Effective: May 25th 2018
Summary of Privacy Statement
This policy covers how MapAlerter treats Personally Identifiable Information (“PII”) that MapAlerter collects, stores and processes through the service. MapAlerter is used to send news alerts to subscribers from their local authority based on six core alert categories (Water Alerts, Road Alerts, Community/Miscellaneous Alerts, Flood Alerts, Weather Alerts and Planning Alerts). Alerts are issued by a combination of SMS, Email, app notifications and chat applications. Alerts are also geographically focused meaning the subscriber will only receive alerts based on the locations stored in their MapAlerter account. At all times the subscriber is in control of what information they receive, the locational relevance of alerts, the channels used to contact them, as well as an ability to quickly unsubscribe from the service in a few easy ways. This privacy statement sets out how MapAlerter and Pin Point Alerts Ltd (the company that owns the service and is the Data Controller and Data Processor) processes subscriber personal data, secures this personal data, and the various company policies that adheres to General Data Protection Regulation.
The following Personally Identifiable Information (“PII”) is gathered from registered users (“subscribers”):
1. Irish Mobile Number
MapAlerter is provided exclusively to Irish phone holders. For that reason, you must have a unique login to MapAlerter and your mobile number is used to create and access your account. Your mobile number will also be used to send you SMS Text Alerts from your local authority which are a core reason for subscribing to MapAlerter in the first place.
You need to authenticate with MapAlerter to access your account. Passwords are created at registration and they are salted/hashed on the MapAlerter server – passwords are never stored in plain text.
3. Up to two stored map locations, by way of coarse map coordinates
MapAlerter offers focused alerts from your local authority that are locally relevant to recipients. To make this happen MapAlerter allows you to add up to two locations for which you want to receive alerts. These are branded as “Home” and “Work” locations and we also generate a route between the two locations. A minimum of one location is required while the second location is optional. It is up to the subscriber to map their location on the system and to provide the level of accuracy they are satisfied with. It is not necessary to map exactly to a home location – the centre of a town or townland is usually sufficient to ensure you get the alerts that impact you. MapAlerter stores coordinates statically in a database after they are updated by the subscriber and MapAlerter does not track your location at any time. Coordinates are stored as a Latitude Longitude pair.
4. Email Address
MapAlerter uses your email address to send you email alerts from your local authority. The email address is a unique entity in the MapAlerter database and it is also used to reset your account password, if you forget it. In extremely rare cases your email address is used to send out service updates, survey/feedback requests, policy changes and changes to the MapAlerter terms and conditions if further consent is required.
5. IP address
Summary of how we use the information we gather:
We use the information to allow you to manage your unique account. We require your contact details to correctly send you notifications, and we require a unique username (mobile number) for you to create an account. Your password is used to access your MapAlerter.com account. To send you correct localized alerts and notifications we require coordinate information about your location - this can be accurate to your town/city and not necessarily to your exact home location. Mapping a point on the map is optional for your place of work (if you wish to receive notifications about your place of work). In the case of poor behaviour on our site (e.g., attempted insults of your local authority) we may use your IP Address to identify any potential threats or insulting behaviour.
The people that are given access to your personal information:
MapAlerter (Pin Point Alerts Ltd) is the sole owner of the MapAlerter user database. We will solely use your PII details for the purposes of identifying if you should receive a text/email/app notification and, subsequently, we will use your contact details to correctly deliver the notification and/or alert. Your Local Authority will never be able to access user details stored in the MapAlerter.com user database. A local authority staff member can simply log in and generate an alert, but not identify the recipients - MapAlerter.com will identify the recipients based on their coordinate locations stored in the database and send alerts accordingly. At no time is the MapAlerter subscriber database made available to external 3rd parties, nor is it foreseen to engage with external companies that can access the subscriber database at any time. If this policy changes then all subscribers will be notified in writing. If MapAlerter engages 3rd party agencies for any IT development work then it will take place on a cloned version of MapAlerter with an empty subscriber database.
The security measures we have in place to protect your personal information:
We have put in place reasonable and appropriate physical, electronic, and managerial procedures to help safeguard information we collect through MapAlerter. However, you should know that no company, including MapAlerter or Pin Point Alerts Ltd, can fully eliminate security risks associated with Personally Identifiable Information (PII). To help protect yourself, please use a strong password, do not use the same passwords to access your MapAlerter accounts that you use with other accounts or services, and protect your user names and passwords to help prevent others from accessing your accounts and services.
