Data Protection Privacy Notice
When you engage with us or use our services, we understand that you are sharing data with us that is personal and could be sensitive as well. We are clear that this data is yours. We ensure that we comply to all aspects of data protection law to ensure that your information remains protected.
From time to time we may need to make changes to this Privacy Notice, for example, as the result of government regulation or other developments in data protection laws or privacy generally. This version was last updated on 7th March 2022. You should check our website from time to time, to view the most up to date Privacy Notice.
When you provide us with your personal information you acknowledge that we may use it in the ways set out in this Privacy Notice. This notice sets out:
- Who we are
- Our Privacy Principles
- How we collect and use your personal information
- The personal information we collect
- Our legal basis for processing your personal information
- Who we share your personal information with
- International transfers
- How long we keep records for
- Your rights
- Marketing
- Where Totalmobile acts as a data processor
- Contact
1. Who are We
Totalmobile Ltd is a company limited by guarantee (company number NI018486). Our registered office address is Pilot Point, 21 Clarendon Road, Belfast BT1 3BG. For the purpose of this Privacy Policy, references to “Totalmobile”, “we”, “us” or “our” refers to Totalmobile Ltd as well as all of our subsidiary businesses.
Totalmobile and its subsidiaries provide IT solutions, including mobilisation and scheduling software across many different industries We handle and process a wide array of information, including personal data, both for our own purposes (as Data Controller) and on behalf of our customers (as Data Processor). Totalmobile are committed to handling and safeguarding your information and a big part of this is making sure that you are aware of what information we may hold about you and how we use it. This Policy applies to all Totalmobile businesses, including but not limited to:
- TotalMobile Limited
- Geoforms Software Limited T/A Geopal Solutions (Company No. 434757, whose registered office is 12/13 Temple Lane South, Temple Bar, Dublin 2 DP02PX54)
- Lone Worker Solutions Limited (Company No. 06999425, whose registered office address is 2c Crown Business Park, Crown Top Lane, Rochdale OL11 2PU)
- Cognito IQ Limited (Company No. 09872310, whose registered office is c/o The Company Secretary Rivergate House, Newbury Business Park, London Road, Newbury RG14 2PZ)
- Working Time Solutions Limited (Company No. 04171559, whose registered office is c/o The Company Secretary Rivergate House, Newbury Business Park, London Road, Newbury RG14 2PZ)
2. Our Privacy Principles
When we collect and use your personal information, we ensure that we look after it properly and use it in accordance with the principles set out below:
- The personal information you provide is processed fairly, lawfully and we are transparent with you about what we use it for;
- We only use your personal information for the purposes we have told you;
- We only collect information that is required for the purpose for which it is processed;
- Your personal information is kept accurate and up to date, where necessary;
- We only keep your personal information for as long as is necessary for the purposes for which it has been processed, or required by law;
- We take appropriate steps to keep your personal information secure;
- We do not ever sell your personal information and only share it with organisations who assist in providing you with our services.
Where we process Personal Data on behalf of others (i.e. as a Data Processor) we shall abide by these principles to the extent necessary and appropriate. Details of our work as a Data Processor are set out below under the heading “Where Totalmobile acts as Data Processor”.
3. How we collect and use your personal information
We collect your personal information in the following ways:
- When you interact with us directly: This could be if you engage for our services, register with us for training or an event, apply for a career opportunity or otherwise provide us with your personal information. This includes when you phone us, visit our website, register for our services, or get in touch by email or post.
- When you engage with us through third parties: This could be if you are using our services via your employer or contracting entity. Your personal information may be provided to us from a third-party organization.
- When you visit our website: When you access our website, we may collect information from you from any forms that you complete or through the use of cookies and similar technologies. We do not use non-essential cookies on our website currently.
4. The personal information we collect
As a provider of software applications and solutions, we process a wide variety of information relating to our customers and service users in a number of different situations, including the development and testing of our app, through to the delivery of solutions to customers and in the ongoing provision of support to users of our applications.
