fbpx

Privacy Policy

What does teamSOS do?

teamSOS is a unique on-call solution that works across desktop, tablet, mobile and even a help button that can sit on a lanyard. Designed to safeguard your staff and students during an incident, teamSOS brings the right teams together to ensure incidents are dealt with quickly and effectively.

There is a live-stream facility within the teamSOS app to send live video of an incident scene to the wider response team. With its dynamic actions the app expediates schools’ “lockdown” and “evacuation” alerts to ensure the whole school is informed and knows how to respond. The app employs an enhanced GPS system which can pinpoint the room where the incident is happening.

This privacy notice covers:

  • Why we use your personal information
  • The legal basis for processing
  • What personal information we use
  • How we use your personal information
  • Your rights under data protection legislation
  • Sharing personal information with third parties
  • How long we may keep your information
  • Changes to our privacy notice
  • Help undertaking a Data Privacy Impact Assessment (DPIA)
  • Contact details for our Data Protection Lead
  • Why we use your personal information

We process your personal data for the following purposes:

  • To provide information to prospective customers and help them to make an informed purchasing decision. 
  • To provide you with the service the teamSOS offers.
  • The verification of your identity if required.
  • For the ongoing administration of the service.
  • To allow us to improve the products and services we offer to our customers.
  • To ask for your opinion about our products and offer surveys.
  • For research and statistical analysis including usage patterns,
    we only use the data in an anonymized manner when we use your data for this purpose.
  • To enable us to comply with our legal and regulatory obligations.
  • To offer new products and services to you which are relevant and appropriate, and only to the extent that would be reasonably expected.

If we plan to introduce further processes for the use of your information, we will provide information about that purpose prior to such processing.

The legal basis for processing

    The legal basis for processing differs for prospective customers and existing customers.

    For prospective customers and for contacts of an existing customer, teamSOS Limited lawfully processes personal data under (Art 6.1(b)): “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;” to provide you with services (including demonstrations, webinars and pricing) that the data subject requests in representation of a prospective customer. We also process personal data under (Art 6.1(a)):” the data subject has given consent to the processing of his or her personal data for one or more specific purposes;” to contact the data subject regarding our products, services, events and special offers. This consent can be withdrawn at any time.

     

    For data subjects using teamSOS in their organisation, it is the responsibility of the Data Controller to determine the lawful basis of processing, the below provides a likely basis for an educational organisation in England or Wales. The lawful basis of processing for teamSOS may use (Art 6.1(c)): “processing is necessary for compliance with a legal obligation to which the controller is subject;” Alternatively, the lawful basis may be (Art 9.2(g)): “Processing is necessary for reasons of substantial public interest.” with the Condition being:

    12 – Regulatory requirement18 – Safeguarding of children and individuals at risk
    19 – Safeguarding of economic wellbeing of certain individuals

    In England and Wales, the likely legal obligation for data subjects considered to be students is based in the DFE’s statutory guidance “Keeping children safe in education” which in turn is based on the following laws:

    Section 175 of the Education Act 2002,
    Education (Independent School Standards) Regulations 2014,
    Non-Maintained Special Schools (England) Regulations 2015,
    Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR)

    In England and Wales, the likely legal obligation for data subjects considered to be staff or visitors is based on:

    Health and Safety at Work Act 1974,
    Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR)

    Certain disclosures made during SOS Emergency incidents when using teamSOS may also be lawful under Vital Interests 6(1)d. An organisation should refer to their own existing guidance on such matters, regardless of how such disclosures are made.

    To lawfully process special category data, the data controller must identify both a lawful basis under Article 6 of the GDPR and a separate condition for processing under Article 9. In the case of education establishments in England and Wales, consent is sought by all schools to use student personal data throughout the curriculum and pastoral care. When seeking this consent, it should be made clear that special category data may be used in teamSOS.

    It should be noted that in some circumstances this legal basis may vary, however, we always operate in full compliance with Data Protection Law and will only process data with a fair and reasonable legal basis for doing so.

    What personal information we process

    To carry out these services, we obtain (either from the Customer and/or from you directly) and process the following information:

     

    Data Data item Purpose
    Prospective customer  Name  To correctly address a prospective customer.
    Prospective customer  Email address  To send information and discuss teamSOS with a prospective customer.
    Prospective customer  Phone number  To discuss teamSOS with a prospective customer. 
    Prospective customer  Organisation nametype and address  To provide accurate information regarding teamSOS to a prospective customer. 
    Prospective customer  Size of organisation  To provide accurate information regarding teamSOS to a prospective customer. 
    Prospective customer  Job title  To understand your role in a prospective customer organisation. 
    Prospective customer  Mailing opt-in  To permit us to keep you up to date on a service you have expressed an interest in. 
    Prospective customer  Presales activity  To help us understand how prospective customers select our product.
    To ensure we provide accurate information at appropriate times.
    User Email address

    To provide a unique username for teamSOS.

