RapidSOS Emergency-Related Services Privacy Policy
RapidSOS, Inc. (“RapidSOS,” “we,” or “us”) seeks to transform the emergency management ecosystem by offering a platform, products, tools, and services (collectively, the RapidSOS “Emergency-Related Services”) that facilitate and enhance emergency-related and emergency-preparedness-related services, communications among Emergency Service Providers (such as 911/999/112 providers, providers of private security, or campus safety officials), and communications between members of the public and emergency responders. We respect personal privacy and recognize the importance of protecting the information we collect, use, store, disclose, and transfer (collectively, “process”), including, in particular, the sensitive information we collect in the course of providing Emergency-Related Services.
This Policy may be updated from time to time to reflect changes in RapidSOS’ business and operations, or as required to comply with law, regulation, or industry practices. Any updated policy will be posted to RapidSOS.com and linked through our Terms of Use. If we make any material changes to this Policy, we will provide reasonable notice, for example by posting a notice on our websites. We encourage you to periodically review this page for the latest information on our privacy practices.
This Policy complements and is in addition to related provisions of the RapidSOS Terms of Use (“Terms of Use”) and the RapidSOS Master Services Agreement (“Master Services Agreement”). Both agreements contain important information about RapidSOS’ rights and responsibilities with respect to our customers’ data, including Personal Information, arising under contract, applicable law/regulation, and industry standards.
What This Privacy Policy Covers
This Privacy Policy (“Policy”) describes RapidSOS’s collection, use, sharing, and retention of Personal Information in connection with operating our Emergency-Related Services. This Policy is incorporated into and is subject to the RapidSOS Terms of Use and the RapidSOS Master Services Agreement. Capitalized terms used but not defined in the Master Services Agreement or, if not defined therein, in the Terms of Use. We have a separate privacy policy here that describes our privacy practices related to RapidSOS Non-Emergency Channels such as our public website.
As used in this Privacy Policy:
“Personal Information” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. It may include, but is not limited to, name, email address, postal or other physical address, or, title, as well as persistent identifiers and information reasonably capable of being associated with an individual.
“Emergency Responder” means an organization or official tasked with responding to emergencies experienced by members of the public, such as 911/999/112 operators, computer-aided dispatch system providers, campus safety officials, or emergency monitoring services.
“Emergency Caller” means someone who dials 911 /999/112 (or attempts to contact an Emergency Responder through other means), using a “Connected Device.” An “Emergency Caller” also includes someone who provides RapidSOS with information that they wish to be transmitted to an Emergency Responder in the event a future emergency arises.
“Connected Device” is a device or application that uses RapidSOS Emergency-Related Services to potentially provide additional assistance in an emergency.
“RapidSOS Partner” is a provider of online or offline services including, without limitation, platforms, applications, and other electronic commerce services that partners with RapidSOS by incorporating RapidSOS into its online offerings to facilitate response to emergencies involving one of its users.
Who we are
If you live in the UK or Europe:
RapidSOS UK Limited
(Company Number 14704468) C/O Mercer & Hole, 21 Lombard Street, London, United Kingdom, EC3V 9AH
privacy@rapidsos.com
If you live in the US:
RapidSOS Inc.
3 Park Ave Fl 22, New York City, New York, 10016
privacy@rapidsos.com
Personal Information Sources
In connection with providing Emergency-Related Services, RapidSOS collects Personal Information from Emergency Responders, Emergency Callers, RapidSOS Partners, and Connected Devices. We may also collect Personal Information from other individuals involved, directly or indirectly, in or responding to emergencies, and from third parties. We collect this information in several ways.
- We may receive information about you or a member of your household directly from Emergency Callers, Emergency Responders, or a RapidSOS Partner.
- We may automatically collect Personal Information from your Connected Device when you call 911/999/112 or another Emergency Responder or your device is used to send an emergency alert to an Emergency Responder.
