Effective Date: November 16, 2018

The Crisis24 Group of companies comprised of Crisis Consulting SAS, Crisis24 Limited, and WorldAware, Inc., wholly owned subsidiaries of Garda World Security Corporation (hereafter “Crisis24,” “we,” or “us”) respect individual privacy and value the confidence of its customers, employees, consumers, business partners, and others. Crisis24 strives to collect, use, and disclose personal and other information in a manner consistent with applicable laws, and prides itself on upholding the highest ethical standards in its business practices. Crisis24 complies with the General Data Protection Regulation (“GDPR”) and for the purposes of this Policy, the Accountability principle under Article 5 [2] of GDPR, which establishes responsibility for, and demonstrating compliance with, the GDPR primarily for Data Controllers. However, Crisis24 undertakes to adopt this principle as a Data Processor for our Clients (the Data Controller) as well as a Data Controller for our employees.

This Privacy Policy describes how Crisis24 collects, uses, and shares information in connection with our website at www.crisis24.com and www.worldaware.com (the “Sites”); our collective services including but not limited to those listed at this link: and including any listed mobile applications (the “Apps”); and the emails that we send to our customers (collectively, the “Services”). It also describes users’ choices regarding use, access and correction of personal information.

What Information Is Collected

Crisis24 Commercial Services

Crisis24 collects both Personal Information and Other Information when you register for or use the Services. Crisis24 does not collect any Sensitive Personal Information, known as Special Categories under GDPR, unless expressly directed to do so by your employer, whereby your employer would need to secure a lawful processing ground for such data. “Personal Information” is any information or set of information relating to an identified person or an identifiable person who can be identified, directly or indirectly, by reference to an identifier such as an identification number, location data, an online identifier or one or more factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity. For example, Personal Information includes name, address, email address, employer’s company name, job title, phone or fax number, employee ID, travel itineraries, including emergency contact information and, if requested by a client, passport numbers. “Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, or trade union membership, that concerns an individual’s health or sex life, criminal proceedings, or that is designated in writing by a third party as Sensitive Personal Information. “Other Information” is any information that is not Personal Information or Sensitive Personal Information. For purposes of this Privacy Policy, Personal Information does not include information that is anonymized, or publicly available information that has not been combined with Personal Information or Sensitive Personal Information.

  • For individuals residing in the European Union, where Crisis24 collects Personal Information directly from you, we will inform you about the type of Personal Information collected, the purposes for which we collect and use the Personal Information, and the types of non-agent third parties to which Crisis24 discloses or may disclose that information, and the choices and means, if any, Crisis24 offer individuals for limiting the use and disclosure of their Personal Information. Under these circumstances, notice will be provided in clear and conspicuous language when you are first asked to provide Personal Information to Crisis24, or as soon as practicable thereafter, and in any event before Crisis24 uses or discloses the information for a purpose other than that for which it was originally collected or discloses it for the first time to a third party.

We collect Personal Information for the Crisis24 Commercial Services in the following circumstances:

  • You provide certain Personal Information to us when you: (a) register to use the Services, (b) order products and services from us, and (c) send email messages, submit forms, or send other information to us.
  • Crisis24 may obtain Personal Information about you from third parties. For example, we may receive data feeds, including your past, current, or future travel plans, from a travel agency, Global Distribution System (GDS) such as Sabre, or a data aggregator, such as itinerary aggregators in order to provide risk management services.
  • When you complete a profile form to obtain personalized Crisis24 reports, you are required to give your contact information (such as name and email address). This information is used to contact you about Crisis24 services about which you have expressed interest. It is optional for you to provide additional Personal Information (such as health and activity information) and unique identifiers (in the case of employees), but doing so permits Crisis24 to provide a more report.
  • If you use our Apps, Crisis24 may request to collect information about the precise location of your device using GPS, WiFi, or cellular network signals from your device. Keep in mind precise location data cannot be collected unless you allow the app to use your terminal equipment location. In particular, our Mobile App collect precise location when you use the “Crisis” or “Check In” buttons or when you use the App to learn about information that is relevant to your current location. The app may collect precise location from your device on a real-time, continuous basis to inform you, and allow your organization to inform you, of incidents and threats near your current location. In addition, our Critical Trac® app may collect precise location from your device on a real-time, continuous basis for tracking purposes and when you use the “Panic” and “Check In” buttons. If you would like Crisis24 to stop collecting precise location from your device, please follow the instructions in the section below titled “The Choices Available to Users Regarding Collection, Use, Sharing, and Correction of Personal Information.”
  • In the event of a complaint, we may receive Personal Information about you from other users or third parties who may communicate information to us about you in relation to that complaint.
  • We may collect Personal Information from you at other points on our Services that state that Personal Information is being collected.

