SCRAM CAM Connect

Privacy Policy

Introduction

Alcohol Monitoring Systems, Inc. dba SCRAM Systems (“SCRAM Systems”) is a public safety provider company specializing in alcohol monitoring and GPS monitoring.

We are committed to protecting and respecting your privacy.

This Privacy Notice describes SCRAM Systems’ policies and practices regarding its collection and use of personal data and sets forth privacy rights and obligations. This privacy notice is influenced by laws, regulations, market demands, ethical considerations, social norms, contractual obligations, principles, and unilateral statements.

SCRAM Systems recognizes that its customers have privacy compliance obligations and as a processor, SCRAM Systems will provide the necessary support to assist its customers fulfill their own privacy compliance obligations.

If you are a California resident, please also review SCRAM Systems’ California Resident Privacy Notice for more information about the types of personal information collected and disclosed by SCRAM Systems, as well as how to exercise your rights under California law.

Data Protection Officer

SCRAM Systems is headquartered in Littleton, Colorado, in the United States, with offices in various locations around the US and in London, United Kingdom. SCRAM Systems has appointed an internal data protection officer for you to contact if you have any questions, concerns, or complaints about SCRAM Systems’ personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to SCRAM Systems’ data protection officer. Contact information is as follows:

United States:	United Kingdom / European Union
Jerry Baskin SCRAM Systems 6251 Greenwood Plaza Blvd., Suite 300, Greenwood Village, CO 80111 dpo@scramsystems.com +1 303-645-3082	Level 1, Devonshire House, One Mayfair Place, London W1J 8AJ United Kingdom +44 (0) 207 268 4852 EU DPO Contact Info: e-mail: dpo@scramsystems.com

Definitions

In this Privacy Notice, the following terms shall have the meanings ascribed to them:

Administering Authority: This could be a Court of Law, Department of Corrections, or other legal authority with whom you may have a legal obligation.

PII: Personal Identifiable Information; also known as Personal Data; any information relating to an identified or identifiable natural person. We may collect and process personal data about you in the ways outlined below. Where applicable, we indicate whether and why you must provide us with your Personal Data, as well as the consequences of failing to do so. If you do not provide personal data when requested, you may not be able to benefit from our Services if that information is necessary to provide you with them or if we are legally required to collect it.

Data Subject: A natural person who is the subject of PII collection. Also known as a PII principal. Also known as a Client.

Processing: Any operation or set of operations performed on PII, including collection, recording, organization, storage, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, or destruction.

Controller: A natural or legal person, public authority, agency, or another body that determines the purposes and means of PII processing.

Processor: A natural or legal person, public authority, agency, or another body that processes PII on behalf of the controller.

Consent: Freely given, specific, informed, and unambiguous indication of the data subject’s wishes, either by a statement or by a clear affirmative action.

Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to PII.

Monitoring Hardware: Monitoring hardware includes Continuous Alcohol Monitoring Bracelets, GPS tracking Bracelets, and all other communications accessories associated with them.

Alcohol Monitoring Systems, Inc.: This entity is a wholly owned subsidiary of LMG Holdings, Inc., and specializes in devices and services for continuous alcohol monitoring, GPS tracking, and their associated SaaS applications.

SCRAM Systems: SCRAM Systems is a registered DBA for Alcohol Monitoring Systems, Inc. and is a federally registered trademark. It is also used for branding purposes to identify the entire family of products and services belonging to Alcohol Monitoring Systems, Inc. and its affiliates.

AMS UK LTD.: Operating exclusively in the U.K., is a wholly owned subsidiary of Alcohol Monitoring Systems, Inc., and specializes in devices and services for continuous alcohol monitoring and their associated SaaS applications.

Data Security and Privacy Safeguards

SCRAM Systems endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with SCRAM Systems, Administering Authorities, and the practices described in this Privacy Statement. SCRAM Systems’ security and privacy practices are governed by adherence to a Privacy Information Management System (PIMS) in accordance with ISO 27001 and ISO 27701. Among the safeguards used is encryption of your PII data in transit, at rest, and in process. However, because no electronic transmission or storage of information can be entirely secure, SCRAM Systems cannot guarantee the security or privacy of your information, to the extent permitted by applicable law.

