Privacy Notice

This site is provided by Health and Safety Executive in conjunction with the Government Digital Service (GDS), part of the Cabinet Office.

Health and Safety Executive is the data controller for any personal information published on this site and any personal information collected via cookies. 

The Cabinet Office is the data controller for personal information processed as part of providing the underlying platform such as IP addresses. 

A data controller determines how and why personal data is processed. For more information, read the Cabinet Office’s entry in the Data Protection Public Register.

What data we collect & why we need it

GDS collects some data automatically when you visit this site. This includes your Internet Protocol (IP) address, and details of which version of web browser you use. GDS uses this information to provide you with access to the website and to monitor use of the site to identify security threats.

Where you provide your consent Health and Safety Executive uses Google Analytics to collect the following information about how you use this website: 

  • the pages you visit on GOV.UK
  • how long you spend on each GOV.UK page
  • how you got to the site
  • what you click on while you’re visiting the site
  • a rough indication of your location using your anonymised IP address.

No directly identifiable personal information is collected through Google Analytics (for example your name or address). Health and Safety Executive will not identify you through analytics information, and will not combine analytics information with other data sets in a way that would identify who you are.

Health and Safety Executive uses this information to make sure the website is meeting the needs of its users and to make improvements. 

See the Cookies page for more information about the cookies used on this website. 

Legal basis for processing your data

GDS’s legal basis for processing personal data in relation to site security is their legitimate interests in ensuring the security and integrity of the platform. 

GDS’s legal basis for processing all other personal data is that it’s necessary to perform a task in the public interest or in the exercise of our functions as a government department

Health and Safety Executive’s lawful basis for collecting your information with Google Analytics is your consent.

What we do with your data

GDS or Health and Safety Executive may share data with other government departments, agencies and public bodies where there is a legitimate and justifiable business need. Data may also be shared with technology suppliers, such as hosting providers, which act as data processors.

We will not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.

How long we keep your data

We will only retain your personal data for as long as it is needed for the purposes set out in this document or for as long as the law requires us to.

GDS will delete access log data after 120 days. 

Health and Safety Executive will delete Google Analytics data after 14 months.

Children’s privacy protection

This website is not designed for, or intentionally targeted at, children 13 years of age or younger. Neither GDS or Health and Safety Executive intentionally collect or maintain data about anyone under the age of 13.

Where your data is processed and stored

Data related to the underlying platform is processed and stored in the European Economic Area (EEA). Data collected by Google Analytics may be transferred outside the EEA for processing. 

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data – for example, we protect your data using varying levels of encryption.

We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.

Your rights

You have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data
  • that anything inaccurate in your personal data is corrected immediately

You can also:

  • raise an objection about how your personal data is processed
  • request that your personal data is erased if there is no longer a justification for it
  • ask that the processing of your personal data is restricted in certain circumstances

If you have any of these requests, get in contact with gds-privacy-office@digital.cabinet-office.gov.uk.

Contact us or make a complaint

Contact the GDS Privacy Team at gds-privacy-office@digital.cabinet-office.gov.uk if you:

  • have a question about anything in this privacy notice
  • think that your personal data has been misused or mishandled

You can also contact the Cabinet Office and Health and Safety Executive’s Data Protection Officers (DPO):

Data Protection Officer

DPO@cabinetoffice.gov.uk

Cabinet Office

70 Whitehall

London

SW1A 2AS

The DPOs provide independent advice and monitoring of our use of personal information.

You can also make a complaint to the Information Commissioner, who is an independent regulator.

Information Commissioner

casework@ico.org.uk

Telephone: 0303 123 1113

Textphone: 01625 545860

Monday to Friday, 9am to 4:30pm

Find out about call charges

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

Changes to this policy

This policy may be changed from time to time. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.

If these changes affect how your personal data is processed, GDS and Health and Safety Executive will take reasonable steps to let you know.


Last updated 22nd December 2022.