Gallagher Mobile Connect App Privacy Policy
Revision 2.0 - March 2024
1. Introduction
Gallagher understand that your privacy is important. This policy demonstrates our commitment to your privacy. This policy applies to the Gallagher Mobile Connect Application and it’s supporting Gallagher Cloud Services, supplied by Gallagher Group Limited.
Your use of the Application is at the request of a Gallagher Customer. The Gallagher Customer is the organization that uses the Gallagher Command Centre access control system. This privacy policy doesn’t apply to any personal data you may provide to the Gallagher Customer.
The Gallagher Mobile Connect Application allows you to generate and store an access credential on your mobile device (smartphone or tablet), in response to an invitation from a Gallagher Customer. Once you have accepted the credential, the Application allows the Gallagher Customer to broadcast important security and safety messages to you.
If the Gallagher Customer is also an Apple Participating Provider, the Application allows you to add an Apple Employee Badge to Apple Wallet on your Apple devices, for use at the Gallagher Customer’s Command Centre access control system.
2. Personal information, collection and uses
2.1 What is personal information?
Personal Information is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number or location data.
2.2 How we collect personal information.
Registration will involve the Gallagher Customer passing Gallagher your email address and phone number to process (see 2.5.1). We also collect some basic information about your device such as model and operating system, to ensure functional operation of our service (see 2.5.4).
If the Gallagher Customer is an Apple Participating Provider and you add an Apple Employee Badge to Apple Wallet on your Apple device, we will also pass your personal information to Apple (see 2.5.5).
2.3 Marketing agencies
We do not share your personal information with marketing agencies. Your information will not be sold, exchanged, transferred, or given to any other company.
2.4 Third-party service providers
When we temporarily provide your personal information to companies that perform services for us, such as Apple or Google Firebase, written data processing agreements require them to protect the information.
2.5 Situations where we process your personal information:
2.5.1 Registration of your Mobile Credential ID
Registration will involve the Gallagher Customer passing us your email address and phone number for our cloud services to process. We use this information to send you an email and a text message, which the Application will use to randomly generate your Mobile Credential ID.
We do not store your email address: we send the email message and immediately discard the address.
We store your phone number for the minimum period required to provide the service. As soon as your mobile credential is registered, or the registration invite expires we discard the phone number.
Mobile credentials are stored only on your device, which means you can delete them. The contact information we hold about you is replaced by tokens, which are meaningless but unique numbers. The tokens are stored both on your device and in our cloud database.
2.5.2 Using your device as an access credential:
2.5.2.1 Mobile access
The Application communicates with Gallagher Bluetooth® Low Energy or NFC equipped readers, allowing you to gain access to areas or perform actions such as arming/disarming zones or locking/unlocking doors. In order to provide this functionality, you must have a registered mobile credential.
When your device communicates with a reader, it sends your Mobile Credential ID (a random number which cannot be associated to you without administrative access to the Command Centre server) and then uses the FIDO UAF protocol to securely authenticate your device. More information on FIDO can be found at https://www.fidoalliance.org
2.5.2.2 Location Services
The Application may ask for permission to access your device's location. For Android devices, location permissions are required to use Bluetooth® Low Energy scanning in any way. For iOS devices, location permissions are required to enable Background scanning.
Gallagher Mobile Connect does not use your location. It is never stored or transmitted in any way. These location permission requests are only in place because the operating system requires them to enable the above Bluetooth® Low Energy features.
2.5.2.3 Log data and troubleshooting
The Application will collect logs to assist in troubleshooting should an error occur. This includes information about your activity and may contain information about the Gallagher Customer’s Command Centre system, including such things as reader names, statuses, and access results (granted/denied/etc). These logs are stored locally on your device and are never sent unless by your explicit request.
2.5.3 Broadcast Notifications and message handling
The Application allows the Gallagher Customer’s site administrators to send Push Notifications to your device so they can inform you of security/safety related incidents or any other purpose of their choosing.
In order to provide this functionality, you must have a registered mobile credential (see above).
When you open the Application, it will communicate with our cloud services to retrieve any notifications that may have been sent to you. For your device to securely authenticate, it sends your Mobile Credential ID and then uses FIDO (see above).
When your site security staff send you a notification, the site name and notification text is stored by our cloud services. Immediately after your device retrieves the notifications, they are deleted. Un-retrieved notifications will be deleted after 7 days.
2.5.4 Telemetry
To improve the Application and our services, we send and store the following information:
- Your mobile device operating system (e.g. iOS or Android)
- Your mobile device operating system version (e.g. iOS 16.5.1)
- The Application version (e.g. 16.01.054)
- The last time your mobile device connected to our cloud services
- Your Mobile Credential ID
Although your IP address is sent, we do not store it. We store only the most recent copy of this information in our cloud. We do not store history of your connections over time.
Our cloud services explicitly do not store any other information that would enable Gallagher to associate this information with an individual. As above, your Mobile Credential ID is a random number that cannot be associated to you without administrative access to the Gallagher Customer’s Command Centre server.
2.5.5 Registration of an Apple Employee Badge
Registration will involve you selecting the “Add to Apple Wallet” button for the credential that you registered on your mobile device.
When the “Add to Apple Wallet” button is selected, the Application communicates with our cloud services to retrieve your Mobile Credential ID from our cloud database. Gallagher then use your Mobile Credential ID to retrieve your First Name, Last Name, and Cardholder ID from the Gallagher Customer’s Command Centre server.
Our cloud services then generate an Apple Employee Badge ID. Your First Name, Last Name, Cardholder ID, and Apple Employee Badge ID are used to provision your Apple Employee Badge.
