Effective date: 01 February 2026
This Privacy Policy explains how Response24 (PTY) LTD (“Response24”, “we”, “us”, “our”) collects and uses your information when you use our mobile applications and our website at response24.co.za (together, the “Services”). We are the controller of your personal data for the purposes set out below.
If you have questions or would like to exercise your privacy rights, contact our Data Protection Officer at dpo@r24int.com.
What data we collect and why
We collect only what we need to provide the Services, keep users safe, and meet our legal obligations. We do not sell personal data.
Account and profile
Data: name, email, phone number, organization, role, country, authentication data.
Why: create and manage your account, provide support, verify identity, enterprise account administration.
Location (user-initiated and while the app is open)
Data: precise or approximate location.
Why: check-ins you initiate, incident reporting and assistance, and to deliver country/area risk alerts while the app is open.
Important: we do not collect location in the background when the app is closed or not in use unless the Immediate Assistance feature has been activated by you.
Incident reports and assistance
Data: incident details you provide (text, categories), attached photos or files, timestamps, location related to the report, communications with our team.
Why: assess and respond to incidents, coordinate assistance, maintain an audit trail, support insurance claims where applicable.
Communications and support
Data: messages you send to us (email, in-app), call metadata (time, duration), support tickets and notes.
Why: customer support, service quality, training and compliance.
Device, usage and diagnostics
Data: device model, OS and app version, IP address, performance data, crash logs, security events.
Why: keep the app reliable and secure, prevent abuse, measure and improve performance.
Note: we do not use third-party analytics or advertising SDKs.
Website data
Data: cookies and similar technologies on our website, page views, referral URLs.
Why: operate the site, security, basic analytics.
Legal bases for processing (UK/EU GDPR)
Contract: to provide and support the Services you request (e.g., account, incidents, assistance).
Legitimate interests: safety and security, fraud prevention, service improvement, enterprise administration. We balance these interests against your rights.
Consent: where we ask for it (e.g., optional features, certain notifications). You can withdraw consent at any time in the app settings.
Vital interests: to protect life or prevent serious harm (e.g., emergency assistance).
Legal obligation: to comply with law or respond to lawful requests.
How we share information
We share data only as needed, under contracts that protect your information.
Hosting, infrastructure and security providers.
Communications providers (email, in-app messaging, telephony).
Your employer or sponsoring organization where your account is enterprise-managed.
Insurance partners where assistance is linked to an insurance policy.
Emergency services or crisis responders when necessary to protect life or safety.
Professional advisers (legal, compliance) and authorities where required by law.
We do not sell personal data.
International transfers
We store and process personal data primarily in the United Kingdom and the European Economic Area (EEA). We do not routinely transfer personal data outside these regions. Where an international transfer is necessary, we rely on appropriate safeguards such as adequacy decisions or Standard Contractual Clauses approved under UK/EU data protection law.
Automated decision-making
We do not use your personal data to make decisions based solely on automated processing that produce legal or similarly significant effects.
Data retention
We keep data only for as long as necessary for the purposes described above.
Account and profile: for the life of the account and up to 3 years after last activity, then deletion or anonymization.
Location tied to check-ins/incidents: 3 years, then deletion or anonymization.
Incident reports and assistance records: 3 years, unless a longer period is required by law or for the establishment, exercise or defense of legal claims.
Device, usage and diagnostics: up to 24 months.
Website logs: up to 12 months.
If you request deletion, we will action it unless we must retain certain data to meet legal obligations or to establish, exercise or defend legal claims.
Security
We use technical and organizational measures including encryption in transit and at rest (where applicable), access controls and logging, least-privilege permissions, and continuous monitoring. No method is 100% secure; we maintain and improve safeguards in line with risk. We regularly review and update our security measures.
Children
Our mobile applications and services are intended for use by adults (18 years and older). We do not knowingly collect or process personal data from children under the age of 18. If we become aware that personal data has been collected from a child without appropriate consent, we will take steps to delete the information as soon as reasonably possible.
Your rights and choices
Subject to applicable legal limitations, you have the right to access, correct, or request deletion of your personal data. You may also object to or request restriction of certain types of processing. In addition, you may request a portable copy of your personal data and withdraw your consent at any time where processing is based on your consent.
How to exercise your rights
You may exercise your data protection rights at any time by contacting us at:
Email: dpo@r24int.com
To protect your privacy and security, we may need to verify your identity before processing your request. We will respond to your request within one month of receipt, although this period may be extended where permitted by applicable data protection law.
If you are not satisfied with our response, or believe that your personal data has been processed in a manner that does not comply with applicable data protection laws, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
Permissions and controls on your device
The app requests permissions only when you use related features:
– Location: for check-ins, incident reporting/assistance, and risk alerts while the app is actively in use.
– Camera/Photos: when you attach media to a report; you can use the system file/photo picker.
– Phone/Calls: when placing an emergency or assistance call from within the app.
You can decline or revoke permissions at any time in your device settings. Some features may not work without the relevant permission.
Changes to this policy
We will update this page when we make changes. If changes are material, we will notify you in the app or by email before they take effect. The Effective date at the top shows when this policy last changed.
Contact us
Data Protection Officer
Email: dpo@r24int.com
Postal: 136 Whatley Avenue, Raynes Park, United Kingdom, SW20 9NU
If you are in the UK, you can contact the ICO at ico.org.uk.
Summary for Google Play users
Collected: account info; location (only when you use location features or the app is open); incident details and attached media; diagnostics/crash data; basic website analytics.
Shared (by category): hosting/security; communications; insurance partners (if applicable); emergency responders (when necessary).
Security: data is encrypted in transit (and at rest where applicable).
Data deletion: available via email to dpo@r24int.com.
Background location: not collected unless Immediate Assistance is activated.