Privacy

Our goal is to make sure you know how we collect, use, share, and store your personal data when you create a EVERYWHERE account, interact with our customer support team, and visit everywherecomms.com or other EVERYWHERE websites and apps covered by this privacy policy.

Request your data

To request access to or rectification or portability of your personal data, contact us with the link above.

Request to delete your data

To request access the erasure of your personal data, contact us with the link above.

Your privacy is important to EVERYWHERE. We developed this Privacy Policy to provide you with information on how we process your personal data when you create an EVERYWHERE account, interact with our sales and customer support teams, visit everywherecomms.com,  the EVERYWHERE Hub, or use EVERYWHERE apps.


Privacy Policy Last Updated: November 11, 2021

1. INTRODUCTION Welcome to EVERYWHERE Communications, Inc.’s privacy policy (the “Privacy Policy”). EVERYWHERE respects your privacy and is committed to protecting your personal data. This Privacy Policy will inform you as to how we look after your personal data when you use our Services (regardless of where you use it from) and will tell you about your privacy rights and how the law protects you. The Services includes the EVERYWHERE products and services you are using as more fully described in the Definitions. “You” (whether capitalized or not) means you, the End User of the Services. “We” or “us” or "our" (whether capitalized or not) means our company, EVERYWHERE, the developer, owner, and operator of the Services. “Company” means the legal entity (typically your employer) that paid or pays the charges that enables your use of these Services under a commercial agreement with EVERYWHERE or one of its Channel Partners that resells the Services . Please see Schedule A (Definitions) for more detailed definitions for capitalized terms used throughout this Privacy Policy.

2. PURPOSE AND WHO WE ARE

2.1 Purpose Of This Privacy Policy. This Privacy Policy aims to give you information on how EVERYWHERE collects and processes your personal data through your use of the Services, including any data you may provide when you use our Services. It is important that you read this Privacy Policy together with any other privacy policy we may provide on specific occasions when we are collecting personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements various agreements that we have in place other notices and privacy policies and is not intended to override them.

2.2 Controller. EVERYWHERE is the controller and responsible for your personal data.

2.3 Contact Information. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the EVERYWHERE Data Privacy Manager using the details set out below.

EVERYWHERE Data Privacy Manager contact information:
Full name of legal entity: EVERYWHERE Communications, Inc.
Email address: Privacy@everywherecomms.com
Postal address:30 West Street Annapolis, Maryland 21401 USA
Telephone number: 207-370-0499

2.4 Changes To The Privacy Policy And Your Duty To Inform Us Of Changes. We regularly review our Privacy Policy. This version was last updated on the date set forth at the beginning of this Privacy Policy. Historic versions of this Privacy Policy are listed in Schedule B at the bottom. It is important that the personal data we hold about you is accurate and current. If you are a Web User, you have the permissions to change information about the Device Account associated with the Device that you use in connection with the Services. If you are not a Web User, then you do not have the ability to change information about the Device Account associated with the Device that you use in connection with the Services, so please contact the Web User that is authorized to make changes to the Device Account associated with the Device that you use.

2.5 Third-Party Links. The Services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third-parties to collect or share data about you. We do not control these third-party websites, plug-ins or applications and are not responsible for their privacy statements. Our privacy policy applies only to our Services, so if you click on a link to another website or use their plug-ins or applications, you should read their privacy policy.

3. BACKGROUND AND SCOPE OF ACCOUNT TYPES

3.1 Device Accounts. While this Privacy Policy is primarily directed at you, the End User of the Services, it is important to understand that there are two different types of accounts used by the Services that impact an End User and the End User’s Devices. The first is a Device Account that tracks your Devices. A single Device Account may control two paired Devices, one that operates on the Iridium satellite network, and one that runs the EVERYWHERE App on smartphones. Since we do not expressly keep account information for each End User, some of the information that we store in the Device Account may be considered personal data of the End User who uses the Devices associated with the Device Account. In some situations, however, Devices are shared between different End Users. In these situations, the information stored in the Device Account associated with the Devices may not necessarily be your personal information, as it could very well be personal information acquired during use of the Services from another End User who is sharing the same Device.

