GDPR Compliance

Last updated: February 10, 2026

1. Our Commitment to GDPR

Harmoniq Safety is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and your rights as a data subject.

2. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract Performance: To provide our safety management services to you and your organization
  • Legal Obligation: To comply with workplace safety regulations and record-keeping requirements
  • Legitimate Interest: To improve our services, prevent fraud, and ensure security
  • Consent: For marketing communications (you may withdraw at any time)

3. Your GDPR Rights

Under GDPR, you have the following rights:

Right of Access (Article 15)

You can request a copy of all personal data we hold about you.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete data.

Right to Erasure (Article 17)

You can request deletion of your data ("right to be forgotten"), subject to legal retention requirements.

Right to Restrict Processing (Article 18)

You can request we limit how we use your data in certain circumstances.

Right to Data Portability (Article 20)

You can request your data in a machine-readable format to transfer to another service.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing.

4. Data Processing Agreement

For enterprise customers, we offer a Data Processing Agreement (DPA) that outlines our obligations as a data processor. Contact us to request a signed DPA for your organization.

5. Data Transfers

If we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • Adequacy decisions (for countries deemed adequate by the EU)
  • Binding Corporate Rules (where applicable)

6. Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection team at:
[email protected]

7. Exercising Your Rights

To exercise any of your GDPR rights:

  1. Email us at [email protected]
  2. Include your full name and the email associated with your account
  3. Specify which right(s) you wish to exercise
  4. We will respond within 30 days

8. Supervisory Authority

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local Data Protection Authority (DPA). In the Netherlands, this is the Autoriteit Persoonsgegevens (AP).

9. Security Measures

We implement robust security measures to protect your data:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and role-based permissions
  • Employee security training
  • Incident response procedures