2. OVERVIEW OF SURELOCK:
SureLock enables Customers to lock devices into kiosk mode which offers them more control over their applications and device usage. It further enables the admins to convert mobile devices into dedicated-purpose tools with additional features to gain higher control over mobile devices and applications, transforming any devices into dedicated purpose devices etc.
3. DATA COLLECTION:
Personal Identifiable Information or Personal data which is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual such information includes:
- Device and Hardware Information: We collect Personal Information from your device by using standard Android API (which are commonly granted as “Runtime and Special Permissions based on the functionality the Customers configured). Such information includes IP address, unique identifiers (e.g. MAC address: WIFI, Ethernet and Bluetooth),IMEI,IMSI, GUID, Android ID, Serial Number, Device model, and device permissions settings of Camera, Location Information, Bluetooth, Contact, Call logs, SMS, SMS logs, Wifi State, Mobile data state, App Usage data.
Further, as part of the device enrollment process, the Software pushes a privacy dialog to the User’s mobile device, which enables the User to review a summary of the settings enabled for the Software on their device. In some cases, the Customers may also have the ability to control the enablement of certain features of the Software, via their device settings. Please note that all this data remains in the device side itself and only transfers to our activation server as and when the activation ID is released from our side. (*Activation ID is released only when the customer signs up for our Software) We provide our Customers full control over the data which they want us to collect from the devices and provide them an option to restrict the data collection whilst choosing a “Preferred Activation ID” which will enable us to collect the limited data as required.
- Registration information: When customers purchase or sign up for Software, customers will be asked to provide us certain details such as: full name; e-mail address, number and other necessary information.
- Surelock integration with SureMDM: When you integrate SureLock with SureMDM (42Gears other product), we collect the following information with the prior explicit consent of our customers which includes:Camera, Location Information, Bluetooth, Contact, Call logs, SMS, SMS logs, Wifi State, App Usage data.
Camera: This permission is required to import the SureLock settings file from QR Code scanning.Location: SureLock will be able to read your location data and upload it to the secure SureMDM Server, even when the app is running in the background or is not actively being used. This will allow SureLock administrators to access and track your location and enable advanced features such as geo fencing, driver safety, wifi center and bluetooth manager etc.Contact: SureLock will be able to read your Contacts data including contact name and phone number, even when the app is running in the background or is not actively being used. This will allow your SureLock administrator to block incoming & outgoing calls based on your contacts and remotely delete a contact. Contact list details may be transmitted and stored on the secure SureMDM server for purposes of generating reports for SMS and call logs.Call Logs: SureLock will be able to read your Call logs including the contact name, phone number, duration of the call and upload it to the secure SureMDM server, even when the app is running in the background or is not actively being used. This will allow your SureLock administrator to access and track your Call logs and enable phone management settings such as allow/block incoming & outgoing calls.SMS, SMS Logs: SureLock will be able to read your SMS logs including name of contact, date, time, content of the SMS and upload it to the secure SureMDM server, even when the app is running in the background or is not actively being used. This will allow your SureLock administrator to access and track your SMS logs and change your Android lock screen PIN with SMS.App Usage Data: SureLock requires this permission for blocking access to unapproved applications.
Please note that the aforesaid data stored in the server will never be shared with any third party or applications for any reason whatsoever. Further, the data is processed only in accordance with applicable privacy regulations, including Art. 6 Para. 1 (f) GDPR on the basis of our legitimate interest.
4. USE OF PERSONAL DATA:
Having accurate information about You permits us to provide You with a smooth, efficient, and customized experience. We request Customer’s Consent before gathering any data from device for example we display Consent popup before granting each runtime and special permissions Specifically, we may use information collected about You while sign up the Software:
- To provide and maintain our Services, including to monitor the usage of our Service such as verifying the device etc.
- To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation
- For the performance of a contract: the development, compliance and undertaking of the purchase contract for the Software You have purchased or of any other contract with Us through the Service.
