PREVSIS – Privacy Policy

Global SaaS Platform — Occupational Safety, Health & Sustainability

Version 2.2, Effective Date: 1 March 2024, Last Updated: 13 Jan 2026

1. Introduction & Scope

Prevsis («Prevsis», «we», «us», or «our») is a global Software-as-a-Service (SaaS) company providing AI-powered occupational safety, health, and Sustainability management solutions. Our platform SGR5 is designed to help organizations identify, predict, and prevent workplace accidents and occupational risks before they cause harm.

This Privacy Policy applies to all individuals whose personal data we process in connection with our website (prevsis.com), our platform, our mobile applications, and any associated services (collectively, the «Services»), regardless of where in the world those individuals are located.

Because we operate globally, we have designed this policy to meet the requirements of multiple international data protection frameworks, including:

The European Union General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679.
The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
The UK General Data Protection Regulation (UK GDPR).
Brazil’s Lei Geral de Proteção de Dados (LGPD).
Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
Chile’s Law No. 19.628 on the Protection of Private Life and its forthcoming amendments.
And other applicable national and regional data protection laws in jurisdictions where we operate.

To the extent any local law provides greater protection to individuals than this Policy, we will comply with the stricter standard.

2. Who We Are

Prevsis is a multinational technology group founded in 2015, headquartered in Viña del Mar, Chile, with operations across 15+ countries. Our registered entities include:

Prevsis SPA, registration no.77.780.515-0 address: Libertad 269, Viña del Mar, Chile.
Prevsis Colombia S.A.S. registration 901.329.397-0 address: Cra. 43B #16-95, El Poblado, Medellín, Antioquia, Colombia

For all data protection enquiries, please contact us at:

Email: legal@prevsis.com

Data Protection Officer (DPO): Nelson Valencia under GDPR.

3. Personal Data We Collect

3.1 Data You Provide Directly

When you create an account, request a demonstration, fill in a form, or contact us, we collect:

Identity data: full name, job title, professional role (e.g., safety officer, HSE manager).
Contact data: email address, phone number, company name, company address, country.
Account credentials: username, hashed password, authentication tokens.
Communication data: content of support requests, emails, or messages you send us.

3.2 Data Generated Through Platform Use

As you and your authorized users interact with the Prevsis platform, we collect:

Usage data: features accessed, modules used, frequency and duration of sessions.
Occupational safety records: risk assessments, incident reports, inspection data, corrective actions — entered by your organization’s users.
Workflow data: task assignments, approvals, audit trails.
Device and technical data: IP address, browser type and version, operating system, device identifiers.
Log data: Access logs, error logs, diagnostic information.

3.3 Data We Receive From Third Parties

We may receive data from identity providers (such as Google or Microsoft SSO), integration partners, or publicly available professional sources (such as LinkedIn) where you have permitted such sharing.

4. Legal Bases for Processing

We only process personal data where we have a valid legal basis to do so. The legal basis varies depending on the purpose and your location:

Performance of a contract: processing necessary to provide the Services you or your organization have subscribed to.

Legitimate interests: improving platform performance, developing predictive safety models, preventing fraud, and ensuring security — where these interests are not overridden by your rights.
Consent: where we ask for your explicit agreement, such as for marketing communications or certain AI-driven features.
Legal obligation: where we must process data to comply with applicable law.

For California residents: we do not «sell» or «share» personal information as defined under the CCPA/CPRA, and we do not use sensitive personal information for purposes beyond those permitted by law.

5. Artificial Intelligence, Predictive Analytics & Context-Aware Processing

The core purpose of Prevsis is to help organizations prevent workplace accidents and protect people from harm. Achieving this requires our platform to understand patterns in safety data — not just within a single organization, but across anonymized, aggregated contexts — to build more accurate predictive models and risk assessments.

This section explains specifically how we use data in connection with our AI systems, and what choices are available to you.

5.1 Why Context-Aware Processing Is Necessary

Our AI engine works as a context-aware system. To reliably predict risk — for instance, identifying conditions that historically precede certain types of accidents in certain industries — the models must learn from a broad set of safety patterns. No single organization’s dataset is sufficient on its own to build robust predictive models that can detect rare but serious risk signals. This is the fundamental reason our platform exists: the more contextual information the system has, the better it can protect workers.

5.2 How We Use Data for AI and Predictive Safety Improvement

Specifically, we use data in the following ways:

Within your environment (always active): Your organization’s data is used to generate safety recommendations, risk predictions, and compliance insights tailored exclusively to your context. This processing is necessary to deliver the service.
Cross-customer anonymized insights (opt-in by default, opt-out available): With your consent, anonymized and aggregated patterns derived from your data may contribute to the shared predictive model that benefits all Prevsis customers. Before contributing to this pool, all data is stripped of personally identifiable information and organizational identifiers.
Internal model training and improvement: We use aggregated, anonymized safety records to train and improve our AI models. No individual or organization is identifiable from the data used in model training.

5.3 Data Isolation

Each customer’s data is held in a logically isolated environment. Raw operational data, such as incident reports, risk assessments, worker records, is never shared with or made accessible to other customers. Only anonymized, de-identified insights contribute to cross-customer learning, and only where consent has been given.

5.4 Your AI Data Choices

We offer the following controls for how your data participates in AI-driven features:

Global AI contribution (opt-in): Your anonymized data contributes to the global predictive model that improves safety outcomes across all platform users.
Tenant-only mode (available on request): Your data is used exclusively within your own environment for your own predictions and insights. No anonymized data leaves your tenant. You still benefit from AI-driven recommendations based on your own data history.

