Last Updated: November 7, 2018
2. PURPOSE AND WHO WE ARE
The Services are not intended for children and we do not knowingly collect data relating to children.
2.2 Controller. EVERYWHERE is the controller and responsible for your personal data.
EVERYWHERE Data Privacy Manager contact information:
Full name of legal entity: EVERYWHERE Communications, Inc.
Email address: Privacy@everywherecomms.com
Postal address:30 West Street Annapolis, Maryland 21401 USA
Telephone number: 207-370-0499
If you are using the Services in the United Kingdom, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the United Kingdom’s supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please let your System Administrator know if your personal data changes during your relationship with us as your System Administrator has the ability to update some of your personal data stored within the Services.
2.5 Third-Party Links. The Services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third-parties to collect or share data about you. We do not control these third-party websites, plug-ins or applications and are not responsible for their privacy statements. When you visit one of these third-party sites or use their plug-ins or applications, we encourage you to read their privacy policies.
3. DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
3.1.1 “Identity Data” includes your first name, last name, email address, and username and each Company System Administrators’ first name, last name, email address, and username.
3.1.2 “Contact Data” includes your email address as well as your emergency contact names, email addresses, phone numbers, and general comments about you that would be useful during an emergency that are entered into the Services by a System Administrator. Contact Data also includes your Company’s website address, email addresses, telephone numbers, billing address, delivery address, as well as the Company’s System Administrators’ email addresses and telephone numbers .
3.1.3 “Financial Data” includes (a) financial background check information on the Company that may be acquired by EVERYWHERE as part of extending credit, if any, to your Company; and (b) billing and invoicing data related to the Services.
188.8.131.52 Messages. The Services allows you to send and receive chat messages (each a “Message”) containing pre-defined messages as well as user created messages. Message may also contain videos, pictures or other images created by you or another End User of the Services with whom you are communicating with.
184.108.40.206 Track Points. Each time a Message is sent by you, the Message contains certain information about your physical location and direction such as your current latitude, longitude, heading, speed, and altitude (collectively “Track Points”).
3.1.5 “Technical Data” includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Services.
3.1.6 “Profile Data” includes your username, password, and preferences as well as your Company’s System Administrators’ username, password, and preferences.
3.1.7 “Usage Data” includes the number of Messages you send and receive, the number of Track Points, and the total amount of data you send and receive each month over the Iridium satellite network.
3.1.8 “Marketing Data” means data used for marketing purposes. We do not collect any marketing data as part of the Services.
3.3 Special Categories of Personal Data. We do not collect any special categories of personal data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health (unless provided to us as part of your emergency contact information), and genetic and biometric data. Nor do we collect any information about criminal convictions and offenses.
3.4 If You Fail To Provide Personal Data. Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to ensure our Performance of a Contract we have or are trying to enter into with you or your Company (for example, to provide you with access to the Services). In this case, we may have to cancel the Services you have with us but we will notify you or your Company if this is the case at the time.
4. HOW YOUR PERSONAL DATA IS COLLECTED
We use different methods to collect data from and about you and your Company including through:
4.1 Direct Interactions. You or your Company may give us your Identity Data, Contact Data and/or Financial Data by filling in forms or by corresponding with us by mail, phone, email or otherwise. This includes personal data you or your Company may provide when you or your Company:
· apply to use our Services;
· create an account within our Services;
· subscribe to our Services; or
· give us feedback or contact us.
4.2 From Your Company’s System Administrator. Your Company’s System Administrators may give us your Identity Data and Contact Data by filling in forms when using the Services to configure or update information about the Services.
4.3 Automated Technologies or Interactions. As you interact with our Services, we will automatically collect Transaction Data, Usage Data, and Technical Data about your equipment and usage of the Services. We collect this data by using cookies, server logs and other similar technologies.
4.4 Third Parties or Publicly Available Sources. We do not collect personal data about you from third parties or publicly available sources.
5. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
· Where we need to Perform the Contract we are about to enter into or have entered into with you or your Company.
· Where it is necessary for our Legitimate Interests and we (or a third party) has a Lawful Basis and your interests and fundamental rights do not override those interests.
· Where we need to Comply With A Legal Obligation.
5.1 Purposes For Which We Will Use Your Data. We have set out below, in a table format, a description of all the ways we plan to use your data, and which of the Lawful Basis we rely on to do so. We have also identified what our Legitimate Interests are where appropriate.
Note that we may process your data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your data where more than one ground has been set out in the table below.
Table 5.1: Permitted Uses of Data
Related Data Types
Lawful Basis for processing including basis of legitimate interest
To register you as a new End User
(a) Identity Data
(b) Contact Data
Performance of a Contract with your Company and your agreement to the terms of the End User License Agreement.
(a) Identity Data
(b) Contact Data
(c) Profile Data
(a) Performance of a Contract with your Company and your agreement to the terms of the End User License Agreement.
(b) Necessary to Comply With A Legal Obligation
(c) Necessary for our Legitimate Interests (to keep our records updated and to study how customers use our Services)
To administer and protect our business and the Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Identity Data
(b) Contact Data
(c) Technical Data
(a) Necessary for our Legitimate Interests (for running our business, provision of administration and IT services, network security, to prevent fraud)
(b) Necessary to Comply With A Legal Obligation
To use data analytics to improve our Services, marketing, customer relationships and experiences
Necessary for our Legitimate Interests (to define types of customers for our Services, to keep our Service updated and relevant, to develop our business and to inform our marketing strategy)
5.3 Change Of Purpose. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the Lawful Basis which allows us to do so or we will request your consent to do so.
