Who We Are
Alpha Recon is a service provider for businesses, organizations, and individuals (our “Clients”). Our Services help our Clients to communicate with, support, and provide various risk-management services to their end users (“Users”). This Policy reflects only how we process Personal Data through our Services. This Policy does not apply to Clients’ own uses of your data.
This Policy also does not apply to information processed by other third parties, for example, when you visit a third-party website or interact with third-party services, unless and until we receive your information from those parties. Please review any third parties’ privacy policies before disclosing information to them. See our list of third parties for more information regarding our sources and recipients of Personal Data.
Collection and Use of Personal Data
Personal Data We Collect
We may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We collect and process the following categories of Personal Data (note, specific Personal Data elements listed in each category are only examples and may change):
Identity Data: Personal Data about you and your identity, such as your name, ID number, photo/avatar, username, and other Personal Data you may provide on registration or purchase forms or as part of an account profile (e.g. biographical information).
Contact Data: Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or social media or communications platform usernames/handles, as well as a name or other salutation.
Device Data: Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.
Location Data: Personal Data relating to your location, such as information collected from your device’s GPS, WiFi, or other precise localization service.
Special Category Data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, health information, or information relating to sex life or sexual orientation.
Child Data: Any Personal Data provided by an individual under the age of majority in the child’s jurisdiction e.g. the child’s name and email address, and if provided, physical address and phone number, as well as the child’s birthdate, gender, or age.
User Content: Information that a user provides in a message, free text field, or other unstructured format, including any Personal Data or Special Category Data to the extent provided by the user.
Processing of Personal Data
User Account Registration
Data: Users and Clients may register and create an account on our Services. When you register, we process certain Personal Data, which typically includes Identity Data, Device Data, and Contact Data.We may also process certain Location Data, orIdentity Data andContact Data for a third party emergency contact, if provided by a User during registration.
Uses: We use Identity Data, Location Data, and Contact Data as necessary to create, maintain, and provide you with important information about your account. Location Data and Third Party contact data is used with your consent and in the event a User submits an emergency alert through our Mobile App (an “Alert”), for example, to report the incident to the Client and any emergency contact. Consistent with our legitimate business interests, we may process Identity Data and Contact Data in connection with marketing communications.
Client Dashboard & Reporting
Data: On behalf of the Client, we process Personal Data from Users in the Client’s organization that has been provided by those users during registration, and through that User’s Mobile App. This data typically includes IdentityData, ContactData, DeviceDataand, when provided by Users, UserContent and LocationData.
Uses: We process Personal Data to create reports of risks facing Clients and their Users, analyze location and risk trends, and with the appropriate User Consent or Client authorization, track the location data of certain Users as determined by the relevant choices of the Client and User, and make this available through the dashboard to authorized users of the Client.
Data: If you use our Mobile App, we process certain Personal Data on behalf of the Client, which typically includes Identity Data, Contact Data, DeviceData, and LocationData. When you allow the collection of Location Data, the Location Data may be collected passively (e.g. if continuous or time-limited location monitoring is enabled) or actively, e.g. when you submit an Alert. Similarly, when you submit an Alert, Users may be able to provide certain User Content
Uses: We generally process the Personal Data provided through the Mobile App as necessary to deliver the Service, including to create and deliver risk reports, alerts, and other information, and to log and display to Clients its User or device locations (to the extent allowed by the Client and User). Note, we use Location Data only with User consent, or where permitted by law, in accordance with Client instructions. For example, when a user in the event a User submits an emergency Alert or enables location monitoring within a specific time period, we will collection Location Data and we may provide that information to the Client.
Note: Users may able to modify their choices relating to the collection and Client use of and access to Location Data as described in choices section regarding Location Data, below.
Data: We collect and use Children’s Data when a Client intends that there will be Users under the age of majority in the Client’s jurisdiction. For example, we may work with a Client that with User that participate in a school or youth program. With parental consent, we may collect a Child’s Identity Data, Device Data, and Contact Data, and if provided by the User and allowed by the Client, Location Data and User Content.
Uses: We generally process Children’s Data in accordance with the consent of the parent or legal guardian. In addition, we may process this data as necessary in connection with certain legitimate business interests, such as verifying a child’s identity or in connection with other limited purposes allowed by law. Children’s Data is not shared for marketing or commercial purposes unless allowed under applicable law.
Note: See the Additional Information Regarding Minors section below for more details regarding the handling of Children’s Data, and the Location Data section for choices relating to the collection and Client use of and access to Location Data.
