1. Introduction
VitaPing is an emergency identity and adaptive incident intelligence infrastructure designed for high-risk environments. This Privacy Policy explains how we collect, use, protect, and process personal data in connection with our emergency identity platform.
Core Principle: VitaPing is emergency-only infrastructure. We do not track users, monitor behaviour, or process data continuously. Our platform activates only during verified emergency incidents.
This policy applies to:
- Individuals using VitaPing emergency identity devices
- Authorised responders accessing emergency identity data
- Organisations deploying VitaPing infrastructure
- Visitors to our website and digital properties
2. Who We Are
VitaPing is operated by [Legal Entity Name], a company registered in [Jurisdiction]. For the purposes of applicable data protection law, we are the data controller for personal data processed through our platform.
Registered Address: [Full Address]
Data Protection Contact: privacy@vitaping.ae
3. Data We Collect
3.1 Emergency Identity Data
When you register for VitaPing emergency identity services, we collect:
- Full name and date of birth
- Emergency contact information
- Critical medical information (allergies, blood type, medical conditions) — optional
- Emergency response preferences
- Device identifier linked to your VitaPing wearable
3.2 Incident Data
During an emergency activation, we process:
- Time, date, and location of activation
- Identity of responders who accessed your data
- Responder role, organisation, and justification for access
- Incident notes, observations, and structured documentation
- Media attachments (photos, video clips) if captured by responders
- Timeline of actions taken during the incident
3.3 Website and Platform Data
When you visit our website or use our platform interface:
- Device information and browser type
- IP address and general location data
- Pages visited and interactions
- Cookies and similar tracking technologies (see our Cookie Policy)
What We Do NOT Collect: VitaPing does not track your location continuously, monitor your behaviour, record your activities outside emergency incidents, or profile you for marketing purposes.
4. How We Use Your Data
We process your personal data only for specific, legitimate purposes:
4.1 Emergency Response
- To provide emergency identity information to authorised responders during verified incidents
- To facilitate faster, more informed emergency response
- To enable structured documentation of emergency incidents
4.2 Platform Operation
- To maintain and improve our emergency infrastructure
- To ensure system security and prevent misuse
- To provide audit trails and compliance documentation
- To support incident investigation when required by law
4.3 Legal Obligations
- To comply with legal requirements and regulatory obligations
- To respond to lawful requests from authorities
- To protect rights, property, and safety
Legal Basis: We process your data based on:
- Your explicit consent (for emergency identity registration)
- Legitimate interests (emergency response and safety)
- Legal obligations (compliance and audit requirements)
- Vital interests (protection of life during emergencies)
5. Emergency-Only Activation
Critical Principle: VitaPing remains dormant until an emergency activation occurs. There is no background tracking, continuous monitoring, or routine data processing outside verified incidents.
5.1 When Activation Occurs
Your emergency identity data becomes accessible only when:
- A bystander or authorised person triggers emergency mode via your VitaPing device
- The activation is timestamped and logged
- Access is restricted to verified responders with justified need
5.2 Role-Based Access Control
Not all responders see all data. Access is controlled by:
- Responder role (medical, security, supervisor, etc.)
- Organisational policy and governance rules
- Justification requirement for access
- Incident context and necessity
5.3 Public Exposure Protection
Bystanders who trigger emergency mode cannot view your personal or medical data. Only verified, authorised responders can access information — and every access is logged.
6. Data Sharing & Disclosure
6.1 Authorised Responders
During verified emergencies, we share your emergency identity data with:
- On-site emergency responders (paramedics, security, first aid)
- External emergency services (ambulance, police, fire)
- Hospital or medical facility receiving you for treatment
- Organisational safety and compliance teams (post-incident review)
All access is logged, timestamped, and auditable.
6.2 Service Providers
We may share data with trusted service providers who assist in platform operation:
- Cloud infrastructure providers (secure data storage)
- AI processing partners (governed, auditable processing only)
- Security and audit services
All service providers are contractually bound to strict confidentiality and data protection standards.
