Legal

Privacy Policy

How we collect, use, and protect your personal data

Last updated: 16 July 2026

1. Who we are

HSE Benchmark ('we', 'us', 'our') is a software-as-a-service platform providing health, safety, and environment (HSE) maturity assessment and benchmarking tools. We are the data controller for personal data processed through this platform. If you have any questions about this policy, contact us at [email protected].

2. What data we collect

We collect information you provide directly, including your name, email address, job title, organisation name, and billing details when you register or subscribe. We also collect usage data such as pages visited, features used, assessment responses, and log data including IP addresses, browser type, and timestamps. We use cookies and similar technologies as described in our Cookie Policy.

3. How we use your data

We use your personal data to provide and improve the HSE Benchmark platform, process payments, send transactional communications (account confirmations, invoices, password resets), provide customer support, and comply with legal obligations. Where you have given consent, we may send product updates and marketing communications. You may withdraw consent at any time.

4. Legal basis for processing

We process your data on the following legal bases under UK GDPR: (a) Contract — processing necessary to deliver the services you have subscribed to; (b) Legitimate interests — improving our platform, preventing fraud, and ensuring security; (c) Legal obligation — complying with applicable laws; (d) Consent — for marketing communications and non-essential cookies.

5. Data sharing

We do not sell your personal data. We share data with trusted third-party service providers who assist us in operating the platform, including cloud hosting providers, payment processors (Stripe), and analytics services. All processors are bound by data processing agreements and may only process data on our instructions. We may disclose data where required by law or to protect our legal rights.

6. International transfers

Some of our service providers are located outside the UK or EEA. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) or an adequacy decision.

7. Data retention

We retain your personal data for as long as your account is active or as needed to provide services. After account closure, we retain data for up to 7 years to comply with legal and financial obligations, then securely delete or anonymise it. Assessment data may be retained in anonymised, aggregated form for benchmarking purposes indefinitely.

8. Your rights

Under UK GDPR you have the right to: access your personal data; correct inaccurate data; request erasure ('right to be forgotten'); restrict or object to processing; data portability; and withdraw consent at any time. To exercise any of these rights, contact us at [email protected]. You also have the right to lodge a complaint with the ICO at ico.org.uk.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encryption in transit (TLS), access controls, regular security assessments, and staff training. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the platform. The 'Last updated' date at the top of this page indicates when the policy was last revised. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact us

For any privacy-related questions or to exercise your rights, contact our Data Protection team at: [email protected]. Postal address: HSE Benchmark, Data Protection Team, United Kingdom.