3.2 Web User Accounts. A primary component of the Services is the EVERYWHERE Hub, which is an online server hosted and controlled by us. The EVERYWHERE Hub performs numerous functions in the configuration and delivery of the Services. One of the Hub’s configuration functions provides the ability to add, modify and delete account information related to the operation of the Services. End Users that are authorized to access the Hub to perform these configuration functions are called Web Users and each Web User has a Web User Account. Not all End Users are Web Users. Web Users can be thought of as an administrative type of End User who has certain rights not available to all End Users.

4. DATA WE COLLECT ABOUT YOU AND/OR YOUR DEVICE This section is intended to provide you with an understanding of the personal data, or personal information, that may be used or acquired by the Services in the course of your use of the Services. As noted above in Section 3.1 (Device Accounts), while the Services do not expressly track an End User’s personal data, it does track information about a Device. So as an End User is using a Device on the Services, the End User’s personal data may be tracked under the Device Account associated with that Device. In situations where a group of End Users are sharing a Device, the personal data of more than one End User may be stored under a single Device Account.

4.1 Data Elements Table. Table 4.1 below sets forth the various data elements that are used in the course of interacting with the Services. These elements are categorized by the various activities that occur in connection with use of the Services. The purpose for collecting each data element, how and when each data element is collected, and the legal grounds for maintaining each data element are all explained in the table. The data elements are all defined terms set forth in Schedule A (Definitions), which can be found at the end of this Privacy Policy. Some data elements represent groups of individual data elements. Many of these grouped data elements are referenced in the table below.

EVERYWHERE Privacy Policy

Table 4.1: Data Elements Table

Activity

 


Data Elements Involved
(See Schedule A for Definition of Data Elements)

Purpose for Collecting

How/When Collected

Legal Grounds

Configuring A Device Account

Except as expressly stated otherwise here, the Device Account Profile Data Elements are all necessary for the proper functioning of the Services in accordance with its specifications. The First Name, Last Name, Address, City, State/Province, Zip/Postal Code, and Additional Information contained within the Device User Data are all optional fields and are only maintained for the convenience of your Company.

All of the Device Account Profile Data Elements may be entered into the Services by you, if you are an authorized Web User, otherwise by the Web User that is authorized by your Company to handle system administration tasks for the Services. You or the authorized Web User may change your Device Account Profile Data Elements at any time by updating them within the Services.

The legal ground for processing your Login Credentials is EVERYWHERE’s legitimate interest in protecting the security of your account. The legal ground for processing the optional First Name, Last Name, Address, City, State/Province, Zip/Postal Code, and Additional Information contained within the Device User Data is your Company's legitimate interest in maintaining information about its employees and your consent, which may be withdrawn. The legal ground for processing the Country and Citizenship contained within the Device User Data is our legitimate interest in Complying With A Legal Obligation. The legal ground for processing the email address and phone number contained within the Device User Data is performance of a contract. The legal ground for processing the Contact Data, the Emergency Contact Data, Quick Messages, and Data Retention Period is performance of a contract. The legal ground for processing the Geofence Data and Other User Access is your consent, which may be withdrawn by removing the data in these configuration fields that are required in order for them to operate.

Device Account Profile Data Elements, which include:
> Login Credentials
> Device User Data
> Contact Data
> Emergency Contact Data
> Geofence Data
> Quick Messages
> Other User Access
> Data Retention Period

Configuring A Web User Account

The Web User Account Profile Data Elements are all necessary for the proper functioning of the Services in accordance with its specifications.

All of the Web User Account Profile Data Elements may be entered into the Services by you, if you are an authorized Web User. If so authorized, you may change the Web User Account Profile Data Elements at any time by updating them within the Services.

The legal ground for processing your Login Credentials is EVERYWHERE’s legitimate interest in protecting the security of your account. The legal ground for processing the email address contained within the Web User Data is performance of a contract. The legal ground for processing the Managed Devices and Managed Entities is performance of a contract.

