SCRAM Systems Data Privacy Notice
Last updated March 26, 2024
Introduction
Alcohol Monitoring Systems, Inc. dba SCRAM Systems (“SCRAM Systems”) is a public safety provider company specializing in alcohol monitoring and GPS monitoring.
We are committed to protecting and respecting your privacy.
This Privacy Notice describes SCRAM Systems’ policies and practices regarding its collection and use of personal data and sets forth privacy rights and obligations. This privacy notice is influenced by laws, regulations, market demands, ethical considerations, social norms, contractual obligations, principles, and unilateral statements.
SCRAM Systems recognizes that its customers have privacy compliance obligations and as a processor, SCRAM Systems will provide the necessary support to assist its customers fulfill their own privacy compliance obligations.
If you are a California resident, please also review SCRAM Systems’ California Resident Privacy Notice for more information about the types of personal information collected and disclosed by SCRAM Systems, as well as how to exercise your rights under California law.
Data Protection Officer
SCRAM Systems is headquartered in Littleton, Colorado, in the United States, with offices in various locations around the US and in London, United Kingdom. SCRAM Systems has appointed an internal data protection officer for you to contact if you have any questions, concerns, or complaints about SCRAM Systems’ personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to SCRAM Systems’ data protection officer. Contact information is as follows:
United States: | United Kingdom / European Union |
Fred Beck SCRAM Systems 1241 W Mineral Ave, Ste 200 Littleton, CO 80120 dpo@scramsystems.com +1 303-645-3082 | Level 1, Devonshire House, One Mayfair Place, London W1J 8AJ United Kingdom +44 (0) 207 268 4852 EU DPO Contact Info: e-mail: dpo@scramsystems.com |
Definitions
In this Privacy Notice, the following terms shall have the meanings ascribed to them:
Administering Authority: This could be a Court of Law, Department of Corrections, or other legal authority with whom you may have a legal obligation.
PII: Personal Identifiable Information; also known as Personal Data; any information relating to an identified or identifiable natural person. We may collect and process personal data about you in the ways outlined below. Where applicable, we indicate whether and why you must provide us with your Personal Data, as well as the consequences of failing to do so. If you do not provide personal data when requested, you may not be able to benefit from our Services if that information is necessary to provide you with them or if we are legally required to collect it.
Data Subject: A natural person who is the subject of PII collection. Also known as a PII principal. Also known as a Client.
Processing: Any operation or set of operations performed on PII, including collection, recording, organization, storage, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, or destruction.
Controller: A natural or legal person, public authority, agency, or another body that determines the purposes and means of PII processing.
Processor: A natural or legal person, public authority, agency, or another body that processes PII on behalf of the controller.
Consent: Freely given, specific, informed, and unambiguous indication of the data subject’s wishes, either by a statement or by a clear affirmative action.
Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to PII.
Monitoring Hardware: Monitoring hardware includes Continuous Alcohol Monitoring Bracelets, GPS tracking Bracelets, and all other communications accessories associated with them.
Alcohol Monitoring Systems, Inc.: This entity is a wholly owned subsidiary of LMG Holdings, Inc., and specializes in devices and services for continuous alcohol monitoring, GPS tracking, and their associated SaaS applications.
SCRAM Systems: SCRAM Systems is a registered DBA for Alcohol Monitoring Systems, Inc. and is a federally registered trademark. It is also used for branding purposes to identify the entire family of products and services belonging to Alcohol Monitoring Systems, Inc. and its affiliates.
AMS UK LTD.: Operating exclusively in the U.K., is a wholly owned subsidiary of Alcohol Monitoring Systems, Inc., and specializes in devices and services for continuous alcohol monitoring and their associated SaaS applications.
Data Security and Privacy Safeguards
SCRAM Systems endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with SCRAM Systems, Administering Authorities, and the practices described in this Privacy Statement. SCRAM Systems’ security and privacy practices are governed by adherence to a Privacy Information Management System (PIMS) in accordance with ISO 27001 and ISO 27701. Among the safeguards used is encryption of your PII data in transit, at rest, and in process. However, because no electronic transmission or storage of information can be entirely secure, SCRAM Systems cannot guarantee the security or privacy of your information, to the extent permitted by applicable law.
SCRAM Systems’ Role as a Data Controller
For marketing to visitors to our websites, SCRAM Systems is a data controller and determines the purpose and means of PII processing.
