Privacy Policy

HomePrivacy Policy

Last Updated: 19 September 2023. Look at What’s New in Privacy Policy.

Your privacy is important to us. This privacy statement explains what personal data Crises Control collects from you, through our interactions with you and through our products, and how we use that data.

Please read the product-specific details in this privacy statement, which provide additional information about some of Crises Control products. This statement applies to Crises Control’s interactions with you and other Crises Control products that display this.

Welcome to the Crises Control Privacy Policy

Crises Control is a comprehensive crisis management software that helps professionals to plan, prepare, and respond to any emergency or crisis situation. It uses multiple channels of communications such as SMS, Phone calls, Email, Push and some social media channels to communicate in mass to the people that may be affected by an emergency incident.

When you use Crises Control services, you trust us with your information. This Privacy Policy is meant to help you understand what data we collect, why we collect it and what we do with it. This is important; we hope you will take time to read it carefully. We are committed to making sure your personal data stays safe and secure. Our privacy covers how we treat your data and your rights to access, update or have it deleted. It’s based on the principles of the Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

1. Introduction & General Terms

Crises Control is committed to protecting your personal information when you are using Crises Control Services. This Privacy and Cookies Policy relates to our use of any personal information we collect from you via the following online services:

  • Any Crises Control website that links to this Privacy and Cookies Policy;
  • Social media or official Crises Control content on other websites;
  • Mobile device Applications (“Apps”);
  • Mobile device Location Tracking?

It also relates to our use of any personal information you provide to us by phone, SMS, email, in letters, other correspondence and in person.

In order to provide you with the full range of Crises Control services, we sometimes need to collect information about you.

This Privacy and Cookies Policy explains the following:

  • what information Crises Control may collect about you;
  • how Crises Control will use information we collect about you;
  • when Crises Control may use your details to contact you;
  • whether Crises Control will disclose your details to anyone else;
  • your choices regarding the personal information you provide to us;
  • the use of cookies on Crises Control websites and how you can reject cookies.

Crises Control is committed to safeguarding your personal information. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, including the Data Protection Act 2018 (these laws are referred to collectively in this Privacy and Cookies Policy as the “data protection laws”). No website can be completely secure; if you have any concerns that your Crises Control account could have been compromised e.g. someone could have discovered your password, please get in touch straight away.

The Crises Control websites contain hyperlinks to websites owned and operated by third parties. These third party websites have their own privacy policies, and are also likely to use cookies, and we therefore urge you to review them. They will govern the use of personal information you submit when visiting these websites, which may also be collected by cookies. We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.

2. What does Crises Control Do?

Crises Control is a comprehensive Emergency Mass Notification System (EMNS), that helps professionals to plan, prepare, and respond to any emergency or crisis situation. It uses multiple channels of communications such as SMS, Phone calls, Email, Push and some social media channels to communicate in mass to the people that may be affected by an emergency incident.

Crises Control is a cloud based solution that bring together functionality normally found in different systems under one easy to use platform for any business to meet its Incident management, risk mitigation, compliance and regulatory obligations.

Crises Control provides a powerful Emergency Mass Notification System (EMNS), combined with innovative Business Continuity & Incident Management System (BCMS) and a simple and effective way to create Standard Operating Procedures (SOP). Our SOP wizard helps organisations to create and manage their Incident Procedures, Policy and other documentation that follow Business Continuity principles.

Crises Control activities are only covered by this Privacy and Cookies Policy in relation to its use of data collected via www.crises-control.com website and the customer portal. To find out more about us and how it will use data collected when you use Crises Control, please see it’s corporate website and the Crises Control Privacy Policy.

