Privacy Policy

1. Data controller

The data controller responsible for your personal data is:

Thomas Featherstone trading as Featherstone Safety
Email: thomas@featherstonesafety.co.uk
Phone: +44 7528 703903
[INSERT BUSINESS OR SERVICE ADDRESS]

ICO registration: See our existing privacy notice on featherstonesafety.co.uk for our ICO registration number, which is preserved from the current registration. [PRESERVE ICO REGISTRATION NUMBER FROM EXISTING WEBSITE PRIVACY POLICY]

Featherstone Safety is a trading name. It is not a limited company.

2. What data we collect and why

2.1 Contact and enquiry data

When you contact us via a form, email or telephone, we collect your name, email address, phone number, business name and the content of your message. We use this to respond to your enquiry and to provide information about relevant services.

Lawful basis: legitimate interests (responding to a B2B business enquiry) and, where relevant, pre-contractual steps.

2.2 Quotation and proposal data

When we prepare a quotation or proposal, we collect information about your business, size, sector, and health and safety needs. We use this to provide a relevant proposal.

Lawful basis: pre-contractual steps and legitimate interests.

2.3 Client and service delivery data

When you engage us for services, we collect and process information necessary to deliver those services, including employee information relevant to health and safety assessments, workplace information, and incident or risk data. We collect only what is necessary to deliver the agreed service.

Lawful basis: performance of a contract.

2.4 Safety Hub platform data

When you use the Featherstone Safety Hub platform, we process data you enter into the platform, including risk assessments, COSHH assessments, incident records, training records, employee details, and compliance evidence. You remain the data controller for all personal data you upload. We act as a data processor in relation to that data.

Lawful basis: performance of a contract (the subscription agreement).

2.5 Marketing and outreach

We may send relevant business communications (such as safety guidance, updates about our services, or information about the Hub) to business contacts where we have a legitimate interest in doing so. We will not send unsolicited marketing to individuals who have not enquired about or used our services.

Lawful basis: legitimate interests (B2B marketing). You can opt out at any time — see section 8.

Business contacts can opt out of future marketing at any time by replying “unsubscribe” or by contacting us at thomas@featherstonesafety.co.uk.

2.6 Website usage data

When you visit this website, our hosting infrastructure may collect standard server log data including your IP address, browser type, operating system, referring URL, and pages visited. This is used for security and operational purposes only.

[CONFIRM WHETHER ANALYTICS/MARKETING COOKIES ARE ACTIVE] — If analytics tools are active, document them here with their lawful basis (consent).

Lawful basis: legitimate interests (website security and operation) for server logs; consent for any analytics cookies.

3. Cookies

We use cookies and similar technologies to operate this platform. Strictly necessary cookies are required for the platform to function. Non-essential cookies (such as analytics) are only placed with your consent.

For full details, see our Cookie Policy.

4. Who we share data with

We do not sell your personal data. We may share data with the following categories of recipients only where necessary to deliver our services or meet legal obligations:

• IT and hosting providers: Vercel (hosting), Supabase (database and authentication)
• Payment providers: Stripe (payment processing — card details are handled by Stripe directly and are not stored by us) [CONFIRM WHETHER PAYMENT PROVIDER IS STRIPE OR OTHER]
• Email providers: [CONFIRM EMAIL SERVICE PROVIDER]
• Professional advisers: accountants, insurers, legal advisers where required
• Subcontractors: where we engage suitably qualified third parties to assist with service delivery, subject to confidentiality obligations [CONFIRM WHETHER SUBCONTRACTORS ARE USED]
• Regulators and enforcement bodies: where required by law

5. International data transfers

We aim to process data within the United Kingdom and European Economic Area. Where data is transferred outside the UK/EEA (for example by third-party service providers), we take steps to ensure adequate protections are in place in accordance with UK GDPR requirements.

[CONFIRM WHETHER ANY INTERNATIONAL DATA TRANSFERS OCCUR]

6. How long we keep data

• Enquiry and contact data: retained for up to 2 years from the date of last contact, unless a contract follows.
• Client and contract data: retained for 6 years from the end of the contract, in line with standard business limitation periods.
• Safety Hub platform data: retained for 30 days following cancellation of a subscription, after which it may be permanently deleted. Export is available on request before deletion.
• Marketing data: retained until you opt out or until we have no reasonable basis for further contact.
• Financial and billing records: retained for 6 years to meet legal and accounting obligations.

7. Security

We take reasonable technical and organisational measures to protect personal data from unauthorised access, loss or disclosure. The Safety Hub platform uses encryption in transit (HTTPS/TLS) and encryption at rest. Access to personal data is restricted to those who need it to deliver the service.

No transmission over the internet is completely secure. You share data with us at your own risk and we cannot guarantee absolute security.

8. Your rights

Under UK GDPR you have the following rights in relation to your personal data:

• Access: request a copy of the data we hold about you.
• Rectification: ask us to correct inaccurate or incomplete data.
• Erasure: ask us to delete your data where we no longer have a lawful basis to hold it.
• Restriction: ask us to restrict processing in certain circumstances.
• Portability: receive your data in a structured, machine-readable format where processing is based on consent or contract.
• Objection: object to processing based on legitimate interests, including direct marketing.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting earlier processing.

To exercise any of these rights, contact us at thomas@featherstonesafety.co.uk. We will respond within one month in most cases.

Marketing opt-out: you can opt out of marketing communications at any time by replying “unsubscribe” to any communication or by emailing us. We will action opt-outs promptly.

9. Complaints

If you believe we have not handled your data correctly, please contact us in the first instance at thomas@featherstonesafety.co.uk.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

ico.org.uk/make-a-complaint
ICO helpline: 0303 123 1113

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by a notice on the platform or by email to registered users. The date at the top of this page shows when the policy was last updated.

11. Contact

Thomas Featherstone trading as Featherstone Safety
Email: thomas@featherstonesafety.co.uk
Phone: +44 7528 703903
[INSERT BUSINESS OR SERVICE ADDRESS]