TELEPHONE: 01928 716702
Copyright © 2022 Integrated Health & Safety Ltd
Data Protection Policy
1. Integrated Health and Safety are a business to business organisation and do not carry out any activity
with individuals on a personal basis.
2. The company has completed the ICO checklist provided to support the GDPR Regulations and the outcome
is generally that the activity of the company is not applicable and / or low-risk.
3. Specifically and significantly the company does not receive, store or process personally identifiable
information (Pii). When dealing with individuals as part of business activity such data is restricted to
the name only.
4. The vast majority of data held would be considered commercial rather than personal.
5. The outcome of the ICO checklist activity indicates that no specific data protection measures are required
other than a need to apply common sense precautions but the company has decided to develop and adopt
a data protection policy in any event.
Potential data hazards and company precautions
6. It is recognised that 97% of data loss or data “abuse” is as a result of human error. Staff are instructed
specifically to be careful when working with PC’s and distributing data including the following:-
a. The need to transfer data, is it essential? Legitimate business purposes only.
b. Who data is being sent to, care with “reply all”, “excessive cc distribution”, etc.
c. Ensuring that passwords are in place on all devices and regularly changed
d. Not leaving computers turned on when unattended, use of timeout facilities etc.
e. Minimise personal use of business computers, no inappropriate content / website use / linking
to social media.
7. Client data is used by all company employees based on their duties within the company and the needs
of the client.
8. Data is stored for as long as required, normally for the duration of any particular project or ongoing
commitments with clients and subsequently for a period of 7 or 13 years to provide a small “buffer”
beyond statutory obligation.
9. Antivirus and firewall software is in place on all devices.
10. The company employs a professional IT support organisation to manage the systems and this includes
a weekly remote monitoring of all devices including checking for viruses and indeed any IT issues.
11. In respect of permission to use data as noted above, this is in relation to business and commercial data,
not Pii. It is understood by the business community including our clients that use of data supplied is an
essential part of business. As a company we do not seek authority from our clients to legitimately use
business data gained from our clients as indeed this is the essence of what we do.
12. We undertake only to transfer client data to other parties for legitimate business purposes related to
the particular client activity and not for any other purpose.
13. We very specifically will not transfer or supply client dated to any third party for purposes not related
to current business activity without client approval, this includes for marketing purposes.
14. Should any client request details of the data that we hold related to them we would establish the legitimacy
of the request in the first instance and subsequently undertake to supply this data if genuine.
15. Should a client request us to destroy his data we would do this where possible but where we have
a contractual obligation to hold data for either 6 or 12 years (depending on the contractual arrangements)
we would destroy the data at either 6 years or 12 years following the last commercial activity with the client.
Any data held that could be considered not relevant to the contractual arrangements would be destroyed
as soon as was reasonably practicable.
16. In the unlikely event that we suffer a data loss or become aware of our client data being transferred
unintentionally to others we undertake to notify both the ICO and our client within 72 hours and take
whatever appropriate action is required, seeking advice from our professional IT support company.
17. The data protection officer for the company is David Maddock.
D Maddock Director
16th May 2018
Integrated Health and Safety Ltd
Vale House, Aston lane North,
Cheshire WA7 3PE
Telephone: 01928 716702