imabi Privacy Policy
imabi Ltd (Company Registration number 12854897) is registered as a data controller with the Information Commissioners Office registration number ZB028232.
Our company address is:
Sovereign House,
155 High Street,
Aldershot,
Hampshire,
England.
GU11 1TT.
Using expertise developed from working with law enforcement, communications and digital solution specialists; imabi Ltd has developed a number of personal safety apps specifically aimed at education providers, organisations and private individuals to provide useful information to people of all ages to help keep them safe and informed.
Definitions used in this Privacy Notice
We may use the term “app”, “apps”, “system” and “platform” interchangeably throughout this Privacy Notice to indicate the totality of systems that imabi uses to deliver its service to its users.
We provide access to our platform directly to users, and via other organisations who are providing it to users e.g. education providers, employers, police forces etc. These will all be considered “users” in the context of this Privacy Notice.
Our commitment to data security
imabi Ltd recognises the importance of respecting and protecting your personal data (information), whilst providing you with a range of quality services. To do so we need to collect, process and share a certain amount of information about you.
This document explains what information we are likely to hold, how we collect it and how we will use or share it. It also explains your rights and how to contact us or the UK regulatory authority should you wish to exercise your rights or make a complaint. We will treat your personal data fairly and legally.
This policy applies to all your information however captured, including through our apps, our platform, our website, or via telephone conversations with our staff. This includes when you:
visit the imabi Ltd website or link to this Privacy Notice;
visit our branded social media pages;
use the imabi platform as a private account holder;
use the imabi platform and associated services or apps as an authorised user, for example, as a student, an employee or member of the public provided with access to our services by one of our customers;
communicate with our offices or contact our operational teams via phone or email, or otherwise receive communications from us; and
register for, attend and/or otherwise take part in our events, webinars or campaigns.
Our data protection governance position may vary according to the nature of the contract we have agreed with the organisations or persons who use our app. In some contracts we operate as data controllers working with other data controllers as part of an information sharing agreement. In others we act as data processors and as such follow a data protection agreement they have put in place. When pupils or employees use the Inspire or Pro Apps we are acting as the data processor of that information. This means education providers and businesses, who use our apps and offer it to their students or employees, remain in control of how we process that personal information. As controllers of the data, they are obligated to comply with all relevant data protection legislation regarding the data they collect, and what they share. In exercising their legal responsibilities, they put in place a contract called a data protection agreement which includes terms for imabi Ltd to follow. The relevant organisation will also publish its own privacy policy, which will explain the reasons and legal bases to processing that personal information.
As a private customer you will need to enter into a contract with us before you can access our apps and services. In these circumstances imabi will determine the purpose for collecting your data as well as its use. In these circumstances we are controllers of your data with a legal responsibility to process your data transparently, lawfully and with integrity as outlined in this policy.
As a user of the Railway Guardian app, provided by imabi Ltd to British Transport Police, we will act as both controller and processor of your data. We retain a legal responsibility to manage and process your data transparently, lawfully and with integrity as outlined in this policy.
As we evolve and develop our apps, we may look to users who are willing to participate in that evolutionary process. This is to assist us enhance the apps by expanding their functionality and ease of use before making them more widely available. We will work closely with private customers, schools and businesses to assist identifying volunteers to participate with our development programmes. We will only enrol you as a volunteer with your full consent.
The data we collect
When you elect to use the Railway Guardian app, the data we collect is limited to only that required to enable us to set up and manage your account if using the advanced function of the App that can track your device’s location, enabling us to provide you with helpful information relevant to your location at any time. It is your choice whether or not you wish to use this service. It will only operate if you choose to enable your phone’s location system. If you do, we will not track your movements, we do not share this information with others including the police or allow the police to access this information either live or retrospectively unless they provide a legitimate legal basis requiring us to do so.
We may use reliable third parties to assist us with some technical aspects of our processing. The companies are required to maintain the highest standards of security and are bound by a data protection agreement as defined within the GDPR.
The personal information we collect from you is kept to a minimum and only that required for us to set up and manage your account.
