You can read the documents in the app by going to Profile à Privacy tab, or at Safeture’s web page https://www.safeture.com
What is the basis of the contractual relationship associated with the use of the app?
What are the purposes of the service?
Who are the categories of data recipients?
What data can be accessed, and who can access the data?
- Who can access data from Safeture AB?
- Access to the data is strictly monitored (by audit logs) and direct access to the database is only given to certain administrators within Safeture. All passwords are hashed and each and every handset has its own encryption key when communicating with the server backend. The data storage is supervised by very strict firewall rules. Safeture performs security reviews several times per year using external specialists and security patches are applied on the servers and firewalls when released.
- What data does Safeture have access to?
- Access to all data categories, including position data.
- Who can access data from the employer?
- Access to the data is defined by your employer. The employees are entirely defined by your company, usually by the responsible for Human Resources, Risk Management, or Security Management.
- What data does the employer have access to?
- Access to all data categories including position data of all employees registered under the Subscription ID, as well as all sub-groups of that policy.
Who can access tracking/location data?
Safeture AB: Full access to the tracking data is only given to selected Safeture employees when needed for technical development and support issues. The only government authority that may access the data is the Swedish police authority and requires a legal warrant from the Swedish justice system. Safeture keeps strict rules around information access and advanced levels of IT security protection, requiring that each access to the data is logged in an audit log for misuse inspection.
The Employer: Access to the tracking data is only given to the employer related to the Subscription ID/reference you include when registering and only when the user-provided explicit consent in providing the location data. The employer can only see their own end-users and can decide who within the organization that has access to this data. Safeture will not be responsible for any employer’s internal process, which should be controlled and managed by the employer and regarding the data, accessible through the system.
Note that only the very last position for an end-user is provided, and position history can only be provided to companies and partners if requested. Such requests are handled case by case and only if Safeture deems it to be a valid reason for such request and it is for the benefit of the end-user.
Note that the Employer is the data controller and has the legal right to access all employee’s personal data depending on the privacy agreement between the employee and the employer.
What are the categories of the data subjects?
What are the categories of data processed?
Categories of personal data (End-User):
- First name
- Last name
- Country of residence
- Network information (E.g. IP-address)
- Email address*
- Mobile Phone number*
- Position data* (restricted and when consent by End-user)
* required data for the service to function properly
The personal data that is processed includes all the above as well as additional personal information added to the system by the user or by the employer (through the web portal), as for example company department, group, etc.
Are any special categories of data processed (i.e. Social security and passport number)?
None, unless the employer includes such data via the web portal, where there are the following non-mandatory fields: Address, Zip Code, City, State, Department, Nationality, Gender, Job title, Passport number, and Line manager.
Which communication steps are intended to notify data subjects about the processing?
What is the legal ground for non-European transfer?
To be able to provide the Service, your Personal Data may be transferred to a country outside of the EU/EEA. If your Personal Data is transferred to a country outside the EU/EEA we will provide adequate safeguards to protect your Personal Data, e.g. that the receiving country has an adequate level of protection. To obtain a copy of the safeguards applied, please contact email@example.com.
For European citizens, personal data is only transferred outside the EU/EEA in case of support cases and no data is transferred outside the EU/EEA for standard operations. For non-European citizens the personal data is stored and processed identically as for European citizens unless local law has specific data transfer legal requirements for local citizens.
Who are the controllers of the data?
If you have received the service through your employer then the employer is the data controller. If you have purchased the service as a consumer directly from Safeture then Safeture is the data controller.
Who are the processors of the data?
The data processor is Safeture AB and the processing of data is conducted in Sweden.
What are the Purposes of Processing?
We process your Personal Data for the purpose of providing you with the Service, including tracking your geographical location. The processing is conducted on the basic necessity for the performance of our contract with you regarding the provision of the Service. Please note that you need to enable real-time positioning and sharing if want to use the real-time positioning sharing functionality of the Service.
