USAGE, TYPE, LOCATION, AND RETENTION OF DATA

Last updated: 25/05/2018

COMMERCIAL DATA

  • Legal entities: company name, VAT number, phone number, email, address, website, number of employees/revenue.
  • Individuals: first name, last name, job title, phone number, mobile number, email.

LOCATION

Data is stored and processed on Amazon Web Services (AWS) at the data center in Ireland (EU).
Other data processors: Hubspot.

RETENTION PERIOD

  • Legal entities: up to a maximum of 24 months from the last interaction.
  • Individuals: up to a maximum of 12 months from the last interaction.

DATA FOR SERVICE PROVISION

  1. ACCOUNT DATA:

    Access: email
    We collect data during registration on the website www.4hse.com or when a user is added/invited to a project, to allow the client to access the platform, receive operational notifications, and technical support.

    LOCATION
    Data is stored and processed on Amazon Web Services (AWS) at the data center in Ireland (EU).

    RETENTION PERIOD
    As this data is tied to the certification of operations performed by the user, including for third parties, it is not deleted before 10 years.

PAYMENTS

BILLING DATA
Client data on 4HSE: company name, VAT number, tax code, address, phone, city, postal code, province, country.

LOCATION
Data is stored and processed on Amazon Web Services (AWS) at the data center in Ireland (EU).
Other data processors: Chargebee.

RETENTION PERIOD
Invoices and tax documents: according to applicable regulations.

CREDIT CARD DATA
Credit card data is collected if chosen as the payment method.

LOCATION
Stored by other data processors: Chargebee, Stripe.

RETENTION PERIOD
Duration of service provision.

USER RIGHTS

Users may exercise certain rights regarding their Data processed by the Data Controller.
In particular, the User has the right to:

  • Withdraw consent at any time. The User can withdraw consent to the processing of their Personal Data previously given.
  • Object to data processing. The User can object to the processing of their Data when it is carried out on a legal basis other than consent.
  • Access their Data. The User has the right to obtain information about the Data processed by the Data Controller, on certain aspects of the processing, and to receive a copy of the Data processed.
  • Verify and request rectification. The User can verify the accuracy of their Data and request its update or correction.
  • Obtain restriction of processing. When certain conditions are met, the User can request the restriction of the processing of their Data. In this case, the Data Controller will not process the Data for any purpose other than their storage.
  • Obtain deletion or removal of their Personal Data. When certain conditions are met, the User can request the deletion of their Data by the Data Controller.
  • Receive their Data or have it transferred to another controller. The User has the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transferred to another controller without hindrance. This provision is applicable when the Data is processed by automated means and the processing is based on the User’s consent, on a contract of which the User is a part, or on contractual measures related to it.
  • Lodge a complaint. The User can lodge a complaint with the competent data protection authority or take legal action.

HOW TO EXERCISE RIGHTS

You can exercise the above rights by writing to: info[@]4hse.com

To stop receiving our newsletter or commercial emails, follow the unsubscribe instructions included in the emails sent, or contact: info[@]4hse.com.

To request the complete deletion of a project, send a request to: support[@]4hse.com.

4HSE AS A PROCESSOR

In providing the service, 4HSE acts as a processor of the Data for which the client is the controller.

  • The controller determines the purposes of the Data processing.
  • The processor processes the Data on behalf of the controller.

Example
Mr. Rossi is the “Data Subject” and is an employee of ABC Spa, which uses the 4HSE platform to manage workplace safety.
ABC Spa (the client) is therefore the “controller”: the owner of its employees’ Data.
4HSE Srl is the “processor”, responsible for processing the Data on behalf of ABC Spa.
4HSE will never actively collect Mr. Rossi’s Data, which remains under the ownership of ABC Spa.

DATA PROCESSING

Data is stored and processed on Amazon Web Services (AWS) at the data center in Ireland (EU).

  • The controller can access their data throughout the duration of the active contract.
  • The controller can modify and/or delete the Data independently. 4HSE’s backup policies have a retention period of 90 days: the data prior to modification and/or deletion will remain in our backups for this period.
  • The data for which the client is the controller is handled with the utmost care, as outlined in the Terms and Conditions of Service.

ADDITIONAL INFORMATION ON PROCESSING

The User’s Personal Data may be used by the Data Controller in court or in the stages leading to possible legal action arising from improper use of 4HSE Srl or related Services by the User.

The User declares to be aware that the Data Controller may be required to disclose the Data upon request of public authorities.

SPECIFIC INFORMATION

Upon the User’s request, in addition to the information contained in this Privacy Policy, 4HSE Srl may provide the User with additional and contextual information regarding specific Services or the collection and processing of Personal Data.

SYSTEM LOGS AND MAINTENANCE

For operational and maintenance purposes, 4HSE Srl and any third-party services it uses may collect system logs, i.e., files that record interactions and may also contain Personal Data, such as the User’s IP address.

INFORMATION NOT CONTAINED IN THIS POLICY

Further information regarding the processing of Personal Data can be requested at any time from the Data Controller using the contact details provided.

CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to make changes to this Privacy Policy at any time by notifying Users on this page or, where technically and legally feasible, by sending a notification to Users via any contact information available to the Data Controller. Please consult this page regularly, referring to the date of the last modification.

If the changes affect processing activities based on the User’s consent, the Data Controller will collect new consent from the User, if necessary.