Full name
Postal address
Age
Mobile phone number
Email address
Device IP number
Contacts selected by you
If you are using an app as a service offered by your education provider or employer, the information we require is limited to your name and email address. This will enable you to set up an account to access our services. Our apps include innovative functionality, it enables you to create your own free text and structured reports to send back to an existing designated contact within the education setting, business or other organisation. We do not routinely access or process the contents of your personal reports. We treat this information with the utmost confidence, recognising it is a private communication between you and the recipient nominated by said education provider, business or other organisation. The only exception might be if were necessary for us, or a third party acting under our control, to resolve technical issues or install system upgrades.
If you are a private customer, we will limit the personal information we collect. This means we will only collect the information we require to set up your user account and personal profile. This will include:
Full name
Postal address
Date of Birth
Gender
Mobile phone number
Email address
Contacts selected by you
Lawful Processing and Sharing Overview
1. Why it’s necessary
To provide, operate, support the use of, maintain and improve the imabi apps, website, associated services integrated with the app, and services we advertise on our sites.
The data we collect
Your name, phone number, email address, contacts provided by you and app account information, including geographical data as required by the app, device data, your IP address, geographical location, browser type and version, operating system, or any data entered into the custom fields.
Who we collect data from
From you, and the device that you use to access the apps.
Lawful Basis
Your consent (GDPR article 6(1)(a)) if you choose to opt in and activate your device’s tracking capability. A contractual agreement between you and us to provide you with an account enabling you to access the services provided by the apps. (GDPR article 6(1)(b).
Who its shared with
Our staff, our developers and our sub-processors, where required.
2. Why it’s necessary
To provide product-related news, status updates, or automated responses to certain services, for example product onboarding, website chatbots, or Help Centre articles.
The data we collect
Your name, app account information, telephone number, email address, contacts and/or device or browser data, where required for in-product notifications or “help” functionality via the browser.
Who we collect data from
From you and your interactions with us.
Lawful Basis
Our legitimate interest (GDPR article 6(1)(f)) in providing you with up-to-date service and products.
Who its shared with
Our staff, management team, our developers and our sub-processors, where required.
3. Why it’s necessary
To assist product-related development news, status updates, or automated responses to certain services, for example product onboarding, website chatbots, or Help Centre articles.
The data we collect
Your name, app account information, telephone number, email address, and/or device or browser data, where required.
Who we collect data from
From you, our records and your interactions with us.
Lawful Basis
Your consent (GDPR article 6(1)(a).
Who its shared with
Our staff, management team, our developers and our sub-processors, where required.
4. Why it’s necessary
To protect your data, review our security, review our compliance, comply with legal obligations, and protect against, investigate and deter fraudulent, unauthorised or illegal activity.
The data we collect
Your account information and activity.
Who we collect data from
From you or from our records of your interactions with us via the app and our sites.
Lawful Basis
Our legitimate interests (GDPR article 6(1)(f)) in upholding an appropriate level of security and ensuring a trustworthy and legal business operation.
Who its shared with
Our staff and relevant third parties instructed by us, where required.
5. Why it’s necessary
To provide you with information about goods or services we feel may interest you.
The data we collect
Your name, email address, phone number.
Who we collect data from
From you and from our records of your interactions with us.
Lawful Basis
Your consent (GDPR Article 6(1)(a).
Who its shared with
Our staff and relevant third parties engaged by us.
6. Why it’s necessary
If imabi is sold or integrated with another business.
The data we collect
Your name, phone number, email address and app account information, including geographical data as required by the app, financial data, device data, your IP address, geographical location, browser type and version, operating system, or any data entered into the custom fields.
Who we collect data from
From imabi.
Lawful Basis
It is in our legitimate interest to make arrangements to continue the business fulfilling the initial contract between us and you employer (GDPR article 6(1)(f)).
Who its shared with
Your details may be disclosed to our advisers and any prospective purchaser's adviser and will be passed to the new owners of the business.
7. Why it’s necessary
Following a lawful request made by a competent authority.