- We may receive Personal Information directly from Emergency Callers who voluntarily provide us with Personal Information about themselves and others for use in connection with our Emergency-Related Services.
We may receive Personal Information about Emergency Responders related to their use of RapidSOS Emergency-Related Services.
We may collect the following categories of Personal Information in connection with our Emergency-Related Services:
- Information that directly identifies the owner or customary user of the device, such as name, physical address, email address, and phone number.
- Health information, medical information, and any other information residing on a Connected Device that the customary user of the device has indicated (through device or account settings or otherwise) should be shared with Emergency Responders.
- Precise geolocation of the Connected Device, including information about the direction and speed at which the Connected Device is moving.
- Information about the Connected Device’s configuration, network, and internet connection, such as IP address(es), MAC address, other device ID (UDID), device type, operating system type and version, client version, and other technical data that enables us to provide the Emergency-Related Services.
- Other metadata associated with emergency calls, such as call routing information, call duration, and location-related telemetry,
- Personal Information that an individual affirmatively discloses to RapidSOS in the course of responding to an emergency.
- Other Personal Information communicated by and among Emergency Responders.
- Other information reasonably related to facilitating the provision of Emergency-Related Services.
Legal basis for processing
The data we collect ourselves, as well as those we receive from our partners (RapidSOS Partners, Connected Devices, Emergency Callers and Emergency Responders) are processed on the basis of consent.
Personal Information Use
We use Personal Information to operate, maintain, enhance, expand, support, and provide all features of our Emergency-Related Services, protect our legal rights and the rights of others, and as otherwise required by law. For example, we use Personal Information to:
- Supplement the standard 911/999/112 system functionality with more accurate geo-location information and other insights related to the location, movement, and speed of a Connected Device.
- Transmit potentially life-saving health or other information to Emergency Responders.
- Authenticate and communicate with registered Emergency Responders who access our Emergency-Related Services.
- Conduct quality assurance and for research and development purposes, such as data security, improved website navigation and content display, fraud prevention, data analysis, audits, developing new products, producing predictive data models, improving our Emergency-Related Services, identifying usage trends, and determining the effectiveness of our Emergency-Related Services.
Personal Information Sharing
We disclose Personal Information collected through Emergency-Related Services only as reasonably necessary to provide our Emergency-Related Services, protect our legal rights and the rights of others, and to comply with applicable law. RapidSOS does not sell Personal Information collected in connection with Emergency-Related Services.
To these ends, we may disclose your Personal Information to the following categories of third parties:
- Emergency Responders. We share Personal Information with Emergency Responders in order to enhance emergency response, facilitate communication during an emergency, and facilitate emergency-preparedness-related communication.
- Our service providers. RapidSOS’ service providers may have access to certain Personal Information as needed to assist RapidSOS in providing Emergency-Related Services and to operate our business. Our service providers are contractually required to keep this information confidential and secure and are prohibited from using or disclosing this data for any purpose other than carrying out the services that they are performing for us.
- RapidSOS Partners. If you are the user of a Connected Device, your device may have an app, platform, operating system, or piece of software installed on it that is offered by one or more RapidSOS Partners, and that incorporates RapidSOS functionality. When we collect information from a Connected Device to provide Emergency-Related Services, we are collecting that information on behalf of the relevant RapidSOS Partner, pursuant to contracts governing our use of that information and in compliance with terms and policies you have agreed to in using the services offered by our Partners. As with all Personal Information collected from your device by or on behalf of the Partner, the Partner may access, use, share, or otherwise process this information in accordance with the Partner’s own privacy policy. We do not control our Partners’ use of any Personal Information that they directly or indirectly collect as part of offering their app, platform, operating system, or software. If you have questions about our Partner’s privacy practices, we will refer you to our Partner.
- RapidSOS and its authorized members. We ensure that only those persons who are duly authorized to process your personal data by virtue of their functions and duties are permitted to do so.