The Data we collect about You:
When you access our sites, we may collect, or you may provide us with personal data. We may collect, use, store, and transfer different types of personal data about you, which we have grouped together as follows:
- Identity data including your first name, last name, title, your organization and job role, or other identifiers;
- Contact data including your residential address, email address, and telephone numbers;
- Technical data including your internet protocol (IP) address, browser type, and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other details about the devices you use to access our sites;
- Usage data including information about how you use our sites; and
- Marketing and communications data including your preferences in receiving marketing materials and updates from us and third parties and your communication preferences.
Your consent comes from your use of our websites by voluntarily submitting your contact information.
We also collect, use, and share aggregated data such as statistical or demographic data. Aggregated data may be derived from your personal data but is not considered to be personal data in law as it does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing specific features. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, the combined data is personal data, and we deal with it in accordance with this privacy notice.
We do not knowingly collect details about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life, sexual orientation, or genetic or biometric data (known as “special categories of data”), or any information about criminal convictions or offenses through our sites.
Human Resources data
SCRAM Systems collects Personal Data from current, prospective, and former Employees, their contact points in case of a medical emergency, and beneficiaries under any insurance policy (“Human Resources Data”). The Human Resources Data may include title, name, address, phone number, email address, date of birth, passport number, driver’s license number, Social Security number or other government-issued identification number, financial information related to credit checks, bank details for payroll, information that may be recorded on a CV or application form, contact information of third parties in case of an emergency and beneficiaries under any insurance policy. SCRAM Systems may also collect sensitive data such as details of health and disability, including mental health, medical leave, and maternity leave; information about national origin or immigration status.
SCRAM Systems process Human Resources Data for different business purposes including:
- Human Resources administration and communication;
- Payroll and the provision of benefits;
- Compensation, including bonuses and long-term incentive administration, compensation analysis, including monitoring overtime and compliance with labour laws;
- Job grading activities;
- Performance and employee development management;
- Organizational development and succession planning;
- Absence management;
- Helpdesk and IT support services;
- Regulatory compliance;
- Internal and/or external or governmental compliance investigations;
- Internal or external audits;
- Litigation evaluation, prosecution, and defense;
- Restructuring and relocation;
- Emergency contacts and services;
- Employee safety;
How Your Personal Data is Collected:
- Direct interaction with you. You may give us identity and contact data by filling in forms on our sites or by communicating with us by mail, telephone, email or otherwise. This includes data you provide when you request information about our products and services, contact us in relation to our blog, refer a client, download resources, or use interactive features on our site or social media applications.
- Third parties and publicly available sources. We may receive personal data about you from other parties and/or from public sources, as set out below:
- technical data from analytics providers such as Google Analytics and Pardot and advertising networks such as Google Ads and Remarketing, Facebook Pixel, the X (Twitter) Conversion Tracker, and the LinkedIn Insight Tag;
- contact information about you from business partners, events, conferences, or industry tradeshows;
- other individuals under our “refer a client” form.
- Personal Data collected via automated means
- Cookies and similar technologies. We use cookies and similar technologies (collectively “cookies”) to ensure that our Services function properly, to improve our products and services and to assist with marketing campaigns. Cookies are small text files containing a string of alphanumeric characters. We and third-party partners collect information using cookies, pixel tags, or similar technologies. We and third-party service providers may use the following cookies:
- Functional cookies. Some cookies are strictly necessary to make our Services available to you. For example, to provide login functionality or to allow you to fill out forms. We cannot provide you with the Services without this type of cookie.
- Analytics cookies. We use cookies for website analytics purposes to operate, maintain and improve our Services, and to track whether you open emails that we send to you. We work with third parties such as HubSpot, Google Analytics and Microsoft Clarity for these purposes.
- Advertising cookies. We work with third party advertising partners such as Google Ads and Bing Ads to show you ads that we think may interest you. These advertising partners may set up and access their own cookies on our Services and they may otherwise collect or have access to information about you which they may collect over time and across different online services.