6.3 Legal Requirements
We may disclose data when required by:
- Court orders or legal process
- Law enforcement or regulatory authorities
- Protection of rights, safety, or property
6.4 No Commercial Sharing
We never sell, rent, or share your data for marketing, advertising, profiling, or any commercial purpose unrelated to emergency response.
7. AI-Powered Processing
VitaPing uses adaptive AI to structure incident data, highlight critical context, and improve documentation quality. This AI processing is governed, permissioned, and auditable.
7.1 What AI Does
- Structures incident notes into chronological timelines
- Highlights role-relevant context for responders
- Flags missing documentation fields
- Generates structured summaries for review
- Identifies recurring incident patterns (within governance boundaries)
7.2 What AI Does NOT Do
Critical Limitations: VitaPing AI never provides medical diagnosis, predicts outcomes, makes autonomous decisions, monitors behaviour outside emergencies, or operates without human oversight.
7.3 AI Governance
- All AI outputs are reviewable and logged
- Human confirmation required for critical actions
- AI cannot access data outside verified incident contexts
- Regular audits of AI behaviour and outputs
8. Data Retention
8.1 Emergency Identity Data
Your core emergency identity information is retained as long as:
- You maintain an active VitaPing registration
- Your organisation maintains its VitaPing deployment
- You have not requested deletion
8.2 Incident Records
Incident data is retained for:
- 7 years (standard compliance and audit requirement)
- Longer if required by law, regulation, or ongoing investigation
- Organisational policy may specify different retention periods
8.3 Deletion
You may request deletion of your emergency identity data at any time. Incident records may be retained if:
- Required for ongoing legal or regulatory proceedings
- Necessary for safety investigation or audit
- Mandated by law or organisational compliance policy
9. Your Rights
Under applicable data protection law (GDPR, UK DPA, UAE DPA), you have the right to:
9.1 Access
Request a copy of all personal data we hold about you.
9.2 Rectification
Correct inaccurate or incomplete emergency identity information.
9.3 Erasure
Request deletion of your data (subject to legal retention requirements).
9.4 Restriction
Limit how we process your data in certain circumstances.
9.5 Portability
Receive your data in a structured, machine-readable format.
9.6 Object
Object to processing based on legitimate interests.
9.7 Withdraw Consent
Withdraw consent for emergency identity services at any time.
Note: During active emergency incidents, some rights may be temporarily limited to protect vital interests and enable effective response. Full rights are restored post-incident.
To exercise your rights, contact: privacy@vitaping.ae
10. Security Measures
We implement comprehensive security measures to protect your data:
10.1 Technical Security
- End-to-end encryption for data transmission
- Encrypted data storage at rest
- Multi-factor authentication for platform access
- Regular security audits and penetration testing
- Intrusion detection and monitoring systems
10.2 Organisational Security
- Strict access controls and role-based permissions
- Background checks for personnel with data access
- Regular security training for all staff
- Incident response procedures
- Data breach notification protocols
10.3 Audit & Accountability
- Immutable audit logs for all data access
- Justification requirements for responder access
- Regular compliance reviews
- Independent security assessments
11. International Transfers
VitaPing operates globally. Your data may be transferred to, stored in, or accessed from countries outside your jurisdiction.
11.1 Safeguards
When transferring data internationally, we ensure:
- Transfers to countries with adequate data protection standards
- Use of Standard Contractual Clauses (SCCs) where required
- Binding Corporate Rules for intra-group transfers
- Compliance with local data residency requirements
11.2 Regional Storage
Where possible, we store data regionally:
- UAE deployments: data stored in UAE-based infrastructure
- UK/EU deployments: data stored in UK/EU regions
- Cross-border emergency response may require temporary data access from other jurisdictions
12. Changes to This Policy
We may update this Privacy Policy to reflect:
- Changes in our services or operations
- New legal or regulatory requirements
- Improved privacy practices
When we make material changes:
- We will update the "Last Updated" date at the top of this policy
- We will notify registered users via email or platform notification
- We may require re-consent for significant changes
Continued use of VitaPing services after policy updates constitutes acceptance of the revised policy.