If you are in an accident on one of our sites or while working for us, we will collect and process some information about you. We may also do this if you are a witness or otherwise involved in an incident.
This information we collect for incidents may include:
- Contact details for anyone involved in the incident
- Reports and accounts of what happened including, where injury results, the nature of the injury
- Follow up information on the health of others involved in the incident
We collect this information directly from you, or from others who witnessed the incident.
We retain this information for up to 3 years from the date of the incident. In the event of an incident resulting in occupational disease, then we will retain incident information for up to 40 years.
We may also use anonymised versions of the data to support our internal training so that future incidents can be avoided.
If you work on our site we may also collect information required to prevent and manage health problems. This may be information on lung function, hearing or similar health tests.
We may have you wear sampling equipment which measures your exposure to a hazard.
We will record and store information about your exposure levels and use this to evaluate whether changes are necessary to our factories or to your activities.
We retain this information for up to 40 years.
Personal evacuation plans
If you have problems which require us to maintain a personal evacuation plan for you, we will do so. We will retain this plan while you work for us, and we may share it with the emergency services.
We collect and process this information because:
- We need to do so to comply with health and safety legislation, including the Health and Safety at Work Act 1974 and supporting regulations
- Additionally, it is in our legitimate interests to look after the health of our employees and others who visit our sites
And in particular, for data about your health, we process this because :
- It’s necessary as part of our occupational health obligations
- We may need to defend Cybanetix and its employees against legal claims
We may share your data with:
- Our insurers and their underwriters
- Government agencies such as the Health and Safety Executive
- Professional and legal advisors
- Our occupational health advisory partners
We do not currently transfer this data outside of the EEA. If we do so in the future we will use a legal framework approved by the EU for the protection of your data.
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to, rectification of or erasure of your personal data.
You have the right to request that we restrict processing your data (have us store but not use your data), object to our processing of your data as well as in certain circumstances the right to data portability.
If you wish to exercise your rights contact email@example.com
However, you may also make the request to anyone at Cybanetix, who will start the process for you. If the request is made verbally the Cybanetix staff member receiving the request shall record it in writing and confirm the wording with you.
If we decide not to act on your request within a month, or refuse the request, we will set out clearly the reason we took no action.
Right to complain
And, if you do not agree with our decision, or otherwise believe we have not complied with the requirements of GDPR, you can ask the Information Commissioners Office to review how we have handled your request.
Cybanetix protect your information by following the advice in the UK governments cyber essentials standard. We restrict who can access your information to just those who need it for the purposes described in this document. When we transmit your data over the Internet we encrypt it.
92 Albert Embankment
Tel: 020 8396 7442
Our data protection officer can be contacted at firstname.lastname@example.org