Privacy

The CriticalArc Privacy Policy
Updated on August 24, 2016.

Your privacy is important to CriticalArc and always has been. Our Privacy Policy covers how we collect, use, disclose, transfer, and store your information. Please take a moment to familiarise yourself with our privacy practices.  If you have any questions you can contact us via contact@criticalarc.com.

A wide variety of organisations use SafeZone as part of their Work, Health and Safety (WHS) program.  SafeZone is a system that supports Safety and Security in real time across complex environments.

The User of SafeZone is central to our privacy policy and the policy has been designed from the User perspective. As a consequence it provides organisations that use the SafeZone system with privacy policy that aligns to their employees, volunteers, students and other parties that may be part of the organisations WHS program.

Opting in to SafeZone services

If your organisation chooses to use SafeZone for its emergency and response services then you may choose to use the SafeZone services by opting in.

If you are an end user, you can opt in to SafeZone services by signup up through the SafeZone mobile application.

If you are a responder, your organisation may opt in to SafeZone services on your behalf as a part of your duties.

Your organisation may also invite you to opt into SafeZone services via email. If you are invited to opt in to SafeZone services you are automatically subscribed to receive important notifications relating to safety from your organisation. You may unsubscribe from these notifications by responding to the invitation email or contacting support@criticalarc.com.

Collection and use of Personal Information

Personal information is data that can be used to identify or contact a single person.

You may be asked to by your employer, university, company or government department if you want to opt into their SafeZone service to provide you with safety services should an emergency arise whilst you are working or studying.

You may choose to opt into the SafeZone service at any time. By opting in and providing your personal information you are authorising CriticalArc or a CriticalArc affiliated company to use your information in the provision of safety services.

CriticalArc and its affiliates may share this personal information with each other and use it consistent with this Privacy Policy.

They may also combine it with other information to provide and improve our products, services, and content that is still consistent with this policy.

What personal information do we collect?

While opting in to SafeZone services you may be asked to provide some personal information that is considered mandatory to provision the service and information that is considered optional.

When using SafeZone applications and services, or contact us, we may collect a variety of information, including your name, photo, phone number, email address and unique device identifiers.

Your organisation may optionally request other information to assist in providing the best response and improve services, such as special medical and accessibility needs.

How we use your personal information?

CriticalArc will use information to provide you with an efficient and effective responder service as determined by your organisation. For example a University will determine the responder service for their students, an NGO for volunteers, a company for employees, and government department for public servants.

Some of the ways we may use your personal information is as follows:

  • Your personal information is used to identify, locate and communicate with you when you use SafeZone services, including raising an alert or checking-in.
  • We may use your personal information to verify identity, assist with identification of users, and to determine appropriate responder services when you use SafeZone services.
  • We also use personal information to help us create, develop, operate, deliver, and improve our products, services, and content.
  • From time to time, we may use your personal information to send important notices, such as communications about changes to terms, conditions, and policies. Because this information is important to your interaction with CriticalArc through your organisation, you may not opt out of receiving these communications.
  • We may also use personal information for internal purposes such as auditing, data analysis, and research to improve CriticalArc’s products, services, and user communications.

Collection and Use of Non-Personal Information

We also collect data in a form that does not, on its own, permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:

  • We may collect information such as occupation, language, zip code, area code, referrer URL, geographical location and the time zone where a CriticalArc product is used so that we can better understand behaviour in emergency circumstances and improve our products, and services.
  • We may collect information regarding user activities on our website and the services provided through the website. This information is aggregated and used to help us provide more useful information to our users and to understand which parts of our website, products, and services are of most interest. Aggregated data is considered non-personal information for the purposes of this Privacy Policy.
  • We may collect anonymous diagnostic information to help improve the stability and performance of our applications.
  • With your explicit consent, we may collect data about how you use your device and CriticalArc applications in an emergency in order to improve the apps.

If we do combine non-personal information with personal information the combined information will be treated as personal information for as long as it remains combined.

Cookies and other user tracking techniques

CriticalArc’s websites, online services, interactive applications, email messages, may use cookies and other technologies such as pixel tags and beacons.

These technologies help us better understand user behaviour, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of web searches.

We treat information collected by cookies and other technologies as non‑personal information. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal information by local law, we also treat these identifiers as personal information.

You can disable cookies through your web browser.  Go to your provider of your browser for instructions to disable cookies.

The cookies used on our websites have been categorised based on the guidelines found in the ICC UK Cookie guide.

We use the following categories on our websites and other online services:

Category 1 — Strictly necessary cookies

These cookies are essential to enable you to browse around our websites and use their features. Without these cookies, some services cannot be provided.

Category 2 — Performance cookies

These cookies collect information about how you use our websites — for instance, which pages you go to most. This data may be used to help optimise our websites and make them easier for you to navigate. These cookies don’t collect information that identifies you. All information these cookies collect is aggregated and therefore anonymous.

