SafetyCulture Summit 2021
SafetyCulture treats the protection of customer data as one of its highest priorities.
Below we’ve shared some information on what the General Data Protection Regulation (GDPR) is, how it affects you and what SafetyCulture is doing.
The GDPR expands the rights of individuals to control how their personal information is collected and processed. GDPR places a range of obligations on organisations to be more accountable for data protection.
Check out the ICO’s GDPR guide, designed to assist organisations to comply with their requirements:
Guide to the GDPR
GDPR applies to companies that process personal data about people located in the EU.
You control the materials and information that you and your users upload, or provide to us, when using our products and services. We do not have control of the content that you collect nor whether it is personal in nature. Accordingly, you are responsible as the Data Controller for ensuring the data you collect while doing inspections or reporting incidents is compliant with the GDPR principles.
We take our responsibilities under GDPR seriously. Here is a quick summary of what we’ve done to date:
Some of the key items we are still working on include:
Under GDPR, our customers are considered the Data Controller and SafetyCulture is considered the Data Processor. GDPR specifies requirements for Controllers in relation to the personal data they are responsible for, including the requirement that when they use Data Processors these Processors provide sufficient guarantees that they will abide by GDPR and that the rights of the data subjects are protected.
We host our customer, audit and incident data with Amazon Web Services (AWS), who are a top-tier, third party data hosting provider.
For more information about AWS’s approach to compliance with the GDPR, see https://aws.amazon.com/compliance/gdpr-center
In some instances, SafetyCulture hosts or processes personal data outside of the European Economic Area – this is most likely with your user details rather than any audit or incident data. GDPR requires that this data remains protected by appropriate safeguards in line with EU law. SafetyCulture achieves this by either entering into the European Commission’s Standard Contractual Clauses with the entity the data is transferred to, or by ensuring the entity is Privacy Shield certified (for transfers to US based entities).
Data subjects may lodge requests with you as Data Controller, to extract all data relating to the data subject. Should you receive such a request and require our assistance in dealing with it, please send a detailed email to firstname.lastname@example.org and we will endeavour to action the request within 30 days.
Something went wrong with your submission.
Trying to log in? Click here to log in
Contact us if you require any assistance with this form.