Skip to content

Privacy Policy

Effective date: 8 October 2025

This notice explains what we collect, why we collect it, how long we keep it, and the choices you have. It applies to Dragon Fire and Water LTD trading as Dragon Fire and Safety and the website dragon-safety.co.uk.

At a glance

Legal entity: Dragon Fire and Water LTD (t/a Dragon Fire and Safety)
Registered office: 105 Ffordd Cambria, Pontarddulais, Swansea, SA4 8AB, United Kingdom
Company number: 13578845
Contact (Data Protection Lead): privacy@dragon-safety.co.uk

What we collect

Identity & contact: name, role, company, email, phone, address, preferences.

Professional: CV, qualifications/certifications, training records, right‑to‑work, references.

Operational & safety: risk assessments, briefing attendance, incident/near‑miss reports, permits, competence logs.

Special category (limited): health/medical info strictly required for H&S, incident response, fitness to work, accommodations, or insurance.

Financial/transactional: invoicing details; card data processed by payment providers.

Technical: IP, device/browser, time zone, cookie IDs, usage analytics.

Communications: emails/messages, support queries, call notes.

CCTV & site access: where visiting our premises.

Special category data – legal conditions

We rely on UK GDPR Article 9 conditions such as (2)(b) employment/social protection (including H&S), (2)(h) occupational health, (2)(c) vital interests, and (2)(f) legal claims. Where required by the Data Protection Act 2018, we maintain an Appropriate Policy Document (APD).

How we use your data & lawful bases

Purpose
Examples – Lawful basis

Client relationship
Enquiries, proposals, contracts, billing – Contract; Legitimate interests

Delivering H&S services
Risk assessments, on‑set supervision, incident management – Contract; Legitimate interests; Legal obligation

Training & accreditation
Enrolment, attendance, assessment, certification – Contract; Legitimate interests

Legal & regulatory
Insurance, audits, HSE/RIDDOR recordkeeping – Legal obligation

Marketing (B2B)
Updates, event invites – Legitimate interests with opt‑out; Consent where required

Recruitment
Applications, interviews, checks – Contract; Legitimate interests; Legal obligation

Website & analytics
Security, performance, usage metrics – Legitimate interests; Consent (non‑essential cookies)

Sharing your data

We share only where necessary and under safeguards with: client production companies/studios; accreditation/training partners; insurers, legal advisors, auditors, and regulators (e.g., HSE); technology/cloud providers (hosting, email, analytics, document management, e‑signature, finance); payment processors/banks; and vetted subcontractors/specialists. We do not sell personal data.

International transfers

We use lawful transfer tools such as UK adequacy regulations, the UK IDTA or the UK Addendum to EU SCCs, plus appropriate technical/organisational measures (e.g., encryption).

Cookies
Our site uses necessary cookies and may use analytics/preferences cookies. We seek consent for non‑essential cookies. See our Cookie Policy and manage settings via your browser or our cookie banner.

How long we keep data

General enquiries/web forms: up to 24 months.

Client/project & safety records: project end + 7 years (or longer if required).

Incident/accident (incl. RIDDOR): as required by law.

Training records/certificates: up to 7 years (or per accreditor rules).

Recruitment (unsuccessful): up to 12 months.

When no longer needed, we securely delete or anonymise.

Security

We apply layered security: role‑based access, encryption in transit/at rest where feasible, secure configuration, supplier due diligence, staff training, incident response, and regular reviews.

No system is 100% secure; we continuously improve.

Your rights

Access your data (subject access request).

Rectify inaccuracies

Erase data (right to be forgotten).

Restrict processing in certain cases.

Object to processing based on legitimate interests or to direct marketing.

Data portability (where applicable).

Withdraw consent where processing is based on consent.

You may complain to the Information Commissioner’s Office (ICO) at ico.org.uk or 0303 123 1113. Please contact us first so we can resolve issues quickly.

Recruitment

We process application data to assess suitability and comply with law (e.g., right‑to‑work). We may use third‑party tools or screening providers where lawful and proportionate.

Children & young persons

Our website is not directed at children. Where productions or training involve under‑18s, we process only what’s necessary for safety, safeguarding and compliance, with appropriate consent and safeguards.

Controller vs Processor

Controller: Our website, marketing, HR/recruitment, supplier management, training admin (unless stated otherwise).
Processor: Some safety services are delivered under client instructions. In those cases, the client is Controller; we process under contract and implement appropriate safeguards.

Third‑party links

External sites or plug‑ins have their own privacy notices. Review them before providing data.

Contact us

Data Protection Lead
privacy@dragon-safety.co.uk
Dragon Fire and Water LTD (t/a Dragon Fire and Safety)
105 Ffordd Cambria, Pontarddulais, Swansea, SA4 8AB, United Kingdom

Changes to this notice

We may update this notice. The latest version is posted on our website with the effective date above.

© Dragon Fire and Water LTD (t/a Dragon Fire and Safety). All rights reserved.