New Hse Privacy Policy


Dear Sir and Madam,

Protecting the personal data of our Customers and Contractors is a priority for us. As the provisions of RODO - the General Data Protection Regulation - came into force on 25 May 2018, we would like to remind you that we hold your personal data in our database.

In connection with the adaptation of the company to the requirements of RODO, we would like to inform you that your personal data is stored in the database of NEW HSE with headquarters in Warsaw, Dereniowa2/98, e-mail:, which is their administrator.

The processed data includes: name, surname, e-mail address, telephone number. Personal data is collected solely for the purpose of correspondence related to the implementation of signed agreements and the implementation of services offered to you. At the same time I would like to inform you that your data is not profiled in any way.

In addition, we process your personal data in order to fulfil our obligations under the law, in particular under the following laws: payment services law, anti-money laundering and anti-terrorist financing law, tax law and competition and consumer protection law.

If required by law, we may require you to provide other data necessary, for example, for accounting or tax purposes. Apart from these cases, the provision of data is voluntary.

How do we have your information?

We received them directly from you, as well as from other sources in accordance with the law. These other sources may be public sources, e.g. KRS registers, CEIDG. In each of the indicated cases, we verify whether we have a legal basis for processing your personal data.

Personal data will not be transferred to other data recipients except for making the data available as part of inspections carried out by authorized bodies. Personal data will be processed until you object to its processing.

We inform you that you have the right to access your data, the possibility to correct them, the right to delete your data, the right to restrict or request the cessation of data processing by contacting us by email: or by regular mail to the following address: NEW HSE 02-776 Warszawa, 2/98 Dereniowa St.

NEW HSE Data Protection Policy

Privacy Policy

Your right to privacy is very important to us and we know that when you give us information about yourself, you trust that we are responsible for it. We are committed to protecting the privacy of individuals who use our services and to maintaining the confidentiality of personal information provided to us by students and clients. We take appropriate technical and organisational security measures to protect the personal data of our customers and those who contact us, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation) from 25 February 2018. This data protection policy statement and other GDPR-related documents set out the basis on which any personal data we collect from you or that you provide to us will be controlled by us. Please read the following carefully to understand our views and practices regarding your personal data and how we treat it.


The purpose of this policy is to ensure that NEW HSE staff, students, volunteer applicants and clients have a clear data protection purpose and policy and to ensure that NEW HSE has guidelines and procedures in place that are consistently followed. Failure to comply with Regulation (EU) 2016/679 (General Data Protection Regulation) from 25 February 2018 is unlawful and may result in legal action being taken against NEW HSE or its employees, volunteers or trustees.


Ustawa o Ochronie Danych 2018r. reguluje przetwarzanie i kontrolowanie informacji dotyczących osób żyjących i możliwych do zidentyfikowania (osoby, których dane dotyczą). Obejmuje to uzyskiwanie, przechowywanie, wykorzystywanie lub ujawnianie takich informacji i obejmuje skomputeryzowane rejestry, a także ręczne systemy archiwizacji i indeksy kart. Użytkownicy danych muszą przestrzegać zasad dobrych praktyk w zakresie ochrony danych, które stanowią podstawę ustawy. Aby zachować zgodność z prawem, informacje muszą być gromadzone i wykorzystywane rzetelnie, bezpiecznie przechowywane i nie wolno ich ujawniać bezprawnie żadnej innej osobie. W celu dostosowania się do GDPR 2018 NEW HSE jako “kontroler”:

  • Arguably, the reliable collection and use of information
  • Fulfills its legal obligation by specifying the purpose for which the information is used
  • Gathers and processes appropriate information needed to meet operational needs or comply with legal requirements
  • Ensures appropriate use of information
  • Ensures that information is kept no longer than necessary
  • Ensures that information is kept no longer than necessary
  •  Has taken appropriate technical and organizational security measures to safeguard personal information
  •  Ensures that personal data is not transferred to a country outside the EU without adequate safeguards and the consent of the individual (data subject)


1. personal information (data subject)

Meaning information about an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.

2. processing

Means an operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. Administrator (NEW HSE)

Means the natural or legal person, public authority, entity or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or Member State law, a controller may also be designated by Union law or Member State law, or specific criteria for its designation may be laid down.

4. Processor (NEBOSH)

Means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

5. third party

Means a natural or legal person, public authority, entity or body other than the data subject, controller, processor or persons who - under the authority of the controller or processor - may process personal data.

6. Consent

Data subject means a freely given, specific, informed and unambiguous indication of the will by which the data subject, either by a statement or by a clear affirmative action, consents to the processing of personal data concerning him or her.

