Plant and Safety Privacy Notice

Policy Overview

Plant and Safety Ltd uses personal data to provide Engineering Testing, Inspection, Certification,  and Training Services. The company will only process  and manage personal data in compliance with the EU General Data Protection Regulations (Regulation EU 2016-679), commonly referred to as ‘GDPR’. 

As defined by the GDPR: “‘personal data’ means any information related to an identified or identifable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, economic, cultural or social identity of that natural person“.  (Source: Information Commissioner’s Office)

Who is Responsible for Personal Data?

Plant and Safety Ltd is responsible for your data. We are registered as a company in England and Wales (Company Number: 11940872), and our office is registered at Shenstone Court, Court Drive, Shenstone, Staffordshire, WS14 0JQ. Plant and Safety Ltd are responsible for processing, managing, and controlling any personal data as the ‘Data Controller’ 

How We Process and Control Personal Data

As a Data Controller, Plant and Safety Ltd is responsible for compliance with its obligations under the GDPR. We meet our obligations by ensuring that personal data is processed lawfully, protected from loss, misuse, unauthorised access or disclosure, and unnecessary or excessive amounts of data is not collected or retained for any longer time period than necessary. Plant and Safety Ltd will also ensure that data is kept up to date, stored and destroyed securely, and ensure that appropriate security measures are maintained to protect personal data, specifically: 

  • Processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
  • Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”

How We Collect Personal Data

Depending on the interaction with our business, personal data can be collected from our customers, suppliers, employees, and other third parties. This can include, but may not be necessary limited to, the following: 

  • Customer or supplier information including contact details, contractual agreements, accreditation and certification, payment or banking information, and any other data provided by these parties
  • Written or verbal communication including emails, phone calls, social media, electronic and written forms, , letters, application forms
  • Employee files, documentation, and agreements including contracts of employments, start forms, and payment or banking information
  • Computer records including the usage of our website, applications, and other systems
  • Marketing material including photographic and branding images
  • Security systems including CCTV at our office locations

Purpose and Legal Basis for Processing Personal Data

Plant and Safety Ltd will only process personal data if we have a valid and lawful reason for doing so. This is typically to allow us to provide a range of services, and may also include promotional and marketing activities, maintaining our own records, management of new and existing employees, manage payments to third parties including customers and suppliers, and for any other valid or lawful reason required to operate our business.  

Our legal basis for processing personal data will comply with one or more of the following conditions: 

  • Consent – Consent of the Data Subject is freely given for a specific purpose, which is clear and concise 
  • Contract – Processing of the data is essential to the way in which we provide a contractual service
  • Legal Obligation -Compliance with the legal obligation to which the Data Controller is subject to
  • Vital Interests – When necessary to protect the vital interests of a Data Subject or other natural person such as an emergency
  • Public Interest – When necessary to protect public interest, or exercise the authority vested in the Data Controller 
  • Legitimate Interests – Pursued by a third party or data controller 

Special Categories of 'Sensitive Personal Data'

Plant and Safety Ltd will only process personal data if we have a valid and lawful reason for doing so. This is typically to allow us to provide a range of services, and may also include promotional and marketing activities, maintaining our own records, management of new and existing employees, manage payments to third parties including customers and suppliers, and for any other valid or lawful reason required to operate our business.  

Our legal basis for processing personal data will comply with one or more of the following conditions: 

  • Consent – Consent of the Data Subject is freely given for a specific purpose, which is clear and concise 
  • Contract – Processing of the data is essential to the way in which we provide a contractual service
  • Legal Obligation -Compliance with the legal obligation to which the Data Controller is subject to
  • Vital Interests – When necessary to protect the vital interests of a Data Subject or other natural person such as an emergency
  • Public Interest – When necessary to protect public interest, or exercise the authority vested in the Data Controller 
  • Legitimate Interests – Pursued by a third party or data controller