At SoloProtect (“SoloProtect”, “we, “our”), we are all increasingly aware of companies who stress that the safety of personal data is of paramount importance. Well for us, as a provider of lone worker services, protecting people can quite literally be a case of life and death. At SoloProtect protecting people is in everything we do and the trust our customers place in us extends to our privacy practices.
This Policy applies to all end customers or users of our website or our lone worker services.
Specifically, this Policy applies to:
- Device Users: these are the individuals our services are designed to protect and include any individual the Employer has issued a SoloProtect Device to. SoloProtect Devices include any of the following: SoloProtect ID, SoloProtect Go, SoloProtect Watch, SoloProtect Mobile App, or any Identicom-series device.
- Account Representatives and Billing Contacts: these are individuals responsible for the establishment of the contract with SoloProtect and its day-to-day operation, including ensuring that we meet our commitments, facilitating the purchase of SoloProtect Devices, resolving any issues should they arise or our principal contact for the purposes of receiving and paying our invoices.
- Account Administrators and Escalation Contacts: these individuals are responsible for the management of the services at the Employer as well as the key contacts we call should an incident occur with a Device User.
- Customers who provide information to SoloProtect in connection with a request to use our services (where we have provided access to the services or SoloProtect Insights) or those who are trialling our services.
- Any other prospective customers who use our website or whose contact details are provided by a third-party organisation and who we think might be interested in our services.
We refer to all individuals covered by this Policy collectively, however, our use of your data and our reasons for doing so will depend on how you interact with us and the services we provide, and it is important for you to read this Policy in full to understand exactly how it applies to you.
Data Controller or Data Processor
We provide our lone worker services to your Employer and as part of this relationship we act as the Data Processor in certain circumstances.
In specific circumstances, we may act as a Data Controller jointly with your Employer, in particular, in relation to the information we generate about you through our services (such as your location data, incident records or communications data). We take this approach because as a lone worker and private security industry provider we are subject to some very strict rules on what we can, and more importantly, cannot do with your data. This requires us to exercise judgment, particularly over our incident records and communications data, to ensure that any information not linked to genuine incidents are deleted within short time limits.
Finally, for some data, we act as the sole Data Controller, where we collect data directly from you but never share this data with your Employer (such as any medical data you choose to provide us with).
We also act as a Data Controller when we collect data through your use of our website or through third parties that share your contact details with us for marketing purposes.
Personal data we collect and how we collect it
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (“UK GDPR”) and EU General Data Protection Regulation (“EU GDPR”) in relation to the services we offer to individuals in the European Economic Area (“EEA”).
Personal data we collect from you when you use our lone worker services
1) Information provided directly to us
This is information you or your Employer provide us directly, either to our Customer Services team or through SoloProtect Insights and includes:
- Personal Master (or Key Personal Data): if you are a Device User, Administrator, Escalation Contact, or any other person issued with a SoloProtect Insights account you will be required to make a profile. This profile may include (but is not limited to) your name, job title, company name, email address, contact telephone number, date of birth and gender.
- Medical Data (optional): if you are a Device User, we give you the option of providing any information about your health or medical history that you feel might be required should we need to send the emergency services out to assist you. SoloProtect Insights allows you to enter whatever medical information you feel is appropriate, but typically Device Users include their blood type, any known allergies, any known medical conditions, and any medication they may be taking.
- Work Pattern Details: this predominantly includes your hours and place of work, as well as any other similar information such as your work shift patterns. For most of our services, the supply of this information is optional. However, for our MWM - mobile workforce management - services or where you are supplied with the SoloProtect Mobile App, your Employer may require this information from you to ensure passive information (such as location data) is only collected during your hours of work.
- Vehicle Details: if you are a Device User who is very mobile as part of your job (such as a housing inspector, an outpatient nurse, or a logistics driver) your Employer may require that you enter your Vehicle Details (be it a company or personal vehicle), including your vehicle make, model, colour, and registration number. This information is used to better allow any emergency services we dispatch to locate you.
- Other identity details (optional): while our ARC Operators are all highly trained in both monitoring alarms and dispatching the emergency services (when necessary), we like to ensure that those first responders have as much information as possible to be able to identify you. To that end, Device Users are given the option to enter typical identification information about themselves, such as height, weight, physical description, and ethnicity.
2) Information created when you interact with our services
This is information about you that is created as you use a SoloProtect Device, SoloProtect Insights or interact with us in any way and includes:
- Location Data: our Devices utilise GPS technology to determine your current location; if we do not know where you are, we cannot let your Employer or the emergency services know in the event you activate your Device. In addition, if you are using SoloProtect Mobile (the “App”) we do this by collecting the location data of your mobile device and when you install the App you will be asked to consent to your mobile device’s geolocation data being used for this purpose. If you permit the App to access location services through the permission system used by your mobile device, we will also be able to collect your precise location when the App is running in the background.
