EHS Analytics Privacy Policy

Data privacy and security are very important issues in the modern connected world, and at EHS Analytics data and its integrity are key to our business. As such we are committed to ensuring that your data is protected, at a minimum, by the federal PIPEDA (Personal Information Protection and Electronic Documents Act) standards, or legislation relevant to your jurisdiction.

EHS analytics will also perform, at a minimum, annual internal audits of its compliance with these standards to ensure we keep up with the changing world.

We are committed to creating a secure computing environment in which our customers can perform the tasks necessary to improve their personal and organisation’s safety. In order to do this, EHS Analytics will protect the privacy of individuals in the EHS Platform and other Information Resources from risks such as unauthorized creation, collection, access, use, disclosure, disruption, modification, or destruction.

At the time of writing, here are the principles set out by PIPEDA that EHS Analytics follows and will audit annually:
(EHS Analytics may alter this list as required by changes in legislation)

(a)    Accountability for Personal Information
EHS Analytics has designated a Chief Privacy Officer who is responsible for the administration of our compliance with PIPEDA.

(b)    Identifying Purposes
EHS Analytics will collect Personal Information for the purposes of (1) compliance with WCB (and similar bodies) and (2) the goal of establishing a platform to discern incident trends to improve overall safety

(c)    Consent
EHS Analytics will obtain either express or implied consent from an Individual’s Organization before collecting Personal Information where required by the Act.

(d)    Limiting Collection
EHS Analytics will contain the scope of collecting Personal Information where required by the Act.

(e)    Limiting use, disclosure, and retention
EHS Analytics will use, disclose and retain Personal Information under the constraints laid out in the Act, generally via (b), (c) and (i)

(f)    Ensuring Accuracy
EHS Analytics will make every reasonable effort to ensure that the Personal Information in its custody or under its control is accurate and complete and will work with an Individual’s Organization to confirm the accuracy of this information.

(g)    Safeguards
EHS Analytics will protect Personal Information in its custody or control by implementing reasonable security measures, as detailed in the Security Policy.

(h)    Openness
 An up to date copy of this policy and contact information for the Chief Privacy Officer is available upon request.

(i)    Individual access
EHS Analytics will comply with PIPEDA regulations around individual access to the extent that it is possible/reasonable (as laid out by the Act) and is the mandate of EHS Analytics vs. the customer organization.

(j)    Challenging compliance
In general the responsibility for individual record data integrity and vetting of compliance lies with the customer organizations, and EHS Analytics will work with them to remedy any compliance issues that arise.

Date of Last Revision: April 3, 2018