Privacy Notice for Health and Safety Incident and Near Miss Reporting
Components
This privacy notice explains who we are, how and why we collect and use personal information about you, what personal data is collected and held about you when you report an accident or near miss to Manchester Metropolitan University, our purposes and lawful bases for processing, who we share your personal data with, relevant retention periods, and how you can exercise your privacy rights.
This notice provides information that is in addition to information contained in the University’s Privacy Notice for Staff and Privacy Notice for Students. Please do read this notice to understand our practices and if you have any questions please contact us using the contact details provided below.
Who we are
Throughout this notice, “University”, “we”, “our” and “us” refer to the Manchester Metropolitan University, an exempt charity under Schedule 2 to the Charities Act 1993 (amended by the Charities Act 2011). The University is the Data Controller in respect of the personal data you provide when you report and accident or near miss.
The University is registered as a Data Controller with the Information Commissioner’s Office (ICO). We manage personal data in accordance with the General Data Protection Regulation (GDPR) and the University’s Data Protection Policy.
The personal data we process
When you report or are subject to an incident we will collect and process the following information:
- Name
- Staff or student ID number (if applicable)
- Internal or external
- Email address
- Address (work and/or home)
- Telephone number
- Date of birth
- Date of incident
- Location of incident
- Risk assessment
We may also process the following “special categories” of more sensitive personal information:
- Incident cause
- Injury type
- Affected body part
- Whether first aid was given
- Attendance at hospital
- Description of reported injury or ill health
- Information about your health, any disability and/or medical condition
- Health and sickness records, details of time off work
- Treatment given
- Follow up measures, e.g. to prevent a re-occurrence
- Photographs of injuries
We may collect further personal data directly from you as part of our investigation into your reported injury or ill health.
Incident reporting and near miss records may relate to: current and former students and members of staff, including temporary workers, visitors and external contractors.
The purposes of the processing
Your information will enable us to:
Use of personal data |
Lawful basis |
|
Legal obligation: Processing of certain personal data is necessary for compliance with the RIDDOR. |
|
Legal obligation: Processing of personal data is necessary for compliance with the Workplace (Health, Safety and Welfare) Regulations 1992. |
|
Legal obligation: Processing of personal data is necessary for compliance with the Management of Health and Safety at Work Regulations 1999. |
|
Legitimate interests: the processing is necessary for the purposes of the legitimate interests pursued by the controller. The legitimate interest is to appropriately investigate near miss incidents and to take appropriate follow up action to keep our students, staff and visitors safe. |
If you contact us, we may also keep a record of that correspondence.
The recipients or categories of recipients of the personal data
We may disclose personal data about you to the following third parties:
- Line manager/tutor
- University insurance office
- Health and Safety Executive (HSE)
- University insurance broker
- Occupational health provider
Data retention
Your personal data will only be retained for as long as it is necessary in accordance with the University’s Retention and Disposal Schedule. Specifically, we will retain personal data relating to your reported accident or near miss for 40 years.
Your rights in respect of the processing
The GDPR provides data subjects with the following data subject rights:
- The right to be informed – this privacy notice assists with fulfilling these obligations
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
Please note, that these rights apply in certain circumstances, for example according to the lawful basis utilised by the University. The right of access to personal information held about you exists in order to be aware of, and verify, the lawfulness of the processing. Please use the contact information below to exercise these rights.
Contacting us
For questions or concerns about this Privacy Notice, or our use of your personal information, please contact safety@mmu.ac.uk in the first instance.
Our Data Protection Officer can also be contacted using dataprotection@mmu.ac.uk, by calling 0161 247 3884 or in writing to: Data Protection Officer, Legal Services, All Saints Building, Manchester Metropolitan University, Manchester, M15 6BH.
Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) as the supervisory authority in respect of the processing of your personal data. We would encourage you to expend our internal complaints procedure through our initial contact and the University Data Protection Officer, prior to contacting the ICO. Please contact: casework@ico.org.uk or telephone: 0303 123 1113. Visit the ICO wesbite for any further contact information please see.
Updates to this privacy notice
We may update this privacy notice from time to time in response to changing legal, technical or business developments. When we update our privacy notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.