- Audio and Communications Data: communication is how our Devices work, be it in the case of our ARC Operators monitoring an incident, or communication two-way when an incapacitation alarm is triggered. When we communicate with you, we keep a record of that conversation. In addition, our ARC Operators also make a written record of every incident that happens over a SoloProtect Device; we call this an ARC or Incident Record. Both these pieces of information can be very useful evidence should your Employer wish to take further action against a person who may have verbally or physically abused you; we are also required to produce these in line with our own regulatory requirements. We differentiate the types of Audio and Communications Data we produce by incident type (i.e., whether the incident was “false”, “genuine” or “genuine with the dispatch of emergency services”).
- Customer History: to allow us and your Employer to monitor our performance in delivering our services we keep a record of how we deliver those services. We call this a Customer History and it will often contain a log of all incidents received per Device User per Device (along with the location of the Device User at the time of that incident), usage figures of our Devices (including statistical information on the number of incidents per Device User per Device and severity of those incidents), changes made by your Employer to your account, and a conversation history of all communications made between you and our customer services team relating to your use of our services.
3) Other information
This includes the various other information we need to deliver our services to you and your Employer and includes:
- For SoloProtect Mobile App: Each time you visit the App or use the services we will automatically collect various technical information about your mobile device, including the type of mobile device you use, a unique device identifier (for example, your Device’s IMEI number, MAC address, and the mobile phone number), mobile network information, your mobile operating system, the type of mobile browser you use, and time zone setting.
- Key Contract Data: this includes any information we collect directly from an Account Representative to allow us to manage the contractual relationship with your Employer, including your name, job title, email address and contact telephone number.
- Financial Data: this includes any information we collect directly from an Account Administrator or Billing Contact to allow us to send invoices, receive payments and facilitate refunds and includes your name, job title, email address and contact telephone number.
- Contact Data: this includes any information we collect directly from an Account Administrator or Escalation Contact to provide the services to you, Devices Users and your Employer and includes your name, job title, email address, contact telephone number. Both Account Administrators and Escalation Contacts may also be provided with a SoloProtect Insight’s account and we, therefore, will also collect Key Personal Data should you choose to provide this.
- Contract Billing, Payments Data and Cardholder Data (corporate cardholder data only): while any data collected here will, for the most part, be corporate data (i.e., data about your Employer and not about you), it may still include your personal information (such as your name, job title, place of work, contact details). We collect this information to send invoices, receive payment and to facilitate refunds. With regards to Cardholder Data, this only extends to cardholder information for a business card issued to you by your Employer; we do not accept nor collect personal cardholder information.
Personal data we collect from your use of our website or from third-party organisations
We may collect information from third parties, for example, we may purchase contact information from organisations in order to send you marketing communications about our services or other information related to our business which we think might be of interest to you. Where we do so, we will ensure that we have consent to send you marketing material.
Purposes for which we use personal data and the legal basis
How we use your data depends on the services we provide. Those services are as follows:
- Audio-enabled lone worker services: you are receiving these services if your Employer has supplied you with any of the following SoloProtect Devices: SoloProtect ID, SoloProtect Go, SoloProtect Watch, SoloProtect Mobile or any Identicom-series device.
- Mobile workforce management services: you are receiving this if you have been issued with an MWM plugin for your SoloProtect Device or have the MWM App installed on your mobile device.
- SoloProtect Insights: our customer-engagement portal.
Purposes for which we use your personal data:
1) Audio-enabled lone worker services
- To monitor you discreetly and remotely in the event you activate your SoloProtect Device and, if necessary, inform either your Employer or the emergency services about that incident.
- To monitor your location whilst you are using a SoloProtect Device and, in the event you activate your Device, pass your location to your Employer and the emergency services so they can locate you.
2) MWM – Mobile Workforce Management
- To monitor your location whilst you are using a SoloProtect Device to allow us and your Employer to provide useful safety-related information to you about your surroundings (such as risk-based messaging).
- To allow your Employer to monitor your location, including where you have been (known as “breadcrumbing”). Your Employer’s policies and processes on how and why they use this information should be communicated to you by them. However, this is typically used to allow your Employer to manage its mobile workforce (such as if you are a logistics or delivery driver).
3) SoloProtect Insights
SoloProtect Insights is our customer-engagement portal and is a very useful resource both for you and your Employer. It provides you with the ability to manage your profile and add/update/delete information as you require. It also allows your Employer to manage the services, such as by adding new Device Users (which could extend to them inputting information about you on your behalf), access reporting information relating to safety-related incidents, and engaging with our customer services team.
We also use other data and special category data as follows:
- Medical Data: adding medical data to your profile is entirely optional, but if you do, we ask that you consent to our using of this data to keep you safe and in line with this policy. We ask for that consent through SoloProtect Insights or through our profile onboarding forms (which your Employer may supply to you). We only use your medical data to keep you safe; should you activate your Device and, based on the incident, our ARC Operators decide to send the emergency services to assist you, we would share any necessary medical data with the emergency services.
- Audio and Communications Data: audio relating to any Device activations is recorded. Audio data is differentiated by incident type - i.e., depending on whether the incident was “false”, “genuine” or “genuine with the dispatch of emergency services”. Should you activate your Device and, based on the incident, our ARC Operators may decide to involve the emergency services (particularly the police), we may choose to share live audio data with the emergency services to assist them in assessing the urgency of any required response. We may also share audio data for genuine incidents with your Employer to allow them to decide if they wish to take further action against a person who may have verbally or physically abused you.
