Skip to content


The European Union (EU) General Data Protection Regulation (GDPR), enforceable as of May 25, 2018, imposes additional requirements upon companies to enhance the protection of personal data of EU residents. 42Gears Mobility Systems has a dedicated, core-functional team overseeing 42Gears' GDPR readiness. We discuss our efforts and commitment to GDPR below.


GDPR regulates the governance of personal data for European Union citizens with a prominence on data security and data privacy. The GDPR not only applies to companies that operate in the European Union (EU) but also impacts companies operating outside of the EU, if they process any personal data of any of its customers in the EU.

Protecting personal data is a top priority for us at 42Gears, and we take our commitment to confidentiality, security, integrity, and accountability very critically. We are focused on developing a system that not only safeguards personal information but also helps our customers comply with their legal obligations in relation to personal data.Furthermore, as both a Controller and Processor of personal data, we adhere to the strict guidelines set out in the GDPR. Our data security and privacy practices are designed to align with the core principles of the GDPR, ensuring that we are providing the highest level of protection for personal information.


Data collected from our website users/products

For Customers in the European Union, our processing (i.e use) of Your personal information is justified on the following legal basis:

  • The processing is necessary to perform a contract with You or take steps to enter into a contract at Your request; this is the primary basis of our processing.
  • the processing is in our legitimate interests, subject to Your interests and fundamental rights, and notably our legitimate interest in using applicable data to conduct and develop our business activities; or
  • You have clearly consented to the processing of Your personal data for a specific purpose.

To be able to process the data, we may rely on different legal bases including Your consent, contractual necessity, comply with the legal obligations, necessity to respond to Your requests etc.



Below is a summary of the objectives for which we utilize the personal information we gather from website, product and services:

  • conduct and develop our business with You and with others.
  • engage and update You about events, promotions, the websites and our products and services including software updates.
  • provide You with documentation or communications which You have requested.
  • correspond with Users to resolve their queries or complaints.
    provide You with any Services You request.
  • send You marketing communications, where You have subscribed and consent to receive such marketing communications or where it is lawful for us to do so;
  • process, evaluate and complete certain transactions involving our products and services.
  • maintain our internal business and accounting records.
  • manage, protect against and investigate fraud, spam filtering, risk exposure, suspected illegal activity, claims and other liabilities, including but not limited to violation of our contract terms or laws or regulations.

Other data

  • operate, evaluate, maintain, improve and develop our products and services or our websites (including by monitoring and analyzing trends, access to, and use of the website for advertising and marketing);
  • customize our websites, products or services to users' needs;
  • We do not gather any special category of data/Sensitive Data for our processing activities.


We store your personal data for the duration necessary to fulfill the purposes for which it was gathered.. A summary of our approach to retention is outlined below:

Data Collected from website users

We retain this information for the duration of our relationship with the Customer. Once You have initiated and, where appropriate consented to our communication, You have the right to request us to stop communication (see the ‘Rights’ tab on this privacy page).

Data collected through the use of our products and services

At the outset of User to unsubscribe or non-renewal or termination of active license the data remains for 6 months on our live system and subsequently the data is retained for further 3 months in the secured AWS(Amazon Web Services) backup system which gets permanently deleted therefore. Apart from AWS we store data in MongoDB, Atlas and Google Cloud Platform(GCP)

In case the User initiates a request for the deletion of the active license, we delete all the data held within two weeks of obtaining the request until and unless to the extent required by any applicable law to retain some or all of the data for further period. Further, We retain this data for 3 months in the secured and encrypted backup system which gets permanently deleted thereafter. Active license herein includes both the trial and paid licenses.

However, data relating to our commercial arrangement (billing information) will be held as long as necessary for us to fulfil our statutory record-keeping obligations.

Other data

We store other data for as long as needed to fulfill its purpose. We have a default retention period defined and take what we consider are reasonable measures to remove the data once this has expired.

In some circumstances, we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.

In specific circumstances, we may also retain Your personal data for longer periods of time corresponding to a statute of limitation, so that we have an accurate record of Your dealings with us in the event of any complaints or challenges. However, the actual retention periods may vary significantly in context of different products and their underlying purpose.

When we have no on-going legitimate business need to process Your personal data, we will either securely destroy, erase or delete it, or if this is not possible (because Your personal data has been stored in backup archives), then we will securely store Your personal data and isolate it from any further processing until deletion is possible.

However, we continue to evolve our controls, schedules and practices for information and records retention and destruction which apply to Your personal information.

Data Centres

Your data is stored in our secure AWS servers located in the following region:

Europe, and


We will take reasonable steps to ensure the security of your Personal Data in accordance with applicable data protection laws. We will comply with our legal and regulatory obligations in relation to your Personal Data, including having a lawful basis for transferring Personal Data and putting appropriate safeguards in place to ensure an adequate level of protection for the Personal Data when making any transfers of Personal Data from the EEA, Switzerland and the UK to countries which do not have the same data protection laws as the EEA, Switzerland and the UK.

When transferring Your Personal Data outside the EEA, Switzerland and the UK, we will, where required by applicable law, implement at least one of the safeguards set out below:

Adequacy decisions: We may transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK and/or European Union authorities. For further details, see

Model Clauses: Where we use certain service providers we may use specific contracts approved by the UK and/or European Authorities which give Personal Data the same protection it has in the UK and the EEA. For further details, see transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en. Further details can be found at: and However, where You are using 42Gears UEM SureMDM - Software as a Service solutions, You can select whether processing of device specific information takes place in the EU or in the United States when You first register for such service. Your consent to this Privacy Notice followed by Your submission of such information represents Your agreement to that transfer.

We will protect the personal information in accordance with this Privacy Notice. We take appropriate contractual or other measures to protect the personal information in accordance with the applicable laws pertaining to Data Protection and ensure that no transfer of Your personal information will take place to an organization or a country unless there are adequate controls in place including security of Your data and other personal information.

With respect to Personal Data received or transferred to the United States, 42Gears Mobility Systems Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

In certain conditions. we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements but the same shall be subject to the strictest confidential terms agreed.

Data Processing Addendum: To enable You to be compliant with the data protection obligations under the GDPR, we have an updated Data Processing Addendum which now includes Standard Contractual Clauses (SCCs) which You agree and sign at the time of logging in our SureMDM Product. Link:


We try to respond to all legitimate requests within one month. Occasionally it takes us longer than a month if Your request is particularly complex or You have made several requests. In this case, We will notify You and keep You updated.

If You have any questions in respect to this Privacy Notice, or would like to exercise Your right please write to us at