Web User Account Profile Data Elements, which include:
> Login Credentials
> Web User Data
> Managed Devices
> Managed Entities

Using the Services To Send Messages, Including SOS Messages

The Services are designed to be used as a means of communicating with your Contacts, including the need to communicate emergency signals to your Emergency Contacts and appropriate authorities. EVERYWHERE processes your Messages, your Contacts' Messages, and your Emergency Contacts' Messages sent to and from your Devices, and your Track Points, in order for EVERYWHERE and its service providers to perform the Services. Usage Data is collected to improve the functionality of the Services and to help us do capacity planning.

All Messages sent from your Devices are generated on the Devices, provided that certain elements of Messages may be forwarded from Messages received from your Contacts or Emergency Contacts. All Messages received on your Devices from your Contacts or Emergency Contacts are generated by devices or computers controlled by your Contacts or Emergency Contacts. Your Track Points are collected when your Devices are connected to the Services via the Iridium satellite network or via the Internet for Smartphones, as applicable. For more information on Track Points, and how Track Point data is collected, see Section 4.2 (Track Point data) below. Usage Data is collected by running reports on our databases.

The legal ground for this processing the Messages is the performance of a contract. The legal ground for processing your Track Points is based on is your consent. Please see Section 4.2.3 (Your Consent to Collect Track Points). The legal ground for processing your Track Points is also based on the performance of a contract. Please see Section 4.2.4 (Company and Your Rights to Access and Delete Track Point.). The legal ground for processing Usage Data is our legitimate interest in improving our Services and in proper capacity planning.

Messages
Track Points

Usage Data

Billing

When you purchase a product or subscription from EVERYWHERE, we collect some or all of the Billing Information Data Elements so that we can bill you and get paid for our products and services. Unless you are an individual and not a legal entity, all of the Billing Information Data Elements contains Company information and not personal information.

Your Billing Information Data Elements are entered into EVERYWHERE's administrative billing systems, or our Channel Partner's billing systems if the billing for your account is being handled by a Channel Partner. You may change your Billing Information Data Elements at any time by contacting either EVERYWHERE or the Channel Partner, as applicable.

The legal ground for processing your Billing Information Data Elements for these billing purposes is the performance of a contract.

Billing Information Data Elements, which include:
Company Name
Contact Name
Address
Email
Phone
Bank Account Info
Credit Cards

Sending you important information

EVERYWHERE processes your email address for the purpose of sending you important information about your EVERYWHERE products, services, apps, or account, such as important safety information.

Your email address is entered into the Services by you, if you are an authorized Web User, otherwise by the Web User that is authorized by your Company to handle system administration tasks for the Services. This happens when your Device Account Profile Data Elements is first entered into the Services. You or your authorized Web User may change your email address at any time by updating your Device Account Profile Data Elements within the Services.

The legal ground for processing your email address is EVERYWHERE’s legitimate interest in providing you important safety or other information about your EVERYWHERE products, services, apps, and account.

Email

Marketing information

If you provide your opt-in consent to receiving marketing information from EVERYWHERE, EVERYWHERE may also process your email address for the purpose of sending you marketing information about EVERYWHERE products, services, and apps, as well as newsletters.
The marketing emails you receive from EVERYWHERE are based on a combination of the preferences you (or your authorized Web User) provide in your Device Account Profile Data Elements, the locale indicated by your Internet Protocol (IP) address, the types of EVERYWHERE Devices added to your EVERYWHERE account, and any subscriptions included in your EVERYWHERE account.

You have option to provide your consent to receive marketing emails when you (or your authorized Web User) first creates your Device Account Profile Data Elements. You (or your authorized Web User) may change your email address at any time by updating your Device Account Profile Data Elements within the Services.
You (or your authorized Web User) may withdraw your consent at any time by changing your preferences in your Device Account Profile Data Elements or through the unsubscribe link at the bottom of our marketing emails.

The legal ground for processing your email address for marketing purposes is your consent.
The legal ground for processing the combination of preferences and other data is EVERYWHERE’s legitimate interest in reducing the number of marketing emails sent to each particular customer by selecting which customers receive a particular marketing email rather than sending every marketing email to every customer who has consented to receiving marketing emails.

Email

Marketing Data

Customer Support

EVERYWHERE also processes your email address to associate it with your EVERYWHERE account when you interact with our customer support representatives.

