Privacy:
Health &
Safety
Cybanetix is committed to protecting your personal information.
Employees – for current, former and prospective employees
Health and safety – relevant for anyone working on, or visiting our sites
Visitors – for visitors to our site
Customers – for individuals who are direct customers of Cybanetix~
Suppliers – for sole traders and partnerships who are suppliers to Cybanetix
Shareholders – for individuals who hold shares in Cybanetix
Website – for users of our website
CCTV – covers images captured by our CCTV systems
What is Health and Safety Data
Health and safety data refers to the information collected and used to manage and ensure the health, safety, and well-being of Cybanetix employees, visitors, and other stakeholders in a workplace or organisational setting.
What is the lawful basis for our processing of your data?
We collect and process this information because:
Legal Obligation: We need to do so to comply with health and safety legislation, including the Health and Safety at Work Act 1974 and supporting regulations
Legitimate Interest: Additionally, it is in our legitimate interests to look after the health of our employees and others who visit our sites
And in particular, for data about your health, we process this because :
• It’s necessary as part of our occupational health obligations
• We may need to defend Cybanetix and its employees against legal claims
What categories of Health and Safety data may we hold?
If you are in an accident on one of our sites or while working for us, we will collect and process some information about you. We may also do this if you are a witness or otherwise involved in an incident.
This information we collect for incidents may include:
• Contact details for anyone involved in the incident
• Reports and accounts of what happened including, where injury results, the nature of the injury
• Follow up information on the health of others involved in the incident
We collect this information directly from you, or from others who witnessed the incident.
We retain this information for up to 3 years from the date of the incident. In the event of an incident resulting in occupational disease, then we will retain incident information for up to 40 years.
We may also use anonymised versions of the data to support our internal training so that future incidents can be avoided.
Purposes of Processing
We collect and process this information because:
• We need to do so to comply with health and safety legislation, including the Health and Safety at Work Act 1974 and supporting regulations
• Additionally, it is in our legitimate interests to look after the health of our employees and others who visit our sites
And in particular, for data about your health, we process this because :
• It’s necessary as part of our occupational health obligations
• We may need to defend Cybanetix and its employees against legal claims
Disclosure
We may share your data with:
• Our insurers and their underwriters
• Government agencies such as the Health and Safety Executive
• Professional and legal advisors
• Our occupational health advisory partners
Monitoring
If you work on our site we may also collect information required to prevent and manage health problems. This may be information on lung function, hearing or similar health tests.
We may have you wear sampling equipment which measures your exposure to a hazard.
We will record and store information about your exposure levels and use this to evaluate whether changes are necessary to our factories or to your activities.
We retain this information for up to 40 years.
Personal evacuation plans
If you have problems which require us to maintain a personal evacuation plan for you, we will do so. We will retain this plan while you work for us, and we may share it with the emergency services.
Data Transfer
Employee HR/Health and Safety data may be transferred to and stored in data centres outside the UK to support global business operations, enhance data management efficiency, and provide comprehensive HR services. This enables us to manage HR functions effectively across our organisation and ensures timely processing of employee records.
The DPO will ensure any data going outside the UK will only be transferred on the basis of one the mechanisms approved by the UK Government which may include standard contractual clauses, intra-group agreements, or binding corporate rules.
Your rights
Under the UK General Data Protection Regulation (UK GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to, rectification of or erasure of your personal data.
You have the right to request that we restrict processing your data (have us store but not use your data), object to our processing of your data as well as in certain circumstances the right to data portability.
Exercising these rights
If you wish to exercise your rights contact dpo@cybanetix.com
However, you may also make the request to anyone at Cybanetix, who will start the process for you. If the request is made verbally the Cybanetix staff member receiving the request shall record it in writing and confirm the wording with you.
If we decide not to act on your request within a month, or refuse the request, we will set out clearly the reason we took no action.
Right to complain
And, if you do not agree with our decision, or otherwise believe we have not complied with the requirements of UK GDPR, you can ask the Information Commissioners Office to review how we have handled your request.
Data security
Cybanetix protect your information by following industry recognised standards and regulations such as ISO27001, PCI DSS, Cyber Essentials and UK GDPR.
We restrict who can access your information to just those who need it for the purposes described in this document. When we transmit your data over the Internet we encrypt it.
Contact details
Cybanetix Limited
The Coade
Level 9
98 Vauxhall Walk
London
SE11 5EL
Tel: 020 8396 7442
Our data protection officer can be contacted at dpo@cybanetix.com