Back to login

SafetyPass Mobile Application

Privacy Policy

Effective Date: 29 April 2026

1. Who We Are

NextEra Academy PC, with registered office at 46A, Alekou Panagouli str, 142 31 Nea Ionia, Greece, registered with the General Commercial Registry (GEMI) under number 165118501000 and VAT number EL801882030 (we, us, our), is the company that provides the SafetyPass mobile application (the App).

For matters related to this Privacy Policy you can contact us at contact@nexteragroup.gr.

We have appointed a Data Protection Officer (DPO). You can contact the DPO at dpo@nexteragroup.gr

2. About This Policy

This Privacy Policy explains how we handle personal data collected through the App. It is written to comply with:

  • Regulation (EU) 2016/679 (the GDPR).

  • Greek Law 4624/2019 implementing the GDPR.

  • Greek Law 3471/2006 on the protection of personal data and privacy in electronic communications.

  • Privacy disclosure requirements of the Apple App Store and Google Play.

3. Our Role: Controller and Processor

The App is sold to organizations as a workforce safety and compliance tool. Most of the personal data processed through the App relates to workers, contractors, visitors, and other persons whose data is provided by the organization (the Customer).

For that data, the Customer is the data controller and we act as a data processor on behalf of the Customer. The Customer's privacy notices and instructions govern that processing. Our processing on behalf of the Customer is regulated by a Data Processing Agreement that complies with Article 28 GDPR.

For a limited set of processing activities we act as the data controller. These are described in section 7.

4. Personal Data We Collect

Depending on how the App is configured by the Customer and how you use it, we may process the following categories of personal data:

  • Account data: name, email, phone, employee or contractor ID, role, employer.

  • Authentication data: hashed passwords, login timestamps, device identifiers.

  • Workplace data: site assignments, supervisor, contractor company, project codes.

  • Training and certification data: training records, certificates, expiry dates, induction completion.

  • Access control data: site entry and exit times, access points, badge identifiers.

  • Inspection, hazard, and incident data: reports submitted, photos, observations, signatures, geolocation tags.

  • Photos and media: images uploaded for inspections, hazards, or evidence.

  • Location data: where enabled by the Customer and authorized by you, location at the time of submission of a record or at site entry.

  • Device and technical data: device model, operating system, App version, IP address, crash logs, diagnostic data.

  • Communications data: messages, notifications, support requests.

5. Special Categories of Personal Data

Some data processed through the App may fall within the special categories of Article 9 GDPR. This may include:

  • Health data: incident reports, near-miss records, medical fitness statements.

  • Biometric data: where the Customer enables a biometric access feature, this may involve facial templates or other biometric identifiers used to uniquely identify you.

Special category data is processed only on a lawful basis under Article 9 GDPR, typically for purposes of carrying out obligations and exercising rights in the field of employment and social protection (Article 9(2)(b)) or for protecting vital interests (Article 9(2)(c)).

The Customer is responsible for determining the appropriate legal basis and for conducting any required Data Protection Impact Assessment when activating these features.

6. How We Collect Your Data

We collect personal data:

  • Directly from you, when you create an account, log in, or submit a record.

  • From the Customer, when you are added as a user, worker, or contractor.

  • Automatically when you use the App, through technical and diagnostic data.

  • From third-party identity providers, if the Customer uses single sign-on.

7. Why We Process Your Data and Legal Bases

When acting as a processor on behalf of a Customer, we process data only on the documented instructions of the Customer.

When acting as a controller, we process data for the following purposes:

Purpose Categories of Data Legal Basis
Account creation and authentication Account, authentication, device Contract (Art. 6(1)(b))
App functionality, performance, and security Device, technical, communications Legitimate interests (Art. 6(1)(f)) — secure operation
Customer support Account, communications Contract (Art. 6(1)(b))
Compliance with legal obligations All categories as required Legal obligation (Art. 6(1)(c))
Defense of legal claims All categories as required Legitimate interests (Art. 6(1)(f))
Product improvement Aggregated technical data Legitimate interests (Art. 6(1)(f))
Service communications about the App Account, contact Contract or legitimate interests
Marketing communications Contact Consent (Art. 6(1)(a))

You can object to processing based on legitimate interests at any time. You can withdraw consent at any time without affecting prior processing.

8. Sharing Your Data

We share personal data with:

  • The Customer, where data is processed on its behalf.

  • Service providers acting as processors, including cloud hosting (e.g. Hetzner), email and notification providers, analytics, customer support, and security tools. These providers are bound by written agreements requiring them to process data only on our instructions and to apply appropriate security measures.

  • Authorities, where required by Greek law, including the Labour Inspectorate (ΣΕΠΕ), tax authorities, and judicial or police authorities responding to lawful requests.

  • Professional advisers, including lawyers and auditors, under duties of confidentiality.

  • Acquirers, in the event of a corporate transaction, subject to appropriate safeguards.

We do not sell personal data.