When we refer to ”we” or ”our” or ”Crises Control ” we are referring to the Crises Control Limited.

a. Our obligations in respect of your personal data

Where we are Controllers and Processors of your data, our obligation is to ensure that this data is processed lawfully, fairly and transparently as agreed by our clients and to maintain appropriate security controls. Processing here means maintaining the confidentiality, availability, integrity and security of the data, the servers and network where the data is held. Where it is exceptionally necessary to access a client database to investigate a client issue we will always seek the client’s permission. We work hard to protect Crises Control and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:

  • We encrypt many of our services using SSL.
  • We offer two factor authentication (2FA) verification when you access your Crises Control Account.
  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
  • We restrict access to personal information to Crises Control employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined, or their contract terminated if they fail to meet these obligations.

b. Your obligations in respect of personal data

When you sign up for Crises Control services you will be given access to our portal where you can store your Incident management information including as necessary personal contact details. We recommend you keep passwords private. The use of strong account passwords is always recommended. Be creative: think of a special phrase and use the first letter of each word as your password. Substitute numbers for some words or letters. For example, “I want to see the Pacific Ocean” could become 1W2CtPo.

3. What Personal Data Crises Control collect?

a. From the Crises Control Website

We collect two types of information from the website: The information you give to us and information we collect from you. The Crises Control website does not capture or store any personal information about individuals who access it, except where they voluntarily choose to give us personal details by email or by using an electronic form to register or to enquire about our services?

b. From the Crises Control Portal

When you participate in, access or sign up to any of the Crises Control services activities or online content, such as newsletters, live chats, web, email, mobile push telephone and SMS notifications, or create an account using the Crises Control online registration process we may receive personal information about you.

The Crises Control registration process requires you to give us personal information such as first name, surname, postal address, demographic information (such as postcode), mobile number, landline number email and password. We use this information to provide the services you have signed up to and for use in all our communications, reporting, analysis as well as the information collected about the use of the Crises Control services. For example, many of our services require you to sign up for a Crises Control Account. When you do, we’ll ask for personal information, like your name, email address, telephone number to store with your account.

c. From the Crises Control app

Depending on the Crises Control services that you use, and your app settings or device permissions, Crises Control may collect your precise or approximate location information as determined through data such as GPS, IP address and Wi-Fi. We use location information for safety and security reasons to know your approximately location, who is closest to an incident and user’s locations in relation to the incident. We collect all the messages that you send and receive, on all communication channels you use, which could be; email, push, SMS, and telephone for the purposes of audit and analysis. Depending on the settings to record telephone calls, conference call also forms part of the data we collect.

i. Location Information

When you use Crises Control services, we may collect and process information about your precise or approximate location. We use various technologies to determine location, including IP address, GPS and other sensors that may, for example, provide Crises Control with information on nearby devices, Wi-Fi access points and mobile towers.

Depending on the Crises Control services that you use, and your app settings or device permissions, Crises Control may collect your precise or approximate location information as determined through data such as GPS, IP address and Wi-Fi.

  • If you use the SOS Emergency option, Crises Control collects location information when the Crises Control app is running in the foreground (app open and on-screen) or background (app open but not on screen) of your device.
  • If you use the Track me during Travel option, Crises Control collects location information when the Crises Control app is running in the foreground (app open and on-screen) or background (app open but not on screen) of your device.
  • If you use the Track me during Incident option, Crises Control collects location information when the Crises Control app is running in the foreground (app open and on-screen) or background (app open but not on screen) of your device.

Crises Control may use this information for safety and security purposes, and for analytics.

ii. Contact Information

If you permit the Crises Control app to access the contacts on your device, we may collect names and contact information from your address book to facilitate social interactions through our services and for other purposes described in this policy or at the time of consent or collection.

iii. Calls, text and other messages

We enable users to call, email or text each other through the Crises Control apps. For example, we enable users, to conference call or message each other without disclosing their telephone numbers or without using the client’s telecommunication network. To provide this service, Crises Control receives some information regarding the calls or texts, including the date and time of the call/text, and the content of the text messages. Crises Control may also use this information for customer support services, for safety and security purposes, and for analytics.

iv. Device Information

We collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). Crises Control may associate your device identifiers or phone number with your Crises Control Account.