Your email address is entered into the Services by you, if you are an authorized Web User, otherwise by the Web User that is authorized by your Company to handle system administration tasks for the Services. This happens when your Device Account Profile Data Elements is first entered into the Services. You or your authorized Web User may change your email address at any time by updating your Device Account Profile Data Elements within the Services.

The legal ground for processing your email address for customer support is our legitimate interest in providing quality customer support.

Email

Violation of terms

EVERYWHERE also processes your email address to notify customers when they have violated our terms.

Your email address is entered into the Services by you, if you are an authorized Web User, otherwise by the Web User that is authorized by your Company to handle system administration tasks for the Services. This happens when your Device Account Profile Data Elements is first entered into the Services. You or your authorized Web User may change your email address at any time by updating your Device Account Profile Data Elements within the Services.

The legal ground for processing your email for violating our terms is our legitimate interest in ensuring a quality experience for all customers and ensuring adherence to our terms.

Email

 

4.2 Track Point Data. Devices that are connected to the Services regularly collect Track Point data. Track Point data for Devices is collected on the EVERYWHERE Hub, however it is collected differently on Iridium satellite-based Devices than it is on smartphones using the EVERYWHERE App.

4.2.1 Collecting Track Point Data on Iridium satellite-based Devices. The frequency of the Track Points collection on Iridium satellite-based Devices is determined based on a Company level setting, which is determined, in part, based upon the subscription data plan selected by your Company. The typical Track Point collection frequency for Iridium satellite-based Devices ranges from once every 30 minutes to every 2 minutes. To disable Track Points collection on Iridium satellite-based Devices, select Stop Tracking or power the Device down. Otherwise, if the Device is powered on, and has a connection to the Iridium satellite network, Track Points will be collected in accordance with the Company defined frequency.

4.2.2 Collecting Track Point Data on Smartphones. Running the EVERYWHERE App. The frequency of the Track Points collection on Smartphones Running the EVERYWHERE App is also determined based on a Company level setting, however, this is limited by the data plan of the cellular coverage for the smartphone Device, and not any limits on the EVERYWHERE subscription data plan selected by your Company. The typical Track Point collection frequency on Smartphones running the EVERYWHERE App depends on how fast the user is moving with times ranging from every few seconds to 30 minutes.. To disable Track Points collection on Smartphones running the EVERYWHERE App, the EVERYWHERE App should be configured to turn off Track Points collection. Otherwise, Track Points will be collected in accordance with the Company defined frequency.

4.2.3 Your Consent to Collect Track Points. By using the Services, you are hereby consenting to the collection and storage of Track Points by the Services and access to the Track Points by your Company. Because the collection of Track Points is an essential function of the Services, your consent to collect Track Points cannot be withdrawn, except by your refusal to use the Services.

4.2.4 Company and Your Rights to Access and Delete Track Point. If your Company is paying for your access to the Services, then unless you have a binding legal agreement with that Company, which would also include a Company policy (e.g., a Human Resources Policy) (such agreement or policy, collectively a “Company Policy”) to the contrary, the Company has a legitimate commercial interest in having access to the Track Points that are created by the Devices that are associated with the Device Accounts under your name, and the Company will have the right to decide if or when those Track Points are deleted during the Data Retention Period. Note that all Tracks Points are permanently deleted by the Services after the end of the Data Retention Period. These guidelines are intended to govern situations where there is no Company Policy that governs the usage of an employee’s location data. Where there is a Company Policy in effect, then that Company Policy would take precedence over this Privacy Policy.

4.3 Aggregated Data. We also collect, use and share Aggregated Data such as statistical data for any purpose. For example, we may aggregate your Usage Data to calculate the percentage of End Users accessing a specific feature of the Services. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy and the law.

4.4 Special Categories of Personal Data. We do not collect any special categories of personal data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health (unless provided that under the Additional Information field in the Device User Data), and genetic and biometric data. Nor do we collect any information about criminal convictions and offenses.

4.5 Children. We request individuals under the age of 13 in the U.S. and under the age of 16 in the rest of the world not provide personal data to us. If we learn that we have collected personal data from a child under the age of 13 in the U.S. or under 16 in the rest of the world, we will take steps to delete the information as soon as possible.

