Privacy Policy
Updated: 29 March, 2021
Privacy Policy
Data Controller
Logincident Limited (we/us) is a company registered in England under company registration number 08225133 and having its registered office address at 14 Bell Villas, Ponteland, Newcastle Upon Tyne, England, NE20 9BE.
Definitions
Privacy Notice
Data Controller
Logincident Limited (we/us) is a company registered in England under company registration number 08225133 and having its registered office address at 14 Bell Villas, Ponteland, Newcastle Upon Tyne, England, NE20 9BE.
Definitions
| Anonymous Incident Data | The internet protocol address of the device (and any access code associated with the device) used to upload an anonymous incident report in relation to a ‘near miss’ to one of our applications. |
| Candidate Data | Work history, experience, qualifications, job title, information about disabilities and health conditions if provided, all in relation to candidates for employment. |
| Controller | The person or organisation which determines the purposes and means of the processing of Personal Data. |
| Contact Data | Names, addresses, email addresses, telephone numbers, facsimile numbers, job title, organisation, excluding Customer Data. |
| Customer Data | Personal Data relating to injuries, accidents and ‘near misses’ which is uploaded to our applications provided on a software-as-a-service basis by users authorised for the purpose by our customers, excluding internet protocol addresses and access codes associated with near misses which are reported on an anonymous basis. |
| Data Subject | The individual who is identified by or identifiable from Personal Data. |
| Shareholder Data | Personal Data relating to our members and prospective members and their representatives, beneficial owners of shares held by nominees and persons controlling corporate members, including the Personal Data required to be processed in relation to members and persons with significant control under the Companies Act 2006. |
| GDPR | The General Data Protection Regulation (2016/679), which is available at: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32016R0679 |
| Marketing Data | Records of marketing preferences and requests not to process Personal Data for marketing purposes. |
| Personal Data | Any information relating to an identified or identifiable natural person. |
| Processor | A person or organisation which processes Personal Data on behalf of the Controller. |
| Services Data | Personal Data we process relating to the purchase, sale and delivery of products and services, excluding Customer Data. |
| Special Categories of Personal Data | Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. |
| Website Data | IP addresses and cookie identifiers in relation to cookies served by our website at Logincident.com and all associated internet log and usage information. |
About this document
This Privacy Notice:
●Takes effect from 25 May 2018 and was last reviewed at the date stated at the end.
●Is directed to all individuals whose Personal Data we process as Controller other than our employees, workers, volunteers and officers
●Applies to Personal Data collected by whatever means including without limit through our websites and during download and use of our apps
●Does not apply to Customer Data. We process Customer Data as Processor in accordance with our customer agreement.
●Sets out information about how we collect Personal Data, the categories of Personal Data we collect, the purpose for which we process Personal Data, the legal basis for this processing, our legitimate interests in processing, how we share Personal Data and the rights of Data Subjects whose Personal Data we process
●May be updated from time to time. Please check our website for the latest version
On occasion we may also provide more detailed processing information to a Data Subject in a separate privacy notice. Where we do so, that information will prevail over the information in this document.
How we collect Personal Data
We collect Personal Data in the following main ways:
●When receiving referrals of business
●Through website contact forms and direct emails from people making enquiries with us
- During the download and use of our apps
●When communicating with customers and suppliers by telephone, in person or by email
●When viewing or downloading information available in the public domain
●Automatically using cookies on our website
●During recruitment processes and when taking up external references
- Using social media
- During investment rounds and when communicating with our members
Categories of Data Subject
We process Personal Data in relation to representatives of our clients and suppliers as well as third parties, including the following:
●Representatives of customers and prospective customers
●Business contacts
●Candidates for employment
●Suppliers and representatives of our suppliers
●Visitors to our website
●Visitors to our premises
- Members and prospective members of our company, beneficial owners of shares
held by nominees and persons controlling corporate members.
●Delegates at events we organise
Types of Personal Data we Process as Controller.
We process the following main categories of Personal Data as Controller:
●Anonymous Incident Data
- Candidate Data
●Contact Data
●Services Data
●Marketing Data
- Shareholder Data
- Website Data
Purpose of Processing
We process the following Special Categories of Personal Data and Personal Data relating to criminal convictions as Controller where this is included in Candidate Data.
We process Personal Data for the purpose of providing marketing of our services, administrating our business and recruitment, more detail is set out below:
| Purpose | Categories of Personal Data affected |
| To provide technology products and services to our customers | Contact Data, Services Data, Anonymous Incident Data, Shareholder Data |
| To improve our products and services | Contact Data, Services Data |
| To solicit and receive services. | Contact Data, Services Data |
| Administrative purposes, including record keeping, complaints management, service renewals. | Contact Data, Services Data, Anonymous Incident Data |
| To defend against legal claims which may be made against us or our officers, employees or workers. | All Personal Data we process as Controller. |
| To comply with legal obligations | All Personal Data we process as Controller. |
| To enforce our legal rights | All Personal Data we process as Controller (other than Special Categories of Personal Data) |
| Relationship management and direct marketing purposes | Contact Data, Marketing Data |
| To ensure the continuity of our business following a reorganisation or transfer to a successor | All Personal Data we process as Controller |
| To introduce customers and contacts to providers of services we do not offer. | Contact Data |
| To keep a record of your request not to receive marketing information from us. | Contact Data, Marketing Data |
| To assess a Candidate’s suitability for a position within our business | Contact Data, Candidate Data |
| Monitoring usage of our website to access the success of marketing activities and to improve our website. | Website Data |
| To communicate with existing and prospective members and persons with significant control in relation to existing and future investment and transactions | Shareholder Data |
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us using the contact information at the end of this document.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Lawful basis for processing
We only process Personal Data where we have a lawful basis for doing so.
