Policy Document

Data Protection Policy

AB SiteSafe · Version 1.0 · Effective date: May 2026 · Review date: May 2027

1. Introduction

AB SiteSafe is committed to handling all personal data responsibly, lawfully, and transparently. This policy sets out how we collect, use, store, and protect personal data in the course of providing health and safety consultancy services.

This policy applies to all personal data processed by AB SiteSafe, whether held digitally or in physical form.

2. Data Controller

The data controller for all personal data processed by AB SiteSafe is:

Alexander Banister

Trading as: AB SiteSafe

Email: ABSiteSafe@outlook.com

ICO Registration: ZC155380

3. Legal Framework

AB SiteSafe processes personal data in accordance with:

UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
Privacy and Electronic Communications Regulations 2003 (PECR)

4. Data We Collect

In the course of providing our services, AB SiteSafe may collect and process the following categories of personal data:

Name and job title of client contacts
Business name, address, and contact details
Email addresses and telephone numbers
Information about client business activities and workplace hazards relevant to the services requested
Names of employees where referenced in health and safety documentation
Payment information (processed via third-party providers — not stored by AB SiteSafe)

      AB SiteSafe does not collect or process special category data (e.g. health records, biometric data) unless specifically required by the nature of the services agreed and with explicit consent.
    

5. Legal Basis for Processing

We process personal data on the following legal bases:

Contract — processing is necessary to deliver the services agreed with the client
Legitimate interests — for business administration, record-keeping, and service improvement
Legal obligation — where processing is required to comply with applicable law
Consent — where explicitly obtained, for example for marketing communications

6. How We Use Personal Data

Personal data collected by AB SiteSafe is used solely for the following purposes:

Delivering health and safety documentation and consultancy services
Communicating with clients regarding their enquiries or projects
Issuing invoices and managing payment records
Maintaining records as required by law
Improving our services based on client feedback

We will not use personal data for any purpose incompatible with the purpose for which it was collected, without first obtaining consent.

7. Data Sharing

AB SiteSafe does not sell, rent, or share personal data with third parties for marketing purposes. Data may be shared in the following limited circumstances:

With service providers who assist in delivering our services (e.g. cloud storage, email platforms), subject to appropriate data processing agreements
Where required by law or regulatory authority
With the client's own employees or representatives where necessary to complete the agreed work

8. Data Retention

Personal data will not be retained for longer than is necessary for the purpose for which it was collected. As a general guide:

Client records and completed documents — retained for 6 years following the end of the client relationship, in line with standard business records guidance
Enquiry data where no contract was formed — deleted within 12 months
Financial records — retained for 6 years in accordance with HMRC requirements

9. Data Security

AB SiteSafe takes reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include:

Password-protected devices and accounts
Use of reputable cloud storage with access controls
Secure email communications
Not sharing login credentials or leaving devices unattended in unsecured locations

In the event of a data breach that is likely to result in a risk to individuals' rights and freedoms, AB SiteSafe will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, and will inform affected individuals without undue delay.

10. Your Rights

Under UK GDPR, individuals whose data we hold have the following rights:

Right of access — to request a copy of the personal data we hold about you
Right to rectification — to request correction of inaccurate or incomplete data
Right to erasure — to request deletion of your data where there is no lawful reason to retain it
Right to restrict processing — to request that we limit how we use your data
Right to data portability — to receive your data in a structured, commonly used format
Right to object — to object to processing based on legitimate interests

To exercise any of these rights, please contact us at ABSiteSafe@outlook.com. We will respond within one calendar month.

11. Complaints

If you have concerns about how AB SiteSafe handles your personal data, please contact us in the first instance. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Website: ico.org.uk

Helpline: 0303 123 1113

12. Policy Review

This policy will be reviewed annually, or sooner if there are significant changes to our data processing activities or applicable legislation. The current version and effective date are shown at the top of this document.