Data Privacy Notice
Last update: 6 May 2024
This Privacy Notice applies to information we collect about individuals who use our Horizon, GWTS, Worldcue GRM, or X-Assist applications (“Apps”) and associated services such as push notifications and hotline access (“Services”). It explains what Personal Information we collect, how we use it and who we may share the data with.
In this Privacy Notice, “Crisis24”, “we”, “us”, and “our” refer to the Crisis24 Group of companies comprised of Crisis24 SAS, Crisis24 Limited, Crisis24 GmbH, Crisis24 Pte Limited, Crisis24 Pty Limited and Crisis24 Inc., which are wholly owned subsidiaries of GardaWorld Security Corporation.
We respect the privacy of individuals and value the confidence of our clients, customers, employees, consumers, business partners, and others. Crisis24 strives to collect, use, disclose and otherwise process Personal Information and other information in a manner consistent with applicable laws, and prides itself on upholding the highest ethical standards in its business practices. Crisis24 complies with applicable data protection laws including the European Union’s General Data Protection Regulation (“GDPR”), the United Kingdom’s (“UK”) Data Protection Act 2018 and the GDPR as incorporated into UK legislation (“UK GDPR”), in respect of which Crisis24 undertakes its responsibilities as a Data Processor for our clients (the Data Controllers) as the terms Data Processor and Data Controller are defined in the GDPR. Crisis24 also complies with international applicable data protection laws including the revised Swiss Federal Act on Data Protection, the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (“CCPA”), the Personal Data Protection Act 2012 of Singapore (“PDPA”) and any other applicable legislation as amended from time to time.
Our details
The entities listed below are the companies that make up Crisis24 and which collect Personal Information and other information through our services.
In the USA:
Crisis24, Inc.
185 Admiral Cochrane Drive #300
Annapolis, Maryland 21401 USA
In the United Kingdom:
Crisis24 Limited
Two London Bridge
London, SE1 9RA
In France:
Crisis24 SAS
203 Rue du Faubourg
Saint-Honoré, 75008 Paris, France
In Germany:
Crisis24 GmbH
Byk-Gulden-Straße 24
D-78467 Konstanz
Germany
In South Africa:
Crisis24 Pty Limited
Block A, The Terraces
Steenberg Office Park
Westlake, 7945 Cape Town
South Africa
In Singapore:
Crisis24 Pte. Limited
137 Market Street, 10-01
Singapore 048943
If you have any comments or questions about this Privacy Notice, please contact us at [email protected]
Content
What Personal Information we collect, how we get it, why we have it and the lawful bases we rely on for processing this information
Information We Collect on Behalf of Our clients
With Whom the Information May be Shared
How Long We Store Personal Information
Privacy Protections for Children
Your Rights Regarding the Collection, Use and Distribution of Personal Information and Other Information
What Kind of Security Procedures We Use to Protect the Loss, Misuse, or Alteration of the Information Under Our Control
International Transfer
Dispute Resolution
Contacting the Regulator
Changes to This Privacy Notice
What Personal Information we collect, how we get it, why we have it and the lawful bases we rely on for processing this information
Crisis24 collects Personal Information when you register for the Apps and use the Services. Crisis24 does not collect any Sensitive Personal Information, known as Special Categories under GDPR, unless expressly directed to do so by you or your employer.
“Personal Information” is any information or set of information relating to an identified person or an identifiable person who can be identified, directly or indirectly, by reference to an identifier such as a name, telephone number, email address, an identification number, location data, an online identifier or one or more factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity. For example, Personal Information includes name, address, email address, employer’s company name, job title, phone or fax number, employee ID, travel itineraries, including emergency contact information and, if requested by a client, passport numbers. For the purpose of the California Consumer Privacy Act (“CCPA”), Personal Information includes information which identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. “Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, or trade union membership, that concerns an individual’s health or sex life, criminal proceedings, government-issued identifiers, such as SSN, driver’s license, etc.; account credentials; financial information; precise geolocation; contents of certain types of messages; genetic data; biometric information or that is designated in writing by a third party as Sensitive Personal Information.
We use Personal Information to provide you with content, products, and services, to fulfill the terms of any agreement you have with us, and operate our business. We collect different Personal Information depending on the Services you use. The use of information collected through our Service is limited to the Personal Information which is necessary to provide the Service for which Crisis24 has been engaged. The following table explains the types of Personal Information we collect, the source of the data, the purposes we use it for and the legal bases on which we process your Personal Information.