v. Log information

When you use our services or view content provided by Crises Control, we automatically collect and store certain information in server logs. This includes:

  • details of how you used our service.
  • telephony log information, such as your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls.
  • Internet protocol address.
  • device event information, such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
  • cookies that may uniquely identify your browser or your Crises Control Account.

vi. Local storage

We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.

vii. Unique application numbers

Certain services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to Crises Control when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.

viii. Updates and Support

Crises Control may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on and our products. We primarily use our various product blogs to communicate this type of information, so we expect to keep this type of email to a minimum. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users.

ix. Cookies and similar technologies

We and our partners use various technologies to collect and store information when you visit a Crises Control service, and this may include using cookies or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services we offer to our partners, such as advertising services or features that may appear on other sites.

Information we collect when you are signed into Crises Control, in addition to information we obtain about you from partners, may be associated with your Crises Control Account. When information is associated with your Crises Control Account, we treat it as personal information. For more information about how you can access, manage or delete information that is associated with your Crises Control Account, visit section 16 of this policy.

We also use this to inform you of changes, improvement, enhancements, upgrades options and marketing from time to time.

x. Information from other sources

These may include:

  • Users providing feedback, such as ratings or compliments.
  • Crises Control business partners through which you create or access your Crises Control account, such as payment providers, social media services, or apps or websites who use Crises Control APIs or whose API Crises Control uses.
  • Online surveys, training and assessment services providers.
  • Publicly available sources
  • Marketing service providers

Crises Control may combine the information collected from these sources with other information in its possession.

4. Information you give us

a. Information you provide

Many of our services require you to sign up for a Crises Control Account. When you do, we’ll ask for personal information, like your name, email address, telephone number to store with your account. If you want to take full advantage of the Crises Control software features we offer, you might also create content for your Incidents that include; Standard Operating Procedures (SOP), documents, photos & Images, PDF documents, short SMS messages, videos, sound recordings and hyperlinks to other content.

This includes information submitted when you:

  • Request services through a Crises Control app or website
  • Contact Crises Control, including for customer support
  • Contact other Crises Control users through our services
  • Complete surveys sent to you by Crises Control or on behalf of Crises Control
  • Enable features that require Crises Control’s access to your address book or calendar

b. Credit Card Information

We do not collect or store credit card information (such as account reference and transaction values) in the Crises Control portal. Credit Card information provided by the customer whilst making a payment is held with Worldpay Merchant services.

5. What if I am accessing Crises Control websites outside the UK?

Crises Control website is published in the UK. All personal information submitted by users outside the UK will be processed in accordance with this Privacy and Cookies Policy.

6. Web browser cookies?

Our Cookie Policy explains what cookies are and how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used, and how to control the cookie preferences.  

View our Cookie Policy and manage your consent.

7. What information will Crises Control collect from telephone calls?

Crises Control may record and monitor inbounds and outbound calls and electronic traffic for training purposes. We may also collect: telephony log information, such as your phone number, calling-party number, forwarding numbers, time and date of calls, duration of call information and types of calls.

a. Why do we collect this data?

We collect this data to be able to supply the information or service outlined at section 2 above.

b. What do we do with the data?

Any personal data provided to us will be used exclusively for providing you with the information or services you have requested. We use the information to provide, maintain, protect and improve the services, to develop new ones and to protect Crises Control and our users.

We do not pass any of your personal data to outside organisations and/or individuals, except with your explicit consent. This is only necessary when we need to share your information in order to provide the information or service requested. We do not collect personal information for commercial purposes.

8. How does Crises Control collect data?

We use various technologies to collect and store information when you visit the Crises Control website or Portal or use the Mobile App. This may include using cookie type or similar technologies to identify your browser or device and obtain the other information listed above in Section 3. We use these technologies to collect and store information when you interact with our services.

