This document outlines how Proactive Reporting. handles your data, be it personal or other information.
As far as possible, we've used plain English to explain how we respect your privacy and why you should trust us with your data.
This Privacy Policy applies to all products, services and websites provided by Proactive (collectively referred to as the "Proactive Service"), except where otherwise noted.
The Proactive Service is provided to two distinct groups. Firstly, our Service provides a platform and set of tools that enables people, companies and organisations to store and view data about incidents, hazards, and checklists that have been submitted to the platform by users (Customers). Secondly, it serves groups who are able to submit data through the provided platform and web app (Users). Proactive receives and handles information differently for customers and users, so we have split this Privacy Policy into two dedicated sections, one for each group.
Section 1 — Privacy for Customers
Our approach to your data
Your data is yours. Proactive regards all content that you create within your account on the Proactive Service (reports, user accounts, email addresses etc.) as being your private property, owned wholly by you. Proactive does not sell your content or data to anyone, and we only process and make your data available as needed to provide the Proactive Service, with the exception of a limited set of circumstances (e.g. Proactive is compelled by law, or if you've given us permission to do so).
Your data is hosted on databases within the UK within a high security Level 1 Datacenter.
Proactive is committed to processing and storing your data securely.
Information that Proactive collects
Proactive collects information relating to you and your use of the Proactive Service from a variety of sources, which are listed below, along with details of how we use this information.
Information we collect directly from you
Registration information. You need to create a Proactive account before you can access the Proactive Service. Our account signup collects your company name and one main contact email address.
Billing information. If you make a payment to Proactive, we require that you provide your billing details, including name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date). If you provide a billing address, we will regard that as the location of the account holder. Proactive does not store or log any sensitive cardholder data provided by you.
App data from users. We store the data you and your app users upload, import and otherwise submit to us.
Other data you intentionally share. We may store or collect your personal information or data if you explicitly send it to us for specified purposes. For example, if you give us a customer testimonial or participate in a Proactive-sponsored marketing event.
We don't share, sell or use your users' information. Proactive will not contact your users via email or other means unless you specifically request us to do so. We will not sell or make available your users' contact or other information to any third parties, aside from what is necessary to provide the Proactive Service.
Information we collect indirectly or passively
Usage data. Like most software services today, Proactive collects usage data about you whenever you interact with our services. This can include which Proactive areas/pages you visit, what you click on, when you performed those actions, and so on.
Device data. Proactive collects data from the device you use to access our services, such as your IP address, operating system version, device manufacturer and model, and browser type. We may also infer your geographic location based on your IP address.
Referral data. If you arrive at a Proactive website from an external source (such as a link on another website or in an email), Proactive records information about the source that referred you to us.
Information from third parties. Proactive may collect your personal information or data from third parties, if you have given permission to those third parties to share your information.
How Proactive uses collected information
To Proactive, your data is private and owned by you. Proactive does not use your data other than as described in this Privacy Policy unless we have your consent. We do not sell or make available your app data to third parties, beyond what is necessary to provide the Proactive Service, without your permission.
Lawful basis for processing
Proactive processes your personal data on the following lawful bases: (a) performance of a contract, where processing is necessary to provide the Proactive Service; (b) legitimate interests, for security, fraud prevention, and service improvement; and (c) compliance with legal obligations. Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal.
To provide the Proactive Service to you
Customer support is the most common reason for us accessing your data, since Proactive will often need to view your account, data and users in order to provide training, advice and troubleshooting.
Our connectors ("Share a report") options and any APIs we build give you the option to export and import data between the Proactive Service and other external applications. When using connectors, you may be disclosing your data to the individuals or organisations responsible for operating and maintaining such third-party applications and sites. Proactive does not own or operate the external services that you choose to connect with, and you should review the privacy policies of such external services to ensure you are comfortable with the ways in which they may use the data you share with them.
