Last updated June 29th 2020, VelocityEHS, All rights reserved.
VelocityEHS participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. For more information please see the “EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield” section below. To learn more about the Privacy Shield program and to view our certification, please visit the U.S. Department of Commerce’s Privacy Shield website here.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
VelocityEHS participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield program and to view our certification, please visit the U.S. Department of Commerce’s Privacy Shield website https://www.privacyshield.gov/list
VelocityEHS is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. The Company complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, VelocityEHS is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Canada’s Personal Data Protection & Electronic Documents Act
VelocityEHS is subject to, and complies with, the privacy protection standards under Canada’s Personal data Protection and Electronic Documents Act (“PIPEDA”). The Office of the Privacy Commissioner of Canada (“OPC”), through its Processing Personal Data Across Borders Guidelines (“OPC Guidelines”) allows data processors, such as VelocityEHS, to transfer personal data across borders. Customers are required to transfer personal data to VelocityEHS only for the purposes for which the information was collected. VelocityEHS uses data transfer agreements to enable the transfer of information across borders as well as to outline our obligations of providing a comparable level of protection.
To learn more about the OPC Guidelines, visit: https://www.priv.gc.ca/media/1992/gl_dab_090127_e.pdf
Third Party Audits, Certifications and Reports
The Company’s privacy and data security compliance program has stringent global information and security policies and procedures. Our program has been reviewed and certified by various third parties, both against specific jurisdictions or international standards, some of which include:
- CSAE 3416 Type 2 (Canada)
- SSAE 16 SOC 2 Type 2 (US)
- ISAE 3402 Type 2 (International)
In addition, our internal controls have been externally audited, resulting in a SOC 2 Report. This report allows customers to understand and feel confident that The Company’s internal controls that process your data meet the Section 100 Trust Principles:
- Security: Our system is protected, both logically and physically, against unauthorized access.
- Availability: Our system is available to our customers for operation and use.
- Processing Integrity: Processing is complete, accurate, timely and authorized.
- Confidentiality: Confidential data is protected as agreed upon.
- Privacy: Personal data is collected, used, retained and disclosed in conformity with our commitment under applicable laws, our contractual agreements and as required by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
To learn more about SOC 2 standards, audits and the Trust Principles, please visit: https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/pages/asec.aspx
What Information Do We Collect?
VelocityEHS may collect various types of information from or about you. During the Site(s) registration process and the Company’s subscriber registration process, you supply us with basic contact information (such as name, address, telephone number, e-mail address and company name), as well as billing information. This information is generally entered into fields in the registration and subscription forms and enables you to take full advantage of the products and services that we offer. Should you purchase any VelocityEHS subscription or services on or through the Site(s), the information that you supplied during the registration process may be used to track details about those purchases.
VelocityEHS processes data imported by our customers and end users in their access and use of VelocityEHS products and services. This data can often include personal data of our customers, end users or other data subjects (e.g. non-registered 3rds parties that work together with our customers). The personal data may include contact information, such as name, home address, office address, telephone number, email address, for our Canadian business unit we may also collect social security number, photographs used for ID badges, etc. This information is necessary for VelocityEHS to provide its comprehensive environmental, health, safety and sustainability software solutions. These solutions may include one of our software tools, implementation services, secure cloud hosting, on-demand training, etc.
Customers can also use our tools to schedule, manage and track workplace incidents, formal safety meetings and ensure compliance with state and federal safety regulations and this may provide VelocityEHS with human resource-related data such as date of birth, age, gender, job title and work history. Also, customers using our tracking and streamline tools to submit regulatory reports may provide VelocityEHS with more sensitive information such as medical records, medical bills and doctors’ notes (please note this sensitive data is collected only by our business unit located in Oakville, Canada).
If you provide personal information to our MSDSonline (U.S) platform, VelocityEHS shall process this information as a data processor on behalf of its Customers, who use our Services to assist with their chemical management processes. Unless VelocityEHS uses some of this information for marketing or business purposes (e.g. metrics), in such case, VelocityEHS shall be considered the data controller.
The Company may also collect, from you, the following personal information about your contacts:
- [Name and email address], in order to forward a job posting
- [Name and email address], in order to refer our products or services
- [Email address], in order to share an article, blog post or other content
- Through our “import contacts” feature we may collect the [name, email address, phone number] of your contacts in order to [provide description of use/purpose of collection e.g. to connect you with people you know who also use our service]
When you provide us with personal information about your contacts we will only use this information for the specific reason for which it is provided.
Our privacy and data security program are designed to process and protect our customers’ data in accordance with privacy regulations and in respect to confidentiality requirements. If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at Privacy@EHS.com.
