OSHAadvisor, Inc.

Privacy Policy

Effective Date: July 25, 2018

This privacy policy (‘Privacy Policy or Policy’) is applicable to the OSHAadvisor.com website and the OSHAadvisor Software (‘OSHAadvisor Software’ or ‘Software’). This Policy does not apply to the websites or software of any third party (eg, OSHAadvisor, Inc.’s Business Partners), even if links to their websites and software are on our website or accessible within OSHAadvisor Software.

OSHAadvisor, Inc. (‘us’, ‘we’, or ‘our’) operates the www.oshaadvisor.com website and OSHAadvisor Software. This Policy informs you of our policies regarding the collection, use, processing, transfer and/or storage of Customer Data when you use our website, and purchase and use our Software.

By accessing and using our website and Software, you agree to the collection and use of your Customer Data according to this Policy. Unless otherwise defined in this Policy, terms used in this Policy have the same meanings as in our Licensing Agreement.

Definitions

Business Partners
For the purposes of this Privacy Policy, ‘Business Partners’ are our service providers, including: subcontractors, vendors or other entities with whom we have ongoing business relationships to provide products, services or information. Our primary Business Partners are set forth below.

Our website (www.oshaadvisor.com) is hosted by Hostwinds, Inc. (www.hostwinds.com).

Our payment processing is provided by Stripe (www.stripe.com).

Our development platform and interface are provided by Outsystems (www.Outsystems.com).

Our Software cloud computing and associated Customer Data storage is provided by Amazon Web Services (www.aws.amazon.com).

Cookies
Cookies are pieces of text that are placed on your computing device depending on your selected browser settings. Cookies store your preferences and other information in order to save you time by eliminating the need to enter the same information repeatedly.

Customer Data
Customer Data includes personal data and means information or data that can directly or indirectly identify you as an individual, such as your name, telephone number, address, billing information and email address or other similar information. It also includes Usage Data as defined below.

Data Controller
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which, and the manner in which any Customer Data is or will be processed.

For the purpose of this Policy, we are a Data Controller of your Customer Data.

Data Processors
Data Processor means any natural or legal person who processes the data on behalf of the Data Controller.

We may use the services of various Data Processors in order to process your data more effectively.

Software
Software means the www.oshaadvisor.com website and the OSHAadvisor Software operated by OSHAadvisor, Inc.

Usage Data
Usage Data is data collected and stored, and is either generated by the use of the Software or from the Software infrastructure itself. Usage Data can include: company addresses, log files, unique device identifiers, pages viewed and browser type; any links you click on to leave or interact with our Software; and other usage information collected from cookies and other tracking technologies.

Subscriber
Subscriber means the person or company or government entity that enters into the License Agreement with OSHAadvisor, Inc., and the End User designated by the Subscriber.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Software.

Types of Data Collected

Customer Data

We may ask you to provide us with certain Customer Data when accessing our website, and purchasing and using our Software. Customer Data may include, but is not limited to:

·       Email address

·       First name and last name

·       Phone number

·       Address, State, Province, ZIP/Postal code, City

·       Username

·       Password

·       Cookies

·       Usage Data

We may use your Customer Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. We may introduce new features that may collect new or different types of information. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

Usage Data

We may also collect information that your browser sends whenever you visit our Software or when you access the Software by or through an electronic device (‘Usage Data’).

This Usage Data may include information such as your computer's Internet Protocol address (eg, IP address), browser type, browser version, the pages of our Software that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Location Data

We may use and store information about your location if you give us permission to do so (‘Location Data’). We use this data to provide features of our Software, to improve and customize our Software.

You can enable or disable location service when you use our Software at any time, through your device settings.

Tracking Cookies Data

We use cookies and similar tracking technologies to track the activity on our Software and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information, and to improve and analyze our Software.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Software.

Examples of Cookies we use:

·       Session Cookies. We use Session Cookies to operate our Software.

·       Preference Cookies. We use Preference Cookies to remember your preferences and various settings.

·       Security Cookies. We use Security Cookies for security purposes.

·       Advertising Cookies. Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests.

Use of Data

OSHAadvisor, Inc. uses collected data for various purposes:

·       To provide and maintain our Software

·       To notify you about changes to our Software

·       To allow you to participate in interactive features of our Software when you choose to do so

·       To provide customer support

·       To gather analysis or valuable information so that we can improve our Software

·       To monitor the usage of our Software

·       To detect, prevent and address technical issues

·       To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information

Legal Basis for Processing Customer Data Under General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), OSHAadvisor, Inc.’s legal basis for collecting and using Customer Data described in this Policy depends on the Customer Data we collect and the specific context in which we collect it.