- Other entity/ies in connection with corporate reorganization. RapidSOS may disclose Personal Information in connection with any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
RapidSOS does not sell Personal Information collected in the course of providing Emergency-Related Services or use that information for advertising purposes.
Personal Information Retention
As described above, RapidSOS receives certain Personal Information when providing Emergency-Related Services. RapidSOS retains this Personal Information in an identified form only for so long as it is (i) permitted by our contractual commitments to our partners and (ii) needed to provide the Emergency-Related Services and to operate our business in compliance with applicable law, regulation, and industry standards and best practices. The retention periods established by contract, law, and industry standards may vary depending on the nature of the Emergency-Related Services. Wherever possible, when RapidSOS no longer requires Personal Information for active service delivery but is required to retain that data for legal or other purposes, we take steps to pseudonymize, anonymize, and/or securely segregate that data to guard against unauthorized access, use, disclosure, or alteration. Personal information from children under sixteen years old is only knowingly collected when needed to provide Emergency-Related Services and is retained in personally-identifiable form for as long as is reasonably necessary to provide such services and comply with applicable law and regulation.
Cookies and Similar Technologies
We automatically collect personal information on our Emergency-Related Services Platform using common, industry-standard technologies (for example, standard web logs and cookies). Cookies are small text files that are created when your web browser loads one of our general information websites.
RapidSOS does not use marketing or advertising cookies on the Emergency Related Services Platform. Instead, only the following types of cookies are deployed on our Emergency-Relates Services Platform:
- Necessary cookies: These cookies are necessary to the operation of our Emergency-Relates Services Platform. They are required to perform basic functions such as page navigation and access to secure areas of our websites. These cookies do not store any personally identifiable information.
- Functional cookies: These cookies keep track of your personal preferences and settings, such as your preferred language for our Emergency-Related Services Platform. Without these cookies, some of these settings may not function properly.
- Performance cookies: These cookies gather information on how visitors interact with our Emergency-Related Platform, allowing us to understand how they use our platform. This statistical information is used to monitor and improve the platform’s content and performance. The following performance cookies are used on the RapidSOS Emergency-Related Services Platform:
- We use Gainsight cookies, based on consent, to track users’ interactions with the platform, including page visits, button clicks, and links followed. We use the Gainsight PX service in our platform to improve our analytics capabilities and to troubleshoot user interactions with the platform.
- We also use Google Analytics cookies, based on consent, on the Emergency-Relates Services Platform to measure performance and collect data about how visitors use the platform. RapidSOS has turned off all data sharing settings within Google Analytics and configured the data retention settings for the lowest available period.
Your Choices and Your Legal Rights
For US Customers (Including Privacy Rights under California Law):
- We do our best to provide individuals with choices and control over their own Personal Information. You may ask us:
- To provide more information about RapidSOS’ processing of your Personal Information during the previous 12 months. Your request can include:
- The categories and specific pieces of Personal Information we collected from you in a machine-readable format;
Information about why we collected that information, and - The categories of third parties from whom we received Personal Information about you, and/or the categories of third parties with whom we shared that information.
Note that we are unable to comply with access requests where: (i) we cannot verify your identity; (ii) compliance with your request is not legally required and would involve disproportionate cost or effort, or impact the privacy of others; or (iii) we no longer have the requested Personal Information. Because we do not retain information processed in the course of providing Emergency-Related Services beyond what is necessary to provide those services, we may not have requested information.
To delete of some or all of your Personal Information from our systems
Under certain circumstances, we will not be able to fulfill your request, for example if the information is necessary to complete a transaction you initiated, interferes with our regulatory obligations, has legal affect, including on a user’s rights with respect to data contained in their account, or where compliance with your request is not legally required and would involve disproportionate cost or effort.
You can make a request related to your Personal Information by emailing privacy@rapidsos.com or writing to RapidSOS, Inc., Attn: Privacy, 3 Park Ave., FL 22, New York, NY 10016. We will not discriminate against anyone who makes such a request.
