SMB App Privacy Policy
1. Introduction and Scope
This Privacy Statement applies to the Gallagher SMB App (“the App”), supplied by Gallagher Group Limited (“Gallagher”) and explains how our organisation stores and uses the personal information we collect about you when you use the App. The App allows an authorised user to interact with the Gallagher SMB security system (“the SMB System”) at their site. By using the App you are deemed to consent to this Privacy Statement, if you do not accept this Privacy Statement you should delete the App and notify your site administrator or business owner.
2. How to Reach Us
Please note that the App and our cloud services are processing personal information on behalf of a site that has a SMB System. For questions or complaints about the personal information the site hold about you, please contact the business owner or administrator of the site that invited you to use the App.
For privacy questions to Gallagher please contact us by email to privacy@gallagher.com or by phone by calling 0064 7 8389800 or 0800 654 256 (NZ only).
3. Personal Information, Collection and Uses
3.1 What is personal information
Personal Information is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, or an online identifier. When we later refer to “personal details”, we mean information such as your name, email address, phone number, and physical address. When we later refer to “device details”, we mean information such as model and operating system.
3.2 How we collect personal information
Registration for the App will involve your business owner or administrator entering your name, email and mobile number in the Gallagher SMB cloud. The SMB System then uses these details to send an invite to you. Once you register your details, a mobile credential is downloaded to your phone for the purpose of identifying your device when you connect to the SMB System. This mobile credential is also stored in the cloud for the purposes of authentication and sending you notifications.
We also collect some basic device details, to ensure functional operation of our service (see 3.5.3).
We also record actions performed using your device when it interacts with the SMB System, which are associated with your name for auditing purposes.
3.3 Marketing agencies
We do not share your personal information with marketing agencies. Your information will not be sold, exchanged, transferred or given to any other company.
3.4 Third-party service providers
We may temporarily provide your personal information to companies that perform services for us, such as Apple or Google Firebase.
For sites that have subscribed to guarding we will provide the guarding service with the name and phone number of the person who called the guard (via the App) or the key account holder of the site if the call out is made automatically by the SMB System.
3.5 Situations where we process your personal information
3.5.1 Registration of your Mobile Credential ID
Registration will involve the site storing your personal details on the Gallagher SMB cloud. In the event you no longer have a security system role at an individual site, the site owner may delete your profile from that site. You may ask your site owner to delete your details from their SMB System, but you will no longer have access to use the App for that site. You may need to do this for more than one site.
We may store your email and mobile number in the Gallagher SMB cloud which is hosted regionally by AWS. Your email address is used for site invitations and as a unique identifier for your account. Your phone number may also be used if SMS verification is required and/or for the purpose of informing you of updates to the App.
3.5.2 Using your device
3.5.2.1 Mobile Arming when there’s no connection to the cloud service or for access through a door
The App communicates with the Gallagher Bluetooth® Low Energy or NFC equipped Reader to provide a connection to the SMB System to perform actions such as arming/disarming areas or to provide access through doors. To use this functionality, you must have a registered mobile credential.
When your device communicates with a Gallagher Reader, it sends your mobile credential ID (a random number which is associated to you) and then uses the FIDO UAF protocol to securely authenticate your device. More information on FIDO can be found at https://www.fidoalliance.org.
3.5.2.2 Location Services
The App may ask for permission to access your device's location. For Android devices, location permissions are required to use Bluetooth® Low Energy scanning in any way. For iOS devices, location permissions are required to enable background scanning.
The Gallagher SMB cloud does not use your location. It is never stored or transmitted in any way. These location permission requests are only in place because the operating system requires them to enable the above Bluetooth® Low Energy features.
3.5.2.3 Log data and troubleshooting
The App will collect logs to assist in troubleshooting should an error occur. This includes information about your activity. These logs are stored locally on your device and are not accessible to anybody unless you choose to share them. Details of the error may be sent to Gallagher’s Sentry account (www.sentry.io) and used to help us improve our product. These details include Device Type, OS Versions, IP address and user ID.
