(Public Version – Redacted)
For the full GDPR Narrative, please contact legal@activatelocate.com.
For the full GDPR Narrative, please contact legal@activatelocate.com.
1. Compliance Requirements
- Data Protection Contact: legal@activatelocate.com
- Controller–Processor Responsibilities: Processor for Personal Security Solution, Controller for other services.
- Data Processing Records: Registers maintained including lawful bases and Data Flow Maps.
- Lawful Basis for Processing: All processing supported by GDPR lawful bases; consent obtained where required.
- Data Subject Rights: Access, Rectification, Erasure, and Portability (subject to verification).
- DPIA: Privacy by Design embedded and reviewed by Data Protection Officers.
- Information Security: ISO/IEC 27001 certified, SOC 2 Type II attestation, annual security testing.
- Breach Management: Incident & Breach Response Plan in place with regulator and party notification procedures.
- Data Transfers: Supported through IDTA, SCCs, and BCRs where applicable.
- Special Categories of Data: Processed only where operationally necessary.
- Accountability: Annual internal and third-party audits with board oversight.
- Retention & Deletion: Data securely deleted or anonymised in accordance with retention policy.
2. Key Services
- Human Intelligence & Mobile Tracking (Processor Role): Data received from users and clients may be shared only with approved subsidiaries and authorised operational entities. Data may be stored within the United Kingdom, Nigeria, and India.
- Security & Medical Assistance (Controller Role): Data collected through Assistance Centres may be stored within UK-based data centres and shared with third parties only where operationally necessary and legally permitted.
Last Updated: May 2026 · Version 3.0 — Public GDPR Narrative