Bullitt Satellite Messenger Privacy Notice
The Bullitt Satellite Messenger service (the Service), provided via the Bullitt Satellite Messenger app (the App), is a trading name of RCD 2023 Limited (RCD). RCD is the Data Controller in respect of personal information used in the connection and use of the Service. If you have any questions or concerns in relation to this Privacy Notice you can contact us at support@bullitt.com or write to us at Bullitt Satellite Messenger, 2 Scala Street, London, W1T 2HN.
At RCD, we are committed to the operation of fair and transparent processing in relation to the collection and use of personal information. In this Privacy Notice, we explain how we will collect and use your personal information. This Privacy Notice should be read alongside Bullitt Satellite Messenger service and Bullitt Messenger app Terms of Use (the Contract) which can be found at: Terms of use
Summary
What we usually collect |
When and how we collect it |
Why we collect it, and our main legal basis |
How long we will normally hold it for |
Personal Information |
When you open an Account, and after that it will be updated for the duration of time you are using our Service. |
To identify you and provide our service to you under the Contract. After the Contract has ended we have a Legitimate Interest in retaining the information to improve the Services and protect our business interests. |
While your Account is active and for up to 6 years after your Account has been closed. We may keep information for longer where necessary in connection with our right to establish, commence or defend any Legal actions, or are subject to a mandatory request from a law enforcement agency. |
Usage information |
We collect this while you are using any of the Services available via the App. |
We have a Legitimate Interest in collecting this information to manage, improve, and provide our Services to you. |
While your account is active and for up to 6 years after your account has been closed. We may keep information for longer where necessary in connection with our right to establish, commence or defend any Legal actions, or are subject to a mandatory request from a law enforcement agency. |
Message content data |
We collect, but do not have routine access to, content of messages sent and received when using the App. |
Message content data is retained and processed for a very limited time only to ensure that a message has been sent and received. Message content may be reviewed in circumstances where the SOS Services are being used. For those purposes, we need to do this in order to perform our obligations under the Contract. In some jurisdictions, we may be subject to a Legal obligation to share message content with law enforcement agencies, |
For a very limited time to ensure adequate opportunity for a message to be sent or received and whilst the SOS Services are being performed. This may be extended for as long as is necessary when we are subject to a Legal obligation to retain the data. |
Location data |
This data may be collected when you use the SOS Service, when you use the Tracking Service, or when you elect to share your location via the messenger Services we provide. |
To provide the tracking services under the contract, enabling you to view and share your location tracking sessions at a later date. Users can delete their location data at any time through the portal. In some jurisdictions, we may be subject to a Legal obligation to share location data with law enforcement agencies, |
While your account is active, unless you choose to delete it. If you delete your location data, it will be removed from our systems promptly. |
Appropriate detail on a physical or mental condition you have told us about |
We collect this when you notify us of such a condition. |
We will seek your Consent to enable us to supply additional services that may assist with your condition if you are a vulnerable customer or because there is a medical condition relevant to provision of the Services (including the SOS Services). |
While your account is active or when you tell us you wish to withdraw Consent (whichever occurs first). |
Financial and billing information |
When you request to become a subscriber to a paid-for Service, and after that the information will be updated for the duration of time you are using the paid-for Service. |
To monitor, process and record your payments under the Contract. After your contract with us has, ended we have a Legitimate Interest in retaining the information to improve the services and protect our business interests. |
While your account is active, and for up to 6 years after your account has been closed. We may keep information for longer where necessary in connection with our right to establish, commence or defend any Legal actions. |
We rely on different legal bases to process your personal information. In the section below, we have set out what each of these mean, to help you to understand the different legal bases when you see them written in bold throughout this Privacy Notice.
Consent - you have given us your express consent to process your personal information (usually by voluntarily providing the information to us), you can withdraw your consent at any time.
Contract - we are processing your personal information in order to carry out our contractual obligations under the Contract.
Legal - we are processing your personal information in order to comply with any regulatory government or legal requirements.
Legitimate Interest - we have a legitimate business interest in processing your personal information, this may include, fraud prevention, protection of our business, managing and improving the Services.
What information we may collect and how we use it
- We will collect information about you from a number of different sources, including from you directly and from third parties. Some information is collected automatically through your use of, and access to, the Services. If you do not give us the information we may ask for, we may not be able to provide some or all of our Services, or the quality of the Services may otherwise be impacted.
- We will ask for Personal Information (such as name, address, date of birth and contact details) as part of the account opening process, and when you get in touch with us about issues, complaints and payments.
- We will collect Usage Information relating to the use of the Services (including; communication data, IP addresses, the unique identifiers for your device and satellite SIM card, unique identifiers for recipients of messages you send, unique identifiers of senders of messages you receive).
- We will process Message Content Data to ensure we are able to convey messages sent and received via the Service to and from devices over the internet and satellite networks. Such message packet data may be subject to lawful intercept by law enforcement agencies in certain jurisdictions; where we are required to do so, we will comply with lawful intercept requests.
- We will process Location Data, when you use certain Services to share your location with others.
