Privacy Notification

Data Protection Privacy Notice

Who are We

Totalmobile Ltd. have been providing IT solutions, including mobilisation and scheduling software across many different industries for over 25 years. Our solutions are designed to reduce overhead and operational costs in conjunction with increasing efficiency and productivity, as well as improving compliance for our customers.

Totalmobile and Data Protection

As a business, we handle and process a wide array of information, including personal data, both for our own purposes (as Data Controller) and on behalf of our customers (as Data Processor). Totalmobile are committed to handling and safeguarding your information and a big part of this is making sure that you are aware of what information we may hold about you and how we use it.

This Data Privacy Notice provides guidance on our use of your data, including:

  • What sort of information we process
  • Why we process it
  • How we process it
  • What rights you have over information we may hold on you
  • How to raise questions and concerns you may have over your information

This Privacy Notice is divided up into a number of sections, providing guidance for customers/service users and recipients of our marketing materials.

As part of our commitment to you, and to ensure that we are upholding our responsibilities under the law, we have nominated a dedicated Data Protection Officer (DPO), whose contact details are set out below.

Totalmobile’s Data Protection Officer

Our DPO is responsible for our Data Protection processes, policies and more general compliance. A key part of this role is to also act as a point of contact for staff, customers and other individuals whose data we process or otherwise handle to ask questions, raise concerns or complaints, or to make requests relating to their Data Protection rights.

The DPO can be reached using the following details:

By post:

Scott Boyle – Information Security and Data Protection Officer

Totalmobile Ltd.

Pilot Point

21 Clarendon Road

Belfast

BT1 3BG

By email:

scott.boyle@totalmobile.co.uk

(Please mark your email ‘For the Attention of the Data Protection Officer’ in the subject line)

By phone:

(+44) 02890 30111

(Please ask Reception to put you through to Scott Boyle)

Totalmobile’s Data Protection Obligations

Totalmobile will ensure that all data processing activities being carried out where we own the data (i.e. as Data Controller) are carried out in line with the core data protection principles of the General Data Protection Regulation (GDPR) and other national Data Protection legislation. These principles are as follows:

  • That Personal Data must be processed fairly, lawfully and in a transparent manner.
  • That Personal Data must be processed for specified, explicit and legitimate purposes.
  • That the Personal Data being processed shall be adequate, relevant to the specific purposes for which they are processed and limited to what is necessary for those purposes.
  • That the Personal Data being processed shall be accurate and kept up to date where needed.
  • That the Personal Data being processed shall be kept for no longer than is necessary for the purpose for which they are processed.

That Personal Data being processed shall be protected by appropriate technical and organisational controls.

Where we process Personal Data on behalf of others (i.e. as Data Processor) we shall abide by these principles to the extent necessary and appropriate.  Details of our work as Data Processor are set out below under the heading “Where Totalmobile acts as Data Processor”.

Changes to this Privacy Notice and Terms

Totalmobile may update or amend this privacy notice from time, for example where data processing activities change, new processing activities are introduced or to reflect changes in legal or regulatory requirements in terms of Data Protection. Where a material change in the terms of this Privacy Policy are being put into effect these will be highlighted and communicated where appropriate. We would encourage you to periodically review this notice to ensure that you are aware of the latest information available.

What Personal Data do we Process?
As a provider of software applications and solutions, Totalmobile processes a wide variety of information relating to our customers and service users in a number of different situations, including the development and testing of our app, through to the delivery of solutions to customers and in the ongoing provision of support to users of our applications. Information we can view or process from customers and users of Totalmobile applications (specifically Mobilise and Optimise) can include login username, IP address, device details, limited diagnostic information from devices, application error and crash reporting, limited location data, server URL, key actions taken through the application (such as submission of forms and completion of visits) and operating system information. Personal information input into forms, typically regarding recipients of services provided by our customers, may also be visible during the support and maintenance of solutions provided to our customers- this is covered in more detail in the ‘Where Totalmobile act as Data Processor’ section.

The majority of information that we capture is non-attributable to specific individuals in the most cases, however, it may be possible to assign some of these attributes to individuals where their login credentials (such as their username) include their full name- username formats are setup by the customer organisation in each instance. In order to preserve the privacy of users, usernames are obscured through the use of one-way hashing (replacing full details with a string of characters).

We also hold limited personal information on our customers that may identify individuals, such as name, business address, business telephone and business email contact details of nominated customer points of contact. The retention and use of this information ensures that important support messages and confirmations of work carried out can be appropriately provided to customers and to enable more general communication between Totalmobile and our customers. Customer contact details are not used for supplementary purposes, other than providing marketing materials where these are relevant to existing customers (please see the section on Marketing Information for further details).

Why do we Hold or Process this Information?
We process data from user devices to provide support and troubleshooting for our applications and from this identify areas of improvement or required development work to rectify common errors or bugs.

Within the context of the GDPR (the legal framework governing our Data Protection policies, processes and compliance), our legal basis for processing this information is either that we have a legitimate interest in doing so (in order to support and improve our software, ultimately for the benefit of our customers and users) or that it is necessary for us to meet our obligations to our customers under our contracts with them.

