Opus Compliance Cloud: Privacy Policy

This privacy notice for Opus Safety LTD ("Company," "we," "us," or "our") describes how and why we collect, store, use, and/or share ("process") your information when you use Opus Compliance Cloud ("Services"), such as when you:.

  • Use Opus Compliance Cloud for compliance management, health and safety monitoring, asset management, or other related services.
  • Submit personal or sensitive data, including health surveillance records and accident reports, via the Opus Compliance Cloud platform.
  • Engage with our customer support, integrations, or other features of Opus Compliance Cloud.

This privacy policy covers cloud.opus-safety.co.uk, the domain for Opus Compliance Cloud. The website www.opus-safety.co.uk is not covered under this privacy policy. This can be found at www.opus-safety.co.uk/privacy-policy.

1. What information do we collect?

Personal Data Provided to Us

We collect personal data that users voluntarily provide when using Opus Compliance Cloud and information that your employees provide, including but not limited to:

  • Identification Information: Name, email address, organisation details, job role.
  • Contact Information: Email address.
  • Health & Safety Information, Including special category data: Health surveillance data, accident reports, risk assessments, and other compliance-related records.

Data Automatically Collected

  • Device and Usage Information: IP address, browser details, device characteristics, operating system, and platform usage analytics.

2. Why do we process your information?

Under the UK General Data Protection Regulation (UK GDPR), we process your information based on the following lawful bases:

Performance of a Contract:
Processing may be necessary to fulfil a contract to which the data subject (employee) is a party, such as a contractual requirement for health surveillance.
Legitimate Interest:
Where it is necessary to ensure workplace safety
Legal Obligation:
To meet compliance and statutory reporting requirements.
Vital Interest:
To protect an individual’s safety or comply with workplace safety regulations when the data subject is physically or legally unable to give consent or when there's an urgent need to use the data for medical care.

3. Sharing your personal information

We will only share personal data in these specific circumstances, or circumstances of an equitable nature, such as:

  • With your employer, management chain or organisation for compliance and reporting purposes.
  • With regulators, authorities or Opus Consultants when legally required for occupational health and safety compliance.
  • With appointed legal advisors, where necessary, for the provision of legal services.
  • For business transactions, such as mergers or acquisitions, where data transfer is necessary.

All third-party access is governed by strict contracts ensuring data protection and security.

Law Enforcement Requests

We will attempt to redirect the third party to obtain the requested data from yourselves. We will promptly notify you of any third-party request, and give you a copy unless we are legally prohibited from doing so. For valid requests that we are not able to redirect to you, we will disclose information only when we are legally compelled to do so, and we always make sure that we provide only the data specified in the legal order.

4. Security measures in place

We implement industry-standard security measures to protect personal data, including:

Encryption:
All data is encrypted in transit and at rest.
Access Controls:
Role-based permissions and multi-factor authentication (MFA) to restrict unauthorised access.
Audit & Monitoring:
Continuous logging and system monitoring to detect threats and anomalies.
Data Minimisation:
Collecting only necessary data and enforcing retention policies.

All Opus Compliance Cloud data is held within the EU.

More details on our security measures are available in our Knowledge Base.

5. How long do we keep your data?

We retain personal data only for as long as necessary for:

  • Compliance with legal and regulatory requirements.
  • Maintaining historical records for safety and compliance auditing.
  • Providing ongoing services and support.

When data is no longer needed, it is securely deleted.

6. Your privacy rights

You have certain rights regarding your data, including:

Access & Correction:
Request a copy of your data and correct any inaccuracies.
Erasure:
Request deletion of your personal data where applicable.
Restriction & Objection:
Limit how your data is processed.
Data Portability:
Obtain a copy of your data in a standard format.

To exercise these rights, contact us at hello@opus-safety.co.uk. We will comply with current law in regards to our response time.

7. Cookies and tracking technologies

Cookies are only used to provide functionality required to operate the site, such as being able to sign in and staying signed in. No cookies are used for any other purpose. No tracking technology is used.

8. Updates to this privacy notice

We may update this privacy notice periodically to reflect regulatory changes or enhancements to Opus Compliance Cloud. The latest version will always be available on Opus Compliance Cloud at https://cloud.opus-safety.co.uk/privacy.

9. How to contact us

For any privacy-related questions or data requests, contact us at:

Opus Safety LTD
Aspen House, Central Boulevard, Blythe Valley Park, Solihull, Warwickshire, B90 8AJ
hello@opus-safety.co.uk

You also have the right to contact the Information Commissioner’s Office, the independent body overseeing data compliance www.ico.org.uk.