The data we collect
Any relevant information as requested.
Who we collect data from
From you, your account, and from our records of your interactions with us.
Lawful Basis
GDPR article 6(1)(c) required to share by law.
Who its shared with
A court, government body or by law enforcement agency.
8. Why it’s necessary
To respond to your queries, provide clarification, resolve issues or to notify you, your education provider, your employer or other organisation providing the app to you about changes to our service and to provide and deliver any other products and services that you, your education provider, or your employer requests.
The data we collect
Your name, app account information, email address or phone number, gender, date of birth, postal address, any additional data required to fulfil this associated service, including and not limited to contract data or payroll data or any other data collected by the sites or app.
Who we collect from
From you, your account, and from our records of your interactions with us.
Lawful basis
The agreement between you and us (GDPR article 6(1)(b) (if you are a private customer) or our legitimate interest in fulfilling the contract between us your education provider, your employer or other organisation providing an app to you (GDPR article 6(1)(f) (if you are an employee).
Who it’s shared with
Our staff and our sub-processors, where required.
9. Why it’s necessary
For our own commercial purposes.
The data we collect
We may collect non-identifiable data when analysing the various transactions made within our app.
Who we collect from
The data is from the various inputs made by you when using our app.
Lawful basis
This data is aggregated and used for analytical purposes. It does not identify individuals falling outside scope of the GDPR.
Who it’s shared with
Commercial partners.
10. Why it’s necessary
To provide you with the ability to share your location with your chosen contacts.
The data we collect
Your name, phone number, email address, contacts provided by you and app account information, including geographical data as required by the app, device data, your IP address, geographical location, browser type and version, operating system, or any data entered into the custom fields.
Who we collect data from
From you, and the device that you use to access the apps.
Lawful Basis
Your consent (GDPR article 6(1)(a)) if you choose to opt in and activate your device’s tracking capability. A contractual agreement between you and us to provide you with an account enabling you to access the services provided by the apps. (GDPR article 6(1)(b).
Who its shared with
Our staff, our developers and our sub-processors, where required.
Using Our Website
We have published a separate cookie policy specifically setting out how we use your data when accessing our website. See https://www.imabi.com/cookies-policy.
Sensitive data
imabi does not process sensitive data, known as “special category data” in data protection legislation. As part of its reporting function, our apps provide custom text fields in which sensitive data may be added by either you, your education provider, employer or other organisation providing you with access to an app. We do not access this data unless it’s necessary to resolve a technical issue. We recommend that you or them do not add sensitive data to these fields. Any data entered into these fields is intended to be accessed and used only by the named education provider, employer or other organisation providing you with access to an app, who will exercise control over its contents.
Third party links
Our apps and website may include links to third-party websites and applications. By clicking these links, you may have to accept the privacy notice(s) of these third parties and share your information with them. You are encouraged to thoroughly read these privacy notices as they may differ from ours.
Children
Our apps are designed with the best interests of its users in mind, particularly children. It provides accurate and timely information directly to their smartphone or tablet, assisting individuals to make important lifestyle decisions on matters of personal wellbeing and safety. We and our Clients follow the Children’s Code; a code of practice published by the Information Commissioners Office. https://ico.org.uk/for-organisations/childrens-code-hub/.
If you are a pupil and your education provider has given you the option to use our Inspire app, they will apply the codes of practice to determine if use of the app is in your best interest and will have exercised a risk-based approach to ensure each child has reached an appropriate age and capability to use the app without compromising their rights or freedoms.
If you are a private customer between the age of 10 and 12 years, defined as transitional years by the UK regulator, we require the consent of a parent or guardian before a contract can be agreed.
We have provided a summary of this privacy policy made suitable for children aged 10 and above in Appendix A and Appendix B.