Information we can view or process from customers and users of Totalmobile applications (including Mobilise and Optimise) can include:
- login username;
- IP address;
- device details;
- contacts permission;
- camera permission;
- precise location permission (continuous or non-continuous depending on the application in use);
- SMS permission;
- storage permission
- bluetooth sharing permission
- usage data;
- limited diagnostic information from devices;
- application error and crash reporting;
- limited location data;
- server URL;
- key actions taken through the application (such as submission of forms and completion of visits), and
- operating system information.
Personal information input into forms, typically regarding recipients of services provided by our customers, may also be visible during the support and maintenance of solutions provided to our customers- this is covered in more detail in the ‘Where Totalmobile act as Data Processor’ section.
The majority of information that we capture is non-attributable to specific individuals in most cases, however, it may be possible to assign some of these attributes to individuals where their login credentials (such as their username) include their full name- (username formats are setup by customer organisations in each instance). In order to preserve the privacy of users, usernames are obscured through the use of one-way hashing (replacing full details with a string of characters).
We also hold limited personal information on our customers that may identify individuals, such as:
- name;
- business address;
- business telephone; and
- business email contact details of nominated customer points of contact.
The retention and use of this information ensures that important support messages and confirmations of work carried out can be appropriately provided to customers and to enable more general communication between Totalmobile and our customers. Customer contact details are not used for supplementary purposes, other than providing marketing materials where these are relevant to existing customers (please see the section on Marketing Information for further details).
5. Our legal basis for processing your personal information
We process data from user devices to provide support and troubleshooting for our applications and from this identify areas of improvement or required development work to rectify common errors or bugs.
Within the context of the GDPR (the legal framework governing our Data Protection policies, processes, and compliance), our legal basis for processing this information is either that we have a legitimate interest in doing so (in order to support and improve our software, ultimately for the benefit of our customers and users) and that it is necessary for us to meet our obligations to our customers under our contracts with them.
For the retention and processing of customer contact details we rely on a contractual obligation to administer our contracts with our customers (who in most cases will be the employer of the individual whose contact details we process).
Where we provide details of our products and services we rely on a legitimate interest in informing our customers. Individual are able to object to receiving such material at any time.
Our reliance upon our lawful bases to collect and process personal data does not limit the ability of individuals to exercise their data protection rights.
6. Who we share your personal information with
We will not pass on, sell or otherwise transfer the information retained on users to other organisations or third-parties unless required to do so by law.
7. International Transfers
In providing the Totalmobile services to you we may transfer your information to countries outside of the EU and UK. Where we transfer your information in this way, we ensure that all data is treated with the same security measures regardless of location, and in accordance with our standards, policies, regulatory and legal obligations.
The internet is a global environment, so using the internet to collect and process your information necessarily involves transmitting data internationally. Therefore, by browsing our Sites and communicating electronically with us, you acknowledge our processing of your information in this way. However, we will take all reasonable steps to ensure that all information collected through our sites is treated securely and in accordance with this Privacy Notice and strict data protection standards.
In providing our services to you, such as fulfilling orders and taking payments, we may transfer the data we collect from you and about you to destinations outside of the EU and UK, within the Totalmobile group of companies, with our third-party processors, or with our partners. This is because the information is processed in those other locations. Where we do so, we ensure that security measures and appropriate safeguards are put in place to protect your information and ensure that all transfers of your information comply with applicable data protection law. We also ensure that processing is only ever carried out in accordance with our instructions.
In all cases where we transfer information across borders, we rely on acceptable and defined legal mechanisms to ensure that we protect data at all times. We ensure that we use new standards as these are developed by the appropriate regulatory authorities for the international transfers of data.
8. How long we keep records for
In most cases, we will keep your information for six years after our relationship with you has ended, but it will depend on what data we hold, why we hold it and what we are obliged to do by law. The period can also vary according to the terms of our contracts.
We keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Notice and in order to comply with our legal obligations.
9. Your rights
You have a number of rights over the information we hold and process relating to you. These are set out in data protection legislation and we have put processes in place to comply with your data rights where requested or required.
- You have the right to receive a copy of the information we hold on you. This is known as a “Subject Access Request”.
