Who we are

The Health and Safety Authority (HSA) is the national statutory body with responsibility for ensuring that over 2 million workers (employed and self-employed) and those affected by work activity are protected from work related injury and ill-health. We have developed, the Business electronic Safety Management and Risk assessment Tool, as a free resource to support and educate businesses, employers and employees on health and safety in the workplace.

As part of the management and promotion of we gather personal data through the website, when you contact us by phone, when you email us or attend one of our events. The security of your data is a priority at the Health and Safety Authority and we are committed to respecting your privacy rights.  We will handle your data fairly and legally at all times. We will also be transparent about what data we collect about you and how we use it.  You can see our overall privacy policy on our main website We are registered with the data protection commissioner and our in-house Data Protection Officer is Marie Manning and can be contacted at

This policy applies specifically to and provides you with information about:

  • What personal data we collect
  • How we use your data
  • Who we share your data with
  • How long we hold onto your data for
  • How we ensure your privacy is maintained and
  • Your legal rights relating to your personal data.  


Information that we collect

Information that you give us when you sign up for a account. When you do, we’ll ask for personal information such as;

  • Your name
  • Your email address
  • Your geographical location
  • Your phone number, if you have provided it
  • User status
  • Numbers of employees

Other information we get from your use of include session cookies that we transfer to your computer for the duration of your visit. We use the session cookie to track your progress through the site, allowing us to maintain the security and integrity of the data being used. If you have chosen to disable session cookies on your browser the site will switch to URL redirection, allowing you to use all aspects of this online service.

For general web browsing no personal information is revealed to us, although certain statistical information is available to us through our content management system, google analytics, hotjar and add this. This information includes:

  • The logical address of the server you are using
  • The top level domain name from which you access the Internet (for example, .ie, .com, .org etc.)
  • The number of registered accounts set up
  • The number of people who visit our site as guests
  • The number and types of business safety statements completed (numerical data only)
  • The number of construction stage plans downloaded (numerical data only)
  • Account activation date
  • Name of your internet service provider
  • The website from which you visited us
  • The parts of our site you visit
  • The date and duration of your visit
  • Information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit

Some of the above information is used to create summary statistics that allow us to assess the number of visitors to our site, identify what pages are accessed most frequently and generally, what business type risk assessments are undertaken and users by county. We also use analytics to help us identify ways to improve our site.

How we use your data, as well as being a resource to complete risk assessments and compile a safety statement or construction stage health and safety plan, can be used as an education and guidance tool and the basis for processing data collected as part of the registration purpose is in line with our function to promote education, training and research in the field of health and safety.  All of the personal data we collect from you on this site is collected for the setup of your account so as to;

  • Administer your account
  • Allow you to create and secure your login details
  • Provide you with access to particular tools and services
  • Respond to your enquiries and send you administrative communications
  • Obtain your feedback on our site and the features provided
  • Statistically analysise user behaviour and activity
  • Conduct research and measurement activities
  • Send you personalised emails with information pertaining to, including news, annual email reminders and event information


From time to time we would like to contact you regarding other Health and Safety Authority initiatives, products, services or upcoming events, or to invite you to participate in research in relation to health and safety. If you are consenting to being contacted please tick the ‘Stay informed’ box on the registration page.

All of our promotional emails contain the option to unsubscribe from our mailing list so you will not receive future emails.


Who we share your data with is hosted by our external development partner and they also provide us with technical support. We have an agreement in place with those who process the data on our behalf that they will only process as directed by us and in line with our commitment to you regarding your privacy. We will not share your data with any other third party without your consent.


How long we hold your data for

We will hold your data for as long as we continue to provide the resource that is or until you decide to close your account.

How we ensure your privacy is maintained

Privacy by design will be incorporated into all future updates of and we will review what information that we collect. Up to date security measures have been incorporated into the platform through our service provider Simply Zesty and these will be reviewed on a regular basis to ensure industry best practice.

Their parent company Tibus securely hold the data and are audited to and hold ISO 27001:2013 – Information Security Management Systems. This ISO 27001 certification means they are subject to third party audits at least every 6 months to ensure that they remain compliant against the 27001 standard.  Part of this standard includes their obligation to comply with all customer contractual, legal and regulatory requirements.  As of 25th May 2018 General Data Protection Regulation will become a legal requirement that they must adhere to, and as such will be incorporated into their ISMS, and form part of their regular their party audits for as long as they continue to hold certification to the ISO 27001 standard.

By using a Google product such as Google Analytics is subject to their terms and conditions and how this information is used.  Google are compliant with Data Protection legislation  as per their privacy statement at .

We also use Hotjar analytics and are subject to their Data privacy policy as per and Add This and are subject to their Data privacy policy as per

Your legal rights relating to your data

You have the following rights in relation to data collected on this site:

  • the right to ask what personal data that we hold about you at any time,
  • the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge; and
  • the right to have any personal data about you deleted by deleting your account in its entirety from your account profile page on
  • the right to unsubscribe from any communications from This can be done in your account profile page          

If you wish to exercise any of the above rights, please email your request to our data protection officer Marie Manning at


Copyright Statement

Some of the material featured on this site is subject to Government copyright according to the Copyright and Related Rights Act, 2000. The material may be downloaded to file or printer for personal use only. Where this material is being issued to others, the source (including URL) and copyright status must be acknowledged. The permission to reproduce Government copyright material does not extend to any material on this site that may be the property of a third party. Authorisation to reproduce such material must be obtained from the copyright holders concerned.