Privacy Policy

This Personal Data Protection Policy (“Privacy Policy”) is therefore intended to inform you about the technical and organizational commitments and measures we have put in place to ensure protection of your personal data.

It describes how we collect, use and disclose personal information and how this personal information can be accessed and amended when necessary.

By visiting the TRACKFORCE’s website (“Website”), downloading and using the associated mobile Applications (“App”) or using associated Services (collectively “Services”), by contacting us or agreeing to receive emails from TRACKFORCE, you accept the terms and conditions of this Privacy Policy.

This Privacy Policy does not extend to websites or Services operated by any third parties. Therefore, TRACKFORCE is not liable for their privacy policies, actions and procedures regarding the protection of personal information.

It supplements TRACKFORCE’s Terms and Conditions of Sale (hereinafter the “T&C”) as well as its contractual clauses relating to subcontracting.

Clause no. 1: Access to the App and the Services

In order to grant you access to the App and the Services, TRACKFORCE has entered a contract with your Company.

In this Privacy Policy, Company shall refer as the organization who has contracted into an employer agreement (hereinafter the “Contract”) whether you are a legal employee by definition of law, a contractor or a consultant of such organization.

In accordance with this Contract, TRACKFORCE will assess, collect and process your Personal Information on behalf of your Company and in accordance with its lawful directives. All information you provide to us and/or accessible via the App (whether or not it constitutes Personal Information or Data) will also be governed by the contract.

Clause no. 2: Type of Data, collection and processing

TRACKFORCE accesses, collects, uses, and shares the following types of data:

(a) information provided by you:

Personal Information includes (but is not limited to) the following categories of information: (1) login and password, (2) activity and incident report information (including action, location, pictures, movies, etc. In the case you voluntary choose to withhold Personal Information, you may not access all or parts of the Services as such Personal Information may be necessary to such access.

(b) information provided by your Company:

Your Company may give us information about you such as, without limitation, you first and last name, professional email address, office location, phone number, job title, employee ID, schedule information, etc. Such information could be used to allow you to access the App and or Services (by creating a user profile for instance, generate notifications (SMS or email), …).

(c) information collected via the App such as Personal information, unique device identifier (IMEI or similar data), GPS location:

The TRACKFORCE App will request certain permissions that will allow to access your device information. By default, you must grant these permissions before the respective information can be accessed. Once the permission has been given, you can revoke it at any time, and it is your responsibility to adjust them in accordance with your preferences. If you wish to revoke these permissions, please know that it may impact the correct functioning of the App. You may refer to the device settings for controlling App permissions depending on your device and software.

Your information may be collected by the App if you grant any of the permissions as described below:

• Phone: Allows to capture the unique reference of the device (IMEI) used for licensing purpose, only applicable on Android 9 or less. This permission also allows the App to open your phone App to make outbound calls using phone number stored within the App. Used only for one use case: contact the emergency number in case of lone worker protection “LWP”. There are no components in the App which permit us to listen in on, record or tracks calls being made. All call actions being made will appear on screen when your phone App is opened after selecting the lone worker alert option to make a call. Once you have signed out of the App, there are no functions used to prompt a call from your device.
• Location: This permission is used to grant the App access your device’s location. Locations are transmitted to the TRACKFORCE server once you sign in and as long as the App is running (either in foreground or background). This is the way for us to provide to your Company with your location while you are working to ensure your safety.
  When you sign out of the App, TRACKFORCE will stop to access your location.
• Camera: This permission is needed to allow the App to use your camera when taking pictures or video from within the App. The App will simply open your camera App so that you can take the picture to add to a report or record a video. The screen will change on your device so that you are aware of the recording.
• Microphone: As for the camera permission above, the microphone permission is requested so that the App can record audio during a video recording and for the Push To Talk “PTT” feature. Your microphone stop being accessed or used once you have signed out of the App

(d) other data collected:

When you use our App, our systems automatically collect your IP address and other device information (such as the device brand, android and App version, etc.) in order to resolve any issue that may arise.

TRACKFORCE does not access, collect, use, and shares any data considered sensitive data such as race or ethnic origin, religion, political affiliations, sexual orientation, criminal history, any information about biometrics, genetics, or medical history.

In addition, optional data fields can be created & personalized by each client. It is your Company’s responsibility to stipulate whether the collected data is personal/ sensitive or not as TRACKFORCE has no control over it.

Clause no. 3: Purposes of data processing

The data we collect has a specific purpose and is not used for other purposes. Our purposes are determined, legitimate, explicit and compatible with our missions, in this case management of activities related to workforce management in the security industry or any other linked activity field.

The defined purpose determines the relevance of the data to be collected: only data that is adequate and strictly necessary to achieve the purpose is collected and processed by TRACKFORCE.