Purpose | Source | Personal Information | Legal basis |
---|---|---|---|
Registration and tailoring of your account, administration of your account, responding to your requests, requesting feedback from you, responding to customer service questions or issues, notifying you of important changes or updates to the Services | Directly from you or your employer | Name, email address, contact number | Fulfil contractual obligations |
Operate our Services, enhance our Services, and deliver messages. | Directly from you and through the use of cookies or similar technologies | Device operating system and browser type, your Internet service provider, your domain name, your general geographic location | Legitimate interest |
Send regular updates relating to issues in your general location | Directly from you or your employer | Your general location (e.g. a town or city) | Fulfil contractual obligations |
Send push notification alerts regarding issues in your location | Mobile network provider, GPS, WiFi, or cellular network signals from your device | Your precise location | Consent Fulfil contractual obligations |
Track your location | Mobile network provider, GPS, WiFi, or cellular network signals from your device | Your precise location | Consent Fulfil contractual obligations |
Contact service providers to fulfil your requests for assistance | Directly from you | Name, contact number, information shared by you | Consent Fulfil contractual obligations |
If you use our Apps, precise location data cannot be collected unless you allow the App to use your terminal equipment location. If you would like Crisis24 to stop collecting precise location from your device, you can change these settings in the App.
- Our App collects precise location when you use the “Crisis” or “Check In” or ‘Alert’ buttons or when you use the App to learn about information that is relevant to your current location. The App may collect precise location from your device on a real-time, continuous basis to inform you, and allow your organization to inform you, of incidents and threats near your current location.
- Our Critical Trac® and our Crisis Messenger GPS app may collect precise location from your device on a real-time, continuous basis for tracking purposes and when you use the “Panic” and “Check In” or ‘Alert’ buttons.
- Crisis24 may collect location information if you use a Crisis24 application on your mobile device. The iOS and Android (OS 6.0+) platforms will alert you the first time a Crisis24 app wants permission to access certain types of data and will let you consent (or not consent) to that request. You may subsequently manage your location sharing preferences at any time with the iOS and Android (OS 6.0+) platforms by changing the Location Services settings on the device. Android (OS 5.1.1 and earlier) devices will notify you of the permissions that a Crisis24 app seeks before you first use the app, and your use of the app constitutes your consent. Some applications, such as the Worldcue® Mobile app may also permit you to modify location reporting (the transmission of your location information to our servers) from within the application Settings. Please note that the Services require your precise location for certain features to work properly.
Please note that if you are located in Singapore or other territories in which the applicable laws require your consent for processing your Personal Information, when you voluntarily provide your Personal Information to us for purposes which we have informed you about (including in this Data Privacy Notice), you consent to our collection, use, disclosure, retention and otherwise processing of your Personal Information for such purposes. We consider that we also have your deemed consent for processing of your Personal Information as described in this Privacy Notice in circumstances where we collected your Personal Information from your employer, as we consider that you would voluntarily provide the Personal Information to us in order to take advantage of the services we provide under the contract with your employer and which are described in this Privacy Notice.
Information We Collect on Behalf of Our clients
Crisis24 collects information under the direction of its clients and may have no direct relationship with the individuals whose personal data it processes.
If your employer (our client) has purchased Crisis24 products or services on your behalf, Crisis24 may receive Personal Information about you directly from your employer. For individuals residing in the European Union or the United Kingdom, if your employer has given Crisis24 any Personal Information about you in connection with its purchase of a Crisis24 product or service for your benefit, your employer and not Crisis24 will be responsible for determining the method and means by which you will receive notice and the ability to consent to Crisis24’s receipt and use of such information.
An individual who seeks access, or who seeks to correct, amend, restrict, port, or delete Personal Information should direct their query to the Crisis24 client (the Data Controller).
With Whom the Information May Be Shared
We share information within Crisis24 Group and third parties. This will involve transferring your Personal Information inside and outside of the European Economic Area (“EEA”) and the United Kingdom.
We share Personal Information with third parties in the following circumstances:
- To provide and maintain our Services - Crisis24 may share Personal Information we collect with our contractors and third party service providers, including companies that send email and other messages on our behalf to you, to companies that store such information for these uses, and companies that perform analytics services for us, on a need-to-know basis. These companies are authorized to use your Personal Information only as necessary to provide these services to us.
- For our internal operations - We share information we collect within the Crisis24 Group in order to carry out our internal operations relating to finance and other service fulfilment.
- To fulfil contractual obligations - If a Crisis24 product or service is purchased by an individual’s employer on behalf of the individual, Crisis24 may transfer Personal Information, including precise location, to the employer for its legitimate business purposes, including, without limitation, for purposes of risk management and/or crisis response. We may also share your Personal Information with other third parties such as government officials, healthcare providers, national and/or independent security forces, transportation providers, in the event that you require assistance.
- To comply with applicable law and legal obligations - In addition, Crisis24 may use and disclose Personal Information and other information as it believes reasonably necessary: to comply with applicable law or respond to legal process (for example, a court order, search warrant or subpoena); in response to lawful requests by public authorities (such as to meet national security or law enforcement requirements); to investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our Terms and Conditions, or in other circumstances in which Crisis24 has a good faith belief that its products or Services are being used in the commission of a crime or that there is an emergency that poses a threat to the safety of you or another person; or to protect our rights and property. We may need to share your Personal Information where required under the laws of countries in which we operate.
- For the pursuance of our obligations in the context of our legitimate business interests - Crisis24 may disclose Personal Information and other information to facilitate the financing, securitization, insuring, merger, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets.
- For other purposes where data is de-identified - We may also disclose aggregated, de-identified information about users of the Services for any purpose, such as by publishing a report on trends in the usage of the Crisis24 Services.
How Long We Store Personal Information
We will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We may retain your Personal Information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements, consistent with applicable law.
To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data: see below for further information.
In some circumstances we may anonymize your Personal Information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Privacy Protections for Children
Generally, Crisis24 Services are provided for adults only. The Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under the age of 13 through the Services. Exceptionally, we may provide services to children as part of a family unit, in which case the parents or guardians of the children in the family will be aware that the children’s Personal Information is being used by Crisis24 for these purposes.
Your Rights Regarding the Collection, Use And Distribution of Personal Information and Other Information
Under certain circumstances, you have rights under data protection laws in relation to the Personal Information we hold about you. You have the right to request:
- access to your Personal Information
- to have your Personal Information corrected
- to have your Personal Information deleted
- the restriction of the processing of your Personal Information or otherwise object to such processing
- your Personal Information to be provided to you in a portable form.
You also have the right to:
- withdraw consent for processing of Personal Information which relied on consent as the legal basis, and
- under the CCPA, protection from discrimination for exercising legal privileges and the right to the disclosure of Personal Information sold or shared. Please note that we do not sell Personal Information, nor do we share it with third parties for cross-contextual behavioral advertising.
If you are located in Singapore, you have the right under the PDPA to withdraw consent to the processing of your Personal Information however please note that withdrawal of consent may result in Crisis24 being unable to continue providing certain services to you. Where Crisis24 is permitted or required to collect, use, disclose or otherwise process Personal Information under applicable laws, withdrawing your consent does not affect our right to continue to do so.
If your Personal Information changes, you would like to review or correct your Personal Information, or if you no longer desire our Services, you may correct, update, or remove your Personal Information at the member information page or by emailing our Customer Support at [email protected]. Upon request Crisis24 will provide you with information about whether we hold any of your personal information. We will respond to your request within a reasonable timeframe and in accordance with applicable statutory timeframes.
What Kind of Security Procedures We Use to Protect the Loss, Misuse, or Alteration of the Information Under Our Control
Crisis24 takes commercially reasonable administrative, technical, and physical precautions to protect our users’ information against loss, misuse and unauthorized access, disclosure, alteration, and destruction. However, no system is 100% secure, and therefore we cannot guarantee the absolute security of the information that we collect.
International Transfer
Crisis24 provides services globally so it may be necessary to transfer your Personal Information internationally. In particular, your Personal Information may be transferred to and processed in the EU, United States, the United Kingdom and/or South Africa and wherever you access Crisis24 provided services while you travel. The data protection and other laws of other countries may provide a less comprehensive or protective standard of protection than those in your country or the country you are in while using our services. We use standard contractual clauses and other contract terms to facilitate international transfers of Personal Information in line with the requirements of applicable data protection laws.
Dispute Resolution
In compliance with the GDPR, Crisis24 commits to resolve complaints about our collection or use of your Personal Information. EEA and Swiss individuals with inquiries or complaints should first contact Crisis24 at:
Privacy Office
Crisis24
203 Rue du Faubourg Saint-Honoré, 75008 Paris, France
[email protected]
Contacting the Regulator
If you feel that your Personal Information has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your Personal Information, you have the right to lodge a complaint.
If you are based in the UK, you have the right to lodge your complaint with the Information Commissioner’s Office. You can contact them by calling +44 (0) 303 123 1113 or online www.ico.org.uk/concerns. (Please note we can’t be responsible for the content of external websites.)
If you are based in the EEA or Switzerland, you have the right to lodge your complaint with the data protection regulator in your country of residence.
Changes to this Privacy Policy
This Privacy Policy may be amended from time to time, consistent with changing legal, regulatory, or client requirements. We will post any changes to this Privacy Policy on our website. If we make a material change to this Privacy Policy, we will provide you with appropriate notice on our website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
Updated 6 May 2024