Command Centre Web Privacy Policy

Privacy Policy for Command Centre Web

Revision 1.0 - August 2022

1. Introduction and Scope

This Privacy Statement applies to the Command Centre Web service, provided by Gallagher Group Limited. 

Command Centre Web allows you to connect to your on-premise Command Centre server via the Gallagher API Gateway, in order to manage your Command Centre system.  The Gallagher API Gateway is a channel for secure access to the REST API of a Command Centre server that is simple for site operators to configure. It can accept requests from anywhere on the internet, allowing Command Centre Web to tunnel REST API requests through to an on-premises Command Centre server.

 

2. How to Reach Us

Please note that the Command Centre Web is processing personal information on behalf of a site that has a Gallagher Command Centre access control system. For questions or complaints about the personal information they hold about you, please contact the site involved.

The world headquarters of Gallagher Group is in Hamilton, New Zealand, where we have appointed internal Privacy Officers. To enquire about this Privacy Statement, or if you have any technical questions about how the Gallagher Command Centre Web works, please contact us via email (mailto:privacy@gallagher.com) or by calling +64 7 838 9800. You can also write to Privacy Officer, Gallagher Group Limited, 181 Kahikatea Drive, Hamilton 3206, New Zealand.

 

3. Personal Information, Collection and Uses

3.1 What is personal information?

Personal Information is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number or location data.

3.2 Personal information in Command Centre Web

Command Centre Web does not collect personal information, nor does it require any such information for its function. 

The API Gateway holds information required to authenticate REST API clients and forward requests from Command Centre Web to the appropriate Command Centre site. This information is anonymised and is not linkable to any individual.

4. Your Privacy Choices

Command Centre Web is configured by each Gallagher Command Centre system.

Data is only accessible through Command Centre Web where the site is configured to allow API Gateway access both as a whole and set up the web client. If either of these configurations change to disallow access, the information is removed from the API Gateway.

 

5. Cookies, Web Beacons and Other Technologies

Command Centre Web uses cookies to collect information about how users use our product. The information gathered via these cookies does not ‘directly’ identify any individual user.

Usage data will include information such as your device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, unique device identifiers. IP address is only used for the purpose of determining regional location (i.e. City or Country), to ensure we continue to have the right level of support in your region.

The information collected is aggregated and anonymous. We use this information to help operate our Service more efficiently, to gather broad demographic information and to monitor the level of activity on our Service.

Gallagher utilises internal metrics which are anonymised and cannot be linked to any individual.

 

6. Analytics

We may use Service Providers to monitor and analyse the use of our Service.

PostHog is a product analytics platform built for the modern enterprise, with the differentiators of being open source and having a broader view of the tools needed to make a product successful.

For more information about PostHog, please visit their Privacy Policy: https://posthog.com/privacy

 

7. Cross-Border Transfers

The API Gateway uses cloud services from Amazon AWS on computer systems hosted in the United States and Australia. Each API Gateway region deployment is independent and does not communicate with other regions except for the configuration fetching with the Gallagher Command Centre Service in Australia.

We rely on Standard Data Protection Clauses (Article 46 GDPR) to confirm the appropriate safeguards.

 

8. Data Retention

The API Gateway maintains no form of persistent data storage (such as a database or file system) and retains no user data that flows through it.

 

9. Data Processing

Operating as a gateway tunnelling REST API requests and responses between clients and Command Centre servers, the API Gateway has visibility of this data.

Gallagher policy is to never inspect, modify, save, log, or extract any personal information.

 

10. Information Security

Gallagher takes cybersecurity seriously. Gallagher implements reasonable physical administrative and technical safeguards (such as system monitoring and encryption) to help us protect your personal information from unauthorised access, use and disclosure. We restrict access to your personal information to those employees who “need to know” it to provide services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities. We also require that our suppliers protect personal information from unauthorised access, use and disclosure.

Data stored on the Gallagher Command Centre server for a site is under control of its Security Administrators, and subject to any security and privacy policies those Administrators apply. It is not accessible by Gallagher or other third parties affiliated with Gallagher.

 

11. Complaints

In many countries, you have a right to lodge a complaint with the appropriate privacy or data protection authority if you have concerns about how we process your personal information.

We aim to resolve complaints quickly and informally. If you wish to proceed to a formal privacy complaint, we will need you to make your complaint in writing to our Privacy Officers, as above. We will then acknowledge your formal complaint within 10 working days.

If you are not satisfied with the responses from your site or from us you may contact the appropriate national privacy authority.

Note: Under EU-GDPR our nominated representative is Peter Tientij who can be contacted at privacy.eu@gallagher.com, whose supervisory authority is Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/nl)

 

12.Changes and Updates to this Privacy Statement

This Statement is effective from 1 August 2022.

We recognise that privacy and data protection is an ongoing responsibility, and so we review this Statement regularly and will update it from time to time as we undertake new practices or adopt new policies.

You should check our website frequently to see the current Statement that is in effect and any updates we have made. We reserve the right to amend our Privacy Statement at any time, for any reason, without notice to you, other than posting the updated version on our website.