Privacy Policy

Privacy & Your Personal Information

Use of personal information


We are committed to ensuring your privacy is protected. This Privacy Policy sets out details of the information that we may collect from you and how we may use that information. Please take your time to read this Privacy Policy carefully. When using our website, this Privacy Policy should be read alongside the website terms and conditions. This Privacy Policy describes how Normandie Health and Safety Limited, "we" or "us" or "NHS" collect and process data about individuals.


What types of data do we process

We may process certain types of personal data about you as follows:

Identity Data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender.

Transaction Data may include details about payments between us and other details of regarding the purchase of services made by you.

Usage Data may include information about how you use our website and services.

Marketing and Communications Data may include your preferences in receiving marketing communications from us and your communication preferences.

Contact Data may include your billing address, delivery address, email address and telephone numbers.

Financial Data may include your bank account and payment card details.


What Data Do We Collect

Personal data means any information capable of identifying an individual. It does not include anonymised data.


What Data Don’t We Collect

Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.


How We Collect Your Personal Data

You may provide data by filling in forms on our site (or otherwise) or by communicating with us by post, phone, email or otherwise, including when you:

order our services; request resources or marketing be sent to you or give us feedback.


How We Use Your Personal Data

We will only use your personal data when legally permitted. The most common uses of your personal data are:

Where we need to perform the contract between us.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Where we need to comply with a legal or regulatory obligation.


Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by emailing us at


Purposes For Processing Your Personal Data

Set out below is a description of the ways we intend to use your personal data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are where relevant. We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. Please email us at if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.


Type of data

Lawful basis for processing

To register you as a new customer.

(a) Identity

(b) Contact

Necessary for the performance of a contract with you.

To process and deliver your services including:

(a) Delivery of  services.

(b) Manage payments, fees and charges.

(c) Collect and recover money owed to us.

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Usage

(f)  Marketing & Communications


(a) Necessary for the performance of a contract with you.
(b) Necessary for our legitimate interests to recover debts owed to us.

(a)  To manage our relationship with you which will include:
Sharing and educating you on health and safety and food safety matters.

(b)  Notifying you about changes to our terms or privacy policy.

(c)  Asking you to leave a review or take a survey.

(a) Identity

(b) Contact

(c) Marketing &


(a) Necessary for the performance of a contract with you.

(b) Necessary to comply with a legal obligation.

(c) Necessary for our legitimate interests to keep our records updated and to study how customers use our services.

To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data.

(a) Identity

(b) Contact

(a)  Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise.


(b) Necessary to comply with a legal obligation.

To deliver relevant content and advertisements to you and measure and understand the effectiveness of our advertising.

(a) Identity

(b) Contact

(c) Usage

(d) Marketing &


Necessary for our legitimate interests to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy.

To make suggestions and recommendations to you about services that may be of interest to you.

(a) Identity

(b) Contact

(c) Usage

(d)  Marketing &


Necessary for our legitimate interests to develop our products/services and grow our business.

To register your details with an awarding body in order to gain certification.

(a) Identity

(b) Contact

Necessary for performance of contract with you.



Marketing Communications

You will receive marketing communications from us if you have:

(i) requested information from us or purchased services from us; or

(ii) if you provided us with your details and ticked the box at the point of entry of your details for us to send you marketing communications; and

(iii) in each case, you have not opted out of receiving that marketing.

We will never share your personal data with any third party for marketing purposes.

Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a service purchase, service experience or other transactions.


You can ask us or third parties to stop sending you marketing messages at any time by emailing us at at any time.

Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase,


Passing Personal Data to Third Parties

We may pass personal data to third parties such as other administration service providers, other health & safety service providers, legal advisors, banks, regulatory bodies the police and other law enforcement agencies, fraud and crime prevention and detection agencies. If you require details of the third parties your data has been passed to and how this information is used please contact the Data Protection Officer at Normandie Health & Safety Limited, Normandie House, Rue a Chiens, St. Sampson’s, Guernsey, GY2 4AE



We take privacy seriously and have systems in place to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation and to ensure the security and accuracy of any personal information we collect. All information you provide to us is stored on our secure servers and we restrict access to your information as appropriate to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers.


Third Party Links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.



We do not use Cookies.


Your rights

  • You may request access to a copy of your personal information that we hold by contacting us.
  • Where we have incorrect personal information in our records you may request to have the information corrected.
  • Under certain conditions, you may also have the right to require us to:
  • delete any personal information that we no longer have a legal ground to rely on;

  • object to any processing based on the legal ground of legitimate interests unless our reason for undertaking that processing outweighs any prejudice to your data protection rights;

  • provide you or another provider with a copy of your personal information that you provided us with; and

  • restrict how we use your personal information whilst a complaint is being investigated.

    If you contact us to exercise any of these rights we will confirm your right to          do so and respond in most cases within 30 days.


    If you have a complaint concerning the processing of your personal data please contact us and we will make every effort to resolve your complaint or refer you to our independent dispute resolution processes. If you are still not satisfied that your complaint has been appropriately addressed you may have a right to complain to the Guernsey Data Protection Commissioner, you will find the contact details on this hyperlink

    How to Contact us

    For any questions or concerns relating to this Privacy Policy or our Data Protection practices, or to make a subject access request, please contact:


    The Data Protection Officer

    Normandie Health & Safety Limited,

    Normandie House,

    Rue a Chiens,

    St. Sampson’s,


    GY2 4AE.


Updates to this Privacy Policy

We may need to make changes to this Privacy Policy periodically, for example, as the result of government regulation, new technologies, or other developments in data protection laws or privacy generally. You will be provided with a copy of the most up-to-date Privacy Policy and you can also view it by checking our website.

This Privacy Policy was last updated on: 23 May 2018



 Directions to the Normandie Office 


+44 (0) 1481 253953 

or email


Normandie Health & Safety Ltd

Lisia House

Rue a Chiens

St Sampson