Privacy Policy

Privacy Policy for ehsprotect.com
Last Updated: May 22, 2025

Website Address
Our website address is: https://ehsprotect.com.

Comments
When visitors leave comments on the site, we collect the data shown in the comments form, including the visitor’s IP address and browser user agent string to aid spam detection. An anonymized string (hash) created from your email address may be shared with the Gravatar service to check for profile pictures, with their privacy policy at https://automattic.com/privacy/; note that comment functionality is minimal, primarily for general inquiries. After approval, your profile picture may be publicly visible with your comment, though this feature is rarely used given our focus on confidential EHS consulting services.

Media
If you upload images to the website, avoid including embedded location data (EXIF GPS), as visitors can download and extract this information. This is particularly important for EHS-related content (e.g., site photos from high-risk industries like oil/gas or mining), where location data could reveal sensitive operational details; we recommend removing such data before uploading.

Cookies
If you leave a comment on our site, you may opt-in to saving your name, email address, and website in cookies for convenience, lasting one year. We may also use cookies for temporary browser checks (discarded on closure), login sessions (two days, or two weeks with ‘Remember Me’, removed on logout), screen options (one year), and article edits (one day, no personal data, indicating post ID). Additionally, if you use our client portal or analytics tools for EHS services (e.g., risk assessments), we may set cookies to track usage, with your explicit opt-in required; details on these are available upon request.

Embedded Content from Other Websites
Articles on this site may include embedded content (e.g., videos, images, or industry tools like CDP reporting platforms). This content behaves as if you visited the originating website, potentially collecting data, using cookies, or tracking your interactions, especially if you’re logged into that site. For EHS-specific embeds (e.g., environmental data tools), we link to their privacy policies where available, and we encourage reviewing them.

Who We Share Your Data With
If you request a password reset, your IP address will be included in the reset email. For EHS consulting services (e.g., due diligence or risk management), we may share anonymized data with third parties like auditors or regulatory bodies, strictly for compliance, with your consent and under confidentiality agreements; we do not sell your data to advertisers.

How Long We Retain Your Data
Comments and their metadata are retained for two years to automate follow-up approvals, after which they are deleted unless required for legal purposes. For registered users (e.g., clients accessing EHS portals), we store profile data for the duration of our engagement plus six months, or as required by law (e.g., safety audits); users can view, edit, or delete this data (except usernames) anytime, with administrators having similar access.

What Rights You Have Over Your Data
If you have an account or have left comments, you can request an exported file of your personal data or request its erasure, subject to legal, administrative, or security obligations (e.g., EHS audit records). For EHS clients, this includes consultation data; submit requests via privacy@ehsprotect.com, and we’ll respond within 30 days, per applicable regulations like GDPR.

Where Your Data Is Sent
Visitor comments may be checked via an automated spam detection service. For EHS services, data may be transferred to secure servers in the EU or other regions (e.g., for global clients), complying with GDPR and using encryption; we notify you of significant transfers and obtain consent where required.

Data Breach Notification
In the unlikely event of a data breach, we will notify affected users within 72 hours of discovery, as per GDPR requirements, via email or site notice. We’ll detail the breach, affected data, and mitigation steps, ensuring transparency and compliance, especially for sensitive EHS data like risk assessments or due diligence reports.

Children’s Privacy
Our services are not directed to individuals under 16, and we do not knowingly collect personal data from children. If we learn such data has been collected (e.g., via comments), we will delete it immediately and encourage guardians to contact us at privacy@ehsprotect.com to address any concerns.

Data Protection Officer (DPO)
For GDPR compliance, we’ve appointed a Data Protection Officer (DPO) to oversee data handling, especially for EHS clients in high-risk industries. Contact our DPO at hello@ehsprotect.com for inquiries about data practices or to exercise your rights.

Changes to This Privacy Policy
We may update this policy to reflect legal or service changes, with updates posted here and effective immediately. Significant changes will be communicated via email or a site notice, particularly for EHS clients with active engagements, ensuring you’re informed of how your data is managed.

Additional Information

  • This policy complies with GDPR , CCPA and other relevant data protection laws, updated as of May 22, 2025. For jurisdiction-specific rights, contact us at hello@ehsprotect.com 
  • We use SSL encryption and regular security audits to protect your data, especially sensitive EHS information like risk assessments.
  • All EHS client data (e.g., due diligence reports) is handled under strict confidentiality, with non-disclosure agreements where applicable.