This document covers the privacy practices that we have adopted in relation to the Alertive website and any applications that we release, whether through an App store or other distribution method.
As a general rule our customers are the data controllers, and our responsibility is to act in such a way as to protect the confidentiality, integrity and accessibility of personal data that is consumed and processed on their behalf.
We also have responsibilities that result from interactions with our website (Website Data) and responsibilities in respect of personal details that users optionally elect to provide either via the website or the app on a strictly opt-in basis in order for Alertive to communicate with those individuals (Personal Details).
For the purposes of the Data Protection Act 1998 the data controller is Alertive Ltd of The Old Vicarage, 51 St John Street, Ashbourne, Derbyshire, DE6 1GP. Alertive is committed to protecting your privacy and developing technology that delivers a powerful and safe experience.
3. RELEVANT DATA
There are three categories of Relevant Data:
- 3.1 The personal data that is collected and shared within our applications on behalf of our customers – Custodian Data – which includes the following:
- User first and last names
- Telephone numbers
- Job titles
- Message data that has the potential to contain personal data of the individuals, patients or other people
- Attachment data in the form of images and audio files which could contain personal data
- 3.2 Users can elect to provide Personal Details either via the website or via the App in order to enable Alertive to communicate with them directly with their express consent:
- Email address
- Telephone number
- 3.3 We collect some anonymous demographic information from website visitors including IP addresses, browser types, domain names, access times and referring Web site addresses (Website Data).
4. TREATMENT OF CUSTODIAN DATA
Alertive Custodian Data flows bi-directionally between mobile and desktop applications and our Server and is securely stored in both the Server database and the client application local storage.
Information that is stored securely across the platform:
- Password (Secured by Microsoft Active Directory)
- User First Name (if configured in Microsoft Active Directory)
- User Last Name (if configured in Microsoft Active Directory)
- Telephone Number (if configured in Microsoft Active Directory)
- Job Title (if configured in Microsoft Active Directory)
- Message Content (This can be predefined or free text which has the potential for containing personal or sensitive information)
- Message Timestamps
- Image Attachments
- Audio Attachments
5. TREATMENT OF PERSONAL AND WEBSITE DATA
We only store cookies with the user’s prior consent; these cookies store session data used for functional and analytical purposes, none of this data can be used to identify any individual.
Data provided by the user to register their interest in our product or to request a demo is stored in a database on the website, this only contains data provided by the user and is not shared with anyone.
6. USE OF PERSONAL DETAILS
Alertive may use Personal Details for the purposes of providing services to users or carrying out internal functions. This may include but is not limited to performing statistical analysis, sending emails, providing customer support or arranging for deliveries. Alertive may also use Personal Details to inform users of other products or services available from Alertive or its partners. Alertive may contact users via surveys to conduct research about opinions of current services or of new potential services that may be offered. Alertive does not sell, rent or lease its customer lists to third parties.
All such third parties are prohibited from using personal information except to provide these services to Alertive, and they are required to maintain the confidentiality of your information. Alertive does not use or disclose sensitive personal information.
Alertive may also use Personal Details:
- in connection with any sale of Alertive or all or a substantial part of its assets,
- in order to comply with any legal obligations
- or to protect the rights, property, or safety of Alertive, its customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
7. USE OF WEBSITE DATA
Alertive collects and uses non-personal information to operate the Alertive website. Alertive keeps track of the Websites and pages our customers visit in order to determine what services are the most popular. This data is used to deliver customised content and advertising to customers whose behaviour indicates that they are interested in a particular subject area.
The following sub-processors are involved in data processing. This only takes place within the EEA:
- Amazon Web Services
9. INFORMING INDIVIDUALS
The responsibility for informing individuals about the use of data beyond what is covered in this document remains with the Customer who is the data controller.
10. PUBLISHING OF DATA
No Relevant Data will be published on the internet, on any other media or shared in any way beyond what is covered in this document.
11. QUALITY OF DATA
Alertive deals with two categories of Custodian Data – static personal data which is defined as User Name, Telephone Number and Job Title, as well as non-static data which is entered into free text areas and uploaded in the form of images and audio. The quality of both these sets of data is controlled by the data controller.
12. PROPORTIONATE USE OF DATA
The static personal data provided by the data controller that is processed allows users of the product to identify individuals. We are reliant upon customers to provide accurate information and advise if information that is in the system is not adequate, relevant, and not excessive.
13. RESPONSIBILITY TO KEEP DATA UPDATED
Static Personal information can be updated as needed via a request from the customer or via an update of Active Directory information which is controlled by the data controller. Free text input message data cannot be updated by design as this would affect the integrity of the data and in turn impact the quality of reporting and auditing.
14. RETENTION PERIODS
We do not define the retention period for data. We work with each data controller to define the data retention period based on their data retention policy and requirements.
15. DELETION POLICY
Alertive implement the required configuration to ensure that data is deleted in compliance with our customer’s data retention policy and requirements.
16. INDIVIDUAL DATA REQUESTS
The process for responding to individual data requests about the data held about them is as follows:
- Requests need to be made via contractually agreed support channels.
- The data request is reviewed, and the identity of the user validated
- All information pertaining to the individual will be extracted from the Alertive system and compiled into a report
- The report will be secured with a passphrase and sent to the requester either via email or through a method defined by the end user within one calendar month.
17. STORAGE OF DATA
Data is stored as follows:
- Server – personal data is stored in a secure database within AWS RDS.
- Android application – Personal data is stored in an encrypted database within the local private storage area which is inaccessible to end users.
- iOS – Personal data is encrypted and stored within the local private storage area which is inaccessible to end users.
- Desktop – Personal data is stored in an encrypted database within the local storage area which is inaccessible to end users.
- Personal Data – Any personal data supplied by the user is encrypted during transit.
- Website – Personal data supplied by the user is stored in an encrypted database, access to this database is restricted to the website and works on an IP Whitelist basis.
18. APPLICATIONS THAT PROCESS DATA
- Alertive Apps and Server
- Microsoft Azure Notification Hubs (any Custodian Data is encrypted)
- Apple Push Notification Infrastructure (any Custodian Data is encrypted)
- Android Push Notification Infrastructure (any Custodian Data is encrypted)
19. STAFF ACCESS
Alertive can be used in a Bring Your Own Device scenario over the public internet.
20.TRANSFER OF DATA OUTSIDE THE EEA
Although we work with US Companies, we utilise their UK data centres and keep data within the UK. The exception to this is where we use Apple or Google’s push notification services, but when we do this we ensure that Custodian Data is encrypted.