The Safety Association of Federated Employers Privacy Policy

(herein referred to as SAFE)

Keeping your personal information safe and secure is our priority. The following text sets out how SAFE collects, uses, shares and protects information about our customers and business contacts. It will also provide you with a better understanding of your rights relating to your personal data and how you can exercise those rights.

This policy replaces any other Privacy Policy from SAFE. It is effective from 1 May 2018 and is reviewed regularly for compliance against UK legislation:

  • The EU General Data Protection Regulation 2018 (GDPR)
  • The EU Privacy and Electronic Communications Regulations 2003 (PECR)


SAFE collects personal information¹ when you commence membership, register with us online, ask us a question about our services online, by phone or email, or place an order for our services.  We will use this information to provide membership services including the issue of newsletters, information sheets, upcoming courses and information on current and latest services etc. By joining SAFE it is agreed that we will send this information by email or by post unless you request otherwise.

We do not share your information for marketing purposes with third parties. For the fulfilment of services, we do have to share your information with some third parties such as training bodies for administration purposes and processing of certification, etc. In line with normal business practices, we may send your details to, and also use information from, credit reference agencies and fraud prevention agencies. You have the right to know what data we hold about you.

Please contact us by writing to or the address below if you need to submit an enquiry.

3 Diagonal Road
Pinefield Industrial Estate
IV30 6AH
Tel: 01343 612222

We encourage you to take time to carefully read all the following sections.

Who are we?

We are the Safety Association of Federated Employers, an organisation operating in the North East of Scotland, providing health and safety services and training to our members.

We are a registered company in the UK: SC191840

For the purposes of the GDPR, we are the Data Controller of your data. This means we are responsible for deciding how we use your information. Should you have any questions relating to this Privacy Policy please direct your enquiry in writing to: The Group Safety Advisor, 3 Diagonal Road, Pinefield Industrial Estate, Elgin IV30 6AH or by email to:

What information do we collect about you?

SAFE collects information about you when you register with us online, ask us a question about our services online, by phone or email, or join our organisation as a member. We may also collect information when you voluntarily complete surveys, or provide feedback on our services through our website, or through telephone, email or social media.

Other information we may hold about you:

Contact data: First name, Last name, Title, Company Name, Billing address, delivery address (Geographical location), and email and telephone contacts.

Membership data: Your preferences in receiving communications from us, where and how your information was collected.

Profile data: Login information (usernames, passwords if assigned), purchase history, product interests, feedback.  Individual data required for course booking such as CITB IOSH and AoFAQ courses

Historical data: Records of emails, telephone calls, website enquiries, orders

Financial data: Bank account details for payments such as Direct Debit mandates and BACS transfers – we only provide the mechanism which collects this information, but it is not transmitted through our systems. We collect data on financial transactions between yourself and SAFE.

Website: Website usage information is collected using cookies.

We do not collect or hold any data which pertains to anything covered by the UK Government’s Equality Act 2010, or any other information of a potentially discriminatory nature.

Why do we collect this information?

The legal basis for us to collect customer or potential customers’ information falls under Legitimate Business Interest. So that we can:

  • understand our members’ needs and improve our products and services
  • provide answers to their enquiries and improve their knowledge with regard to health, safety and training
  • fulfil their membership services, and
  • offer a better service to our members overall.

How do we collect this information?

We collect information in the following ways:

  • When you complete application forms, questionnaires, booking forms and documents.
  • When you communicate with us through telephone, email, post, or forms on our website we collect information to enable us to service your requests. Such communications may include:
    information requests, price requests, orders, testimonials, and subscriptions.
  • From credit agencies and fraud prevention agencies.
  • From publicly available data sources such as Companies House and Electoral House

How will we use the information about you?