SCRAM Systems’ Role as a Data Controller

For marketing to visitors to our websites, SCRAM Systems is a data controller and determines the purpose and means of PII processing.

The Data we collect about You:

When you access our sites, we may collect, or you may provide us with personal data. We may collect, use, store, and transfer different types of personal data about you, which we have grouped together as follows:

Identity data including your first name, last name, title, your organization and job role, or other identifiers;
Contact data including your residential address, email address, and telephone numbers;
Technical data including your internet protocol (IP) address, browser type, and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other details about the devices you use to access our sites;
Usage data including information about how you use our sites; and
Marketing and communications data including your preferences in receiving marketing materials and updates from us and third parties and your communication preferences.

Your consent comes from your use of our websites by voluntarily submitting your contact information.

We also collect, use, and share aggregated data such as statistical or demographic data. Aggregated data may be derived from your personal data but is not considered to be personal data in law as it does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing specific features. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, the combined data is personal data, and we deal with it in accordance with this privacy notice.

We do not knowingly collect details about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life, sexual orientation, or genetic or biometric data (known as “special categories of data”), or any information about criminal convictions or offenses through our sites.

Human Resources data

SCRAM Systems collects Personal Data from current, prospective, and former Employees, their contact points in case of a medical emergency, and beneficiaries under any insurance policy (“Human Resources Data”). The Human Resources Data may include title, name, address, phone number, email address, date of birth, passport number, driver’s license number, Social Security number or other government-issued identification number, financial information related to credit checks, bank details for payroll, information that may be recorded on a CV or application form, contact information of third parties in case of an emergency and beneficiaries under any insurance policy. SCRAM Systems may also collect sensitive data such as details of health and disability, including mental health, medical leave, and maternity leave; information about national origin or immigration status.

SCRAM Systems process Human Resources Data for different business purposes including:

Human Resources administration and communication;
Payroll and the provision of benefits;
Compensation, including bonuses and long-term incentive administration, compensation analysis, including monitoring overtime and compliance with labour laws;
Job grading activities;
Performance and employee development management;
Organizational development and succession planning;
Absence management;
Helpdesk and IT support services;
Regulatory compliance;
Internal and/or external or governmental compliance investigations;
Internal or external audits;
Litigation evaluation, prosecution, and defense;
Restructuring and relocation;
Emergency contacts and services;
Employee safety;

How Your Personal Data is Collected:

Direct interaction with you. You may give us identity and contact data by filling in forms on our sites or by communicating with us by mail, telephone, email or otherwise. This includes data you provide when you request information about our products and services, contact us in relation to our blog, refer a client, download resources, or use interactive features on our site or social media applications.
Third parties and publicly available sources. We may receive personal data about you from other parties and/or from public sources, as set out below:
- technical data from analytics providers such as Google Analytics and Pardot and advertising networks such as Google Ads and Remarketing, Facebook Pixel, the X (Twitter) Conversion Tracker, and the LinkedIn Insight Tag;
- contact information about you from business partners, events, conferences, or industry tradeshows;
- other individuals under our “refer a client” form.
Personal Data collected via automated means[MF1] . We and our service providers may collect data automatically in a variety of ways, including:
Your browser or device. Certain data is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services you are using. We use this data to ensure that the Services function properly.
Cookies and other tracking technologies. We and our service providers use various technologies, including cookies, pixels, and web beacons, and similar online tracking technologies (collectively, “cookies”) to collect data about you when you interact with our Services, including information about your browsing behavior and user experience. First and third-party cookies allow us to collect such data as browser type, time spent on the Services, pages visited, language preferences, unique identifiers, content you view, click on, or share, screen actions, and other traffic data.

We and our service providers use the data for security purposes, to power the interactive features of our Services, to facilitate navigation, to display information more effectively, to personalize your experience, to develop and improve the performance, functionality, and design of the Services, for advertising, and to help keep the Services free of bugs or errors. We also gather statistical information about use of the Services in order to continually improve their design and functionality, understand how they are used, and assist us with resolving questions regarding the Services. Cookies are also used to track the actions of users of the Services (including email recipients), conduct advertising, measure the success of our marketing campaigns, and compile statistics about usage of the Services and response rates.