We and our service providers may also collect Other Information when you use the Services. This may include your computer or device operating system and browser type, your Internet service provider, your domain name, your general geographic location, the website that you visited before the Site, the webpage visited, the content accessed, the time spent on the webpage and the link you used to leave the Site. Crisis24 and its partners collect this Other Information automatically through the use of cookies or similar technologies, such as Javascript, to analyze trends, administer the website, track users’ movements around the Site, and to gather demographic information about our user base as a whole.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of the Crisis24 platform or our websites. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Crisis24 Marketing

Crisis24 collects both Personal Information and Other Information for Marketing purposes when you register for access to content in any form or you contact us. Personal Information collected for Marketing purposes includes name, address, email address, employer's company name, job title, phone or fax number. We do not request any "Sensitive Personal Information" for Marketing purposes.

We collect Personal Information for Marketing purposes in a variety of ways including:

  • Offline: When you attend one of our events, during phone calls with sales representatives, or when you contact customer service.
  • Through You: Information that you voluntarily provide through forms or access requests. Note that there is no legal obligation for you to provide us with Personal Information and any information collected by us will be provided by you at your own will and with your consent. We may also collect Personal Information from you at other points on our Services that state that Personal Information is being collected. You always have the ability to modify or remove information you provide Crisis24 either in the form or through an email to marketing@crisis24.com
  • Information From Other Sources: In order to enhance our ability to provide relevant marketing, offers and services to you, to the extent permitted by law, we may obtain information about you from other sources, such as search information providers, analytics providers, advertising platforms public databases, joint marketing partners, social media platforms, as well as from other third parties.

We and our service providers may collect Other Information for Marketing purposes in the following ways, including:

  • Through Your Browser or Device: Certain information is collected by most browsers or automatically through your device, such as computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version, and the name and version of the Sites (such as the Apps) you are using.
  • Through Cookies and Similar Technologies: Crisis24 and its partners use cookies and similar technologies to analyze trends, administer the website, track users' movement around the Site, and to gather demographic information about our user base as a whole. In particular, cookies and other technologies are used by our web analytics services which currently include Google Analytics, and Web Marketing Automation (‘’WMA’’) tools which include Marketo, Dynamics for Marketing, Pardot and analytics tool Mixpanel. Google Analytics is a web analytics service provided by Google Inc. ("Google"). Google Analytics uses cookies and similar technologies to analyze how users use the Websites. For more information about Google Analytics, or to opt out of Google Analytics, please go to: https://tools.google.com/dlpage/gaoptout. Marketo is a web marketing automation and analytics tool provided by Marketo, Inc. ("Marketo"). Dynamics for Marketing is a web marketing automation and analytics tool provided by Microsoft Inc. (“Dynamics for Marketing”). Salesforce Pardot is a web marketing automation and analytics tool provided by Salesforces Inc.
  • The WMA tools power the forms used by Crisis24 on its website and provides Crisis24 the information you input, inferred location as well as your behavior on the site, and what brought you to the site. For more information on Marketo, please go to https://www.marketo.com. For more information on Salesforce, please go to https://www.salesforce.com/ For more information on Dynamics for Marketing, please go to https://dynamics.microsoft.com/ For more information on Pardot, please go to https://www.pardot.com/
  • To opt out of the WMA tools tracking, web visitors may select the Do Not Track (DNT) feature in their browser. Mixpanel is a business analytics solution that tracks user interactions with web and mobile applications in order to measure user engagement and retention. Mixpanel collects session visit information, including UTM parameters, device operating systems, browser and inferred location based on IP addresses. To opt out of Mixpanel tracking, visitors may select the Do Not Track (DNT) feature in their browser.
  • Please see our Cookie Notice for more information.