The retention and processing of customer contact details is also in our legitimate interest on the basis that, since without processing that information it would be impossible for us to administer our contracts with our customers (who in most cases will be the employer of the individual whose contact details we process).

Customer contacts will also have a reasonable expectation to be contacted with relevant communications and supplementary information relating to their use of Totalmobile products and services.

However, as set out below, if any customer contact objects to receiving such material, we will immediately stop sending it.

Our reliance upon our legitimate interest to justify data processing in these cases does not limit the ability of individuals to exercise their Data Protection rights.

How do we Process your Information?
The diagnostic and device information described above is captured automatically through dedicated monitoring and crash/bug reporting processes, access to the results of these reporting processes is limited only to specific individuals within the Totalmobile Development Team, with any onward reporting derived from the results being cleansed of any personal identifiers that may also have been captured. Although results are captured using an automated process, the results are not used for any profiling of users or customer organisations and have minimal, if any, impact on the privacy of customers and end users. The potential impact on privacy is further reduced through the use of hashing to obscure details that may identify users as previously described. Totalmobile will not use this information for any other purposes other than the resolution of software errors or bugs and for providing support, maintenance and improvements to our software applications. The analytical information outlined above is retained until it is no longer required by Totalmobile, the impact of this is minimal as information that may be used to identify individuals is either removed or obscured.

Customer contact details that are retained and processed by Totalmobile are securely stored within a central customer support platform. This platform is subject to access control to ensure that only authorised Totalmobile staff can view, access or use the personal details for legitimate business reasons, such as communicating with customers. Customer contact details are not used for supplementary purposes with the exception of providing marketing information where this may be relevant or of use to customers (please see the section on Marketing Information for further details). Customer contact details are retained while Totalmobile provides services to customers, but may be removed or amended where we are requested to do so by customers or the individuals themselves (for example in the case that an individual leaves a customer organisation).

Disclosure of Personal Data
Totalmobile will not pass on, sell or otherwise transfer the information retained on users to other organisations or third-parties unless required to do so by law.
Transfers of Personal Data outside the European Economic Area
All information that may be used to identify individuals will be retained within the UK or EEA.
What Rights do I have Over my Information?
You have a number of rights over the information we hold and process relating to you. These are guaranteed by the GDPR and/or other relevant data protection legislation and we have put processes in place to comply with your data rights where requested or required.

You have the following rights under the GDPR, all of which may be raised with our DPO who will guide you through the process. Totalmobile will not normally charge you a fee for exercising any of these rights.

– You have the right to receive a copy of the information we hold on you. This is known as a “Subject Access Request”.

– You have the right to ensure that the information we hold about you is accurate and up-to-date and to have any inaccurate or incomplete information rectified, though we may have to verify the accuracy of any new data you provide to us.

– You have the right to erasure of your Personal Data if there is no good reason for us to continue to process it (this is known as the “Right to be Forgotten”). You may exercise this right where you have successfully objected to our processing data (see below), where we have processed your data unlawfully, or where we are required to erase your personal data under local law. Please note that there may be reasons why it would not be appropriate for us to comply with a request from you to erase your data and where this is the case, we will inform you of those reasons.

– You have the right to object to our processing of your Personal Data where we are relying upon a legitimate interest in order to do so, if you feel that this infringes your rights in some way. As with the right to erasure, there may be reasons why we will not be able to comply with such a request, in which case we shall inform you of those reasons.

– You have the right to request a restriction of processing of your Personal Data (i.e. a right to ask us to cease processes your Personal Data) – in one of the following scenarios: (a) because you have asked us to rectify an inaccuracy and we are verifying the information you have supplied; (b) you consider that we are processing your data unlawfully but you do not want us to erase it entirely; (c) where you wish us to continue to hold the data even though we no longer require it for example because you will need the data for a legal claim; or (d) you have objected to our processing of the data but we need to retain it while we consider if we have an over-riding need to continue to process it. These additional rights only apply under specific circumstances and may not be applicable in all cases, therefore we would encourage you to contact the Data Protection Officer if you have any questions on these rights.

If you feel that your data is being used inappropriately or that we have not complied with your rights, you have the right to raise a complaint. In the first instance, this should be raised with Totalmobile’s DPO to enable any concerns you may have to be addressed, if this does not fully address your complaint, you have a further right to raise your concerns to the Information Commissioner’s Officer or your local Data Protection Authority.