    To enable conversation creation between colleagues.

    To follow up on tasks assigned to the data subject.

    To facilitate single sign-on with existing organisational identity systems.

    To enable self-service password reset.

    To communicate with you operationally.

    User

    Avatar image

    (which may be Display Name initials, an image uploaded to teamSOS, or an image they have uploaded to Office 365 or Google Workspace)

    To provide quick recognition of context for new incidents and incident membership.

     

    Location

    Current location

    (On demand, when interacting within an incident. There is no ongoing tracking of location.)

    To provide context of individual locations when responding to an incident, enabling faster attendance by colleagues.

    To provide context of individual locations when assessing the organisation response to a serious incident after the event.

    Location

    Current location

    (One-time, potentially in the background, at the time of receiving a click event from a teamSOS smart button that you have paired to your device.  There is no ongoing tracking of location.  This feature is not enabled unless you have at least one paired smart button)

    To provide context of individual locations when responding to an incident, enabling faster attendance by colleagues.

    To provide context of individual locations when assessing the organisation response to a serious incident after the event.

     

    Location

    Current location

    (When triggering a Personal ICE Alert and/or when the Personal ICE Contact that you configured in teamSOS views or refreshes a Personal ICE Alert location map that you have sent them, for a period of up to an hour after you created a Personal ICE Alert.  This feature is not enabled unless you have configured your Personal ICE Contact.)

    To provide context of individual location to your configured Personal ICE Contact when you start a Personal ICE Alert.

    To provide context of individual location up to an hour after you create a Personal ICE Alert.

    Technical

    Multi-factor authentication token

    (if enabled)

    To increase the protections applied to the personal data stored within teamSOS that is accessible by the data subject.
    Technical

    A single sign-on token

    (Microsoft, Google)

    To integrate with existing organisational identity lifecycle practices.

    To increase the protections applied to the personal data stored within teamSOS that is accessible by the data subject.

    To simplify and expedite access for an authorised data subject to teamSOS.

    Technical

    One-way strong hashed password

    (When using single sign-on teamSOS does not store any password)

    To facilitate secure access to teamSOS.
    Technical Login session tokens To facilitate secure access to teamSOS and enable revocation of existing access.
    Technical

    Google reCAPTCHA cookie

    (when a data subject first logs in without using single sign-on or requests a forgotten password reset)

    To increase the protections applied to the personal data stored within teamSOS that is accessible by the data subject.
    Technical

    Device mobile push message token

    (when using the App)

    To send relevant notifications to the teamSOS app when the app isn’t open, such as new incidents, new instant messages, and so on.
    Technical

    Device OS version installed

    (when using the App)

    To ensure the technical format of notifications is suited to the capabilities of the OS and version.

    To understand how you interact with the app and where to improve teamSOS.

    Technical

    teamSOS app version installed

    (when using the App)

    To ensure the technical format of notifications is suited to the capabilities of the app version installed.

    To understand how you interact with the app and where to improve teamSOS.

    Technical

    Unique installation identifier

    (when using the App)

    To ensure that a given installation only receives notifications relevant to the currently logged in user.

    To understand how you interact with the app and where to improve teamSOS.

    How we process your personal information

    We use your personal information in teamSOS, and it should be acknowledged that some of our employees have access to such information, only to the extent required to carry out the services for you.

    We have introduced appropriate technical and organisational measures to protect the confidentiality, integrity, and availability of your personal information during storage, processing, and transit.
    For our core product platform, we avoid using cloud services that operate outside of the UK or EEA, defined in GDPR as “Third Countries”. The app notification delivery services provided by Apple, Google, Microsoft, and your own email providers are subject to the terms of those providers.

    Some of our business systems (for example our CRM) might use cloud services that operate from Third Countries outside the UK and the EEA. Where we must use cloud services that operate from Third Countries, we ensure that adequate safeguards are established to protect your data.

    Your rights under Data Protection Law

    Right to Access

    You have the right of access to your personal information that we process and details about that processing. You can usually access that information directly within the teamSOS application. However, should this not be possible, you can raise a Data Subject Access Request (DSAR) to receive this information in another format. Please direct your request to the organisation which manages our application.