Category 3 — Functionality cookies

These cookies allow our websites to remember choices you make while browsing. For instance, we may store your geographic location in a cookie to ensure that we show you our website localised for your area. We may also remember preferences such as text size, fonts, and other customisable site elements. They may also be used to keep track of what featured products or videos have been viewed to avoid repetition. The information these cookies collect will not personally identify you, and they cannot track your browsing activity.

As is true of most internet services, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.

We use this information to understand and analyse trends, to administer the site and applications, to learn about user behaviour on the site, to improve our product and services, and to gather demographic information about our user base as a whole.

Pixel tags enable us to send email messages in a format customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers.

Disclosure to Third Parties

At times CriticalArc may make certain personal information available to strategic partners that work with CriticalArc to provide products and services.

For example, in order to send notifications to your email address, mobile phone number or mobile application, CriticalArc must share certain personal information with email, SMS and push notification providers, such as your email address, mobile phone number and device identifier.

Personal information will not be shared with third parties for their marketing purposes.

Service providers

CriticalArc shares personal information with companies who provide services such as email services, SMS services, push notification services and cloud infrastructure services for the purposes of providing the SafeZone service. These companies are obligated to protect your information and may be located wherever CriticalArc operates.

Others

It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for CriticalArc to disclose personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.

We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganisation, merger, or sale we may transfer any and all personal information we collect to the relevant third party.

Protection of Personal Information

CriticalArc takes the security of your personal information very seriously.

CriticalArc protects your personal information during transit using encryption such as Transport Layer Security (TLS). When your personal data is stored by CriticalArc, we use computer systems with limited access housed in facilities using physical security measures. Cloud data is stored utilising Microsoft Azure Cloud storage and has adopted the Microsoft program for data storage and key management.

When you use some CriticalArc products, services, or applications such as posting on a CriticalArc forum, chat room, or social networking service, the personal information and content you share is visible to other users and can be read, collected, or used by them. You are responsible for the personal information you choose to share or submit in these instances. For example, if you list your name and email address in a forum posting, that information is public. Please take care when using these features.

Integrity and retention of Personal Information

CriticalArc makes it easy for you to keep your personal information accurate, complete, and up to date. We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

Access to Personal Information

You can help ensure that your contact information and preferences are accurate, complete, and up to date by managing your user profile in the SafeZone mobile application.

For other personal information we hold, we will provide you with access for any purpose including to request that we correct the data if it is inaccurate or delete the data if CriticalArc is not required to retain it by law or for legitimate business purposes.

We may decline to process requests that are frivolous/vexatious, jeopardise the privacy of others, are extremely impractical, or for which access is not otherwise required by local law. Access, correction, or deletion requests can be made via email to support@criticalarc.com.

Children

We understand the importance of taking extra precautions to protect the privacy and safety of children using CriticalArc products and services.

Accordingly, we do not knowingly collect, use or disclose personal information from children under 13, or equivalent minimum age in the relevant jurisdiction, without verifiable parental consent. If we learn that we have collected the personal information of a child under 13, or equivalent minimum age depending on jurisdiction, without first receiving verifiable parental consent we will take steps to delete the information as soon as possible.

Children under the age of 13, or equivalent minimum age in the relevant jurisdiction, are not permitted to use CriticalArc products and services without their parents’  consent.

Location-based services

To provide location-based services on CriticalArc products, CriticalArc and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your CriticalArc computer or device. Where available, location-based services may use GPS, Bluetooth, IP address, crowd-sourced Wi-Fi hotspot and cell tower locations, and other technologies to determine your devices’ approximate location.

Some location-based services offered by CriticalArc, such as the notification feature, require your personal information for the feature to work.

Third-Party Sites and services

CriticalArc websites, products, applications, and services may contain links to third-party websites, products, and services. Our products and services may also use or offer products or services from third parties − for example, a third‑party service. Information collected by third parties, which may include such things as location data or contact details, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.

International users

All the information you provide may be transferred or accessed by CriticalArc entities around the world as described in this Privacy Policy.

CriticalArc is registered with the Information Commissioner’s Office in the UK. CriticalArc abides by the “safe harbour” frameworks set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information collected by organisations in the European Economic Area and Switzerland. CriticalArc also abides by the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organisations to ensure protection of personal information transferred among participating APEC economies.

Our Company-wide Commitment to Your Privacy

To make sure your personal information is secure, we communicate our privacy and security guidelines to CriticalArc employees and strictly enforce privacy safeguards within the company.

Privacy questions

If you have any questions or concerns about CriticalArc’s Privacy Policy or data processing or if you would like to make a complaint about a possible breach of local privacy laws, please contact us via contact@criticalarc.com.

All such communications are examined and replies issued where appropriate as soon as possible. If you are unsatisfied with the reply received, you may refer your complaint to the relevant regulator in your jurisdiction. If you ask us, we will endeavour to provide you with information about relevant complaint avenues which may be applicable to your circumstances.

CriticalArc may update its Privacy Policy from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated Privacy Policy.

© Copyright CriticalArc Pty. Ltd. 2016