Personal Data other than Special Categories of Personal Data and Personal Data relating to criminal convictions.
We will process Personal Data where processing is necessary for compliance with a legal obligation.
We rely or also rely upon our legitimate interests in processing as set out below.
| Legitimate interest | Categories of Personal Data affected |
| Providing technology products and services to our customers | Contact Data, Services Data, Anonymous Incident Data |
| Improving our products and services | Contact Data, Services Data |
| Soliciting and receiving services | Contact Data, Services Data |
| Administrative purposes, including record keeping, complaints management, service renewals. | Contact Data, Services Data, Anonymous Incident Data |
| Defending against legal claims which may be made against us or our officers, employees or workers. | All Personal Data we process as Controller. |
| Enforcing our legal rights | All Personal Data we process as Controller (other than Special Categories of Personal Data) |
| Relationship management and direct marketing purposes | Contact Data, Marketing Data |
| Ensuring the continuity of our business following a reorganisation or transfer to a successor | All Personal Data we process as Controller |
| Introducing customers and contacts to providers of services we do not offer. | Contact Data |
| Keeping a record of any request not to receive marketing information from us. | Contact Data, Marketing Data |
| RecruitmentMonitoring usage of our website to assess the success of marketing and to improve our website. | Contact Data, Candidate DataWebsite Data |
| Communicating with existing and prospective members and persons with significant control in relation to existing and future investments and transactions | Shareholder Data |
Special Categories of Personal Data and Personal Data relating to Criminal Convictions.
We will process Special Categories of Personal Data and Personal Data on the lawful bases set out below:
| Lawful basis | Personal Data affected |
| Processing is necessary to comply with obligations arising under employment law; processing is necessary for the legitimate purpose of defending legal claims which may be made against us or our officers, employees or workers. | Special Categories of Personal Data or Personal Data relating to criminal convictions included within Candidate Data |
Retention periods
We will retain your Personal Data only for as long as is necessary to achieve the purposes (or any compatible purposes) for which it is processed unless you have asked us to retain the Personal Data for a longer period. The retention period applying to Personal Data will depend upon the applicable legal and regulatory requirements, which may change over time, and also upon events occurring after the time of collection, such as the occurrence of a legal claim or the exercise of a data subject right (such as the right to request that we do not use your Personal Data for marketing purposes).
We will delete Anonymous Incident Data when we delete the Customer Data associated with the same account.
Automated Decision making
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We do not envisage that any decisions will be taken about you using solely automated means. We will notify you in writing if this position changes.
Transfers outside of the UK or the European Economic Area (EEA)
We transfer or may transfer Personal Data outside the UK or the EEA where this is necessary for the performance of our technology services, is part of our secure business processes or if the Personal Data is Website Technical Data, where any of the following apply:
●The transfer is made to a country which has been determined by the UK to provide appropriate safeguards for the rights of Data Subjects
●The transfer is made on the basis of standard contractual clauses
●The transfer is lawful on any other basis provided for under the GDPR
Recipients of Personal Data
We transfer or may transfer Personal Data to the following recipients:
| Recipient or category of recipient | Categories of Personal Data affected |
| Our group companies (meaning all companies under the control of the same ultimate parent company) and their officers and employees. | All of the Personal Data we process as Controller (excluding Special Categories of Personal Data) |
| Our officers and employees | All Personal Data we process as Controller |
| Our customers | Contact Data |
| Providers of services to us, including providers of outsourced services, insurance brokers, insurers, accountants, auditors, lawyers and other professional advisers. | All Personal Data we process as Controller |
| Providers of independent quality assurance and certification marks | All Personal Data as Controller (excluding Special Categories of Personal Data) |
| A customer’s other suppliers | Contact Data, Service Data |
| Courts and tribunals | All Personal Data we process as Controller. |
| Business contacts | Contact Data |
| Law Enforcement Agencies | All Personal Data we process as Controller |
| Awards bodies | Contact Data, Services Data provided that permission has been given by the customer. |
| Media organisations and/or the public | Contact Data (limited to name, job title and organisation), Services Data provided that permission has been given by the customer. |
| The Registrar of Companies | Shareholder Data |
| Successors in title to our business(es) | All Personal Data we process as Controller. |
We use Google Analytics to collect Online Data at our website. This involves the transfer of Online Data to Google as a data processor. Under the terms of service of Google Analytics, we are required to draw your attention to the document ‘How Google use data when you use our partners’ sites or apps’ which is available on the following link:
https://policies.google.com/technologies/partner-sites?hi=en-GB&gl=uk
Your legal rights
You have the right to:
Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Complain to the supervisory authority in connection with our processing of your Personal Data. You can exercise this right by contacting the Information Commissioner’s Office at https://ico.org.uk/.
Security
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know.
Our websites may contain links to other websites of interest. However, once you have used one of these links to leave our website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Notice. You should exercise caution and look at the privacy notice applicable to the website in question.
Contact us
If you have any questions about our processing of Personal Data or would like to exercise one of your legal rights, please contact Gary Davison at our registered address or on gwd@logincident.com
Guidance on data protection law is available from the Information Commissioner’s Office at https://ico.org.uk/.
29th March 2021