9. What security measures do we employ to protect your data?

Our website is hosted in Tier 3, IS0 27001 security certified, data centres in the UK, EEC  and other international regions such as Kingdom of Saudia Arabia, Oman, and UAE. Each region has its own instance of the Crises Control application (in region) and complies with local data protection laws.

Crises Control portal is protected by a state-of-the art commercial web application firewall. It employs SSL (Secure Socket Layer) encryption standard in all secure areas, including login pages, customer information and payment details. Provided that you are using an SSL-compliant browser such as Google Chrome, Microsoft Edge, Safari, or Firefox, you will be able to conduct encrypted transactions without fear of an intermediary obtaining your private information.

We use Cloudflare Advance Security to protect and secure the Crises Control portal application and APIs against denial-of-service attacks, customer data compromise, and abusive bots.

We use Cloudflare for a fast Global Content Delivery Network, which speeds up web page loading times. Cloudflare is certified under the EU-US and Swiss-US Privacy Shield frameworks for onward transfers of EU data to the United States. (See https://www.cloudflare.com/privacyshield/).

We use MS SQL data base with encryption of data at rest and during transit.

We have Data Protection Addendum (DPA), which is a contractual agreement in place with Cloudflare and other partners to protect our customer’s data to EU- GDPR standards.

We use ThreatSpike an advanced threat detection and response solutions designed to monitor all traffic on our networks for threat detection, behaviour analysis and threat intelligence.

MS Defender’s family of cybersecurity solutions designed to protect users and organisations from a wide range of threats, including viruses, malware, ransomware, and other malicious activities in conjunction with other vendors providing security for networks.

a. What Data Protection & Data Security are in place?

We work hard to protect Crises Control and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:

  • We encrypt many of our services using TLS and SSL.
  • Our Data Base is encrypted at rest and in transit.
  • We monitor our networks continuously for threats and behaviour analysis.
  • We tightly control access to our portals with CloudFare.
  • We use a varity of market leading Antivirus and Anti-Malwares software.
  • We offer you two factor (2FA) verification when you access your Crises Control Account.
  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
  • We restrict access to personal information to Crises Control employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined, or their contract terminated if they fail to meet these obligations.

Data is maintained under the provisions of the Data Protection Act (2018), ISO 27001 Certified Security Framework and Cyber Essential Accreditation.

b. What international regions do we operate in?

Crises Control is present in the following regions.

RegionData Centre ProviderCompliant with Data Protection Standard
UK and EECMS AzureGDPR
United Arab EmiratesMS Azure

Federal Law No. 2 of 2019 on the Protection of Personal Data (the “Data Protection Law”).

Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (‘the Law’) became effective on 2 January 2022, and it is the UAE’s first federally applicable, General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) style data protection law.

Kingdom of Saudia ArabiaOracle Cloud Infrastructure (OCI)PDPL

View PDF
OmanOman Data ParkOman Personal Data Protection Law (PDPL) came into effect in February 2023

Our websites are hosted in Tier 3, IS0 27001 security certified, data centres. Each region has its own instance of the Crises Control application (in region) and complies with local data protection standards.

Data is maintained under the provisions of the region’s Data Protection laws and ISO 27001 Certified Security Framework.

10. How we use Personal Data?

Crises Control will use your personal information for a number of purposes including the following:

a. Providing Services and Features

Crises Control will use the information we collect to provide, personalise, maintain and improve our products and services. This includes using the information for the following:

  • to provide our services, activities and to deal with your requests and enquiries;
  • for “service administration purposes”, which means that the Crises Control may contact you for reasons related to the service, activity you have signed up for (e.g. to provide you with password reminders, to notify you of planned service outage, your usage/activity, to notify you of updates to our Privacy and Cookies Policy or Terms of Use, to let you know if your account is likely to become inactive or dormant for some reason)
  • to provide you with email newsletter, if you are signed-in or subscribed to them. If you do not wish to continue to receive these services, then you can unsubscribe from the newsletters.
  • to use IP addresses and device identifiers to identify the location of users, to block disruptive use, to establish the number of visits from different countries and to determine wherever you are accessing the services from.