Data: We may process Identity Data, Device Data, and Contact Data in connection with email marketing communications if you register for a Client account or choose to enroll to receive marketing communications from our Site or when you open or interact with our marketing communications. End Users of our Mobile App will not receive marketing communications unless they sign up for them separately through our Site.
Uses: We use Identity Data and Contact Data as necessary to provide marketing communications, when you consent to receive those messages, or consistent with our legitimate business interests, we may send you marketing and promotional communications if you sign up for those communications register for our Service. See Your Rights and Choices for information about how you can limit or opt out of this processing.
Cookies and Similar Tracking Technologies
Data: We, and certain third parties, may process Identity Data, Contact Data, Location Data, and Device Data when you interact with cookies and similar technologies on our Sites. We may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may apply to these technologies and information collected.
Uses: Subject to Your Rights and Choices, we use this information as follows:
- for “essential” or “functional” purposes, such as to enable various features of the Sites such as updating risk alerts, or staying logged in during your session;
- for “analytics” purposes, consistent with our legitimate interests in how the Sites are used or performs, how Users engage with and navigate through the Sites, what sites Users visit before visiting our Sites, how often they visit our Sites, and other similar information; and
- for “retargeting” or similar advertising purposes, so that you can see advertisements from us on other websites. These technologies and the data they collect, which may also include Preferences Data, may be used by advertisers to deliver ads that are more relevant to you based on content you have viewed, including content on our Sites. These tracking technologies may also help prevent you from seeing the same advertisements too many times, and help us understand whether you have interacted with or viewed ads we’ve delivered to you. This collection and ad targeting takes place both on our Sites and on third-party websites that participate in the ad network, e.g. any advertisements delivered by that ad network on a third party website.
Note: Some of these technologies can be used by us and/or our third-party partners to identify you across platforms, devices, sites, and services.
We will collect and aggregate, or anonymize Personal Data collected from Users in order to identify security, travel, and other Client-defined risks, events and trends (“Risk Data”). We share Risk Data in the form or risk assessments, alerts and reports with relevant Clients and Users, including based on Users’ Location Data. Please note, Risk Data is aggregated or de-identified so that it does not contain Personal Data. However, as part of our reporting of specific events and risks, we may correlate Risk Data with public or third party reports that include Personal Data, and in such cases, Risk Data be indirectly re-identified.
Internal Processes and Service Improvement
Subject to Your Rights and Choices, we may use any Personal Data we process through our Services as necessary in connection with our legitimate interests in improving the design of our Platform, to create a personalized user experience (such as greeting you by name, or associating Clients and Users), and for ensuring the security and stability of the Platform. For example, we may use Personal Data to understand what parts of our Service are most relevant to users, how users interact with various aspects of our service, how our Service perform or fail to perform, etc., or we may analyze use of the Service to determine if there are specific activities that indicate an information security risk to the platform or our Clients and Users.
If we process Personal Data in connection with our Services in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to Your Rights and Choices) unless otherwise stated when you provide it.
Note that we may, without your consent, also process your Personal Data on certain public interest grounds. For example, we may process information as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest. Please see the Data Sharing section for more information about how we disclose Personal Data in extraordinary circumstances.
Additional Information Regarding Minors
Our Services are generally not directed at nor intended for use by minors, and in accordance with COPPA, we do not knowingly collect information from children under the age of 16 (or lower age of minority in the relevant jurisdiction) without verifiable parental consent. However, our Services which are “directed” at children when we work with Clients that advise us that its Users may be minors. In these cases, we will comply with applicable laws relating to the protection of information collected from minors, or from schools.
Parents may provide their consent to data collection via email, by using a credit card in connection with a purchase, or other verifiable mechanism which may be allowed by COPPA or applicable law. Where required, we may contact parents and guardians using the information provided in the applicable sign up form to obtain this consent. We will attempt to contact you twice, and if we have not received a response with your consent pursuant to COPPA, all information provided will be deleted.
Unless we obtain parental consent, we do not share children’s Personal Data with third parties (other than those providing support services for internal operations related to our Services) or use this information except to provide services directly related to the program for which a child’s information has been provided in connection with COPPA.
You may choose to review, delete or prohibit our further use of your child’s Personal Data at any time. Further, you may revoke any consent you have previously provided. To do so, simply submit a request to us using the contact information below.
