Privacy Policy
How we collect, use and protect your personal data at WiseFollow.
Table of contents
- Data Controller
- Data Protection Officer (DPO)
- What data we collect
- Purposes and legal basis
- Who we share data with
- International data transfers
- Retention periods
- Your rights
- How to exercise your rights
- Automated decision-making and AI
- Cookies and similar technologies
- Data security
- Children
- Changes to this policy
- Complaints to supervisory authorities
1.Data Controller
The data controller for your personal data (hereinafter, the Controller) is:
| Legal name | WiseSolutions SpA |
| Tax ID | [WISESOLUTIONS TAX ID] |
| Address | Av. Nueva Providencia 1881, Of. 1912, Providencia, Santiago, Chile, ZIP 7500520 |
| privacy@wisefollow.com | |
| Phone | +56 9 3860 1043 |
| Website | www.wisefollow.com |
WiseSolutions SpA is the commercial operator of the WiseFollow platform. When a business customer contracts us to manage data of their workers, contractors or third parties, the customer acts as the Controller of processing and WiseFollow acts as the Data Processor in the terms of Article 28 GDPR. In those cases we sign a Data Processing Agreement (DPA) that governs processing.
2.Data Protection Officer (DPO)
We have designated a Data Protection Officer (DPO) responsible for ensuring regulatory compliance, addressing data subject inquiries and serving as the point of contact with supervisory authorities:
| DPO Name | [DPO NAME] |
| dpo@wisefollow.com | |
| Contact languages | Spanish, English, Italian |
You can contact the DPO directly for any matter relating to the processing of your personal data. We respond within a maximum of 30 calendar days as per Article 12 GDPR (extendable to 60 days if the request is complex, in which case we will inform you of the reason for the extension).
3.What data we collect
We collect only the data necessary to provide the service. We categorize data according to its source:
3.1. Data you provide directly to us
- Account data: name, surname, corporate email, password (stored with bcrypt, never in plain text), role in the company.
- Company data: legal name, Tax ID, address, industry, approximate number of workers.
- Payment data: fully processed by our payment provider ([STRIPE / MERCADOPAGO / KHIPU — provider to be confirmed]). WiseFollow does not store or access card numbers.
- Support data: content of emails, chats and forms you send us.
3.2. Data generated when using the service
- Activity data: logs of your actions on the platform — date and time of login, modules visited, inspections created, findings generated, documents uploaded. Necessary for the auditable traceability required in the HSE industry.
- Technical data: IP address, device type, operating system, browser, mobile app version. Used for security, fraud prevention and technical diagnostics.
- Geolocation data: GPS coordinates associated with inspections and crew records, only when the user explicitly authorizes the location permission in the app.
3.3. Data of workers and contractors you manage
When you use WiseFollow to manage your workers and contractors, you upload third-party data: names, Tax ID, job title, certificates, trainings, medical examinations, PPE records, photos in inspections, digital signatures. In these cases you are the Controller and WiseFollow is the Processor. You are responsible for informing those third parties of processing, obtaining their consent where applicable, and ensuring the processing has a legitimate legal basis (typically the employment or contractual relationship you maintain with them, as per Article 6.1.b GDPR and equivalent local regulations).
4.Purposes and legal basis for processing
Each processing of personal data has a specific purpose and legal basis as per Article 6 GDPR (and equivalent regulations):
| Purpose | Legal basis |
|---|---|
| Create and maintain your account · provide contracted service | Performance of contract (Art. 6.1.b GDPR) |
| Process payments and issue invoices | Performance of contract + tax obligation (Art. 6.1.b and 6.1.c) |
| Answer inquiries, provide technical support and handle claims | Performance of contract and legitimate interest (Art. 6.1.b and 6.1.f) |
| Maintain platform security · prevent fraud | Legitimate interest (Art. 6.1.f) |
| Comply with legal and tax obligations | Legal obligation (Art. 6.1.c) |
| Send commercial communications about WiseFollow (newsletter, product updates) | Consent (Art. 6.1.a) — revocable at any time |
| Anonymized statistical analysis and product improvement | Legitimate interest (Art. 6.1.f), always anonymized or aggregated |
| Analytics and marketing cookies | Explicit consent (Art. 6.1.a) — managed through the cookie banner |
When the legal basis is consent, you can withdraw it at any time without affecting the lawfulness of prior processing. When the basis is legitimate interest, we have performed the corresponding balancing test and you can object on grounds derived from your particular situation (Article 21 GDPR).