b. Safety and Security

We use your data to help maintain the safety, security and integrity of our services. For example, we collect data form users when there is an incident or simulations taking place. We use location information for safety and security reasons to know your approximately location, who is closest to an incident and user’s locations in relation to the incident.

c. Customer Support

Crises Control uses the information we collect (including recordings of customer support calls after notice to you and with your consent) to assist you when you contact our customer support services, including to:

  • Direct your questions to the appropriate customer support person
  • Investigate and address your concerns
  • Monitor and improve our customer support responses

d. Research and Development

We may use the information we collect for testing, research, analysis and product development. This allows us to improve and enhance the safety and security of our services, develop new features and products, and facilitate compliance and competency solutions in connection with our services. This includes using the information for the following:

  • to provide, maintain, protect and improve the services, to develop new ones and to protect Crises Control and our users.
  • to provide you with the most user-friendly navigation experience.
  • to ensure that our website content works in the most popular browsers and to identify any related problems we may identify which type of browser and operating system is used to access the Crises Control website.
  • to understand the time, location and timing of any communication which are made to provide our services.
  • to disclose information in aggregate (so that no individuals are identified) for marketing and strategic development purposes.

e. Legal Proceedings and Requirements

We may use the information we collect to investigate or address claims or disputes relating to your use of Crises Control services, or as otherwise allowed by applicable law.

Where Crises Control proposes using your personal information for any other uses we will ensure that we notify you first. Please see section 11 below for details.

11. Your Crises Control Account

If you have registered for a Crises Control account this will also allow you to login to the Crises Control website and other Crises Control websites and download mobile Apps. To provide you with a seamless experience, it may be necessary to share your personal information between them. We will only share what we need to in order to provide the service you are using – we will never routinely share all of the data we each hold about you.

12. When will Crises Control contact me?

Crises Control may contact you:

  • in relation to any service, activity or online content you have signed up for in order to ensure that Crises Control can deliver the services to you, e.g. to verify your email when you sign up for a Crises Control account, or to help you reset your password or to check if you still want to use the service (if your account is dormant);
  • in relation to any correspondence we receive from you or any comment or complaint you make about Crises Control products or services;
  • in relation to any contribution you have submitted to the Crises Control, e.g. on the Crises Control message boards or via text or voicemail message;
  • to invite you to participate in surveys about the Crises Control services (participation is always voluntary); and for marketing purposes, where you have agreed to this

We will never contact you to ask for your Crises Control account password, or other login information. Please be cautious if you receive any emails or calls from people asking for this information and claiming to be from the Crises Control.

13. Will I be contacted for marketing purposes?

Crises Control will only send you emails or otherwise contact you for marketing purposes, or to promote new services, activities or content where you have agreed to this. Where you have agreed to receive these communications, we may personalise the message content based upon any information you have provided to us and your use of Crises Control portal.

14. Will Crises Control share my information with anyone else?

Crises Control uses third parties to process your information on our behalf, for example we use specialist companies to provide services, analysis, sending mass emails, SMS, PUSH, telephone/conference calls and newsletters. Crises Control requires these third parties to ensure compliance with Data Protection Regulations requirements related to international data transfers, we have implemented appropriate data transfer mechanisms. These mechanisms include Standard Contractual Clauses (SCCs) to safeguard the transfer of client data and finally we have implemented controls for the client to delete their job data logs (x) minute after the job execution. The (x) time value is configurable by the client.

For the avoidance of doubt, we share limited data with the international telecoms service provider (destination telephone number, message content and our API’s URL for call back), the data is encrypted over HTTS. This data is deleted permanently (x) minute after the job execution. The (x) time value is configurable by the client.

