A woman with her back to the camera delivers a speech to three other females

Privacy notice for Health & Safety

This Privacy Notice provides essential information about how Buckinghamshire New University (BNU or the University) handles your personal data and the rights you have in relation to how we use your data.

BNU is a registered data controller and is responsible for looking after the personal data that you provide to us. We are committed to complying with the data protection principles set out in the Data Protection Act 2018 in a clear and transparent way.

If you have any concerns with regards to the way your personal data is being processed or have a query with regard to this Notice, please contact the Data Protection Officer at dpofficer@bnu.ac.uk

Purpose of this notice

This privacy notice explains when and why we collect personal information about you when you report an accident or near miss to Buckinghamshire New University and how we will use this information including the ways we might share this with others. It also explains how we keep your information secure and the rights you have in relation to the information we hold about you.

Data collected when an accident or near miss occurs will be used for the purposes to log, investigate and conduct follow up activities relating to accidents, to assist with ensuring the health, safety and welfare of our staff, students and visitors, to assist with assessing and controlling risks to protect our staff and to report specific health and safety incidents to the Health and Safety Executive (HSE), which meet the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR) Health and Safety Executive reporting requirements.

Why do we collect and process your personal data?

We collect and use your information for the following purposes:

Purpose 1: Report specific health and safety incidents to the HSE.

We collect and use your information to:

appropriately report specific health and safety incidents to the Health and Safety Executive (HSE), which meet the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR) Health and Safety Executive reporting requirements.

Purpose 2: Log, investigate and conduct follow up activities relating to accidents.

We collect and use your information to:

log, investigate and conduct follow up activities relating to accidents, to assist with ensuring the health, safety and welfare of our staff, students and visitors
log, investigate and conduct follow up activities relating to accidents, to assist with assessing and controlling risks to protect our staff.

Purpose 3: Log, investigate and conduct follow up activities relating to near misses.

We collect and use your information to:

log, investigate and conduct follow up activities associated with health and safety ‘near miss’ incidents not meeting the RIDDOR requirements.

What is the legal basis for processing your data?

The legal bases that we use in order to legally process the information you provide to us is:

Legal Obligation Article 6 (1)(c). The processing is necessary for compliance with a legal obligation. This includes the Workplace (Health, Safety and Welfare) Regulations 1992, the Management of Health and Safety at Work Regulations 1999 and RIDDOR. This legal basis will be used to achieve the following purposes:

Purpose 1: Report specific health and safety incidents to the HSE
Purpose 2: Log, investigate and conduct follow up activities relating to accidents.

Legitimate Interest Article 6 (1)(f). BNU will process your personal data as necessary for the purposes of the legitimate interests pursued by the controller. The legitimate interest is to appropriately investigate near miss incidents and to take appropriate follow up action to keep our students, staff and visitors safe.

Purpose 3: Log, investigate and conduct follow up activities relating to near misses.

Special Category Data

The data being used includes special category data. Our legal reasons for using this special category data, where you provide it to us, are:

Purpose 1: Report specific health and safety incidents to the HSE.

BNU will provide special category data to the HSE, which meet the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR) Health and Safety Executive reporting requirements.

Purpose 2: Log, investigate and conduct follow up activities relating to accidents

As necessary for compliance with the Workplace (Health, Safety and Welfare) Regulations 1992 or compliance with the Management of Health and Safety at Work Regulations 1999 as required.

What categories of personal data do we collect and process?

Data collected after an accident, incident or near miss will be used for the purposes of logging, investigating and conducting follow up activities as necessary. Personal data may also be provided by third party witnesses to an accident, incident or near misses.

The personal information we collect includes:

personal contact details, including address, email, and telephone numbers (including third party individuals)
job title (if applicable)
age
role
incident Details

We also ask for some ‘special category data’. This is personal information which is more sensitive. We will ask you about:

gender
health (description of injury, etc.)

This allows us to log, investigate and conduct follow up activities where an accident, incident or near miss has occurred and to report these (where necessary) to the appropriate authorities and to be compliant with Health and Safety legislation.

Where do we get your personal data from?

Most of the information above will have been provided by you and will have been collected through the health and safety incident reporting process. Other information may be added to an incident report as it is provided by third party witnesses or is ascertained during the process itself.

The above lists are not exhaustive but are indicative of the main types of personal information processed by the University about you should you have or witness an accident, incident or near miss.

Who might we share your data with?

Your personal information will be shared with the organisations listed below. Any information will be disclosed in accordance with the provisions and obligations of the Data Protection Act. Please note this is not an exhaustive list and your data may also be shared in accordance with the wider university privacy notices which can be accessed here.

Disclosure to	Details
Central and Local Government Departments	We may share your data with the following public bodies to fulfil our statutory or legal obligations: the Health and Safety Executive (HSE), which meet the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR), potentially other such organisations for defined purposes.
University Insurance Broker	We will share your data with relevant people as part of the evidence in relation to a legal claim made in relation to an accident or incident.
Occupational Health Provider	We will share your data with the It may also be shared with relevant people as part of the evidence in relation to a referral for Occupational Health support.
Third Party Software Suppliers	Limited personal data will, or may, be shared with contracted third parties to enable the provision of services for the purpose of maintaining health and safety records. This includes: Microsoft 365 software including email, Teams and other Microsoft 365 systems. Other systems suppliers who provide software services to and on behalf of the University. In all cases, data will only be shared in accordance with data protection legislation.

How long do we keep your personal data for?

Your data will be retained in the university Health and Safety records system in accordance with the Records Lifecycle Management Scheme; a summary of which can be accessed at https://bnu.ac.uk/policies.

What are your rights as a data subject?

The following rights apply to the personal data collected in this notice. Please contact dpofficer@bnu.ac.uk if you wish to exercise your rights:

Right of access to confirmation of processing and copies of your personal data
Right to rectification if personal data we hold about you is incorrect
Right to restrict processing of your personal data
Right to complain to the Information Commissioner’s Office about how we handle your data.

In some circumstances you also have the following rights:

Right to object to our processing of your personal data
Right to request erasure of your personal data (deletion)
Right to data portability

What should you do if you have concerns about the way we process your personal data?

If you have any concerns with regards to the way your personal data is being processed or have a query about this Notice, you can contact the Data Protection Officer directly by email dpofficer@bnu.ac.uk or by post.

Data Protection Officer

Buckinghamshire New University

Queen Alexandra Road

High Wycombe

Buckinghamshire HP11 2JZ

If you remain unhappy with any aspect of the way your personal data is being processed then we ask that you discuss this with us first, however if you remain dissatisfied then you have the right to complain to the Information Commissioners Office:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

https://ico.org.uk

BNU is registered as a controller with the Information Commissioner’s Office. Our registration number is: Z772474X

Changes to our privacy notices

This privacy notice will be reviewed on an annual basis or revised more frequently if necessary.

This notice was last reviewed on 23 August 2023.