How we keep your information safe
We fully understand the importance and duty we have in protecting your privacy. We take appropriate organisational and technical steps to safeguard it whilst it’s in our care. This includes:
Restricting access to only those who require it;
Proportionate technical preventative solutions are installed on our systems;
Using encrypted computers;
Ensuring our staff are trained and understand potential risks;
By using adequate technical and physical security solutions;
When transferring data to a third party, sending it securely with the appropriate measures in place, which could include using encryption or password protection, or a reliable secure courier;
When taking files and records off site for business purposes;
When deleting or destroying records or dispensing with IT equipment; and
By applying robust technical and physical security solutions
International transfers
The data that we collect from you is stored and hosted in the European Economic Area (“EEA”). Following Brexit in June 21, the UK has been deemed adequate in terms of EU data protection legislation, therefore many of the GDPR rules are still applied. Occasionally, we may need to process your personal data outside the EEA, for example, where it is processed by staff operating outside the EEA who work for us or for one of our suppliers. These transfers are subject to special rules under European and UK data protection law because non-EEA countries may not have the same data protection laws. If we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by making sure at least one of the following safeguards is implemented:
We will only transfer your data to such third-party suppliers who have agreed to comply with the required data security standards, policies and procedures and have put adequate security measures in place;
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and the UK;
Where we use certain service providers, we will use standard data protection contract clauses which have been approved by the European Commission. These are designed to re-create data protections equivalent to those we enjoy in the EEA and in the UK.
How long we keep your data
Where we process personal data for site security purposes, we generally retain it for 12 months.
Where we process personal data in connection with performing a contract, we generally keep the data for 6 years from your last interaction with us.
We may also keep personal information for longer periods where we are required to do so for legal or regulatory reasons, such as tax and accounting.
Your rights
You have the right to access your personal data, and any such requests made to us shall be dealt within the legal time limits set.
Your rights include:
The right to be informed about the collection and use of your personal data. This is a key transparency requirement of the GDPR;
The right to access information held about you;
The right to have inaccurate personal data rectified or completed if incomplete;
The right to have personal data erased;
The right to request the restriction or suppression of the processing of your personal data;
The right to data portability;
The right to object to the processing of their personal data in certain circumstances;
Rights in relation to automated decision making and profiling.
You also have the right to lodge a complaint with the Information Commissioner Office who can be contacted via their web site www.ico.org.uk.
GDPR does not insist for requests to be made in writing, however it will enable us to manage your request more quickly if you were to use either email or letter, accompanied by some form of identification, such as a copy of a passport or driving license. Your request should be directed to gdpr@imabi.com
In most circumstances charges will not be made. Information will be provided promptly and no later than 30 days following receipt of the request.
Changes to this privacy notice
Our privacy notice is reviewed every 12 months. This privacy notice was last updated on 22-Apr-2022.
How to contact us
imabi Ltd
Zenza
Thibet Road
Sandhurst
Berkshire
GU47 9AR
Email: info@imabi.com
If you want to request information about this privacy notice you can email our Data Protection Officer on gdpr@imabi.com.
Appendix A - Privacy Notice for children (excluding Inspire app)
What is a Privacy Notice?
We take great care to comply with the laws and codes that apply to how organisations use your personal information. In the UK compliance is regulated by the Information Commissioners Office (ICO) who publish guidance as well as hold organisations to account. These laws require us to provide easy to understand information about how we use your information in accordance with the law. A Privacy Notice is a requirement of that legislation.
This privacy notice explains what personal data imabi collects about you and how we use it; also your rights to ask us to explain how we use it, for copies of your information used by us and for you to be able to tell us to stop using your data if you no longer want us to do so.
Personal data means any information that can be used to identify you, such as your name, address, picture, telephone number, or the unique numbers allocated to your phone, tablet, or computer.
This privacy notice is designed to be read by children and young people; you might want to read it with your parents, guardians, or a teacher. If you still have questions, you can ask us at imabi at gdpr@imabi.com. You can view a more detailed privacy notice on our website www.imabi.com/privacy.
Age and understanding
We follow the standards of the Children’s Code as published by the ICO to ensure children are made fully aware of what will happen to their information before allowing it to be used and their rights. You can find more info at https://ico.org.uk/for-organisations/childrens-code-hub/.
