Introduction
This privacy notice explains how the council collects, uses, and protects personal data in relation to health and safety functions.
The council is committed to ensuring the health, safety, and wellbeing of its employees, elected members, contractors, service users, and members of the public. In order to meet these responsibilities, it is necessary to collect and process personal information.
The council may process and share personal data where necessary to protect staff and others from harm, including for the prevention, detection and management of incidents affecting staff safety, in line with its legal obligations under health and safety legislation and the UK GDPR.
Purpose for processing personal data
We process personal data for the following purposes:
- To ensure the health, safety and wellbeing of staff, councillors, contractors and the public
- To prevent, investigate and manage incidents, accidents, and near misses
- To protect individuals (including staff) from harm, including risks of violence, aggression or safeguarding concerns
- To carry out risk assessments and implement safety measures
- To comply with our legal obligations under health and safety legislation
- To support incident reporting, monitoring and learning to prevent future harm
Lawful basis for processing
We rely on the following lawful bases under the UK GDPR:
- Article 6(1)(c) – Legal obligation (for example, Health and Safety at Work Act 1974)
- Article 6(1)(e) – Public task (carrying out official functions in the public interest)
Where special category data is processed (for example, health information), we rely on:
- Article 9(2)(b) – Employment and social protection law
- Article 9(2)(g) – Substantial public interest (including safeguarding and protection from harm)
Types of personal data we collect
We may collect and process the following information:
- Names, contact details, and identifiers
- Employment or role-related information
- Details of incidents, accidents, complaints or concerns
- Health or injury information (where relevant)
- Information relating to behaviour, risks, or safeguarding issues
- CCTV or other monitoring data (where applicable)
How we collect your data
We collect personal data from:
- you directly (for example, incident reports, forms, communications)
- council systems and staff
- witnesses or third parties (for example, colleagues, members of the public, other agencies)
- emergency services or regulatory bodies
- CCTV or monitoring systems (where in place)
Who we share your data with
We may share personal data where necessary with:
- internal council services
- emergency services (police, fire, ambulance)
- regulatory bodies (for example, Health and Safety Executive)
- other public authorities or safeguarding partners
- insurers, legal advisors or auditors
We will only share information where it is necessary, proportionate, and lawful, including where required to protect individuals from harm or comply with legal obligations.
How long we keep your data
We will retain personal data only for as long as necessary for health and safety purposes, in line with the council’s retention schedule and legal requirements.
Your rights
Under data protection law, you have rights including:
- The right to access your personal data
- The right to request correction of inaccurate data
- The right to request erasure in certain circumstances
- The right to restrict or object to processing
These rights may be limited where processing is necessary for legal or safeguarding purposes.
Data security
We take appropriate technical and organisational measures to protect personal data, including:
- secure systems and restricted access
- staff training and confidentiality requirements
- procedures for managing data breaches
Reporting concerns
If you have concerns about how your personal data is handled, you can contact the council’s Data Protection Officer.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
Next review June 2026 – Corporate Health and Safety Manager.