EHS Genesis is built with data protection at its core. Here's how we protect your data and support your GDPR obligations.
Fully compliant with UK GDPR, the Data Protection Act 2018, and the EU GDPR. All data hosted in the UK and EU — never on US infrastructure.
Sensitive personal data is protected with AES-256 encryption in our PII Vault. All connections are encrypted in transit via HTTPS/TLS.
Your organisation is the data controller for all employee and incident data processed within the platform. We act solely as your data processor.
Tools to manage data subject rights are built into the platform under Admin > GDPR. We respond to all rights requests within one calendar month.
Your Organisation
Your organisation determines the purposes and means of processing employee data, incident data, health data, and all other personal data within the platform. You are the data controller for this data.
EHS Protect Ltd
We process personal data solely on your instructions, as set out in our Terms of Service. We do not use your data for our own purposes or share it with third parties beyond what is necessary to operate the platform.
Under UK GDPR, individuals have the following rights regarding their personal data. To exercise any right, contact privacy@ehsgenesis.com.
Right of Access
Request a copy of personal data we hold about you.
Right to Rectification
Request correction of inaccurate personal data.
Right to Erasure
Request deletion of personal data, subject to legal retention obligations.
Right to Restriction
Request that we restrict processing in certain circumstances.
Right to Portability
Request your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests.
Automated Decision-Making
We do not make automated decisions with legal or significant effects. All AI outputs require human review.
If you are a platform user and wish to exercise rights regarding data processed within the platform, please contact your organisation's administrator in the first instance — they are the data controller for that data.
Our Terms of Service establish the data processing relationship between EHS Protect Ltd (processor) and your organisation (controller) in accordance with Article 28 of the UK GDPR.
Enterprise customers who require a standalone Data Processing Agreement (DPA) — for example, to satisfy procurement requirements or regulatory obligations — can request one by contacting us. The DPA covers:
Your data stays in the UK and EU.
All customer data is hosted exclusively on IONOS infrastructure — a German-owned company (Frankfurt Stock Exchange listed) with data centres in Frankfurt, Germany, and London, United Kingdom. No data is hosted on AWS, Azure, or Google Cloud. Your data is not subject to the US CLOUD Act, FISA Section 702, or Executive Order 12333.
Hosting Provider
IONOS SE — German-owned, Frankfurt Stock Exchange listed
Data Centre Locations
Frankfurt, Germany & London, United Kingdom
Applicable Law
EU GDPR and German BDSG — no US cloud jurisdiction
Privacy Policy
How we collect, use, and protect personal data across the website and platform.
Cookie Policy
Which cookies we use, why, and how to manage your preferences.
Terms of Service
The full agreement governing your use of the EHS Genesis platform.
Privacy Contact
privacy@ehsgenesis.com — for data rights requests and GDPR enquiries.