For UK/ EU Customers:
We do our best to provide individuals with choices and control over their own Personal Information. You may ask us for :
- Access to personal information: you can ask to access the following information:
- The purposes of the processing
- The categories of the personal data concerned
- The recipients, or categories of recipients, of the data, if any, in particular any third countries or international organisations
- The length of time that the personal data will be stored for (or the criteria used to determine that period)
- Whether the personal data will be subject to automated processing, including profiling and, if so, the logic and potential consequences involved
- Where the data is transferred to a third country or international organisation, information about the safeguards that apply; Information about the source of the data, if not directly from the data subject
- Withdrawal of consent: you may withdraw consent where it was the basis for processing your personal data
- Rectification of your personal data: where personal data is inaccurate you have the right to request/claim that it be corrected and that incomplete personal data be completed based on information you may provide
- Erasure, also known as “the right to be forgotten”: you have the right to require to erase personal data without undue delay where one of the following applies:
- The personal data is no longer necessary for the purpose for which it was collected
- Consent is withdrawn and there is no other legal ground for processing
- The data subject objects to the processing of the personal data
- The personal data has been unlawfully processed
- Data portability: you have the right to request/claim that your personal data be provided to you in a “structured, commonly-used and machine-readable format” and to transfer that data to another party e.g. service provider. This applies to personal data for which processing is based on your consent and the processing carried out by automated means. Where feasible, you can also request/claim that the personal data be transferred directly from our systems to those of another provider
You have a right to lodge a complaint with your local data protection supervisory authority or with the UK Information Commissioner’s Office (ICO): https://ico.org.uk/for-the-public.
Should you have questions or concerns about data protection, your personal information, or should you wish to file a complaint, please contact the RapidSOS Data Protection Officer at: privacy@rapidsos.com or by post:
- In the UK/EU: RapidSOS UK Limited, Attn: Privacy, C/O Mercer & Hole, 21 Lombard Street, London, United Kingdom, EC3V 9AH
- In the US: RapidSOS, Inc., Attn: Privacy, 3 Park Ave., FL 22, New York, NY 10016.
We will not discriminate against anyone who makes such a request.
About Children: Direct Notice to Parents
RapidSOS collects the Personal Information of children under sixteen years old in the ways outlined above in order to respond to emergencies, including to protect the safety of a child in need of our Emergency-Related Services or who reports an emergency using RapidSOS functionality. RapidSOS will not use or disclose Personal Information collected from children under sixteen for any purpose unrelated to the emergency situation involving or reported by a child. This information will only be retained as long as necessary to fulfill the purpose for which it is collected and in accordance with the retention periods described above.
Security
RapidSOS has taken security measures to protect the confidentiality, integrity, and availability of your personal data. We make every effort to maintain security measures appropriate to the level of risk associated with the processing of personal data.
We are continually working to improve our security practices to ensure that your data is safe. Your personal data is stored on secure servers. We implement, and require our subcontractors and partners to implement, appropriate security and data protection measures in line with the latest technology.
Data transfer outside the UK/EU
Where the processing of personal data involves the transfer of such data, we ensure that the transfer is carried out under appropriate conditions which guarantee a sufficient level of protection, security and confidentiality.
Some of our service providers or their subcontractors are located in countries outside the UK and the EEA and your personal data is processed in those countries. Some of these countries may have different personal data regulations from those of the UK or the EEA. In such a case, we take particular care to ensure that the transfer is carried out in accordance with the applicable regulations and put in place safeguards to ensure a level of protection of your privacy and fundamental rights equivalent to that offered by the UK (in particular the Commissioner’s Standard Data Protection Clauses) and the European Union (in particular the European Commission’s Standard Contractual Clauses). You may obtain a copy of these clauses by writing to our DPO at the following address: privacy@rapidsos.com.