USE, TYPE, LOCATION AND STORAGE OF DATA

Last modified date: 25/05/2018
COMMERCIAL DATA
  • Legal entities: company name, VAT number, telephone number, e-mail, address, website, number of employees/turnover.
  • Natural persons: name, surname, role/position, telephone number, mobile phone number, e-mail.
LOCATION

The data is saved and processed on Amazon Web Services (AWS) at the server farm in Ireland (EU).
Other data processors: Hubspot.

RETENTION PERIOD
  • Legal entities: up to a maximum of 24 months from the last interaction.
  • Natural persons: up to a maximum of 12 months from the last interaction.
DATA FOR SERVICE PROVISION
  1. ACCOUNT DATA:

Access: email
We collect the Data during registration on the website www.4hse.com or when a user is added/invited to a project, to allow the customer to access the platform, receive operational notifications and technical support.
LOCATION
The data is saved and processed on Amazon Web Services (AWS) at the server farm in Ireland (EU).
RETENTION PERIOD
Since this Data is linked to the certification of the operations carried out by the user also with respect to third parties, it is not deleted before 10 years.

PAYMENTS

BILLING DATA
Customer Data on 4HSE: company name, VAT number, Tax Code, Address, Telephone, City, ZIP Code, Province, Country.
LOCATION
The data is saved and processed on Amazon Web Services (AWS) at the server farm in Ireland (EU).
Other Data Processors: Chargebee.
RETENTION PERIOD
Invoices and fiscal documents: according to current legislation.

CREDIT CARD DATA
Credit card data is collected in the event that this method of payment is chosen.
LOCATION
At other Data Processors: Chargebee, Stripe.
RETENTION PERIOD
For the duration of the service provision.

USERS’ RIGHTS

Users may exercise certain rights with regard to the Data processed by the Controller.
In particular, the User has the right to:

  • Withdraw consent at any time. The User can revoke the consent previously given to the processing of their Personal Data.
  • Object to the processing of their Data. The User can object to the processing of their Data when it is carried out on a legal basis other than consent.
  • Access their Data. The User has the right to obtain information on the Data processed by the Controller, on certain aspects of the processing, and to receive a copy of the Data processed.
  • Verify and request rectification. The User can verify the accuracy of their Data and request that it be updated or corrected.
  • Obtain the restriction of processing. When certain conditions apply, the User can request the restriction of the processing of their Data. In this case, the Controller will not process the Data for any purpose other than their storage.
  • Obtain the erasure or removal of their Personal Data. When certain conditions apply, the User can request the erasure of their Data by the Controller.
  • Receive their Data and have it transferred to another controller. The User has the right to receive their Data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transferred without hindrance to another controller. This provision applies when the Data is processed by automated means and the processing is based on the User’s consent, on a contract to which the User is party, or on contractual measures related thereto.
  • Lodge a complaint. The User can lodge a complaint with the competent data protection supervisory authority or take legal action.

HOW TO EXERCISE THE RIGHTS

It is possible to exercise the aforementioned rights by writing to: info[@]4hse.com

To stop receiving our newsletter or commercial e-mails, follow the instructions for unsubscribing included in the emails sent, or contact: info[@]4hse.com.

To request the complete cancellation of a project, you must send a request to: support[@]4hse.com.

4HSE AS PROCESSOR

In providing the 4HSE service, it acts as a processor of the Data for which the client is the controller.

  • The controller is the one who determines the purposes of the Data processing.
  • The processor is the one who carries out the Data processing on behalf of the controller.

Example
Mr. Rossi is the “Data Subject” and is an employee of ABC S.p.A., which uses the 4HSE platform to manage workplace safety.
ABC S.p.A. (the client) is therefore the “controller”: owner of its employees’ Data.
4HSE Srl. is the “processor”, i.e., the entity responsible for processing the Data on behalf of ABC S.p.A.
4HSE will therefore never actively collect Mr. Rossi’s Data, of which ABC S.p.A. remains the owner.

DATA PROCESSING

The Data is saved and processed on Amazon Web Services (AWS) at the server farm in Ireland (EU).

  • The controller can access its Data throughout the entire period the contract is active.
  • The controller can modify and/or delete the Data completely independently. The 4HSE backup policies have a retention period of 90 days: therefore, the Data prior to modification and/or deletion will remain in our backups for the stated period.
  • The Data for which the client is the controller is managed with the utmost care, as set out in the Terms and Conditions of the Service.

FURTHER INFORMATION ON THE PROCESSING

DEFENSE IN COURT

The User’s Personal Data may be used by the Controller in legal proceedings or in the preparatory stages of possible legal action to defend against abuses in the use of 4HSE Srl. or related Services by the User.

The User declares to be aware that the Controller may be required to disclose the Data by order of public authorities.

SPECIFIC INFORMATION

Upon the User’s request, in addition to the information contained in this Privacy Policy, 4HSE Srl may provide the User with additional and contextual information concerning specific Services, or the collection and processing of Personal Data.

SYSTEM LOGS AND MAINTENANCE

For operation and maintenance purposes, 4HSE Srl and any third-party services used by it may collect system logs, i.e., files that record interactions and may also contain Personal Data, such as the User’s IP address.

INFORMATION NOT CONTAINED IN THIS POLICY

Further information related to the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.

CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to make changes to this Privacy Policy at any time, giving notice to Users on this page or, when technically and legally feasible, by sending a notification to Users through one of the contact details in the Controller’s possession. Please therefore consult this page regularly, referring to the date of the last modification.

Should the modifications affect processing whose legal basis is consent, the Controller will collect the User’s consent again, if necessary.