Data protection procedure

The following procedures have been developed to ensure that NEW HSE as a business meets its obligations under Regulation (EU) 2016/679 (General Data Protection Regulation) from 25 February 2018. For the purposes of these procedures, data collected, stored and used by NEW HSE can be divided into two broad categories:

  1. NEW HSE internal data; Staff, faculty, supervisors and volunteers
  2. NEW HSE external company data records; Students, applicants, clients and stakeholders

NEW HSE as a body is the ADMINISTRATOR under the Act (NEBOSH is the PROVIDER) and the Managing Director is ultimately responsible for implementing the policy.

How NEW HSE controls your data if you are a NEBOSH applicant/student

The information provided, required to register or register for a qualification, or NEBOSH assessment is collated by NEW HSE using a formal Booking Form and uploaded to a secure portal. By registering for an examination, you consent to the transfer of your details between NEW HSE and NEBOSH; specifically your name, date of birth, email address, gender and contact details for registration, examination and qualification confirmation purposes. The information shared on the secure portal is available to NEBOSH and NEW HSE and will only be used to provide a professional service. We will retain this information permanently to verify your qualifications or parts passed, but we cannot be responsible for the accuracy of your contact details over time. We may also invite you to complete surveys that we use for research purposes, although response is not mandatory. Surveys will be sent to you once your qualification is complete.

How NEW HSE controls the data if you are a customer (not associated with NEBOSH courses)

NEW HSE obtains personal data from candidates, contractors and clients (such as names, addresses and telephone numbers, date of birth, gender, dietary specification, company details for invoicing purposes). This data is obtained, stored and processed for various projects, the learning process, and examination arrangements. The personal data you provide is only used to send you exam material that is potentially useful, to carry out projects, to contact you, to collaborate with you and to inform you of new NEW HSE developments. We will not pass any information about you or your company to third parties without consent. Most of this information is stored in the company's database.

NEW HSE obtains only the necessary personal data and information for the sole purpose of providing the high quality services specified in the contract and service specifications signed by the candidate, contractors and clients:

  • Applications, complaints and appeals
  • Monitoring of equal opportunities
  • The learning and examination process
  • Distribute relevant study and exam materials, etc.
  • Distribute relevant study and exam materials, etc.
  • Contracts

How NEW HSE controls your data if you are an employee, applicant or volunteer

NEW HSE obtains personal data about its employees (names, addresses, telephone numbers, email addresses), application forms and references, and in some cases other documents from employees, applicants and volunteers. This data is stored and processed for the following purposes:

  • Recruitment
  • Monitoring of equal opportunities
  • Job Control
  • To distribute relevant company materials, etc.
  • Payrolls
  • Contact

Can NEW HSE provide information about a student to his/her employer or financial sponsor?

As the entity responsible for funding a student's education, the relative or formal financial sponsor (organization or individual) often believes it has the right to access information from NEW HSE staff regarding the student. Under these circumstances, the general rule remains that students are private individuals and NEW HSE has no obligation or duty to inform financial sponsors of any aspect of their studies or private data. If the student and formal sponsor have signed an agreement specifying access rights for the sponsor, information may be provided in accordance with that agreement when NEW HSE receives a copy of the signed agreement.

How does NEW HSE process data if you are an employee?

Personal information collected on an employee may be used in the event of negligence or maladministration. Any photo identification collected is stored in a separate secure system accessible only to appropriate members of our company. This data is retained for life unless a lawful basis for retention is identified. This is monitored on a case-by-case basis and interested parties will be informed of the lawful basis for data retention.

How does NEW HSE process your data if you are a visitor to our website?

When someone visits the site we use using third party services to collect standard internet log data and detailed information about user behavior. We do this so that we can measure statistics such as the number of visitors to the site. This information is only processed in a way that does not identify anyone. We will store this information indefinitely for comparison purposes. We do not make, and do not allow anyone to make, attempts to find out the identity of visitors to our site. If we collect personally identifiable information through our website, we will let users know. We will identify when we collect personally identifiable information and clearly explain what we intend to do with it. No user-specific data is collected either by NEW HSE or by any third party.

How does NEW HSE process your data when you email or call?

1. individuals who contact us through our contact numbers

When you call NEW HSE employees, we record your telephone number. We use this number for informational purposes related to NEW HSE endeavors. We do not give your phone number to any third party without your permission, unless you are a NEBOSH student or at the request of legal authorities.

2. those who contact us by e-mail

We monitor all e-mail sent to us, including attachment files, for viruses or malware. We remind you that every email you send is covered by the law.

In the event that we receive inquiries from NEBOSH, we will use the information provided to us only for the purpose of handling the inquiry and subsequent issues and to review our level of service.

In the event that we receive inquiries from NEBOSH, we will use the information provided to us only for the purpose of handling the inquiry and subsequent issues and to review our level of service.

