Information on processing of personal data

Last modification: 25/05/2018

POLICY FOR COLLECTION AND PROCESSING OF PERSONAL DATA

The present document is in compliance with the European General Data Protection Regulation (“GDPR” 2016/679), which entered into vigour on 25th May 2018.
The regulation introduces clearer rules regarding IT and consensus, defines the limits of automatic processing of personal data, provides a basis for exercising new rights, establishes rigorous criteria for the transferal of data out of the EU and cases of data breach or personal data violations.

PROPRIETOR OF DATA PROCESSING

4HSE S.r.l. Viale del Lavoro 45, 37036 San Martino Buon Albergo (VR)
Email: info@4hse.com

DATA PROCESSING METHODS

The data collected is processed with IT tools.

Appropriate security measures are in place to prevent loss of data, illicit use and incorrect or unauthorised access to data.

Other than the company proprietor, in some cases, external bodies may have access to the data (third party technical service suppliers, hosting providers, IT companies, communication agencies), which are named when necessary as Responsible for Data Processing on behalf of the Proprietor. The updated list of these figures can be requested from the Data Processing Proprietor.

DATA COLLECTION METHODS

  1. Navigation data
    E.g. the user visits the 4HSE website.
    The IT systems and software procedures acquire some Personal Data during normal procedures so as to be able to function correctly. This data is transmitted implicitly for use in internet communication protocols.
    Such information, due to its nature, could, through association and processing with data held by third parties, permit the identification of users or visitors (e.g. IP address, domain names of computers used by visitors who connect to the site).
    This data is only used for statistical information or for checking that the website is functioning correctly (and is therefore anonymous). No data deriving from the web service will be communicated or diffused.
  2. Data provided voluntarily by users/visitors
    e.g. The user fills in a form published by 4HSE, and sends an email to 4HSE.
    The provision of data is optional and aimed at the use of the service.
    Failure to provide this data may in fact result in the inability to access certain services (such as Demos or Trials) or documents, as well as not receiving the company newsletter. The data provided will be processed by 4HSE S.r.l. exclusively with the methods and procedures necessary to provide the requested services.

USE, TYPE, LOCATION AND CONSERVATION OF DATA

COMMERCIAL DATA
  • Judicial person: company name, VAT number, telephone number, e-mail, postal address, web site, number of employees, turnover.
  • Physical person: name, surname, mansion, telephone number, mobile phone number, e-mail.
    LOCATION

    The data is saved and processed on Amazon Web Services (AWS) on their server farm in Ireland (EU).
    Other figures responsible for data processing (processor): Hubspot.

    PERIOD OF CONSERVATION
    • Judicial person: up to a maximum of 24 months from the last interaction.
    • Physical person: up to a maximum of 12 months from the last interaction.
DATA FOR SERVICE DELIVERY
  1. ACCOUNT DATA:
  2. Access: email
    We collect the data during registration on the www.4hse.com website or when a user is added or invited to a project, to give the customer the opportunity to access the platform, receive operational notifications and technical support.
    LOCATION
    The data is saved and processed on Amazon Web Services (AWS) on their server farm in Ireland (EU).
    PERIOD OF CONSERVATION
    As the data is related to the certification of operations, performed by the user including those against third parties, it is not deleted for 10 years.

  3. PAYMENT

    INVOICE DATA
    Client data on 4HSE: company name, VAT number, fiscal code, address, telephone, city, post code, province, country.
    LOCATION
    The data is saved and processed on Amazon Web Services (AWS) on their server farm in Ireland.
    Other figures responsible for data processing: Chargebee.
    PERIOD OF CONSERVATION
    Invoices and fiscal documents: in accordance with current legislation.

    CREDIT CARD DATA
    The credit card details are collected if that is the payment method chosen.
    LOCATION
    Other Data Processors: Chargebee, Stripe.
    PERIOD OF CONSERVATION
    For the duration of the delivery of the service.