5.Who we share data with
WiseFollow does not sell personal data. We share information only with the following third parties, all of them subject to data processing contracts (DPAs) that require them to process data solely according to our instructions:
| Category of recipient | Provider / purpose |
|---|---|
| Infrastructure provider (hosting) | [AWS / GOOGLE CLOUD / AZURE — to be confirmed] · servers in LATAM and Europe |
| Transactional email provider | [SENDGRID / RESEND / POSTMARK] |
| Payment processor | [STRIPE / MERCADOPAGO / KHIPU] |
| Web analytics | Google Analytics 4 (data pseudonymized, truncated IP, only if you accept analytics cookies) |
| Customer support | [INTERCOM / FRESHDESK / ZENDESK — if applicable] |
| AI services (AI modules) | [ANTHROPIC / OPENAI / GOOGLE — LLM model providers] · data sent anonymized or pseudonymized |
| Legal and accounting advisors | Under duty of professional confidentiality |
| Competent authorities | When there is legal obligation (court order, administrative request) |
The complete and updated list of sub-processors is available upon request by writing to dpo@wisefollow.com.
6.International data transfers
WiseFollow operates from Chile and provides services to customers in Chile, Peru, Colombia, Argentina, Guatemala, Mexico, Brazil and Italy. This involves international data transfers outside the European Economic Area (EEA), United Kingdom and other territories with enhanced protection regulations.
To ensure an adequate level of protection, we apply the following mechanisms:
- Standard Contractual Clauses (SCC) from the European Commission in their 2021 version, in accordance with Commission Implementing Decision (EU) 2021/914, in all contracts with providers outside the EEA.
- Transfer Impact Assessments (TIA) as per the Schrems II judgment of the CJEU (Case C-311/18), assessing whether the legislation of the recipient country ensures a level of protection essentially equivalent to the European one.
- Supplementary technical and organizational measures when TIA detects risk: encryption at rest, encryption in transit, pseudonymization, segregation of encryption keys, enhanced access controls.
- Adequacy finding for Chile (under evaluation): Chile has Law 19.628 and is undergoing legislative modernization. [CONFIRM ADEQUACY DECISION STATUS BY EUROPEAN COMMISSION]
You can obtain a copy of the safeguards applicable to each transfer by writing to dpo@wisefollow.com.
7.Retention periods
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Type of data | Retention period |
|---|---|
| Active user account data | While the account is active |
| Data after account cancellation | 30 days for download + suspension · then irreversible deletion |
| Billing data | 6 years from issuance (tax obligation, local tax regulations) |
| Security and audit logs | 12 months |
| Inspections, findings, action plans and HSE evidence | 5 years from generation (while account is active) · 30 days after cancellation |
| Marketing data (newsletter) | Until you withdraw consent |
| Analytics cookies | Maximum 14 months (Google Analytics 4 with anonymization) |
After these periods, data is deleted irreversibly or anonymized so it cannot be associated with an identified or identifiable person.
8.Your rights
As a data subject, you have the following rights guaranteed by GDPR (Articles 15-22), Chilean Law 19.628, Brazilian LGPD and equivalent regulations:
- Right of access (Art. 15 GDPR): obtain confirmation of whether we process your data and, if so, access it together with information about processing.
- Right of rectification (Art. 16 GDPR): correct inaccurate data or complete incomplete data.
- Right to erasure / "right to be forgotten" (Art. 17 GDPR): obtain deletion of your data when no longer necessary, you withdraw consent, you object to processing or a legal obligation exists.
- Right to restrict processing (Art. 18 GDPR): request that we stop processing your data in certain cases.
- Right to data portability (Art. 20 GDPR): receive your data in structured, commonly used and machine-readable format (CSV, JSON), or request that we transmit it directly to another controller.
- Right to object (Art. 21 GDPR): object to processing based on legitimate interest or for direct marketing purposes.
- Right not to be subject to automated decision-making (Art. 22 GDPR): including profiling, when it produces legal effects or significantly affects you. See section 10. Automated decision-making and AI.
- Right to withdraw consent at any time, without affecting the lawfulness of prior processing.
9.How to exercise your rights
You can exercise any of your rights by sending an email to privacy@wisefollow.com with:
- Clear identification (name, email associated with your WiseFollow account).
- Description of the right you wish to exercise.
- Data to which your request refers.
- Copy of your identity document (only if necessary to verify your identity — we process it only for this verification and delete it when the case closes).
We will respond within a maximum of 30 calendar days from receipt of your request, extendable to 60 days in complex cases (we will inform you of the reason for the extension). Exercise of rights is free of charge; we can only charge when requests are manifestly unfounded or excessive (Article 12.5 GDPR), always justifying this in advance.
If you believe we have not properly addressed your request, you can file a complaint with the competent supervisory authority (see section 15).
10.Automated decision-making and Artificial Intelligence
WiseFollow uses Artificial Intelligence in several product modules: deviation detection in inspections, action plan suggestions, risk assessment in work permits, data extraction from documents.
