Privacy policy

GENERAL

This document was last updated on 27 May 2024.
“SRS” refers to (i) Scandinavian Risk Solutions AB, reg. no 556666-9171, Box 244, 101 24, Stockholm, Sweden, including its affiliates (also referred to as “we”, “us”, or “our”).

SRS is committed to protecting your privacy and to comply with applicable data protection and privacy laws. Throughout this privacy policy (the “Privacy Policy”) the term “Personal Data” means information relating to an identified or identifiable individual (i.e. a natural person).

This Privacy Policy applies to the processing of Personal Data collected or submitted by you in connection with the use of the SRS ALERT products and services (the “Service”) offered by us and our affiliates, partners and suppliers. Please read this Privacy Policy carefully to understand how we collect, use, transfer, and store your data as you make full use of the Service.

We recognize our responsibility to protect the Personal Data and other information you have provide us with. We take appropriate technical and organizational information security measures to safeguard your Personal Data against loss and misuse, as well as unauthorized access.

In this Privacy Policy, we explain which types of Personal Data we may process about you and for what purpose we process them. We also detail our processing of Personal Data as well as what choices and rights you have in relation to such processing. We kindly ask you to carefully review our Privacy Policy and acquaint yourself with its content.

Please note that this Privacy Policy relates to processing of Personal Data for which we are the controller. This means that we are responsible for the processing of your Personal Data. It also means that you should turn to us with questions or remarks, or if you wish to enforce any of your rights in relation to our processing of your Personal Data.

Please note that if you use the Service as a service provided by your employer in the capacity as employee, the employer is the responsible controller of your Personal Data within the scope of our provision of the Service. We only process data on behalf of your employer. For questions regarding the processing of your Personal Data in such cases, please contact your employer.

THE DATA WE COLLECT WHEN WE PROVIDE THE SERVICE TO YOU AS A CONSUMER

The Personal Data processed is divided into two sensitivity classes A and B. Class A is sensitive Personal Data, e.g. passport information, and class B is less Personal Data, e.g. your name and hone number. SRS accounts for the sensitive nature of Class A Personal Data, and takes additional precautions for processing such Personal Data.

A full list of User Personal Data processed in the provision of the Service:

Type of personal data	Class	Note
Locations	A	Optional but highly recommended. Locations refers to current and historical locations collected from different type of sources such as mobile phones.
Passport	A	Optional. Sensitive data (not processed by default)
Pre-existing medical conditions	A	Optional. Sensitive data (not processed by default)
Medications	A	Optional. Sensitive data (not processed by default)
Vaccination/Immunizations	A	Optional. Sensitive data (not processed by default)
Personal Physician	A	Optional. Sensitive data (not processed by default)
Allergies	A	Optional. Sensitive data (not processed by default)
Medical History	A	Optional. Sensitive data (not processed by default)
Name	B	Mandatory
Telephone number	B	Optional but highly recommended
Addresses	B	Optional
E-mail Address	B	Mandatory
Gender	B	Optional
Nationality	B	Optional
Job Title	B	Optional
Manager	B	Optional
Department / Group	B	Optional
Work Locations	B	Optional
IMSI	B	Mandatory. Collected by the app if service is enabled
IP Addresses	B	Mandatory. Collected by the app if service is enabled
Home Country	B	Collected during registration based on phone number prefix
Emergency Contact Information	B	Optional
Travel Bookings	B	ptional (not processed by default)
User Device Information	B	Mandatory. Collected by the app if service is enabled
Session Identifiers	B	Mandatory

If you use the Service as a service provided by your employer or contracted party in your capacity as an employee, agent or other representative has purchased additional services which include processing of Class A Personal Data, we may process such data. In this situation, your employer or contracted party is the data controller and, as such, is responsible for ensuring that the processing is lawful.

In additional to the Personal Data described in table above, statistics may be compiled to improve the Service and to provide relevant functionality of the Service. Personal Data will always be pseudonymised before being processed in such cases.

THE PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA

We process your Personal Data for the purpose of providing you with the Service, including tracking your geographical location. Location data is collected dependent on your privacy setting. The location data is processed to fulfil the security service as per contract. Please note that you need to enable real time location and sharing of location data if you want to use functionality of the Service that is dependent on location data. You can disable this functionality at any time.

We may also process your data for the purpose of further analysis, statistical information and to optimize the user experience. Prior to such processing, your Personal Data will be anonymized, meaning that the Personal Data will no longer be attributable to you and is thus not considered Personal Data. The anonymization is conducted based on our legitimate interest to be able to improve the Service and carry out statistical analysis regarding the usage of the Service for future optimization.

STORAGE OF PERSONAL DATA

We store your Personal Data as long as necessary for us to fulfil the purposes of the processing. This means that we will process your Personal Data as long as you are an active user with our Services, however that location data and base station data will be kept for a maximum period of eighteen (18) months.

When your Personal Data is no longer necessary for the purposes of the processing, it will be deleted or anonymized. We will, however, store your Personal Data if and to the extent we are required to do so according to law.

SHARING OF YOUR PERSONAL DATA

We may disclose your Personal Data to our data processors, for example companies providing the Service or hosting and cloud services companies. In such cases, a data processing agreement will be entered into which ascertains that your Personal Data is processed in accordance with this Privacy Policy.

THIRD COUNTRY TRANSFER

To be able to provide the Service, your Personal Data may be transferred to a country outside of the EU/EEA. If your Personal Data are transferred to a country outside the EU/EEA we will pro-vide adequate safeguards to protect your Personal Data, e.g. that the receiving country has an adequate level of protection. To obtain a copy of the safeguards applied, please contact us at the e-mail address stated below. Your Class A Personal Data my not be subject to a third country transfer unless your employer or contracted party, specifically instructs us to transfer such Personal Data. If your employer or contracted party is the controller of your Personal Data you must contact your employer or contracted party to obtain a copy of the applied safeguards.

YOUR RIGHTS

You have the right to receive confirmation on whether we process Personal Data concerning you, and in such cases get access to such Personal Data and also information regarding the Personal Data and how we process it.

You have the right to have inaccurate Personal Data concerning you rectified without undue delay. Considering the purposes of the processing, you also have the right to have incomplete Personal Data about you completed.

You have, under certain circumstances, the right to have Personal Data concerning you erased, for example if the Personal Data are no longer necessary in relation to the purposes for which they were collected or if the Personal Data have been unlawfully processed.

In some circumstances you have the right to obtain restriction of the processing of your Personal Data. For example, if you contest the accuracy of the Personal Data, you can also require that we restrict the processing of your Personal Data for such a period that enables us to verify the accuracy of the Personal Data.

You have the right to object to processing of your Personal Data that is based on our legitimate interests. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your Personal Data.

You have the right to receive the Personal Data relating to you and that you have provided to us, in a commonly used electronic format. You have the right to transmit that data to another controller (data portability).

You have the right to complain on the processing of your Personal Data by lodging a complaint to the Swedish Data Protection Authority.

THE CONTROLLER OF YOUR PERSONAL DATA AND CONTACT DETAILS

If you have any additional questions or concerns about this Privacy Policy or our information practices, please feel free to contact us at any time.

Scandinavian Risk Solutions AB / SRS Security AB
Box 244
101 24, Stockholm
Sweden

support.alert@srsgroup.se
+46 (0)8 440 90 70

CHANGES TO THIS PRIVACY POLICY

We may revise this Privacy Policy from time to time. The most current version of the policy will govern our use of your information and will always be at www.srsgroup.se/alert.

SRS Alert