In your crisis and alert strategy you are required to collect and use the personal data of your employees, partners, users, etc. The software solution you choose must meet the GDPR’s requirements.
Personal data in AlarmTILT®
Regardless of the type of alert you will send, you will need to collect personal data from your employees and/or other individuals. According to the GDPR, all data collection must be justified.
When using AlarmTILT®, you will collect primarily only the following information:
• First and last names
• Phone number (for voice alerts and SMS)
• E-mail (for email alerts)
• Fax number (in the event you would like the send an alert by fax)
• Unique Device IDentifier or UDID (for push alerts). The UDID is directly retrieved by the mobile application and helps to decide who to alert through the push function on smartphones and connected objects like smartwatches.
No sensitive information is intended to be collected.
Using your employees’ personal data in AlarmTILT® may be a part of their work contract.
The data retention period before deletion needs to be defined. With regards to alerts to the population, we can plan a recurring communication to provide them an opportunity to remain on the list of recipients.
As for emergency alerts or reminders to personnel, you must provide a data deletion timeframe as soon as the employee no longer needs to receive alerts or reminders.
The Notion of Subcontracting
As soon as you use an IT solution that is not hosted on your servers, processing personal data for which you are responsible is subcontracting.
This is the case with AlarmTILT®.
Even though the IT solution is locally hosted on your servers, the data processing to deploy and maintain the solution is considered subcontracted.
Download our full GDPR case with one white book and a graphic of the fundamental aspects :