USE, TYPE, LOCATION, AND STORAGE OF DATA

Last update: 22/11/2024
Previous version: 2018-05-25

COMMERCIAL DATA
  • Legal entities: company name, VAT number, phone number, email, address, website, number of employees/revenue.
  • Individuals: first name, last name, position, phone number, mobile number, email.
LOCATION

The data is stored and processed on ODOO (Francia, Belgio).

RETENTION PERIOD
  • Legal entities: up to a maximum of 24 months from the last interaction.
  • Individuals: up to a maximum of 12 months from the last interaction.
SERVICE DELIVERY DATA
  • Access: email. We collect data during the registration process on the website www.4hse.com or when a user is added/invited to a project, to allow the customer to access the platform, receive operational notifications, and technical support.
LOCATION

The data is stored and processed on Amazon Web Services (AWS) at the server farm in Ireland (EU).

RETENTION PERIOD

Since this data is linked to the certification of operations carried out by the user, including for third parties, it is not deleted before 10 years.

PAYMENT DATA
  • Billing
    • Customer data on 4HSE: company name, VAT number, Tax Code, address, phone number, city, postal code, province, country.
    • Location: The data is stored and processed on Amazon Web Services (AWS) at the server farm in Ireland (EU). Other data processors: Chargebee (EU), Archismall – Smeup S.p.A.(EU).
    • Retention period: according to current regulations.
  • Credit card
    • Credit card data: credit card details are collected when chosen as a payment method.
    • Location: With other data processors: Chargebee, Stripe.
    • Retention period: Duration of the service delivery.

USER RIGHTS

Users can exercise certain rights concerning their data processed by the Data Controller. Specifically, the User has the right to:

  • Withdraw consent at any time. The User can withdraw consent to the processing of their personal data previously given.
  • Object to data processing. The User can object to the processing of their data when it is done on a legal basis other than consent.
  • Access their data. The User has the right to obtain information on the data processed by the Data Controller, certain aspects of the processing, and receive a copy of the processed data.
  • Verify and request rectification. The User can verify the accuracy of their data and request updates or corrections.
  • Obtain the restriction of processing. Under certain conditions, the User can request the restriction of processing of their data. In this case, the Data Controller will not process the data for any purpose other than their storage.
  • Request the deletion or removal of their personal data. Under certain conditions, the User can request the deletion of their data by the Data Controller.
  • Receive their data and transfer it to another controller. The User has the right to receive their data in a structured, commonly used, and machine-readable format and, where technically feasible, have it transferred to another controller without any obstacles. This applies when the data is processed by automated means and the processing is based on the User’s consent, a contract of which the User is a party, or related contractual measures.
  • File a complaint. The User can file a complaint with the competent data protection authority or take legal action.

HOW TO EXERCISE RIGHTS

You can exercise the above rights by writing to: info[@]4hse.com To unsubscribe from our newsletter or commercial emails, follow the cancellation instructions included in the emails sent, or contact: info[@]4hse.com. To request the complete deletion of a project, please send a request to: support[@]4hse.com.

4HSE AS A PROCESSOR

In providing the service, 4HSE acts as a processor (data processor) for the data of which the client is the controller (data controller).

  • The controller determines the purposes of the data processing.
  • The processor executes the data processing on behalf of the controller.

Example Mr. Rossi is the “data subject” and is an employee of ABC Spa, which uses the 4HSE platform to manage workplace safety.

  • ABC SpA (the client) is therefore the “controller”: owner of its employees’ data.
  • 4HSE Srl is the “processor”, responsible for processing the data on behalf of ABC SpA.

4HSE will never actively collect Mr. Rossi’s data, of which ABC SpA remains the owner.

DATA PROCESSING

The data is stored and processed on Amazon Web Services (AWS) at the server farm in Ireland (EU).

  • The controller can access its data for the entire period the contract is active.
  • The controller can modify and/or delete the data autonomously. 4HSE’s backup policies have a retention period of 100 days: data prior to the modification and/or deletion will remain in our backups for the stated period.
  • The data of which the client is the controller is managed with the utmost care, as detailed in the Terms of Service.

ADDITIONAL INFORMATION ON PROCESSING

LEGAL DEFENSE

The User’s personal data may be used by the Data Controller in legal proceedings or in the preparatory stages for its possible establishment to defend against abuse in the use of 4HSE Srl or related services by the User. The User declares to be aware that the Data Controller may be required to disclose data upon request of public authorities.

SPECIFIC INFORMATION

Upon User request, in addition to the information contained in this Privacy Policy, 4HSE Srl may provide the User with additional and contextual information concerning specific services, or the collection and processing of personal data.

SYSTEM LOGS AND MAINTENANCE

For operational and maintenance purposes, 4HSE Srl and any third-party services it uses may collect system logs, i.e., files that record interactions and may also contain personal data, such as the User’s IP address.

INFORMATION NOT CONTAINED IN THIS POLICY

Further information regarding the processing of personal data can be requested at any time from the Data Controller using the contact details provided.

CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to make changes to this Privacy Policy at any time, notifying Users on this page or, where technically and legally feasible, sending a notification to Users through one of the contact details in possession of the Data Controller. Please consult this page regularly, referring to the date of the last modification. If the changes affect processing activities whose legal basis is the User’s consent, the Data Controller will collect the User’s consent again, if necessary.