We collect information about you to:

  • process your membership application
  • manage your account
  • remind you about annual subscriptions
  • book training courses
  • assist with enquires and provide assistance with health and safety services
  • And if you agree (give consent):
    • to contact you about other products and services available from SAFE
    • to inform you about important information with reference to health, safety and training
    • to contact you for market research purposes
  • We make it easy for you to change your mind about consent at any point by updating your
    preferences or unsubscribing completely from our information provision communications by
    simply emailing or by replying REMOVE to emails

We also use your information collected from the website through cookies to personalise any repeat visits to our website.

How do we share information about you?

SAFE will not share your information for marketing purposes with third parties. We do share your information to third parties (who we deem to be third party data processors) in the following circumstances:

  • In processing your membership and membership services requests, we may use information from credit reference agencies and fraud prevention agencies
  • In processing the payment of your membership or services invoices, we will share data with banking institutions and Direct Debit processing centres.
  • In communicating with you by email for marketing purposes, either directly or we use a thirdparty email service MailChimp²
  • In the management of our website our digital services. In certain circumstances we may have to share personal data with our IT contractors for the purposes of IT & Systems Admin Support.
  • For disclosure in certain circumstances for example to professional advisors like, lawyers,accountants, insurance companies.
  • For regulatory purposes including to HMRC.

How do we store your data?

Your contact details may be held in the following ways:

  • On our Membership Database (excel spreadsheet) (full contact details, contact history)
  • On our accounts and order management software – Sage (billing details and accounts information)
  • Online banking system (bank account details)
  • Dropbox³ – online cloud-based storage system (password protected)
  • On computer email systems – Microsoft Outlook (email, company name first name, last name,) (password protected)
  • On our email management client – MailChimp² (email, company name first name, last name,) (password protected)
  • Mobile communication devices (email, first name, last name, telephone number) (password protected)
  • Hardcopy – within folders in a secured storage unit

Data security

SAFE applies stringent security measures to prevent your data from being accidentally lost, used or accessed in an unauthorised way. Security measures apply to our computers, network, software and internet. A separate IT & Cyber security policy is mandatory for all staff to be familiar with, sign and follow. Any staff that have access to personal data staff must also complete Cyber Security Training.

The policy and training also cover procedures of how to deal with any suspected personal data breach, and we will notify the ICO and our contacts immediately if any such breach were to occur.

Data retention

We only retain your personal data for as long as necessary to fulfil the purposes it was collected for, including any legal, accounting or reporting requirements. By law we have to keep basic information about our customers for six years for tax purposes.

Your rights

You have extensive rights under the General Data Protection Regulation, these include the right to:

  • request a copy of the information that we hold about you.
  • to correct or remove information you think is inaccurate
  • withdraw consent at any time.
  • be forgotten (i.e. the right to ask us to delete, shred and otherwise remove any data we hold about you, excepting where we have a legal obligation under UK law).

For further information on your rights please visit the Information Commissioners Office

Should you wish to exercise any of your rights under the GDPR Policy please direct your enquiry in
writing to: The Group Safety Advisor, 3 Diagonal Road, Pinefield Industrial Estate, Elgin IV30 6AH or by email to:

Other websites

Our websites contain links to other websites. This privacy policy only applies to our websites: We do not have any control over the content or management of such websites and are not accountable or responsible for any data protection or privacy issues regarding the. When you follow a link to their websites you should read the privacy policies they provide.

How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you:

3 Diagonal Road
Pinefield Industrial Estate
IV30 6AH
Tel: 01343 612222
Registered company in the UK: SC191840


In the first instance, please contact us if you have a complaint or concern about the way we collect, store, use or process your data, or about the way we communicate with you. If you are not satisfied with our response you may also contact the Information Commissioners Office to raise a formal complaint


¹ Personal information includes: For Customers – Name, Company Name, Company Contact Tel & Email, Company Address, additional billing information if required. For Enquiries – Name, Company Name, Company Tel & Email. In the case that personal email addresses and telephone numbers are provided additional consent to contact is sought once the direct enquiry from that individual has been answered.

² MailChimp is EU-US Privacy Shield approved under GDPR.

³ Dropbox operates to ISO 27018