OSHAadvisor, Inc. may process Customer Data because:

·       We need to perform a contract with you

·       You have given us permission to do so

·       The processing is in our legitimate interests and it is not overridden by your rights

·       For payment processing purposes

·       To comply with the law

Retention of Data

OSHAadvisor, Inc. will retain Customer Data only for as long as is necessary for the purposes set out in this Policy. We will retain and use Customer Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

OSHAadvisor, Inc. will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Software, or we are legally obligated to retain this data for longer time periods.

Transfer of Data

Customer Data may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside United States and choose to provide information to us, please note that we transfer Customer Data to the United States and process it there.

Your consent to this Policy followed by your submission of such information represents your agreement to that transfer.

OSHAadvisor, Inc. will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy and no transfer of Customer Data will take place to an organization or a country unless there are adequate controls in place including the security of Customer Data and other personal information.

Business Partners

We may employ third party companies and individuals to facilitate our Software (‘Business Partners’), to provide the Software on our behalf, to perform Software-related services or to assist us in analyzing how our Software is used.

These third parties have access to Customer Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party Business Partners to monitor and analyze the use of our Software.

Google Analytics

Google Analytics is a web analytics Software offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Software. This data is shared with other Google Softwares. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en

Advertising

We may use third-party Business Partners to show advertisements to you to help support and maintain our Software.

Google AdSense DoubleClick Cookie

Google, as a third-party vendor, uses cookies to serve ads on our Software. Google's use of the DoubleClick cookie enables it and its partners to serve ads to our users based on their visit to our Software or other websites on the Internet.

You may opt out of the use of the DoubleClick Cookie for interest-based advertising by visiting the Google Ads Settings web page:

http://www.google.com/ads/preferences/

Behavioral Remarketing

OSHAadvisor, Inc. uses remarketing services to advertise on third party websites to you after you visited our Software. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Software.

Google AdWords

Google AdWords remarketing Software is provided by Google Inc.

You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page:

http://www.google.com/settings/ads

Google also recommends installing the Google Analytics Opt-out Browser Add-on –

https://tools.google.com/dlpage/gaoptout - for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en

Payments

We may provide paid products and/or services within the Software. In that case, we use third-party services for payment processing.

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy and Security Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

Links to Other Sites

Our Software may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Disclosure of Data

Business Transaction

If OSHAadvisor, Inc. is involved in a merger, acquisition or asset sale, your Customer Data may be transferred. We will provide notice before your Customer Data is transferred and becomes subject to a different Privacy and Security Policy.

Disclosure for Law Enforcement

Under certain circumstances, OSHAadvisor, Inc. may be required to disclose your Customer Data if required to do so by law or in response to valid requests by public authorities (eg, a court or a government agency).

Legal Requirements

OSHAadvisor, Inc. may disclose your Customer Data in the good faith belief that such action is necessary:

·       To comply with a legal obligation

·       To protect and defend the rights or property of OSHAadvisor, Inc.

·       To prevent or investigate possible wrongdoing in connection with the Software

·       To protect the personal safety of users of the Software or the public

·       To protect against legal liability

Security of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Customer Data, we cannot guarantee its absolute security.

We implement a variety of security measures when an End-User enters, submits, or accesses our Software to maintain the safety of your Customer Data. Our Software is scanned on a regular basis for security holes and known vulnerabilities. We use regular Malware Scanning. Your Customer Data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

Software assessments are performed to identify potential or realized weaknesses as a result of inadvertent mis-configuration, weak authentication, insufficient error handling, sensitive information leakage, etc.  Discovery and subsequent mitigation of these issues will limit the attack surface of OSHAadvisor Software available both internally and externally as well as satisfy compliance with any relevant policies in place.

‘Do Not Track’ Signals Under California Online Privacy Protection Act (CalOPPA)

We do not support Do Not Track (‘DNT’). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Your Data Protection Rights Under General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. OSHAadvisor, Inc. aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Customer Data.

If you wish to be informed what Customer Data we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the following data protection rights:

The right to access, update or to delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Customer Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.

The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.

The right to object. You have the right to object to our processing of your Customer Data.

The right of restriction. You have the right to request that we restrict the processing of your Customer Data.

The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.

The right to withdraw consent. You also have the right to withdraw your consent at any time where OSHAadvisor, Inc. relied on your consent to process your Customer Data.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Customer Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Customer Data from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. - See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

We do not specifically market to children under the age of 13 years old.

We do not let third-parties, including ad networks or plug-ins collect personal information from children under 13.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect Customer Data.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

You have the right to complain to a Data Protection Authority about our collection and use of your Customer Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

We will notify you via email
       Within 7 business days\

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Policy on this page.

We will let you know via email and/or a prominent notice on our website, prior to the change becoming effective and update the ‘effective date’ at the top of this Policy.

You are advised to review this Policy periodically for any changes. Changes to this Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Policy, please contact us:

·       By email at info@oshaadvisor.com; or

·       By phone at 877-550-1752.