- Cardholder Data (corporate data only): some of our customers choose to pay for our services through card actions, specifically by providing their cardholder details to our finance team (known as “card not present transactions”). We use this data solely to facilitate those payments and use a secure payment processor (SagePay) to do so and we are compliant with the applicable standards for handling cardholder information (PCI DSS).
When providing services to you, we may use your personal data based on the following lawful bases:
|Purpose||Lawful Basis for Processing|
|To provide our services to your organisation||Performance of contract, and our legitimate interest.|
|Medical Data and ethnicity information to keep you safe and send the emergency services to assist you (we never share this data with your Employer, but only with emergency services if necessary)||Explicit consent|
|To monitor the usage of our services||Our legitimate interest|
|To gather analysis or valuable information that allows us to improve our services and your browsing experience||Our legitimate interest|
|To send you marketing communications relating to our business which we think may be of interest to you by email||Consent / Our legitimate interest|
|To contact you when you provide us with market research feedback||Our legitimate interest|
|To comply with any legal obligations we may have||Legal obligation|
Where personal data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.
Sharing your data
We share the information we collect or that is provided to us as follows:
1) With your Employer:
- Personal Master Data, Work Pattern, Vehicle Data & Other Identity Data
- Customer History
- ARC Records
- Audio Communications Data – related to genuine incidents only.
- Location Data – relating to any Device activation only.
- Location Data (for MWM users) – all location data during your specified hours of work.
Note: we never share your Medical Data with your employer without your explicit consent.
2) With the Emergency Services:
- Personal Master Data, Vehicle Data & Other Identity Data
- ARC Records
- Audio Communications Data – relating to genuine incidents only.
- Location Data
- Medical Data
3) Sharing with our Partners:
Delivering lone worker solutions is a complicated task and we, in some cases, rely on our trusted partners to help deliver certain aspects of those services. We share certain data about you with those Partners (who act as Data Processors on our behalf); however, in all instances, we ensure that any data we share is entirely necessary for those Partners to provide those services.
We may transfer your personal data to third-party suppliers based outside the UK or EEA, for example, for billing purposes. Where we do so, we will only transfer personal data that is entirely necessary for a supplier to provide their services. If we do transfer information outside the UK or EEA, we will only share it with organisations in countries benefiting from a European Commission adequacy decision or based on Standard Contractual Clauses approved by the European Commission or the UK Government which contractually oblige the recipient to process and protect your personal data to the standard expected within the EEA. If you require further information about this, you can request it from firstname.lastname@example.org.
Personal data may also be shared with government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim.
How long we keep your data
Once collected and stored, we retain your data for a set period, depending on the purpose. This is because, in addition to our contractual obligations to your employer, we have a range of both legal and industry requirements we must adhere to. Please note that your Employer also acts as the Data Controller for this data and may ask that we increase the above retention periods in limited circumstances. Where this is the case, we require them to inform you of this.
When we collect your data for marketing purposes, you may opt out of receiving marketing material at any time. If you opt out of receiving direct marketing material, we will suppress your details so that you are not contacted for marketing purposes any longer.
At the end of the retention periods, we use secure processes to ensure your data is deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.
How we protect your data
The data we collect and process, and the services we provide are sensitive and can be life-critical. To that end, and because we pride ourselves in the services we provide and the way we provide those services, we take the security of your data incredibly seriously and have therefore implemented appropriate technical and organisational measures to protect data that we process from unauthorised disclosure, use, alteration or destruction.
Your rights and options
You have the following rights in respect of your personal data:
- You have the right of access to your personal data and can request copies of it and information about our processing of it.
- If the personal data we hold about you is incorrect or incomplete, you can ask us to rectify or add to it.
- Where we are using your personal data with your consent, you can withdraw your consent at any time.
- Where we are using your personal data because it is in our legitimate interests to do so, you can object to us using it this way.
- Where we are using your personal data for direct marketing, including profiling for direct marketing purposes, you can object to us doing so.
- You can ask us to restrict the use of your personal data if:
- It is not accurate.
- It has been used unlawfully but you do not want us to delete it.
- We do not need it anymore, but you want us to keep it for use in legal claims; or
- If you have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request.
- In some circumstances, you can compel us to erase your personal data.
- You can request a machine-readable copy of your personal data to transfer to another service provider.
- You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you wish to exercise your rights, please contact us at email@example.com.
You can also lodge a complaint with the Information Commissioner’s Office. They can be contacted using the information provided at: https://ico.org.uk/concerns/.
If you have any questions or wish to exercise any of your rights, then you can contact us by addressing your correspondence to:
If you live in the United Kingdom or the Republic of Ireland:
Suzy Lamplugh House
1 Vantage Drive
If you live in any other European Member State:
Alternatively, you can email us at firstname.lastname@example.org.
It is important that you revisit this Policy regularly, as we may change its content (and any supplemental policies) as we further enhance our product range and improve our services. If we make any major changes or any changes that directly affect the services provided to you or the data collected or processed by us, we will notify you of those changes.