We use the information that we collect in order to provide the Services and operate our business, including:

• to execute our obligations arising from the Company agreement
• to run and provide the Services and Support
• to avoid, notice or fix fraud or misuse of your products, Services and App
• or to comply with legal and regulatory requirements where Applicable

Clause no. 4: Information of persons concerned

In accordance with the GDPR, TRACKFORCE informs and encourages its clients to inform the person from whom personal data is collected:

• The identity and contact details of the data controller and, where Appropriate, his representative;
• Where Applicable, contact details of the Data Protection Officer;
• The purposes of the processing for which the personal data is intended as well as the legal basis of the processing;
• Where Applicable, legitimate interests pursued by the data controller or by a third party;
• Recipients or categories of recipients of personal data, if they exist;
• Where Appropriate, because the data controller intends to transfer personal data to a third country or to an international organization;
• The retention period of the personal data or, where this is not possible, the criteria used to determine this period;
• The existence of the right to request the data controller to provide access to personal data, to correct or delete such data, or to limit the processing relating to the person in question, or the right to object to processing and the right to data portability;
• Where Applicable, the existence of the right to withdraw consent at any time, without prejudice to the lawfulness of processing based on the consent provided prior to its withdrawal;
• The right to lodge a complaint with a supervisory authority;
• Information on whether the requirement of the provision of personal data is of a regulatory or contractual nature or whether it is a condition for the conclusion of a contract and whether the person in question is required to provide personal data, as well as on the possible consequences of the non-provision of this data;
• The existence of automated decision making, including profiling.

 

In the absence of individualized contact with the person concerned by the collection and processing, TRACKFORCE encourages its clients to inform said person by posting on the site covered by private security protection.

Clause no. 5: Recipients of the data

TRACKFORCE does not share client data with third parties; TRACKFORCE does not trade it.

Your personal data is therefore intended only for specific recipients, entitled to receive it, in this case and according to the case:

• TRACKFORCE and its subcontractors,
• TRACKFORCE and parents, corporate, affiliates, subsidiaries, business units and other companies that share common ownership
• Your Company and their subcontractors in accordance with the Company contract, as well as any other person, organization, or entity that your Company will want to communicate or share the data with, and only for the purpose of private security Services or facilities management.
• with law enforcement and governmental entities when required by law;
• and to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of your Personal Information commits to a privacy policy that has terms substantially consistent with this Privacy Policy.

Clause no. 6: Data retention and storage

TRACKFORCE only retains its clients’ personal data for the time required for the operations for which it was collected and in compliance with the regulations in force.

Each client can set the retention period according to the nature of the personal data concerned.

This data is automatically deleted after a maximum of 5 years from the day they have been collected.

Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers

Clause no. 7: Data security

TRACKFORCE determines and implements the means necessary for the protection of personal data to avoid risks resulting in particular from the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, retained or otherwise processed, or from unauthorized access to such data, accidentally or unlawfully.

These means consist of Appropriate technical and organizational measures to ensure a level of security adapted to the risk, and include inter alia, as required:

• Anonymization and encryption of personal data;
• Means to ensure the constant confidentiality, integrity, availability and resilience of data processing systems and Services;
• Means to restore the availability of personal data and access to it in good time in the event of a physical or technical incident;
• A procedure to test, analyze and assess regularly the effectiveness of the technical and organizational measures to ensure data processing security.

Details about Data Security are documented in our “TRACKFORCE Business Security”. Please feel free to reach to your TRACKFORCE Account Manager to get it.

Clause no. 8: Restricted access to data

TRACKFORCE defines and implements the rules of access and confidentiality Applicable to personal data processed.

The level of detail accessible is defined by the client, according to the authorization/profile of each user (Like: Agent, Team Leader, Client, Supervisor, …)

Only duly authorized persons can therefore access certain data details, within the framework of a security policy in particular restricting access to only that data necessary for the activity.

Access rights, granted in accordance with the user’s function, are updated in case of an upgrade or change of function.

Clause no. 9: Data transfer

In principle, TRACKFORCE does not transfer client data from one country or subsidiary to another worldwide.

If such a transfer were to be necessary, in this case to a country outside the European Union, that transfer would be part of the purpose of the processing for which the data is intended.

In this case, data recipients would only have communication of the categories of data necessary for the achievement of that purpose.

More generally and when Applicable, TRACKFORCE would transfer the data only in accordance with the provisions of articles 44 to 50 of the GDPR.

Clause no. 10: Rights of individuals concerned by the collection and processing of personal data

In accordance with Applicable laws and pursuant to additional rights under the GDPR and non-contrary provisions of the Data Protection Act, any natural person whose personal data is subject to processing is entitled to oppose the collection and processing of their personal data, the right of access to said data, rectification or erasure thereof (the right to be forgotten), the right not to be the subject of a decision based exclusively on automated data processing, including profiling, the right to limitation of processing of data concerning them, the right to have information about the persons to whom the data controller has transmitted personal data concerning them, as well as the right to portability of said data as these rights are described in Articles 15 to 22 of the GDPR. They may exercise these rights by sending their request to dpo@TRACKFORCE.com accompanied by proof of their identity and their signature.

Clause no. 11: Data Protection Officer

IN connection with entry into force of the GDPR on 25 May 2018, TRACKFORCE has Appointed a Data Protection Officer (DPD or DPO) directly reporting to the Chairman of TRACKFORCE.

The DPO constantly ensures compliance of all processing of personal data taking place in the TRACKFORCE Group.

Clause no. 12: Maintenance of non-contrary provisions of TRACKFORCE’s Terms & Conditions of Sale

This Data Protection Policy complements the TRACKFORCE Terms and Conditions of Sale, the non-contrary provisions of which remain Applicable.