Except when collection is expressly allowed under COPPA or if the information has been provided by a parent (e.g. a parent registering their child for our Services), we will promptly delete any Personal Data we possess about children under the age of 13 if we learn we have it. If you believe we have inadvertently collected information outside these contexts, please contact us.
Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:
Clients: We process data on behalf of Clients, and may share your Personal Data with Clients to the extent such information was provided to us for processing on the Client’s behalf. For example, if a User associated with a Client uses our Services, we may share Alerts, or Personal Data collected via the Mobile App and registration with the Client via the Platform. This information is generally shared on the basis of our contract with the Client, in accordance with our legitimate business interests in communicating with Clients and Users, and on the basis of public safety and vital interests of an individual
Parents: When we collect Children’s Data, we may share any Personal Data with the parent or legal guardian of the child, unless prohibited by law. For example, we may share Location Data or Alerts with Parents when a child sends an alert, or in connection with a Client’s service arrangement. This information is typically shared with the consent of the parent, in connection with our legitimate interests in communicating with Parents about their child’s account, or on the basis of public safety and vital interests of an individual.
Service Providers: In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests, we may share your Personal Data with service providers or subprocessors who provide certain services or process data on our behalf.
Affiliates: In order to streamline certain business operations and develop products and services that better meet the interests and needs of our customers, to inform our customers about relevant products and services, and other legitimate business interests, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.
Marketers: In order to deliver certain advertisements, develop better products and services, and other legitimate business interests, we may share certain Personal Data (as described in the Cookies and Similar Technology section above) with trusted third parties for marketing, advertising, or similar commercial purposes.
Corporate Events: Your Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
Your Rights & Choices
Subject to the rights granted to other individuals, and our rights to limit or deny access/disclosure under applicable law, you have the following rights in your Personal Data. We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity. Note: While we may notify Clients of your request, we are unable to directly fulfill rights requests regarding Personal Data we control or for which we have the necessary rights of access, and we may not have access to or control over all or some Personal Data controlled by Clients. Please contact the Client directly for data rights requests regarding Client-controlled information, and we will assist the Client as appropriate in the fulfillment of your request. You may exercise your rights by contacting us at the address below.
Access: You may receive a list of your Personal Data that we process to the extent required and permitted by law.
Rectification: You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided directly via the Service via your account settings menu.
Erasure: To the extent required by applicable law, you may request that we delete your Personal Data from our systems.
Data Export: To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.
Regulator Contact: You have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.
California Rights: Residents of California (and others to the extent required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.
You have the following choices regarding the Personal Data we process:
Consent: If you consent to processing, you may withdraw your consent at any time, to the extent required by law.
Direct Marketing: You have the choice to opt-out of or withdraw your consent to direct marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.
Location Data: You may control or limit Location Data that we collect using our Mobile App by changing your preferences in your device’s location services preferences menu, or through your choices regarding the use of Bluetooth, WiFi, and other network interfaces you may use. Note that in some cases, limiting Location Data may affect your use of the Mobile App. Except where a Client elects to limit its Users’ location services, Users may have the choice to (i) limit location services entirely; (ii) disable locations services outside specific locations or times of day; or (iii) to allow use of location services only when sending an Alert.
Other Processing: You may have the right under applicable law to object to our processing of your Personal Data for certain purposes, such as where we process in accordance with our legitimate interests. You may do so by contacting us re: data rights requests. Note that we may not be required to cease processing based solely on an objection.
We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the EU-U.S. Privacy Shield Framework, the Standard Contractual Clauses, or other adequacy mechanisms, or pursuant to exemptions provided under EU law. Contact us for more information regarding the mechanisms to ensure adequate protection of data subject to EU Law.
EU-U.S. Privacy Shield
We comply with the EU-U.S. and U.S.-Swiss Privacy Shield Frameworks set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. Furthermore, we require third party recipients of EU/Swiss residents’ Personal Data to agree to respect these principles, and we accept liability for third parties’ processing of EU/Swiss residents’ data to the extent required by law.
We implement and maintain reasonable security measures to safeguard the Personal Data you provide us. However, we sometimes share Personal Data with third parties as noted above, and we do not have control over third parties’ security processes. Please note, we do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure.
We retain information for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. We will review retention periods periodically, and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate.
Feel free to contact us with questions or concerns using the appropriate address below.
General Inquires: email@example.com |(855)-363-6362
Data Rights Requests: firstname.lastname@example.org
Physical Address: Alpha Recon, LLC | Colorado Springs, CO, USA 80949