We may also process your data for the purpose of further analysis, statistical information, and to optimize the user experience. Prior to such processing, your Personal Data will be anonymized, meaning that the Personal Data will no longer be attributable to you and thus not considered Personal Data. The anonymization is conducted on the basis of our legitimate interest to be able to improve the Service and carry out statistical analysis regarding the usage of the Service for future optimization.
How is data security ensured?
Several times every year, external consultants are reviewing the systems from a security overview perspective. They not only perform traditional penetration tests but also review all new source code and perform security checks on the production network and the office network. Extra checks are done when new apps are released, or new specific functions are added to the system. External reports are available at request.
How do you protect customer privacy?
Safeture meets the stringent requirements in accordance with GDPR and adheres to the strict regulations covering information access and IT security.
At the core of the Safeture concept is the idea of protecting the end user’s privacy. The app user can easily disable all service including positioning capabilities. The app user may also set positioning precision to country-level which means that the app will only report which general country or region the user is located in, keeping the user’s location more private. Furthermore, the Risk Manager responsible for the overviewing system at a company or organization can only expose the last known position and not historic positioning information. The technology is tailored in such a way that the end-user is always in control of his or her privacy. Safeture is based in Sweden, a country that has a long history of protecting the privacy and rights of employees. Safeture is required by law to provide any end-user with information on all data stored related to him/her. The deletion of any data related to an individual or organization will be done upon request to firstname.lastname@example.org.
Where is the data stored?
Safeture operates all servers and stores all the data within the borders of Sweden that guarantee that the data protection and privacy are under Swedish law and jurisdiction.
How long is data kept in live systems (data retention policy)?
All generated data is stored for up to 18 months. For direct consumers, the data is stored up for 3 months.
Which standard deletion periods are defined (data retention policy)?
Data is deleted after 3, 6, 12, and 18 months, depending on the sensitivity of the data.
- 3 months: Alerts sent
- 6 months: Logs, access logs, etc.
- 12 months: SMS data
- 18 months: Location data, Personal data
What if I want to obtain data stored which relates to me as an individual?
Safeture is required by law to provide a person with information on all data stored concerning that person and to delete any data related to an individual or organization upon request.
What is the procedure in place in case of disaster/failure?
Full data backup is performed every day and the system is live replicated to several off-sites. The off-sites are running in cold standby and failover to these redundant systems can be done quickly and efficiently.
Do you have a documented Disaster Recovery (DR) plan and how often is it tested?
Yes, it is tested yearly.
Is there a store backup in a secure, separate facility that is of sufficient distance from the main location to enable recovery?
Do you have a separate Work Area Recovery site?
What is the maximum timeframe system and or data will be unavailable?
What is the recovery procedure in case of Application failure or cyber-attack?
Immediate analysis by system experts and depending on the outcome either full restore from backup or failover to the disaster recovery site.
How can I access the web portal?
The Web Portal should be accessed on https://iso.safeture.com/ which is the same URL as the one provided to End-Users. The system will detect your permissions (in your case as a HR/Risk Manager) and show the information you should access as a HR/Risk Manager vs. End-User accordingly.
What should I do if the website is not working?
The Web Portal should be accessed https://iso.safeture.com/ If you experience issues in log-in or registration, please contact support at: email@example.com
I did not receive my two-factor authentication code that is required to enter the portal:
We are sorry to hear that you did not receive your authentication code when logging onto the Safeture risk manager portal. Please follow the procedure below to receive a new code:
- Open the Risk Manager portal and log in.
- Open the app and go to 2-factor authenticator available under the three dots-menu.
- Enter the displayed code into the web portal and proceed.
As a Risk Manager, what is the difference between the app and the Web Portal?
In addition to the differences as an end-user, as a Risk Manager you will also have the below sections (not available for end-users):
- Personnel Overview: Summary users based on last known location.
- Subscription Overview: Includes your current license count.