A subscriber can choose to delete their account at any time and they will be instantly removed from the live MapAlerter subscriber database. However, PII we collect will be contained in secure encrypted backups for a maximum of 14 days after a subscriber has unsubscribed from the system. The 14-day period is part of Pin Point Alerts Ltd’s corporate backup strategy and is within a reasonable time to remove the subscriber. However, if a subscriber unsubscribes from MapAlerter then they shouldn’t receive any further alerts from the service within 3-4 hours (the live subscriber database is cached throughout the day at a maximum of 4-hour intervals for performance reasons).
What Choices Do We Give You and How Can You Correct or Review Your Personal Information?
i. Unsubscribe Feature on MapAlerter.com without logging into the service
MapAlerter offers a dedicated feature to Unsubscribe from the service. This is available to all subscribers at www.mapalerter.com/unsubscribe. This feature doesn’t expect the subscriber to login to access the feature, but they must authenticate themselves by providing their account’s registered Mobile and Email for verification purposes. An SMS will be send to valid account holders to confirm they have a right to make account changes and to delete the account. The entire process takes 1-2 minutes to complete.
ii. Disable alerts by Email or SMS without having to login to your account.
MapAlerter allows subscribers to switch off SMS or Email alerts without having to login to their account. This is a self-service feature available from the menu at www.mapalerter.com/unsubscribe. Subscribers must confirm they own an account by providing their account email address and mobile number. Confirmation codes are sent to verified account holders by SMS or Email, depending on the alert channel that they want switched off. After receiving a confirmation code by SMS, the subscriber must enter this code onto the MapAlerter website before gaining permission to switch off SMS alerts. Meanwhile after receiving a confirmation code by email, the subscriber must enter this code onto the MapAlerter website before gaining permission to switch off Email alerts.
iii. Login to MapAlerter.com to manage or delete your account
MapAlerter allows subscribers to login and manage their account with the username (mobile or email) and password they created during the registration process. The login area is accessed from www.mapalerter.com/login. After a subscriber logs into the MapAlerter website they can change their contact preferences to receive alerts on various channels, change their mapped locations to receive more accurate local alerts and also, they can delete their account entirely (after login scroll to the bottom of the screen and follow the “Delete Account” link).
iv. Subject Access Requests
MapAlerter is owned and operated by Pin Point Alerts Ltd, which operates several “alert” services apart from MapAlerter. To make Subject Access Requests (SAR) easier, subscribers can request a copy of the data that MapAlerter / Pin Point Alerts stores on them from a dedicated SAR website at https://sar.pinpointalerts.com. Subscribers can create a temporary account by including their mobile number or email address which are the core Personally Identifiable Information (PII) unique identifiers in any system that is provided. Once you search for your mobile number or email address on this website, we will determine if it part of any system operated by Pin Point Alerts in its capacity as a Data Controller or Data Processor. Temporary (24 hour) login details are sent by SMS or Email, depending on how the subscriber searched for their PII. After the subscriber logs into the SAR website they can view and print reports about the information stored on them. They are also advised where to go and who to contact to make changes to the details. In the case of MapAlerter, they will be directed to www.mapalerter.com/unsubscribe to self-serve their account updates or deletion.
Third Party Analytics:
We may provide anonymous data to third party analytics companies (i.e. no PII data is transferred) to help us understand how MapAlerter is being used and to help us make improvements. The MapAlerter.com website solely uses Google Analytics for its website analytics management. The MapAlerter App for iOS uses analytics provided as part of the Apple Developer Programme to maintain and access how many app installs have taken place. Similarly, the MapAlerter App for Android uses analytics provided as part of the Google Play Console to maintain and access how many app installs have taken place. Google Maps, LeafletJS maps and ArcGIS Online maps are used throughout the MapAlerter service and analytics are gathered to track performance and usage levels.
Where does the Personally Identifiable Information (PII) database and backups reside?
All aspects of MapAlerter including databases and websites are hosted within the European Union. At no stage is PII transferred to a 3rd country outside of the European Union. Backups are fully encrypted and stored securely in Ireland for a maximum period of 14 days before self-deleting. We are happy to share further information on our storage and security practices with our clients and subscribers at any time.
Questions and Complaints
If you believe MapAlerter maintains your personal data (PII) incorrectly then you may direct any inquiries or complaints concerning our Data Protection and GDPR compliance to firstname.lastname@example.org. We will respond within a maximum of 3 working days. If you want us to forcibly remove you from the MapAlerter system (i.e. you are not able to use the MapAlerter Unsubscribe service listed above) then it will take up to 7 working days. If we fail to respond within that time, or if our response does not address your concern, then please contact Pin Point Alerts Ltd directly at 01 2544363. It may be a case that your email did not arrive, and we want to ensure we deal with your inquiry as soon as possible.