Your First Name is displayed on the front of the Apple Employee Badge. Your First Name and Last Name (full name) are displayed on the rear of the Apple Employee Badge. Your First Name, Last Name, Cardholder ID, Mobile Credential ID, and Apple Employee Badge ID are stored in our cloud database.
3. Your privacy choices
We are processing your personal information on behalf of a Gallagher Customer. If you do not register using our Application, or if you delete the Application or the credential, then you will not be able to use your device to access the Gallagher Customer’s site. To stop receiving notifications from a Gallagher Customer, or for questions or complaints about your personal information, please contact the Gallagher Customer that invited you.
4. Cookies, web beacons and other technologies.
Wherever possible, we have disabled tracking by Google & Apple in the Application.
5. Cross-border transfers
We use cloud services from Amazon AWS on computer systems hosted in Australia, for which we rely on Standard Data Protection Clauses (Article 46 GDPR) to confirm the appropriate safeguards.
6. Data Retention
Your Email address | Deleted following registration of your credential. | 2.5.1 |
Your phone number | Deleted following registration of your credential but not retained longer than the number of days, set by the Gallagher Customer (default 7 days). | 2.5.1 |
Your Mobile Credential ID | A randomly generated globally unique number. Stored in our cloud database. | 3.5.1 |
Log data from the reader to the Gallagher Customer’s Command Centre server | Stored by the Gallagher Customer. Not collected or stored by this Application. | 2.5.2.1 |
Location | Not collected but is required to be activated on your device for Bluetooth service to work. | 2.5.2.2 |
Log data (on device) | Only stored on your device. | 2.5.2.3 |
Your Messages | Pass through our cloud services on the way to your device and then deleted, however may be temporarily stored until you activate the Gallagher Mobile Connect Application. | 2.5.3 |
Telemetry data | We store only the most recent copy of this information in the cloud, and we do not store history of your connections over time. | 2.5.4 |
IP address | Although your IP address is sent, we do not store it. | 2.5.4 |
Your first name | Retrieved from the Gallagher Customer when you add an Apple Employee Badge to Apple Wallet. Stored in our cloud database. Used by our cloud services to auto-provision your Apple Employee Badge to your Apple Watch when online. Purged from our cloud database when your cardholder record is removed or redacted from Gallagher Command Centre by the Gallagher Customer. | 2.5.5 |
Your last name | Retrieved from the Gallagher Customer when you add an Apple Employee Badge to Apple Wallet. Stored in our cloud database. Used by our cloud services to auto-provision your Apple Employee Badge to your Apple Watch when online. Purged from our cloud database when your cardholder record is removed or redacted from Gallagher Command Centre by the Gallagher Customer. | 2.5.5 |
Your cardholder ID | Retrieved from the Gallagher Customer when you add an Apple Employee Badge to Apple Wallet. Stored in our cloud database. Used by our cloud services when you or the Gallagher Customer suspends, resumes, or removes your Apple Employee Badge. | 2.5.5 |
Your Apple employee badge ID | Generated when you add an Apple Employee Badge to Apple Wallet. Stored in our cloud database. Used by our cloud services when you or the Gallagher Customer suspends, resumes, or removes your Apple Employee Badge. | 2.5.5 |
7. Information security
Gallagher takes cybersecurity seriously. We intend to protect your personal information and to maintain its accuracy. Gallagher implements reasonable physical administrative and technical safeguards (such as system monitoring and encryption) to help us protect your personal information from unauthorised access, use and disclosure. We restrict access to your personal information to those employees who “need to know” it to provide services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities. We also require that our suppliers protect personal information from unauthorised access, use and disclosure.
Data stored on the Gallagher Customer’s Command Centre server for a site is under control of its security administrators, and subject to any security and privacy policies those administrators apply. It is not accessible by Gallagher or other third parties affiliated with Gallagher.
8. Complaints
In many countries, you have a right to lodge a complaint with the appropriate privacy or data protection authority if you have concerns about how we process your personal information.
We aim to resolve complaints quickly and informally. If you wish to proceed to a formal privacy complaint, we will need you to make your complaint in writing to our Privacy Officers, as above. We will then acknowledge your formal complaint within 10 working days. If we are unable to resolve your complaint, you may approach your national privacy authority.
Note: under UK-GDPR, our nominated representative in the UK is the Regional Manager of Gallagher Security (Europe) Ltd, whose supervisory authority is the Information Commissioner’s Office (http://www.ico.org.uk).
Under EU-GDPR our nominated representative is Peter Tientij who can be contacted at privacy.eu@gallagher.com, whose supervisory authority is Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/nl)
9. Changes and updates to this privacy policy
This privacy policy is effective from 28th of March 2024 and supersedes all previous notices or statements regarding our privacy and data protection practices and the terms and conditions that govern the use of the Gallagher Mobile Connect Application.
The previous version of this policy is available at https://security.gallagher.com/mobile-connect-privacy-policy-archive
We recognise that privacy and data protection is an ongoing responsibility, and so we review this policy regularly and will update it from time to time as we undertake new practices or adopt new policies.
You should check our website frequently to see the current policy that is in effect and any updates we have made. We reserve the right to amend our privacy policy at any time, for any reason, without notice to you, other than posting the updated version on our website.
10. Contact us
The world headquarters of Gallagher Group Limited is in Hamilton, New Zealand, where we have appointed internal Privacy Officers. To enquire about this Privacy Policy or if you have any technical questions about how the Gallagher Mobile Connect Application works, please contact us via email (privacy@gallagher.com) or by calling +64 7 838 9800. You can also write to Privacy Officer, Gallagher Group Limited, 181 Kahikatea Drive, Hamilton 3206, New Zealand.
Apple, Apple Wallet are trademarks of Apple Inc., registered in the U.S. and other countries and regions.
Stay up to date with Gallagher
Get the latest Gallagher news, updates, and event information delivered straight to your inbox.