MCM Platform Privacy Guidelines - 30th May 2018
Proprietary & Confidential
All data and information contained in or disclosed by this document is confidential and proprietary information of mobilityView Inc, and all rights therein are expressly reserved. By accepting this material the recipient agrees that this material and the information contained therein is held in confidence and in trust and will not be used, copied, reproduced in whole or in part, nor its contents revealed in any manner to others without the express written permission of mobilityView Inc:
mobilityView Inc. 45 De Vere Gardens, Toronto, Ontario, Canada, M5M 3E6
Definitions
Active consent: Active consent would apply to secondary non-obvious use of a user’s personal information, and/or scenarios that have additional privacy implications for users such as requesting a user’s location, where such data is not necessary to the functioning of the service. Active consent is captured in a way so that consent is not the default option.
Anonymised Data: Anonymised data is a form of data which prevents the identification of individuals from that data. This allows for a much wider use of the information.
Employer Liable: The employer pays for the cost of the mobile smart device(s) and associated mobile (cell) plan and tariff(s). In this scenario, the employer purchases mobilityView Inc. product and services.
Employee Liable: The employee pays for the cost of the mobile smart device(s) and associated mobile (cell) plan and tariff(s). In this scenario, either the employer purchases mobilityView Inc. products and services, for use by their employees (but may elect to have employees pay for the service), or the employee purchases mobilityView Inc. products and services.
End User: The end user of applications and related services.
Location data: Information that identifies the geographical location of a user’s device, which may include Cell ID, GPS, Wi-Fi or other less granular information such as a village or town.
Personal information: Information that relates to an individual that could be used to identify them, contact or locate them. This may include:
- Data collected directly from a user via an application’s user interface (name, address, date of birth).
- Data that is gathered indirectly such as mobile phone number (MSISDN), IMSI, IMEI or UDID, Cell ID, Wi-Fi MAC Address, etc...
- Data gathered about a user’s behaviour, such as location data, web-browsing data or the applications used, which are linked to a unique profile.
- User-generated data, such as, contact lists, videos and photos, messages, emails, notes, call logs, etc…
To be identified, an individual need not be known by name, a user may be identified even when their information is associated only with a unique identifier, such as, a Unique Device Identifier. There are categories of information that may be considered ‘sensitive’ and which may need additional security. For example, log-on credentials.
Privacy: The ability for individuals to know how their personal information will / is being collected, shared and used, and to exercise choice and control over its use.
Approach to Privacy
mobilityView Inc. is committed to protecting the privacy of all users, by developing technology that is proactively designed to safe guard privacy. Hence, Privacy by Design (PbD) methodology has been used in the design of our products and services, from the ground up. Our approach to privacy goes above and beyond compliance with regulatory requirements and law; we strive to make privacy assurance a default mode of operation.
Prior to downloading and using our products and services, mobilityView Inc. shall always:
- Be transparent: we shall always tell you who we are, what personal information we are seeking to require, what we intend to do with this information and who we intend to share it with, and most importantly, why.
- Help you manage your privacy: we shall always endeavour to make you aware of our product and service’s privacy default settings.
- Give you easy to understand choices and mechanisms for managing your privacy: we will make it easy not hard.
mobilityView Inc. have taken additional steps to be compliant with:
- The Global Privacy Standard
- Privacy by Design 7 Foundational Principles
- GSMA Privacy By Design Guidelines for Mobile Application Development
Personal Information
mobilityView Inc. collects and retains personally identifiable information from employers, employees and mobile smart devices, including diagnostic information for fault finding purposes, as follows:
Employer Liable
| Information Collected | Who can see it? | What it is used for? | How long is it kept for? | Where is the information stored? |
|---|---|---|---|---|
| Company Name | mobilityView Inc. / Employer | Registration / identification on the system | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Employer Point of Contact Name | Employer / Employee | Registration / identification on the system | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Employer Point of Contact Email address | Employer / Employee | Registration / identification on the system | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Employer Point of Contact Mobile (cell) number (MSISDN) | Employer / Employee | Registration / identification on the system | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Billing Postal Address | Employer | Billing Remittance | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Credit Card Details / Invoicing Details | Employer | Quarterly Advance Billing | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Employee Name | Employer / Employee | Registration / identification on the system | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Business contacts from Employer data repository | Employer | Categorisation of voice / data usage | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Domain names from employer business contacts | Employer / Employee | Categorisation of voice / data usage | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Employee Email address | Employer / Employee | Registration / identification on the system | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Employee Mobile (cell) number (MSISDN) | Employer / Employee | Registration / identification on the system / Device Selection | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
Employee Liable
| Information Collected | Who can see it? | What it is used for? | How long is it kept for? | Where is the information stored? |
|---|---|---|---|---|
| Company Name (Optional) | Employee / mobilityView Inc. / Employer (Expense Report generated by the Employee) | Registration / identification on the system | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Name | Employee / mobilityView Inc. / Employer (Expense Report generated by the Employee) | Registration / identification on the system | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Email address | Employee / mobilityView Inc. / Employer (Expense Report generated by the Employee) | Registration / identification on the system | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Mobile (cell) number (MSISDN) | Employee / mobilityView Inc. / Employer (Expense Report generated by the Employee) | Registration / identification on the system / Device Selection | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Billing Postal Address | Employee / mobilityView Inc. | Billing Remittance | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Credit Card Details / Invoicing Details | Employee / mobilityView Inc. | Advance Billing | Until the service is terminated by the employer and / or statutory period defined by local law | Sent directly to our credit card processing gateway (Stripe) without ever passing through mobilityView servers. Stored on a FIPA-compliant server and periodically used to perform a payment transaction |
This information is used for registration of mobilityView Inc. products and services and billing purposes.
