for retaining information that we send to you in order for you to comply with relevant Health & Safety legal compliance.
Where we act as a data processor, we will delete or return all personal data to your data controller, as agreed with the data controller at the termination of the contract.
Requesting personal data, we hold about you (Subject Access Requests)
You have a right to request access to your personal data that we hold. Such requests are known as “Subject Access Requests” (SARs).
Please provide all SARs in writing marked for the attention of Alfonsina Gattuso.
Any requests for information by a third party will need to be in writing, and the source will be verified by us.
The law requires that we comply with a SAR promptly, and in any event within one month of receipt. There are however, some circumstances in which the law allows us to refuse to provide access to personal data in response to a SAR. (e.g. If you have previously made a similar request and there has been little or no change to the data since we complied with the original request).
We will not charge you for dealing with a SAR.
You can ask a third party to request information on your behalf. We must have your authority to respond to a SAR made on your behalf. You can provide such authority by signing a letter which states that you authorise the person concerned to write to us for information about you, and / or receive our reply.
Where you are a data controller and we act for you as a data processor, we will assist you with SARs on the same basis as set out above.
Specific uses of information you provide to us
Complaints regarding content on our website:
If you complain about any of the content on our website, we shall investigate your complaint. If we feel it is justified, or if we believe the law requires us to do so, we shall remove the content whilst we investigate.
Free speech is a fundamental right, so we will make a judgment as to whose right will be obstructed, yours, or that of the person who posted the content that offends you.
If we think your complaint is vexatious or without any basis, we shall not correspond with you about it.
Sending a message to our team:
When you contact us, whether by telephone, through our website or by email, we collect the data you have given to us, in order to reply with the information requested.
We record your request in order to reply to the requirements for your business. We keep personally identifiable information associated with your message, such as your name and email address so we can reply to your communication.
Use of information we collect when you visit our website
We use Cookies on our Website. We may track certain information for marketing purposes and the development of our website. We have changed Google Analytics to anonymize IP addresses, so this address cannot be traced back to the originators geographical location.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
The table below explains the cookies we use and why.
Necessary Cookies
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
| Name | Provider | Purpose | Expiry | Type |
|---|---|---|---|---|
| CookieConsent | ramsaysafetysolutions.co.uk | Stores the user's cookie consent state for the current domain | 1 year | HTTP |
Statistic Cookies
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
| Name | Provider | Purpose | Expiry | Type |
|---|---|---|---|---|
| _dc_gtm_UA-# | ramsaysafetysolutions.co.uk | Used by Google Tag Manager to control the loading of a Google Analytics script tag. | Session | HTTP |
| _ga | ramsaysafetysolutions.co.uk | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | 2 years | HTTP |
| _gid | ramsaysafetysolutions.co.uk | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | Session | HTTP |
| @@History/@@scroll|# [x2] | twitter.com youtube.com |
Unclassified | Persistent | HTML |
Marketing Cookies
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
| Name | Provider | Purpose | Expiry | Type |
|---|---|---|---|---|
| IDE | doubleclick.net | Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. | 1 year | HTTP |
| test_cookie | doubleclick.net | Used to check if the user's browser supports cookies. | Session | HTTP |
| fr | facebook.com | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. | 3 months | HTTP |
| ads/ga-audiences | google.com | Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites. | Session | Pixel |
| NID | google.com | Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads. | 6 months | HTTP |
| collect | google-analytics.com | Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels. | Session | Pixel |
| gwcc | ramsaysafetysolutions.co.uk | This cookie allows Google to track any call conversions on mobile devices. | 3 months | HTTP |
| GPS | youtube.com | Registers a unique ID on mobile devices to enable tracking based on geographical GPS location. | Session | HTTP |
| PREF | youtube.com | Registers a unique ID that is used by Google to keep statistics of how the visitor uses YouTube videos across different websites. | 8 months | HTTP |
| VISITOR_INFO1_LIVE | youtube.com | Tries to estimate the users' bandwidth on pages with integrated YouTube videos. | 179 days | HTTP |
| YSC | youtube.com | Registers a unique ID to keep statistics of what videos from YouTube the user has seen. | Session | HTTP |
| tr | facebook.com | Unclassified | Session | Pixel |
| ads/user-lists/# | google.com | Unclassified | Session | Pixel |
How do I change my Cookie settings?
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
Find out how to manage cookies on popular browsers:
Google Chrome Microsoft Edge Mozilla Firefox Microsoft Internet Explorer Opera Apple SafariTo find information relating to other browsers, visit the browser developer's website.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
Putting things right (the right to rectification)
You have a right to obtain the rectification of any inaccurate personal data concerning you that we hold. You also have a right to have any incomplete personal data completed. Should you become aware that any personal data held about you is inaccurate and / or incomplete, please inform us immediately so we can correct and / or complete it.
Deleting your records (the right to erasure)
In certain circumstances, you have a right to have the personal data held about you erased. Further information is available on the ICO website (www.ico.org.uk). If you would like your personal data erased, please inform immediately, and we will consider your request. In certain circumstances, we have the right to refuse. If applicable, we will supply you with the reasons for refusing your request.
The right to restrict processing and the right to object
In certain circumstances you have the right to ‘block’ or suppress the processing of personal data, or to object to the processing of that information. Further information is available on the ICO website (www.ico.org.uk). Please inform us immediately if you want us to cease to process your information or you object to processing so that we can consider what action is appropriate.
Obtaining and re-using personal data (the right to data portability)
In certain circumstances, you have the right to be provided with the personal data that we hold about you in a machine-readable format, e.g. so that the data can easily be provided to a new professional advisor. Further information is available on the ICO website (www.ico.org.uk).
The right to data portability only applies:
- to personal data an individual has provided to a controller,
- where the processing is based on the individual’s consent or for the performance of a contract,
- when processing is carried out by automated means.
Withdrawal of Consent
Where you have consented to our processing of your personal data, you have the right to withdraw that consent at any time. Please inform us immediately if you wish to withdraw your consent.
Please note:
- The withdrawal of consent does not affect the lawfulness of earlier processing.
- If you withdraw your consent, we may not be able to continue to provide services to you.
- Even if you withdraw your consent, it may remain lawful for us to process your data on another legal basis (e.g. because we have a legal obligation to continue to process your data).
Automated decision-making
We do not intend to use automated decision-making in relation to your personal data.
Complaints
If you have requested details of the information we held about you, and you are not happy with our response, or you think we have not complied with the GDPR or DPA 2018 in some way, you can complain to us. Please send any complaints to Alfonsina Gattuso (01992 461068).
If you are not happy with our response, you have a right to lodge a complaint with the ICO (www.ico.org.uk).