9. International Transfers

Personal data is stored primarily within the European Economic Area.

Where data is transferred to a third country, for example where a service provider operates outside the EEA, we put in place appropriate safeguards under Chapter V of the GDPR. These typically include the European Commission's Standard Contractual Clauses, with supplementary technical and organizational measures where required.

You can request a copy of the safeguards in place by contacting us.

10. Retention

We retain personal data for as long as needed to fulfil the purposes set out in this Policy and to comply with our legal and contractual obligations.

Specific retention periods:

  • Account data: for the duration of the Customer's subscription, plus a reasonable period for record-keeping and dispute resolution.

  • Training and certification records: for the period required by Greek workplace safety law and any sector-specific obligations.

  • Inspection, hazard, incident, and access control records: for the period required by Greek workplace safety and labour law, or as instructed by the Customer.

  • Diagnostic and security data: typically up to twelve months.

  • Marketing data: until you withdraw consent, or for two years from the last interaction.

When data is no longer needed we delete it or anonymize it. When acting as a processor we retain data for as long as instructed by the Customer.

11. Security

We apply technical and organizational measures appropriate to the risk, including:

  • Encryption in transit and at rest.

  • Access controls and authentication.

  • Logging and monitoring.

  • Regular backups.

  • Staff training and confidentiality undertakings.

  • Vendor due diligence.

No system is fully secure. If a personal data breach affects you, we will notify the Customer and, where relevant, you and the Hellenic Data Protection Authority, in line with Articles 33 and 34 GDPR.

12. Your Rights Under the GDPR

You have the following rights regarding your personal data:

  • Access to your data and a copy of it.

  • Rectification of inaccurate or incomplete data.

  • Erasure, in certain circumstances.

  • Restriction of processing.

  • Portability, where the legal basis is consent or contract and the processing is automated.

  • Objection to processing based on legitimate interests, including profiling.

  • Withdrawal of consent at any time, where processing is based on consent.

To exercise these rights contact us at contact@nexteragroup.gr. We respond within one month, with a possible two-month extension for complex requests.

If we are processing your data as a processor for a Customer, we will refer your request to the Customer.

13. Right to Lodge a Complaint

You have the right to lodge a complaint with the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα):

  • Address: Kifissias 1-3, 115 23 Athens, Greece.

  • Phone: +30 210 6475 600.

  • Website: https://www.dpa.gr.

You may also lodge a complaint with the supervisory authority of your habitual residence or place of work within the EU.

14. Automated Decision-Making

The App may compute compliance scores, training statuses, and access eligibility automatically. These outputs are decision-support and not solely automated decisions producing legal effects on you within the meaning of Article 22 GDPR.

If a Customer configures a feature that does produce a solely automated decision with legal or similarly significant effect, the Customer is responsible for ensuring an Article 22 lawful basis and for providing meaningful information to data subjects.

15. Children

The App is intended for adult workers and is not directed to children. We do not knowingly collect data from individuals under 18. If you believe a minor has provided personal data through the App, contact us so we can take appropriate action.

16. Cookies and Similar Technologies

The App is a native mobile application and does not use browser cookies. It uses technical identifiers required for authentication, security, and crash diagnostics. Where applicable, we ask for your consent for analytics and tracking technologies in line with Greek Law 3471/2006 and the ePrivacy framework.

17. App Permissions

The App may request the following permissions on your device:

  • Camera: to take photos for inspections, hazards, or evidence.

  • Photo library: to select existing photos for upload.

  • Location (foreground only by default): to tag records and confirm site entry.

  • Push notifications: to alert you to assignments, expiring certifications, and safety messages.

  • Files and storage: to attach documents to reports.

  • Biometric authentication on the device (Face ID, Touch ID, fingerprint): to log in securely. Biometric data used for device authentication stays on your device and is not transmitted to us.

You can revoke these permissions at any time in your device settings. Revoking certain permissions may limit App functionality.

18. App Store Privacy Disclosures

18.1 Apple App Store

Apple's App Privacy section describes the categories of data collected by the App. The categories listed in section 4 of this Policy are reflected in our App Privacy entry on the App Store. Where the App is configured to collect additional data by the Customer, those collections occur within the Customer's deployment and are governed by the Customer's privacy notice.

We do not use the App Tracking Transparency framework to track you across other companies' apps and websites for advertising purposes.

18.2 Google Play

The Data Safety section on Google Play reflects the categories of data we collect, the purposes for which we process them, and whether data is shared with third parties.

We do not use the App for advertising tracking or to build advertising profiles.

19. Changes to This Policy

We may update this Privacy Policy. If a change is material, we will give reasonable notice through the App, by email, or both. The Effective Date at the top reflects the date of the latest version.

20. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact:

NextEra Academy PC

46A, Alekou Panagouli str., 142 31 Nea Ionia, Greece

Email: contact@nexteragroup.gr

dpo@nexteragroup.gr

Phone: +30 210 300 1717