Privacy Notice and Data Protection Policy

Introduction


The General Data Protection Regulation (GDPR) 2018 replaces the EU Data Protection Directive of 1995. Its purpose is to protect the “rights and freedoms” of natural persons (i.e. living individuals) and to ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent.


Umbrella Health and Safety Limited is committed to protecting your privacy. This Privacy Notice and Data Protection Policy informs visitors to our website (https://www.uhas.co.uk), our clients and others affected by our business about how we use personal information that we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.


Umbrella Health and Safety Limited only process and hold personal data considered essential to performing basic business functions when providing requested services to our clients. 


Topics:


  1. When do we collect your information and what information do we collect?
  2. Reasons for collecting personal information
  3. Use of your information
  4. Sharing your information
  5. How long do we keep your information?
  6. Your rights
  7. Cookies
  8. Where we store your personal data
  9. How to contact us


1. When do we collect your information and what information do we collect?


We collect your information:

  • When you visit our website.
  • When you engage with us on social media.
  • When you contact us with queries or complaints, or to report a problem with our website.
  • When you enter prize draws or competitions, or complete any surveys we send you.
  • When you book our services or book to attend an event e.g. a training course.
  • When you comment on or review our products and services.
  • When you fill in any forms.
  • We also collect data from publicly available sources (such as Companies House) where the information is made public as a matter of law.

 

We will collect and process the following information about you:


Information you give us. 

We only require essential administrative personal information, that may include your name, address, e-mail address, home or work address and phone number for the sole purpose of providing requested services and products to you.


Information we collect about you. 

With regard to each of your visits to our website we will automatically collect the following information:

 

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • Information about your visit, including the full Uniform Resource Locators (URL), to, through and from our website (including date and time), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

 


2. Reasons for collecting Personal Information


The lawful bases for processing your personal data are: 

  • Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract. 
  • Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations). 

 

Umbrella Health and Safety Limited does not process and retain any special category data whilst performing work on behalf of our clients. Special categories of personal data includes: personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; or trade-union membership; and the processing of genetic data; biometric data for the purpose of uniquely identifying a natural person; data concerning health or data concerning a natural person’s sex life or sexual orientation. 


The type of information that we collect is limited to that which is necessary:

  • To deal with your enquiries - For online or telephone enquiries, we will generally require basic information such as your name and contact details in order to be able to deal with your enquiry.
  • Business purposes - When you enter into a business relationship with us, the information that we will require will be of a more detailed nature and may include your home or business address and contact details. We will need this information to ensure that we provide the requested services to you, and for general administrative purposes. Any contract we have with you will be governed either by: (i) the applicable standard T&Cs; or (ii) bespoke contractual documentation agreed with our clients.

 


3. Use of your information


We use information held about you in the following ways:

Information you give to us - We will use this information: 

  • To carry out our obligations arising from any contracts entered into between us and to provide you with the information and services that you request from us;
  • To notify you about changes to our services;
  • To ensure our website content is presented in the most effective manner for you and your computer.
  • Information we collect about you - We will use this information: 
  • To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • To improve our website to ensure that content is presented in the most effective manner for you and for your computer;
  • As part of our efforts to keep our website safe and secure.

 

4. Sharing your Information


We will only share your personal data with trusted third parties, suppliers or sub-contractors for the performance of any contract we enter into with you (e.g. providing booking information to a training course venue), or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation.


5. How long do we keep your information?


Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, your data will either be deleted completely or anonymised (e.g. by aggregating it with other data so that it can be used in a non-identifiable way for business planning). In certain cases, the law requires us to keep personal data for a specific period (e.g. a minimum of three years for accident book records).


6. Your rights


You have the right to request:

  • Access to the personal data we hold about you, free of charge in most cases.
  • The correction of your personal data when incorrect, out of date or incomplete.

 

Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

Where we rely on our legitimate interest

Where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must comply unless we believe we have a legitimate overriding reason to continue processing your personal data.


External websites

Our website may contain links to external websites or social media platforms. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. You should check these policies before you submit any personal data to these websites.


Complaints

If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.


If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO) using their help line 0303 123 113 or at www.ico.org.uk.


7. Cookies


Our website uses cookies to distinguish you from other website users. This helps us to provide you with a good browsing experience. 


A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.


We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes.


A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of our website.


Cookies deployed by our website:

  • Ensure that functionality operates as intended
  • Remember your choices and preferences during and between visits
  • Allow you to share pages via social network widgets like Facebook and Twitter
  • Track your visit for statistical analysis, allowing us to improve the usability, speed and security of our website

 

Cookies are not deployed to:

  • Collect any personal identifiable information (without your express permission).
  • Collect any sensitive information (without your express permission).
  • Pass personally identifiable data to third parties.

 

Your consent for cookie deployment by our website

Upon your first visit to our website, you may have noticed our banner alerting you to the use of cookies by our website. In compliance with the 2011 EU Cookie Law, our website operates on an ‘Implied Consent’ basis. This means that we will assume that you have opted-in for our website to deploy cookies until you choose to deactivate them within your browser settings. By default, the majority of popular web browsers automatically permit websites to deploy cookies onto your device. For more information on the EU Cookie Law in the UK, we recommend visiting the Information Commissioner’s Office (ICO) website where you can find the latest information, guidelines and advice on the EU Cookie Law.

 

How to disable cookies

Most modern browsers allow you to control your cookie settings for all websites that you browse. You can disable cookie deployment completely by editing your browser settings, however in doing this you may be limiting the functionality that is displayed on our website. 


If you are concerned about cookies tracking your movements on the Internet then you may be concerned about spyware. Spyware is the name given to a particular band of cookies that track personal information about you. There are many anti-spyware programs that you can use to prevent this from happening. 


8. Where we store your personal data


The data that we collect from you will not be transferred to, or stored at, a destination outside the European Economic Area ("EEA"). We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice and Data Protection Policy.


All information you provide to us is stored securely on company computers, with the following measures adopted to protect your personal information:

  • All assets (computer equipment and mobile devices) are kept in secured / locked locations when not in transit with an appointed Umbrella Health and Safety Limited employee / custodian.
  • Assets are secured with strong passwords (regularly changed) and two-factor authentication.
  • Secure mail servers over an SSL connection used for company email correspondence.
  • Website SSL certification.
  • Anti-virus subscription to cover all company assets with software updates and system scans performed daily.
  • Automatic software and firmware updating of all company assets.
  • Remote tracking for mobile assets. 
  • Public wi-fi not to be used for any company assets (secure company wi-fi dongle only).
  • USB devices and other removable media to be used only when absolutely necessary, and to be password protected / encrypted.

 

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through our website or via email; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.


9. How to contact us


We hope this Privacy Notice and Data Protection Policy has been helpful in terms of how we use your personal data and your rights in relation to such personal data. 


If you have any questions or wish to make a complaint, please contact our Data Protection Officer:

  • Email us at admin@uhas.co.uk
  • Write to us at Data Protection Officer, Umbrella Health and Safety Limited, 1 Yew Tree Court, Poulton, Chester, Cheshire, CH4 9FH

 


This Privacy Notice was last reviewed on 01 February 2023.

Share by: