Privacy Policy

This Data Protection Statement provides information about the ways in which the Health and Safety Authority collects, stores and uses personal data relating to individuals (data subjects). This Data Protection Statement relates to personal data received by the Health and Safety Authority where data subjects contact, or request information from the Health and Safety Authority directly, and also personal data received by the Health and Safety Authority indirectly, and as set out below. Health and Safety Authority Who we are The Authority has a number of major roles; The Authority has responsibility for ensuring that workers (employed and self-employed) and those affected by work activity are protected from work related injury and ill-health. We do this by enforcing occupational health and safety law, promoting accident prevention, and providing information and advice across all sectors. The Authority is the lead National Competent Authority for a number chemical regulations including REACH (Registration, Evaluation, Authorisation and Restriction of Chemicals) Regulation and Seveso II Directive. Our responsibility in this area is to protect human health (general public, consumers and workers) and the environment, to enhance competitiveness and innovation and ensure free movement of chemicals in the EU market. The Authority is also a key agency involved in market surveillance and ensuring the safety of products used in workplaces and consumer applications. INAB, a Committee of the Health and Safety Authority is the national body with responsibility for the accreditation of laboratories, certification bodies and inspection bodies. Controller contact details The Health and Safety Authority, is the controller for the personal data it processes. You can contact the Health and Safety Authority in a number of ways, which are set out on the contact page of our website. DPO contact details In accordance with Article 37 of the GDPR, the Health and Safety Authority has appointed a Data Protection Officer. If you wish to contact our Data Protection Officer in relation to the processing of your personal data by the Health and Safety Authority, you can do so by e-mailing Purpose of Processing By The Health and Safety Authority The Health and Safety Authority processes personal data for a number of different purposes, which arise from its statutory powers, functions and duties. The Health and Safety Authority’s statutory powers, functions and duties derive from varies pieces of legislation pertaining to health, safety and welfare at work, chemical safety, dangerous goods transport and market surveillance. There are a wide range of activities that fall under our remit including: Promotion of good standards of health and safety at work; Inspection of all places of work and monitoring of compliance with health and safety laws; Investigation of serious accidents, causes of ill health and complaints; Undertaking and sponsoring research on health and safety at work; Developing and publishing codes of practice, guidance and information documents; Providing an information service during office hours; Developing new laws and standards on health and safety at work Some examples of the purposes for which the Health and Safety Authority may collect personal data in accordance with its functions are: Complaint handling - including personal data received from a data subject directly where the data subject makes a complaint to the Health and Safety Authority; personal data relating to a data subject received by the Health and Safety Authority from an a duty-holder such as an employer about which the Authority has received a complaint; and personal data relating to a data subject received by the Health and Safety Authority from a complainant. Inquiries and investigations - including personal data received from data subjects directly; and personal data received from a duty-holder eg an employer, which is the subject of an inquiry or investigation. This will also include personal data received by the Health and Safety Authority in its role as a ‘competent authority’ under Part 5 of the 2018 Act (‘Processing of Personal Data for Law Enforcement Purposes’). Recording of Incident Report Forms and Dangerous Occurrence notifications and other statutory notifications required under various pieces of legislation for which the Authority is the enforcing body. Taking enforcement action, where necessary; Taking prosecution action, where necessary; Promoting awareness and providing information to employers, duty-holders; members of the public and students in relation to safety, health and welfare guidance and legislation; Service providers and suppliers – including personal data obtained from service providers or suppliers engaged by the Health and Safety Authority; Job applications – including personal data received from persons applying for roles within the Health and Safety Authority; and Conferences and events – including personal data relating to attendees at conferences and events organised by the Health and Safety Authority. What Personal Data Does The Health and Safety Authority Process? Personal data As set out above, the Health and Safety Authority processes personal data. This includes, as set out above, personal data received by the Health and Safety Authority where data subjects contact, or request information from, the Health and Safety Authority directly, and personal data received by the Health and Safety Authority indirectly. The personal data that we process includes (i) basic personal information, such as a data subject’s name / surname; date of birth; employment information; (ii) contact information, such as a data subject’s postal address, email address and phone number(s); and (iii) any other personal data that is provided to the Health and Safety Authority during the course of the performance of its functions. Incident investigation can result in details including qualifications, training, employment status, pay slip, and injuries being processing, further details can be found on the inspection and investigation privacy statement. Special category data The Health and Safety Authority also processes special category data. This data may be provided to us as part of a complaint or incident investigation. Such special category data may include personal data relating to trade union membership or data concerning health. Data relating to criminal convictions and offences In the course of performing its functions, the Health and Safety Authority also occasionally processes personal data relating to criminal convictions and offences. How Does The Health and Safety Authority Collect Personal Data? Phone Calls: The Health and Safety Authority does not audio record or retain audio recordings of phone conversations except for phone calls to the HSA Contact Centre, low call number. These recordings are retained for 6 weeks. The calls are recorded for the purpose of training and quality and for verifying information relating to complaints received. Phone calls to direct dial numbers are not recorded. Outgoing phone calls are not recorded. Where an individual contacts the Health and Safety Authority by phone, caller numbers are automatically stored on the recipient phone in the Health and Safety Authority for a limited period of time in a list of inbound and outbound calls. All calls to the Contact Centre or calls made in relation to enforcement or inspection activities are logged on our internal database. During the course of dealing with a query, complaint or other matter, the Health and Safety Authority may record personal data received by it during the course of phone calls in the form of notes or a summary of the call may be entered on our GeoSMART database.