Fire Safety Index

Fire Safety Index

Fire Safety Index

Fire Safety Index
Let's make make fire safety & compliance simple

Privacy Policy

Fire Safety Index
firesafetyindex.co.uk • firesafetyindex.org
Last updated November 2025

This Privacy Policy explains how Fire Safety Index (“we”, “us”, “our”), operating under the domain names firesafetyindex.co.uk and firesafetyindex.org, collects, uses, stores, and protects your personal data. It also outlines your rights under the UK General Data Protection Regulation (UK GDPR), the EU GDPR (where applicable), and relevant UK data-protection laws.

For all privacy-related enquiries, contact: privacy@firesafetyindex.org

1. Who We Are

Fire Safety Index provides a register and digital management platform for fire-safety responsibilities within organisations. Our service helps organisations track their premises, record responsible persons, and maintain an up-to-date overview of fire-safety checks and related obligations.

We are based in the United Kingdom, though some of our technical infrastructure is located outside the UK (see International Data Transfers below).

2. Personal Data We Collect

2.1 Data Provided By You or Your Organisation

Depending on how you use the platform, we may collect:

Responsible Person Information (for each premises):

  • Name
  • Role / title
  • Business email address
  • Business phone number
  • Any notes or details added by the user or organisation regarding fire-safety responsibilities

Account & Access Information:

  • Login details
  • Reset codes or security codes for update access
  • Dashboard information associated with your premises

Premises & Compliance Data (non-personal):

  • Premises address
  • Last fire-safety check dates
  • Compliance status
  • Uploaded documents relating to fire safety
  • Notes or updates added by users

2.2 Automatically Collected Data

We collect certain technical and usage information, including:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and interaction logs
  • Internal click tracking and engagement metrics

2.3 Cookies

We use cookies for functionality, analytics, and user experience.
For detailed information, please refer to our Cookie Policy:
https://firesafetyindex.org/cookies

3. How We Use Personal Data

We process personal data for the following purposes:

3.1 Operating the Fire Safety Index Platform

  • Maintaining an accurate register of premises and their responsible persons
  • Allowing organisations to manage their fire-safety information
  • Providing secure access to dashboards and update tools

3.2 Communication

We may contact the organisation (not the individual in a personal capacity) regarding:

  • Reminders about fire-safety responsibilities or deadlines
  • Updates or required actions related to premises compliance
  • Security alerts or account updates

These reminders form part of the service and do not require opt-in, though an organisation or responsible person can opt out at any time.

News updates or non-essential communications sent to individuals as opposed to organisations would require explicit opt-in consent.

3.3 Analytics and Improvements

Using analytics services (such as Google Analytics and Facebook Analytics) to:

  • Understand usage trends
  • Improve functionality and user experience
  • Monitor system performance

3.4 Payments

If your organisation uses any paid features, Stripe processes payment information on our behalf. We do not store full card details.

We may share relevant data with the Health and Safety Executive (HSE) if a violation report or legal obligation requires us to do so.

4. Legal Basis for Processing (UK GDPR & GDPR)

We rely on the following lawful bases:

4.1 Legitimate Interests

Most of our processing is performed under legitimate interests, including:

  • Maintaining fire-safety registers
  • Sending reminders to organisations
  • Ensuring accurate and safe operation of the platform
  • Providing compliance support and tools

Used only where strictly required, such as:

  • Optional news updates
  • Certain analytics or cookies (where applicable)

If we must disclose information to regulatory authorities (e.g., HSE).

4.4 Contractual Necessity

Where processing is necessary to deliver paid or account-bound services.

5. Data Sharing

We may share data with:

5.1 Third-Party Service Providers (Processors)

  • HostGator (USA) – web and email hosting
  • Stripe – payment processing
  • Google Analytics – usage analytics
  • Facebook Analytics – engagement analytics

These providers are bound by data-processing agreements and may only process data on our behalf.

5.2 Regulators

  • Health and Safety Executive (HSE), where legally required or where a violation report is escalated.

We never sell personal data to third parties.

6. International Data Transfers

Although we operate from the UK, our hosting provider (HostGator) is based in the United States. Therefore, some personal data is transferred and stored outside the UK/EU.

We ensure adequate protections through:

  • Standard Contractual Clauses (SCCs)
  • Data-processing agreements
  • Security and access controls provided by HostGator

7. Data Retention

We retain personal data only for as long as it is needed for fire-safety compliance management.

7.1 Responsible Person Data

Personal data is kept:

  • Only while the individual is listed as the responsible person for a given premises
  • Removed when replaced with a new responsible person

7.2 Other Data

Technical logs, analytics data, and non-personal premises information may be retained for operational, improvement, and security purposes.

If a user or organisation deletes their account or requests deletion, we remove personal data except where legally required to retain certain information.

8. Security Measures

We use various measures to protect personal data, including:

  • Secure password-protected dashboards
  • Unique update codes for premises management
  • Encrypted connections (HTTPS)
  • Access controls on hosted infrastructure

While no system is 100% secure, we implement reasonable and proportionate measures to safeguard data.

9. Your Rights Under the UK GDPR

You have the following rights:

  • Right of access – request copies of your data
  • Right to rectification – correct inaccurate or incomplete data
  • Right to deletion – request deletion where appropriate
  • Right to object – object to processing based on legitimate interests
  • Right to restrict processing – in certain circumstances
  • Right to data portability – receive data in an exportable format

Managing Your Data

Most personal data can be updated directly via your dashboard.

If you experience issues or wish to make a formal request: Email privacy@firesafetyindex.org

We may require identification to verify certain requests.

10. Marketing and Communication Preferences

10.1 Reminders

  • Sent by default
  • Treated as communications to the organisation, not the individual
  • Can be opted out of at any time by the organisation or responsible person

10.2 News & Optional Updates

  • Only sent if you explicitly opt in
  • You may withdraw consent at any time

11. Children’s Privacy

Our service is intended for use by organisations and professionals.
We do not knowingly collect personal data from children under 16.

12. Changes to This Privacy Policy

We may update this policy periodically.
The most recent version will always appear on our website.

If significant changes occur, we will notify account-holders or organisations directly.

13. Contact Us

For questions, concerns, or data-protection requests, contact:

Email: privacy@firesafetyindex.org
Website: https://firesafetyindex.org
Domains covered: firesafetyindex.co.uk, firesafetyindex.org

We will respond as promptly as possible under GDPR timelines.