- We will collect Financial Information (including payment details, bank or payment card details, registration details, details of payments to or from you and details of data subscriptions you have purchased from us).
- We may collect information from third parties, including credit referencing agencies, fraud prevention agencies, marketing partners and other commercial partners who may deliver services to us.
- We use this information to:
- Identify you;
- Provide the services set out in the Contract;
- To administer your account with us, including how we provide the Services to you;
- To resolve issues which may from time to time arise with your account and the Services;
- Comply with our legal and regulatory obligations;
- To monitor and review how we provide the Services with a view to making improvements.
- We may also collect and process information relating to a physical or mental health condition where it is relevant for our providing the Services to individuals defined as Vulnerable. We may also collect this information where you have voluntarily given it to us, because you consider it may be relevant in the event that you require help via the SOS Services. Because of its inherent sensitivity, this type of personal information is a known as a special category of personal data and we will only collect and use this information with your explicit Consent, or if you have explicitly disclosed this information to us so that we can provide additional services that may be able to assist you. We may not be able to make reasonable adjustments to the Services unless we are informed of, and have your Consent to process, information about a Vulnerability. The response to an SOS assistance request may not be as effective if we do not have your Consent to process information about a relevant physical or mental health condition.
- We may share your information with:
- third-party partners with whom we have engaged in order to help us to provide the Services to you (Contract)
- other third parties to trace your identity or location and collect any payments on the account (Legitimate Interest).
- third-party partners to manage any extra care we may offer if you require it due to Vulnerability or a physical or mental health condition relevant to the SOS Service (Consent).
- any third party you have nominated to represent you (where you have informed us they will be dealing with your account) (Consent).
- Law enforcement agencies, relevant industry regulators and partners, tax authorities (Legal).
- Third parties to process your payments and provide validation services (Contract)
- An affiliate, a subsidiary, or a third party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock, including, without limitation, in connection with any insolvency or similar proceeding, provided that any such entity that we transfer personal data to will not be permitted to process your personal data other than as described in this Privacy Notice without providing you notice and, if required by applicable laws, obtaining your consent (Legitimate Interest).
- We may transfer and maintain personal data outside of your country. So, for instance:
- where you are using the Services in the European Economic Area (EEA), this means your data may be transferred outside of the EEA; or
- where you are using the Services in the United Kingdom (UK), this means your data may be transferred outside of the UK.
- Whenever we transfer your personal data outside of your country, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; and/or
- Where we use certain service providers, we may use specific contracts approved for use for the purpose of international transfer that give personal data the same protection it has in your country.
Keeping in touch with you
- We may use your personal information to send you service related messages by letter, email, text message, or phone. We will contact you with information by electronic means unless you have told us this is not suitable for your needs.
- Where you have given us your Consent we may use your information to let you know about other relevant products or services that we have agreed should be made available to you, but only in accordance with the terms of this Privacy Notice.
- If you do not want us to use your information to hear about our other products or services, please either tick the box in the form we use to collect your data, or contact our customer services team, and tell them you would like to opt out of receiving marketing material.
How we look after your information
- Information we hold about you is stored on secure servers that are protected from external access. The Bullitt Satellite Messenger team access our systems by individual password protected schemes, which limit access to your data only to those who need to use it to provide our Services.
- We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- All payment information is processed by a third-party service who is accredited and complies with PCI DSS standards at all times.
Your rights
- Under the relevant data privacy laws, you have various rights in relation to the information we collect and process about you.
Therefore, if you are in the EEA or the UK:
- You have the right to ask us for your personal information that we hold and process about you. This is known as a subject access request subject access request. If you wish to exercise any of these rights, please contact us at support@bullitt.com
- You can also ask:
- That any inaccurate information we hold about you is corrected;
- That we delete information about you for certain purposes;
- If a decision has been made by automated means, you have the right to challenge this decision;
- That personal data you have given us be provided to you in a common machine-readable format, or sent to a third party where this is technically feasible.
- The rights set out above may apply in limited circumstances, and we may not always be able to comply with your request to exercise these rights. We will try to respond to a request to exercise your rights within 1 month.
- If you are in the UK, to find out more about your rights please visit the Information Commissioners Officer website here: ico.org.uk/your-data-matters/.
Changes to the Privacy Information Notice
- Any changes we make to this Privacy Notice will be posted online or included in communications to you from time to time.
Users of the Service in the EEA (GDPR compliance)
- We have appointed IT Governance Europe Limited to act as our EU representative. If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR), or have any queries in relation to your rights or general privacy matters, please email our Representative at eurep@itgovernance.eu Please ensure to include our company name (RCD 2023 Limited) in any correspondence you send to our Representative.
Linked service providers
- Delivery of the Services provided by RCD 2023 Limited may rely upon the services provided by, or place you into contact with, third parties. In certain circumstances, those third parties may also act as a Data Controller operating their own privacy policies. These include Digital River and FocusPoint. Links to the relevant privacy policies are provided below:
Digital River: Privacy Policy
Focuspoint International: Privacy Policy