Employee Information

Crisis24 collects both Personal Information and Other Information when you apply through our careers portal or some other method and when you are employed by Crisis24. Personal Information collected may include name, address, bank information for payroll purposes, email address, job title, phone or fax number, emergency contact information, and where appropriate, passport numbers and/or national registration numbers. "Sensitive Personal Information" means Personal Information that reveals race, criminal proceedings as part of routing background checks, and work performance information.

On our career portal, we use Google Analytics in the manner described above.

Who Collects the Information

The entities listed below are the companies that make up Crisis24 and which collect Personal Information and Other Information through our Services. Our mailing address is:

In the USA:
WorldAware, Inc.
185 Admiral Cochrane Drive
Annapolis, Maryland 21401 USA

And our customer service email address is customerservice@worldaware.com.

In the United Kingdom:
Crisis24 Limited
Avalon,
26-32 Oxford Road,
Bournemouth BH8 8EZ UK

In France:
Crisis24 Consulting SAS
9 rue de Quatre-Septembre
75002 Paris, France

And our customer service email address is marketing@crisis24.com.

In some cases, as part of our Commercial Services, we may collect information from or through a third party, such as itinerary aggregators to provide you risk management services. In those circumstances, the collection, use, and disclosure of your information is subject to the privacy policy of the third-party website or service, and not this Privacy Policy.

How the Information Is Used

For individuals residing in the European Union, Crisis24 will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual or directed by an employer that has purchased Crisis24 products or services on behalf of its employees. Crisis24 will take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete and current.

Commercial Services

We use Personal Information and Other Information as part of our Commercial Services to:

  • Provide you with content, products, and services that you request, fulfill the terms of any agreement you have with us, and operate our business.
  • Register you for the Services and tailor the Services specifically to the profile you provide.
  • Send administrative communications about the Services, provide relevant alerts and information related to your travel, respond to your requests, request feedback or handle customer service questions or issues, or to notify you of important changes or updates to the Services.
  • Provide location-based services to you. For example, our Apps may enable you to opt-in to check-in with your current location, send a signal with your current location during a crisis, receive content including incident and threat information that is tailored to your precise location, and, in some cases, allow your precise location to be monitored on a real-time, continuous basis.
  • Operate our Services, enhance our Services, and deliver messages.
  • Provide certain information to potential customers on an aggregated basis. For example, we may report that we have a certain number of travelers or that we have processed a certain number of trips in a potential customer's jurisdiction.

Marketing

We use Personal Information and Other Information collected for Marketing purposes to:

  • Respond to any requests for information you submit.
  • If you elect to use our referral service for informing a friend about our Services, we ask you for the friend’s name and email address. Where permitted by law, Crisis24 will automatically send the friend a one-time email inviting them to visit the Services. Crisis24 stores this information for the sole purpose of sending this one-time email. The friend may contact Crisis24 at dataprotection@garda.com to request the removal of this information from our database.
  • Send newsletters and promotional communications (which we send on an opt-in basis where required by law) regarding our current products, Services, and features; our new or improved products, services, or features; and other information that we believe may interest you. Although we hope that you will find our promotional communications useful, you may opt out of receiving them by following the “unsubscribe” instructions included at the bottom of each email message.
  • We use your information to do such things as understand and analyze how the Services are being used, create new products and services, and deliver messages.
  • We may provide lists of prospects from tradeshows with partners (on an opt-in basis where required by law).
  • We may provide certain information to potential customers on an aggregated basis. For example, we may report that we have a certain number of travelers or that we have processed a certain number of trips in a potential customer’s jurisdiction.

Employee

We use Personal Information and Other Information collected for Employment Purposes to:

  • Fulfill our legal obligations as your employer including performance evaluation, tax reporting, payroll data and employee benefit services.

Information We Collect on Behalf of Our Clients

The use of information collected through our service shall be limited to the purpose of providing the service for which the Client has engaged Crisis24.

Crisis24 collects information under the direction of its Clients and has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the Client that you interact with directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Clients.

If your employer (our Clients) has purchased Crisis24 products or services on your behalf, Crisis24 may receive Personal Information about you directly from your employer. For individuals residing in the European Union, if your employer has given Crisis24 any Personal Information about you in connection with its purchase of a Crisis24 product or service for your benefit, your employer and not Crisis24 will be responsible for determining the method and means by which you will receive notice and the ability to consent to Crisis24’s receipt and use of such information.