VelocityEHS may also retain the content of and metadata regarding any correspondence you may have with the company or its sales and customer service representatives, regardless of the mode of communication by which such correspondence was made. This information helps VelocityEHS to improve its Site(s) and the materials, products and services that we offer on the Site(s), and to more effectively and efficiently respond to both current and future inquiries.
Information We Acquire from Third Parties
We also collect or receive information about you and your activity from other source, including from third parties, as follows:
Purchased from Business Partners: We may collect or obtain information about you from marketing partners, social media platforms, data aggregators, location intelligence platforms, third party providers of business contact information, etc., for advertising and analytics purposes, so that we may offer you personalized features and offers tailored to your interests, and in order to offer you an overall better service. We will use this information where you have provided your consent to the third party or to VelocityEHS, or where VelocityEHS has a legitimate interest in using your information in order to provide you with the content or service requested. We will combine this information with personal information provided by you, in order to identify prospective customers or products you’ll be interested in, to create more tailored advertising, and to improve the accuracy of our records.
User Data Supplementation
The Company may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
Examples of the types of personal information that may be obtained from public sources or purchased from third parties and combined with information we already have about you, may include:
Purchased marketing data about our customers from third parties that is combined with information we already have about you, to create more tailored advertising and products.
Information We Collect From You Automatically
As is true of most websites, we gather certain information automatically using cookies, web beacons and similar technologies. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
Cookies & Similar Technologies
VelocityEHS uses “cookies” (small text files stored on your computer) to help track and customize your access and use of the Site(s). Cookies store and retain information that helps us recognize you when you return to the Site(s) following a previous visit. Cookies may also store any login or ID assigned to you by VelocityEHS and the associated password, though this information is stored in encrypted form. Most popular Internet browser packages allow you to configure the browser so as not to accept cookies. However, setting your browser to reject cookies may prevent you from taking full advantage of our Site(s) and the materials, products and services that the Company makes available on the Site(s).
To learn more about cookies, visit www.allaboutcookies.org.
These analytic services allow us to better understand the functionality of our web sites. This software may record information such as how often you use the site(s), the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the application.
VelocityEHS uses Web beacons alone or in conjunction with cookies to compile information about Customers and Visitors’ usage of the Company’s Web sites and interaction with emails from the Company. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Web site or Service tied to the Web beacon, and a description of a Web site or Service tied to the Web beacon. For example, we may place Web beacons in marketing emails that notify the Company when you click on a link in the email that directs you to one of the Company’s Web sites. The Company uses Web beacons to operate and improve the Company’s Web sites, Services and email communications.
Social Media Features
Do Not Track
Currently, various browsers — such as Internet Explorer, Firefox, and Safari — offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to Web sites’ visited by the user about the user’s browser DNT preference setting. VelocityEHS does not currently commit to responding to browsers’ DNT signals with respect to the Company’s Web sites, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. VelocityEHS takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
When you download and use our Services, we automatically collect information on the type of device you use and the operating system version.
VelocityEHS sends you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information. We do not ask for, access or track any location-based information from your mobile device at any time while downloading or using our Mobile Apps or Services.
VelocityEHS uses mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.
How Do We Use the Information That We Collect?
In addition to the uses mentioned or described above, VelocityEHS uses the information that it collects from or about you to improve the materials, products and services that the Company makes available on the Site(s), to notify you of changes made to the Site(s) or new products made available on or through the Site(s), to evaluate your needs and customize Site content delivered to you according to those needs, to facilitate the processing of any purchases you make through the Site(s), to send you promotional material from VelocityEHS and some of our affiliates, and for other lawful business purposes of VelocityEHS (e.g. reasonably serve customer relations, compliance and legal considerations, auditing, security and fraud prevention, preserving or defending the organization’s legal rights). The Company does not share information collected about you with third parties, except with regard to certain special programs that we offer in connection with some of our business associates, which may involve special promotions and/or pricing, and in which you are participating. Should you register as a participant in one of those programs, VelocityEHS will acknowledge your registration and notify our applicable business associate of your registration, thereby enabling you to receive the corresponding program benefits. For such programs, VelocityEHS could share with its business associates the following information: company name, contact name, phone number, email address, job title, and company address.
Sharing with Service Providers
We may share your information with third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your personal information only as necessary to provide these services to us. These services may include:
- Fulfilling orders and delivering packages
- Payment processing
- Providing customer service
- Sending marketing communications
- Fulfilling subscription services
- Conducting research and analysis
- Providing cloud computing infrastructure
- Enrich our data for marketing purposes including in the ad-tech ecosystem
It is our policy not to sell lists containing personal information about Site users, registrants or subscribers. VelocityEHS may provide aggregate statistics about our clients, sales, traffic patterns, and related site information to reputable third-party vendors, but these statistics will include no personally identifying information.