People who make a complaint to NEW HSE

When we receive a complaint, we create a file containing the details of the complaint (see Complaint Log). This will usually include the identity of the complainant and any other persons affected by the complaint. We will only use the personal information we collect to investigate the complaint and check the level of service we provide.

Zwykle musimy ujawnić tożsamość skarżącego, niezależnie od tego, o kogo chodzi. Jest to nieuniknione, gdy na przykład kwestionowana jest dokładność danych osoby. Jeśli osoba składająca skargę nie chce ujawnienia informacji identyfikujących ją, postaramy się to uszanować, jednak nie będzie możliwe rozpatrzenie skargi w sposób anonimowy (nie dotyczy to informowania o nieprawidłowościach). Będziemy przechowywać dane osobowe zawarte w plikach skarg nie dłużej, niż jest to potrzebne. Będą przechowywane w bezpiecznym środowisku, a dostęp do nich będzie ograniczony zgodnie z zasadą “potrzebnej wiedzy”.

How does NEW HSE control data about potential employees? What do we do with the information you give us?

Any information you provide during the recruitment process will only be used for the purposes of further investigation, or where necessary to meet legal or regulatory requirements. We do not share any information you provide with third parties for marketing purposes, nor do we store any of your data outside the European Economic Area. The information you provide will be stored securely by us and/or our data processors, whether the information is in electronic or physical format. We will use the contact information you provide to contact you to process your request. We will use other information you provide to assess your suitability for the role you are applying for.

Rights of persons providing personal data

Data subjects have the rights provided for in the Regulation (Articles 15 to 21) with respect to the processing provided for therein, including the right to:

  • Obtain confirmation of the existence of personal data concerning him/her and gain access to it (right of access); Update, modify and/or rectify his/her personal data (right of rectification);
  • Erasure or restriction of processing of personal data whose processing is unlawful, including those that are no longer necessary in relation to the purposes for which they were collected or otherwise processed (right to be forgotten and right to restriction of processing);
  • To object to processing (right to object;
  • Withdraw previously given consent, if any, without prejudice to the lawfulness of the processing based on that consent;
  • File a complaint with the local EU data protection authority or with the data protection authority in Poland if they consider that the company has used their information in an unlawful manner;
  • Receive a copy in electronic form of their data that has been provided to the Company under the contract and transfer such data to another controller (right to data portability).  

What information do we ask for and why?

We do not collect more information than we need to fulfill our stated purposes. We will retain this information until your application is complete. The information we ask for is used to assess your suitability for the job. You do not have to provide the information we ask for, but it may affect your application if you do not comply.

How else does NEW HSE use information about me?

Od czasu do czasu NEW HSE będzie wysyłać e-maile marketingowe do klientów, aby byli na bieżąco z najnowszymi wiadomościami. Obejmuje to zaproszenia na wydarzenia, biuletyny, aktualizacje kwalifikacji, ankiety na temat dalszych wydarzeń i produktów oraz miejsce, w którym wyraziłeś zgodę na kontakt z NEW HSE. Zapewniamy klientom możliwość zrezygnowania z otrzymywania dalszych informacji marketingowych w miejscu, w którym wymagane są dane osobowe na etapie “Kontakt”. Klienci mogą również zrezygnować z otrzymywania przyszłych wiadomości ankietowych, kontaktując się z nami. Prośby o usunięcie będą rozpatrywane w ciągu 28 dni.

Personal information found on the Internet

To ensure full compliance with the General Data Protection Regulation NEW HSE will not use any personal information held in the public domain. Only information collected by NEW HSE will be used for marketing purposes after receiving your consent.

How and where does NEW HSE securely store your personal information?

We will take all necessary steps to ensure that your information is handled securely and in accordance with policy. We are committed to the security of your information and have security procedures in place to protect against the loss, misuse or alteration of information under our control. Access to our database is restricted internally. All information you provide to us is stored on our secure computers and servers. Unfortunately, the transmission of information over the Internet is not completely secure. While we will do our best to protect your personal information, we cannot guarantee the security of data transmitted to our site; any transmission is at your own risk. Once we receive your information, we will use strict procedures and safeguards to prevent unauthorized access. We ask students and clients to take steps to ensure the protection of their own data related to the NEBOSH course or their association with NEW HSE.

Data transfer outside the EEA

NEW HSE will not export any personal data to any country outside the European Economic Area, unless it is obvious and necessary in the circumstances and/or without the prior written consent of the data subject.

Transfer of data to third parties

Where a third party organization has a contract to dispose of, process or delete personal data on behalf of NEW HSE, we will confirm that they agree to comply with the General Data Protection Regulation.

When will NEW HSE share your data?

Protecting your privacy is very important to us and we will only disclose information about you to a third party when we have your consent or are legally required to do so.