We will not use or disclose Personal Data to third parties except:
- to our authorized Sub-processors as necessary to provide services or products you have requested.
- in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
- in the aggregate with other information in such a way so that your identity cannot reasonably be determined (for example, statistical compilations);
- as required by law, for example, in response to a subpoena or search warrant.
- to outside auditors who have agreed to keep the information confidential.
Retention and Deletion of Your Personal Data
We will retain your Personal data for as long as your account is active; as needed to provide you products or services; as stated in the EULA/TOU agreement; as needed for the purposes outlined in this policy or at the time of collection; as necessary to comply with our legal obligations, honor UNSUBSCRIBE requests, resolve disputes, meet financial audit requirements and enforce our agreements; or to the extent permitted by law. You may delete the Software from the “Settings” option using “Uninstall SureLock” or uninstall from device system settings in the application settings.
- Except as provided in this privacy disclosure, on deletion of the Software, the data deletes from the devices and the Activation Portal from the live system immediately. However, the data remains in the secured database as a backup for 60 days, after which the data gets permanently deleted thereafter. Please note that a deletion request may not result in the complete deletion of your data, specifically purchase information that will be maintained for legal and financial audit purposes.
5. PERSONAL DATA TRANSFER, PROCESSING AND STORAGE
When SureLock will be used as a standalone product, we process and store data about you on AWS servers located in the N. Virginia region. However, in case Surelock is used by the customer in integration with SureMDM, then the data shall be stored in the either AWS server location from India, US and UK as the customer chooses while signing up.
Your Personal data may therefore be transferred to, using appropriate security protocols, processed and stored in a country different from your country of residence, and be subject to privacy laws that are different from those in your country of residence. The Personal Data that we store is not highly sensitive and is required to conduct normal and expected business practices. Specifically, Personal Data, as described in this policy, is stored on AWS N.Virginia data servers. We and all third party companies with which we engage with have committed to complying with the 2018 EU GDPR privacy regulation for EU residents. Based on the Lawful basis definition, as defined by the EU GDPR regulation, 42Gears's use and storage of minimal Customer Personal Data, the Legitimate Interests basis is the appropriate legal basis of data storage and use.
Further, when transferring Your Personal Data outside the EEA, Switzerland and the UK, we will, where required by applicable law, have an updated Data Processing Addendum which now includes Standard Contractual Clauses (SCCs) which are an integral part of the EULA/TOU that You agree before accessing or using the Software.
6. SECURITY OF YOUR PERSONAL DATA
The security of Your Personal Data is important to Us. The nature of our services is such that we share a responsibility with our customers for the security of data. We aim to safeguard and protect your personal data from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss, and have adopted reasonable technical and organizational security measures to ensure that this is the case, in line with established commercial good practice. It is nevertheless important that our customers recognize their responsibility in maintaining effective security in the use of our services. All the communication from the application is secured using strong SSL/TLS protocols but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect Your Personal Data, we cannot guarantee its absolute security.
7. CHANGE TO THIS PRIVICY POLICY
8. EXERCISING YOUR RIGHTS
42Gears has no direct relationship with the Users whose data it processes in connection with providing the Software and any related services. A User who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Customer. If the Customer requests 42Gears to modify or remove the data, we will respond to the Customer’s request in accordance with our agreement with the applicable Customer or as may otherwise be required by applicable law.
9. CONTACTING US
We recognize that You may have questions on how we process Your data, or You may want to change either the data we hold or how we communicate with You in the future. You may unsubscribe from receiving marketing or commercial communications about 42Gears or 42Gears products and services by clicking the unsubscribe link at the end of the marketing or commercial communication from 42Gears or by writing us at email@example.com apprising us what particular types of marketing or commercial communications You no longer wish to receive. If You have any questions or concerns about this Privacy Notice, please feel free to email us at firstname.lastname@example.org.
Release Date: 5th May, 2023