Personal Information Collected from Mobile Smart Devices
mobilityView Inc. collects and retains secondary information, from mobile smart device(s), as follows, and shall seek active consent from the End User (employer and employees):
Employer Liable
| Information Collected | Who can see it? | What it is used for? | How long is it kept for? | Where is the information stored? |
|---|---|---|---|---|
| Contacts from your mobile (cell) number (name, email address and phone number) | Employee | Categorisation of contacts | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Mobile plan tariff Information | Employer | Calculate cost | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Business Voice (phone number and duration of each phone call placed or received) / Data Usage (per-app mobile data usage and the name of the mobile network the device was connected to at the time) | Employer / Employee | Itemised expense claim | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Personal Voice (phone number and duration of each phone call placed or received) / Data Usage (per-app mobile data usage and the name of the mobile network the device was connected to at the time) | Employer (high-level aggregated summary only) / Employee | Itemised expense claim | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Device Applications (all apps on the device) | Employer / Employee | Itemised expense claim | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Business SMS / MMS (phone number and size of each text message sent or received) | Employer / Employee | Itemised expense claim | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Personal SMS / MMS (phone number and size of each text message sent or received) | Employer / Employee | Itemised expense claim | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Wi-Fi Data Usage (SSID and BSSID) | Employer / Employee | Itemised expense claim | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Location (roaming) | Employer / Employee | Itemised expense claim | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Device Display Type | Employer / Employee | Selection of Device on the System | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| SIM Card Country (from SIM Card) | Employer / Employer | Assigning Plan / Tariff | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| SIM Card Wireless Operator (from SIM Card) | Employer / Employer | Assigning Plan / Tariff | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| SIM Card Identifier (IMSI) (from SIM Card) | Employer | Track plan / Tariff assigned to SIM card | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
Employee Liable
| Information Collected | Who can see it? | What it is used for? | How long is it kept for? | Where is the information stored? |
|---|---|---|---|---|
| Contacts from your mobile (cell) number (name, email address and phone number) | Employee | Categorisation of contacts | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Mobile plan tariff Information | Employee | Calculate cost | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Business Voice (phone number and duration of each phone call placed or received) / Data Usage (per-app mobile data usage and the name of the mobile network the device was connected to at the time) | Employee / Employer (only via Expense Claim Submitted by Employee) | Itemised expense claim | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Personal Voice (phone number and duration of each phone call placed or received) / Data Usage (per-app mobile data usage and the name of the mobile network the device was connected to at the time) | Employee / Employer (only via Expense Claim Submitted by Employee) | Itemised expense claim | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Device Applications (all apps on the device) | Employer / Employee | Itemised expense claim | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Business SMS / MMS (phone number and size of each text message sent or received) | Employer / Employee | Itemised expense claim | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Personal SMS / MMS (phone number and size of each text message sent or received) | Employer / Employee | Itemised expense claim | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Wi-Fi Data Usage (SSID and BSSID) | Employer / Employee | Itemised expense claim | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Location (roaming) | Employer / Employee | Itemised expense claim | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Device Display Type | Employee | Selection of Device on the System | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| SIM Card Country (from SIM Card) | Employee | Assigning Plan / Tariff | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| SIM Card Wireless Operator (from SIM Card) | Employee | Assigning Plan / Tariff | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| SIM Card Identifier (IMSI) (from SIM Card) | Employee | Track plan / tariff assigned to SIM card | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
Diagnostic Information
mobilityView Inc. collects and retains the following secondary information, for diagnostic and fault finding purposes only and shall seek active consent from the End User (employer and employee):
| Information Collected | Who can see it? | What it is used for? | How long is it kept for? | Where is the information stored? |
|---|---|---|---|---|
| Device Brand Type | mobilityView Inc. | System Diagnostics & Fault Finding | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityyView Inc. |