An individual who seeks access, or who seeks to correct, amend, restrict, port, or delete data should in most cases direct his query to the Crisis24’s Client (the data controller). If requested to remove data, we will respond within a reasonable timeframe and inform you thereof.

We will retain personal data we process on behalf of our Clients for as long as needed to provide services to our Client. Crisis24 will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

With Whom the Information May Be Shared

We share information within Crisis24 Group. This will involve transferring your data inside and outside of the European Economic Area (“EEA”).

We also share the disclose information to third parties in the following circumstances:

  • Crisis24 may share Personal Information and Other Information we collect with our contractors and third-party service providers, including companies that send email and other messages on our behalf to you, to companies that store such information for these uses, and companies that perform analytics services for us, on a need-to-know basis in order to provide and maintain our Services. These companies are authorized to use your personal information only as necessary to provide these services to us. For consumers residing in the European Union, Crisis24 will obligate such service providers to safeguard such information in a manner consistent with this Policy and the consent provided by you and to provide the same level of protection as the GDPR requires. Crisis24 will remain liable GDPR if the service provider processes information in a manner inconsistent with GDPR, unless Crisis24 proves that it is not responsible for the event giving rise to the damage, if any.
  • We share information we collect with in the Crisis24 Group, who must also adhere to the requirements of GDPR.
  • Our Site and Apps may allow third parties (such as Google) to collect information through cookies, pixel tags, and mobile advertising identifiers, such as Apple’s IDFA or Android’s Advertising ID, for use in online interest-based advertising. For more information about behavioral advertising practices, visit the Network Advertising Initiative, the Digital Advertising Alliance or the European Digital Advertising Alliance. You may opt out of our third-party service providers’ interest-based advertising practices in web browsers and mobile apps by clicking http://preferences-mgr.truste.com or if located in the European Union click http://www.youronlinechoices.eu. Please note you will continue to receive generic ads. Although our Sites currently do not respond to "do not track" browser headers, you can limit tracking by taking the steps discussed above. Please note that the use of online tracking mechanisms by third parties is subject to those third parties' own privacy policies and not this Policy.
  • If a Crisis24 product or service is purchased by an individual’s employer on behalf of the individual, Crisis24 may transfer Personal Information and Other Information, including precise location, to the employer for its legitimate business purposes, including, without limitation, for purposes of risk management and/or crisis response.
  • • When you contribute to a public area or feature of our Site, the information that you submit will be made available to other users, and sometimes to the general public. For this reason, we recommend that you do not submit any Personal Information, including your full name, home address, phone number, other information that would enable other users to locate you, or financial or medical information on these areas of our Site. If you are a California resident under the age of 18 and a registered user of our Services, you may request that we remove content that information that you post on our Services that personally identifies you. To obtain removal of such content or information, please send an email with a detailed description of the specific content or information you would like removed to dataprotection@garda.com. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted, since the content or information may remain in our database, may remain visible in a manner that does not identify you, or may have been re-posted by another user. There may be other circumstances in which applicable laws do not require or allow removal even if requested.
  • In addition, Crisis24 may use and disclose Personal Information and Other Information as it believes reasonably necessary: to comply with applicable law or respond to legal process (for example, a court order, search warrant or subpoena); in response to lawful requests by public authorities (such as to meet national security or law enforcement requirements); to investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our Terms and Conditions, or in other circumstances in which Crisis24 has a good faith belief that its products or Services are being used in the commission of a crime or that there is an emergency that poses a threat to the safety of you or another person; or to protect our rights and property.
  • Crisis24 may disclose Personal Information and Other Information to facilitate the financing, securitization, insuring, merger, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets.
  • We may also disclose aggregated, de-identified information about users of the Services for any purpose, such as by publishing a report on trends in the usage of the Crisis24 Services.

Privacy Protections for Children

This Site and the Crisis24 Services are provided for adults only. The Site and the Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under the age of 13 through the Site or Services.