Cookies further allow us to select which of our advertisements or offers are most likely to appeal to you and display them while you are on the Services. We may also use cookies in online advertising to track responses to our ads. We do not currently respond to browser do-not-track signals. [MF2]

If you do not want data collected through the use of cookies, most browsers allow you to automatically decline cookies or be given the choice of declining or accepting a particular cookie (or cookies) from a particular website. You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Services, and you also may not receive advertising or other offers from us that are relevant to your interests and needs.

We and third-party service providers may use the following types of cookies[MF3] :

Essential cookies. Some cookies are strictly necessary to make our Services available to you. For example, to provide login functionality or to allow you to fill out forms. We cannot provide you with the Services without this type of cookie.
Analytics cookies. We use analytics cookies to help us understand how our Services perform and function, track user interactions with the Services, operate, maintain and improve our Services, and to track whether you open emails that we send to you. We engage third-party analytics services, which use tracking technologies to collect and analyze information about use of the website and report on activities and trends. These services also collect information regarding the use of other websites, apps, and online resources. One of our analytics service providers is Google. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners and exercise the opt-out provided by Google by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
Targeted Advertising cookies. We work with third party advertising partners such as Google Ads and Bing Ads to show you ads that we think may interest you. These advertising partners may set up and access their own cookies on our Services and they may otherwise collect or have access to information about you which they may collect over time and across different online services. To learn how to opt out of such activities, please see the section on “Targeted Advertising” below.

More information about the individual cookies we use and the purposes for which we use them is set out in the table below:

Cookie Name	Category	Description	Additional Information
Pardot Pi_opt_in	Analytics	This cookie is set with a true or false value when the visitor opts in or out of tracking.
Pardot visitor cookie	Analytics	This cookie is composed of a unique visitor ID and the unique identifier for your account. For example, the cookie name “visitor_id12345” stores the visitor value “1010101010”, and “12345” is the account identifier. This cookie is set for visitors by the Pardot tracking code.
Twitter Conversion Tracker	Targeted Advertising	This cookie is set to learn how users have interacted with our advertising served to them on Twitter.	See Conversion Tracking for Web sites for more information.
LinkedIn Insight Tag	Targeted Advertising	This cookie is set for in-depth advertising campaign reporting and to help us view insights about our website visitors. The tag tracks conversions, retargets, website visitors, and provides additional insights about members interacting with our LinkedIn advertisements and boosted posts.	This data is encrypted. The LinkedIn browser cookie is stored until you manually delete it or when the cookie expires (there’s a rolling six-month expiration from the last time the visitor’s browser loaded the Insight Tag). For more information about the LinkedIn Insight Tag, view their terms of service and cookie policy.
locale_requires_gdpr	Essential	This cookie will be set to true if the user originates in a locale that is under GDPR compliance laws, or if the user selects a location from the nav menu that requires GDPR compliance. It will be set to false if GDPR compliance is not required.	This is set to either true or false.
cookie_notice_accepted	Essential	This cookie is associated with the cookie alert notice on our site. It is used to record if you have accepted cookies on the site.	This is set to either true or false.
_ga	Analytics	This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session, and campaign data for our site’s analytics reports.	Expires after 2 years.
_gid	Analytics	This cookie stores and update a unique value for each page visited.
_gat	Analytics	This cookie limits the collection of data on high traffic sites.
wordpress_test_cookie	Essential	This cookie tests whether or not your browser has cookies enabled.
wp-settings-{time}-UID	Essential	This is used to customize your view of our site.
locale_info	Essential	This cookie is used to set an international visitor’s main menu preference controlled by the country drop down in the utility navigation.
uvc	Essential	This is a performance cookie for efficiently loading resources. The value is always 1.	More information: addtoany.com
_cfduid	Essential	This cookie is used for security.	More information: addtoany.com

If you are a visitor from the European Union or the United Kingdom, you will have the option to set your browser to refuse marketing or analytical cookies. If you disable or refuse cookies, some parts of our site may become inaccessible or may not function properly.

