Privacy Policy — Excelsior Protect Pocket EMT

Last updated: April 2025  ·  ISO 27001 & GDPR Compliant

⚠️ Medical Disclaimer This application is an educational resource only and is not a medical device, clinical decision support tool, or substitute for professional medical training or advice. In any real life-threatening situation, call emergency services immediately. The content is based on published first aid guidelines and is intended for trained security professionals and lay responders for reference purposes only.
Excelsior Protect — Pocket EMT This Privacy Policy explains how Excelsior Protect ("we", "us", or "our") collects, uses, and protects your personal information when you use the Pocket EMT application ("the App"). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and maintaining an information security management system aligned with ISO/IEC 27001 standards.

1. Data Controller

Excelsior Protect is the Data Controller for personal data processed through this application.

For all data protection enquiries, please contact:
📧 privacy@excelsiorprotect.com

2. Data We Collect

We collect only the minimum personal data necessary for the App to function ("data minimisation" — GDPR Art. 5(1)(c)):

  • Account information: Name and email address (when you register or are invited)
  • Usage data: Pages visited, features used, and session duration (anonymised analytics)
  • Device data: Browser type, operating system, and screen size (for compatibility)
  • Location data: Only if you explicitly grant permission via "Share Location" — used solely to display local emergency numbers and never stored on our servers
  • Language preference: Stored locally on your device only (localStorage)
  • Emergency contact data: Any contacts you manage are stored encrypted in our database

We do not collect health records, biometric data, or any special category data as defined under GDPR Art. 9.

3. Legal Basis for Processing

We process your personal data on the following lawful bases (GDPR Art. 6):

  • Contract performance (Art. 6(1)(b)): To provide you with access to the App and its features
  • Legitimate interests (Art. 6(1)(f)): To improve the App, ensure security, and prevent fraud
  • Consent (Art. 6(1)(a)): For location access and optional analytics — you may withdraw consent at any time
  • Legal obligation (Art. 6(1)(c)): Where required by applicable law

4. How We Use Your Data

Your data is used exclusively to:

  • Provide and maintain access to the App and its features
  • Authenticate your identity and manage your account
  • Display relevant emergency contact numbers based on your region
  • Improve App performance and user experience
  • Ensure the security and integrity of the platform
  • Comply with legal and regulatory obligations

We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Data Security (ISO 27001)

We implement security measures aligned with ISO/IEC 27001:2022, including:

  • Encryption in transit: All data transmitted over HTTPS/TLS 1.2+
  • Encryption at rest: Sensitive data encrypted in our database
  • Access controls: Role-based access control (RBAC) limits access to authorised personnel only
  • Audit logging: Access to personal data is logged and monitored
  • Incident response: Documented security incident response procedure
  • Regular reviews: Security controls reviewed through periodic internal risk assessments
  • Supplier management: Third-party processors bound by data processing agreements

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay (GDPR Art. 33–34).

6. Data Retention

  • Account data: Retained for the duration of your account and deleted within 30 days of account closure
  • Usage analytics: Anonymised after 12 months; raw logs deleted after 90 days
  • Location data: Never stored on our servers — processed in real-time on your device only

7. Your Rights Under GDPR

As a data subject, you have the following rights (GDPR Arts. 15–22):

  • Right of access (Art. 15): Request a copy of the personal data we hold about you
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
  • Right to erasure / "right to be forgotten" (Art. 17): Request deletion of your personal data
  • Right to restriction (Art. 18): Request that we limit processing of your data
  • Right to data portability (Art. 20): Receive your data in a machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interests
  • Rights related to automated decision-making (Art. 22): We do not use solely automated decision-making that produces legal effects

To exercise any of these rights, contact us at privacy@excelsiorprotect.com. We will respond within 30 days.

You also have the right to lodge a complaint with your national supervisory authority (e.g. CNPD in Portugal, ICO in the UK, CNIL in France).

8. Cookies & Local Storage

The App uses localStorage (not cookies) to store your language preference and offline cache data on your device. This data:

  • Is stored entirely on your device and never transmitted to our servers
  • Can be cleared at any time by clearing your browser/app storage
  • Does not contain any personal identifiers

If we introduce cookies in future, we will update this policy and seek appropriate consent.

9. International Data Transfers

Your data is processed and stored within the European Economic Area (EEA). Where we engage sub-processors outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, in accordance with GDPR Chapter V.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users via email or in-app notification at least 14 days before taking effect. Continued use of the App after changes constitutes acceptance of the updated policy.

The current version of this policy is always available at https://privacy.emt.excelsior-protect.com.

11. Contact Us

For any privacy-related questions, data subject requests, or security concerns:

Excelsior Protect
Data Protection Enquiries
📧 privacy@excelsiorprotect.com