The Choices Available to Users Regarding Collection, Use And Distribution of Personal Information and Other Information

You can control the collection, use, and sharing of your information by following the instructions stated below. Please note that if you provide any information to parties who provide services to our Site or Apps or to any other sites or apps you encounter on the Internet or otherwise (even if these sites are branded with our branding), different rules may apply to their use or disclosure of the Personal Information you disclose to them. We encourage you to investigate and ask questions before disclosing Personal Information to third parties.

  • • You have the right to access, amend or delete Personal Information we hold about you, and in some cases to object to the processing of your Personal Information or request your Personal Information to be provided to you in a portable form. For example, if your Personal Information changes, you would like to review or correct your Personal Information, or if you no longer desire our Services, you may correct, update, or remove your Personal Information at the member information page or by emailing our Customer Support at marketing@crisis24.com. Upon request Crisis24 will provide you with information about whether we hold any of your personal information. We will respond to your request within a reasonable timeframe.
  • You are given the opportunity to ‘opt in’ to having your Personal Information used for purposes not directly related to our Services at the point where we ask for the information. For example, Crisis24 might want to use your information as part of future marketing campaigns.
  • You may also ‘opt out’ of receiving non-essential or promotional communications directly from Crisis24. If you no longer wish to receive our non-service-related mailings, you may opt out of receiving these communications by following unsubscribe instructions at the bottom of each communication, replying to the email and placing “unsubscribe” in the subject line of the email, or emailing us at dataprotection@garda.com.
  • • Crisis24 may collect location information if you use a Crisis24 application on your mobile device. The iOS and Android (OS 6.0+) platforms will alert you the first time a Crisis24 app wants permission to access certain types of data and will let you consent (or not consent) to that request. You may subsequently manage your location sharing preferences at any time with the iOS and Android (OS 6.0+) platforms by changing the Location Services settings on the device. Android (OS 5.1.1 and earlier) devices will notify you of the permissions that a Crisis24 app seeks before you first use the app, and your use of the app constitutes your consent. Some applications, such as the Worldcue® Mobile app may also permit you to modify location reporting (the transmission of your location information to our servers) from within the application Settings. Please note that the Services require your precise location for certain features to work properly.

What Kind of Security Procedures We Use to Protect the Loss, Misuse, or Alteration of the Information Under Our Control

Crisis24 takes commercially reasonable administrative, technical, and physical precautions to protect our users’ information against loss, misuse and unauthorized access, disclosure, alteration, and destruction. However, no system is 100% secure, and therefore we cannot guarantee the absolute security of the information that we collect.

We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements, consistent with applicable law.

Information for European Users

Crisis24 is GDPR compliant and committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively.

Crisis24 is responsible for the processing of personal data it receives, under GDPR, and subsequently transfers to a third party acting as an agent on its behalf. Crisis24 complies with GDPR for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

In certain situations, Crisis24 may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

International Transfer

Crisis24 provides services globally so it may be necessary to transfer your Personal Information internationally. In particular, your Personal Information will be transferred to and processed in the United States and/or the United Kingdom and wherever you access Crisis24 provided services while you travel. You acknowledge that the data protection and other laws of other countries may provide a less comprehensive or protective standard of protection than those in your country or the country you are in while using our services. Where European or UK data protection laws apply, we use Standard Data Protection Clauses in line with the guidance from the Court of Justice of the EU.

Dispute Resolution

In compliance with the GDPR, Crisis24 commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints should first contact Crisis24 at:
Privacy Office

Crisis24
Rosemary Baker
Compliance & Office Manager
Avalon, 26-32 Oxford Road, Bournemouth, BH8 8EZ
UK

Our data protection officer can be contacted as follows:

Aphaia Ltd.
Eagle House
163 City Road
Shoreditch
London EC1V 1NR
United Kingdom

dpo@crisis24.com
 

Contacting the Regulator

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint in the UK with the Information Commissioner’s Office.

You can contact them by calling +44 (0) 303 123 1113 or go online to www.ico.org.uk/concerns(opens in a new window; please note we can’t be responsible for the content of external websites).

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

Changes to this Privacy Policy

This Privacy Policy may be amended from time to time, consistent with changing legal, regulatory, or client requirements. We will post any changes to this Privacy Policy on our website. If we make a material change to this Privacy Policy, we will provide you with appropriate notice on our website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

 

Updated November 19, 2020