top of page

Privacy Policy

1. Introduction

The Health and Safety Portal ("we", "us", "our") is committed to protecting and respecting your privacy. We are a UK-based health and safety consultancy providing bespoke health and safety solutions to Small and Medium Sized Enterprises (SMEs).

This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website, engage with our services, or enter into contractual arrangements with us. This policy is aligned with UK data protection law and our management systems in accordance with ISO/IEC 27001 (Information Security Management) and ISO 9001 (Quality Management).

​

2. Who We Are (Data Controller)

The Health and Safety Portal is the data controller for the purposes of data protection law.

Business name: The Health and Safety Portal
Email: info@thehealthandsafetyportal.co.uk
Telephone: [Insert phone number]
Registered address: 167 - 169 Great Portland Street, 5th Floor, London, W1W 5PF

​

3. Relevant Legislation and Standards

We comply with the following legislation and recognised standards:

​

3.1 Legislation

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

  • Privacy and Electronic Communications Regulations (PECR) 2003

  • Human Rights Act 1998 (Article 8 – Right to Privacy, where applicable)

3.2 Management System Standards

  • ISO/IEC 27001 – Information Security Management Systems (ISMS)

  • ISO 9001 – Quality Management Systems (QMS)

Our policies, procedures, risk assessments, and controls are designed to support continual improvement, confidentiality, integrity, and availability of information.

​

4. Personal Data We Collect

We may collect and process the following categories of personal data:

​

4.1 Information You Provide to Us

  • Name

  • Job title

  • Company name

  • Email address

  • Telephone number

  • Billing and invoicing details

  • Contractual and consultancy-related information

  • Information provided through contact forms, email correspondence, or meetings

​

4.2 Automatically Collected Information

  • IP address

  • Browser type and version

  • Operating system

  • Pages visited and interactions with the website

This information is collected through cookies and similar technologies (see Section 15).

​

5. How We Use Your Personal Data

Personal data is processed in accordance with documented procedures and only where necessary for defined purposes:

  • To respond to enquiries and provide health and safety consultancy services

  • To prepare proposals, contracts, and bespoke solutions

  • To manage client relationships and service delivery

  • To meet legal, regulatory, and contractual obligations

  • To maintain quality assurance, service improvement, and audit trails (ISO 9001)

  • To manage information security risks and prevent unauthorised access (ISO 27001)

​

6. Lawful Bases for Processing

We rely on the following lawful bases under UK GDPR:

  • Contract: Processing necessary to deliver services or enter into a contract

  • Legal obligation: Compliance with statutory and regulatory duties

  • Legitimate interests: Business operations, service improvement, and security controls, balanced against individual rights

  • Consent: Where required, particularly for marketing and non-essential cookies

​

7. Information Security (ISO 27001 Alignment)

In line with ISO/IEC 27001, we:

  • Maintain documented information security policies and procedures

  • Conduct regular information security risk assessments

  • Apply access controls to limit data access to authorised personnel only

  • Protect data through secure IT systems, encryption, and password controls

  • Manage suppliers and third parties through due diligence and contractual safeguards

  • Maintain incident management and data breach response procedures

​

8. Quality Management (ISO 9001 Alignment)

In line with ISO 9001, we:

  • Process personal data consistently and accurately

  • Ensure staff are competent and aware of data protection responsibilities

  • Monitor, review, and improve data handling processes

  • Retain records to demonstrate compliance and service quality

  • Address complaints and corrective actions promptly

​

9. Data Sharing and Third Parties

We do not sell personal data. Personal data may be shared with trusted third parties, including:

  • IT and website hosting providers

  • Professional advisers (e.g. accountants, insurers, legal advisers)

  • Regulatory or enforcement authorities where legally required

All third parties are required to implement appropriate security measures and comply with UK GDPR.

​

10. Data Retention

We retain personal data in line with documented retention schedules:

  • Client and contractual data: typically 6–7 years following contract termination

  • Enquiry data: up to 12 months if no contract is formed

  • Marketing records: until consent is withdrawn

Retention periods are reviewed regularly as part of our management systems.

​

11. Data Subject Rights

Individuals have the following rights under UK GDPR:

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restrict processing

  • Right to object

  • Right to data portability

  • Right to withdraw consent

Requests should be submitted using the contact details in Section 2.

​

12. Complaints and Supervisory Authority

If you are dissatisfied with our handling of personal data, you may complain to:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Telephone: 0303 123 1113

We encourage you to contact us first to allow us to resolve any concerns.

​

13. Relationship with Terms and Conditions

This Privacy Policy should be read alongside our Terms and Conditions, which govern:

  • Contractual obligations and service delivery

  • Client responsibilities

  • Liability and limitation clauses

  • Confidentiality and intellectual property

Where personal data is processed as part of contractual services, this Privacy Policy forms part of the contractual framework.

​

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect legal, regulatory, or organisational changes. Updates are controlled in accordance with our ISO management systems.

​

15. Cookie Policy

15.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help websites function properly and provide information to site owners.

​

15.2 Cookies We Use

  • Strictly necessary cookies: Required for the website to operate securely

  • Analytical cookies: Help us understand how visitors use our website and improve performance

​

15.3 Lawful Basis for Cookies

  • Strictly necessary cookies are used under legitimate interests

  • Non-essential cookies are used only with your consent, in line with PECR

​

15.4 Managing Cookies

You can control or delete cookies through your browser settings. Disabling cookies may affect website functionality.

​

16. Contact Us

If you have questions about this Privacy Policy, our Cookie Policy, or our Terms and Conditions, please contact:

The Health and Safety Portal
Email: [Insert contact email]

This policy supports compliance with UK data protection law, ISO/IEC 27001, and ISO 9001.

bottom of page