More information about the individual cookies we use and the purposes for which we use them is set out in the table below:
Cookie Name | Category | Decription | Additional Information |
Pardot Pi_opt_in | Analytical | This cookie is set with a true or false value when the visitor opts in or out of tracking. | |
Pardot visitor cookie | Analytical | This cookie is composed of a unique visitor ID and the unique identifier for your account. For example, the cookie name “visitor_id12345” stores the visitor value “1010101010”, and “12345” is the account identifier. This cookie is set for visitors by the Pardot tracking code. | |
Twitter Conversion Tracker | Marketing | This cookie is set to learn how users have interacted with our advertising served to them on Twitter. | See Conversion Tracking for Web sites for more information. |
LinkedIn Insight Tag | Marketing | This cookie is set for in-depth advertising campaign reporting and to help us view insights about our website visitors. The tag tracks conversions, retargets, website visitors, and provides additional insights about members interacting with our LinkedIn advertisements and boosted posts. | This data is encrypted. The LinkedIn browser cookie is stored until you manually delete it or when the cookie expires (there’s a rolling six-month expiration from the last time the visitor’s browser loaded the Insight Tag). For more information about the LinkedIn Insight Tag, view their terms of service and cookie policy. |
locale_requires_gdpr | Necessary | This cookie will be set to true if the user originates in a locale that is under GDPR compliance laws, or if the user selects a location from the nav menu that requires GDPR compliance. It will be set to false if GDPR compliance is not required. | This is set to either true or false. |
cookie_notice_accepted | Necessary | This cookie is associated with the cookie alert notice on our site. It is used to record if you have accepted cookies on the site. | This is set to either true or false. |
_ga | Analytical | This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session, and campaign data for our site’s analytics reports. | Expires after 2 years. |
_gid | Analytical | This cookie stores and update a unique value for each page visited. | |
_gat | Analytical | This cookie limits the collection of data on high traffic sites. | Expires after 10 minutes. |
wordpress_test_cookie | Necessary | This cookie tests whether or not your browser has cookies enabled. | |
wp-settings-{time}-UID | Necessary | This is used to customize your view of our site. | |
locale_info | Necessary | This cookie is used to set an international visitor’s main menu preference controlled by the country drop down in the utility navigation. | |
uvc | Necessary | This is a performance cookie for efficiently loading resources. The value is always 1. | More information: addtoany.com |
_cfduid | Necessary | This cookie is used for security. | More information: addtoany.com |
If you are a visitor from the European Union or the United Kingdom, you will have the option to set your browser to refuse marketing or analytical cookies. If you disable or refuse cookies, some parts of our site may become inaccessible or may not function properly.
How We Use Your Personal Data:
We will only use your personal data when the law allows us to do so. Our most common uses of your personal data will be:
- in order for us to perform a contract we are about to make or have made with you (or to take steps at your request before entering such a contract);
- if it is necessary for our legitimate interests and your interests and rights do not override those interests; and/or
- in order for us to comply with a legal or regulatory obligation.
The table below sets out all the ways in which we plan to use your personal data, which of the legal bases we rely on to do so and, where relevant, what the legitimate business interests are. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data.
Purpose | Description | Legal ground (where required under applicable law) |
Providing the Services | We use Personal Data about you to operate, maintain, and provide our Services, such as creating your account, setting your language and allowing you to login. | You give us consent to do so The processing is necessary for entering into, or performance of a contract to which you are a party We, or a third party, have a legitimate interest in using your Personal Data for the purpose of developing, hosting, and maintaining the Services |
Support | We use Personal Data to provide technical support, including diagnosing and resolving any issues you report. | The processing is necessary for entering into, or performance of a contract to which you are a party |
Fraud prevention | We use your Personal Data to keep our Services secure and to identify and prevent fraud in the use of our Services. | The processing is necessary for entering into, or performance of a contract to which you are a party We need it to comply with a legal obligation, for instance to comply with a court order We, or a third party, have a legitimate interest in using your Personal Data for the purpose of protecting against and preventing fraud |
Customer relationship management | We may process your Personal Data for customer relationship management purposes. | You give us consent to do so The processing is necessary for entering into, or performance of a contract to which you are a party We, or a third party, have a legitimate interest in using your Personal Data for the purpose of managing customer relationships |
Communicating with you | We may use your email address and other Personal Data as necessary to contact you for administrative purposes such as to provide information that you request, to respond to comments and questions, or to ask you to provide feedback and complete surveys. | You give us consent to do so The processing is necessary for entering into, or performance of a contract to which you are a party |
Analytics and product development | We use Personal Data about you to analyze usage trends and preferences to improve our Services, as well as to develop new products, services, features, and functionalities. | You give us consent to do so We, or a third party, have a legitimate interest in using your Personal Data for the purpose of evaluating and improving our products or services |
Marketing
You may receive marketing communications from us if you have requested such information from us. You may also receive marketing communications from us if you have purchased similar products or services from us or if you provided us with your details.
