At Madrigal-OS LLP, we believe that the trust and confidence of our customers is of utmost importance, and always strive to provide clear and open advice.  

This Privacy Statement is intended to provide you with confidence that on the rare occasions that we collect and process personal information, that it is stored used and processed safely and responsibly, and that we do not retain or use personal data other than for the purpose for which it was collected.

Typically, the only occasions when we would hold personal data would be at the specific request of our clients (the data controller) and their employees and would only be held with their permission and understanding of why it was being collected, processed or stored. 

Data would be collected or processed under one or more of the following lawful bases for processing as set out in Article 6 of the GDPR:

Consent: the individual has given clear consent for us to process their personal data for a specific purpose, typically for training purposes or developing risk assessments to support an individual at work.

Legal obligation: the processing is necessary for our client to comply with health & safety law, specifically the Management of Health & Safety Regulations 1999 in relation to providing health & safety training, or risk assessments relating to individuals or groups of people at work. Even in these instances, the active participation and consent of the individual involved will still be appropriately sought.

The specific nature of the data being processed will depend upon the specific health, safety and welfare issues affecting, or relevant to the individual, but typically would include (although not limited to):

Data collected for accident reporting and investigation as required by the RIDDOR Regulations 2013.

Data collected to complete a risk assessment for a person with a health issue, or who is pregnant in order to assess and control the risks to their health, safety and welfare in the workplace, as required by the Management of Health & Safety Regulations 1999.

Where possible, Madrigal would prefer that conversations where personal data may be involved are undertaken, and subsequent work completed at a client’s premises, removing the need for Madrigal to process or store the information, unless it is with the explicit consent of the individual involved.

Retention of data is in line with legal requirements set out by the legislation above, and Madrigal will retain this data on behalf of clients unless instructed by the client or the individual to delete or return it.

Madrigal-OS LLP do not collect or store cookies, we do not engage any third-party organisations to monitor who uses our website, and we do not share your data with any other organisations under any circumstances, other than those stated above.

If you wish you enquire about your personal data which Madrigal-OS may have processed, please contact matclark@madrigal-os.co.uk