Additional Languages:
Highwire Inc. (“Highwire”) operates a Contractor Assessment Safety Program (the “Program”). Under the Program, a company which offers different construction related services (the “Contracting Partner”) submits certain prescribed business information as well as safety and financial information to Highwire. That information is used by Highwire to create safety and/or financial assessments (“Assessments”) of that Contracting Partner. As described in the Highwire Contracting Partner Participation Agreement (“CPPA”), the Assessments are provided to the Contracting Partners to create and improve their safety scores. If pre-authorized by the Contracting Partner, the Assessments and scores are shared with so-called “Hiring Clients”.
As all our Contracting Partners are businesses, the information provided by them is usually business related and the amount of personal data as defined in the EU General Data Protection Regulation (the “GDPR”) that we collect is limited. However, if the Contracting Partner is a small company, company-related data may be categorized as personal data.
This privacy notice (the “Privacy Notice”) serves to inform Contracting Partners and/or their representatives or contact persons located in the European Economic Area (“EEA”) about the processing of their personal data.
Highwire, Inc.
700 District Avenue
Burlington, Massachusetts, 01803
United States of America
Email: support@highwire.com
Phone: +1-866-817-2210
You may contact our data protection officer by email at support@highwire.com or by regular mail using the addition “data protection officer”.
In general, we process the following information (“Personal Data”):
In general, we only process the Personal Data which you share with us in order to create an account and complete an Assessment. We therefore receive the Personal Data directly from you. In the event the Contracting Partner adds you as a contact person or a Hiring Client asks us to contact you with regard to an Assessment for a particular project, we receive your name, business email address and business phone number from the Contracting Partner or the Hiring Client.
In general, Personal Data is processed in order to enter into the CPPA and to fulfil the obligations under the CPPA, in particular to enrol the Contracting Partner in the Program, provide an Assessment and share the Assessment with the Hiring Clients as authorised by the Contracting Partner.
Personal Data is necessary in order to enter into and fulfil the obligations under the CPPA.
The legal basis for the processing of Personal Data is the performance of our contract with you (Art. 6 (1) b) GDPR) if you are our direct Contracting Partner. If you register as a representative or a contact person of our Contracting Partner, the processing of your Personal Data for the aforesaid purposes serves the performance of our contract with the Contracting Partner and is in the legitimate interests of Highwire, meaning that Art. 6 (1) f) GDPR is the legal basis for our processing of the data.
Furthermore, in the context of performing our contract with the Contracting Partner, Highwire has a legitimate interest in processing your Personal Data to the extent that this is necessary for the following purposes (Art. 6 (1) f) GDPR):
Highwire is also subject to various legal obligations (Art. 6(1) c) GDPR) that may require the processing of your Personal Data. Such legal obligations may follow, for example, from taxation laws, trade laws or sanctions laws.
In general, Personal Data is disclosed only to Hiring Clients which have been pre-authorized by the Contracting Partner.
To process and store Personal Data, we can use external service providers within and outside the EEA. For example, we use Amazon Web Services (“AWS”) to facilitate our Program. We carefully select these service providers and instruct them in compliance with applicable data protection laws.
To the extent legally permissible, we may need to disclose the data to national and foreign authorities (such as social security institutions, tax authorities or law enforcement agencies) and/ or courts in order to comply with statutory duties or in order to act in the interests of Highwire.
By choosing the relevant settings with AWS, we ensure that Personal Data from EEA data subjects is stored on AWS servers within the EEA. However, employees of Highwire access and process the Personal Data from within the U.S. to provide you with our services and perform the CPPA.
In countries outside the EEA, data protection regulations may apply that do not guarantee a level of data protection comparable to that in the EEA. However, we protect and secure your Personal Data by storing them within the EEA and implementing an Information Security Management System certified under the ISO/IEC 27001 Standard.
If, for the purposes specified above, your Personal Data is transferred to other recipients outside the EEA, we will implement appropriate measures to ensure that your Personal Data is adequately protected. In particular, where appropriate, we will enter into so-called EU standard contractual clauses to secure the onward transfer.
You may contact our data protection officer for further information.
Each of our employees and all staff members of external service providers who have access to Personal Data are obliged to treat the Personal Data confidentially. In addition, we have implemented various technical and organisational measures e.g.:
We delete Personal Data once it is no longer necessary for the fulfilment of our contractual obligations or the legitimate interests outlined in this Privacy Notice and if no statutory retention obligations apply. In the event that a statutory retention obligation applies, we will restrict the processing of the Personal Data.
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, you have the right to receive information about your Personal Data, to require rectification or erasure of your Personal Data or the restriction of the processing and to receive your Personal Data in a structured, commonly used and machine-readable format (data portability).
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, you also have the right to object to the processing of your Personal Data.
To the extent that we process your Personal Data in order to inform you about our advisory services and current developments where relevant for your business, you can object to a processing of your Personal Data at any given time and without stating any reasons.
Further, you are entitled to lodge a complaint with a supervisory authority regarding the processing of your Personal Data.
This Privacy Notice is the version of 15 December 2021 and is currently applicable.
As we continue to develop and update our services or as statutory and/or regulatory provisions are amended, it may become necessary to amend this Privacy Notice. You can access, save and print the latest version of this Privacy Notice at any time via our website.
The author of this policy is considered the owner and has the responsibility for updating it whenever changes are dictated by the work. In addition, an annual review of this policy will be conducted by the Vice President of Compliance to ensure that it remains appropriate considering any relevant changes to the law, organizational policies, and/or contractual obligations.
As specified in the CS Administrative Manual, all changes to an ISMS document must be made using “Track changes,” making visible only the revisions to the previous version, either showing them in red text or strikeout. In addition, for reference, all previous versions of an ISMS document are stored on the personal user drive of the CS Vice President of Compliance. The versioning history for this document is defined in the table below:
Copyright © 2023 Highwire. All Rights Reserved.   Privacy Policy    EEA Privacy Notice
Cookie | Duration | Description |
---|---|---|
__cfruid | session | This cookie is set by the provider Cloudflare. This cookie is used for load balancing and for identifying trusted web traffic. |
__hssrc | session | This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. |
AWSALBCORS | 7 days | This cookie is used for load balancing services provded by Amazon inorder to optimize the user experience. Amazon has updated the ALB and CLB so that customers can continue to use the CORS request with stickness. |
cookielawinfo-checkbox-advertisement | 1 year | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement". |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__hssc | 30 minutes | This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. |
__zlcmid | 1 year | This cookie is used by Zendesk live chat and is used to store the live chat ID. |
Cookie | Duration | Description |
---|---|---|
YSC | session | This cookies is set by Youtube and is used to track the views of embedded videos. |
Cookie | Duration | Description |
---|---|---|
__hstc | 1 year 24 days | This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). |
_ga | 2 years | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. |
_gat_UA-90586256-1 | 1 minute | This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites. |
_gid | 1 day | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form. |
hubspotutk | 1 year 24 days | This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts. |
vuid | 2 years | This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website. |
Cookie | Duration | Description |
---|---|---|
IDE | 1 year 24 days | Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile. |
test_cookie | 15 minutes | This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website. |
Cookie | Duration | Description |
---|---|---|
CONSENT | 16 years 7 months 3 days 5 hours | No description |
yt-remote-connected-devices | never | No description available. |
yt-remote-device-id | never | No description available. |