To switch to tenant-only mode, contact your account manager or email legal@prevsis.com. This setting is available at the organizational level and is applied across all users within your account

5.5 Automated Decision-Making

Our platform may generate automated risk scores, priority alerts, and recommendations. These outputs are intended as decision-support tools for human safety professionals — they do not constitute fully automated decisions with legal or similarly significant effects on individual workers. Human review is always part of the process. Where any automated processing could have significant individual impact, we will ensure appropriate human oversight and will inform affected individuals in accordance with GDPR Article 22 and applicable local law.

6. How We Use Your Personal Data

We use personal data for the following purposes:

To create and manage your account and provide access to the platform.
To deliver the occupational safety, health, and ESG services you have subscribed to.
To generate safety recommendations, risk predictions, and compliance reports.
To operate and improve our AI and context-aware safety engine.
To send service-related communications, including security alerts and product updates.
To send marketing communications where you have opted in.
To process payments and manage billing.
To comply with legal and regulatory obligations.
To enforce our agreements and protect our legal rights.
To detect, investigate, and prevent fraud, abuse, or security incidents.

7. How We Share Personal Data

We do not sell or rent your personal data. We may share it in the following limited circumstances:

7.1 Service Providers (Data Processors)

We engage trusted third-party providers who process data on our behalf, under strict contractual obligations:

AWS (Amazon Web Services): cloud infrastructure and hosting.
AWS Cognito: identity and access management, authentication, and SSO.
Jira Service desk, CRM, or others: used for customer relationship management and communications.
Other processors as listed in our Sub-Processor Register (available on request).

7.2 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the acquiring entity, subject to equivalent privacy protections.

7.3 Legal Requirements

We may disclose personal data where required by law, court order, or to protect the rights, property, or safety of Prevsis, our customers, or the public.

7.4 With Your Consent

We may share data for any other purpose with your explicit prior consent.

8. International Data Transfers

As a global SaaS platform, your personal data may be transferred to and processed in countries other than the one in which you are located, including countries that may not provide the same level of data protection as your home jurisdiction.

Where we transfer personal data originating from the European Economic Area (EEA), United Kingdom, or Switzerland to third countries, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Adequacy decisions where the destination country is recognized as providing adequate protection.
Binding Corporate Rules or other legally recognized transfer mechanisms.

For transfers from other jurisdictions, we apply equivalent safeguards as required by applicable local law.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by applicable law. Our general retention principles are:

Account and platform data: retained for the duration of the customer contract, plus a period of up to 3 years to comply with legal obligations or resolve disputes.

Safety and incident records: may be retained longer where required by occupational health and safety law in applicable jurisdictions.
Anonymized and aggregated data: may be retained indefinitely for model training and analytics purposes, as it can no longer be linked to any individual or organization.
Marketing data: retained until you withdraw consent or unsubscribe.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or disclosure. These include:

Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
Logical tenant isolation ensuring no cross-customer data access.
Role-based access controls and least-privilege principles.
Regular security assessments, penetration testing, and vulnerability management.
Incident response procedures and breach notification protocols.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant supervisory authorities without undue delay, and within the timeframes required by applicable law (typically 72 hours under GDPR).

11. Your Rights

Depending on your location, you may have the following rights with respect to your personal data:

11.1 Rights Available to All Users

Access: request a copy of the personal data we hold about you.
Correction: request that inaccurate or incomplete data be corrected.
Deletion: request that we delete your personal data (subject to legal retention obligations).
Portability: receive your personal data in a structured, machine-readable format.
Restriction: ask us to restrict processing in certain circumstances.
Objection: object to processing based on legitimate interests.

11.2 EEA, UK, and Swiss Users (GDPR / UK GDPR)

You have the right to lodge a complaint with your local supervisory authority if you believe we are not processing your data in compliance with applicable law.

11.3 California Residents (CCPA / CPRA)

You have the right to know what personal information we collect, use, disclose, or share; the right to delete personal information; the right to opt out of sale or sharing (we do not sell or share as defined under CCPA/CPRA); and the right to non-discrimination for exercising your rights. Requests may be submitted to legal@prevsis.com or through our in-platform privacy controls.

11.4 How to Exercise Your Rights

Submit requests to: legal@prevsis.com. We will respond within the timeframe required by applicable law (generally 30 days under GDPR; 45 days under CCPA). We may request identity verification before processing your request.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website and platform. These include:

Strictly necessary cookies and service health: required for the platform to function. Cannot be disabled.
Analytical cookies and UI/UX monitoring: help us understand how users interact with the platform, to improve performance.
Marketing cookies: used where you have consented, to serve relevant content.

You may manage cookie preferences through your browser settings or our cookie preference centre. Declining non-essential cookies will not affect your access to the platform’s core features.

13. Children’s Privacy

Our Services are directed at business professionals and organizations. We do not knowingly collect personal data from individuals under 16 years of age. If you believe we have inadvertently collected such data, please contact legal@prevsis.com immediately.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes via email or a prominent notice on our platform at least 30 days before they take effect. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.

15. Contact Us

For privacy-related enquiries, rights requests, or complaints:

Email: legal@prevsis.com

Postal: Prevsis SpA, Libertad 269, Viña del Mar, Chile

Data Protection Officer: Nelson Valencia

Artículos recientes