Privacy and Data Protection Policy

1. Introduction

At More Than Safety Ltd, we are dedicated to safeguarding the privacy and security of all personal data we collect and process. This policy outlines how we handle personal data in line with the requirements of the General Data Protection Regulation (GDPR), relevant UK laws, and international standards, including ISO 9001, ISO 45001, and ISO 14001.

2. Purpose

This policy aims to ensure that More Than Safety Ltd:

  • Protects the personal data of customers, employees, suppliers, and other stakeholders.
  • Complies with all legal obligations regarding data protection, including GDPR.
  • Maintains high standards of data security and confidentiality.
  • Continuously improves data management practices.

3. Scope

This policy applies to:

  • All personal data processed by More Than Safety Ltd.
  • Personal data collected through our website, communications, services, and products.
  • Employees, contractors, suppliers, customers, and other third parties whose data we manage.

4. Data Collection and Use

We collect personal data for legitimate business purposes, including:

  • Contact details of customers, employees, and suppliers.
  • Financial information for billing and contractual requirements.
  • Information necessary for customer support, communications, and marketing.

The company processes personal data based on the following lawful bases:

  • Consent
  • Contractual necessity
  • Legal obligation
  • Vital interests
  • Public task
  • Legitimate interests

Evidence of consent is documented and stored securely, and individuals may withdraw consent at any time. Withdrawal requests will be promptly honoured.

5. Data Protection Principles

More Than Safety Ltd adheres to the following principles:

  • Lawful, Fair, and Transparent Processing: Data will be processed lawfully, fairly, and transparently. Individuals will be informed about the purposes for which their data is collected.
  • Purpose Limitation: Personal data will be collected for specific, legitimate purposes and will not be used for incompatible purposes.
  • Data Minimisation: Only the data necessary for the intended purpose will be collected and processed.
  • Accuracy: We will take reasonable steps to ensure data is accurate and up to date.
  • Storage Limitation: Data will be retained only as long as necessary for its intended purpose.
  • Integrity and Confidentiality: We ensure personal data is processed securely to prevent unauthorised access, loss, or damage.

6. Data Storage and Retention

Personal data is stored securely using both digital and physical safeguards. The Data Retention and Disposal Schedule defines how long data will be kept, considering legal, operational, and regulatory requirements. When data is no longer needed, it will be securely destroyed to prevent recovery.

7. Data Security

We are committed to ensuring the security of personal data through:

  • Regular updates to software and security technology to prevent unauthorised access.
  • Restricting access to personal data to authorised personnel based on job responsibilities.
  • Implementing robust encryption, backup, and disaster recovery solutions.
  • Regularly testing and reviewing our data security measures.

8. Data Subject Rights

Individuals have the following rights regarding their personal data:

  • The right to access their data.
  • The right to request correction or deletion of their data.
  • The right to restrict or object to processing.
  • The right to withdraw consent at any time (if applicable).
  • The right to lodge a complaint with a supervisory authority if they believe their data rights have been violated.

9. Sharing of Personal Data

We may share personal data with trusted third parties, such as service providers, only when necessary to fulfil contractual obligations or improve services. These third parties are required to adhere to strict data protection and confidentiality standards.

10. Data Breach Notification

In the event of a data breach that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access to personal data, More Than Safety Ltd will:

  • Assess the risk to individuals’ rights and freedoms.
  • Notify the Information Commissioner’s Office (ICO) within 72 hours, if required.
  • Inform affected individuals where necessary.

11. Training and Awareness

All employees will receive regular training on data protection principles, the importance of data security, and compliance with GDPR, ISO 9001, ISO 45001, and ISO 14001 standards. This training ensures that employees are aware of their responsibilities in handling personal data.

12. Continuous Improvement

More Than Safety Ltd is committed to continuous improvement in its data protection and privacy practices. We regularly review and update our security measures, policies, and procedures to ensure compliance with evolving regulations and business requirements.

13. Policy Review

This policy will be reviewed annually or whenever there are changes to applicable laws, regulations, or standards to ensure it remains effective and up to date.

14. Contact Information

For any questions or concerns regarding this Privacy and Data Protection Policy, please contact:
More Than Safety Ltd
Unit 22, Solent Industrial Estate,
Shamblehurst Ln S,
Hedge End,
Southampton SO30 2FY
01489 780255