To manage the Proactive Service
To maintain, monitor and enhance the Proactive Service. We perform internal statistical and other analyses on data we collect to measure user behaviour and trends, to understand how people use the Proactive Service, and to monitor, troubleshoot and improve the Proactive Service.
To enforce our Terms of Use. Occasionally Proactive may need to review data in your account in order to determine whether there is a breach to our contractual terms.
To prevent potentially illegal activities.
To create new functionality, services or content. Proactive may internally review your app designs and data for the purpose of creating new features, support content or services. When Proactive does so, neither individual customers nor app users will be identified or identifiable unless we have obtained their permission.
To contact you about your service or account. Proactive may occasionally send you communications of a transactional nature. You cannot opt out of this type of communication since it is required to provide our services to you.
To contact you for marketing purposes. Proactive will send you promotional emails only if you consent to us contacting you for this purpose. You can opt out at any time by clicking the "unsubscribe" link in these emails.
To respond to legal requests and prevent harm. If Proactive receives a legal request, we may need to inspect the data held to determine the appropriate response.
Who Proactive shares your data with
We recognise that you have entrusted Proactive with safeguarding the privacy of your information. The only time Proactive will disclose or share your personal information or user data with a third party is when Proactive has done one of three things, in accordance with applicable law:
Given you notice, such as in this Privacy Policy;
Obtained your express consent, such as through an email or other form of communication; or
Anonymised or aggregated the information so that individual persons or other entities cannot reasonably be identified by it.
We may share:
Your data with our sub-processors. We use third-party service providers ("sub-processors") to help us provide the Proactive Service. Proactive gives these sub-processors access to your data only to the extent necessary for them to perform their services for us. A list of our sub-processors can be emailed on request.
Your email address with your organisation. If the email address under which you've registered belongs to or is controlled by an organisation, Proactive may disclose that email address to that organisation to assist with account administration.
Aggregated or anonymised data with third parties to improve or promote the Proactive Service. We ensure that no person can be reasonably identified or linked to any data we share for this purpose.
Injury statistics with NGBs and Insurers. Some of our customers provide Proactive Reporting to you under a contract with an NGB (National Governing Body) or Insurer. In these cases, injury statistics may be shared with the relevant NGB or Insurer. The focus of this data sharing is to improve overall safety reporting and education programmes. All such data is aggregated and is not personally identifiable.
Your data if required or permitted by law. Proactive may disclose your information as required by law, or when disclosure is necessary to protect our rights or to comply with a judicial proceeding, court order, or other legal process.
Your information if there's a change in our business ownership or structure. If ownership of all or substantially all of Proactive's business changes, or if Proactive undertakes a corporate reorganisation, you expressly consent to Proactive transferring your information to the new owner or successor entity so that we can continue providing the Proactive Service.
Your data rights
Under applicable data protection legislation, you have the following rights over your personal data:
Access
Request a copy of the personal data Proactive holds about you.
Rectification
Request correction of inaccurate or incomplete personal data.
Erasure
Request deletion of your personal data where there is no compelling reason for its continued processing.
Restriction
Request that Proactive restricts the processing of your personal data in certain circumstances.
Portability
Where processing is based on consent or contract, request your data in a structured, machine-readable format.
Object
Object to processing carried out on the basis of legitimate interests.
Withdraw Consent
Where processing is based on consent, withdraw it at any time.
Response timeframe: Proactive will respond to all valid requests within one month of receipt. This period may be extended by a further two months where requests are complex or numerous; we will inform you within one month of receipt. A full data retention schedule is available on request from our support team.
You can also act directly within the service:
Update your account details via the provided organisation and user editing pages.
Download/backup your app data. Proactive provides functionality to export your app data in a variety of formats.
Cancel your account. To cancel and delete your account, please contact our support team. When an organisation cancels their account, Proactive will provide a "Data File" containing all data collected within the Proactive system. Note that certain data (such as incident/accident records) may be required by law and should be retained according to statutory requirements.
