SMAS Worksafe Privacy Notice

Why a Privacy Policy?

The SMAS Worksafe privacy policy (the “Privacy Policy”) is all about letting you know as a SMAS customer that we take the protection and management of your personal information very seriously. As a UK based business our handling of your information is controlled by the UK Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. We therefore take great care to protect your personal information or anything which might identify you personally such as:

  • Name
  • Email address
  • Telephone number
  • Organisation information (e.g. job title)
  • Online identifiers (e.g. IP address)

 

The Personal Data We Collect

We collect personal data from you when:
    • You express an interest in our products and services either over the phone, via email, social media, webforms, contact us provision, when signing up to newsletters and other communications, when downloading certain content from our website, at events we attend or host or through the live chat on our website.
    • If you contact one of our teams you may be asked for your name, company name and other information to assist us in dealing with your query.
    • When you make a purchase, we will require financial information for invoicing and collection purposes, this may include bank details, credit card information, invoice name, address, and point of contact.
    • Information collected during an assessment, this may include qualifications, training and other evidence necessary to complete the assessment.
    • If you attend an event where we are participating, you may have given additional consent to be contacted by us following the event.
    • If you connect with us through a social media channel, we will know your social media handle and any other information including photos you make available through our interactions and your profile.
    • If you complete surveys or enter competitions they may require contact information such as name, phone number, email address, company name and job title.
    • If you complete a registration form on our website when downloading content, we will ask for details such as name, email address, phone number, company name etc…
    • When you interact with our live chat function, we may need a name and email address for the functionality to work.
    • If you are an applicant for a role at SMAS Worksafe we will require information relating to your employment history which will also include name, address, phone number and email address along with personal data relating to potential referees
    • If you visit our office, you will be asked to provide your name, signature, company name and car registration number.

     

Personal data we collect from other sources

We will also gain personal information from other sources; this includes third parties we purchase or obtain data from to help us identify and grow our business which could include a greater degree of personalisation. Additionally, we may combine these records with other publicly available information to ensure that our records are accurate and up to date.

We also obtain information from other companies within the Citation Group in order to provide a greater level of service and service offering, or to better understand clients and industries we operate in, or where synergies apply to our business and to yours.

Typically, the personal information we get from third parties includes name, phone number, email address, company name, job title, contact preferences.

 

Data from your device, usage of our website and applications

When you access our website or use our SaaS products, we use tools such as cookies, beacons, and similar technologies to automatically collect information which may contain personal data from your device and usage of our site and services. The nature of what these tools collect differ between website and SaaS product but still fall into similar categories.

For further information regarding cookies and other similar technologies, please see our cookies policy here.

Mouseflow

This website uses Mouseflow: a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback campaigns, and similar features/functionality. Mouseflow may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar meta data. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser.

If you’d like to opt-out, you can do so at https://mouseflow.com/opt-out. If you’d like to obtain a copy of your data, make a correction, or have it erased, please contact us first or, as a secondary option, contact Mouseflow at privacy@mouseflow.com.

For more information, see Mouseflow’s Privacy Policy at https://mouseflow.com/privacy/
For more information on Mouseflow and GDPR, visit https://mouseflow.com/gdpr/
For more information on Mouseflow and CCPA visit https://mouseflow.com/ccpa/

Social Media

Our website uses social media icons such as Facebook and Twitter logos and other social sharing widgets. By using these features, you will be connecting to and sharing information from your browsing session with these organisations. If you are logged into your social media account, it is also possible that they will connect your activity on our site to your social media account.

This is also the case if you access our social media pages on a social media platform. The respective social media company may add your interaction to any information they may already have about you or your interests.

In all cases, in that transfer of data the social media provider is a data controller in their own right, and are responsible for what they do with your personal data. Further information can be found in the social media providers privacy notice.

 

How do we use your information?

Information we obtain from you is used to:

    • Improve and extend our services.
    • Respond to your requests for specific services.
    • Analyse user/purchaser/visitor interactions.
    • Market additional SMAS Worksafe services.

 

Purpose for processing and the legal bases for processing we rely on

We collect and process personal data for the following purposes and with the following legal bases engaged:

    • Where our website is concerned, we are processing your personal data with your consent if it is required and for other elements of our website, we are processing based on the legitimate interest to operate and administer the site. Where site security is concerned and the activities through our cookies that enable a secure site, this is administered as a legitimate interest.
    • To download some content from our site you are required to complete a form, this is done with your consent. We may also get in touch with you either by email and/or phone as a result of the download.
    • The recording of phone calls by default on all calls is done as a legitimate interest in protecting both SMAS Worksafe and your interests. Call recordings are used for security, monitoring and training purposes.
    • We may ask you for personal data when dealing with enquiries for our services, this data would be processed as a legitimate interest in being able to effectively follow up on your enquiry. This is also the case where it relates to a service enquiry or complaint, unless of course it is linked to a contractual obligation, this could include service updates and client communications, in which case it is processed as part of the fulfilment of our contract.
    • Setting up and managing your journey as a client is again done as part and parcel of the performance of the contract. This is also the case when it comes to good administration of matters relating to your contract with SMAS Worksafe.
    • Managing event registration and administration of the event is done as a legitimate interest in ensuring the efficient administration and follow up of the event. We also rely on legitimate interests to process client contact data for service surveys. If you choose to complete the survey with our partner this is done based on consent.
    • Managing your payments and payments relating to the service we provide. This also includes the entirety of the payment process in line with the terms and conditions of our service. We may also from time to time have to escalate this process to a third-party debt collection service. This disclosure of such data would be as a legitimate interest and further processed as part of the contractual terms.
    • The identification of opportunities both with prospects and opportunities within our existing client base is done in furthering the legitimate interests of the business. Any sharing of data internally within Citation Group companies is also a legitimate interest when it is done for similar purposes. This data may also be used to improve user experience and our understanding of both the client journey and appropriateness of products and services at different points of client lifecycle either within SMAS Worksafe or across the Citation group.
    • Personal advertising on our website is done with your consent when you select ‘Accept All Cookies’. Where advertising of our products and services offline is done in the pursuit of our legitimate interest and is done so with prior consent that you have provided.
    • Registering your information as a visitor to one of our offices will be done as a legitimate interest to protect you, our building, business, and colleagues.
    • If you provided a testimonial of our service, you will be doing so of your own free will and will be retained until you ask us to remove it.
    • Where you have applied as a candidate for a role at our company, we will process your information in order to progress your application, contact you with updates, assess your qualities and capabilities against the requirements of the role and against other candidates. You will also be asked for proof of qualifications, references, and other right to work information such as identification documents. This processing is done in part as a legitimate interest, in part with your consent and in part as a legal obligation. We may also use recruitment companies from time to time, where data is shared with these organisations, we will both be data controllers and you will have been referred to us from them. Further data protection information regarding their activities can be gained directly from the recruitment agency.
    • We may use personal data relating to usage of our SaaS products for reporting and analytical purposes, this is a legitimate interest in trying to improve our offering and further the growth of the business.
    • We will send sales and marketing communications such as emails or phone calls related to our services and those services of other companies in the Citation Group only if we can do so in accordance with data protection legislation.

 

Legal requests for information

SMAS Worksafe may be required under court order to provide personally identifiable information to government authorities. Providing such government departments/agencies have a legal right to access our records and such enquiries are correctly made, we will supply such authorities with the information they require.

 

Do we share your information with Third Parties?

We would only share personally identifiable information with third parties not already covered by this notice if:

    • You agree to us sharing this information.
    • We are forced to bring legal actions against a subscriber who has breached our user agreement.
    • We sell, assign or transfer all or part of SMAS Worksafe and the services it provides, providing your personal information is sold, assigned, or transferred only to the acquirer as part of such a transaction.
    • They are providing services to SMAS Worksafe. Such third parties are limited in their rights to use such information only for the provision of these services.
    • They are affiliates subject to privacy policies that protect your personally identifiable information from disclosure are comparable to this privacy policy.

 

How long do we retain your information?

Personal information for enquiries is stored for 12 months from the point of initial expression of interest. At the end of the 12-month storage period this data is anonymised and retained indefinitely for the following purpose of continuing to display company only information to Main Contractors who use the SMAS Contractor Portal to find and invite suppliers to tender. At this time only company related information will be presented.

SMAS will hold personal information relating to member accounts for an undefined period unless we receive specific request from the individual for this information to be removed. No company information is removed but personal information will be anonymised.

Personal information included in assessment materials submitted as evidence for our assessment will be held securely for internal SMAS reference ONLY for up to 24 months from the point of assessment. SMAS hold this information for auditing purposes and due to the serious nature of our H&S assessment. Material submitted by an employer can be held longer than the 24-month period if explicitly chosen by the company to reapplying for membership upon expiry.

Once your data is no longer required it shall be deleted.

 

Call Privacy

We record all incoming and outgoing calls for contractual and training purposes.

 

Your rights

You have various rights in respect of the personal information SMAS Worksafe holds about you – these are set out in more detail below. If you wish to exercise any of these rights, you can do so by contacting our Data Protection Officer at privacy@smasltd.com. Please note that you will need to provide SMAS Worksafe with evidence of your identity for us to complete you request.

You have the right to: –

Request access to your personal information: You can ask us to provide you with a copy of the personal information that SMAS Worksafe holds about you.

Request correction: You can ask us to change or complete any inaccurate or incomplete personal information held about you.

Request erasure: You can ask us to delete your personal information where SMAS Worksafe has no lawful basis for keeping it.

Right to object: You can object to us processing your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

Request restriction: You can ask us to restrict our use of your personal information in the following circumstances: –

    • If you want us to establish the data’s accuracy.
    • Where our use of the data is unlawful, but you do not want the data to be erased.
    • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
    • If you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request transfer: You can ask us to provide you or a third party with some of the personal information that e hold about you in a structured, commonly used, electronic form, so it can be easily transferred.

Withdraw consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

SMAS Worksafe tries to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex, or you have made several requests. In this case, we will notify you and keep you updated.

 

Contact information

If you have any queries concerning this policy, please email privacy@smasltd.com or call us on 01752697370. We endeavour to acknowledge all requests within 1 working day.

SMAS Worksafe tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading, or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It may not provide exhaustive detail of all aspects of SMAS Worksafe’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below:

Safety Management Advisory Services Ltd.
Office 44b
Estover Close
Forresters Business Park
Plymouth
Devon
PL6 7PL

Or you can email us at privacy@smasltd.com

If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns

 

Policy changes

SMAS Worksafe reserves the right to change its privacy policies at any time. This policy was last reviewed on the 20th of January 2022.