Please note that we may process your data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may share or provide access to your data or your Company’s data with the parties set out below for the purposes set out in the Table 5.1 (Permitted Uses of Data):
· EVERYWHERE System Administrators
· EVERYWHERE Billing Staff
Authorized Third Parties
· EVERYWHERE’s third party Hosting Service Provider
· A Channel Partner who has sold your Company a license to use the Services
· An Emergency Monitoring Service Provider with whom your Company has agreed to purchase emergency monitoring services
· Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services
7. INTERNATIONAL TRANSFERS
All data (except for Financial Data) provided to EVERYWHERE by you and your Company is maintained on servers located in the United States and are operated and maintained by EVERYWHERE”s Hosting Service Provider. All Financial Data provided to EVERYWHERE by you and your Company or created by EVERYWHERE is maintained on EVERYWHERE’s corporate and email servers located in the United States.
Except as set forth in this section, we do not transfer your personal data outside the European Economic Area (EEA). When you use the Services in the EEA, data is transferred out of the EEA as follows:
· When you use the Services on devices, it is transmitted back to our servers in the United States.
· If you are a Company System Administrator, when you use a browser to access the Services’ portal, data is transmitted back our servers in the United States.
· If your Company is contracting with a Channel Partner located outside of the EEA, then any Company data provided to the Channel Partner by the Company will be transferred to the Channel Partner outside of the EEA.
8. DATA SECURITY
We have put in place appropriate security measures to prevent your data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you or your Company and any applicable regulator of a breach where we are legally required to do so.
9. DATA RETENTION
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you or your Company.
We retain Transaction Data for at least two (2) years from when it is created.
By law we have to keep certain information about our customers for six (6) years after they cease being customers for legal purposes.
In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) to create Aggregated Data for research or statistical purposes, in which case we may use this Aggregated Data indefinitely without further notice to you.
10. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
10.1 Your Rights. You have the right to:
10.1.1 Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
10.1.2 Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
10.1.3 Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
10.1.4 Object to processing of your personal data where we are relying on a Legitimate Interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.
10.1.5 Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
· If you want us to establish the data's accuracy.
· Where our use of the data is unlawful but you do not want us to erase it.
· Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
· You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
10.1.6 Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to during the Performance of a Contract with you or your Company.
10.1.7 Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to continue to provide the Services to you. We will advise you or your Company if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us.
10.2 No Fees Usually Required. You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
10.3 What We May Need From You. We may need to request specific information from you or your Company to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you or your Company to ask you or the Company for further information in relation to your request to speed up our response.
10.4 Time Limit To Respond. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
“Aggregated Data” shall have the meaning ascribed to it in Section 3.2 (Aggregated Data).
“Authorized Third Parties” means the parties listed under the heading of Authorized Third Parties in Section 6 (Disclosures Of Your Data; Access To Your And Your Company’s Data).
“Channel Partner” means a third party distributor or reseller of the Services who has entered into a channel partner agreement with EVERYWHERE.
“Company” shall have the meaning ascribed to it in Section 1 (Introduction).
“Comply With A Legal Obligation” means our compliance with a legal obligation that we are subject to.
“Contact Data” shall have the meaning ascribed to it in Section 3.1 (Types of Data).
“Emergency Monitoring Service Provider” means a third party who operates a SOS emergency monitoring service who receives emergency signals from the Services and routes the emergency signal to a public safety answering point (PSAP), an emergency response center or a law enforcement agency.
“End User” means an end user of the Services, whether or not they are part of your Company.
“End User License Agreement” means a legally binding agreement between you and the Company (or in some special circumstances between you and the Channel Partner) that governs your use of the Services. Consistent with the terms of the End User License Agreement, your use of the Services constitutes your acceptance to the terms of the End User License Agreement.
“EVERYWHERE” means EVERYWHERE Communications, Inc., a Delaware, USA corporation with corporate offices located at 30 West Street Annapolis, Maryland 21401.
“Financial Data” shall have the meaning ascribed to it in Section 3.1 (Types of Data).
“Hosting Service Provider” means a third party provider that hosts the Services offered by EVERYWHERE on servers owned or operated by the provider.
“Identity Data” shall have the meaning ascribed to it in Section 3.1 (Types of Data).
“Lawful Basis” or “Legitimate Interest” means the interest of our business in conducting and managing our business to enable us to give you and your Company the best products and services and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our Legitimate Interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our Legitimate Interests against any potential impact on you in respect of specific activities by contacting us.
“Marketing Data” shall have the meaning ascribed to it in Section 3.1 (Types of Data).
“Message” shall have the meaning ascribed to it in Section 3.1.4 (Transaction Data).
“Performance of a Contract” or “Perform the Contract” means processing your data where it is necessary for the performance of a contract to which you or your Company is a party or to take steps at your request before entering into such a contract.
“Profile Data” shall have the meaning ascribed to it in Section 3.1 (Types of Data).
“Services” means one or more of the following EVERYWHERE products and services to the extent they are being sold or licensed to you or your Company under a commercial agreement between your Company and EVERYWHERE or one of EVERYWHERE’s Channel Partners that resells the Services: (a) an EVERYWHERE Communicator (EC-100); (b) the EVERYWHERE Smartphone App; (c) the EVERYWHERE Hub; or (d) the Iridium® satellite service.
“System Administrator” means a special type of End User who has permissions to access restricted data and perform certain functions within the Services that are not enabled for normal End Users. EVERYWHERE, its Channel Partners, and your Company all have System Administrators, however the rights and privileges of all these System Administrators are not the same.
“Technical Data” shall have the meaning ascribed to it in Section 3.1 (Types of Data).
“Track Points” shall have the meaning ascribed to it in Section 3.1.4 (Transaction Data).
“Transaction Data” shall have the meaning ascribed to it in Section 3.1 (Types of Data).
“Usage Data” shall have the meaning ascribed to it in Section 3.1 (Types of Data).