To help you understand what 3rings does with your data here is our philosophy.
- Whether you are a customer, potential customer, supplier or employee the data belongs to you and we implement a range of privacy and security measures to protect your data.
- We use the data to service the requests that you make of 3rings, for example to deliver goods, provide the 3rings service, to help support you, care professionals and families.
- We will NOT use your data to market to you without your expressed permission that can be withdrawn at anytime.
- We only share data with 3rd Parties to:
- Provide the service you have asked from us,
- Satisfy requirements of the law,
- gain insights into how we can make the service better for you and future customers and in this situation the data is shared in an anonymous form.
- We provide your delivery address to the Royal Mail or other couriers.
- We use Google Analytics to understand which part of our web site is used and with what technology.
- We use PayPal’s Braintree e-commerce service to provide a PCI compliant financial service so we can reduce the amount of personal financial data that 3rings sees or has access to.
- We use Zendesk to record, track and manage support tickets so we can help our users should any queries or problems occur.
See later for a fuller list.
- We will NOT sell your data to 3rd
There is one potential exception to this should someone buy a controlling interest in the company and its assets.
- We have a presence on social media pages and identities with Facebook and Twitter. Interactions with 3rings on these environments are covered by the respective privacy agreements of Facebook and Twitter. These companies share data in different ways to 3rings.
- By the nature of our service we receive data from a wide range of sensors and from a wide range of suppliers. We only accept data from these systems if they have a strong user authentication and that the acceptance of this data is in an anonymous form.
- Any personal data we collect is kept to the minimum required to provide the service you request. For example, 3rings service does not collect Personally Identifiable Data of the individual being monitored. For Organiser’s and Carer’s who use the 3rings service we only collect Name, email and mobile number to enable us to provide the service, People who order hardware we collect Name, Address, email and phone number so we can deliver the goods and products ordered.
- Consent from the person being passively monitored must be obtained.
3rings is unusual to many companies as our fundamental service is to passively monitor vulnerable individuals to ensure their safety and give families and carers peace of mind to ensure that is done in a way that gives the individual being monitored independence with dignity.
In normal operation we do not collect personal data about the individual being passively monitored. Even though this is the case, it is essential that who ever sets up the 3rings service gets active consent from the individual being monitored and they are made aware of what and why the 3rings service is being used.
Where is your data held?
To provide security, redundancy and high levels of availability your data is physically located in multiple locations in Europe when the data is at ‘rest’ and we implement a range of security and privacy safeguards to protect that data.
When the data is on the ‘move’, eg from 3rings to your screen, we use encryption to protect it.
We use a range of cloud-based services to provide you with a high level of support and service. As a result, some elements of your data coming to us or going to the 3rd party services may go through a variety of routes prior to getting to us/you. We select our services with care and the majority of our services go within Europe but some go through the USA. Some services may route data through other regions prior to it getting to 3rings. The services we select are selected for their functionality and their attention to Privacy and Security. These are companies such as Google, Amazon, Zendesk, Stream International, MailChimp, Twilio, Xero and Monnit.
How long do we keep your data?
We keep your personal data for the duration of the contract with us and thereafter for accounting or legal purposes. Unless it conflicts with legal requirements from the end of 2018 we will be able to delete your personal data upon request.
Sensors data is kept for a longer period of time in an anonymous form to gain insights to trends and analysis that will enable us to help families and carers protect people better in the future. This does not contain any personally identifiable information. Although we would prefer to keep the anonymous sensors data to help people in the future we understand that that may not be your preference. You will be able to request all anonymous sensor data associated with your account to be deleted. In some situations, eg such as data from Nest devices, we will delete the data sooner based upon their sharing of data policies. Should you wish your data to be deleted please email email@example.com with the request.
Want to know what data we have?
You have the right to know what data we hold about you, if you want to receive a copy of the data please just request it by emailing firstname.lastname@example.org
Putting things into context
As the world becomes more connected it also becomes more complicated to understand.
Simple things that we thought had no risks associated with them can now produce areas of concern that were never anticipated. For example, giving someone your address to deliver a parcel that you wanted could end up on a global database that can be sold or stolen and, at best, be used for something as annoying as constant marketing but also more sinister, as a base to build a profile about you that could be used to steal our identity.
Data Protection laws continues to evolve (The latest one in the UK GDPR came into force 25th May 2018) to try to protect us but due to timing and geographical reach are often playing catch up and often increases the complexity.
So, we have a personal choice to make; either we become totally paranoid and as a result lose out on all the upside of the connected world and what it can mean to our families or we try to understand the risks and aim to strike a balance between the benefit we can achieve and those risks.
Very Large companies, with seemingly endless resources, get this wrong e.g. Facebook, Talk Talk, so this is not easy and a sense of vigilance and paranoia should be maintained at all times in the new digital world order.
Hopefully the above summary describes how we feel, act and care about your personal data. Your privacy and security matter to us as we deliver services that help keep people safe and independent with dignity.