Safety, Health and Environment Department privacy notice

Information you need to know

The Safety, Health and Environment Department (SHE Department) is part of Liverpool John Moores University. See further information on the institution.

Liverpool John Moores University is the Data Controller.

Our Data Protection Officer can be contacted at DPO@ljmu.ac.uk

This privacy notice explains how we use your personal information and your rights regarding that information.

For information about how the wider university uses personal data, please see the Privacy notice section of our website.

Information we are collecting

We may collect and hold personal information such as your

  • name
  • gender
  • location
  • identification number
  • job title or role
  • email address

Where relevant, we may also collect information about your health where this relates to a safety, health or wellbeing issue. Health information is classed as special category data, which is given extra protection under data protection law.

Source of the personal data

We will usually collect this information directly from you, or from information you have previously provided to the university.

In some circumstances, information about you may be provided by a third party. For example, if you are injured or unwell, details may be shared by a Security Officer, witness or First Aider.

Why we are collecting your data and the legal basis for this

We process personal data in accordance with the principles of the GDPR and only where there is a valid lawful basis to do so.

In most cases, this is because we are required to do so under health and safety legislation, or because the university is carrying out tasks in the public interest. In some circumstances, where we provide services on a commercial basis, we may also process personal data where it is necessary for our legitimate interests. In an emergency, we may process personal data where it is necessary to protect your vital interests or those of another individual.

We use personal data for a range of safety, health and environment purposes, including:

  • carrying out risk assessments
  • developing Personal Emergency Evacuation Plans (PEEPs)
  • completing Display Screen Equipment (DSE) assessments
  • investigating accidents and incidents
  • making health surveillance referrals
  • reporting to statutory authorities, such as the Health and Safety Executive (HSE) under the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR)
  • maintaining training records
  • responding to safety, health and environment enquiries, concerns or complaints
  • reducing the likelihood of future incidents or work-related ill health
  • improving the university’s health and safety arrangements
  • carrying out trend analysis and reporting
  • supporting legal claims (civil or criminal)

Who has access to this data

Your personal data will only be accessed by relevant LJMU staff where it is necessary for them to carry out their role.

Examples of relevant staff include:

  • your academic tutor or line manager
  • Human Resources
  • health and safety advisers
  • safety representatives
  • local health and safety coordinators and officers
  • fire wardens and evacuation coordinators
  • staff involved in accident or incident investigations

We may also share your personal data, where lawful and necessary, with external organisations.

Examples include:

  • statutory authorities and public bodies, such as the Health and Safety Executive (HSE)
  • emergency services
  • our insurers
  • third parties or contractors who support us in delivering our services, who are required to meet appropriate data protection standards
  • external auditors

Where possible, we will anonymise personal data before sharing.

How the university protects your data

We are committed to keeping your personal data safe in line with data protection legislation and the university’s information security and data protection policies.

We use a combination of technical and organisational measures to protect personal data, including restricting access to authorised staff only and ensuring staff receive appropriate training.

Paper documents containing personal data are stored in locked cabinets within secure offices. Electronic records are stored on secure, access-controlled university systems. All Safety, Health and Environment Department staff are required to complete the university’s mandatory data protection training.

The Department also maintains a records retention and disposal schedule to ensure personal data is only kept for as long as necessary and is securely disposed of when no longer required.

How long the university keeps your data

We will only retain your personal data for as long as necessary for the purposes for which it was collected, including to meet any legal, regulatory or reporting requirements. Retention is managed in line with our records retention and disposal schedule.

In some cases, personal data must be retained for extended periods due to legal requirements. For example, certain health records must be kept for at least 40 years from the date of the last entry due to the potential for long delays between exposure and the onset of ill health. Records relating to reportable injuries, occupational diseases or dangerous occurrences are retained for a minimum of three years in accordance with statutory requirements.

When your personal data is no longer required, it will be securely deleted or destroyed.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request - this could be in a portable electronic format
  • request that the university changes incorrect or incomplete data if you think that it is inaccurate or out of date
  • request that the university delete or stop processing your data, for example where the data is no longer necessary or legally required for the purposes of processing

If you would like to exercise any of these rights, please contact the Data Protection Officer at DPO@ljmu.ac.uk.

If you do not provide data

In some cases, personal data is provided to us when you seek assistance from LJMU, for example to make adjustments to facilities or to support your health and safety.

If we do not have access to the relevant information, we may not be able to put appropriate measures in place to support you or others, or to ensure a safe environment.

Transfers of data outside the UK

We normally keep your personal data within the UK. In some cases, however, we may need to transfer it to another country - for example, to deliver a contract with you or to work with a partner organisation such as a university based overseas.

Whenever this happens, we make sure your information stays protected. This could be through a UK “adequacy regulation” (which confirms that the other country’s data protection laws are up to UK standards) or by putting strong safeguards in place.

These safeguards might include:

  • model contractual clauses
  • formal data sharing or processing agreements
  • binding corporate rules

In short, even if your data travels abroad, it will continue to be treated with the same care and respect as it would under UK law.

Automated decision-making

We do not use computers to make decisions about you based solely on your personal data. Any decisions that affect you will always be made by a human, ensuring that you are treated fairly.

How to complain to the university

You have a right to complain to the university if you think it has not properly responded to your request for personal information or feel it has not handled your personal data responsibly.

If you are not satisfied with how your request for information or how your personal data has been handled, you should set out your complaint in writing to:

Maria Burquest
University Secretary and General Counsel
Legal and Governance Services
2nd Floor Exchange Station
Tithebarn Street
Liverpool
L2 2QP

or by email via DPO@ljmu.ac.uk.

How to complain to the Information Commissioner’s Office

You have the right to complain to The Information Commissioner if you believe that our processing of your personal data does not meet our data protection obligations. The Information Commissioner can be contacted using the following details:

  • Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF.
  • Telephone: 0303 123 1113.
  • Email: contact can be made by accessing the ICO website.