Stanley Handling Ltd – Risk Management Privacy Policy

Privacy Policy

Commitment to Data Protection

Stanley Handling Ltd is dedicated to safeguarding all personal data in its possession, regardless of format or location. We comply fully with applicable data protection laws in all jurisdictions where we operate and regularly review our controls and procedures to ensure ongoing compliance.

Purpose of Data Processing

We provide a range of risk management software, services, and products to organisations and individuals to help identify and manage organisational risks. In delivering these services, we may process personal data on behalf of our clients to support their understanding and mitigation of risk. All personal data collected, recorded, or used by Stanley Handling Ltd is subject to appropriate safeguards to ensure compliance with relevant legislation.

Types of Data Collected

Mandatory data fields stored in our systems include:

  • Unique identifier
  • First name
  • Last name
  • Organisational hierarchy
  • Work email address

Optional data may include:

  • Risk assessment responses
  • Test scores
  • Pain or discomfort levels
  • Driving licence details
  • Virtual assessment session data

Use of Personal Data

Personal data will only be used for the purposes for which it was collected, unless required by law. Data will be retained only for as long as necessary to fulfil those purposes.

Data Sharing

We may share personal data with third parties who assist in delivering services to our clients. These third parties must adhere to strict controls and procedures and accept joint liability with Stanley Handling Ltd for their handling of personal data.

We may share data with:

  • Data centres
  • Risk assessment consultants (e.g. ergonomists, driver trainers, surveyors, personal safety advisors)

Direct Marketing

Stanley Handling Ltd does not share customer data with external companies for marketing purposes. We may contact customers via mail, email, or telephone with information about our products and services, provided consent has been given. Consent may be withdrawn at any time by emailing [email protected] or via our website: https://www.stanleyhandling.co.uk

Lawful Basis for Processing

Our lawful basis for processing personal data is legitimate interest, in accordance with the principles of the UK GDPR and Data Protection Act 2018:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

Your Rights

Under data protection legislation, individuals have the following rights:

  • To be informed
  • To access their data
  • To rectify inaccuracies
  • To request erasure
  • To restrict processing
  • To data portability
  • To object to processing
  • Rights related to automated decision-making and profiling

International Data Transfers

Stanley Handling Ltd complies with the EU-U.S. Data Privacy Framework (DPF) and the UK Extension to the DPF, as certified by the U.S. Department of Commerce. This framework enables lawful transfer of personal data from the EU and UK to the U.S. in accordance with privacy laws.

We remain liable for any misuse of personal data by service providers or agents unless we were not responsible for the event causing the damage. In case of conflict between this policy and the DPF Principles, the DPF Principles shall prevail. Certification details are available at https://www.dataprivacyframework.gov.

Stanley Handling Ltd is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Sensitive Personal Data

We will not use sensitive personal data (e.g. health, ethnicity, political or religious beliefs) for any purpose other than that for which it was collected, unless we have received explicit opt-in consent.

Complaints and Dispute Resolution

We are committed to resolving complaints related to our handling of personal data under the DPF. EU and UK individuals may contact our Data Protection Officer (details below). We also cooperate with the EU Data Protection Authorities (DPAs) and the UK Information Commissioner’s Office (ICO) for unresolved complaints. Binding arbitration may be available under certain conditions.

Contact Details

General Manager
Stanley Handling Ltd Unit 1, Soothouse Spring,St Albans Herts, AL3 6PF

Further information:

  • https://www.ico.org.uk
  • https://ico.org.uk/ESDWebPages/Entry/Z658762X
  • https://www.dataprivacyframework.gov/Program-Overview

Last Reviewed: February 2025