What AI does do:
- Analyze photos uploaded in an inspection and suggest potential findings (missing PPE, unsafe conditions).
- Propose a corrective action plan based on the finding, with owner, deadline and expected evidence — always reviewable, modifiable and rejectable by the human administrator.
- Validate prerequisites in work permits (current training, PPE delivered) and issue alerts.
- Extract structured data from uploaded documents (ID, certificate, contract) to accelerate data entry.
If AI processing were to produce legal or significant effects on you, you have the right to obtain human intervention, express your point of view and contest the decision (Article 22.3 GDPR).
For technical questions about how AI models work and data sent to external providers, write to dpo@wisefollow.com.
11.Cookies and similar technologies
We use cookies and similar technologies (localStorage, sessionStorage, pixels) to make the site function, analyze its use and, where applicable, offer you relevant content. We categorize cookies by purpose:
11.1. Strictly necessary cookies
Essential for site operation. Do not require consent as per Article 5.3 of the ePrivacy Directive. Include: session cookie (authentication), CSRF token (form security), cookie preference banner (memory of your choice).
11.2. Functional cookies
Remember your preferences to improve your experience. Activated only with your consent. Include: selected language, chosen plan in price selector, closed language banner.
11.3. Analytics cookies
Help us understand how the site is used. Activated only with your consent. Provider: Google Analytics 4 with IP anonymization and reduced retention (14 months). We pseudonymize identifiers before sending.
11.4. Marketing cookies
Allow us to measure the effectiveness of our campaigns on other platforms and show relevant ads. Activated only with your consent. Possible providers: [META PIXEL / GOOGLE ADS / LINKEDIN INSIGHT — activate only those in use].
11.5. Managing your consent
When you first visit the site, we show a consent banner where you can:
- Accept all cookies (necessary + functional + analytics + marketing).
- Accept only necessary (reject optional ones).
- Customize your preferences category by category.
You can change your choice at any time by clicking the "🍪 Cookies" button that appears at the bottom left of the screen.
12.Data security
We apply appropriate technical and organizational measures as per Article 32 GDPR to ensure a level of security appropriate to the risk:
- Encryption: AES-256 at rest, TLS 1.3 in transit.
- Access control: multi-factor authentication available for administrators, principle of least privilege, role segregation.
- Backups: daily with 90-day retention, stored in separate infrastructure.
- ISMS: Information Security Management System implemented in 2026, with controls aligned to ISO/IEC 27001 standard.
- Audits: periodic internal and, where applicable, external reviews. Annual penetration testing.
- Training: WiseFollow staff receive mandatory data protection training at least once per year.
- Breach notification: we undertake to notify the supervisory authority and, where applicable, affected individuals, within a maximum of 72 hours from discovery of a security breach that may pose a risk to rights and freedoms, as per Articles 33 and 34 GDPR.
13.Children
WiseFollow is a business tool intended exclusively for professionals over 18 years old. We do not knowingly collect data from minors. If you discover that a minor under 18 has provided us with personal data, contact us immediately at privacy@wisefollow.com and we will delete that data.
14.Changes to this policy
We may update this Privacy Policy to reflect changes in our practices, legislation or service. Material changes will be notified by:
- A prominent notice on the platform.
- Email to the address associated with your account.
- At least 30 days in advance for changes requiring new consent.
The date of last update appears at the beginning of the document. We recommend you review this policy periodically.
15.Complaints to supervisory authorities
If you believe that processing of your personal data violates applicable law, you have the right to file a complaint with the competent supervisory authority of the country where you habitually reside, where you work or where the alleged violation occurred (Article 77 GDPR):
| Country | Supervisory authority |
|---|---|
| 🇮🇹 Italy | Garante per la protezione dei dati personali · garanteprivacy.it |
| 🇨🇱 Chile | Consejo para la Transparencia / soon the Data Protection Agency · consejotransparencia.cl |
| 🇧🇷 Brazil | Autoridade Nacional de Proteção de Dados (ANPD) · gov.br/anpd |
| 🇲🇽 Mexico | INAI · home.inai.org.mx |
| 🇨🇴 Colombia | Superintendencia de Industria y Comercio · sic.gov.co |
| 🇵🇪 Peru | Autoridad Nacional de Protección de Datos Personales · gob.pe/anpdp |
| 🇦🇷 Argentina | Agencia de Acceso a la Información Pública · argentina.gob.ar/aaip |
| 🇬🇹 Guatemala | Procuraduría de los Derechos Humanos · pdh.org.gt |
Before contacting the supervisory authority, we appreciate if you try to resolve the matter by contacting us directly — most inquiries are resolved quickly with the DPO without the need for formal proceedings.