Privacy notice – health and safety reports

North Somerset Council is registered with the Information Commissioner’s Office for the purposes of processing personal data. The information you provide will be held and used in accordance with the requirements of UK and European data protection law.  The information will form part of the incident report form, and will be held for three years following the date of the incident.  This is with the exception of an accident relating to a person under the age of 18 years old, where the incident report will be held until their 21st birthday.

Unless otherwise agreed with you, we will only collect the minimum personal data required to fully investigate the incident and treat injuries. This includes your name, date of birth, contact details, how the incident occurred and any pre-existing medical conditions or medical treatment.  It does not include any information relating to criminal convictions or offences.

The information will be used to provide first aid treatment and investigate the incident to prevent recurrence; our official authority under the Management of Health and Safety at Work Regulations 1999, in accordance with Article 6(1)(e) of the European General Data Protection Regulation. The details relating to pre-existing medical conditions and/or treatment is necessary to ensure the adequacy of any first aid provision, in accordance with Article 9(2)(g) of the European General Data Protection Regulation.

We will not use your personal information in a way that may cause you unwarranted nuisance. Failure to provide the information could result in inadequate first aid treatment, and the inability to investigate the incident to prevent recurrence.

The information provided may be shared with the Health and Safety Executive or Public Health England, who have demonstrated that they have a lawful and legitimate interest in the information, for the purposes of fulfilling their statutory obligations. Where incident investigation may be required, the information may also be shared with the police, HMRC, insurance companies and/or internal teams where remedial action would be required. At no point is your data shared or processed outside of the UK.

We may lawfully disclose information to public sector agencies to prevent or detect fraud or other crime, or to support the national fraud initiatives and protect public funds under the Local Audit and Accountability Act 2014. Under the conditions of the Digital Economy Act 2017, we may also share personal data provided to us with other public authorities as defined in the Act, for the purposes of fraud or crime detection or prevention, to recover monies owed to us, to improve public service delivery, or for statistical research.  We do not share the information with other organisations for commercial purposes.

You have the right to see the personal data we process about you, as well as the right of objection, rectification and restriction.

If you have any questions or concerns about the way we process your personal data, contact our Data Protection Officer at