- You have the right to ensure that the information we hold about you is accurate and up-to-date and to have any inaccurate or incomplete information rectified, though we may have to verify the accuracy of any new data you provide to us.You have the right to erasure of your Personal Data if there is no good reason for us to continue to process it (this is known as the “Right to be Forgotten”). You may exercise this right where you have successfully objected to our processing data (see below), where we have processed your data unlawfully, or where we are required to erase your personal data under local law. Please note that there may be reasons why it would not be appropriate for us to comply with a request from you to erase your data and where this is the case, we will inform you of those reasons.You have the right to object to our processing of your Personal Data where we are relying upon a legitimate interest in order to do so, if you feel that this infringes your rights in some way. As with the right to erasure, there may be reasons why we will not be able to comply with such a request, in which case we shall inform you of those reasons.You have the right to request a restriction of processing of your Personal Data (i.e. a right to ask us to cease processing your Personal Data) – in one of the following scenarios:
- because you have asked us to rectify an inaccuracy and we are verifying the information you have supplied;
- you consider that we are processing your data unlawfully but you do not want us to erase it entirely;
- where you wish us to continue to hold the data even though we no longer require it for example because you will need the data for a legal claim; or
- you have objected to our processing of the data but we need to retain it while we consider if we have an over-riding need to continue to process it.
These additional rights only apply under specific circumstances and may not be applicable in all cases, therefore we would encourage you to contact the Data Protection Officer if you have any questions on these rights.
You can exercise your rights at any time by contacting us. Our Data Protection Officer’s email address is dataprotection@totalmobile.co.uk.
If you feel that your data is being used inappropriately or that we have not complied with your rights, you have the right to raise a complaint. In the first instance, this should be raised with Totalmobile’s Data Protection Officer to enable any concerns you may have to be addressed. If this does not fully address your complaint, you have a further right to raise your concerns to the Information Commissioner’s Officer (https://ico.org.uk/global/contact-us/) or your local Data Protection Authority if you reside outside of the UK.
10. Marketing
What Information do we Hold or Process?
As part of our marketing activities, Totalmobile hold several personally identifiable details on business partners, customers, and prospective customers. These details are limited to work or business specific-details and can include name, position, organisation, telephone, email, and postal address. Data Processing in relation to Marketing does not include any sensitive or special category information. We also use data such as IP address, page clicks, returning visitors and referring URL to track visitors to our website, these may be referred back to specific individuals in some circumstances, such as where a user has followed a link from an email to our website, but are typically non-specific and cannot be used to identify individuals. We also gather information provided by website visitors to fill in forms, either requesting case studies or other materials. From time to time we may also purchase contact details from reputable providers.
Why do we Process this Information?
The types of data mentioned above are used to drive and target our marketing activities and content, to promote our services, to highlight industry-specific news and updates and to monitor and manage traffic through and visits to the Totalmobile website. Marketing materials may be issued through several channels, including email, telephone, or physical post. Marketing activities are targeted, for example by industry or sector, to ensure that materials sent are tailored to users and their likely interests.
We consider that we may legally process this information under the GDPR because it is in our legitimate Interests to do so as this enables us to provide direct marketing to existing and prospective customers of Totalmobile. This legitimate interest also extends to where marketing information is provided to users who have an existing relationship with Totalmobile (for example existing customers) and where there is a reasonable expectation to be contacted with marketing materials or supplementary information (for example where visitors to the website have provided contact details in contact forms).
You have the right at any time to object to our processing of your Personal Data for marketing purposes, in which case we will cease doing so on receipt of your notification to that effect.
Our reliance upon legitimate interest to justify data processing for marketing activities does not limit or otherwise restrict individuals from exercising their data protection rights, such as requesting removal of their details from our marketing lists or unsubscribing from marketing materials.
How do we Process your Information?
Your contact details are used to enable the delivery of marketing materials through several different channels, such as email, telephone, and post. Contact details used for marketing purposes are retained within a central database, access to your details is restricted to members of our Sales and Marketing Teams. Information used for marketing activities will be retained until it is requested to be removed by the user, in the case that the contact details are confirmed as out of date, in cases where a user provides supplementary or updated contact details or are removed based on periodic reviews of contact information carried out by the Marketing Team.
