Privacy & Security Policy
Effective Date: 1/11/2018
Simple Safety Coach, LLC (“SSC”) takes issues regarding your privacy and security very seriously. This document will explain what information is collected, how that information is used, and how that information is managed and protected. Please take some time to familiarize yourself with this Privacy and Security Policy (“Policy”).
These Services are intended for U.S audiences and are governed by and operated in accordance with the laws of the U.S. By using the Services, you agree that the collection, storage, and use of any information, including correspondence with SSC, is subject to United States laws and regulations and our Policy.
What Information Is Collected
We collect information in three ways:
- Communications sent to us. These include e-mail, traditional mail or any other form of communication. This information helps SSC improve the Services that we offer as well as increases the effectiveness of our ability to respond to current as well as future inquiries.
- Information entered into the Services. This can be further broken down into two types:
- The first includes signup/registration information, which includes company information and additional configuration information such as site(s), users, and access roles.
- User and other employee collaboration on Unsafe Condition Reports, Accident Reports, training, program creation, and any other entry of information into the Services.
- Log Information. Through the normal use of the Services, we automatically collect and store certain information that helps us manage and improve the Services. These include Internet Protocol addresses, activities performed within the Services, and device information such as operating system, browser type, language, etc. No log information contains any potentially confidential or uniquely identifiable information.
There will be a mix of publicly available information (such as company address) and confidential information, such as employee, policy, environmental and incident information entered as part of normal use of the Services. As such, SSC relies on the users of the Services to create, assign and maintain access roles appropriately so as to comply with their own information access and security policies. Special care needs to be taken with regards to managing access to the Accident Report injury detail and associated features (such as 300 Log and 301 reports) that have a reasonable expectation of containing Personal Health Information (PHI). It is incumbent upon the User to ensure the most limited access possible to these features.
How Information Is Used
Information is used in the following capacities:
- To render the features of the Services provided within SSC.
- To manipulate stored data into standard format for either download or delivery to a third party, such as OSHA. No data will be exchanged with third-parties without the expressed consent and knowledge of the User.
- As an aggregate data source for understanding how SSC is being used, and informing SSC of industry trends. In this capacity, information is evaluated in the aggregate, without any identifying information.
- Authentication tokens and basic user information. A new token is issued upon a successful login, and are stored in the local computer as a persistent cookie. The token is not your password, is unique each time it is issued, and is good for a limited time use only. You can remove this persistent cookie by following directions provide by the Internet browser being used.
- We use third-party cookies, like Google, for analytics, and those third-party cookies may be placed on your computer. We do not collect data on your online activities over time across third-party websites.
We use the information we collect, regardless of source or means, to provide, maintain, protect and improve SSC and the Services we offer to our Users.
Legal Access to Your Information
SSC retains the right to make information collected available to companies or individuals outside of SSC where reasonable necessary for the following purposes:
- To comply with any applicable law, regulation, legal process or enforceable governmental request.
- To detect, prevent or investigate real or possible fraud, security, or technical issues as relevant to SSC Services.
- Protect the rights, property, and security of SSC and our clients’ interests as required or permitted by law.
How Information Is Protected
SSC takes a holistic approach to security. It is incorporated into the development process, testing procedures, support, and all operational activities. Although no publicly available technology system can be guaranteed to be 100% secure, we draw upon industry best practices in order to protect your data with all effort reasonable.
Specific steps that have been taken to enhance security include:
- Use of complex passwords with the ability to use longer password phrases.
- Auto-expiring access tokens.
- Firewalls and access controls both from external as well as between internal infrastructure components.
- SSL encryption to ensure your data is secure in transit between your browser and the SSC Services.
- Strong encryption of any data and/or supporting resources that are considered secure Personally Identifiable Information (PII), or Personal Health Information (PHI).