You can ask us, and/or any third party, to stop sending you marketing messages at any time by following the opt-out links in any marketing message sent to you.
If you opt out of receiving any marketing messages, this will not apply to personal data provided to us for other purposes, for example, as a result of your purchase of a product or service, warranty registration or other transaction.
SCRAM Systems’ Role as a Data Processor
As a data processor, SCRAM Systems and its family of companies, follows the directives of the respective data controllers for the products and services it offers. PII for Continuous Alcohol Monitoring, Remote Breath, and GPS tracking are collected by the controller and processed by SCRAM Systems in accordance with the contracts between SCRAM Systems and the respective controllers. SCRAM Systems will only process the PII data that it collects for the purposes expressed and established in the contracts and agreements with its customers (Controllers).
Who Do We Share Your Personal Data With
SCRAM Systems collects personal information about Data Subjects who use our products and services for alcohol monitoring and GPS tracking. The following table outlines the purpose and usage of PII of people who use our various products and services:
Company | Product or Service | Type of Data | Controller /Processor | What it includes | Where we get it | How we use it | To whom we disclose it |
AMS | Electronic Monitoring (EM) | · Contact Information · Physical description · Demographics · Vehicle and license info · Criminal and court info | Processor | · Full Name · Date of Birth · Primary Address · Primary Phone Number · Cell Phone Number · Employment History · Court Information · Job Position/Title · Disability Information · Email Address · Ethnicity/Race · Gender · Criminal Record · Attributes (Nick Name, Accent) · Marital Status · Preferred Language · Complexion · Height (ft) · Weight (lbs.) · Build · Eye Color · Hair Color · Hair Style · Hair Length · Tattoos/Scars · Other Distinguishing Characteristics · Driver’s License · Vehicle (year/make/model/color) · License Plate (issuing state) | Administering Authority (Controller) | To provide services | Administering Authority (Controller), Third Parties within our group, |
AMS | Electronic Monitoring (EM) | Information generated by the System | Processor | Information collected, monitored, stored, downloaded, and reported by the System including Alcohol levels, and if equipped, photos and GPS location | System | · To provide Services · To report to or communicate with Administering Authorities | Administering Authority (Controller) Third Parties within our group, |
AMS UK Ltd | Electronic Monitoring (EM) | None | N/A | N/A | N/A | N/A | N/A |
We may also share this information with the following entities:
- Third parties within our group (whether acting as joint controllers and/or processors), who are based in the United States, the United Kingdom, Australia, or New Zealand and provide support, marketing, and administration services and reporting. These third parties may have access to or process your Personal Data as part of providing those services to us.
- Legal. We may disclose your Personal Data to third parties if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose your Personal Data that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of our Services and any facilities or equipment used to make our Services available, or (v) protect our property or other legal rights, including to enforce our agreements, or the rights, property, or safety of others.
- Affiliates. We may share Personal Data with our affiliates and subsidiaries to which it is reasonably necessary or desirable for us to disclose Personal Data for the above-mentioned purposes.
- Merger. We may disclose or otherwise transfer Personal Data to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
- Consent. We may also disclose your Personal Data with your permission.
*Note – AMS UK Ltd only collects and processes telemetry data from the monitoring hardware and does not collect any PII data. All PII is retained and remains with the Administering Authority (Controller).
Legal Basis for Processing
The legal basis for processing personal information is obtained with your consent, except when that data is obtained by us from an Administering Authority such as a Court of Law, Department of Corrections, or other legal authority, with whom you may have a legal obligation. SCRAM Systems processes this data according to contractual and legal obligations with the Administering Authority and/or the legal jurisdiction.
SCRAM Systems will inform its customers (Controllers) if a requested process or instruction infringes applicable legislation or regulations.
PII Disclosure to third parties
SCRAM Systems will notify customers of all legally binding requests for disclosure of PII, such as court orders and subpoenas.
SCRAM Systems will reject any requests for PII disclosures that are not legally binding, consult the corresponding customer before making any PII disclosures and accepting any contractually agreed requests for PII disclosures that are authorized by the corresponding customer.
List of third parties and Subcontractors that may process PII
Microsoft Azure, AWS, Mongo Cloud Database, Google (for GPS tracking data), SendGrid, Five9,Trust Pilot, HubSpot, Twilio
This list of third-parties and subcontractors may change and shall be updated in this privacy notice from time to time. Organizations who are the controllers of the data shall be informed prior to the change, through our respective customer service departments and in accordance with the contractual obligations.