Website analytics are based on results drawn from Google Analytics, which gathers limited, non-specific website visitor information as previously outlined. This process uses cookies to identify unique and returning visitors, however, this does process does not identify individuals. Cookies may be disabled by website visitors within their browser settings if preferred.
Totalmobile will not pass on, sell or otherwise transfer the information retained on users to other organisations or third-parties unless required to do so by law. All information that may be used to identify individuals will be retained within the UK or EEA.
11. Where Totalmobile acts as a data processor
Details of Information that Totalmobile Process on Behalf of Customers
Totalmobile, in providing services to its customers (as Data Processor), may also have access to data captured through devices and data stored as part of your overall solution, for example in backend databases. This data may include personal or more sensitive information on customer employees or onward customers or recipients of customer services depending on the nature of the work our customers are using Totalmobile products and solutions to carry out.
We will only ever access this information where we are providing support or troubleshooting for our customers in response to requests for assistance they may raise. The providing of support, as well as more general confidentiality and data protection considerations and controls are governed by contractual agreements.
Access to customer information held on devices and in backend databases is strictly controlled and is limited to authorised Totalmobile staff. Data processing activities carried out by Totalmobile will typically be defined within Data Processing Agreements issued by our customers, with processing activities being limited to fulfil the purposes outlined by our customers. Retention periods for information processed through the Totalmobile application is configurable to meet the requirements of our customers. Totalmobile will not share information we process on behalf of our customers unless required to do so by law.
Hosting Partners
Depending on the hosting arrangements we have agreed with our customers, processing of customer data may involve third-party hosting partners. The use of such hosting partners will be agreed with customers as part of the initial setup of a Totalmobile solution with relevant security, governance, legal and regulatory requirements imposed on Totalmobile by customers being subsequently imposed on our hosting partners where they are involved in the processing of customer information. Where other third-parties are involved or required in the implementation or use of a Totalmobile solution, these will be identified to the customer and agreement sought to the involvement of the third-party prior to a solution or processing activity starting. All hosting solutions we may put into place on behalf of our customers are based in the UK or EEA.
Device Data Capture
As outlined previously, Totalmobile may have periodic access to data captured through devices used by our customers- this includes data entry as well as images captured through the device camera where this functionality is used in the Totalmobile solution. The use of camera functionality will be available to customers who require it, and users will be prompted to either allow or disallow the Totalmobile application permission to access and capture information from the camera as and when it is used. Please note that any images captured by the device camera when using the Totalmobile application will be stored separately from the main device camera roll, and access to the main camera roll is not available to Totalmobile staff if they have to access device data while providing support. All data captured through the Totalmobile application are encrypted at rest and when it is sent to a customer’s back-end system. For further information on information that may be processed or is accessible from customer devices and storage environments, please see the Information for Customers and Users sections above.
Google Maps
A plug-in to Google Maps may be required in certain solutions provided to customers. This will depend on the functions, products and applications used- an example would be in scheduling solutions where routes for users are planned and mapped through the application. In cases where the use of Google Maps is necessary, we would like to direct customers to review the Google Maps/Google Earth Additional Terms of Service (available here), the more general Google Privacy Policy (available here) and the Google Maps Data Protection Terms (available here). These documents provide additional terms and assurances around our own and Google’s data protection obligations to you where Google Maps is used.
12. Contact
Totalmobile’s Data Protection Officer
Our DPO is responsible for our Data Protection processes, policies and more general compliance. A key part of this role is to also act as a point of contact for staff, customers, and other individuals whose data we process or otherwise handle to ask questions, raise concerns or complaints, or to make requests relating to their Data Protection rights.
The DPO can be reached using the following details:
By post:
Data Protection Officer
Totalmobile Ltd.
Pilot Point
21 Clarendon Road
Belfast
BT1 3BG
By email:
dataprotection@totalmobile.co.uk
By phone:
(+44) 02890 30111