Cloud API Gateway privacy policy

Privacy Policy for Gallagher Cloud API Gateway

Revision 1.0 - November 2021

1. Introduction and Scope

This Privacy Statement applies to the Gallagher Cloud API Gateway service, provided by Gallagher Group Limited.  

The API Gateway provides a channel for secure access to the REST API of a Command Centre server that is simple for site operators to configure and for third-party integrators to use.It can accept requests from anywhere on the internet, allowing other cloud services or non-local clients to tunnel REST APIrequests through to an on-premises Command Centre server.

2. How to Reach Us

Please note that the API Gateway service is processing personal information on behalf of a site that has a Gallagher Command Centre access control system. For questions or complaints about the personal information they hold about you, please contact the site involved.

The world headquarters of Gallagher Group is in Hamilton, New Zealand, where we have appointed internal Privacy Officers. To enquire about this Privacy Statement, or if you have any technical questions about how the Gallagher API Gateway App works, please contact us via email (privacy@gallagher.com) or by calling +64 7 838 9800. You can also write to Privacy Officer, Gallagher Group Limited, 181 Kahikatea Drive, Hamilton 3206, New Zealand.

3. Personal Information, Collection and Uses

3.1 What is personal information?

Personal Information is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number or location data.

3.2 Personal information in the API Gateway

The API Gateway does not collect personal information, nor does it require any such information for its function. 

The API Gateway holds information required to authenticate REST API clients and forward requests to the appropriate Command Centre site. This information is anonymized and is not linkable to any individual.

We do not collect any other information associated with you or your use of the App.

 

4. Your Privacy Choices

Access via the API Gateway is configured by each Gallagher Command Centre system.

Client authentication information is only sent to the API Gateway where the site is configured to allow API Gateway access both as a whole and for the individual client. If either of these configurations change to disallow access, the information is removed from the API Gateway.

 

5. Cookies, Web Beacons and Other Technologies.

The API Gateway does not use or integrate with any third-party analytics or tracking services.

Gallagher utilizes internal metrics which are anonymized and cannot be linked to any individual.

 

6. Cross-Border Transfers

The API Gateway uses cloud services from Amazon AWS on computer systems hosted in the United States and Australia. Each API Gateway region deployment is independent and does not communicate with other regions except for the configuration fetching with the Gallagher Command Centre Service in Australia.

We rely on Standard Data Protection Clauses (Article 46 GDPR) to confirm the appropriate safeguards.

 

7. Data Retention

The API Gateway maintains no form of persistent data storage (such as a database or file system) and retains no user data that flows through it.

8. Data Processing

Operating as a gateway tunneling REST API requests and responses between clients and Command Centre servers, the API Gateway has visibility of this data.

Gallagher policy is to never inspect, modify, save, log, or extract any personal information.

 

9. Information Security

Gallagher takes cybersecurity seriously. Gallagher implements reasonable physical administrative and technical safeguards (such as system monitoring and encryption) to help us protect your personal information from unauthorized access, use and disclosure. We restrict access to your personal information to those employees who “need to know” it to provide services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities. We also require that our suppliers protect personal information from unauthorized access, use and disclosure.

Data stored on the Gallagher Command Centre server for a site is under control of its Security Administrators, and subject to any security and privacy policies those Administrators apply. It is not accessible by Gallagher or other third parties affiliated with Gallagher.

 

10. Complaints

In many countries, you have a right to lodge a complaint with the appropriate privacy or data protection authority if you have concerns about how we process your personal information.

We aim to resolve complaints quickly and informally. If you wish to proceed to a formal privacy complaint, we will need you to make your complaint in writing to our Privacy Officers, as above. We will then acknowledge your formal complaint within 10 working days.

If you are not satisfied with the responses from your site or from us you may contact the appropriate national privacy authority.

Note: Under EU-GDPR our nominated representative is Peter Tientij who can be contacted at privacy.eu@gallagher.com, whose supervisory authority is Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/nl)

 

11.Changes and Updates to this Privacy Statement

This Statement is effective from 1 November 2021.

We recognize that privacy and data protection is an ongoing responsibility, and so we review this Statement regularly and will update it from time to time as we undertake new practices or adopt new policies.

You should check our website frequently to see the current Statement that is in effect and any updates we have made. We reserve the right to amend our Privacy Statement at any time, for any reason, without notice to you, other than posting the updated version on our website.