Command Centre mobile app privacy policy

Privacy Policy for Gallagher Command Centre iOS and Android

Revision 2.0 - September 2018

1. Introduction and Scope

This Privacy Statement applies to the Gallagher Command Centre App, supplied by Gallagher Group Limited, and its supporting Gallagher Cloud Service.

The App allows you to connect to your on-premise Command Centre server in order to manage your Command Centre security system. It may also receive alarm notifications in the form of Push Notifications (Mobile Notifications) from Apple or Google cloud services.

Data sent to and stored on the Command Centre server is under control of the Administrators of that server, and subject to any privacy policies those Administrators apply; It is not accessible by Gallagher or other third parties affiliated with Gallagher, unless at the discretion of the server Administrators.

2. How to Reach Us

Please note that our App and our cloud services are processing personal information on behalf of a site that has a Gallagher Command Centre access control system. For questions or complaints about the personal information they hold about you, please contact the site that invited you.

The world headquarters of Gallagher Group is in Hamilton, New Zealand, where we have appointed internal Privacy Officers. To enquire about this Privacy Statement, or if you have any technical questions about how the Gallagher Mobile Connect App works, please contact us via email or by calling +64 7 838 9800. You can also write to Privacy Officer, Gallagher Group Limited, 181 Kahikatea Drive, Hamilton 3206, New Zealand.

3. Personal Information, Collection and Uses

3.1 What is personal information?

Personal Information is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number or location data.

3.2 How we collect personal information

If Mobile Notifications are configured, your Command Centre server will send an anonymous token associated with your device to our cloud.

It will also send the Alarm message text associated with the notification, which we do not store.

We do not collect any other information associated with you or your use of the App.

3.3 Marketing agencies

We do not share your personal information with marketing agencies. Your information will not be sold, exchanged, transferred or given to any other company.

3.4 Third-party service providers

When we temporarily provide your personal information to companies that perform services for us, such as Apple or Google Firebase, written data processing agreements require them to protect the information.

3.5 Situations where we process your personal information

3.5.1 Mobile Notifications

If your Command Centre administrator enables the Mobile Notifications feature, and configures it to send Mobile Push Notifications to you, then, your Command Centre server must send an anonymous unique notification token obtained from your Mobile Device to our Cloud Services. We need to store this token in order to deliver notifications to your device.

When you delete the Mobile Device item representing your device from Command Centre, it will instruct our Cloud Services to also delete the anonymous notification token.

When an Alarm occurs on your site, and it is configured to be sent to you via Mobile Notifications, then your Command Centre server must upload the alarm message text to our Cloud Services so that we may send it to you. We do not store this text; it is sent to your device (via Google and Apple depending on your device operating system) then immediately discarded.

3.5.2 Use of the device Camera

The App may request use of your mobile device's camera in order to scan QR codes or barcodes for the purpose of extracting a Cardholder Identifier and looking up a Cardholder. The App does not take photos, or otherwise store or transmit any information gathered by the device camera or from images locally stored on your device.

3.5.3 Log data and troubleshooting

The App will collect logs to assist in troubleshooting should an error occur. This includes information about your activity, and may contain information about your Command Centre system, including such things as Reader names, statuses and access results (granted/denied/etc). These logs are stored locally on your device and are never sent unless by your explicit request.

4. Your Privacy Choices

We are processing your personal information on behalf of a site that has a Gallagher Command Centre access control system. To stop receiving notifications from a particular site, or for questions or complaints about your personal information, please contact the site that invited you.

5. Cookies, Web Beacons and Other Technologies.

Wherever possible, we have disabled tracking by Google & Apple in the App.

6. Cross-Border Transfers

We use cloud services from Amazon AWS on computer systems hosted in Australia, for which we rely on Standard Data Protection Clauses (Article 46 GDPR) to confirm the appropriate safeguards.

We also use cloud services from Apple and Google on computer systems hosted worldwide, for which we rely on a variety of legal mechanisms, including contracts and EU-US Privacy Shield.

7. Data Retention

Data retention on Gallagher Cloud Services
Your name or other information	Not collected
Anonymous notification token	Stored as long as required to send you notifications. When your mobile device is removed from Command Centre the notification token will be deleted from Gallagher Cloud Services	3.5.1
Alarm message text	Deleted following sending of the alarm notification	3.5.1
IP address	Not collected. Your device never communicates directly with Gallagher Cloud Services, so we have no way to determine or store your IP address. It only communicates with your on-premise Command Centre server.

 

8. Information Security

Gallagher takes cybersecurity seriously. We intend to protect your personal information and to maintain its accuracy. Gallagher implements reasonable physical administrative and technical safeguards (such as system monitoring and encryption) to help us protect your personal information from unauthorized access, use and disclosure. We restrict access to your personal information to those employees who “need to know” it to provide services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities. We also require that our suppliers protect personal information from unauthorized access, use and disclosure.

Data stored on the Gallagher Command Centre server for a site is under control of its Security Administrators, and subject to any security and privacy policies those Administrators apply. It is not accessible by Gallagher or other third parties affiliated with Gallagher.

9. Complaints

In many countries, you have a right to lodge a complaint with the appropriate privacy or data protection authority if you have concerns about how we process your personal information.

We aim to resolve complaints quickly and informally. If you wish to proceed to a formal privacy complaint, we will need you to make your complaint in writing to our Privacy Officers, as above. We will then acknowledge your formal complaint within 10 working days.

If you are not satisfied with the responses from your site or from us you may contact the appropriate national privacy authority.

Note: under GDPR, our nominated contact in Europe is the Regional Manager of Gallagher Security (Europe) Ltd in the UK, whose supervisory authority is the Information Commissioner’s Office (http://www.ico.org.uk).

10. Changes and Updates to this Privacy Statement.

This Statement is effective from 1 October 2018 and supersedes all previous notices or statements regarding our privacy and data protection practices and the terms and conditions that govern the use of Mobile Connect. The previous version of this Statement is available here.

We recognize that privacy and data protection is an ongoing responsibility, and so we review this Statement regularly and will update it from time to time as we undertake new practices or adopt new policies.

You should check our website frequently to see the current Statement that is in effect and any updates we have made. We reserve the right to amend our Privacy Statement at any time, for any reason, without notice to you, other than posting the updated version on our website.