Targeted Advertising

We use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Services and other websites or online services. You may receive advertisements based on information relating to your access to and use of the Services and other websites or online services on any of your devices, as well as on information received from third parties. These companies place or recognize a unique cookie on your browser. They also use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as a mobile phone and a laptop.

If you would like more information about this practice, and to learn how to opt out of it in desktop and mobile browsers on the particular device on which you are accessing this Privacy Notice, please visit http://optout.aboutads.info/#/ and http://optout.networkadvertising.org/#/.

How We Use Your Personal Data:

We will only use your personal data when the law allows us to do so. Our most common uses of your personal data will be:

in order for us to perform a contract we are about to make or have made with you (or to take steps at your request before entering such a contract);
if it is necessary for our legitimate interests and your interests and rights do not override those interests; and/or
in order for us to comply with a legal or regulatory obligation.

The table below sets out all the ways in which we plan to use your personal data, which of the legal bases we rely on to do so and, where relevant, what the legitimate business interests are. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data.

Purpose	Description	Legal ground (where required under applicable law)
Providing the Services	We use Personal Data about you to operate, maintain, and provide our Services, such as creating your account, setting your language and allowing you to login.	You give us consent to do so The processing is necessary for entering into, or performance of a contract to which you are a party We, or a third party, have a legitimate interest in using your Personal Data for the purpose of developing, hosting, and maintaining the Services
Support	We use Personal Data to provide technical support, including diagnosing and resolving any issues you report.	The processing is necessary for entering into, or performance of a contract to which you are a party
Fraud prevention	We use your Personal Data to keep our Services secure and to identify and prevent fraud in the use of our Services.	The processing is necessary for entering into, or performance of a contract to which you are a party We need it to comply with a legal obligation, for instance to comply with a court order We, or a third party, have a legitimate interest in using your Personal Data for the purpose of protecting against and preventing fraud
Customer relationship management	We may process your Personal Data for customer relationship management purposes.	You give us consent to do so The processing is necessary for entering into, or performance of a contract to which you are a party We, or a third party, have a legitimate interest in using your Personal Data for the purpose of managing customer relationships
Communicating with you	We may use your email address and other Personal Data as necessary to contact you for administrative purposes such as to provide information that you request, to respond to comments and questions, or to ask you to provide feedback and complete surveys.	You give us consent to do so The processing is necessary for entering into, or performance of a contract to which you are a party
Analytics and product development	We use Personal Data about you to analyze usage trends and preferences to improve our Services, as well as to develop new products, services, features, and functionalities.	You give us consent to do so We, or a third party, have a legitimate interest in using your Personal Data for the purpose of evaluating and improving our products or services

Marketing

You may receive marketing communications from us if you have requested such information from us. You may also receive marketing communications from us if you have purchased similar products or services from us or if you provided us with your details.

You can ask us, and/or any third party, to stop sending you marketing messages at any time by following the opt-out links in any marketing message sent to you.

If you opt out of receiving any marketing messages, this will not apply to personal data provided to us for other purposes, for example, as a result of your purchase of a product or service, warranty registration or other transaction.

SCRAM Systems’ Role as a Data Processor

As a data processor, SCRAM Systems and its family of companies, follows the directives of the respective data controllers for the products and services it offers. PII for Continuous Alcohol Monitoring, Remote Breath, and GPS tracking are collected by the controller and processed by SCRAM Systems in accordance with the contracts between SCRAM Systems and the respective controllers. SCRAM Systems will only process the PII data that it collects for the purposes expressed and established in the contracts and agreements with its customers (Controllers).

