We have been friends with data protection and privacy from the beginning and now our friend got a new name: GDPR. This is a blog post explaining how you can use Proximi.io to make use of location tracking while respecting the end users privcay.
WHAT DO WE DO?
We do indoor and outdoor positioning with the mobile phone, using all positioning technologies available on the phone (Bluetooth, Wi-fi, GPS, etc.). We bring geofencing, indoor positioning, wayfinding and analytics to your fingertips. In essence, we collect and store mobile phone users position information, with pseudonyms of course. Here is how we make it safe.
The General Data Protection Regulation (GDPR) is a regulation in EU on data protection and privacy for all individuals within the European union and the area in general. The regulation also addresses the export of any personal data outside the EU, affecting a huge amount of companies. The aim is to give control to the users over their personal data as well as simplify and unify the regulations in the EU.
Don’t want this to be long so here are the main points:
- Keeping, storing and securing personal data inside the EU
- Safety by design
- Use of pseudonyms and securing any identifiable data
- Giving control to the user:
- opt-in/out measures
- right of erasure
- right of access
- Having a designated data processor
WHERE ARE OUR SERVERS LOCATED?
Our microservice-based backend is distributed among multiple servers all located in the EU.
WHAT KIND OF DATA ARE WE STORING?
We store location information of your application’s users. On the device level, we handle all end-user -specific data via pseudonyms (Visitor ID). The random Visitor ID is generated for each installation and remains the same until the end user deletes the app and downloads it again. No other personal data is collected by the platform (including no MAC address or Advertising ID).
WHO CAN ACCESS THE DATA?
Only you, and whom you give access to it. We have strict internal HR policy and technical limitations in place limiting which team members can access customers end user data. The access is strictly limited to must-have needs for maintaining your account.
Please note that this also means that your contact person in the company may not have access to your account. If you need technical support that requires us accessing your account, you need to give share your password with the staff member for temporary access. We recommend that you change your password again when the issue has been resolved.
HOW LONG DO WE STORE THE END USER DATA?
- We store data in the trial account for 60 days starting from the day of the registration. After the 30-day trial period is over, you have 30 days to save your visitor data. You do not need to upgrade your account within that time to store the visitor data.
- After that period has passed, if you want to reactivate your account, we can restore the setup (e.g. geofences, places and beacon information). But no visitor data will be restored.
- Accounts will be cleared within specific intervals. Each account category will be specified their own data retention time, ranging from 3 – 12 months, based on their pricing plan. We leave space for exceptions, if someone needs event data after 12 months in enterprise plans.
- If you for some reason would want to delete your account, we will clear all your data, including backups, within 30 days.
HOW CAN I GIVE MORE CONTROL FOR THE END USER FOR MANAGING HOW THEIR DATA IS COLLECTED?
⚔ Generate new Visitor ID: Another method for allowing your end users to enhance their privacy, is allowing you or them to manually generate a new Visitor ID upon request. As we store no device-specific information, generating a new Visitor ID means that the user can start from afresh. Documentation: https://proximi.io/docs/ios/#resetting-the-api-gdpr-compliance; https://proximi.io/docs/android/#destroyservice.
⚔ Geofence-only positioning: You don’t have to store location data of your users all the time, in order to detect them entering a geofence. Geofence-only positioning means that an end user device will keep calculating its location and comparing that to known geofences, but will not update that to the cloud, unless the user enters a geofence. Manage through the web portal: https://proximiio.helpscoutdocs.com/article/66-managing-application-settings.
⚔ Stop data collection in your app: On top of the other amazing features in our SDK, they also include methods for pausing data collection. Extremely handy in situations, where you want to give your end user the control of managing within their app, when they want to share their location and when not. Check out our documentation: https://proximi.io/docs/ios/#positioning-engine-control, https://proximi.io/docs/android/#destroyservice.
HOW CAN I COMPLY WITH END USER REQUESTS ON DATA ACCESS, CORRECTION AND ERASURE?
To be able to comply with the GDPR requirements, Proximi.io customer needs to have a method of identifying the Visitor ID of each end user, in case an end user requests to receive their data. This could be for example implemented in the mobile application, or by storing the Visitor IDs in the customer’s end user database. Proximi.io will comply all such requests within 30 days, when we are given the specific Visitor ID, and it belongs under the Organization that the customer represents. Similarly, we will delete all data collected under a specific Visitor ID within 30 days from the request.
Because Proximi.io has no method for identifying individual Visitor IDs, we cannot directly comply with end user requests coming to us.
WHAT IS AN END USER VISITOR ID?
End user is someone who has downloaded a mobile application with Proximi.io SDK integrated and activated in it. Information about the end user is collected to us through a mobile application installed by the end user. The end user accepts the permission to using their location in the application by giving the application a permission to use their location and Bluetooth information. End user data is collected under a pseudonymized Visitor ID. Visitor ID is UUID-formatted id that is generated based on timestamp.
WHAT DOES THE VISITOR ID DO?
The location data collected for each Visitor ID includes information about the device’s current and historical location. The location information from the device is collected electronically using multiple methods, including but not limited to GPS, Bluetooth BLE beacons, WiFi networks, cellular networks, gyroscope (IndoorAtlas), LiFi or any other technology defined by the customer. Based on significant location change, latitude, longitude, timestamp, and potential contextual information about the location is stored under the Visitor ID.
CAN THE VISITOR ID CHANGE?
Visitor ID remains the same, when the application is updated, but it is regenerated, if the application in deleted and re-installed. In the operating system level, due to operating system limitations, the old Visitor ID may be stored up to 36 hours. Proximi.io leaves no permanent tracking mechanism to the mobile device after the application has been deleted. Proximi.io SDK also includes a method that allows generating new Visitor IDs when requested. A Proximi.io customer may enable this functionality to their end users in their application.
IS THE VISITOR ID SAFE?
Yes. A customer may control if and where this location information is collected by disabling the Proximi.io library in their application or using geofence-only positioning. Geofence-only positioning limits the collection of end user location data to the area defined with geofences by the user.
Proximi.io does not collect information about any other activity taking place on the mobile device, such as phone calls, text messages or email.
Proximi.io collects no personally identifiable information about the end users, such as names, email addresses, MAC addresses or Advertising IDs. A customer is not allowed to use the Proximi.io platform for storing any personal sensitive information under the Visitor ID. Note that in some legislations the totality of information collected under the Visitor ID is considered as personal information
WHAT HAPPENS IN THE FUTURE?