Processing personal data within the U.S. and International Data Transfers
SCRAM Systems has offices and data processing facilities in the United States. Information we collect about you will be processed in the United States for all products and services sold in the jurisdiction of the U.S. By using the SCRAM Systems’ services, you acknowledge that your personal information will be processed in the United States and shall not be transferred to any jurisdiction outside the United States.
Processing Personal Data Within Canada and International Data Transfers
SCRAM Systems has data processing facilities in Canada. Information we collect about you will be processed in Canada for all products and services sold in the jurisdiction of Canada. By using the SCRAM Systems’ services, you acknowledge that your personal information will be processed in Canada and shall not be transferred to any jurisdiction outside Canada.
Processing Personal Data Within the United Kingdom and International Data Transfers
SCRAM Systems, under contract with the Ministry of Justice (MoJ), does not collect or process personally identifiable information. All Personal information collected is under the strict control of the MoJ and their administrating authorities. Electronic monitoring telemetry data that is collected from our devices in the U.K. contains no personal identifying information and is therefore de-identified for processing in the United States. By using the SCRAM Systems’ services, you acknowledge that your personal information will be processed in the U.K. and shall not be transferred to any jurisdiction outside U.K.
Standard Contractual Clauses
Pursuant to Article 46 of the GDPR, SCRAM Systems shall provide for appropriate safeguards by entering binding, Standard Contractual Clauses (SCC), or Binding Corporate Rules (BCR) enforceable by data subjects in the EEA and the UK. These clauses are enhanced based on the guidance of the European Data Protection Board. Any future binding SCC or BCR entered into by SCRAM Systems shall be abided by as they are approved by the European Commission and the respective county’s requirements.
Data subject rights in the U.K. and European Union
The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects. A good explanation of them (in English) is available on the website of the United Kingdom’s Information Commissioner’s Office. https://ico.org.uk/ See also the website for the European Data Protection Board (EDPB) https://edpb.europa.eu/edpb_en
EU-U.S. Data Privacy Framework and the UK extension of the EU-U.S. Data Privacy Framework
SCRAM Systems complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. SCRAM Systems has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) and the UK extension with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and the UK extension DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
SCRAM Systems commits to resolve complaints about our collection or use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on EU-U.S. and the UK extension to the EU-U.S. DPF should first contact SCRAM Systems at dpo@scramsystems.com and give us the opportunity to resolve your complaint. We will respond to your complaint promptly.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, SCRAM Systems commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to PrivacyTrust, an alternative dispute resolution provider based in the United Kingdom. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.privacytrust.com/drs/alcoholmonitoringsystems for more information or to file a complaint. The services of PrivacyTrust are provided at no cost to you.
SCRAM Systems is subject to the investigatory and enforcement powers of the FTC
Finally, as a last resort and in limited situations, EU and UK individuals may seek redress from the DPF Panel a binding arbitration mechanism.
In cases of onward transfer to third parties of data of EU and UK individuals received pursuant to the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, SCRAM Systems remains liable.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, SCRAM Systems commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) with regard to unresolved complaints concerning SCRAM Systems handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.
Complaints related to human resources data should not be addressed to PrivacyTrust.
Data Subject Rights in the United States
Data subject rights in the U.S. vary from state to state as there is no national standard at this time. SCRAM Systems shall respect each of the state’s requirements for data subject rights. In the following States you have the right to Opt-Out of direct marketing or data sharing with third parties for marketing purposes: California, Colorado, Connecticut, Indiana, Iowa, Montana, Tennessee, Texas, Utah, and Virginia. To exercise your right to Opt-out of direct marketing and data sharing with third parties for marketing purposes, or other rights you are entitled to, please make a request by email to dpo@scramsystems.com. SCRAM Systems will not use personal data for marketing and advertising purposes, without establishing prior consent from the data subject.
Most notable is the California Consumer Privacy Act of 2018 (“CCPA”).
If you are a California resident, please also review our California Resident Privacy Notice for more information about how to exercise your rights under California law.
Your Rights in Relation to Your Personal Data
Depending on where you reside, you may have the following legal rights:
- Access and Portability. You may ask us to provide you with a copy of the Personal Data we maintain about you, including a machine-readable copy of the Personal Data that you have provided to us, and request information about its processing.
- Rectification and Deletion. You may ask us to update and correct inaccuracies in your Personal Data, or to have the information anonymized or deleted, as appropriate.