We understand that age is not always the best gauge of a person’s ability to understand official documents, however, having carefully considered the matter we have decided not to offer our products to a child until they have reached year 7 at school and are 10 years of age and above. We supply our app to several other organisations who may arrange for you to access the app. They may wish to apply their own age limits which differ to our own.
Who are we?
We are a company that develop apps to help people take care of their personal safety. Sometimes we work in partnership with other organisations such as schools, businesses, and the police who make use of our apps to provide personal safety information to students, staff and the general public. You can find out more about imabi by visiting our website https://www.imabi.com/
Who looks after your information?
imabi is a registered Data Controller. A Data Controller is in charge of the personal data collected about you. We have appointed a Data Protection Officer; this person makes sure we do everything the law says we should. If you want to ask any questions about the personal data we collect please email our Data Protection Officer at gdpr@imabi.com.
Why do we collect and use your information?
We will only collect your information when you choose to use one of our apps or use our website. We need your personal data for our app to work and to assist our partners to provide you access to the app. Also, the app enables you to inform our partners by telling them your views and concerns. Here are some of the ways we or our partners may use it: to get in touch with you, to provide you with the services you have requested, to protect your welfare, to assess the quality of our service, or to comply with the law.
What information do we collect?
Your personal information – Examples of your personal data might be your name, address, email address, unique reference numbers allocated to your phone, tablet or computer, often called identifiers. If you are a private customer, we may need your bank details to set up payments. In certain circumstances where parental consent is required before you can use our app we may require that you ask your parents to supply their name and address too.
The rules we have to follow when we collect your personal data
imabi follows the data protection rules when we collect and use your personal data; there are six of them, but we only need to use three. More information on these rules and what they mean can be found on the Information Commissioner’s Office website. We have listed below the three data protection rules we follow and examples of the types of activity they cover.
1. The rule of Consent
If you are a pupil or student at a school, college, university or other place of learning offering you use of our app they will offer you a choice whether or not you wish to use it. If you agree, they will provide us with your email address to help us set up your account. Refer to our Privacy Notice) for Inspire app (Appendix B).
If you have a job and your employer offers the use of our app, it is your choice as to whether you wish to use it. If you agree, they will provide us with your email address to set up the account.
If you have chosen to use the app offered by a public body such as the police, or other public organisation, or charity involved in crime prevention or victim care, they may require the consent of young people using the app before allowing them to use some of its functions such as taking part in surveys.
It is your personal choice to use the tracking feature of our app. You can opt to do so by activating the tracking feature on your device, and you can turn this off whenever you choose. When using this feature, we do not share live information about where you are or where you have been with anybody else except in an emergency where your life is considered to be potentially at risk. In these circumstances we would only share this information with a public body who can legally justify their request.
Our website uses cookies but you can change the settings when you visit our website. For more information, please see our Cookies policy on our website. Cookies are small files which are stored on your computer. They are designed to hold a small amount of data, they remember information about you (so you don’t have to give it to us again), and help with your overall website experience.
2. The rule of Contract
If you are a private customer making a direct purchase from us, you will need to set up an account and pay for its use. If you are under the age of 16 years of age we will require your parents or guardian to provide their consent to finalise a contract with us.
If you set up a user account for one our services - personal data is kept for as long as needed for the particular account set-up.
If the app gallery uses work/images that you either own (called copyright) or have rights to – personal data is kept until no longer required or for seven years (for financial reasons).
3. The rule of Legitimate Interests
We are a private company that specialises in providing personal safety apps used by individuals and other organisations, both public and private. To produce our apps, we rely on the use of people’s information, this is necessary for us to continue in business, develop new solutions, and maintain those we have launched. We take great care in balancing our own needs whilst safeguarding the privacy and rights of the users of our apps.
Information that is needed to improve the experience and services we offer to you as a user – certain settings can be changed, such as:
When you visit a page with content embedded from social media platforms such as Facebook, Twitter, YouTube and others, you may be presented with cookies from these websites. imabi does not control how these cookies are used. These cookies are set by social media tools or other external applications, like those listed above, if you are a user of those services.
