CQMS Ltd - Privacy Notice
CQMS Ltd is known as the "Controller" of the personal data that we collect about you. We process and hold your information in order to provide health and safety consultancy services. This notice will explain how we use and share your information.
Changes to this privacy notice
We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website https://cqms-ltd.co.uk/.
- Why do we collect your personal information?
- We collect and use personal data relating to employees to meet our legal obligations.
- We are the controller of information for health and safety consultancy services.
- We are the processor of information for information supplied by our clients.
What personal data do we collect?
The categories of employee information that CQMS Ltd collects, holds and shares include the following:
- Personal information – e.g. name, address, DOB, next of kin, residency status, marital status.
- Characteristics – e.g. language, nationality, country of birth.
- Attendance information – e.g. number of absences and absence reasons.
- Personal Qualifications – e.g. job specific qualifications held.
- Relevant medical information.
- CQMS Safety-Scheme – financial, HMRC, training qualifications,
Whilst the majority of the personal data you provide to CQMS Ltd is mandatory, some is provided on a voluntary basis. When collecting data, CQMS Ltd will inform you whether you are required to provide this data or if your consent is needed. Where consent is required, CQMS Ltd will provide you with specific and explicit information with regards to the reasons the data is being collected and how the data will be used.
How do we collect your personal data?
Information may be collected in a number of ways but predominantly as set out below:
- Face to Face: if you attend our offices or we visit you we may collect your personal data.
- Telephone calls: ordinarily we will inform you if we record or monitor any telephone calls you make to us. Recordings may be used as evidence of the call and for our staff training and quality purposes.
- Emails: if you email us we may keep a record of your email address and the email as evidence of the contact. We are unable to guarantee the security of any email initiated by you and we recommend that you keep the amount of confidential information you send to us via email to a minimum. We recommend that where available you use secure online services.
Who do we get your personal information from?
This information is collected in a number of ways:
- Provided by you directly when you sign up to a service we are providing;
- Provided by another professional organisation involved in the provision of services;
- Provided by another professional organisation to allow the research and intelligence necessary to CQMS Ltd performing its statutory functions.
- We may also receive information from government bodies and regulators such as the Department of Work and Pensions and Her Majesty's Revenue and Customs.
Who do we share your information with?
We may disclose your personal information to our employees, insurers or external auditors as reasonably necessary for the continuation of our services.
We will upload your personal information on a database Portal of accredited contractors which is accessible to our clients. Please refer to the CQMS Supply Chain Management Terms & Conditions for specific details.
Your personal information may be transferred to third party service providers who process information on our behalf, including providers of information technology, identity management, website hosting and management, data analysis, data back-up, security and storage services.
We may disclose your personal information to law enforcement, regulatory, or other government agencies or to other third parties as required by, and in accordance with, applicable law or regulation.
We will report any suspected breaches of the IOSH Code of Conduct or the IIRSM Code of Ethics by their members. Information you supply to us and our clients may be disclosed to IOSH or IIRSM in evidence.
No information is shared outside of the UK.
What are the legal grounds for processing your personal data?
To comply with our legal obligations.
Where it is needed to provide you with our products and/or services
What do we use your personal data for?
To comply with legal and regulatory obligations, requirements and guidance. CQMS Ltd maintain supplementary personal data is recorded on behalf of our Client to enable us to act as ‘Data Processor’ on their behalf.
How long do we keep your information for?
We are required to retain your personal data only for as long as is necessary, after which it will be securely destroyed in line with CQMS Ltd's retention policy or the specific requirements of the organisation who has shared data with us.
CQMS retain CQMS Consultancy details for the lifetime of the contract plus 6 years. Supplier details held for Safety-Scheme assessments are held for 2 years following last action.
Retention periods can vary and will depend on various criteria including the purpose of processing, regulatory and legal requirements, and internal organisational need. In accordance with the GDPR, CQMS Ltd does not store personal data indefinitely; data is only stored for as long as is necessary to complete the task for which it was originally collected.
How do we keep your data safe?
We have an information assurance framework in place which ensures that appropriate technical and organisational measures are in place to help keep your information secure and to reduce the risk of loss and theft.
Access to information is strictly controlled based on the role of the professional.
All staff with access to your data are required to undertake regular data protection training and must comply with a variety of security policies designed to keep your information secure.
Your personal data is not processed outside of the EU by CQMS Ltd.
You have a number of rights which relate to your personal data:
You are entitled to request access to any personal data we hold about you and you can also request a copy. Where we a relying on your consent to process your personal data you are entitled to withdraw your consent at any time. You can also request that we correct any personal data we hold about you that you believe is inaccurate; request that we erase your personal data; request that we stop processing all or some of it and request that automated decisions are made by a person. We are obliged to consider and respond to any such request within one calendar month.
If you wish to make a request or make a complaint about how we have handled your personal data please contact the Data Protection Officer
Post: CQMS Ltd, The Annexe, The Maltings, Wharf Road, Grantham, NG31 6BH
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office (ICO) ico.org.uk
Implementation of Policy
This Policy shall be deemed effective as of 25/05/2018.
No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.
ISSUE NO. 3 | 05.04.2023