- Restriction and Objection. You may ask us to restrict the processing of your Personal Data, or object to such processing.
- Consent Withdrawal. You may withdraw any consent you previously provided to us regarding the processing of your Personal Data, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdraw your consent.
- Complaint. You may lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where an incident took place. We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.
Data Storage and Retention
Retention of data that is owned by an Administering Authority (Controller) is managed by that Administering Authority. We will retain personal data we process on behalf of our customers for as long as needed to provide services to our customers, or for as long as is reasonably necessary to meet and comply with our legal obligations, resolve disputes, prevent fraud and abuse and enforce our terms and conditions. Retention of data laws and regulations vary from jurisdiction to jurisdiction, and it is incumbent upon the controller to ensure that its contracted or approved processors such as SCRAM Systems delete personal information according to contract or explicit request. Any request from a data subject to delete personal information owned by the respective controller shall be redirected to the Controller. SCRAM Systems shall delete personal information solely collected and used for marketing purposes upon the data subject’s request and in accordance with local data privacy laws. To make this request, contact the Data Protection Officer at dpo@scramsystems.com.
SMS Text Opt In/Out Service Information
Monitoring clients have the option to sign up for automated SMS Text reminders as part of their monitoring service. When an individual opts into the service, we will send an SMS message to confirm registration.
Monitoring clients can cancel the SMS Text service at any time. Text “STOP”. After you send the SMS message “STOP” to us, we will send you an SMS message to confirm that you have been unsubscribed. After this, you will no longer receive SMS messages from us. If you want to join again, just sign up as you did the first time, and we will start sending SMS messages to you again.
If at any time you forget what keywords are supported, just text “HELP”. After you send the SMS message “HELP” to us, we will respond with instructions on how to use our service as well as how to unsubscribe.
We are able to deliver messages to the following mobile phone carriers:
Major carriers: AT&T, Verizon Wireless, Sprint, T-Mobile, MetroPCS, U.S. Cellular, Alltel, Boost Mobile, Nextel, and Virgin Mobile.
Minor carriers: Alaska Communications Systems (ACS), Appalachian Wireless (EKN), Bluegrass Cellular, Cellular One of East Central IL (ECIT), Cellular One of Northeast Pennsylvania, Cincinnati Bell Wireless, Cricket, Coral Wireless (Mobi PCS), COX, Cross, Element Mobile (Flat Wireless), Epic Touch (Elkhart Telephone), GCI, Golden State, Hawkeye (Chat Mobility), Hawkeye (NW Missouri), Illinois Valley Cellular, Inland Cellular, iWireless (Iowa Wireless), Keystone Wireless (Immix Wireless/PC Man), Mosaic (Consolidated or CTC Telecom), Nex-Tech Wireless, NTelos, Panhandle Communications, Pioneer, Plateau (Texas RSA 3 Ltd), Revol, RINA, Simmetry (TMP Corporation), Thumb Cellular, Union Wireless, United Wireless, Viaero Wireless, and West Central (WCC or 5 Star Wireless).
Please note: Carriers are not liable for delayed or undelivered messages.
As always, message and data rates may apply for any messages sent to you from us and to us from you. You will receive messages as agreed to in the Participant Agreement. If you have any questions about your text plan or data plan, it is best to contact your wireless provider. For all questions about the services provided by this short code, you can send an email to info@scramsystems.com.
Backups
AMS Data Backups are retained for 30 days unless contractual agreements specify otherwise.
Incident and Breach Notification
48 hour policy unless contractual agreements specify otherwise.
Other Agreements That May Apply
Upon receipt of any SCRAM Systems product or services, such as remote breath device, continuous alcohol monitoring device, GPS tracking device, or other hardware, the data subject shall be presented with a copy of this Privacy Notice and additional agreements for the usage of these devices and services, and consent to collect and process personal information.
Children’s Privacy
We do not knowingly collect, maintain, or use Personal Data from children under 16 years of age, and no part of our Services are directed to children. If you learn that a child has provided us with Personal Data in violation of this Policy, then you may alert us by contacting us using the contact details at the top of this Policy.
Third Party Websites
Our sites may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third parties and are not responsible for their privacy policies. When you leave our sites, we recommend that you read the privacy policy of every website you visit and every plug-in or application you use
Changes to this Policy
We may update this Policy occasionally to reflect changes in our privacy practices. If we modify this Policy, we will indicate the date of the latest revision at the top of this Policy.