Marketing Information
What Information do we Hold or Process?
As part of our marketing activities, Totalmobile hold a number of personally identifiable details on business partners, customers and prospective customers. These details are limited to work or business specific-details and can include name, position, organisation, telephone, email and postal address. Data Processing in relation to Marketing does not include any sensitive or special category information. We also use data such as IP address, page clicks, returning visitors and referring URL to track visitors to our website, these may be referred back to specific individuals in some circumstances, such as where a user has followed a link from an email to our website, but are typically non-specific and cannot be used to identify individuals. We also gather information provided by website visitors to fill in forms, either requesting case studies or other materials. From time to time we may also purchase contact details from reputable providers.
Why do we Process this Information?
The types of data mentioned above are used to drive and target our marketing activities and content, to promote our services, to highlight industry-specific news and updates and to monitor and manage traffic through and visits to the Totalmobile website. Marketing materials may be issued through a number of channels, including email, telephone or physical post. Marketing activities are targeted, for example by industry or sector, to ensure that materials sent are tailored to users and their likely interests.

We consider that we may legally process this information under the GDPR because it is in our legitimate Interests to do so as this enables us to provide direct marketing to existing and prospective customers of Totalmobile. This legitimate interest also extends to where marketing information is provided to users who have an existing relationship with Totalmobile (for example existing customers) and where there is a reasonable expectation to be contacted with marketing materials or supplementary information (for example where visitors to the website have provided contact details in contact forms).
You have the right at any time to object to our processing of your Personal Data for marketing purposes, in which case we will cease doing so on receipt of your notification to that effect.

Our reliance upon legitimate interest to justify data processing for marketing activities does not limit or otherwise restrict individuals from exercising their data protection rights, such as requesting removal of their details from our marketing lists or unsubscribing from marketing materials.

How do we Process your Information?
Your contact details are used to enable the delivery of marketing materials through a number of different channels, such as email, telephone and post. Contact details used for marketing purposes are retained within a central database, access to your details is restricted to members of our Sales and Marketing Teams. Information used for marketing activities will be retained until it is requested to be removed by the user, in the case that the contact details are confirmed as out of date, in cases where a user provides supplementary or updated contact details or are removed based on periodic reviews of contact information carried out by the Marketing Team.

Website analytics are based on results drawn from Google Analytics, which gathers limited, non-specific website visitor information as previously outlined. This process uses cookies to identify unique and returning visitors, however, this does process does not identify individuals. Cookies may be disabled by website visitors within their browser settings if preferred.

Totalmobile will not pass on, sell or otherwise transfer the information retained on users to other organisations or third-parties unless required to do so by law. All information that may be used to identify individuals will be retained within the UK or EEA.

Where Totalmobile acts as Data Processor
Details of Information that Totalmobile Process on Behalf of Customers
Totalmobile, in providing services to its customers (as Data Processor), may also have access to data captured through devices and data stored as part of your overall solution, for example in backend databases. This data may include personal or more sensitive information on customer employees or onward customers or recipients of customer services depending on the nature of the work our customers are using Totalmobile products and solutions to carry out.

We will only ever access this information where we are providing support or troubleshooting for our customers in response to requests for assistance they may raise. The providing of support, as well as more general confidentiality and data protection considerations and controls are governed by contractual agreements.

Access to customer information held on devices and in backend databases is strictly controlled and is limited to authorised Totalmobile staff. Data processing activities carried out by Totalmobile will typically be defined within Data Processing Agreements issued by our customers, with processing activities being limited to fulfil the purposes outlined by our customers. Retention periods for information processed through the Totalmobile application is configurable to meet the requirements of our customers. Totalmobile will not share information we process on behalf of our customers unless required to do so by law.

Hosting Partners
Depending on the hosting arrangements we have agreed with our customers, processing of customer data may involve third-party hosting partners. The use of such hosting partners will be agreed with customers as part of the initial setup of a Totalmobile solution with relevant security, governance, legal and regulatory requirements imposed on Totalmobile by customers being subsequently imposed on our hosting partners where they are involved in the processing of customer information. Where other third-parties are involved or required in the implementation or use of a Totalmobile solution, these will be identified to the customer and agreement sought to the involvement of the third-party prior to a solution or processing activity starting. All hosting solutions we may put into place on behalf of our customers are based in the UK or EEA.
Device Data Capture
As outlined previously, Totalmobile may have periodic access to data captured through devices used by our customers- this includes data entry as well as images captured through the device camera where this functionality is used in the Totalmobile solution. The use of camera functionality will be available to customers who require it, and users will be prompted to either allow or disallow the Totalmobile application permission to access and capture information from the camera as and when it is used. Please note that any images captured by the device camera when using the Totalmobile application will be stored separately from the main device camera roll, and access to the main camera roll is not available to Totalmobile staff if they have to access device data while providing support. All data captured through the Totalmobile application are encrypted at rest and when it is sent to a customer’s back-end system. For further information on information that may be processed or is accessible from customer devices and storage environments, please see the Information for Customers and Users sections above.
Google Maps
A plug-in to Google Maps may be required in certain solutions provided to customers. This will depend on the functions, products and applications used- an example would be in scheduling solutions where routes for users are planned and mapped through the application. In cases where the use of Google Maps is necessary, we would like to direct customers to review the Google Maps/Google Earth Additional Terms of Service (available here), the more general Google Privacy Policy (available here) and the Google Maps Data Protection Terms (available here). These documents provide additional terms and assurances around our own and Google’s data protection obligations to you where Google Maps is used.