4.6 If You Fail To Provide Personal Data. Where we need to collect personal data either because we need to Comply With A Legal Obligation or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to ensure our Performance of a Contract we have or are trying to enter into with you or your Company (for example, to provide you with access to the Services). In this case, we may have to cancel the Services you have with us but we will notify you or your Company if this is the case at the time.

5. HOW YOUR PERSONAL DATA IS COLLECTED In addition to the information in Table 4.1 (Data Elements Table) under the “How/When Collected” column on how personal data is collected, we also use different methods to collect data from and about you and your Company including through:

5.1 Direct Interactions. You or your Company may give us your personal data by filling in forms or by corresponding with us by mail, phone, email or otherwise. This includes personal data you or your Company may provide when you or your Company:
• Request additional information about our Services; or
 • Give us feedback or contact us.

5.2 Third Parties or Publicly Available Sources.
We do not collect personal data about you from third parties or publicly available sources.

6. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances: • Where we need to Perform the Contract we are about to enter into or have entered into with you or your Company. • Where it is necessary for our Legitimate Interests and we (or a third party) has a Lawful Basis and your interests and fundamental rights do not override those interests. • Where we need to Comply With A Legal Obligation.

6.1 Cookies.

6.1.1 What Are Cookies? Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology. For further information, visit allaboutcookies.org.

6.1.2 How We Use Cookies. Our Company only uses cookies to manage security within the EVERYWHERE Hub. Therefore only Web Users will use cookies placed by us.

6.1.3 How to manage cookies. You can set your browser not to accept cookies, and the allaboutcookies.org website tells you how to remove cookies from your browser. However, if you are a Web User, some of our EVERYWHERE Hub features may not function as a result.

6.2 How We Store Your Data. Our Company securely stores your data on cloud-based servers operated by our Hosting Service Provider in an encrypted format. Our Company will keep your Message and Track Points data for the Data Retention Period specified for each Device Account. Once this time period has expired, we will delete your Message and Track Points data.

6.3 How We Use Your Data for Marketing.

6.3.1 Periodically, our Company would like to send you information about products and services of ours that we think you might like, as well as those of our partner companies.

6.3.2 If you have agreed to receive marketing, you may always opt out at a later date. You have the right at any time to stop our Company from contacting you for marketing purposes or giving your data to our partner companies. If you no longer wish to be contacted for marketing purposes, please contact us and let us know that you wish to opt-out for marketing purposes.

6.4 Application Analytics We collect data from End Users about their usage of the Services. The types of analytical information that are collected include the date and time the EVERYWHERE App accesses our servers, App version, the location of the Device, what information and files have been downloaded to the App, End User behavior (e.g., features used, frequency of use), Device state information, Device model, hardware and operating system information, and information relating to how the App functions. We use this data to improve the quality and functionality of these and other apps; to develop and market products and features that best serve you and other users; and to help identify and fix the App’s stability issues and other usability problems as quickly as possible. The legal ground for processing this analytical information is our legitimate interest in understanding how our customers interact with our products and apps so we can enhance the user experience and functionality of our products and apps. Here are examples of third-party providers we currently use:  Google Firebase: Google Firebase is used to better understand the usage of the EVERYWHERE App as well as provide real time reporting of App crashes to improve App quality.  DataDog: Datadog is used to provide real time performance metrics and error logging of the EVERYWHERE Hub to improve system performance.

6.5 Automated Decision-Making, Including Profiling. EVERYWHERE does not make any decisions based on algorithms or other automated processing that significantly affect you.