| Device Type | mobilityView Inc. | System Diagnostics & Fault Finding | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Device Fingerprint Capability | mobilityView Inc. | System Diagnostics & Fault Finding | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Device Hardware Version | mobilityView Inc. | System Diagnostics & Fault Finding | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Device OS Build ID | mobilityView Inc. | System Diagnostics & Fault Finding | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Device Model Type | mobilityView Inc. | System Diagnostics & Fault Finding | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Device Manufacturer | mobilityView Inc. | System Diagnostics & Fault Finding | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Device Product Identifier | mobilityView Inc. | System Diagnostics & Fault Finding | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Device Serial Number (IMEI) | mobilityView Inc. | System Diagnostics & Fault Finding | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| State of NFC Tag at Discovery | mobilityView Inc. | System Diagnostics & Fault Finding | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Device Version | mobilityView Inc. | System Diagnostics & Fault Finding | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Device Version Codes | mobilityView Inc. | System Diagnostics & Fault Finding | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Device Hardware ID | mobilityView Inc. | System Diagnostics & Fault Finding | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| Device Radio Version | mobilityView Inc. | System Diagnostics & Fault Finding | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
| SIM Cad Wireless Operator ID (Short code) | mobilityView Inc. | System Diagnostics & Fault Finding | Until the service is terminated by the employer and / or statutory period defined by local law | Secure data centre belonging to employer or mobilityView Inc. |
Secret (Silent) Collection of Information
mobilityView Inc. collects and retains personally identifiable information from employers, employees and mobile smart devices, including diagnostic information for fault finding purposes. If there is any change in the type of information being collected and retained, mobilityView Inc. shall always seek consent / active consent from all users of their products and services (employers and employees).
mobilityView Inc. shall never collect information in secret or in silence, without prior notification and consent / active consent from any users of their products and services (employers and employees).
Sharing Personal Information with Third Parties
mobilityView Inc. collects and retains personally identifiable information from employers, employees and mobile smart devices, including diagnostic information for fault finding purposes.
mobilityView Inc. also uses your personally identifiable information to inform you of other products or services available from mobilityView Inc. and its affiliates. mobilityView Inc. may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
mobilityView Inc. does not sell, rent or lease its customer lists to third parties. mobilityView Inc. may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (email, name, address, telephone number) is not transferred to the third party.
In addition, mobilityView Inc. may share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to mobilityView Inc., and they are required to maintain the confidentiality of your information.
mobilityView Inc. shall sell anonymised data to third parties generated from its products and services. mobilityView Inc. shall always seek consent / active consent from all users of their products and services (employers and employees) to sell anonymised data.
Silent Updates
mobilityView Inc. shall never update its product or services in secret or in silence, without prior notification and consent / active consent from any users of their products and services (employers and employees).
Data Retention and Security
mobilityView Inc. secures your personal information from unauthorized access, use or disclosure. mobilityView Inc. secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure.
mobilityView Inc. products and services may also be deployed on Channel Partner / Customer computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure.
mobilityView Inc. shall adopt technical measures and business processes to prevent the misuse or corruption of personal information and authenticate users, where possible, using risk-appropriate authentication methods. Note, personal information, is subject to retention and deletion periods that are justified according to clearly identified business needs or legal obligations.
For example, personal information shall always be stored and transmitted in a secure manner. For example, transmitting personal data is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
mobilityView Inc. shall actively manage identifiers used to link to an individual End User of mobilityView Inc. products and services and keep this information up to date. mobilityView Inc. shall:
- Ensure any unique identifiers apply to only one unique user
- Ensure unique identifiers are kept up to date and kept only for as long as necessary to fulfill the product and services purpose and reasons notified to users
- Prevent a unique identifier being associated with another user, unless required by a justified business need
mobilityView Inc. shall seek not to store personal information on mobile smart devices. However, there are occasions where this might not be possible, for example, in poor coverage areas or restricted coverage areas. In these situations, mobilityView Inc. shall securely encrypt personal information and securely transmit it as soon as economically viable coverage is available. For example, the use of Wi-Fi in international cellular roaming situation, which prevent cost effect transmission of data.
Location
mobilityView Inc. collects and retains personally identifiable information from employers, employees and mobile smart devices, including diagnostic information for fault finding purposes. This includes location information, as follows:
- Wireless Network ID
- Wireless Network Cell ID
- Wi-Fi SSID
- Country and wireless operator the SIM card is attached to currently
This information is used to select and apply the correct plan / tariff to calculate costs from usage data captured from the smart mobile device. This also enables appropriate cost containment options to be selected on mobilityView Inc. products and services by employers or employees, depending on the product or service purchase scenario (employer liable or employee liable)
As stated previously, in the Personal Information and Personal Information Collected from Mobile Smart Devices sections, consent / active consent shall always be sort from End Users and this information is retained for the duration of retaining mobilityView Inc. product and services and statutory period defined by local laws, for this type of data.
Location information shall also be anonymised, see Sharing Personal Information with Third Parties section.