Proactive's data retention timeframes
We retain your data for as long as you have an account on the Proactive Service, or as required to comply with our legal obligations, resolve disputes, or enforce our agreements. A full data retention schedule is available on request from our support team.
Deletion of your Proactive Service account. After you initiate the deletion of your account, the account is disabled immediately, but the account and associated data may be held in our database for a period of up to 90 days. You can contact our support team within that time to request the account be restored. After permanent deletion, Proactive won't be able to restore it or the associated data.
App user account deleted by an account administrator. This disables the target user account immediately, but the user and associated data is retained by Proactive until the customer account is cancelled and the associated data file is provided to the customer.
Security and other important information
Changes to this Privacy Policy. Proactive may modify this Privacy Policy at any time. If the changes are significant, you will be provided with additional, prominent notice by email or other conspicuous means. If you continue to use Proactive services after being notified, you will be considered as having expressly consented to the changes.
Security. Proactive takes security seriously and is committed to processing your personal information and data with respect and integrity. Regardless of the protections and precautions undertaken, there is always a risk that your personal information may be viewed and used by unauthorised third parties. If you have any questions about security, contact our support team.
Data locations. We use Amazon Web Services to host customer accounts and they are named as our data hosting server provider.
Cookie Notification. Proactive uses cookies solely for security reasons: we store your login details in an encrypted cookie to authenticate your identity and to keep you logged into the Proactive Service. You can choose to remove or disable cookies via your browser settings, but note that doing so will prevent you from logging in. By using our websites and agreeing to this Privacy Policy, you consent to the use of cookies as described.
Blogs and Forums. Proactive websites may offer publicly accessible blogs and community forums. Any information you provide in these areas might be read, collected, and used by others who access them. To request removal of your personal information, contact our support team.
Social Media Features. Proactive websites may include social media features or widgets. Your interactions with these features are governed by the privacy policy of the third party providing them.
Safety of Children. Proactive services are not intended for individuals under the age of 16. Proactive does not knowingly collect personal information from persons under 16. If you have reason to believe this has occurred, please contact our support team.
English version only. The English language version of this Privacy Policy is authoritative.
Notices for European Union and United Kingdom users
Personal data. For users located in the EU or UK, references to "personal information" in this policy are equivalent to "personal data" as defined in the UK GDPR and prevailing EU data protection regulations.
IP addresses. Our servers may record the incoming IP addresses of visitors to Proactive websites and services and store them in log files for system administration, maintenance, record keeping, and security purposes (e.g. controlling abuse, spam and DDoS attacks).
Data controller. Proactive is the data controller for registration, billing and other account information collected from Proactive Service users in the EU and UK. However, the data controller for all submitted reports and data is the customer. Proactive only processes data in accordance with the instructions and permissions provided by the customer.
Accessing and correcting your personal data. You have the right to access and correct the personal information that Proactive holds about you by visiting the provided "edit user" pages or by contacting our support team.
Your responsibilities. By using the Proactive Service, you agree to comply with adequate data protection requirements when collecting and using your data, including informing respondents about the specific uses and disclosures of their data.
Your data is hosted within the UK. Your data will be hosted exclusively within our UK data centres.
Right to lodge a complaint. If you are located in the UK or EU and believe that Proactive has not complied with applicable data protection law, you have the right to lodge a complaint with the relevant supervisory authority. In the UK, this is the Information Commissioner's Office (ICO): www.ico.org.uk.
You are giving the following express consents
By accessing this Privacy Policy, you expressly consent to the following:
You consent to the collection, use, disclosure and processing of your personal data in the manner described in this Privacy Policy, including our procedures relating to cookies, IP addresses and log files.
You consent to Proactive sharing your personal data with relevant persons working for sub-processors and affiliates when necessary to provide the Proactive Service.
You consent to our use of cookies as described in this Privacy Policy.
