Customer Support: 866-817-2210
Additional Languages:
Highwire Inc. (“Highwire”) operates a Contractor Assessment Safety Program (the “Program”). Under the Program, a company which offers different construction related services (the “Contracting Partner”) submits certain prescribed business information as well as safety and financial information to Highwire. That information is used by Highwire to create safety and/or financial assessments (“Assessments”) of that Contracting Partner. As described in the Highwire Contracting Partner Participation Agreement (“CPPA”), the Assessments are provided to the Contracting Partners to create and improve their safety scores. If pre-authorized by the Contracting Partner, the Assessments and scores are shared with so-called “Hiring Clients”.
As all our Contracting Partners are businesses, the information provided by them is usually business related and the amount of personal data as defined in the EU General Data Protection Regulation (the “GDPR”) that we collect is limited. However, if the Contracting Partner is a small company, company-related data may be categorized as personal data.
This privacy notice (the “Privacy Notice”) serves to inform Contracting Partners and/or their representatives or contact persons located in the European Economic Area (“EEA”) about the processing of their personal data.
Highwire, Inc.
700 District Avenue
Burlington, Massachusetts, 01803
United States of America
Email: support@highwire.com
Phone: +1-866-817-2210
You may contact our data protection officer by email at support@highwire.com or by regular mail using the addition “data protection officer”.
In general, we process the following information (“Personal Data”):
In general, we only process the Personal Data which you share with us in order to create an account and complete an Assessment. We therefore receive the Personal Data directly from you. In the event the Contracting Partner adds you as a contact person or a Hiring Client asks us to contact you with regard to an Assessment for a particular project, we receive your name, business email address and business phone number from the Contracting Partner or the Hiring Client.
In general, Personal Data is processed in order to enter into the CPPA and to fulfil the obligations under the CPPA, in particular to enrol the Contracting Partner in the Program, provide an Assessment and share the Assessment with the Hiring Clients as authorised by the Contracting Partner.
Personal Data is necessary in order to enter into and fulfil the obligations under the CPPA.
The legal basis for the processing of Personal Data is the performance of our contract with you (Art. 6 (1) b) GDPR) if you are our direct Contracting Partner. If you register as a representative or a contact person of our Contracting Partner, the processing of your Personal Data for the aforesaid purposes serves the performance of our contract with the Contracting Partner and is in the legitimate interests of Highwire, meaning that Art. 6 (1) f) GDPR is the legal basis for our processing of the data.
Furthermore, in the context of performing our contract with the Contracting Partner, Highwire has a legitimate interest in processing your Personal Data to the extent that this is necessary for the following purposes (Art. 6 (1) f) GDPR):
Highwire is also subject to various legal obligations (Art. 6(1) c) GDPR) that may require the processing of your Personal Data. Such legal obligations may follow, for example, from taxation laws, trade laws or sanctions laws.
In general, Personal Data is disclosed only to Hiring Clients which have been pre-authorized by the Contracting Partner.
To process and store Personal Data, we can use external service providers within and outside the EEA. For example, we use Amazon Web Services (“AWS”) to facilitate our Program. We carefully select these service providers and instruct them in compliance with applicable data protection laws.
To the extent legally permissible, we may need to disclose the data to national and foreign authorities (such as social security institutions, tax authorities or law enforcement agencies) and/ or courts in order to comply with statutory duties or in order to act in the interests of Highwire.
By choosing the relevant settings with AWS, we ensure that Personal Data from EEA data subjects is stored on AWS servers within the EEA. However, employees of Highwire access and process the Personal Data from within the U.S. to provide you with our services and perform the CPPA.
In countries outside the EEA, data protection regulations may apply that do not guarantee a level of data protection comparable to that in the EEA. However, we protect and secure your Personal Data by storing them within the EEA and implementing an Information Security Management System certified under the ISO/IEC 27001 Standard.
If, for the purposes specified above, your Personal Data is transferred to other recipients outside the EEA, we will implement appropriate measures to ensure that your Personal Data is adequately protected. In particular, where appropriate, we will enter into so-called EU standard contractual clauses to secure the onward transfer.
You may contact our data protection officer for further information.
Each of our employees and all staff members of external service providers who have access to Personal Data are obliged to treat the Personal Data confidentially. In addition, we have implemented various technical and organisational measures e.g.:
We delete Personal Data once it is no longer necessary for the fulfilment of our contractual obligations or the legitimate interests outlined in this Privacy Notice and if no statutory retention obligations apply. In the event that a statutory retention obligation applies, we will restrict the processing of the Personal Data.
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, you have the right to receive information about your Personal Data, to require rectification or erasure of your Personal Data or the restriction of the processing and to receive your Personal Data in a structured, commonly used and machine-readable format (data portability).
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, you also have the right to object to the processing of your Personal Data.
To the extent that we process your Personal Data in order to inform you about our advisory services and current developments where relevant for your business, you can object to a processing of your Personal Data at any given time and without stating any reasons.
Further, you are entitled to lodge a complaint with a supervisory authority regarding the processing of your Personal Data.
This Privacy Notice is the version of 15 December 2021 and is currently applicable.
As we continue to develop and update our services or as statutory and/or regulatory provisions are amended, it may become necessary to amend this Privacy Notice. You can access, save and print the latest version of this Privacy Notice at any time via our website.
The author of this policy is considered the owner and has the responsibility for updating it whenever changes are dictated by the work. In addition, an annual review of this policy will be conducted by the Vice President of Compliance to ensure that it remains appropriate considering any relevant changes to the law, organizational policies, and/or contractual obligations.
As specified in the CS Administrative Manual, all changes to an ISMS document must be made using “Track changes,” making visible only the revisions to the previous version, either showing them in red text or strikeout. In addition, for reference, all previous versions of an ISMS document are stored on the personal user drive of the CS Vice President of Compliance. The versioning history for this document is defined in the table below:
Copyright © 2023 Highwire. All Rights Reserved. Privacy Policy EEA Privacy Notice