USER RIGHTS

The Users can exercise certain rights in reference to the data processed by the Proprietor.
In particular, the User has the right to:

  • Revoke consensus at any time. The User can revoke previously expressed consensus for processing of their personal data.
  • Oppose their data being processed. The User can oppose their data being processed when there is a legal basis due to a difference in consent.
  • Access their data. The User has the right to obtain information regarding the data processed by the Proprietor, information about certain aspects of processing and to receive a copy of the data processed.
  • Check and correct. The user can check the accuracy of their data and request that the information is corrected and updated.
  • Obtain the process limitations In certain conditions, the User may request that the processing of their data is limited. In this case the Proprietor will not process the Data for any other purpose other than conservation.
  • Obtain the cancellation or removal of their personal data. In certain conditions, the User may request that their data is cancelled by the Data Proprietor.
  • Receive their data and transfer it to another data controller. The User has the right to receive their data in a commonly used structured format, which can be read by an automatic device. As well as this, where possible, to obtain the unobstructed transfer to another holder. This provision is applicable when the Data is processed with automated tools and the processing is based on the User’s consent, on a contract of which the User is a party or on contractual measures connected to it.
  • Complain. The User has the right to complain to the Data Protection Authorities or take legal action.

HOW TO EXERCISE YOUR RIGHTS

It is possible to exercise the above rights by writing to: info@4hse.com

To block reception of our newsletter or commercial emails, follow the instructions to cancel included in the emails sent, or contact the email address: info@4hse.com.

To request the cancelation of a whole project it is necessary to send a request via email to: support@4hse.com.

WHAT ARE COOKIES

Cookies are small text files that are stored on computers, mobile phones and other devices used to browse the internet. With cookies it is possible to memorize and save information regarding the user’s navigation and preferences, which helps to improve the browsing experience. It is therefore easy to understand the importance of cookies.

Being able to evaluate the effectiveness of usability in various areas of our site allows us to analyse user behaviour and consequently contribute to improving the service offered.

If you wish to disable the use of cookies, simply change the settings on your computer and the browser used for navigation.

There are several types of cookies which can be summarised as follows:

Technical cookies

They are used strictly when necessary to ensure easy navigation for users, they enable the storage of some data such as login credentials. They are not used for other purposes. Cookies in this category include:

  • Navigation or session cookies: they are used to guarantee the correct functioning of the site. If disabled, some parts of the site may not work properly.
  • Analytical cookies: they are used to collect information on the number of users and how they visit the site. All information is collected anonymously.
  • Functional cookies: allow the user a functional navigation based on the selected criteria (such as language). The purpose is to offer an optimal service.

Profiling cookies

They are designed to create user profiles and are used to send commercial offers or advertising messages consistent with the preferences expressed by the user in the context of surfing the net. As established by Italian and European regulations, in the presence of these cookies the user will be asked to provide prior consent.

Third party cookies

Our website may allow the use of third-party cookies, for which we do not have direct control and we are therefore not involved in the management of these cookies, because they are set by third parties.

4HSE Cookies

Google Analytics
We use Analytics to understand how the 4HSE site is used so as to try and improve the user experience step by step. The data is collected anonymously. For further details consult: Privacy policy.
Google Adwords
These cookies help us to optimize our budget for advertising and in particular for paid searches and re-marketing, showing the most relevant content to User searches. You can find all the information about the ways in which Google uses cookies for advertising at this link: Privacy policy.
You can choose to disable these cookies from this link: Opt out.
Doubleclick
We use remarketing codes to activate targeted advertising for specific users, based on the pages they have viewed. To disable these cookies, follow the instructions in this link: Opt out
Albacross
To collect general (non-personal) and public data on companies that visit our site, for statistical and commercial purposes. For more information: Privacy policy.
Hubspot
To collect general (non-personal) and public data on companies that visit our site, for statistical and commercial purposes. For more information: Privacy policy.
Facebook Advertising
We use the conversion tracking of Facebook Ads and Facebook Remarketing, statistic services provided by Facebook, Inc. that connects data from the Facebook ad network with the actions performed within the application. For more details: Privacy policy.
Twitter Advertising
We use the conversion of Twitter Ads and Twitter Remarketing, statistic services provided by Twitter, Inc. that connects data from the Twitter ad network with the actions performed within the application. For more details:Privacy policy.
Linkedin Advertising
We use the conversion tracking of Linkedin Ads, a statistics service provided by Linkedin, Inc. that connects data from the Linkedin ad network with the actions performed within the application. For more details: Privacy policy.