Section 2 — Privacy for App Users
How the Proactive Service applies to you
Proactive is the processor of your data; your organisation (referred to as "customer" in this policy) is the controller. Proactive does not sell or share your submitted data with third party advertisers or marketers. Our interaction with any personal information and other data you submit is purely for the purposes of providing the Proactive Service.
Your organisation controls your data and instructs us on what to do with the data, which we then perform subject to this Privacy Policy, relevant data protection legislation, and our Terms of Use. If you believe that your organisation is violating our conditions of use, please email us with details of the violation.
Information that Proactive collects
When you interact with our platform, we collect and process information relating to you and your use of the Proactive Service from a variety of sources. All collection and processing of such information is on behalf of, and upon the instructions of, the customer.
Information Proactive collects directly from you
App data. Proactive collects and stores the app data that you interact with, modify or submit. Your organisation is responsible for this data and manages it. If you have any questions about what is being collected, please contact your organisation directly. Your organisation's own privacy policy will always supersede the privacy policy provided by Proactive.
Information about your subjects. The Proactive app is designed to allow staff (users) to report incidents, hazards, and complete checks. It is likely that users will submit personal information about other persons involved with or affected by incidents or hazards. Users must ensure that data submitted is done so in line with their organisation's privacy policy. Subjects of reports should be made aware of the organisation's use of Proactive.
Information we collect indirectly or passively
User account information. Your organisation account administrator will normally create your user account, providing us with your name and email address. These details are required to provide you with app user access on the Proactive Service.
Usage data. Proactive collects usage data about you whenever you interact with the Proactive Service, including which pages you visit and when. Proactive servers keep log files that record data each time a device accesses those servers. Proactive does not link this usage data to your submitted app data.
Device data. Proactive collects data from the device you use to access our services, such as your IP address, operating system version, device make and model, and browser type. Proactive may also infer your geographic location based on your IP address.
Referral data. Proactive may record information about the source that referred you to an app (e.g. a web link or invite email).
How Proactive uses collected information
The data from your app interactions is owned and managed by your organisation, and Proactive treats that information as private to the organisation. Please contact the organisation directly to understand how they use your app data.
Proactive does not sell or make available app data to third parties, beyond what is necessary to provide the Proactive Service, without the customer's instruction, and does not use any contact details collected in our customers' apps to contact persons recorded in that app data.
Proactive also uses information collected from you, including usage data, device data and referral data, to manage and improve our services and for the various purposes described in this Privacy Policy.
Lawful basis for processing
Proactive processes app user personal data as a data processor acting on the instructions of the customer (data controller). The customer is responsible for establishing and communicating the lawful basis for processing to app users. Proactive's own processing of usage, device and referral data is carried out on the basis of legitimate interests in maintaining and improving the security and operation of the Proactive Service.
Who Proactive shares your data with
Proactive will share your app data and interactions with third parties only as described in this Privacy Policy. Proactive discloses:
Your data to your organisation. Your app data and interactions (e.g. report submissions) will be provided to the customer. Contact your organisation directly to understand how they might use your app data.
Your data to third parties as necessary to provide the Proactive Service. Please see Section 1 of this Privacy Policy to understand how Proactive processes app data on behalf of customers, and to whom Proactive may disclose app data.
Injury statistics to NGBs and Insurers. Some customers provide Proactive Reporting under a contract with an NGB or Insurer. In these cases, injury statistics may be shared with the relevant NGB or Insurer to improve overall safety reporting and education programmes. All such data is aggregated and is not personally identifiable.
Your data rights
Under applicable data protection legislation, you have the right to access, rectify, erase, restrict processing of, and port your personal data, as well as the right to object to certain processing. Because Proactive acts as a data processor in respect of your app data, most requests relating to app data should be directed to your organisation (the data controller).
You may request access to and correction of the personal information Proactive itself holds about you (such as your user account details) by contacting our support team. Proactive will respond to your request within one month.
Opt out of using Proactive-powered apps. Your use of Proactive-powered apps is voluntary and can be stopped at any time. Note that your employer or organisation may require you to use Proactive-powered apps as part of your activities for them, in which case you will need to address your concerns directly to them.