3.5.3 Telemetry
Whenever your App communicates with Gallagher’s cloud services, we send and store the following information to provide you with services and to enable us to improve our products:
Last device logon date and time Mobile Device Operating System (e.g. iOS or Android)
Operating System Version (e.g. iOS 11.4.1)
Installed versions of the Gallagher SMB App
Authentication token
We store a history of your connections for a period of one year.
3.5.4 Other
System Administrators at Gallagher may access a site’s SMB System for the purpose of troubleshooting.
3.6 Storage and Security
Personal information collected on this website is collected and held by Gallagher. We will take reasonable efforts to protect personal information that is held by us from loss, misuse, unauthorised access, disclosure, alteration, or destruction. However, should a breach of data occur Gallagher will notify you as soon as reasonably possible.
4. Your Privacy Choices
We are processing your personal details on behalf of a site that has a SMB System installed. If you do not register using our App or if you delete the App or the mobile credential, you will not be able to use your device to interact with the SMB System to perform actions e.g. arming or disarming the site. To stop receiving notifications from a particular site, or for questions or complaints about your personal information, please contact the business owner or administrator of the site that invited you. To stop receiving notifications from the site, you may disable them for the App on your device. However, if you are a site manager, every time you log on you will be prompted to re-enable them as the ability to receive notifications is a fundamental part of the site manager role. Your personal information will be used for the purposes and functions required to support the use of the SMB System.
5. Minors
We do not knowingly collect or solicit personal information from children under 16. If you are under the age of 16 you must inform your parents or caregiver of the collection and use of your information and have them read this privacy notice. If you are a parent or caregiver of a child under the age of 16 you may request that the child’s personal data be removed from our database by contacting the business owner or administrator of the site who can delete the data on your behalf or you may consent to their personal information being processed according to this policy.
6. Cookies, Web Beacons and Other Technologies
Wherever possible, we have disabled tracking by Google and Apple in the App. We store Cookies.
7. Cross-Border Transfers
We use cloud services from Amazon AWS on computer systems hosted regionally. We have a data processing agreement with AWS including Standard Data Protection Clauses to confirm the appropriate safeguards.
8. Data Retention
|
Data retention on Gallagher SMB cloud services |
||
|
Your Name |
Collected and stored |
3.5.1 |
|
Your email address |
Collected and stored |
3.5.1 |
|
Your phone number |
Collected and stored |
3.5.1 |
|
Location |
Not collected but is required to be activated on your device for Bluetooth service to work. |
3.5.2.2 |
|
Log data |
On your device and in the Gallagher Cloud service. Collected logs are deleted after a year. |
3.5.2.3 |
|
Telemetry data |
We store a history of your connections for a period of one year. |
3.5.3 |
|
IP address |
Collected and stored |
3.5.3 |
9. Information Security
Gallagher takes cyber security seriously. We intend to protect your personal information and to maintain its accuracy. Gallagher implements reasonable physical administrative and technical safeguards (such as system monitoring and encryption) to help us protect your personal information from unauthorised access, use and disclosure. We restrict access to your personal information to those employees who “need to know” it to provide services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities. We also require that our suppliers protect personal information from unauthorised access, use and disclosure.
10. Complaints
In many countries, you have a right to lodge a complaint with the appropriate privacy or data protection authority if you have concerns about how we process your personal information.
We aim to resolve complaints quickly and informally. If you wish to proceed to a formal privacy complaint, we will need you to make your complaint in writing to our Privacy Officers, as above. We will then acknowledge your formal complaint within 10 working days.
If you are not satisfied with the responses from your site or from us, you may contact the appropriate national privacy authority.
11. Changes and Updates to this Privacy Statement
This Statement is effective from 1 November 2022 and supersedes all previous notices or statements regarding our privacy and data protection practices and the terms and conditions that govern the use of the SMB System. We recognise that privacy and data protection is an ongoing responsibility, and so we review this Statement regularly and will update it from time to time as we undertake new practices or adopt new policies. You should check our website frequently to see the current Statement that is in effect for any updates we have made. We reserve the right to amend our Privacy Statement at any time, for any reason, without notice to you, other than posting the updated version on our website.
*Product currently available in New Zealand, Australia, and the US. View all SMB policies here.
Stay up to date with Gallagher
Get the latest Gallagher news, updates, and event information delivered straight to your inbox.