Privacy Policy
PRIVACY POLICY
Effective date: 26 August 2025
This Privacy Policy explains how Response 24 Ltd (“Response24”, “we”, “us”, “our”) collects and uses your information when you use the Response24 Connect mobile app and our website at response24.com (together, the “Services”). We are the controller of your personal data for the purposes set out below.
If you have questions or would like to exercise your privacy rights, contact our Data Protection Officer at dpo@response24.com or by post at Response 24 Ltd, 9 Greyfriars Road, Reading, RG1 1NU, UK.
What data we collect and why
We collect only what we need to provide the Services, keep users safe, and meet our legal obligations. We do not sell personal data.
Account and profile
Data: name, email, phone number, organisation, role, country, authentication data.
Why: create and manage your account, provide support, verify identity, enterprise account administration.
Location (user-initiated and while the app is open)
Data: precise or approximate location.
Why: check-ins you initiate, incident reporting and assistance, and to deliver country/area risk alerts while the app is open.
Important: we do not collect location in the background when the app is closed or not in use unless the Immediate Assistance feature has been activated by you.
Incident reports and assistance
Data: incident details you provide (text, categories), attached photos or files, timestamps, location related to the report, communications with our team.
Why: assess and respond to incidents, coordinate assistance, maintain an audit trail, support insurance claims where applicable.
Communications and support
Data: messages you send to us (email, in-app), call metadata (time, duration), support tickets and notes.
Why: customer support, service quality, training and compliance.
Device, usage and diagnostics
Data: device model, OS and app version, IP address, performance data, crash logs, security events.
Why: keep the app reliable and secure, prevent abuse, measure and improve performance.
Note: we do not use third-party analytics or advertising SDKs.
Website data
Data: cookies and similar technologies on our website, page views, referral URLs.
Why: operate the site, security, basic analytics.
Legal bases for processing (UK/EU GDPR)
Contract: to provide and support the Services you request (e.g., account, incidents, assistance).
Legitimate interests: safety and security, fraud prevention, service improvement, enterprise administration. We balance these interests against your rights.
Consent: where we ask for it (e.g., optional features, certain notifications). You can withdraw consent at any time in the app settings.
Vital interests: to protect life or prevent serious harm (e.g., emergency assistance).
Legal obligation: to comply with law or respond to lawful requests.
How we share information
We share data only as needed, under contracts that protect your information.
Hosting, infrastructure and security providers.
Communications providers (email, in-app messaging, telephony).
Your employer or sponsoring organisation where your account is enterprise-managed.
Insurance partners where assistance is linked to an insurance policy.
Emergency services or crisis responders when necessary to protect life or safety.
Professional advisers (legal, compliance) and authorities where required by law.
We do not sell personal data.
International transfers
We store and process data in the UK/EEA and do not routinely transfer personal data outside these regions. If a transfer is required, we will use appropriate safeguards (such as UK/EU Standard Contractual Clauses).
Data retention
We keep data only for as long as necessary for the purposes described above.
Account and profile: for the life of the account and up to 3 years after last activity, then deletion or anonymisation.
Location tied to check-ins/incidents: 3 years, then deletion or anonymisation.
Incident reports and assistance records: 3 years, unless a longer period is required by law or for the establishment, exercise or defence of legal claims.
Device, usage and diagnostics: up to 24 months.
Website logs: up to 12 months.
If you request deletion, we will action it unless we must retain certain data to meet legal obligations or to establish, exercise or defend legal claims.
Security
We use technical and organisational measures including encryption in transit and at rest (where applicable), access controls and logging, least-privilege permissions, and continuous monitoring. No method is 100% secure; we maintain and improve safeguards in line with risk.
Children
Response24 Connect is intended for adults (18+). We do not knowingly collect personal data from children.
Your rights and choices
Subject to legal limits, you may:
access, correct or delete your data;
object to or restrict certain processing;
ask for a portable copy of your data; and
withdraw consent where processing relies on consent.
How to exercise your rights
Web form: https://www.response24.com/account-deletion (request account and/or data deletion).
Email: dpo@response24.com.
We will verify your identity and respond within one month (or as required by law). You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
Permissions and controls on your device
The app requests permissions only when you use related features:
Location: for check-ins, incident reporting/assistance, and risk alerts while the app is open.
Camera/Photos: when you attach media to a report; you can use the system file/photo picker.
Phone/Calls: when placing an emergency or assistance call from within the app.
You can decline or revoke permissions at any time in your device settings. Some features may not work without the relevant permission.
Changes to this policy
We will update this page when we make changes. If changes are material, we will notify you in the app or by email before they take effect. The Effective date at the top shows when this policy last changed.
Contact us
Data Protection Officer
Email: dpo@response24.com
Postal: Response 24 Ltd, 9 Greyfriars Road, Reading, RG1 1NU, UK
If you are in the UK, you can contact the ICO at ico.org.uk.
Summary for Google Play users
Collected: account info; location (only when you use location features or the app is open); incident details and attached media; diagnostics/crash data; basic website analytics.
Shared (by category): hosting/security; communications; insurance partners (if applicable); emergency responders (when necessary).
Security: data is encrypted in transit (and at rest where applicable).
Data deletion: available via web form at https://www.response24.com/account-deletion or by email to dpo@response24.com.
Background location: not collected unless Immediate Assistance is activated.