Schedule a Call

Privacy Policy

Effective Date: 09/20/2025

Nexus Safety Solutions, Inc. (“Nexus Safety Solutions,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA).

We want you to have a safe and secure experience when interacting with us, whether through our website, platform, or direct contact with our team. This Privacy Policy explains how we collect, use, disclose, and protect your personal data.

1. Who We Are

Nexus Safety Solutions, Inc. is incorporated in the United States. For EU and UK residents, Nexus acts as a “data controller” for personal data we collect directly (for example, via our website, marketing, and client onboarding). For personal data entered into our safety management platform by our clients, Nexus acts as a “data processor” on behalf of the client, who is the data controller.

If Nexus does not maintain a physical establishment in the EU or UK, we will appoint an EU/UK Representative as required under Article 27 GDPR.

2. Personal Data We Collect

We may collect the following categories of personal data:

  • Contact details: name, job title, email address, phone number, and employer.
  • Platform account data: login credentials, usage data, and preferences.
  • Correspondence: information provided via email, telephone, or web forms.
  • Survey responses: information provided when you choose to participate in research or surveys.
  • Transaction details: information relating to transactions carried out through our website or platform.
  • Incident investigation data (special category data): In the course of providing our services, Nexus may process health and safety incident reports that include details such as name, role, nationality, date of birth, and information relating to injuries. This constitutes special category data under GDPR.
  • Website usage data: cookies, IP address, browser type, and browsing history (see Section 4).

3. Lawful Bases for Processing

We only process your personal data where a lawful basis applies:

  • Contract necessity: to provide the platform and services you request.
  • Legal obligation: to help clients comply with occupational health and safety laws.
  • Legitimate interests: to improve our services, ensure security, and prevent fraud.
  • Consent: where required (for example, for direct marketing).
  • Special category data (Article 9 GDPR): processed only where necessary for compliance with workplace health and safety laws, or for reasons of substantial public interest in protecting worker health and safety.

4. Cookies

We use cookies and similar technologies to enhance your browsing experience and analyze site usage.

  • You may refuse cookies by adjusting your browser settings, but some features of our website may not function properly.
  • Third-party cookies (for example, from analytics or advertising partners) may also be used. We do not control these cookies.

For full details, please see our [Cookies Policy].

5. How We Use Personal Data

We use personal data for the following purposes:

  • To provide and manage our safety management platform.
  • To support clients in recording and investigating health and safety incidents.
  • To communicate service updates and respond to enquiries.
  • To send marketing communications (where legally permitted).
  • To comply with legal and regulatory obligations.
  • To improve customer support and site performance.

6. Sharing of Personal Data

We may share personal data with:

  • Service providers (for example, Amazon Web Services for hosting, analytics providers, professional advisers).
  • Clients (controllers), where we act as a processor.
  • Regulators or authorities, where legally required.

We do not sell your personal data.

7. International Data Transfers

Nexus Safety Solutions, Inc. is based in the United States. Personal data from EU/UK individuals may therefore be transferred outside the European Economic Area (EEA) or UK.

To safeguard these transfers, we rely on:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission and the UK Addendum.
  • EU–US Data Privacy Framework, where applicable.
  • AWS Data Processing Addendum, which incorporates SCCs.

8. Data Retention

We retain personal data only as long as necessary for the purposes collected:

  • Contact and account data: retained for the duration of your relationship with Nexus and a reasonable period thereafter (typically 6 years).
  • Incident investigation data: retained in accordance with applicable occupational health and safety laws (typically 3–10 years, depending on jurisdiction).
  • After expiry, data is securely deleted or anonymised.

9. Data Subject Rights (EU/UK)

If you are in the EU/UK, you have the following rights under GDPR:

  • Right to access your personal data.
  • Right to rectification of inaccurate data.
  • Right to erasure (“right to be forgotten”), subject to legal obligations.
  • Right to restrict processing.
  • Right to data portability.
  • Right to object to processing based on legitimate interests or marketing.
  • Right to withdraw consent (where consent is the legal basis).

Requests can be made by emailing welcome@nexus-safety.app. We will respond within one month.

You also have the right to lodge a complaint with your local supervisory authority (for example, the ICO in the UK, CNIL in France, BfDI in Germany).

10. Security Measures

We apply technical and organisational measures including:

  • Encryption in transit (TLS) and at rest (AES-256).
  • Role-based access controls and multi-factor authentication.
  • Regular audits and monitoring of systems.
  • Data minimisation and pseudonymisation for reporting dashboards.

11. Data Breach Notification

In the event of a personal data breach affecting EU/UK individuals, we will notify the relevant supervisory authority within 72 hours, and affected individuals where required by law.

12. California Residents (CCPA/CPRA)

This section supplements this Privacy Policy and applies to California residents. It is adopted to comply with the California Consumer Privacy Act of 2018, as amended (“CCPA/CPRA”).

Categories of Personal Information Collected:

  • Identifiers (e.g., name, postal address, email address, IP address).
  • Personal information categories listed in Cal. Civ. Code §1798.80(e).
  • Commercial information (e.g., records of products or services purchased).
  • Internet or electronic network activity (e.g., browsing history).
  • Geolocation data.
  • Professional or employment-related information.
  • Non-public education information.
  • Inferences drawn from the above to create a profile about a consumer.

Sources of Personal Information:

  • Directly from you (e.g., through forms you complete).
  • Indirectly from you (e.g., through your interactions with our services).
  • From third parties (e.g., analytics providers).

Disclosures for a Business Purpose:
We may disclose the above categories of personal information to:

  • Affiliates and service providers.
  • Advertising networks, analytics providers, and social networks.
  • Government authorities, where legally required.

Sales of Personal Information:
We do not sell your personal information.

CCPA Rights:

  • Right to know what personal information we collect, use, disclose, and share.
  • Right to request deletion of personal information (subject to legal exceptions).
  • Right to data portability.
  • Right to opt-out of personal information sales.
  • Right to non-discrimination for exercising these rights.

To exercise your rights, please email welcome@nexus-safety.app.

13. Changes to This Policy

We may update this Privacy Policy periodically. The effective date will always be shown at the top.

14. Contact Us

If you have any questions or wish to exercise your rights, you can contact us at:

Nexus Safety Solutions, Inc.
Email: welcome@nexus-safety.app

If you are an EU/UK resident, you may also contact our EU/UK Representative (details will be added here once appointed).