Furthermore, Crises Control requires these third parties to comply strictly with its instructions and Crises Control requires that they do not use your personal information for their own business purposes. We may share your personal information internally (i.e. with other divisions) for example, to check your details against product licencing databases.

a. Do you share my data with other organisations?

We keep your data inside Crises Control and use it to give you services or improve your experience. This means we only share it:

  • When you ask us to or give us your permission
  • To give you a service you’ve requested. For example, we use specialist companies to provide services for us, like sending email newsletters.
  • To provide content and services to you through a partner’s platform
  • For regulatory or legal purposes.

b. When we share your data outside Crises Control

We will:

  • Always share it in a secure way
  • Make sure it’s treated consistently with our privacy promise
  • Not allow other companies to use it to contact you with their own marketing.

c. When we share your data within the Crises Control

We might share your data for research, analysis, or marketing purposes.

d. Who else can see how I’ve been using the Site?

Only Crises Control authorised personal can view the personal data you provide to us.

e. Do you transfer to third country safeguards?

We do not transfer your data to third countries unless it is required to provide the contracted service that we provide. Your data will always be held securely in our data centres.

In some cases, where the customer specifically requires their data to be held in non UK/EEC based data centres we can provide such a service.

As part of our engagement with the international processors, we have established a robust Data Processing Agreement (DPA). This DPA outlines the responsibilities and obligations of both parties with regard to DPR compliance. It includes provisions that require adherence to regional Personal Data Protection Laws (PDPL) principles, data protection measures, and specific requirements for the handling of client data.

This process included an evaluation of the provider’s data protection practices and their commitment to PDPL compliance. We selected the provider based on their ability to meet these criteria and safeguard client data.

15. Offensive or inappropriate content on Crises Control websites

If you create, post or send offensive, inappropriate or objectionable content anywhere on or to the Crises Control websites or otherwise engage in any disruptive behaviour on any Crises Control service, Crises Control may use your personal information to stop such behaviour. Where Crises Control reasonably believes that you are or may be in breach of any applicable laws (e.g. because content you have posted may be defamatory), Crises Control may use your personal information to inform relevant third parties such as your employer, internet provider or law enforcement agencies about the content and your behaviour.

16. What if I am a user aged under 18?

Please do not create an account if you are under 18 and want to register for a Crises Control account.

If you are aged 18 or under, please get your parent/guardian’s permission before you provide any personal information to Crises Control for an account that is registered to a company or and Adult over 18 years of age.

17. How long will Crises Control keep my data?

We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with the Crises Control. If you delete your Crises Control account then your personal information is deleted immediately, and the remaining information is anonymised for analytical purposes. For further information about deleting your Crises Control account, please see section 18.

Where you contribute content together with your personal information (User Generated Content or UGC) please refer to our Terms of Use for further information about how long we may store such material.

Your data will only be held as long as you remain a client of Crises Control and for 7 year thereafter to meet our legal obligations under The Investigatory Powers Act 2016, which mandates the retention of this information.

After that period, we follow a process which deletes information that is older than 7 years and thereafter repacks/purge the data base of deleted entries. A record of the purging action is kept for audit purposes.

The data deletion process is executed quarterly. The first deletion process is scheduled for June 30th 2025. Thereafter the deletion process will be repeated every quarter (three months).

During this scheduled deletion process, all database records that have passed the 7 year expiration mark will be deleted from SQL databases, also all associated files to these records are permanently deleted from the file store.

18. Can I delete or amend my data?

You can always delete or amend your Crises Control account via your organisations system administrator, who has the right to do so. Deleting your account will erase any personal information in your account that we have about you and it will mean any data we hold about how you have used the Crises Control will be made anonymous.

IMPORTANT: If you delete your Crises Control account then you will be unable to access your Crises Control account.

19. How can I find out what Personal Information Crises Control hold about me?

a. Accessing and updating your personal information

Whenever you use our services, we aim to provide you with access to your personal information. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request.

We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems).

Where we can provide information access and correction, we will do so free of charge, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.