Who Do We Share Your Personal Data With

SCRAM Systems collects personal information about Data Subjects who use our products and services for alcohol monitoring and GPS tracking. The following table outlines the purpose and usage of PII of people who use our various products and services:

Company	Product or Service	Type of Data	Controller /Processor	What it includes	Where we get it	How we use it	To whom we disclose it
AMS	Electronic Monitoring (EM)	Contact Information, Physical description, Demographics, Vehicle and license info, Criminal and court info	Processor	· Full Name · Date of Birth · Primary Address · Primary Phone Number · Cell Phone Number · Employment History · Court Information · Job Position/Title · Disability Information · Email Address ·Ethnicity/Race · Gender · Criminal Record · Attributes (Nick Name, Accent) · Marital Status · Preferred Language · Complexion · Height (ft) · Weight (lbs.) · Build · Eye Color · Hair Color · Hair Style · Hair Length · Tattoos/Scars · Other Distinguishing Characteristics · Driver’s License · Vehicle (year/make/model/color) · License Plate (issuing state)	Administering Authority (Controller)	To provide services	Administering Authority (Controller), Third Parties within our group,
AMS	Electronic Monitoring (EM)	Information generated by the System	Processor	Information collected, monitored, stored, downloaded, and reported by the System including Alcohol levels, and if equipped, photos and GPS location	System	· To provide Services · To report to or communicate with Administering Authorities	Administering Authority (Controller), Third Parties within our group,
AMS UK Ltd	Electronic Monitoring (EM)	None	N/A	N/A	N/A	N/A	N/A

We may also share this information with the following entities:

Third parties within our group (whether acting as joint controllers and/or processors), who are based in the United States, the United Kingdom, Australia, or New Zealand and provide support, marketing, and administration services and reporting. These third parties may have access to or process your Personal Data as part of providing those services to us.
Service Providers. We may disclose your Personal Data to our third-party service providers, to facilitate services they provide to us, such as website hosting (including through provision of tools that enable us to analyze your interactions on our Services), database administration, cloud computing, advertising, data analysis, information technology and related infrastructure, email delivery, and customer support.
Legal. We may disclose your Personal Data to third parties if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose your Personal Data that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of our Services and any facilities or equipment used to make our Services available, or (v) protect our property or other legal rights, including to enforce our agreements, or the rights, property, or safety of others.
Affiliates. We may share Personal Data with our affiliates and subsidiaries to which it is reasonably necessary or desirable for us to disclose Personal Data for the above-mentioned purposes.
Merger. We may disclose or otherwise transfer Personal Data to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
Consent. We may also disclose your Personal Data with your permission.

*Note – AMS UK Ltd only collects and processes telemetry data from the monitoring hardware and does not collect any PII data. All PII is retained and remains with the Administering Authority (Controller).

Legal Basis for Processing

The legal basis for processing personal information is obtained with your consent, except when that data is obtained by us from an Administering Authority such as a Court of Law, Department of Corrections, or other legal authority, with whom you may have a legal obligation. SCRAM Systems processes this data according to contractual and legal obligations with the Administering Authority and/or the legal jurisdiction.

SCRAM Systems will inform its customers (Controllers) if a requested process or instruction infringes applicable legislation or regulations.

PII Disclosure to third parties

SCRAM Systems will notify customers of all legally binding requests for disclosure of PII, such as court orders and subpoenas.

SCRAM Systems will reject any requests for PII disclosures that are not legally binding, consult the corresponding customer before making any PII disclosures and accepting any contractually agreed requests for PII disclosures that are authorized by the corresponding customer.

List of third parties and Subcontractors that may process PII

Microsoft Azure, AWS, Mongo Cloud Database, Google (for GPS tracking data), SendGrid, Five9,Trust Pilot, HubSpot, Twilio

This list of third-parties and subcontractors may change and shall be updated in this privacy notice from time to time. Organizations who are the controllers of the data shall be informed prior to the change, through our respective customer service departments and in accordance with the contractual obligations.

*To subscribe to notifications of changes or updates to this page, please enter your information here.

Processing personal data within the U.S. and International Data Transfers

SCRAM Systems has offices and data processing facilities in the United States. Information we collect about you will be processed in the United States for all products and services sold in the jurisdiction of the U.S. By using the SCRAM Systems’ services, you acknowledge that your personal information will be processed in the United States and shall not be transferred to any jurisdiction outside the United States.

Processing Personal Data Within Canada and International Data Transfers

SCRAM Systems has data processing facilities in Canada. Information we collect about you will be processed in Canada for all products and services sold in the jurisdiction of Canada. By using the SCRAM Systems’ services, you acknowledge that your personal information will be processed in Canada and shall not be transferred to any jurisdiction outside Canada.