    Right to Rectification

    You have the right to request that information is corrected if it’s inaccurate. You can usually update your own information using the teamSOS app. However, should this not be possible, you can contact us to make the changes on your behalf. In the first instance, you should contact your organisation, to correct the data held by them and provided to us for processing.

    Right to Erasure (Right to be Forgotten)

    You have the right to request that your information is removed; depending on the circumstances, we may or may not be obliged to action this request. Please direct your request to the organisation which manages our application.

    Right to Object

    You have the right to object to the processing of your information; depending on the circumstances, we may or may not be obliged to action this request. Please direct your request to the organisation which manages our application.

    Right to Restriction of Processing

    You have the right to request that we restrict the extent of our processing activities; depending on the circumstances, we may or may not be obliged to action this request. Please direct your request to the organisation which manages our application.

    Right to Data Portability

    You have the right to receive the personal data which you have provided to us in a structured, commonly used and machine-readable format suitable for transferring to another controller. Please make enquiries with your organisation.

    Right to lodge a complaint with a supervisory authority

    If you have any concerns or complaints regarding the processing of your personal data, or our compliance with the GDPR and DPA 2018, you should contact your organisation initially. Please state clearly in the subject that your request concerns a privacy matter and provide a clear description of your requirements.
    Note: We may need to request additional information to verify your identity before they action your request.

    The law allows you to contact us directly. However, as data processors we must seek permission from the data controller (your organisation) before we are able to release any information to you, which will include disclosing the request made and the identity verification undertaken. We recommend that you always contact your organisation to regarding any data we process.

    You also have the right to lodge a complaint with the Supervisory Authority. Their contact details in the UK are: 

    Website: www.ico.org.uk
    Telephone: 0303 123 1113
    Postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

    Sharing personal information with third parties

    We use a range of trusted service providers to help deliver our services. All of our suppliers are subject to appropriate safeguards, operating in accordance with our specific instructions and limitations, and in full compliance with Data Protection Law.

    Sub-processor Purpose
    Microsoft Azure teamSOS cloud platform hosting
    Microsoft Office 365 Data management and communications
    Apple APNS Push notification to iOS authenticated mobile devices
    Google Firebase Cloud Messaging Push notification to Android authenticated mobile devices
    Microsoft WNS Push notification to Windows authenticated devices
    SendInBlue Email communication to users and prospective customers
    Amplitude Understand how teamSOS is used and where to improve the product
    Google Anonymous Web statistics analysis and additional account protection when setting first-time password for user
    Mailchimp  Relevant email engagement with product users and consenting prospective customers 
    vTiger CRM  Management of prospective and existing customers  
    Livestorm Online meetings and webinars
    Facebook Pixel Allows us to anonymously analyse how visitors interact with the content on our website when they visit from Facebook

     

    We may also have access to your personal information as part of delivering the service. If we need to change or add additional third parties, we will always update our Privacy Notice accordingly. We will only disclose your information to other parties in the following limited circumstances:

     

    • Where we are legally obliged to do so, for example to law enforcement and regulatory authorities.
    • Where there is a duty to disclose in the public interest.
    • Where disclosure is necessary to protect our interest, for example to prevent or detect crime and fraud.
    • Where you give us permission to do so.

    How long we may keep your personal information

    We will only retain information for as long as is necessary to deliver the service safely and securely. We may need to retain some records to maintain compliance with other applicable legislation.

    Your organisation controls the retention of data in the teamSOS platform and you should refer to their policies and practices in the first instance.

    However, in teamSOS:

    Security credentials, such as salted hashed password, for a deleted user account are purged immediately on deletion.

    Incidents are fully deleted from the underlying teamSOS platform within 30 days of deletion being instructed by the data controller.

    If we cease service to a customer then all content and user data is fully deleted from the underlying teamSOS platform within 30 days.

    Changes to our Privacy Notice

    This policy will be reviewed regularly, and updated versions will be posted on our websites.

     

    Help undertaking a Data Privacy Impact Assessment (DPIA)

    If you are undertaking a DPIA on behalf of your organisation then we can provide additional information to you that answers common questions and shows how we consider and address risks.

    If you would like access to this information or any other help completing your DPIA then please contact our Data Protection Lead.

     

    Contact details for our Data Protection Lead

    We have appointed a Data Protection Lead (DPL); their contact details are as follows:

    E-mail: dpl@teamsos.co.uk

    By post: Data Protection Lead at the teamSOS Limited registered company address.

     

    Contacting us

    If you can’t find what you’re looking for here, or have a concern about our use of your personal data, please get in touch by emailing hello@teamsos.co.uk