Frequently Asked Questions

Including the General Data Protection Regulation

HSfB's Approach to Protecting your Privacy

We are committed to protecting the privacy of our customers and website users. Our relationship with you is valuable and we understand the importance you place on your privacy and security.

We collect the following information from registered users of our Discussion Forums:

  • Upon first registration - your username; email address; a non-readable encrypted version of your password; your Internet Protocol (IP) address
  • Optional user added profile information viewable in the public domain - your age by year, not day/month; social networking sites - Twitter, Facebook, Blog, LinkedIn, ICQ, Yahoo Messenger, Skype, Google+, YouTube channel; your industry sector; your interests; your occupation; your location
  • Time and date of first registration
  • Time and date of the last time you are active on the forums
  • Any custom avatar / profile image you upload

We collect the following information from registered users of the main website:

  • You may register with social networks you use, including Facebook, Google+, LinkedIn and Twitter. We will receive basic information to do so which will be your profile name, associated profile email address, associated profile picture / image
  • The 'name' you provide in the 'name' field of the registration form
  • Your username
  • Email address
  • A non-readable encrypted version of your password
  • Your Internet Protocol (IP) address
  • Optional user added profile information viewable in the public domain - your city; your country; your website; 'about me' information you give
  • Date of first registration
  • Last visited date

In addition to information from registered main website users detailed above, the use of our Business Directory and Advertising Software may also collect the following:

  • Business name
  • Business address
  • Business telephone number
  • VAT number
  • Business opening hours
  • Social network pages (optional entry): Facebook; Twitter; Google+; LinkedIn; Skype; YouTube; Instagram; Pinterest
  • Business logo
  • We DO NOT collect credit or debit card details for any transaction. All transactions are processed via PayPal

We may collect the following information from you if you enter any of our prize draw competitions:

  • Your name
  • Email address
  • Internet Protocol (IP) address
  • Telephone number
  • Home address

We collect your email address if you register for any of our newsletter emails. We will never sell, give or trade your email address to any third party without your explicit consent.

Please be assured that whether you have previously opted-in to any of our newsletters, or you are about to, our consent processes have always been GDPR compliant. Regardless, we have reviewed our processes just to double check we meet all obligations under the GDPR, and we do.

 

on Saturday April 28 by John Johnston

We will never sell, give or trade any information we hold about you.

If ever your information is needed by a third party to process prizes they have donated such as educational training courses, books, etc., the minimal information will only be shared with your explicit consent which will be made clear prior to your entry into any competition.

Registered users of the main website and/or the Discussion Forums may receive emails from us with vital important information regarding member accounts or web site changes affecting your accounts.

Registered users of the HSfB Noticeboard Newsletter may receive additional announcements about products, services, special deals, prize draws. These will either be announcements specific to HSfB or where we have negotiated special deals and offers of benefit to you and our site users.

We may disclose your personally identifiable information if we are obliged to under law, to enforce our terms and conditions of use or for the purposes of fraud protection and credit risk reduction.

on Saturday April 28 by John Johnston

Located at the foot of every single page of our web sites.

Also via this link - https://www.healthandsafetytips.co.uk/privacy-policy

on Saturday April 28 by John Johnston

The GDPR provides the following rights for individuals:

  1. The right to be informed about the collection and use of your personal data
  2. The right of access to your personal data and supplementary information. You also have the right to be aware of and verify the lawfulness of the processing of your data
  3. The right to rectification of inaccurate personal data or to have incomplete data completed
  4. The right to request erasure of your personal data, also known as 'the right to be forgotten'
  5. The right to request the restriction or suppression of your personal data
  6. The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services
  7. The right to object to:
    1. processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
    2. direct marketing (including profiling); and
    3. processing for purposes of scientific/historical research and statistics
  8. Rights in relation to automated decision making and profiling
    1. automated individual decision-making (making a decision solely by automated means without any human involvement); and
    2. profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process
on Saturday April 28 by John Johnston

You have the right to request access to your personal data and supplementary information.

You have the right to be aware of and verify the lawfulness of how we process your data.

You can request access to your data by contacting the owner of this website, John Johnston, using any of these methods:

John will take you through the process and will provide your data without delay and at the latest within one month of receipt of your request.

Your request for a copy and receipt of information is free of charge. There are exceptions, but this is generally based on excessive requirements.

on Saturday April 28 by John Johnston

Newsletter

When signing up for our newsletter, you are required to enter your email address and select at least one information stream, then click the submit button. You are also required to click on the confirmation link in the separate confirmation email you will be sent. This is known as 'double opt-in'.

The lawful basis for processing your data like this is Consent.

 

Web site registration

When registering on the main website, you are required to enter a name, username, password and email address. You are also required to click on the Captcha 'I'm not a robot' button. These are mandatory fields. You have the option of entering additional details about yourself, city, country, website, about me. These fields will be visible in the public domain.

The lawful basis for processing your data like this is Consent.

 

Discussion Forums registration

The Discussion Forums software is based on the open source phpBB platform. The Forums require a separate registration to the main site. The process begins with the mandatory requirement to agree with the terms and conditions before you begin. Clicking 'I do not agree' will end the process.

Mandatory information consists of a username, email address and password only. You are also required to click on the Captcha 'I'm not a robot' button. The registration process is completed only when you click on the confirmation link in the confirmation email you will be sent. This is known as 'double opt-in'.

The lawful basis for processing your data like this is Consent.

on Saturday April 28 by John Johnston

The GDPR requires all organisations to report certain types of personal data breach to the appropriate authorities, for the UK it's the Information Commissioner's Office (ICO). This must be done within 72 hours of becoming aware of the breach.

If any breach is likely to adversely affect your individual rights and freedoms, we will inform you without delay and will provide advice on the best course of action to take.

All breaches will be recorded and maintained in line with our record retention policy even if they don't need to be reported to the ICO.

A personal data breach may include:

  • access by an unauthorised third party;
  • deliberate or accidental action (or inaction) by a controller (HSfB) or processor;
  • sending personal data to an incorrect recipient;
  • computing devices containing personal data being lost or stolen;
  • alteration of personal data without permission; and
  • loss of availability of personal data.

A personal data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable, for example, when it has been encrypted by ransomware, or accidentally lost or destroyed.

on Saturday April 28 by John Johnston

We are not required to appoint a data protection officer.

on Saturday April 28 by John Johnston

The GDPR does not define security measures which should be implemented, but it does require a level of security appropriate to the risks faced by how we process your data.

We believe we have robust security measures in place to minimise the risks, including:

  • Updating all software under our control used to operate and manage HSfB immediately and with urgency
  • Up-to-date firewall and anti-virus software for all of our electronic devices used to operate HSfB
  • We use a reputable web hosting company who use state of the art security technology
  • All of our web site software platforms are designed with security in mind and where possible, we will utilise additional security addons, third party security software, various extensions, plugins, tools and techniques based on best practice
  • All password data on the main site user accounts and on the Discussion Forums is fully encrypted with state of the art technology. HSfB cannot access unencrypted data by default
on Saturday April 28 by John Johnston

We have reviewed our data collection and use activities and have selected the most appropriate 'lawful basis' for each of them.

There are six available 'lawful bases' set out by the GDPR to achieve this, which are:

  1. Consent - this requires a positive opt-in from you. For example, if you have signed up for our newsletter, you were required to enter your email address, select at least one information stream and click the submit button. You were also required to click on the confirmation link in the separate confirmation email you would have been sent. This is known as 'double opt-in'.
  2. Contract - for example, buying advertising space on HSfB will enter us into a contract where personal data may be required to fulfil that contract.
  3. Legal obligation - this is unlikely to be applicable for any of our activities. An example of where it may be necessary would be under court order for us to process data for enforcement authorities.
  4. Vital interests - another unlikely application for HSfB as the basis for processing your data here would be to protect somebody's life.
  5. Public task - mostly relevant to public authorities and another unlikely application for HSfB's activities.
  6. Legitimate interests - this is the basis for the majority of our data processing activities. For example, we have a legitimate interest in sharing useful health and safety downloads, blog articles, social media topics and a discussion forum for our industry sector. Our visitors have a legitimate interest in these areas and are unlikely to be surprised by the collection of some personal information to achieve a good user experience.

We will always clearly identify on what lawful basis we will be processing your information before we start to process it.

There are additional obligations on companies wishing to process more sensitive data contained within the 'special category' and 'criminal offence' data category. We do not process data for any of these types of sensitive data.

Full details can be found on the Information Commissioner's Office website.

on Saturday April 28 by John Johnston

We do not actively market to children; however, we always operate within the guidelines and research of various online Government agencies and charity organisations with regards to children.

This means that HSfB commits to ensuring the content provided on this website is free from anything that may upset or offend children and gives some control to parents on what their children view on the internet.

The internet can sometimes be a very unpleasant place to be, but we aim to make it safe for all.

Discussion Forums - our volunteer Moderator team will actively monitor all conversations with the following in mind.

  • Rude jokes will be edited or removed with the poster being notified and reminded of our guidelines
  • Rude pictures will not be tolerated - warnings or a ban may be issued by the Moderator team if felt appropriate
  • Swearing will be edited or substituted using the forum's built in swear filter

The swear filter does not always pick up every swear word, especially words people try to bypass the swear filter by adding characters in place of the middle letters of words, i.e. *%$^. If a word looks like a swear word, it will be edited.

HSfB strives to ensure this site contains NONE of the following:

Nudity and sexual material
• No nudity or sexual material

Violence
• No violence

Language
• No potentially offensive language

Other topics
• At the discretion of the Administrators or Moderators

Chat
• Moderated chat suitable for children and teens

 

on Saturday April 28 by John Johnston