- Travelers in risk zones: Travelers who were located near or in a country where Safeture released a red alert the last 2 weeks.
- Incidents reported Last 24hrs, all types
- Security Overview:
Show the map of users with an exact position reported in the last 24 hours. Users without an exact location reported the last 24 hours will only be shown on Country-level. At the top of the screen, you can also see the details on Personnel, Log (of alerts and SMS sent), and Incidents. The incidents option lets you configure which countries to see incidents for, which will also be reflected on the Dashboard à Incidents reported the Last 24hrs.
You can send messages and initiate chats to large group of users based on location, groups or other identifications.
In this section, you can view and edit country information displayed to your end-users. In addition, you can edit the app welcome page information to add your own customized message to your end-users when opening the app.
In this section you can manage (add/invite/edit/remove) user(s) information as well as groups associated to your policy. You can also see eLearning progress of your users.
In this section you can view your company’s travel bookings.
I can enter the Web Portal but I do not have a Risk Manager features, what should I do?
Please contact your HR/Risk Department to upgrade you to a Risk Manager. Alternatively, contact Safeture by sending an email to firstname.lastname@example.org.
Why is my end user’s location not showing on the Web Portal (ISO)?
A user’s location not showing up on the map may be due to a number of factors:
- The user does not have Location Services enabled on the device.
- The user has not allowed the app to use Location Services at all times.
- The user does not have Service enabled in the app.
- The user recently registered, and the device has not yet sent a location report.
- The app could not retrieve a valid location coordinate from the device.
- The user has disabled or blocked the app to run in the background.
- The user is off-line or have problems with Internet access.
How does Safeture use users’ location to contact them?
If the user has given explicit consent in providing location data (exact or at a country-level), Safeture will use this data to provide the following features:
- Alerts: Sent via push notification or SMS, based on location (exact or at a country-level)
- Assistance: In the app provide the country-specific emergency numbers and the approximate location
Does the system keep track of sent alerts etc.?
Safeture has implemented a complete log function within the management portal, which allow the risk manager to track and provide evidence of communication if needed. The Log function tracks (per user): system-generated alerts, SMS sent and received/read status with individual timestamps. The SMS Received and Read status is unique to Safeture’s system and patented solution. This allows Risk Managers to verify that an end-user has received and interacted with the SMS alert.
Note: There have been litigation cases, (for example an NGO case in Norway) where an employee has sued the Employer for not providing a proper duty of care measures and risk information. With Safeture, not only do employees receive alert information, but there is also a log track verifying alert interaction status.
Regarding the Communications Log records when SMS alerts are received by an app user’s phone (“Status” column) and when they are read by the app user (“Access” column), why do messages only sometimes show as read on the Communications Log?
SMS alerts show as read-only when the app user clicks on the link in the SMS (the link takes the user to the message details). The message is not show displayed as “read” when the user only reads the SMS message without accessing the link.
What is “Personnel in Incident Region” email?
Risk Managers are notified by email if an app user is in an area of a published Red Alert. Any user without an exact location report is also included in this email if the user can be positioned to the same country as the Alert. This email is an opt-out subscription that can be set per user.
Can I contact my users via the web portal?
Yes, this is possible in two different ways:
How can I contact my end users?
This can be done in two separate ways:
- Through Personnel on the Security Overview section by searching and selecting user/group to send SMS and/or email
- Through the geo-fenced communication, by clicking on the user or a group of users on the map and then selecting Message.
How do I know if a user received the SMS sent from a Risk Manager via the portal?
Via the Log functionality under the Security Overview section in the Safeture Web Portal.
When app users respond to SMS sent by Risk Managers via the portal, is the SMS recorded in the Communications Log?
The Communications Log records outgoing SMS i.e. SMS sent by the system (incident alerts) and SMS sent by admins via the portal. The Communications Log does not record SMS sent by app users in response to SMS from Risk Managers.
What are the costs of sending SMS from the Web portal?
