(Public Version – Redacted. For the full GDPR Narrative, please contact legal@activatelocate.com.)
1. Compliance Requirements
Data Protection Contact: legal@activatelocate.com
Controller–Processor Responsibilities: Processor for Personal Security Solution, Controller for other services.
Data Processing Records: We maintain registers including lawful bases and Data Flow Maps.
Lawful Basis for Processing: All processing is supported by GDPR lawful bases; consent obtained where required.
Data Subject Rights: Access, Rectification, Erasure, Portability (with verification).
DPIA: Privacy by Design embedded; reviewed and approved by DPOs.
Information Security: ISO/IEC 27001 certified, SOC 2 Type II attestation, annual security tests.
Breach Management: Incident & Breach Response Plan in place, regulators/parties notified if high-risk.
Data Transfers: Supported by IDTA, SCCs, and BCRs (where applicable).
Special Categories of Data: Processed only when necessary (health, security, religious data).
Accountability: Annual internal & third-party audits, board oversight.
Retention & Deletion: Data securely deleted or anonymised per retention policy.
2. Key Services
Human Intelligence & Mobile Tracking (Processor Role): Data from users/clients, shared only with approved subsidiaries, stored in UK, Nigeria, India.
Security & Medical Assistance (Controller Role): Data collected when contacting Assistance Centres, stored in UK Data Centre, shared with third parties only when necessary and with consent.
Last Updated: August 2025 (Version 2.0 – Public GDPR Narrative)