Security and other important information
Changes to this Privacy Policy. Proactive may modify this policy at any time. If the changes are significant, you will be provided with additional, prominent notice. If, after being informed of the changes, you continue to use the Proactive Service, you will be considered as having expressly consented to the changes. If you disagree, you may request your account be deleted by your organisation administrator, or by contacting our support team.
Security. Proactive takes security seriously and is committed to processing your personal information and data with respect and integrity. If you have any questions about the security of your personal information, contact our support team.
Data locations. We use Amazon Web Services to host customer accounts and they are named as our data hosting server provider.
Cookie Notification. Proactive uses cookies solely for security reasons: we store your login details in an encrypted cookie to authenticate your identity and keep you logged in. You can disable cookies via your browser settings, but doing so will prevent you from logging in.
Blogs and Forums. Any information you provide in publicly accessible blog or community forum areas might be read, collected, and used by others. To request removal of your personal information, contact our support team.
Social Media Features. Proactive websites may include social media features or widgets. Your interactions with these features are governed by the privacy policy of the third party providing them.
Safety of Children. Proactive services are not intended for individuals under the age of 16. Proactive does not knowingly collect personal information from persons under 16. If you have reason to believe this has occurred, please contact our support team.
Information provided about children. By its nature, Proactive may involve the gathering of data about young people, for example in the form of incident reporting, which is sensitive information. Users must ensure that they are aware of the data protection policy from their organisation and any special provisions for the gathering and sharing of data relating to young people.
English version only. The English language version of this Privacy Policy is authoritative.
Notices for European Union and United Kingdom users
Personal data. For users located in the EU or UK, references to "personal information" in this policy are equivalent to "personal data" as defined in the UK GDPR and prevailing EU data protection regulations.
IP addresses. Our servers may record the incoming IP addresses of visitors to Proactive websites and services and store them in log files for system administration, maintenance, record keeping, and security purposes (e.g. controlling abuse, spam and DDoS attacks).
Data controller. Proactive is the data controller for registration and account information collected from Proactive Service users in the EU and UK. However, the data controller for all app data is the organisation that assigns use of the Proactive platform. Proactive only processes app data in accordance with the instructions and permissions configured by the organisation.
Accessing and correcting your personal data. You have the right to access and correct the personal information that Proactive holds about you by visiting the "edit user" pages controlled by your organisation or by contacting our support team.
Your responsibilities. By using the Proactive Service, you agree to comply with adequate data protection requirements when collecting and using your app data, including requirements to inform respondents/subjects of reports about the specific uses and disclosures of their data.
Your data is hosted within the UK. Provided your organisation has specified the United Kingdom or an EU country as your organisation's location at signup, your data will be hosted exclusively within the UK.
Right to lodge a complaint. If you are located in the UK or EU and believe that Proactive has not complied with applicable data protection law, you have the right to lodge a complaint with the relevant supervisory authority. In the UK, this is the Information Commissioner's Office (ICO): www.ico.org.uk.
You are giving the following express consents
By accessing Proactive you are indicating your acceptance of this Privacy Policy and expressly consent to the following:
You consent to the collection, use, disclosure and processing of your personal data in the manner described in this Privacy Policy, including our procedures relating to cookies, IP addresses and log files.
You consent and agree that Proactive and our various affiliates and sub-processors may process your data in countries which do not have data protection laws that provide the same level of protection as in European Economic Area countries. Proactive commits to having contracts in place with these affiliates and sub-processors that include similar requirements as prevailing EU and UK data protection legislation. Your consent is voluntary, and you may revoke it at any time. If you opt out, we will no longer be able to provide you with the Proactive Service.
You consent to Proactive sharing your personal data with relevant persons working for sub-processors and affiliates when necessary to provide the Proactive Service.
You consent to our use of cookies as described in this Privacy Policy.