What Choices Do You Have?
You may update at any time the information about you and your personal preferences that is stored from your Site or subscriber registration. You may also ask us at any time to correct any inaccuracies contained in your information or to remove your name from our list of Site users who wish to receive electronic communications and e-mail advertisements from VelocityEHS and our affiliates by simply sending such a request to us at the numbers or addresses given below. Once you opt-out, we will honor your choice until you inform us otherwise.
Upon request, VelocityEHS will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by logging into your account, or contacting us at Privacy@EHS.com.
The Company will respond to your request within a reasonable timeframe.
VelocityEHS may also process data jointly or on behalf our Clients. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data could direct his query to the Company’s Client. We will assist our Client with this request. If requested to remove data we will respond within a reasonable timeframe.
We will retain personal data we process on behalf of our Clients for as long as needed to provide services to our Client. VelocityEHS will retain this personal information as necessary to comply with our legal obligations, resolve, disputes, and enforce our agreements.
Email and Newsletter Preferences
You may sign-up to receive email or newsletter or other communications from us. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or at your member profile on our website or by contacting us through one of the methods listed below:
By Mail/Phone or Fax:
Attn: Data Protection Officer
222 Merchandise Mart Plaza, Suite 1750
Chicago, IL 60654
Customer Service: (888) 362-2007
Facsimile: (312) 881-2001
How Do We Protect Information Collected About You?
VelocityEHS places a high value on protecting information transmitted via our Site(s). For this reason, we use state-of-the-art security solutions, such as TLS encryption technology to process payments and to provide secure communication methods. In addition, the Site is protected by a firewall that provides a high level of security. The Company takes commercially reasonable measures to secure and protect customer-specific information transmitted via or stored on our Site. However, no security system is impenetrable. We cannot guarantee that information users supply to us will be totally secure. We may retain your information for as long as your account is active or as needed to provide you with our services, comply with our legal obligations, resolve disputes and enforce our agreements.
To facilitate our operations, we may transfer, store and process your personal information in jurisdictions other than where you live including in the United States. Laws in these countries may differ from the laws applicable to your country of residence. For instance, if you are a European Economic Area (EEA) data subject and your personal information is shared with our affiliates, partners, or third-party service providers acting on our behalf outside of the EEA, then it is done so pursuant to necessary means to ensure an adequate level of protection.
As VelocityEHS continues to grow and develop its business, its corporate structure might change or it might merge or otherwise combine with, or substantially all of its assets might be acquired by, another company. In any such transactions, customer information likely would be among the transferred business assets.
Who Can You Contact for More Information?
Attn: Data Protection Officer
222 Merchandise Mart Plaza, Suite 1750
Chicago, IL 60654
Last updated June 29th 2020, VelocityEHS, All rights reserved.
VelocityEHS collects Your personal information
VelocityEHS is a provider of EHS and Risk Management software that’s simple, smart, and secure and gives business owners and stakeholders visibility of their business’ risk position.
The Service involves the storage of Data about a company’s business and some high-level information about the individuals involved in that business. That Data can include personal information. “Personal information” is information about an identifiable individual, and includes information such as the individual’s name and email address.
VelocityEHS may collect personal information directly from You when You:
You can always choose not to provide Your personal information, but it may mean that we are unable to provide You with the Service.
VelocityEHS may receive personal information from You about others
Through Your use of the Service, VelocityEHS may also collect information from You about someone else. If You provide VelocityEHS with personal information about someone else, You must ensure that You are authorised to disclose that information and that, without VelocityEHS taking any further steps required by applicable data protection or privacy laws, VelocityEHS may collect, use and disclose such information for the purposes described in this Policy.
This means that You must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, VelocityEHS’ identity, and how to contact VelocityEHS.
Where requested to do so by VelocityEHS, You must also assist VelocityEHS with any requests by the individual to access or update the personal information You have collected from them and entered into the Service.
VelocityEHS collects, holds, and uses Your personal information for limited purposes
VelocityEHS collects Your personal information so that we can provide You with the Service and any related services You may request. In doing so, VelocityEHS may use the personal information we have collected from You for purposes related to the Services including to:
By using the Service, You consent to Your personal information being collected, held and used in this way and for any other use You authorise. VelocityEHS will only use Your personal information for the purposes described in this Policy or with Your express permission.
It is Your responsibility to keep Your password to the Service safe. You should notify us as soon as possible if You become aware of any misuse of Your password, and immediately change your password.
VelocityEHS can aggregate Your non-personally identifiable data
By using the Service, You agree that VelocityEHS can access, aggregate and use non-personally identifiable data VelocityEHS has collected from You. This data will in no way identify You or any other individual.
