Decent H&S – Privacy Policy
Last Updated: 21 Nov. 2025
Decent H&S (“we”, “us”, “our”) is a Health & Safety software platform operated by Decent H&S Consultancy Ltd, a company registered in the Republic of Cyprus.
We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your information when you visit our website, use our SaaS platform, or interact with us in any way.
This Policy is drafted in accordance with the EU General Data Protection Regulation (GDPR) and the Cyprus Data Protection Law (L.125(I)/2018).
If you do not agree with this Policy, please stop using our website and services.
1. Who We Are
Data Controller:
Decent H&S Consultancy Ltd
2 Iosif Hadjiosif Street & Athalassis Avenue
2027 Strovolos, Nicosia, Cyprus
Email: privacy@decenthands.com
Decent determines how your personal data is processed when you interact with our platform, website, communications, and customer support.
For customers using our platform to manage Health & Safety inspections, Decent may also act as a data processor, with the customer acting as the data controller for the information they input into the system.
2. How We Collect Information
We collect information in three primary ways:
2.1 Information You Provide Directly
This includes:
- Account details: name, email, password, organisation
- Profile information: job title, phone number, team/role
- Inspection data: forms, checklists, photos, notes, signatures
- Support requests: emails, attachments, messages
- Billing data: company details, VAT number (processed through secure third-party systems)
2.2 Information Collected Automatically
When you use our Services, we automatically collect:
- Device information (browser type, OS)
- IP address and approximate location
- Log and audit data (login events, activity interactions)
- Mobile and web usage data
- Cookies and analytics (see Section 10)
2.3 Information from Third Parties
We may receive information via:
- Integrations enabled by your organisation
- Authentication providers (e.g., SSO, identity managers)
- VeChain ToolChain® blockchain infrastructure (see Section 11)
We treat all such information in line with this Policy.
3. How We Use Your Information
We use your information to:
- Create and manage user accounts
- Provide and optimise the Decent platform
- Enable H&S inspections, observations, asset tracking, and reporting
- Secure our systems and prevent unauthorised activity
- Process payments (via secure third-party processors)
- Respond to support queries
- Improve product functionality and user experience
- Comply with legal obligations
We do not sell, lease, or trade your personal data.
4. Legal Bases for Processing
Depending on the context, we process your data under:
- Performance of contract — to provide you with the platform
- Legitimate interests — security, optimisation, fraud prevention
- Legal obligations — tax law, regulatory compliance
- Consent — marketing communications, cookie preferences
5. How We Share Information
We share your information only when necessary:
5.1 Service Providers (Processors)
We use trusted vendors for:
- Cloud hosting on AWS (EU regions only)
- Email notifications
- Analytics
- Customer support
- Payment processing
All providers are contractually bound to GDPR-compliant processing.
5.2 Within Your Organisation
If you use Decent as part of a team, admins may access:
- Reports
- Audit trails
- Uploaded content
- Activity logs
5.3 Legal Requirements
We may disclose information when required to:
- Comply with EU or Cyprus law
- Respond to lawful government requests
- Protect rights, safety, or prevent fraud
5.4 Blockchain Sharing
Blockchain-related data is shared with VeChain ToolChain® as part of immutable on-chain operations (see Section 11). VeChain is an independent data controller for blockchain processing.
6. How We Store and Secure Information
We store your information on secure AWS servers located within the European Union.
We apply industry-leading safeguards such as:
- Encryption in transit and at rest
- Role-based access controls
- Monitoring and audit logs
- Secure development practices
No method of transmission or storage is completely secure. We encourage users to maintain strong passwords and follow organisational security guidance.
7. Data Retention
We retain data only for as long as necessary:
- User accounts: active lifetime + limited period afterward for auditing
- Inspection data: determined by your organisation’s retention policy
- Logs: typically 12–24 months
- Billing records: 7 years (Cyprus law)
You may request deletion at any time (subject to limitations described in Section 11 for blockchain).
8. Your Rights
As an EU data subject, you may:
- Access your personal data
- Correct inaccurate data
- Request deletion
- Object to processing
- Restrict processing
- Request data portability
- Withdraw consent
- File a complaint with the Cyprus Commissioner for Personal Data Protection
To exercise any rights, contact: privacy@decenthands.com
9. International Transfers
Most data is stored and processed within the EU.
Some data may be transferred outside the EU when interacting with:
- VeChain ToolChain® nodes
- Third-party integrations chosen by your organisation
Where transfers occur, we apply appropriate safeguards such as:
- Standard Contractual Clauses
- Technical minimisation (e.g., hashing)
- Encryption
10. Cookies and Tracking Technologies
We use cookies to:
- Maintain session integrity
- Improve platform performance
- Analyse anonymised usage patterns
You can manage cookie settings through your browser.
A detailed Cookie Policy is provided separately.
11. Blockchain Processing (VeChain ToolChain®)
Some features of the Decent platform use VeChain ToolChain®, operated by Shanghai NanoJClean Technology Co., Ltd. (Refer to: VeChain ToolChain® Privacy Policy).
11.1 What We Record on the Blockchain
We never write personal data on-chain. Only:
- Cryptographic hash values
- Transaction metadata
- Digital fingerprints of events
11.2 Immutable Ledger
The VeChain blockchain is public, immutable, and globally distributed:
- Records cannot be edited, deleted, or modified
- Blockchain data may be accessed globally
- Decent cannot honour GDPR erasure or rectification requests regarding on-chain entries
- Users must avoid uploading personal data where hashing could indirectly expose identity
These restrictions come directly from VeChain’s public policy.
11.3 Roles Under GDPR
- Decent acts as Data Controller for deciding when hashes are written on-chain.
- VeChain acts as an independent Data Controller for blockchain processing.
- Your organisation may act as controller for the underlying H&S data being hashed.
11.4 International Transfers
Blockchain networks operate globally. Hashes written to VeChain may be processed outside the EU, including in China, where VeChain stores data.
This cross-border transfer is inherent to blockchain technology.
11.5 User Responsibility
Before enabling blockchain features, users must ensure:
- No personal data is embedded in uploaded documents
- No identifying information is added in metadata that forms part of the hash
- The organisation understands that blockchain entries are permanent
VeChain emphasises that users must decide prudently before uploading any material to the blockchain.
11.6 GDPR Rights and Blockchain
Your GDPR rights apply to off-chain data only.
They cannot apply to blockchain entries due to technical immutability.
We will always exercise best efforts to minimise data and avoid unnecessary personal data processing on-chain.
12. Children's Privacy
Our Services are not intended for individuals under 16 years old. We do not knowingly collect children’s data.
13. Changes to This Policy
We may update this Privacy Policy as we improve our Services or adapt to regulatory changes. If updates are material, we will notify you through:
- Email, or
- Platform notifications, or
- Website announcements.
Continued use of the Services after updates indicates acceptance of the revised Policy.
14. Contact Us
For any questions about this Privacy Policy or your personal data, please contact:
Decent H&S Consultancy Ltd
Email: privacy@decenthands.com
Address: 2 Iosif Hadjiosif Street & Athalassis Avenue,
2027 Nicosia, Cyprus