Processing Personal Data Within the United Kingdom and International Data Transfers

SCRAM Systems, under contract with the Ministry of Justice (MoJ), does not collect or process personally identifiable information. All Personal information collected is under the strict control of the MoJ and their administrating authorities. Electronic monitoring telemetry data that is collected from our devices in the U.K. contains no personal identifying information and is therefore de-identified for processing in the United States. By using the SCRAM Systems’ services, you acknowledge that your personal information will be processed in the U.K. and shall not be transferred to any jurisdiction outside U.K.

Standard Contractual Clauses

Pursuant to Article 46 of the GDPR, SCRAM Systems shall provide for appropriate safeguards by entering binding, Standard Contractual Clauses (SCC), or Binding Corporate Rules (BCR) enforceable by data subjects in the EEA and the UK. These clauses are enhanced based on the guidance of the European Data Protection Board. Any future binding SCC or BCR entered into by SCRAM Systems shall be abided by as they are approved by the European Commission and the respective county’s requirements.

Data subject rights in the U.K. and European Union

The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects. A good explanation of them (in English) is available on the website of the United Kingdom’s Information Commissioner’s Office. https://ico.org.uk/ See also the website for the European Data Protection Board (EDPB) https://edpb.europa.eu/edpb_en

EU-U.S. Data Privacy Framework and the UK extension of the EU-U.S. Data Privacy Framework

SCRAM Systems complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce.  SCRAM Systems has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) and the UK extension with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and the UK extension DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

SCRAM Systems commits to resolve complaints about our collection or use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on EU-U.S. and the UK extension to the EU-U.S. DPF should first contact SCRAM Systems at dpo@scramsystems.com and give us the opportunity to resolve your complaint. We will respond to your complaint promptly.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, SCRAM Systems commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to PrivacyTrust, an alternative dispute resolution provider based in the United Kingdom.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.privacytrust.com/drs/alcoholmonitoringsystems for more information or to file a complaint.  The services of PrivacyTrust are provided at no cost to you.

SCRAM Systems is subject to the investigatory and enforcement powers of the FTC

Finally, as a last resort and in limited situations, EU and UK individuals may seek redress from the DPF Panel a binding arbitration mechanism.

In cases of onward transfer to third parties of data of EU and UK individuals received pursuant to the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, SCRAM Systems remains liable.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, SCRAM Systems commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) with regard to unresolved complaints concerning SCRAM Systems handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.

Complaints related to human resources data should not be addressed to PrivacyTrust.

Data Subject Rights in the United States

Data subject rights in the U.S. vary from state to state as there is no national standard at this time. SCRAM Systems shall respect each of the state’s requirements for data subject rights. In the following States you have the right to Opt-Out of direct marketing or data sharing with third parties for marketing purposes: California, Colorado, Connecticut, Indiana, Iowa, Montana, Tennessee, Texas, Utah, and Virginia. To exercise your right to Opt-out of direct marketing and data sharing with third parties for marketing purposes, or other rights you are entitled to, please make a request by email to dpo@scramsystems.com. SCRAM Systems will not use personal data for marketing and advertising purposes, without establishing prior consent from the data subject.

Most notable is the California Consumer Privacy Act of 2018 (“CCPA”).

If you are a California resident, please also review our California Resident Privacy Notice for more information about how to exercise your rights under California law.

Your Rights in Relation to Your Personal Data

Depending on where you reside, you may have the following legal rights:

Access and Portability. You may ask us to provide you with a copy of the Personal Data we maintain about you, including a machine-readable copy of the Personal Data that you have provided to us, and request information about its processing.
Rectification and Deletion. You may ask us to update and correct inaccuracies in your Personal Data, or to have the information anonymized or deleted, as appropriate.
Restriction and Objection. You may ask us to restrict the processing of your Personal Data, or object to such processing.
Consent Withdrawal. You may withdraw any consent you previously provided to us regarding the processing of your Personal Data, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdraw your consent.
Complaint. You may lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where an incident took place. We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.

