Privacy Policy — Swiss Radio Rescue (SRR)
This policy describes how the Swiss Radio Rescue application ("SRR", "the app", "we") collects, uses and protects your personal data. It applies to the mobile application (iOS and Android) as well as the web version.
The application is published by Swiss Radio Rescue, a Swiss non-profit association forming an emergency volunteer network (information, skills and alerting) in times of crisis. Data processing complies with the Swiss Federal Act on Data Protection (FADP) and, for the users concerned, with the General Data Protection Regulation (GDPR) of the European Union.
1. Data controller
Swiss Radio Rescue Confignon, Switzerland — Contact: contact form
2. Data we collect
The application is intended for members and volunteers of the Swiss Radio Rescue emergency network — operators (amateur radio, CB, PMR and other participants), coordinators, authorities and emergency partners. We only collect the data necessary for this purpose, which you provide when creating your account and updating your profile:
Identity and contact data
- First name, last name
- Email address
- Phone numbers (mobile, landline)
- Emergency contact (name and phone)
- Profession (optional)
Location data
- Postal address (street, number, postal code, municipality, canton)
- Geographic coordinates (latitude, longitude) derived from your address
- Device GPS position — optional: only if you explicitly consent, to position you automatically on the map or to geolocate an incident report.
By default, the application does not access your device's GPS position. Coordinates are derived from the address you enter. GPS access, which is optional, only occurs if you authorize it, at the precise moment you use a location feature, and never in the background. You can revoke this permission at any time in your device settings.
Radio / operational data
- Radio call sign
- Participant type (amateur radio, CB, PMR, other)
- Declared bands, power and equipment
- Amateur radio licence (uploaded document, optional)
- Declared skills and qualifications
- Declared availability
Technical data
- Session identifiers and activity logs (sign-ins, profile changes)
- Minimal information required for operation (device type, language)
Messaging
- Messages exchanged within groups are kept temporarily, then automatically purged after 3 days, unless explicitly archived by a coordinator.
Reports and support (feedback)
- The content of your reports (type — bug, suggestion or question; title and message).
- The messages exchanged with the support team in connection with a report.
- Technical context attached automatically to help with diagnosis (page viewed, app version, device and browser type, screen size, online/offline status, language).
- A screenshot that you attach voluntarily and optionally to a report. It is generated at your request from the current display (with no additional access to your device); it may contain information shown on screen and is only visible to administrators.
Sign-in help request (without an account)
- If you are unable to sign in, you can contact us through a public form without being logged in. In that case we collect the email address you provide and the message describing your problem, solely to help you access your account.
We do not collect: banking data, advertising identifiers, third-party browsing history, or background GPS location.
3. Device permissions
The application requests minimal permissions. Except for Internet, all are optional: they are only requested when you use the relevant feature, and you can refuse or revoke them at any time in your device settings (the app remains usable).
- Internet / network: to communicate with our servers.
- Camera — optional: only if you choose to take a photo (incident report, licence document). No photo is taken without your action.
- Files / gallery access — optional: only if you choose to attach an existing image or document. A report screenshot, by contrast, is generated at your request from the current display and requires no additional access.
- Location (GPS) — optional: only if you enable a location feature (see section 2). Never in the background.
4. Purposes of processing
Your data is used exclusively to:
- create and manage your member account;
- coordinate emergency operations (operator mapping, availability, mobilizations);
- enable communication between members and coordinators;
- notify you of operational alerts and call-ups;
- collect and process your reports (bugs, suggestions, help requests) and respond to you;
- ensure the security and maintenance of the service.
We do not sell or rent your data. No data is used for advertising purposes.
5. Legal basis
Processing is based on:
- the performance of the service you join by creating an account;
- your consent, for optional data;
- the legitimate interest of the association in coordinating emergency response effectively.
6. Data sharing
Your data is accessible to:
- yourself;
- the coordinators and administrators of your canton/organization, within the limits of their duties;
- according to your visibility settings (for example, call sign and name visible to other operators).
Hosting and data storage are provided by our partner IAPC (International Amateur Packet Club), a Swiss association whose infrastructure is located in Switzerland (Onex, canton of Geneva). IAPC acts as a data processor, under an agreement and solely on the instructions of Swiss Radio Rescue. We do not share your data with third parties for commercial purposes.
Data you make visible. Information you choose to make visible according to your settings is accessible to the relevant members; by publishing it, you acknowledge that it is not confidential towards them. Your data remains your property at all times. Swiss Radio Rescue may refuse to disclose a profile in case of doubt about how it might be used. The association cannot, however, be held liable in the event of data theft or dishonest use by a third party.
7. Third-party services and mapping
To display operational maps, convert addresses into coordinates and protect certain forms against bots, the application relies on external services:
- OpenStreetMap and CartoDB (map tiles): when a map is displayed, your IP address is sent to these services to download the image tiles.
- Nominatim (OpenStreetMap) (geocoding): when you enter an address (profile or incident report), the address text is sent to this service to obtain the corresponding coordinates.
- Cloudflare Turnstile (anti-bot protection): when you use the public sign-in help form, your IP address and a verification token are sent to Cloudflare to confirm that you are not a robot. Governed by Cloudflare's privacy policy.
These services are governed by their own privacy policies. We do not send them any other data from your profile.
What the application does NOT use: no audience-measurement or analytics tools, no advertising, no third-party trackers, no advertising identifier, no third-party crash-reporting service, no social network SDK.
Notifications
As part of operations, the service may send you emails and, where applicable, SMS messages (call-ups, alerts). These use your email address / phone number solely for the operational purposes described in section 4.
8. Storage on your device (offline mode)
To work in crisis situations even without a network, the application may store locally on your device a copy of your profile and session information. This data is encrypted (AES-GCM) before storage. It remains on your device and is deleted upon sign-out, account deletion, or uninstallation of the application.
9. Hosting and security
Data is hosted in Switzerland, within the infrastructure of our partner IAPC (International Amateur Packet Club) (Onex, canton of Geneva), acting as a data processor. We apply technical and organizational measures: encrypted connections (HTTPS), token-based authentication, automatic sign-out after inactivity, and role-based access control.
10. Retention period
- Profile data: kept as long as your account is active.
- Messages: automatically purged after 3 days (unless archived).
- Reports (feedback) and associated messages: kept as long as they are useful for follow-up, then archived or deleted.
- Logs: kept for a limited period for security purposes.
Upon deletion of your account, your personal data is erased or anonymized, subject to legal retention obligations.
11. Your rights
In accordance with the FADP and the GDPR, you have the following rights: access, rectification, erasure, restriction, objection and portability of your data. You may also withdraw your consent at any time.
Most of these actions can be performed directly within the application (editing your profile, deleting your account). For any other request, write to us via our contact form.
12. Children
The application is not intended for persons under 16 and does not knowingly collect their data.
13. Changes
We may update this policy. Any significant change will be reported in the application. The date of the last update appears at the top of this document.
14. Contact
For any question regarding this policy or your personal data, write to us via our contact form.