VeiligWerk | SafetyFirst data security policy
1 Data security
VeiligWerk | SafetyFirst has put in place commercially reasonable physical, electronic, and organizational procedures to safeguard and secure the information (Data) we collect, receive and/or process through or/and with VeiligWerk | SafetyFirst’s services. More explicitly, but not limited by:
1. All the connections and applications (including login pages) on our end are TLS encrypted.
2. VeiligWerk | SafetyFirst’s account passwords are encrypted and API access tokens are hashed. The stored data can only be accessed by using hashed access tokens.
3. Our, and thus your Data, is stored on servers in ISO27001 ISO27018 certified data centers. Access to the servers is restricted to authorized personnel. The physical location of the servers is in the EER.
4. VeiligWerk | SafetyFirst’s databases are only accessible from authorized IP addresses. Databases are encrypted using the 256-bit Advanced Encryption Standard (AES-256). Sensitive data in the database have an extra layer of encryption within the database.
5. Data stored in VeiligWerk | SafetyFirst databases are separated per client with a unique ID. For custom branded products you might have completely separated environments including database servers. An access token has only access to data from a specific CompanyID and thus can never access any other data.
6. We run regular, automated, back-ups of our system and databases (both full and incremental back-ups). Backups are stored encrypted in at least two physical locations in the EER using 256-bit AES encryption or GPG, data integrity and authenticity is verified using HMAC- SHA256. Data is encrypted client-side.
7. We use separate environments in our infrastructure. There is a separation between development, testing, acceptance and production.
8. We run daily automated scripts on our API & database for security checks and do a monthly security analysis to ensure our security is up to date. Critical security patches are installed nightly.
9. Our API and databases run on a flexible hosting environment with a fail-over cluster with constant health checks.
10. All our technical infrastructure component are hosted within a virtual private cloud. Therefore data in our platform is only available through an API connection.
11. We educate our (technical) personnel on how to treat personal data on a continuing basis and make sure that access is on a need-to-have basis.
2 License to Data
As a Customer, as long as you make use of the VeiligWerk | SafetyFirst service, you grant VeiligWerk | SafetyFirst a royalty-free, paid-up, non-exclusive, irrevocable and worldwide license to access, log, retain and use all (Consumer) Data pertaining to your account, as well as all other data and content you provide to us, in order for us to offer you a full functioning service, as well as carry out Customer related tasks, ie; starting and facilitating workflows for reports and inspections (and similar concepts) and compile statistics, metrics, insights, and general trend-data about the VeiligWerk | SafetyFirst’s service for your insight. While doing this, VeiligWerk | SafetyFirst will always adhere to the agreements made between you and VeiligWerk | SafetyFirst about the handling of (Consumer) Data.
For clarity, as between you and VeiligWerk | SafetyFirst, all (Consumer) Data shall be solely and exclusively owned by you. As used herein, Consumer Data means any data pertaining to Consumers’ engagement with our service (such as, without limitation, generation of reports or inspections and interaction with safety information such as toolboxes).
As you use our Services, you (or we for you) may import (manually or automatically) into our system, personal information you have collected from your users/customers or other individuals. We have no direct relationship with these users/customers or any person other than you, and for that reason, you are responsible for making sure you have the appropriate permission for us to collect and process information about those individuals.
The VeiligWerk | SafetyFirst’s service may include tools giving you the opportunity to provide us with feedback data (such as but not limited to, comments, suggestions, and questions) about the VeiligWerk | SafetyFirst’s service (“Feedback“). You agree that all rights, title, and interest in and to all Feedback (even if provided to us other than through the VeiligWerk | SafetyFirst’s service tools) are and shall remain the sole and exclusive property of VeiligWerk | SafetyFirst.
5 Compliance with Laws
You agree to comply with all applicable international, national, state, regional and local laws and regulations in accessing and/or using the VeiligWerk | SafetyFirst’s service (or any part thereof) and in performing your obligations and exercising your rights under these Terms, including without limitation laws relating to privacy, data protection, and exports (such as the GDPR). If you have any questions about these terms or other terms of our service, please contact firstname.lastname@example.org