Solace Secure Privacy and Data Protection Policy

Scope

This policy outlines how Solace Global Risk Ltd (Company No. 07176579, registered in England & Wales) processes personal data in compliance with UK GDPR. If you are 16 or under, please obtain parental consent before submitting any personal data.

Data Protection Principles

Personal data must be:

a)       Lawfully, fairly and transparently processed

b)       Collected for specific, legitimate purposes

c)       Limited to what is necessary

d)       Accurate and kept up to date

e)       Retained no longer than necessary

f)         Secure

g)       Processed in line with data subjects’ rights

Data Collection

We collect only essential personal data for Solace Secure (SS) users:

-            Name

-            Mobile phone number

-            Email address

-            Travel itinerary (if applicable)

-            Last known location (with consent)

Data Sources:

-            Travel Management Company bookings

-            Manual or machine-read travel data

-            Client HR data feeds

-            User communication or actions (e.g. check-ins, SOS alerts)

Solace Secure Platform

Solace Secure provides global threat intelligence and travel risk management. Users can check in or send SOS alerts via mobile apps. Location and itinerary data are processed only with explicit user consent.

Data Security

- Data encrypted in transit and at rest

- Segregated UK-based data storage

- MFA, strong passwords, annual security testing

- Custom interfaces for each client

Compliance

- ISO 27001, ISO 22301, UK GDPR compliant

Legal Basis

Solace Global acts as a Data Processor; client organisations are the Data Controllers. All data processing is subject to user consent and client confirmation that lawful grounds exist.

Data Retention

Personal data is returned or deleted within four weeks after contract termination. Paper records are securely disposed of.


 

Sub-processors

Provider 

Data Controller 

Solace 

Secure 

Data residency 

Data Retention 

Solace Global 

Data Processor 

x 

UK 

As defined in Data Retention policy 

TMC, GDS  

Client Sub-processor  

x 

As defined by client 

n/a not controlled by Solace 

Google  

Solace Sub-processor for maps  

x 

Europe 

n/a 

Google 

App store 

x 

n/a 

n/a 

Twilio 

Solace Sub-processor for messaging SendGrid service 

x 

Ireland  

30 days  

Twilio 

Solace Sub-processor for SMS 

x 

Ireland  

13 months and not deleted automatically  

Azure 

Solace Sub-processor for Hosting, email  

x 

UK 

13 months 

Apple  

App Store 

x 

n/a 

n/a 

AWS 

Email as a Service  

x 

 

 

 

Data Subject Rights

You may request:

-            Access, correction, deletion, restriction

-            Data portability

-            Objection or withdrawal of consent

-            To lodge a complaint with the UK ICO (www.ico.org.uk)

Cookies

We use cookies to analyse site usage. You may disable cookies in your browser settings.

Third-party Links

External sites may be linked on our website; Solace Global is not responsible for their privacy practices.

 

Policy Changes

Any changes will be published on this page.

Contact details

Data Privacy Officer

Solace Global Limited, Twin Sails House, West Quay Road, Poole, Dorset, UK BH15 1JF

Email: Contact: Data Privacy Officer – dpo@solaceglobal.com

EU Representative:

EU-REP.Global GmbH, Hopfenstr. 1d, 24114 Kiel, Germany

Email: solaceglobal@eu-rep.global