DATA USAGE, TYPES, STORAGE, AND RETENTION
COMMERCIAL DATA
- Legal entities: company name, VAT number, phone number, email, address, website, number of employees/turnover.
- Individuals: name, surname, job title, phone number, mobile number, email.
STORAGE
Data is saved and processed on Amazon Web Services (AWS) at the server farm in Ireland (EU). Other data processors: Hubspot
RETENTION PERIOD
- Legal entities: up to a maximum of 24 months from the last interaction.
- Individuals: up to a maximum of 12 months from the last interaction.
DATA FOR SERVICE DELIVERY
ACCOUNT DATA
Access: email We collect data during registration on the website www.4hse.com or when a user is added/invited to a project, to allow the client to access the platform, receive operational notifications, and technical support.
STORAGE
Data is saved and processed on Amazon Web Services (AWS) at the server farm in Ireland (EU).
RETENTION PERIOD
As it is related to the certification of user operations, including towards third parties, this data is not deleted before 10 years.
PAYMENTS
INVOICE DATA
Customer data on 4HSE: company name, VAT number, tax code, address, phone number, city, ZIP code, province, country.
STORAGE
Data is saved and processed on Amazon Web Services (AWS) at the server farm in Ireland (EU). Other data processors: Chargebee.
RETENTION PERIOD
Invoices and tax documents: according to current regulations.
CREDIT CARD DATA
Credit card data is collected if chosen as the payment method.
STORAGE
With other data processors: Chargebee, Stripe.
RETENTION PERIOD
Duration of service provision.
USER RIGHTS
Users can exercise certain rights regarding their Data processed by the Controller. In particular, the User has the right to:
- Withdraw consent at any time. The User can withdraw consent to the processing of their Personal Data previously expressed.
- Object to processing of their Data. The User can object to the processing of their Data when it occurs on a basis other than consent.
- Access their Data. The User has the right to obtain information about the Data processed by the Controller, certain aspects of the processing, and receive a copy of the processed Data.
- Verify and seek rectification. The User can verify the accuracy of their Data and request its update or correction.
- Obtain the restriction of processing. When certain conditions are met, the User can request the restriction of their Data processing. In this case, the Controller will not process the Data for any other purpose except for their storage.
- Obtain the erasure or removal of their Personal Data. When certain conditions are met, the User can request the erasure of their Data by the Controller. Receive their Data or have it transferred to another controller. The User has the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transmitted without hindrance to another controller. This provision is applicable when the Data is processed by automated means and the processing is based on User consent, on a contract of which the User is a party, or on contractual measures connected to it.
- Lodge a complaint. The User can lodge a complaint with the competent data protection authority or take legal action.
HOW TO EXERCISE RIGHTS
The aforementioned rights can be exercised by writing to: info[@]4hse.com
To block receipt of our newsletter or commercial emails, follow the unsubscribe instructions included in the emails sent, or contact: info[@]4hse.com.
To request the total deletion of a project, it is necessary to send a request to: support[@]4hse.com.
4HSE AS A PROCESSOR
In providing the service, 4HSE acts as a processor (data processor) of the Data for which the customer is the controller (data controller).
- The controller determines the purposes of Data processing.
- The processor carries out Data processing on behalf of the controller.
Example
Mr. Rossi is the “Data subject” and an employee of ABC Spa., which uses the 4HSE platform to manage workplace safety. ABC Spa. (the customer), is therefore the “controller“: the holder of the Data of its own employees. 4HSE Srl. is the “processor“, responsible for processing the Data on behalf of ABC Spa. 4HSE will therefore never actively collect Mr. Rossi’s Data, of which the controller remains ABC Spa.
DATA PROCESSING
Data is saved and processed on Amazon Web Services (AWS) at the server farm in Ireland (EU).
- The controller can access their data throughout the entire period in which the contract is active.
- The controller can modify and/or delete the Data independently. 4HSE’s backup policies have a retention period of 90 days: the data prior to modification and/or deletion will therefore remain in our backups for the aforementioned period.
- The Data for which the customer is the controller is managed with the utmost care, as stated in the Terms and conditions of service.
ADDITIONAL INFORMATION ON PROCESSING LEGAL DEFENSE
The User’s Personal Data may be used by the Controller in court or in the preparatory stages leading to possible legal action for the defense against abuse in the use of 4HSE Srl. or related services by the User.
The User declares to be aware that the Controller may be required to disclose Data upon request of public authorities.
SPECIFIC INFORMATION
Upon request by the User, in addition to the information contained in this Privacy Policy, 4HSE Srl. may provide the User with additional and contextual information regarding specific services, or the collection and processing of Personal Data.
SYSTEM LOGS AND MAINTENANCE
For operation and maintenance purposes, 4HSE Srl. and any third-party services it uses may collect system logs, which are files that record interactions and may contain Personal Data, such as the User’s IP address.
INFORMATION NOT CONTAINED IN THIS POLICY
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.
CHANGES TO THIS PRIVACY POLICY
The Data Controller reserves the right to make changes to this Privacy Policy at any time by informing Users on this page or, if technically and legally feasible, by sending a notification to Users through one of the contact details held by the Data Controller. Therefore, please consult this page regularly, referring to the last modification date.
If the changes concern processing for which the legal basis is consent, the Controller will collect the User’s consent again, if necessary.