BETA — This tool is in active development. Data is for reference only.
GHS Ecosystem: GHS Symbols → Hazard Classification & ATE Calculator ▶ You are on GHS Pictograms GHS Labels → Order Certified GHS Labels

Privacy Policy

What data we collect, why we collect it, who we share it with, and how to exercise your rights under GDPR, CCPA, and Latvian data protection law.

Last updated: 13 June 2026

1. Who we are

GHS Pictograms (ghspictograms.com) is an independent reference for GHS hazard classification and chemical safety compliance, operated from Riga, Latvia. For data protection purposes, GHS Pictograms is the data controller responsible for processing personal data collected through this site.

Contact for data protection matters: [email protected].

GDPR compliant CCPA aware Latvia-based controller

2. What data we collect

We collect the following categories of personal data:

  • Contact data: when you reach out by email, we collect your name, email address, company (if provided), and the contents of your message.
  • Email subscription data: if you sign up for updates or download a free resource, we collect your email address and (optionally) name. This is processed via Brevo.
  • Analytics data: we use Google Analytics 4 to understand aggregate site usage. This includes anonymised IP addresses, browser type, device type, pages visited, and referral source.
  • Cookie data: see Section 6 below.
  • Server log data: our hosting provider (Cloudflare) records standard server logs including IP address, request time, and user agent for security and performance purposes.

3. Why we process this data (lawful basis under GDPR)

  • Consent (Art. 6(1)(a)): setting analytics cookies (Google Analytics), and sending update or marketing emails after you opt in. Analytics cookies are set only after you accept via our cookie banner. You can withdraw consent at any time — change your analytics choice via the "Cookie settings" link in the footer, or unsubscribe via the link in every email.
  • Legitimate interest (Art. 6(1)(f)): security logging and improvement of our content. We have assessed that this does not override your rights and freedoms.
  • Legal obligation (Art. 6(1)(c)): retaining business records as required by Latvian law.

4. Third parties and sub-processors

We use the following service providers to process personal data on our behalf. Each operates under appropriate data protection terms.

Provider Purpose Region
CloudflareHosting, CDN, securityGlobal (US-headquartered)
Brevo (formerly Sendinblue)Email subscriptions, marketing automationEuropean Union (France)
Google Analytics 4Aggregate site analyticsGlobal (US-headquartered)
SupabaseSubstance database, lead storageEuropean Union
Affiliate networks (when active)Tracking referral commissionsVaries by partner

Cross-border data transfers

Transfers of personal data outside the European Economic Area are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, or by adequacy decisions where applicable.

5. How long we keep your data

  • Contact data: up to 24 months from your last contact, then deleted or anonymised.
  • Email subscription data: until you unsubscribe, after which we retain only a suppression record (your email hash) to ensure we do not contact you again.
  • Analytics data: 14 months in Google Analytics 4, then automatically deleted.
  • Server logs: up to 30 days, then automatically rotated.

6. Cookies

We use a small number of cookies and similar technologies:

  • Strictly necessary cookies: set by Cloudflare for security and load balancing. These cannot be disabled.
  • Analytics cookies: set by Google Analytics 4 (_ga, _ga_*) only after you accept via our cookie banner. Until you accept, Google Analytics runs without setting these cookies.
  • Affiliate cookies: when you click an affiliate link, our affiliate partners may set cookies on their domain to track referrals. These are governed by the partner's privacy policy, not ours.

You can clear cookies via your browser settings at any time. Disabling analytics cookies will not affect site functionality.

7. Your rights

Under the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and similar laws, you have the following rights regarding your personal data:

  • Access a copy of the data we hold about you.
  • Rectification of inaccurate or incomplete data.
  • Erasure (the "right to be forgotten") when processing is no longer necessary.
  • Restriction of processing in certain circumstances.
  • Data portability — receive your data in a structured, machine-readable format.
  • Objection to processing based on legitimate interest, including direct marketing.
  • Withdrawal of consent at any time, without affecting the lawfulness of prior processing.

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you analogous rights to know, delete, and opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

8. Right to lodge a complaint

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija), reachable at dvi.gov.lv, or with the supervisory authority of your country of residence.

9. Children

This site is intended for business and professional users. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have collected such data, please contact us and we will delete it.

10. Updates to this policy

We may update this policy when our services, sub-processors, or applicable laws change. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be highlighted via a notice on the site.

This privacy policy was last updated on 13 June 2026.