Under the Data Protection Act you have the right to request a copy of the personal information Crises Control holds about you and to have any inaccuracies correctedWe will use reasonable efforts be consistent with our legal duty to supply, correct or delete personal information about you on our files.

Please address requests and questions about this or any other question about this Privacy and Cookies Policy to the Data Protection, Crises Control Limited, 19 Heather Park Drive, Wembley, London HAO 1SS. Email [email protected]

If there is a costs (make a cheque payable to Crises Control Limited) and you’ll need to provide two copies of your ID. These can include you’re:

  • Passport
  • Driving licence
  • Birth certificate
  • Utility bill (from the last three months)
  • Current vehicle registration document
  • Bank statement (from the last three months)
  • Rent book (from the last three months)

20. Apps and Devices

When you download or use Crises Control apps on your mobile device your information may be accessed from or stored to your device. Most often this is used in a similar way to a web browser cookie, such as by enabling the app to ‘remember’ you or provide you with the service.

Your web browser or device may also provide the Crises Control with information about your device, such as a device identifier or IP address. Device identifiers may be collected automatically, such as the device ID, IP address, MAC address, IMEI number and app ID (a unique identifier relating to the particular copy of the app you are running). If you have any concerns about the information which might be accessed from or stored to your device by Crises Control, you may wish to only access the Crises Control service through a web browser.

21. Changes to our Privacy and Cookies Policy

This Privacy and Cookies Policy may be updated from time to time, so you may wish to check it each time you submit personal information to Crises Control. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to use Crises Control websites to submit personal information to the Crises Control. You can also delete your Crises Control account at any time. If material changes are made to the Privacy and Cookies Policy, for instance affecting how we would like to use your personal information, we will notify you by placing a prominent notice on the website.

Our Privacy Policy may change from time to time. We will not reduce your rights under this policy without your explicit consent. We will post any Privacy Policy changes on this page. If the changes are significant we will notify you by placing a prominent notice on the website.

22. What is the scope of our Privacy Policy?

This privacy policy only covers our website. Links within our website to external websites are not covered by this policy and remains the responsibility of the owners of these sites.

23. Contacting Crises Control about this Privacy and Cookies Policy

If you any questions or comments about this Privacy and Cookies Policy please contact: Data Protection Officer, Crises Control, 19 Heather Park Drive, Wembley, London, HA0 1SS. (Email [email protected])

24. Who is the Data Controller for the website?

The Data Controller is the person who decides what data will be collected, how it will be collected, who will access it, what it will be used for, how it will be secured and how long it will be kept.

The Data Controller is: Rickie Sehgal, Crises Control Ltd, 19 Heather Park Drive, Wembley, London HA0 1SS. Email: [email protected]

25. Key Terms

Application data cache

An application data cache is a data repository on a device. It can, for example, enable a web application to run without an Internet connection and improve the performance of the application by enabling faster loading of content.

Browser web storage

Browser web storage enables websites to store data in a browser on a device. When used in “local storage” mode, it enables data to be stored across sessions (for example, so that the data is retrievable even after the browser has been closed and reopened). One technology that facilitates web storage is HTML 5.

Device

A device is a computer that can be used to access Crises Control services. For example, a device could be a desktop, tablet or smartphone.

What is a cookie?

A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer, tablet or mobile phone (all referred to here as a “device”) web browser from a website’s computer and is stored on your device’s hard drive. Each website can send its own cookie to your web browser if your browser’s preferences allow it. Many websites do this whenever a user visits their website in order to track online traffic flows. Similar technologies are also often used within emails to understand whether the email has been read or if any links have been clicked. If you continue without changing your settings, we’ll assume that you are happy to receive all cookies on the Crises Control website. However, you can change your cookie settings at any time. During the course of any visit to Crises Control website, the pages you see, along with a cookie, are downloaded to your device. Many websites do this, because cookies enable website publishers to do useful things like find out whether the device (and probably its user) has visited the website before. This is done on a repeat visit by checking to see, and finding, the cookie left there on the last visit.

