Data Protection Policy

Version 1.0 — 27 March 2026

1. Purpose

This policy sets out how SiteSafely collects, uses, stores and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to ensuring that all personal data is handled lawfully, fairly, and securely.

2. Scope

This policy applies to:

  • Employees
  • Contractors and subcontractors
  • Site workers
  • Any third parties whose personal data we process

3. What Data We Collect

We collect only the minimum personal data necessary to manage site safety and compliance. This may include:

  • Name
  • Telephone number
  • Employer/company name
  • Signature (digital or written)
  • Confirmation of having read and understood RAMS / H&S procedures

We do not intentionally collect sensitive personal data unless required by law or for safety reasons.

4. Purpose of Processing

We collect and process personal data for the following purposes:

  • Recording worker acknowledgement of health & safety procedures
  • Managing site access and compliance
  • Maintaining safety records for audit and legal purposes
  • Communicating urgent site or safety information

5. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Legal obligation – to comply with health and safety legislation
  • Legitimate interests – to ensure safe operation of our construction sites
  • Contractual necessity – where applicable to subcontractor agreements

6. Data Minimisation

We only collect data that is relevant, necessary, and limited to what is required for safety and compliance. We do not collect excessive or unnecessary personal information.

7. Data Storage and Security

Personal data is stored securely using approved digital systems, password-protected devices and accounts, and access controls limiting data to authorised personnel only. We take reasonable technical and organisational measures to prevent unauthorised access, loss or theft, and misuse of data.

8. Data Retention

We retain personal data only for as long as necessary.

  • Health & safety records are retained for 7 years (or longer where required for legal compliance)

After this period, data is securely deleted or anonymised.

9. Data Sharing

We do not sell or share personal data unnecessarily. Data may be shared with:

  • Regulatory authorities (e.g. HSE)
  • Professional advisors (e.g. insurers, legal advisors)
  • Software providers (acting as data processors)

All third parties are required to handle data securely and in accordance with data protection laws.

10. Data Subject Rights

Individuals have the right to:

  • Access their personal data
  • Request correction of inaccurate data
  • Request deletion (where applicable)
  • Object to processing
  • Lodge a complaint with the Information Commissioner's Office (ICO)

Requests should be made to: sales@sitesafely.com

11. Data Breaches

Any data breach must be reported immediately to: alex@sitesafely.com We will investigate the breach, take corrective action, and notify the ICO where required.

12. Responsibilities

The company is responsible for ensuring compliance with data protection laws, training staff where appropriate, and reviewing this policy regularly. All staff and contractors must handle personal data responsibly and report any concerns or breaches.

13. Contact

For any data protection queries, contact: SiteSafely sales@sitesafely.com

14. Policy Review

This policy will be reviewed annually or when there are significant changes to legislation or business operations.