When visiting other websites or social media sites, you may receive ‘personalised advertising’ that relate to your browsing history on our website or use of our app.
Google Analytics
We use Google Analytics to collect information about how our visitors use and navigate the website. This information cannot identify you personally and we only share general data.
How long do we keep your information?
We keep your personal information all the time you want to make use of our app. If you decide to leave us we will keep your data no longer than is necessary, to make sure there are no unresolved issues relating to any account or use of our apps, for fraud prevention, this may be for up to 12 months. We are also required to keep some records for longer periods of up to 6 years, this is the time set by government departments such as Her Majesty’s Revenue & Customs, we may also retain anonymised/aggregated data for analytics purposes.
Sharing Your Information
We will only share your information after first telling you who we might share your information with. This is explained more fully below providing you with information about how we might share your data, before you agree to use our app. When your data is shared with someone else, we make sure it’s kept safe by only sharing it with companies that we trust, and by following the ICO codes of conduct which explains the sharing of information.
Partners and Third Parties personal data may be shared with include: We do not share your personal data to any third party, except as set out below.
Partners we may share your data with include:
British Transport Police or other law enforcement organisations, when using their version of our app.
Education provider such as your school, when using the Inspire app – Note we do not sell or rent the personal data of pupils or students using our app for education.
Your company, when using the Pro app
Our bank or a company used to arrange payments, accountants or companies providing us with accounting software when it applies.
Microsoft and IT specialists who provide us with technical solutions for our app to work. Whenever technically feasible we anonymise or encrypt data before providing sharing your information.
Another business or organisation if they buy our company.
Government bodies, regulators, law enforcement agencies, courts and tribunal services, social services of health departments, insurance companies or lawyers acting for others in a legal capacity.
We may share anonymised data with our carefully vetted commercial partners who use the information we provide for analysis, to identify trends and to monitor their performance.
Do you have to give us your information?
No, it is your personal choice to download and use or app. If you do the amount of information we require is kept to an absolute minimum.
Your Rights
You have the right to:
Be told how we use your information.
Ask to see the information we hold about you.
Ask us to change your information you think is wrong.
Ask us to remove information we hold about you when it’s not needed anymore.
Ask us to only use your information in certain ways.
Tell us you don’t want your information to be processed.
Important things to remember
The law allows us to get and use your information. We may share your information with others and will ask for your permission to share your information whenever you have a choice. You can tell us not to share your information, even when you have said yes before. If you are unhappy with how we use your information or have any questions please contact, the imabi Data Protection Officer at gdpr@imabi.com
Some service’s at imabi are provided by other organisations such as partners or who are known as ‘third parties’; for example. This Privacy Notice does not necessarily apply to these organisations. We do undertake checks before working with third parties to ensure they also keep your personal data safe.
Appendix B – Privacy Notice for children using the Inspire app
Who are we?
imabi Ltd is a company who creates apps to improve individuals’ safety and to keep them informed. We work closely with your school to provide this service to you or other pupils at your school who want to use it.
What is personal data?
It’s information about you, for example - your name, where you live, your email address and details of the smartphone you use.
Why are we using it?
To enable us to offer you all the helpful services provided on our app Inspire.
Where do we get it from?
Your school provides us with your name and email address only.
What do we use it for?
We need your personal information to set up an account for you to use, only if you decide to do so.
Where do we keep your data?
We process your information on our own systems, and on the systems used by other companies contracted to help us provide information to you on the app.
How long do we keep it for?
For as long as you remain a pupil at the school and want to use the app. You can cancel your account at any time.
Do you have to do anything?
No, we let you your school, and your parents or carers know how we are using your data in our privacy policy. If you want to find out more, then contact your school or contact us at gdpr@imabi.com
How do you control the use of your data?
The law gives us all rights to control what companies do with their personal information. You have the same rights as grown-ups: your right to know what data we have about you, the right to correct anything that’s wrong and much more. We also work with a data protection officer to make sure that we look after your data properly.
If you want to know more?
Contact us at gdpr@imabi.com