The SMS costs are dependent on the subscription agreement. A standard subscription agreement includes an annual pool of SMS that can be used without any extra costs. If the included SMS pool is exceeded or if there is a special agreement regarding SMS then Safeture will invoice extra for SMS: es at the price specified by the subscription agreement.
Nevertheless, the use of the “Send SMS” function available via the portal should be strictly limited to emergency situations related to users’ safety. Please contact sales for further information on prices at email@example.com.
Is there a risk that employees feel supervised by their employers?
The app gives the user the ability to activate privacy protection that involves concealing their exact position or only indicating which country they are in. There are also other privacy filters that may be applied on account or group level on the Web Portal. This means that you can have sub-admins that only can access specific Groups of End-Users.
Can Safeture monitor customers?
Can I add or invite new users to the app and/or Web portal through the Portal?
Yes. Under Users section, you can:
- “Invite Users”: To invite new users one by one
- “Import Users from spreadsheet”: To invite new users in a batch/bulk upload via spreadsheet.
Both options will send an email to the new user(s), asking them to set their password. Once completed, they have access to the app and the end-user version of the web portal.
How do I add or remove Admins and App Users (End users)?
Managing all kinds of users is done via the Users section at the Web Portal.
How can I edit users’ information via the Web portal?
Users can be edited via the Users section, by clicking Manage. Here you can search and filter all users in the system. By clicking on a user, you can edit personal information, upgrade permissions, or set email preferences.
Note: You cannot update the phone number for a user who has the app installed. This must be done via the app itself to ensure the phone number has been validated properly.
Under Users, what is the difference between Add User and Invite User?
Add User is only intended for new Admins. Invite users to include email validation steps and lets the users set a new password themselves.
Can I use a Single Sign-On solution with the Safeture platform?
Yes, the Safeture platform supports single sign-on that allows you to use external identity platforms that are already used within your organization and thereby remove all administration of managing users. Please contact firstname.lastname@example.org to enable the feature and start integration (Some configuration will have to be done in your own Identity Provider service, such as ADFS, AzureAD, Google G-Suite, etc)
Can I invite users in any other way?
Yes, simply send an email to all users, asking them to install the app, and include the Subscription ID to be used. This way the users can download the app and register manually.
Can you explain the Group concept?
Groups let you put users in a hierarchy and let designated admins have access to certain Groups only.
Under Groups, which means “Set default” for a group.
By default, all End-Users will be set as members of a Group with the same name as the policy number used in registration. However, if that group is removed, there is an option to create other Groups, and all new End Users will be members of the “default” Group.
Under Groups, what happens if I edit a group?
This will only edit the name of the Group. Note that if you change the name of the Group with the same name as your policy, users will no longer show up in this group by default when registering.
Under Groups, what happens if I delete a group?
All members of the deleted Group will be without Group, meaning that only top-level Risk Managers have access to their information.
Under Groups, how can I add a group?
Go to Users à Groups à Add Group and enter a name. The new Group will then be available as an option when editing users.
Can admins download the information contained in the Communications and Account Activity logs and get a read-out of their travel data?
Admins can copy-paste the data from the logs. Safeture can also provide the data on demand, with relatively short notice. All such requests will be handled on a case by case basis. Data sent to the client will be packaged and, for example, plotted on a map.
How can I access the web portal?
The web portal can be accessed on https://iso.safeture.com.
The website is not working – what should I do?
If you experience issues with login or registration, please contact your responsible HR/Risk Management department. Alternatively, contact Safeture Support at: email@example.com.
Which browsers does the web portal support?
The Web Portal is compatible with the following browsers:
- Internet Explorer 11
Unless a newer version must be used due to Security related issues, the Web Portal supports up to 2 years old versions of each browser.
What is the web portal?
The web portal is the website version of the app, including information and functionalities such as:
- Country information, alerts, and medical information.
- Medical Information
- eLearning (if enabled)
- User Profile