Data Storage and Retention

Retention of data that is owned by an Administering Authority (Controller) is managed by that Administering Authority. We will retain personal data we process on behalf of our customers for as long as needed to provide services to our customers, or for as long as is reasonably necessary to meet and comply with our legal obligations, resolve disputes, prevent fraud and abuse and enforce our terms and conditions. Retention of data laws and regulations vary from jurisdiction to jurisdiction, and it is incumbent upon the controller to ensure that its contracted or approved processors such as SCRAM Systems delete personal information according to contract or explicit request. Any request from a data subject to delete personal information owned by the respective controller shall be redirected to the Controller. SCRAM Systems shall delete personal information solely collected and used for marketing purposes upon the data subject’s request and in accordance with local data privacy laws. To make this request, contact the Data Protection Officer at dpo@scramsystems.com.

SMS Text Opt In/Out Service Information

Monitoring clients have the option to sign up for automated SMS Text reminders as part of their monitoring service. When an individual opts into the service, we will send an SMS message to confirm registration.

Monitoring clients can cancel the SMS Text service at any time. Text “STOP”. After you send the SMS message “STOP” to us, we will send you an SMS message to confirm that you have been unsubscribed. After this, you will no longer receive SMS messages from us. If you want to join again, just sign up as you did the first time, and we will start sending SMS messages to you again.

If at any time you forget what keywords are supported, just text “HELP”. After you send the SMS message “HELP” to us, we will respond with instructions on how to use our service as well as how to unsubscribe.

We are able to deliver messages to the following mobile phone carriers:

Major carriers: AT&T, Verizon Wireless, Sprint, T-Mobile, MetroPCS, U.S. Cellular, Alltel, Boost Mobile, Nextel, and Virgin Mobile.

Minor carriers: Alaska Communications Systems (ACS), Appalachian Wireless (EKN), Bluegrass Cellular, Cellular One of East Central IL (ECIT), Cellular One of Northeast Pennsylvania, Cincinnati Bell Wireless, Cricket, Coral Wireless (Mobi PCS), COX, Cross, Element Mobile (Flat Wireless), Epic Touch (Elkhart Telephone), GCI, Golden State, Hawkeye (Chat Mobility), Hawkeye (NW Missouri), Illinois Valley Cellular, Inland Cellular, iWireless (Iowa Wireless), Keystone Wireless (Immix Wireless/PC Man), Mosaic (Consolidated or CTC Telecom), Nex-Tech Wireless, NTelos, Panhandle Communications, Pioneer, Plateau (Texas RSA 3 Ltd), Revol, RINA, Simmetry (TMP Corporation), Thumb Cellular, Union Wireless, United Wireless, Viaero Wireless, and West Central (WCC or 5 Star Wireless).

Please note: Carriers are not liable for delayed or undelivered messages.

As always, message and data rates may apply for any messages sent to you from us and to us from you. You will receive messages as agreed to in the Participant Agreement. If you have any questions about your text plan or data plan, it is best to contact your wireless provider. For all questions about the services provided by this short code, you can send an email to info@scramsystems.com.

Backups

AMS Data Backups are retained for 30 days unless contractual agreements specify otherwise.

Incident and Breach Notification

48 hour policy unless contractual agreements specify otherwise.

Other Agreements That May Apply

Upon receipt of any SCRAM Systems product or services, such as remote breath device, continuous alcohol monitoring device, GPS tracking device, or other hardware, the data subject shall be presented with a copy of this Privacy Notice and additional agreements for the usage of these devices and services, and consent to collect and process personal information.

Children’s Privacy

We do not knowingly collect, maintain, or use Personal Data from children under 16 years of age, and no part of our Services are directed to children. If you learn that a child has provided us with Personal Data in violation of this Policy, then you may alert us by contacting us using the contact details at the top of this Policy.

Third Party Websites

Our sites may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third parties and are not responsible for their privacy policies. When you leave our sites, we recommend that you read the privacy policy of every website you visit and every plug-in or application you use.

Changes to this Policy

We may update this Policy occasionally to reflect changes in our privacy practices. If we modify this Policy, we will indicate the date of the latest revision at the top of this Policy.