To complete and support the information above, we also provide the following links:

Facebook: https://www.facebook.com/help/cookies/
Twitter: https://support.twitter.com/articles/20170514
Linkedin: https://www.linkedin.com/legal/cookie-policy
Google e You tube: http://www.google.com/policies/privacy/

To enable or disable cookies, in addition to the tools provided by the different browsers, users wishing to find out more or intervene on configuration, should visit the site: http://www.youronlinechoices.com

To complete the information provided, links can be found below to enable or disable the cookies for some of the main browsers:

Google Chrome
Enable/disable cookies
Mozilla Firefox
Enable/disable cookies
Internet explorer
Enable/disable cookies
Apple Safari
Enable/disable cookies
Opera
Enable/disable cookies

4HSE AS PROCESSOR

In the provision of the service, 4HSE is intended as the Processor (responsible for processing) of the data and the customer is the Controller (data controller).

  • The Controller is who decides the purpose of the data processing.
  • The Processor is who carries out the data processing on behalf of the Controller.

Example
Mr.Rossi is the “subject of the data” and he is an employee of the company ABC S.pA. which uses the 4HSE platform for safety in the workplace.
ABC SpA. (client) is therefore the “controller”: Proprietor of its employees’ data.
4HSE Srl is the “Processor”, which is responsible for the data processing on behalf of ABC S.p.A.
4HSE therefore never actively collects Mr.Rossi’s data, the Proprietor is always ABC S.p.A..

DATA PROCESSING

The data is saved and processed on Amazon Web Services (AWS) on their server farm in Ireland (EU).

  • The Controller can access their data throughout the period in which the contract is active.
  • The Controller can modify and/or cancel data in complete autonomy. 4HSE’s backup policy is a conservation period of 90 days: the data modified and/or cancelled therefore stays in our backup for that period.
  • The data managed by the Controller is handled with maximum care, as described in the Terms and Conditions of the Service.

FURTHER INFORMATION ON PROCESSING

LEGAL DEFENCE

The User’s personal data can be used by the Proprietor in legal cases or in preparation for the establishment of such a case, concerning abuse during the use of 4HSE S.r.l or connected services by the User.

The User declares to be aware that the Proprietor could be obliged to disclose data upon orders from the public authorities.

SPECIFIC INFORMATION

At the request of the User, in addition to the information contained in this Privacy Policy, 4HSE S.r.l. may provide the User with additional and contextual information regarding specific services, or the collection and processing of personal data.

SYSTEM LOG AND MAINTENANCE

For needs related to operation and maintenance, 4HSE S.r.l. and possibly third party services may collect system logs, which are files that record interactions and that may also contain personal data, such as the user’s IP address.

INFORMATION NOT INCLUDED IN THIS POLICY

Further information regarding processing of personal data can be requested at any time from the Proprietor by contacting them directly.

CHANGES TO THIS PRIVACY POLICY

The Proprietor reserves the rights to make changes to the current Privacy Policy at any time supplying the Users with information on this page, if technically and legally possible, by sending them notice via one of the contacts in the Proprietor’s possession. Therefore you are invited to regularly consult this page, referring to the date of the latest change.

In the case of the processing being based on judicial consensus, the Proprietor will arrange the collection of consensus again from the User if necessary.