VelocityEHS may use this aggregated non-personally identifiable data to:
VelocityEHS holds your personal information on servers located in Australia.
All Data, including personal and non-personal information, that is entered into the Service by You, or automatically imported on Your instruction, is transferred to VelocityEHS’ servers as a function of transmission across the Internet. By using the Service, You consent to Your personal information being transferred to our servers as set out in this Policy.
Currently our servers are hosted by Amazon AWS (AWS), and Your personal information will be routed through, and stored on, those servers as part of the Service. AWS complies with relevant aspects of the U.S.-EU Safe Harbour Framework and has certified that it adheres to relevant Safe Harbour Privacy Principles. If the location of our servers change in the future, we will update this Policy. You should review our Policy regularly to keep informed of any updates.
By providing Your personal information to VelocityEHS, You consent to VelocityEHS storing Your personal information on our servers. While Your personal information will be stored on AWS servers, it will remain within VelocityEHS’ effective control at all times. The server host’s role is limited to providing a hosting and storage service to VelocityEHS, and we’ve taken steps to ensure that our server hosts do not have access to, and use the necessary level of protection for, Your personal information.
If You do not want Your personal information to be transferred to an AWS server, You should not provide VelocityEHS with Your personal information or use the Service.
VelocityEHS takes steps to protect your personal information
VelocityEHS is committed to protecting the security of Your personal information and we take all reasonable precautions to protect it from unauthorised access, modification or disclosure. Your personal information is stored on secure servers that have SSL Certificates issued by leading certificate authorities, and all Data transferred between You and the Service is encrypted. You can find out more about our security arrangements and our data protection measures on our security page.
However, the Internet is not in itself a secure environment and we cannot give an absolute assurance that Your information will be secure at all times. Transmission of personal information over the Internet is at Your own risk and You should only enter, or instruct the entering of, personal information to the Service within a secure environment.
We will advise You at the first reasonable opportunity upon discovering or being advised of a security breach where Your personal information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorised persons or in any unauthorised manner.
VelocityEHS only discloses Your Personal Information in limited circumstances
VelocityEHS will only disclose the personal information You have provided to us to entities outside the VelocityEHS group of companies if it is necessary and appropriate to facilitate the purpose for which Your personal information was collected pursuant to this Policy, including the provision of the Service.
VelocityEHS will not otherwise disclose Your personal information to a third party unless You have provided Your express consent. However, You should be aware that VelocityEHS may be required to disclose Your personal information without Your consent in order to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will notify You if we are required by law to disclose Your personal information.
The third parties who host our servers do not control, and are not permitted to access or use Your personal information except for the limited purpose of storing the information. This means that, for the purposes of Australian privacy legislation and Australian users of the Service, VelocityEHS does not currently “disclose” personal information to third parties located overseas.
You may request access to Your personal information
It is Your responsibility to ensure that the personal information You provide to us is accurate, complete and up-to-date. You may request access to the information we hold about You, or request that we update or correct any personal information we hold about You, by setting out Your request in writing and sending it to us at privacy@VelocityEHS.com.au.
VelocityEHS will process Your request as soon as reasonably practicable, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet Your request, we will let you know why. For example, it may be necessary for us to deny Your request if it would have an unreasonable impact on the privacy or affairs of other individuals, or if it is not reasonable and practicable for us to process Your request in the manner You have requested. In some circumstances, it may be necessary for us to seek to arrange access to Your personal information through a mutually agreed intermediary (for example, the Subscriber).
We’ll only keep Your personal information for as long as we require it for the purposes of providing You with the Service. However, we may also be required to keep some of Your personal information for specified periods of time, for example under certain laws relating to corporations, money laundering, and financial reporting legislation.
In providing the Service, VelocityEHS utilises “cookies”. A cookie is a small text file that is stored on Your computer for record-keeping purposes. A cookie does not identify You personally or contain any other information about You but it does identify Your computer.
You can set your browser to notify You when You receive a cookie so that You will have an opportunity to either accept or reject it in each instance. However, You should note that refusing cookies may have a negative impact on the functionality and usability of the Website.
We do not respond to or honour “Do Not Track” requests at this time.
You can opt-out of any email communications
VelocityEHS sends billing information, product information, Service updates and Service notifications to You via email. Our emails will contain clear and obvious instructions describing how You can choose to be removed from any mailing list not essential to the Service. VelocityEHS will remove You at Your request.
You are responsible for transfer of Your data to third-party applications
VelocityEHS reserves the right to change this Policy at any time, and any amended Policy is effective upon posting to this Website. VelocityEHS will make every effort to communicate any significant changes to You via email or notification via the Service. Your continued use of the Service will be deemed acceptance of any amended Policy.