6.6 Change Of Purpose. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the Lawful Basis which allows us to do so or we will request your consent to do so. Please note that we may process your data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

7. DISCLOSURES OF YOUR DATA; ACCESS TO YOUR AND YOUR COMPANY’S DATA

7.1 We may share or provide access to your data or your Company’s data with the parties set out below for the purposes set out in the Table 4.1 (Data Elements Table): 
• EVERYWHERE Employees
• EVERYWHERE System Administrators
• EVERYWHERE Billing Staff
• EVERYWHERE Support Staff Authorized Third Parties
• EVERYWHERE’s third party Hosting Service Provider
• A Channel Partner who has sold your Company a license to use the Services
• An Emergency Monitoring Service Provider with whom your Company has agreed to purchase emergency monitoring services
• Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services We require all our employees and Authorized Third Parties to respect the security of your personal data and to treat it in accordance with this Privacy Policy and to Comply With All Legal Obligations. We only permit our employees and the employees of our Authorized Third Parties to access your data who have a need to access your data in order to Perform the Contract or otherwise have a Lawful Basis to access your data. We do not allow our employees or Authorized Third Parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7.2 Other Disclosures. We may disclose personal data about you to others: (a) if we have your valid consent to do so; (b) to comply with legal obligations, such as a valid subpoena, court or judicial order, or other valid legal process; (c) to enforce any of our terms and conditions or policies; (d) as necessary to pursue available legal remedies or defend legal claims; or (e) as we deem necessary or appropriate for purposes of attempting to get you help in the event you are involved in an emergency situation. We may also transfer your personal data to an affiliate, a subsidiary, or a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock, including, without limitation, in connection with any bankruptcy or similar proceeding, provided that any such entity that we transfer personal data will not be permitted to process your personal data other than as described in this Privacy Policy without providing you notice and, if required by applicable laws, obtaining your consent.

8. INTERNATIONAL TRANSFERS All data (except for Billing Information Data Elements) provided to EVERYWHERE by you and your Company is maintained on servers located in the United States and are operated and maintained by EVERYWHERE’s Hosting Service Provider. All Billing Information Data Elements provided to EVERYWHERE or a Channel Partner by you and your Company or created by EVERYWHERE is maintained either on (a) EVERYWHERE’s corporate and email servers located in the United States; or (b) the Channel Partner’s corporate and email servers (contact Channel Partner for location of their servers). Except as set forth in this section, we do not transfer your personal data outside the European Economic Area (EEA). When you use the Services in the EEA, data is transferred out of the EEA as follows: • When you use the Services on Devices, it is transmitted back to our servers in the United States. • If you are a Web User, when you use a browser to access the EVERYWHERE Hub, data is transmitted back our servers in the United States. • If your Company is contracting with a Channel Partner located outside of the EEA, then any Company data provided to the Channel Partner by the Company will be transferred to the Channel Partner outside of the EEA.

9. DATA SECURITY We have put in place appropriate security measures to prevent your data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you or your Company and any applicable regulator of a breach where we are legally required to do so. 10. YOUR LEGAL RIGHTS Under certain circumstances, you have rights under data protection laws in relation to your personal data.

10.1 Your Rights. You have the right to:

10.1.1 Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

10.1.2 Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

10.1.3 Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Subject to limited rights regarding deletion of Track Point data (see Section 4.2.4 (Company and Your Rights to Access and Delete Track Point), you also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

10.1.4 Object to processing of your personal data where we are relying on a Legitimate Interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.

10.1.5 Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: • If you want us to establish the data's accuracy. • Where our use of the data is unlawful but you do not want us to erase it. • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims. • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

10.1.6 Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to during the Performance of a Contract with you or your Company.

10.1.7 Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to continue to provide the Services to you. We will advise you or your Company if this is the case at the time you withdraw your consent. If you wish to exercise any of the rights set out above, please contact us.

10.2 No Fees Usually Required. You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

10.3 What We May Need From You.
We may need to request specific information from you or your Company to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you or your Company to ask you or the Company for further information in relation to your request to speed up our response.

10.4 Time Limit To Respond.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.  

Schedule A Definitions

“Aggregated Data” means de-identified data that could be derived from your personal and other data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.

“Authorized Third Parties” means the parties listed under the heading of Authorized Third Parties in Section 7 (Disclosures Of Your Data; Access To Your And Your Company’s Data).

“Channel Partner” means a third party distributor or reseller of the Services who has entered into a channel partner agreement with EVERYWHERE.

“Company” shall have the meaning ascribed to it in Section 1 (Introduction).

“Comply With A Legal Obligation” (or similar wording) means compliance with a legal obligation that we or another party is subject to.

