E-mail : info@ajpsafety.co.uk
Data Protection Policy
This Data Protection Policy relates to AJP Safety Limited’s online DSE assessments.
Terms used in this Policy:
• User – anyone who completes our online desk / DSE assessment and submits the
data to us.
• Employer / responsible person – The person who we send the pdf assessment reports
to in the user’s organisation (this can also be the user themselves).
• Data controller and processor – Mr R Hussain (AJP Safety Limited) is responsible for
storing and processing the information which users submit during their assessment.
• Data protection officer - Mr R Hussain (AJP Safety Limited) is responsible for storing
and processing the information which users submit during their assessment.
Information we hold:
Users of our online DSE assessment system provide us with the following data:
- Their name – Forename and Surname.
- The name of their employer (either known by arrangement or optional).
- Their email address (optional or not in customised assessment forms).
- Users may also provide information about medical conditions affecting their work.
- Date on which data was recorded.
- Typeform – the company whose online platform we have used to collate the assessments.
We also gather the following information which we are able to see:
- Network ID (a randomly-generated string of characters unique to the IP address of the respondent). This Network ID is unique to the IP from, which the response was collected. It can be used to detect and filter out duplicates. Note that it is not the actual IP address of the respondent – we do not collect and store that information. If several respondents connect through the same network or WiFi, they’ll have the same generated Network ID. On the other hand, if a single person is filling in your Typeforms from different locations (therefore different networks) a different Network ID will be associated with each of their submissions.
- Length of time to complete each assessment.
- Start and finish times of each assessments.
The data that is gathered in our online assessments is adequate, relevant and limited
to what is necessary in relation to producing a DSE assessment report for users’
employers.
The data we process comes directly from Users of our online assessment forms.
Purposes of gathering the above data:
The data which users provide us with is used to compile a DSE assessment report,
which is sent to each user’s employer or person responsible for processing that
information. Pdf reports are only generated if there is a contractual agreement
between AJP Safety Limited and the users' employer – or if payment is confirmed as
having been received from the user for a report to be generated.
The data is gathered to enable your employer to comply with the Display Screen
Equipment Regulations 1992, which requires that a suitable and sufficient
assessment is made of your computer workstation.
AJP Safety Limited staff who assess your DSE assessments are trained by accredited
Consultants of the Chartered Institute of Ergonomics and Human Factors (CIEHF).
Our gathering of user data in the online assessments, and generation of pdf reports
falls within lawful use of user data.
Consent:
Users’ consent to our processing of their data will be requested at the start of their
online assessment via positive indication. The data we receive includes a record of
that consent.
Users can withdraw their consent to the use of their data in generating a DSE
assessment report, at any time by contacting the data controller at
info@ajpsafety.co.uk
Communicating Privacy Information
At the start of our online assessment, users are provided with a link to this policy
which sets out the privacy of their data. Users are required to confirm that they have
reviewed this policy and consent to proceed with providing us with the information
requested during the assessment.
Storing data:
https://www.typeform.com/help/what-happens-to-my-data/
https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/
We do not put users’ personal information onto memory sticks due to the risk of
physical loss that may risk a data breach.
The raw data which you provide us with is retained securely online with the
assessment hosting company – Typeform. Typeform uses Amazon AWS servers for
data storage, which are GDPR compliant – for more information see links below.
Copies of the any electronic reports which we generate are stored by us in a secure iCloud
server folder which only the data controller has access to.
Individuals’ right under GDPR:
Users have a right to obtain confirmation that their data is being processed.
Any user of our system has the right to ask for any data which we hold relating to them, to be
provided to them. We would provide the raw data and the pdf assessment report as
requested free of charge in a portable electronic format. In order to release the information
safely we would need to confirm that the identity of the person requesting the information
matches the user.
Users can request at any time for the data controller to delete any information about them
which is held by or on behalf of AJP Safety Limited. Due to the legal status of the data which
we hold on behalf of both users and employers, this deletion would need to be by agreement
by both parties (see ‘storing data’ section above).
Users have a right to have any inaccurate or incomplete personal data rectified. To do this
users should submit a request for the data to be altered or deleted and replaced as
applicable.
We will process any requests to exercise individuals’ rights without delay and at the latest
within one month of receiving it.
Users should contact info@ajpsafety.co.uk if they wish to exercise any of their rights under
the GDPR.
Confirmation of what we do not do with users data:
We do not pass user information on to anyone other than their employer (which itself is only
done if we have positive user consent and by prior agreement with the employer).
We do not use users’ information for any purposes other than generating their pdf
assessment report and identifying the reports correctly to/for their employer. We do not use
the information users give us for any marketing purposes.
If a data breach occurs:
If we believe or if we are informed by Typeform or iCloud that any user information that we
hold has been accessed by anyone other than the data controller, the user or their employer,
we will inform the users’ employer in the first instance and request that information is passed
directly on to the users (on the basis that we do not retain any information allowing us to
contact users directly).
Contact details if you have any questions: Mr R Hussain – AJP Safety Limited
Info@ajpsafety.co.uk www.ajpsafety.co.uk
Registered Data Controller:
AJP Safety Limited is a registered data controller with the ICO – Registration reference:
ZA817315
