Privacy Policy

Privacy Policy - Stent Safety Solutions

Effective Date: 5th November 2025

Stent Safety Solutions (referred to as "we," "us," or "our") is a self-employed sole trader business operated by Jamie Stent. We are committed to protecting the privacy and security of your personal data. This policy explains how we collect, use, and process personal information in accordance with the UK General Data Protection Regulation (GDPR).

1. Data Controller Information

Data Controller: Jamie Stent, trading as Stent Safety Solutions Contact Email: stentsafetysolutions@gmail.com Address (for data queries): 67, Lewis Road, Gravesend, DA13 9JQ, UK

Clarification of Roles: For personal data concerning client employees (i.e., Trainee & Employee Data and Health and Safety Data used solely for the performance of the Services), the Client acts as the Data Controller, and Stent Safety Solutions acts as the Data Processor, operating strictly under the Client's instructions as defined in Clause 9.1 (Data Protection and GDPR) of our Terms and Conditions of Service. For all other data (e.g., billing and general contact), we act as the Controller.

2. Personal Data We Collect

We collect and process the following categories of personal data, which are necessary for the provision of the Services:

• Client/Contact Data

  • Examples: Name, Job Title, Company Address, Phone number, Email.

  • Primary Purpose: Contractual communication, invoicing, and service scheduling.

• Trainee & Employee Data

  • Examples: Employee name, job role, department, training attendance records, and assessment notes.

  • Primary Purpose: To identify the individual being trained or assessed, issue training certificates, and create formal health and safety reports.

• Health and Safety Data (Special Category Data)

  • Examples: Information regarding reported physical discomfort, existing medical conditions relevant to workplace tasks, incident/accident details, or previous injuries.

  • Primary Purpose: To fulfill legal Health and Safety duties (such as Risk Assessments or Accident Investigations), ensure training is suitable for individual capabilities, and advise the Client on appropriate protective measures.

3. Basis for Processing (Lawful Grounds under UK GDPR)

We rely on the following lawful bases to process your data:

• Performance of a Contract: Processing Client/Contact Data is necessary to fulfill the contract with you (the Client) to provide the agreed-upon services.

• Legitimate Interests: Processing Trainee & Employee Data (name, job role) to create official reports and training records, which serves the Client’s legitimate interest in meeting their legal health and safety obligations.

• Legal Obligation: Processing is necessary to meet legal obligations under UK Health and Safety legislation.

• Substantial Public Interest (Health and Safety at Work): For the Health and Safety Data (Special Category Data), we rely on the lawful basis for processing related to Health and Safety at Work. This is necessary to provide protective advice to the Client and maintain a safe working environment.

4. How We Use the Information

We use the information collected exclusively to:

• Schedule, manage, and invoice the Services.

• Conduct Audits, Assessments, and Investigations to provide appropriate advice.

• Deliver training and issue certification.

• Generate formal reports for the Client.

• Maintain internal records for professional liability and insurance purposes (minimum 6 years).

• To communicate with the Client regarding service updates, promotional offers, or new services.

5. Data Sharing and Disclosure

We do not sell your personal data to third parties. We will only share data in the following circumstances:

• With the Client: Assessment/Investigation Reports and Training Records (which include user names and relevant data) are shared directly with the Client (your employer) to fulfill our contractual obligations.

• Legal/Regulatory: If we are legally required to do so by a court order, a formal request from the HSE (Health and Safety Executive), or another regulatory body.

• Sub-Processors: With our accountant or IT service providers, where we ensure they are GDPR compliant.

6. International Data Transfers

We store and process personal data exclusively within the UK and the European Economic Area (EEA). We do not routinely transfer or process personal data outside of these jurisdictions.

7. Data Security and Retention

We take appropriate measures to secure your data. We retain personal data only for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements (typically a minimum of six years).

8. Your Legal Rights (UK GDPR)

As a data subject, you have rights regarding your personal data, including the Right to Access, Rectification, Erasure (under certain conditions), Restriction of Processing, and Object to Processing. To exercise any of these rights, please contact us using the contact details provided in Section 1.

9. Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and allows us to improve our site. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

10. How to Complain

If you have concerns about our use of your personal information, you can contact us directly. You also have the right to lodge a complaint with the UK supervisory authority for data protection, the Information Commissioner’s Office (ICO).