“Contact Data” means the following data elements that are used to identify an individual that you may contact using the Services: First Name, Last Name, Organization, Phone number or Email address.

“Data Retention Period” means the period of time that Messages and Track Points are retained for a particular Device Account.

“Device” means either (a) a mobile device capable of receiving and transmitting satellite signals using the satellite service which is powered by the Iridium constellation of low-earth orbiting (LEO) satellites, the ground network and Iridium communication equipment; or (b) a smartphone capable of installing and operating an EVERYWHERE App.

“Device Account” means an account within the Services for each Device provided that if a particular Iridium satellite Device is paired with a smartphone Device that is running an EVERYWHERE App, there is a single Device Account for both of those paired Devices. For more information on Device Accounts, see Section 3.1 (Device Accounts).

“Device User Data” means the following data elements that are used to identify the End User of a particular Device: First Name, Last Name, Address, City, Address, City, State/Province, Zip/Postal Code, Country, Citizenship, Phone number, Email address, and Additional Information (comment field).

“Emergency Contact Data” means the following data elements that are used to identify an emergency contact when you generate an emergency signal on a Device while using the Services: Name, Country, Phone number, Email address.

“Emergency Monitoring Service Provider” means a third party who operates a SOS emergency monitoring service who receives emergency signals from the Services and coordinates rescue with a public safety answering point (PSAP), an emergency response center or a law enforcement agency.

 “End User” means an end user of the Services, whether or not they are part of your Company. “EVERYWHERE” means EVERYWHERE Communications, Inc., a Delaware, USA corporation with corporate offices located at 30 West Street Annapolis, Maryland 21401.

“Geofence Data” means the following data elements that are used to define a virtual geographic boundary that enables the Services to trigger a response when a Device enters or leaves a particular area.

“Hosting Service Provider” means a third party provider that hosts the EVERYWHERE Hub on servers owned or operated by the provider.

“Lawful Basis” or “Legitimate Interest” means the interest of our business in conducting and managing our business to enable us to give you and your Company the best products and services and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our Legitimate Interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our Legitimate Interests against any potential impact on you in respect of specific activities by contacting us.

“Login Credentials” means the username and password that you use to gain access to the Services.

“Marketing Data” means data used for marketing purposes.

“Message” means the content a message that the Services allows you to send and receive from a Device. A Message may contain pre-defined messages as well as user created messages. Message may also contain voice recordings, videos, pictures or other images created by you or another End User of the Services with whom you are communicating with.

“Other User Access” means a list of Web User Accounts that are permissioned for a Device Account to either have read-only access to the Device Account or have read-write access to the Device Account.

“Performance of a Contract” or “Perform the Contract” means processing your data where it is necessary for the performance of a contract to which you or your Company is a party or to take steps at your request before entering into such a contract.

“Quick Messages” means pre-defined message text defined by an End User that may be selected and sent as a Message on a Device.

“Services” means one or more of the following EVERYWHERE products and services to the extent they are being sold or licensed to you or your Company under a commercial agreement between your Company and EVERYWHERE or one of EVERYWHERE’s Channel Partners that resells the Services: (a) the EVERYWHERE Smartphone App; (b) the EVERYWHERE Hub; or (c) the Iridium® satellite service. “Team” means a logical organization within the Services. A Team could be an individual company, a division of a company, an government agency, etc.

“Track Points” means certain information about the physical location and direction of a Device such as the Device’s current latitude, longitude, heading, speed, and altitude. For more information on Track Points, see Section 4.2 (Track Point Data).

“Usage Data” means the number of Messages you send and receive, the number of Track Points, and the total amount of data you send and receive each month over the Iridium satellite network.

“Web User” means an End User that is authorized by the Company to add, modify and delete account information related to the operation of the Services, including Device Accounts. For more information on Web Users, see Section 3.2 (Web User Accounts).

“Web User Data” means the following data elements that are used to identify the Web User: Email address. In addition, Web User Data also contains various permissioning: Device Accounts the Web User is authorized to either have read-only access to or read-write-access to, and Teams the Web User is authorized to administer.

Schedule B Revision History

Previous published versions of the EVERYWHERE Privacy Policy

 • Revised: November 11, 2018