What are the instances in which NEW HSE may disclose your personal information to third parties?

If NEW HSE is acquired by a third party, in which case personal information held by NEW HSE about its customers will be part of the transferred assets.

 We have a duty to disclose or share your personal information to comply with any legal obligation or to enforce or apply our terms of use to them and other agreements; or to protect the rights, property or safety of NEW HSE, our customers or others. This includes sharing information with other companies and organizations for fraud protection and risk reduction purposes.

Right to object to processing

Individuals have the right to request that NEW HSE stop processing / controlling their information (section 10 of the GDPR). It is NEW HSE's responsibility to remove individual information from any processing / control of their data, such as marketing activities. All requests to stop processing are considered on a case by case basis.

Right of access to data

Under the GDPR, all individuals have the right to request a copy of personal data held both manually and electronically. Individuals who request information, if NEW HSE holds it, may do so by submitting a written request. Please send your electronic request to or request in paper form to the address NEW HSE ul. Dereniowa 2/98, 02-776 Warszawa, which will be fulfilled within 30 calendar days of receipt.

You also have the right of access to your data and the right to rectify, erase and withdraw your consent at any time without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.

If you find that we are processing/controlling your data in an unlawful manner, you can file a complaint with the data protection supervisory authority.

NEBOSH information for students

Exam papers are exempt from requests for access. NEBOSH's policy is consistent with GDPR, under which contracting authorities are not legally required to provide access to exam papers. Subject access requests do not include reprints of unit certificates and mailings. To request reprints of these documents, please refer to the NEBOSH Policy on Candidate Certificates, including revisions and reissues.


Contact information for staff and volunteers will be shared with other staff and management. Information is provided in a secure paper-based, electronic system and is only available to those involved in providing the service and is not accessible during the daily operations of the training center.

Contact details of employees and candidates will not be passed to anyone outside the company without their express consent, excluding statutory bodies or NEBOSH for marketing and examination purposes only.

As for clients other than NEBOSH students, NEW HSE will not share data with third parties, and will only use the data for various NEW HSE projects, contact, NEW HSE marketing information, storage and issuance of certificates. A copy of emergency personnel and candidate contact information will be kept in an emergency file for health and safety purposes in emergency situations such as fire or evacuations.

All confidential posts must be opened only by the addressee.

All employees and candidates are aware of the Data Protection Policy and their obligation not to disclose to anyone.

Precision in action

NEW HSE will take reasonable steps to keep personal data up to date and accurate. Personal data will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. In the event that a person ceases to use our services and there is no need to retain records about that person, they will be destroyed accordingly. Unless our company is specifically requested by an individual to destroy their data, it will normally be kept on file for future reference. If we receive a request from an organization/individual to destroy records, we will remove the data from the database and ask all employees with paper or electronic records in the training center to destroy them. The Executive Director is responsible for the destruction of personnel records.


Personal information is stored on paper systems and a password protected computer system. Every effort is made to keep paper data in an organized and secure manner. NEW HSE always has a clear office policy. Personal data will be kept in a form that allows identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. Such records must be made available to regulatory authorities or upon request to NEBOSH.

Use of photos

If possible, NEW HSE will seek consent from individuals before displaying photos in which they appear. If this is not possible (for example, a large group photo), the company will remove any photo if it receives a complaint. This policy also applies to photos published on the NEW HSE website.


Personal data is collected in writing, for example by email or by signing a written consent (see Appendix: 3.1 Data protection and confidentiality statement). During the initial contact, the data owner is given an explanation of how the personal data will be used, shared and protected from misuse.

Responsibilities of employees, volunteers and students

In the course of their duties, NEW HSE employees, including examiners and supervisors, will have access to information such as names / addresses / phone numbers / email addresses of members / candidates / volunteers. They may be informed or hear confidential information while working for NEW HSE. The Data Protection Act (2018) provides detailed guidance on how to handle this information. In short, to comply with the law, personal information must be collected and used fairly, stored securely and not disclosed unlawfully to any other person. Employees, paid or unpaid, must follow these rules. To assist staff in complying with the Data Protection Act; a Data Protection / Confidentiality Statement is attached. Staff and volunteers are asked to read and sign this statement to confirm that they have understood their responsibilities within the work integration agenda.

Compliance with the Act

Compliance with the Act is the responsibility of all employees, paid or unpaid. NEW HSE will consider any unlawful violation of any provision of the Act by employees, paid or unpaid, to be a serious matter that will result in disciplinary action. Any employee who violates this statement will be subject to disciplinary action which may result in dismissal. Any such violation may also lead to legal action against NEW HSE. Any questions or concerns regarding the interpretation or operation of this policy statement should be referred in the first instance to the Managing Director.

If you have any privacy concerns regarding NEW HSE, please contact us for assistance: