Alertive customers are the primary Data Controllers, and our responsibility is to protect the confidentiality, integrity and accessibility of personal data consumed and processed on their behalf as the Data Processor.
We also have responsibilities that result from interactions with our website (Website Data) and personal details that users choose to provide either via the website or the app, on a strictly opt-in basis, for Alertive to communicate with them (Personal Details).
For the purposes of the Data Protection Act 1998, the data controller is Alertive Ltd of The Old Vicarage, 51 St John Street, Ashbourne, Derbyshire, DE6 1GP.
Alertive is committed to protecting your privacy and developing technology that delivers a robust and safe experience.
Cookies are small text files that store small pieces of information. They are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make it more secure, provide a better user experience, understand how the website performs and analyse what works and where it needs improvement.
In addition, different browsers provide different methods to block and delete cookies used by websites. You can change your browser’s settings to block/delete the cookies.
Below are the support documents for managing and deleting cookies from major web browsers.
If you use any other web browser, please visit your browser’s official support documents.
3. DATA COLLECTION
There are three categories of data we collect:
3.1 The personal data (“Custodian Data”) that is collected and shared within our applications on behalf of our customers:
- UserID (Only if using Alternative Managed Identity Provider for Pilot Environments)
- Password (Only if using Alternative Managed Identity Provider for Pilot Environments)
- User First and Last Names
- Telephone Numbers
- Job Title
- Message Data that has the potential to contain personal information about individuals, patients or others
- Message Attachments in the form of images and audio files, which may contain personal data
- Message Timestamps
3.2 Users can elect to provide Personal Data either via the website or via the app in order to enable Alertive to communicate with them directly, with their express consent:
- Email Address
- Telephone Number
3.3 We also collect anonymous demographic information from website visitors, including IP addresses, browser types, domain names, access times and referring website addresses (“Website Data”).
4. TREATMENT OF CUSTODIAN DATA
Alertive Custodian Data flows bi-directionally between mobile, desktop and web applications and our Servers and is securely processed and stored within both the Server Database as well as the Aleritive Apps local storage on the client’s device.
5. TREATMENT OF PERSONAL AND WEBSITE DATA
We only store optional cookies with the user’s prior consent; these cookies store session data used for functional and analytical purposes. None of this data can be used to identify any individual.
Data provided by the user to register their interest in our product and services or to request a demo is stored securely in a database. It only contains data the user provides and is not shared with anyone.
6. USE OF PERSONAL DETAILS
Alertive may use Personal Details to provide services to users or carry out internal functions. This may include but is not limited to performing statistical analysis, sending emails, providing customer support or arranging deliveries. Alertive may also use Personal Details to inform users of other products or services available from Alertive or its partners. Alertive may contact users via surveys to conduct research about opinions on current services or about new potential services that may be offered. Alertive does not sell, rent or lease its customer lists to third parties nor use or disclose sensitive personal information.
All such third parties are prohibited from using personal information except to provide these services to Alertive, and they are required to maintain the confidentiality of your information.
Alertive may also use Personal Details:
- in connection with any sale of Alertive or all or a substantial part of its assets,
- to comply with any legal obligations
- to protect the rights, property or safety of Alertive, its customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
7. USE OF WEBSITE DATA
As with most online services, our website uses first-party and third-party cookies for several purposes. First-party cookies are primarily necessary for the website to function the right way, and they do not collect any of your personally identifiable data.
The third-party cookies used on our website are mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and, all in all, providing you with a better and improved user experience and help speed up your future interactions with our website.
We use Google Analytics and its popular plug-in Monster Insights to provide insight into how visitors find and use our web pages so that we can evaluate and develop them. This does not provide us with any identifiable information, only comparable statistics of user patterns on our website.
We use Salesforce, a cloud-based market-leading Customer Relationship Management (CRM) System, to manage applications for sales, marketing, supplier and customer management.
You can manage cookie preferences via the websites Cookie Settings in the bottom left corner. This will let you revisit the cookie consent banner and change your preferences or withdraw your consent immediately.
8. LEGAL BASIS OF PROCESSING
Although Alertive doesn’t request and process Special Category Data specifically, due to the messaging capability of the application there is the possibility for an end user to input data of this type, for example Patient Data. Article 6 of GDPR – ‘Lawfulness of processing’ stipulates that processing of this data is only lawful if one of 6 criteria is met. Although it’s the responsibility of the data controller to determine the reason for using Alertive, we legally process data under the following:
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
In addition Article 9 of GDPR – ‘Processing of special categories of personal data’ stipulates that the processing of Special Category Data is prohibited unless one of 11 points are satisfied, in the case of Alertive the following applies:
(i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;
The following sub-processors are involved in data processing:
- Amazon Web Services (AWS)
- Microsoft Azure –
10. INFORMING INDIVIDUALS
The responsibility for informing individuals about the use of data beyond what is covered in this document remains the responsibility of the Customer, who is the data controller.
11. PUBLISHING OF DATA
No Relevant Data will be published on the internet, on any other media platform or shared in any way beyond what is covered in this document.
12. QUALITY OF DATA
Alertive deals with two categories of Custodian Data – static personal data, which is defined as User Name, Telephone Number and Job Title, and non-static data, which is entered into free text areas and uploaded in the form of images and audio. The data controller controls the quality of both these sets of data.
13. PROPORTIONATE USE OF DATA
The static personal data provided by the data controller allows product users to identify individuals. We rely upon customers to provide accurate, up-to-date information and advise if the information in the system is not adequate, relevant, or appropriate.
14. RESPONSIBILITY TO KEEP DATA UPDATED
Static Personal information can be updated as needed via a customer request or an update of Active Directory information, which the data controller controls. Free text input message data cannot be updated by design, as this would affect the integrity of the data and, in turn, impact the quality of reporting and auditing.
15. RETENTION PERIODS
We do not define the retention period for data but instead work with each data controller (Customer) to determine the retention period based on their data retention policy and requirements.
16. DELETION POLICY
Alertive implements the required configuration to ensure that data is deleted in compliance with our customer’s data retention policy and requirements.
17. INDIVIDUAL DATA REQUESTS
The process for responding to individual data requests about the information held about them is as follows:
- Requests need to be made via contractually agreed support channels.
- The data request is reviewed, and the user’s identity is validated.
- All information pertaining to the individual will be extracted from the Alertive system and compiled into a report.
- The report will be secured with a passphrase and sent to the requester, either via email or through a method defined by the end user, within one calendar month.
18. STORAGE OF DATA
Data is stored as follows:
- Server – personal data is stored in an encrypted database within AWS RDS.
- Android Application – Personal data is stored in an encrypted database within the local private storage area, which is inaccessible to end users.
- iOS Application – Personal data is encrypted and stored within the local private storage area, which is inaccessible to end users.
- Desktop Application – Personal data is stored in an encrypted database within the local storage area, which is inaccessible to end users.
- Web Application – personal data is stored in an encrypted database within AWS RDS.
- Personal Data – Any personal data supplied by the user is encrypted in transit and at rest.
- Website – Personal data supplied by the user is stored in an encrypted database, and access to this database is restricted to the website and works on an IP Whitelist basis.
19. APPLICATIONS THAT PROCESS DATA
- Alertive Apps and Server
- Microsoft Azure Notification Hubs (any Custodian Data is encrypted)
- Apple Push Notification Infrastructure (any Custodian Data is encrypted)
- Android Push Notification Infrastructure (any Custodian Data is encrypted)
20. STAFF ACCESS
Alertive can be downloaded and used safely, under the Bring Your Own Device initiative, over the public internet.
21. TRANSFER OF DATA OUTSIDE THE EEA
Although we work with US Companies, we utilise their UK data centres and keep data within the UK. The exception to this rule is when we use Apple or Google’s push notification services, and when this is done, we ensure that Custodian Data is encrypted.
23. Google Crashlytics and Analytics
We use Firebase Crashlytics, a Google-owned service and Google Analytics v4 within our Android, iOS and Web (Analytics Only) Applications.
Crashlytics provides our developers with information about crashes and malfunctions within Alertive that users may experience, allowing us to resolve issues proactively.
The Services allow us to collect the following information:
- Device state information
- Unique device identifiers (Model, Device Type, OS, language)
- Information relating to the physical location of a device
- Information about the Application and how the application was used
- Time stamps
Data transmitted from Alertive to the Crashlytics Service is via a secure TLS connection and is neither stored nor transferred to other services or resources nor associated with other data available to Google.
For further information about Crashlytics:
- An RFC-4122 UUID which permits Google to deduplicate crashes
- The timestamp of when the crash occurred
- The app’s bundle identifier and full version number
- The device’s operating system name and version number
- A boolean indicating whether the device was jailbroken/rooted
- The device’s model name, CPU architecture, amount of RAM and disk space
- The uint64 instruction pointer of every frame of every currently running thread
- If available in the runtime, the plain-text method or function name containing each instruction pointer.
- If an exception was thrown, the plain-text class name and message value of the exception.
- If a fatal signal was raised, its name and integer code
- For each binary image loaded into the application, its name, UUID, byte size, and the uint64 base address at which it was loaded into RAM
- A boolean indicating whether or not the app was in the background at the time it crashed
- An integer value indicating the rotation of the screen at the time of crash
- A boolean indicating whether the device’s proximity sensor was triggered
We use Google Analytics to capture anonymous data about how users use Alertive to improve its design and functionality. Google Analytics captures this information by collecting cookie information. No personal data is collected during this process.