SSL (Secure Sockets Layer)

SSL is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.

To be able to create an SSL connection a web server requires an SSL Certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys – a Private Key and a Public Key.

The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR) – a data file also containing your details. You should then submit the CSR. During the SSL Certificate application process, the Certification Authority will validate your details and issue an SSL Certificate containing your details and allowing you to use SSL. Your web server will match your issued SSL Certificate to your Private Key. Your web server will then be able to establish an encrypted link between the website and your customer’s web browser.

The complexities of the SSL protocol remain invisible to your customers. Instead their browsers provide them with a key indicator to let them know they are currently protected by an SSL encrypted session – the lock icon in the lower right-hand corner, clicking on the lock icon displays your SSL Certificate and the details about it. All SSL Certificates are issued to either companies or legally accountable individuals.

Typically, an SSL Certificate will contain your domain name, your company name, your address, your city, your state and your country. It will also contain the expiration date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate. When a browser connects to a secure site it will retrieve the site’s SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user letting them know that the site is not secured by SSL.

Affiliates

An affiliate is an entity that belongs to the Crises Control group of companies.

HTTP Referrer

An HTTP Referrer is information transmitted to a destination web page by a web browser, typically when you click a link to that web page. The HTTP Referrer contains the URL of the last web page that the browser visited.

IP address

Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.

Non-personally identifiable information

This is information that is recorded about users so that it no longer reflects or references an individually identifiable user.

Personal information

This is information that you provide to us which personally identifies you, such as your name, email address or billing information, or other data which can be reasonably linked to such information by Crises Control, such as information we associate with your Crises Control Account.

Pixel tag

A pixel tag is a type of technology placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies.

Sensitive Categories

An advertising category may be sensitive if it relates to topics such as race, religion, sexual orientation or health. When showing you tailored ads, we may associate an identifier from cookies or similar technologies with topics such as “Cooking and Recipes” or “Air Travel”, but not with sensitive categories. We impose a similar policy on our advertisers.

Sensitive personal information

This is a particular category of personal information relating to confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality.

Server logs

Like most websites, our servers automatically record the page requests made when you visit our sites. These “server logs” typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.

Unique device identifier

A unique device identifier (sometimes called a universally unique ID or UUID) is a string of characters that is incorporated into a device by its manufacturer and can be used to uniquely identify that device (for example an IMEI number of a mobile phone). Different device identifiers vary in how permanent they are, whether they can be reset by users and how they can be accessed. A given device may have several different unique device identifiers. Unique device identifiers can be used for various purposes, including security and fraud detection, syncing services such as a user’s email inbox, remembering the user’s preferences and providing relevant advertising.

Do Not Track (DNT) browser setting

DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, such as by third party ad networks, social networks and analytic companies. The www.crises-control.com website does not currently respond to DNT requests.

PING

A PING is a message of 160 characters in length that is sent via the Crises Control application to it’s users. This message can be sent by any or all of the Crises Control communications channels used by your organisation.

SOS Emergency

For the purpose of safety and security, depending on the settings, the SOS Emergency feature enables the user to request emergency support from the organisation that they are part of. This feature, when deployed, alerts the rapid response team (configurable), providing them with the users’ location information and other contact details.

Track me during Travel

For the purpose of safety and security, depending on the device settings, the Track me during Travel feature enables the user to send their location information to the organisation they are part of, during their travel. This feature is enabled or disabled by the user from their device settings, it is voluntary and therefore by using this option the user consents to sending their location data to Crises Control.

Track me during an Incident

For the purpose of safety and security, depending on the device settings, the Track me during Travel feature enables the user to send their location information to the organisation they are part of, during and Incident. This feature is enabled or disabled by the user from their device settings, it is voluntary and therefore by using this option the user consents to sending their location data to Crises Control.