In respect of the Processing activities described in this privacy policy (the “Policy”), Pocket Sergeant Limited, a company with its registered address at 4b Evolution Way, Wynyard Avenue, Wynyard Business Park, Wynyard, Durham, TS22 5TB (“Pocket Sergeant”, “PocketSgt”, “we” or “us”) acts as the Processor of personal data on behalf of enterprise clients, unless stated otherwise. Where we collect and use information to support our own operations (e.g. system administration, technical diagnostics), Pocket Sergeant Ltd acts as the Controller.

This Policy is addressed to individuals using PSPRO – the enterprise version of Pocket Sergeant – through an authorised organisation or employer (“you”). It details the Personal Data we collect and explains how we handle that Personal Data. Defined terms used in this Policy are explained in section 10 below.

We are committed to protecting your Personal Data.

1. What data do we collect or create, what do we use it for and what is our legal basis?

In this section, we explain what Personal Data we collect or create through PSPRO, the purposes for which we use it, and the legal basis of the relevant Processing activity.

(A) PSPRO is designed for use exclusively by authorised users within enterprise organisations such as police forces, government bodies, or legal entities.

(B) Our App – PSPRO

We may collect the following data when you use PSPRO:
• Your email address and/or username
• Organisation ID or licence key
• Role or permission level
• Your device ID
• Technical logs or usage data (e.g. crash reports, login timestamps)
This information is used to:
• Authenticate you as an authorised user
• Provide you with secure access to PSPRO’s features
• Enable enterprise-specific functionality
• Monitor performance, availability, and security
• Deliver operational support and respond to issues

Legal basis:
Where we act as Processor, the legal basis is determined by your organisation. Where we act as Controller, the lawful basis is our legitimate interest in providing a secure and functioning application (Art. 6(1)(f) UK GDPR).

(C) Our Website

If you visit the Pocket Sergeant website or contact us directly, we may collect:
• Your IP address
• Device ID
• Browser, operating system, and time zone
• Referral website (if applicable)
• Pages visited and time of access
• Name, contact details, and content of any enquiry submitted

Purpose of processing:
• To improve the delivery and relevance of our services
• To respond to queries and support requests
• To ensure platform security and performance
• To comply with legal obligations and improve user experience

We consider we have a legitimate interest in Processing this data to operate our services effectively.

2. Disclosure of Personal Data to third parties

We will only disclose your Personal Data as required for the purposes outlined in this Policy and in accordance with applicable law. In particular:
• We do not share your Personal Data for marketing purposes.
• We do not use or sell your Personal Data for advertising.
We may share Personal Data with the following recipients:
• Your organisation (i.e. the enterprise client)
• Our hosting providers (e.g. AWS, Google Cloud)
• Data analytics services for performance insights (e.g. Firebase, Google Analytics)
• Technical support platforms (e.g. Intercom, Slack)
• Legal, regulatory, or professional advisers
• A prospective buyer of our company or assets (subject to confidentiality)

Where we use third-party processors, we have data processing agreements in place as required under the UK GDPR.

3. Where we store and transfer your Personal Data

Your Personal Data is stored within the UK or the EEA. If it is transferred outside of these areas, we ensure:
• Transfers are made only to countries with an adequacy decision, or;
• Standard Contractual Clauses are in place, alongside supplementary safeguards where necessary.

4. Keeping information secure

We use appropriate technical and organisational measures to protect Personal Data, including:
• Encrypted connections (HTTPS)
• Data encryption at rest and in transit
• Firewalled and segmented hosting via Amazon infrastructure
• Role-based access controls and audit logs
• Regular reviews of security protocols

While we strive to ensure security, no online transmission is ever fully secure. Use of PSPRO is at your own risk, but we apply best-practice protections.

5. How long we keep your Personal Data

We retain Personal Data only for as long as necessary to fulfil our contractual and legal obligations, including:
• Maintaining service functionality
• Supporting audits or investigations
• Complying with applicable laws

For enterprise clients, Personal Data is deleted or returned within 60 days following termination of a licence, unless otherwise agreed.

6. Your rights

Under applicable law, including the UK GDPR, you may have the right to:
• Access your Personal Data
• Request correction or deletion
• Restrict or object to Processing
• Request a copy of your Personal Data in a portable format
• Withdraw consent (where applicable)

Where we act as a Processor, please direct your request to your employer or sponsoring organisation. We will support them in responding to your request.

You may also lodge a complaint with the UK Information Commissioner’s Office (ICO).

7. Third party services and links

PSPRO may interact with third-party services used by your organisation, such as Single Sign-On (SSO) or internal IT systems. Your organisation’s own privacy and IT policies will govern those interactions.

Our website or documentation may contain links to third-party sites. We are not responsible for the content or privacy practices of these external services.

8. Price Changes

PSPRO is not available for individual purchase or subscription. Pricing is managed through enterprise agreements and subject to contract terms.

9. Updates to this Policy

We may update this Policy from time to time. Material changes will be communicated to our enterprise clients, and the latest version will always be available on request.

10. Definitions

“Apps” means any Pocket Sergeant software application, including PSPRO.
“Controller” refers to the party that determines the purpose and means of Processing Personal Data.
“Processor” refers to the party that Processes Personal Data on behalf of a Controller.
“Personal Data” means any information relating to an identified or identifiable individual.
“Processing” refers to any operation performed on Personal Data, such as collection, storage, access, or deletion.
“UK GDPR” refers to the retained EU GDPR within UK law post-Brexit.
“Website” means www.pocketsergeant.co.uk.

Disclaimer: Pocket Sergeant is not affiliated with the government. It provides general information, with official sources available at www.legislation.gov.uk and www.gov.uk.