Home » Privacy Notice for External Contacts and Service Users

Privacy Notice for External Contacts and Service Users

This Privacy Notice explains how Health Matters (Health & Safety) Ltd, trading as Health Matters Training, collects, uses, stores, and protects your personal data. It applies to all personal information collected or submitted through our website, over the phone, via webchat, social media, messenger services, email, or through hard copy forms such as sign-in or registration sheets.

1. Who We Are

Health Matters (Health & Safety) Ltd is the Data Controller of your personal data.

  • Registered Office: 11 Monaghan Court, Monaghan Street, Newry, BT35 6BH
  • Email: [email protected]
  • Phone: 028 3025 6484

We have a designated Data Protection Officer. Any data protection queries should be directed to ‘The Data Protection Officer’ using the above contact details.

2. What Information We Collect

The personal data we collect depends on your interaction with us and may include:

  • Name
  • Address
  • Email address
  • Phone number
  • Date of birth
  • National Insurance number
  • Payment information
  • Educational and employment background
  • Comments and feedback
  • Cookie and browsing information

We do not use your data for automated decision-making or profiling.

3. How We Collect Your Data

Website Forms

  • Used to collect name, contact details, and enquiries.
  • Legal basis: Consent.

Cookies

  • Used to monitor website performance and user behaviour (non-personal).
  • Legal basis: Consent (via cookie banner).
  • Users may disable cookies through their browser settings.

Live Webchat

  • Users may optionally provide name, email, and phone number.
  • Transcripts may be requested during the session.
  • Legal basis: Consent.

Email

  • Used for legitimate interests, including service delivery and responding to enquiries.
  • Emails may be viewed by third parties (e.g., awarding bodies).
  • Legal basis: Legitimate interest or contractual obligation.

Telephone

  • Calls are not recorded, but we may take notes for service delivery.
  • Legal basis: Legitimate interest or contract.

Social Media / Messenger

  • Used for marketing and communication.
  • Public interactions may be repurposed with consent.
  • Legal basis: Consent.

Payments

  • Processed securely via card machine or website.
  • No card data is stored after processing.
  • Financial records held for HMRC for 6 years.
  • Legal basis: Legal obligation.

Complaints

  • Information collected to investigate and resolve complaints.
  • Retained for 12 months after resolution.
  • Legal basis: Legitimate interest.

Sign-in Sheets & Registration Forms

  • Used to confirm attendance and comply with training requirements.
  • Additional contact details are optional and used with consent.
  • Legal basis: Contract (attendance), Consent (marketing).

Marketing Tools (e.g., Mailchimp)

  • Used to send updates and promotional content.
  • Legal basis: Consent.
  • You may unsubscribe at any time.

4. Why We Process Your Data

Service Delivery

We collect and process personal data to:

  • Provide training, assessment outcomes, certificates, and cards
  • Communicate important information such as renewal reminders
  • Identify and verify records (e.g. using NI number and DOB)

Legal basis: Contractual obligation, Legitimate interest

Marketing

We may contact you about relevant training services, products, or industry updates.

Legal basis: Consent

You can withdraw your consent at any time by clicking “unsubscribe” or contacting us.

5. Sharing Your Data

We may share your personal data with:

  • Awarding bodies (e.g., IOSH, NEBOSH, Qualsafe, RSPH, CEFNI)
  • Mailing services for certificate delivery or renewal notices
  • IT service providers who support our systems
  • Contracted trainers or service affiliates

All third parties are bound by data protection agreements and only access necessary data.

We will never sell your data.

Training certificates may be shared with your employer or prospective employer.

6. International Data Transfers

Some platforms or providers may store data outside the UK (e.g. the USA).

We ensure appropriate safeguards under UK law, such as:

  • Standard Contractual Clauses (SCCs)
  • International Data Transfer Agreements (IDTAs)

You may contact us for more information.

7. How Long We Keep Your Data

  • Training-Related Data: 6 years and 6 months after expiry
  • Marketing Data: Until unsubscribed or inactive
  • Complaints: 12 months after resolution
  • Financial Records: 6 years (HMRC compliance)

You may request early deletion by contacting us.

8. Your Rights

You have the following rights under UK GDPR:

  • Access – Request a copy of your personal data
  • Rectification – Correct inaccurate or incomplete data
  • Erasure – Request deletion of your data
  • Restriction – Ask us to limit data use
  • Objection – Object to processing for legitimate interest or marketing
  • Portability – Request a transferable copy (where applicable)
  • Withdraw Consent – At any time where consent is the basis
  • Complain to the ICO – If you believe we misuse your data

To exercise your rights, contact: [email protected] or write to Health Matters (Health & Safety) Ltd, 11 Monaghan Court, Monaghan Street, Newry, BT35 6BH.

9. Mandatory or Optional Data

Some data (e.g. name, DOB, NI number) is mandatory for service delivery. If not provided, we may be unable to deliver training or certification. Other data (e.g. marketing preferences) is optional and collected only with consent.

Version and Updates

This Privacy Notice was last updated on 24/06/2025. Updates may occur to reflect legislative or process changes. Significant changes will be clearly communicated where appropriate.