Privacy Policy — Contractor Health & Safety Training

Last updated: 14/10/2025

Controller: TM OCOTECH
Contact: stijn.pelgrims@ocotech.be
Galjoenstraat 2,
2030 Antwerpen

1. Purpose & Scope

This Privacy Policy explains how TM OCOTECH handles personal information when contractors access our Health & Safety (H&S) video training portal and complete follow-up tests. The system is designed to verify that each contractor has viewed required safety materials while protecting privacy through data minimisation and anonymisation.

No personal data is permanently stored on our servers. Identity details are entered only by the user within their browser session and are never written to persistent storage.

2. Data We Process

The portal operates on a strict data-minimisation model:

• Identity inputs: Full name, date of birth, nationality, national ID, identity-document number, and document-expiry date — entered locally by the contractor to generate a training certificate and verification record. These values are processed in-memory and immediately discarded after use.
• Anonymous verification data: A cryptographic hash (a non-reversible code) derived from those details may be stored solely to verify certificate authenticity. It cannot be used to reconstruct the original data.
• Training status: Anonymous records of module completion, pass/fail result, and certificate serial numbers are retained for audit purposes.

No cookies or tracking identifiers are used for analytics. The system does not record IP addresses or device fingerprints for participants.

3. Lawful Basis for Processing

Processing occurs only to confirm completion of legally required health and safety training. The lawful basis is legitimate interest and/or contractual necessity — ensuring compliance with site safety obligations. Where local law requires explicit consent for entering personal details, contractors will be asked to provide it before proceeding.

4. How We Use Information

Information is used solely to:

• Verify that the person completing the module is the intended contractor and confirm identity using nationality and document details.
• Generate a digital training certificate and anonymous audit record derived from those identity inputs.
• Enable future validation of the certificate through a secure hash comparison.

We do not use or share any identity data for marketing, profiling, or analytics.

5. Data Storage & Retention

Personal identifiers (name, date of birth, nationality, and identity-document details) are never stored. Only non-identifiable data — certificate serials and cryptographic hashes — are retained. These records are kept solely for verification and may be deleted when no longer required for compliance auditing.

Local identity data entered in the browser is erased automatically when the user logs out, closes the tab, or clears their session.

6. Data Sharing

Because identifiable data is never stored, no personal information is shared with third parties. If verification is requested by a contracting company or regulator, only non-identifiable certificate details (serial numbers, timestamps, and hashes) are disclosed.

7. Security by Design

The system follows a privacy-first architecture:

• All identity inputs are processed only in volatile memory or the user’s session.
• Permanent data consists only of random certificate identifiers and anonymous hashes.
• All network communication uses TLS encryption.
• No third-party analytics or advertising scripts are embedded.

8. Your Rights

Because TM OCOTECH does not retain identifiable information, most data-subject rights (access, correction, deletion) are inherently satisfied — there is no personal data to retrieve or amend.

If you believe any identifiable information has been inadvertently stored, contact us immediately at stijn.pelgrims@ocotech.be so it can be removed.

9. Minors

This training system is intended for adult contractors. Individuals under the legal working age should not use the portal without explicit authorization from a parent, guardian, or employer.

10. Updates to This Policy

We may update this policy to reflect system or regulatory changes. The “Last updated” date above will indicate the latest version.

11. Contact

For any privacy questions, contact:

• Email: stijn.pelgrims@ocotech.be
• Postal: Galjoenstraat 2,
  2030 Antwerpen