Data security policy

VeiligWerk | SafetyFirst is proud to be ISO 27001 certified. This certification demonstrates our commitment to protect our customer data. Numerous physical, electronic, commercially reasonable and organizational measures and procedures are in place to safeguard and secure the information (Data) we collect, receive and/or process through or/and with VeiligWerk | SafetyFirst’s services. More explicitly, but not limited by:
1. All the connections and applications (including login pages) on our end are TLS encrypted.
2. VeiligWerk | SafetyFirst’s account passwords are encrypted and API access tokens are hashed. The stored data can only be accessed by using hashed access tokens.
3. Our, and thus your Data, is stored on servers in ISO27001 ISO27018 certified data centers. Access to the servers is restricted to authorized personnel. The physical location of the servers is in the EER.
4. VeiligWerk | SafetyFirst’s databases are only accessible from authorized IP addresses. Databases are encrypted using the 256-bit Advanced Encryption Standard (AES-256). Sensitive data in the database have an extra layer of encryption within the database.
5. Data stored in VeiligWerk | SafetyFirst databases are separated per client with a unique ID. For custom branded products you might have completely separated environments including database servers. An access token has only access to data from a specific CompanyID and thus can never access any other data.
6. We run regular, automated, back-ups of our system and databases (both full and incremental back-ups). Backups are stored encrypted in at least two physical locations in the EER using 256-bit AES encryption or GPG, data integrity and authenticity is verified using HMAC- SHA256. Data is encrypted client-side.
7. We use separate environments in our infrastructure. There is a separation between development, testing, acceptance and production.
8. We run daily automated scripts on our API & database for security checks and do a monthly security analysis to ensure our security is up to date. Critical security patches are installed nightly.
9. Our API and databases run on a flexible hosting environment with a fail-over cluster with constant health checks.
10. All our technical infrastructure component are hosted within a virtual private cloud. Therefore data in our platform is only available through an API connection.
11. We educate our (technical) personnel on how to treat personal data on a continuing basis and make sure that access is on a need-to-have basis.

As a Customer, as long as you make use of the VeiligWerk | SafetyFirst service, you grant VeiligWerk | SafetyFirst a royalty-free, paid-up, non-exclusive, irrevocable and worldwide license to access, log, retain and use all (Consumer) Data pertaining to your account, as well as all other data and content you provide to us, in order for us to offer you a full functioning service, as well as carry out Customer related tasks, ie; starting and facilitating workflows for reports and inspections (and similar concepts) and compile statistics, metrics, insights, and general trend-data about the VeiligWerk | SafetyFirst’s service for your insight. While doing this, VeiligWerk | SafetyFirst will always adhere to the agreements made between you and VeiligWerk | SafetyFirst about the handling of (Consumer) Data.

For clarity, as between you and VeiligWerk | SafetyFirst, all (Consumer) Data shall be solely and exclusively owned by you. As used herein, Consumer Data means any data pertaining to Consumers’ engagement with our service (such as, without limitation, generation of reports or inspections and interaction with safety information such as toolboxes).

3.1 Application of AI VeiligWerk may use technologies based on artificial intelligence in the provision of the Service. This AI is deployed for performing, improving, and securing the Service, and for providing features that contribute to an enhanced user experience.

3.2 Use of Customer Data VeiligWerk | SafetyFirst may process Customer Data solely for the following purposes:

1. For functional AI within the Service, including automatic classification, document analysis, risk detection in photos, workflow automation, and quality or safety recommendations.
2. For improving the performance of the Service, provided this is done with anonymized or aggregated data that cannot be traced back to individual customers.
3. For internal analyses to improve the stability, security, and efficiency of the Service.
4. For the use of third-party AI technologies, under the conditions that these third parties do not use the Customer Data to train their own models, apply appropriate security measures, and that processing takes place within the European Economic Area or in countries with an adequacy decision by the European Commission, or where a data protection impact assessment (DPIA) has been conducted.

3.3 Prohibited Use
VeiligWerk | SafetyFirst will not do the following:

1. Use Customer Data to train generic or public AI models.
2. Make Customer Data available to third parties as training material.
3. Process Customer Data for purposes other than delivering, improving, or securing the Service.

3.4 Ownership and Rights of the Client

1. Customer Data remains the property of the Client or its End Users, as specified in Article 1.
2. The Client retains the right to request, export, or have Customer Data deleted, insofar as legally permitted and technically feasible.
3. VeiligWerk | SafetyFirst will be transparent about the use of AI within the Service and will limit such use to what is necessary for the agreed purposes.

3.5 Security
VeiligWerk | SafetyFirst shall take appropriate technical and organizational measures to protect Customer Data against loss, misuse, and unauthorized access. These measures also apply to the use of AI technology and to any external third parties engaged.

3.6 Compliance with Legislation
VeiligWerk processes Customer Data in accordance with applicable legislation, including the GDPR and the EU AI Act. If relevant regulations change, VeiligWerk | SafetyFirst will adjust its practices where necessary.

You must not, and we shall never allow, (and shall not allow any third party to) use the VeiligWerk | SafetyFirst’s service to track, collect or upload any data that personally identifies an individual (such as, but not limited to, a name, email address, or billing information) in violation of any applicable law or regulation. You must have, and at all times comply with, an appropriate privacy policy that conforms to the laws of your country/jurisdiction.
As you use our Services, you (or we for you) may import (manually or automatically) into our system, personal information you have collected from your users/customers or other individuals. We have no direct relationship with these users/customers or any person other than you, and for that reason, you are responsible for making sure you have the appropriate permission for us to collect and process information about those individuals.

The VeiligWerk | SafetyFirst’s service may include tools giving you the opportunity to provide us with feedback data (such as but not limited to, comments, suggestions, and questions) about the VeiligWerk | SafetyFirst’s service (“Feedback“). You agree that all rights, title, and interest in and to all Feedback (even if provided to us other than through the VeiligWerk | SafetyFirst’s service tools) are and shall remain the sole and exclusive property of VeiligWerk | SafetyFirst.

Wil je ons op een vertrouwelijke manier bereiken? Versleutel dan je bericht met deze key.

You agree to comply with all applicable international, national, state, regional and local laws and regulations in accessing and/or using the VeiligWerk | SafetyFirst’s service (or any part thereof) and in performing your obligations and exercising your rights under these Terms, including without limitation laws relating to privacy, data protection, and exports (such as the GDPR). If you have any questions about these terms or other terms of our service, please contact support@veiligwerk.net