Privacy Policy

Who we are?

We at Athena Health, Safety and Wellbeing Services Limited are registered with the Information Commissioners Office as a Data Controller. Our reference number is ZB546138 . We are a Health and Safety Consultancy offering insight and training to individuals and businesses. We operate from our registered business address.

Your privacy

Your privacy matters to us and we are committed to the highest data privacy standards. To disclose this to you, our Privacy Policy includes the following:

  • What data we collect from you.

  • How and why we process it.

  • Who we share it with and why.

We adopt the six core principles of data protection which are:

  1. Lawfulness, fairness and transparency - we process personal data lawfully, fairly and in a transparent manner in relation to you, the data subject.

  2. Purpose limitation - we only collect personal data for a specific, explicit and legitimate purpose. We clearly state what this purpose is in this Privacy Policy, and we only collect data for as long as necessary to complete that purpose.

  3. Data minimisation - we ensure that the personal data we process is adequate, relevant and limited to what is necessary in relation to the processing purpose.

  4. Accuracy - we take every reasonable step to update or remove data that is inaccurate or incomplete. You have the right to request that we erase or rectify erroneous data that relates to you, and we will complete this task as soon as possible but guarantee to do so within a month.

  5. Storage limitation - we delete personal data when we no longer need it. Whilst the timescales in most cases are not set, we outline our retention strategy within this Privacy Policy.

  6. Integrity and confidentiality - we keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Collection of your personal data

We collect your personal information via disclosure directly from you. This might be via our website, social media engagement, telephone or face to face engagement.

Categories and Type of Personal Data Collected and processed

We collect contact details from you including:

  • Name

  • Address

  • Telephone number(s)

  • Email addresses

  • Ethnicity

  • Educational Attainment

Reason for data collection and processing activities

Contact information is captured to enable us to contact you through various communication channels on matters directly related to the service we provide.

Sharing of personal data

During the delivery of our service to you, we will share your data with other companies who are critical for the provision of our service to you and will be viewed as Data Processors. They are under contract with us and have provided sufficient guarantees that they will process your data only as per the terms of that contract and in accordance with the GDPR. Throughout their data processing activities they will ensure your data is protected using appropriate technical and organisational measures.

Securing and processing of your personal data

Your data is stored mainly within our registered business address, in conformance with GDPR and ISO 27001 requirements. In addition to this data is stored and processed within cloud based systems. As part of our own due diligence our Responsible Person, with assigned Data Protection has reviewed security processes. Your data is also stored within local devices secured using passwords and user authentication. The company offers a high level of physical security and operational rigour to ensure data and the devices on which that data resides, are protected.

In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, we have a duty to inform you immediately. If the loss or unauthorised access of your data has potential to cause you harm, we will also report this to the Information Commissioners Office who are responsible for regulating data protection legislation in the UK. https://ico.org.uk/

Our legal basis for processing your personal data

We are required to identify one of six possible legal grounds for processing. These are:

  • consent

  • contract

  • legitimate interests

  • vital interests

  • public task

  • legal obligation

As all of our processing activities are crucial to the provision of the service which we enter into a contract with you to provide, we process your data based on that contractual relationship.

We could also process your data under our legitimate interests as all processing activities are essential for the provision of our service to you.

How long do we keep your personal data for?

We process three categories of personal data and retain this data for different periods of time.

Contact information is retained as long as the data subject is a customer of ours. Where the data subject has not used our services recently, and in the absence of a direct data subject request, we hold contact information for a period of 10 years from the last contact we had with the data subject.

Your rights in relation to personal data

Under the GDPR, you have rights to access and control your personal data. These rights include:

  • access to personal information

  • correction and deletion

  • withdrawal of consent (if processing data on condition of consent)

  • data portability

  • restriction of processing and objection

  • lodging a complaint with the Information Commissioner’s Office

You can exercise your rights by emailing our responsible person at info@athena-hsw.co.uk

If you are unhappy with anything we have done with your data, you have the right to complain to the Information Commissioners Office.

To make a complaint to the Information Commissioners Office use the link below or call their hotline on Tel No. 0303 123 1113

https://ico.co.uk/concerns/

Use of cookies

A cookie is a small text file containing information that a website transfers to your computer's hard disk for record-keeping purposes. Our site uses two types of cookies. Essential cookies ensure the site functions correctly and non-essential cookies anonymously track visitors while on the site and tell us how they got here. These non-essential cookies help our marketing efforts and ensure we provide a great user experience. A cookie cannot give us access to your computer or to your personal information. Most web browsers automatically accept cookies; consult your browser's manual or online help if you want information on restricting or disabling the browser's handling of cookies. If you disable cookies, you can still view the information on our web site, but the functionality of certain areas may be reduced.

How to contact us?

For all data protection matters or questions relating to how we manage your data, you can contact our Data Protection Responsible Person via these means:

Responsible Person: Carole McMullan

Email: carole@athena.co.uk