GDPR Compliance - Web Mobile App and IoT Development Firm - Pupa Clic Web Mobile App and IoT Development Firm – Pupa Clic

General Data Protection Regulation

The prodigious step taken by the European Commission, General Data Protection Regulation (GDPR) will not only strengthen and unify the personal data of individuals within the European Union (EU) but will also address the export of personal data outside the EU. The regulation which comes into effect on May 25, 2018, will handle EU residents’ data, specifying what type of data a business may collect, how, where, when and why it should be stored, used, processed, or disposed. It will also enhance the current data protection laws that are designed to enhance the rights of individuals and protection of their personal information.

The GDPR is expected to set new standards for consumers by giving them augmented rights over their personal data. If you or your organization offers services or products to EU resident’s or have plans to process EU resident’s data, then you should be compliant with the GDPR on or before the given deadline.

Before we further drill down the details on how GDPR is affecting us, let’s have a quick primer on legalese associated with GDPR:

  • Data Subject: The one whose personal information is collected
  • Data controller: The one who collects personal information from a data subject
  • Data processor: The one who processes the collected personal information from a data subject

Web, App, IoT and GDPR

Internet of Things (IoT) is a volatile industry with a heavy focus on data collection. Data gathering is one of the key aspects of IoT. Every second humongous amount of data is generated & gathered from millions of IoT devices. The GDPR aims to provide you a fair and consistent legal framework to enable the developments in IoT and to protect your right to privacy as connected machines play an ever-increasing role in daily lives. The GDPR has built-in principles of privacy by design and privacy by default.

In practice, these principles mean:

  • Minimising the amount of data collected and processed,
  • Pseudonymising data as early as possible,
  • Being transparent about the functions
  • Processing of the data,
  • Enabling the data subject to monitor the processing, and
  • Enabling data controllers to create
  • Improve security measures

Steps taken by Pupa Clic to be GDPR compliant

Designed with built-in data security and privacy services, we welcome GDPR as an opportunity to deepen our commitment to data protection. Our product and solutions has features which are capable of collecting and managing data in a GDPR-compliant way as straightforward as possible. Our entire team is hard at work ensuring that our own practices are GDPR-compliant. But equally important to us is helping you, our partners and customers, understand what  GDPR means for your businesses and build compliant processes of your own.

You can get enlightened with all the details on the default data we collect, how we collect, and how we process it. It is of vital importance to us that you should be able to use and enjoy our product and solutions without having to jeopardize your privacy. This privacy policy gives you the details on how we collect, store, process the data and the conditions under which we may disclose the information to others. It also outlines the process of how you can access, change, or delete your personal information. By using our product and solutions, you are agreeing to abide by this readiness document and our use of any information which we collect, will be governed by this readiness document.

What information do we collect?

Login screen:

The login screen collects the data such as username and password. This data will be encrypted and saved in the database.

The administrator will provide a username & password. After the first successful login, you will be redirected to the UI where the password needs to be changed mandatorily. You will be prompted to accept the terms & conditions and you will be able to proceed only if you accept the same.

Personal information:

All the personal information that is collected at different modules in our product and conventional solutions are detailed below:

User configuration: Information such as Username, Password, Mobile number, Email Id.

Note: The Mobile number and Email Id are not mandatory fields in the User Configuration.

Mail server settings: Information such as Account name, Server name/IP Address, Server port, UserName (mail server), Password (mail server), From Email Id, To Email Id.

SMS Profile settings: Information such as Profile name and Recipient phone/mobile number.

Client Name: Information such as Organization name, Organization Email Id, and Organization address.

Driver Configuration: Information such as Name, Contact number, Address, Organization name, and Email id.

Note: Address field is not a mandatory information in driver configuration.

Asset Information:

RTU configuration: Information such as Gateway name, Serial number, Organization name, Email Id, Name, Latitude, Longitude, Parent Site, Server IP address, Port, Building name, Building address, Region name, Region longitude & latitude, Country, Site name, Site longitude & latitude, and Gateway mobile number.

Fleet related information:

Device details: Information such as Device identification number, Vendor, SIM number, Organization name, Organization Email Id.

Vehicle details: Information such as Organization name, Organization Email Id, Vehicle registration number, Device identification number, Driver, Assigned client, Vehicle manufacturer.

Pupa Clic products and solutions are intended for use only by those who are 13 years or above. We do not target children, and we do not knowingly collect any personal data from any person under 13 years of age.

Purpose of the collected information:  

With data protection law coming into effect, your administrator should be using your data only for the purpose it was collected at first. Listed below are some information on what is the purpose of each personal data that is collected from you.

User information:

  • Username & password is collected for the purpose of authentication and providing authorization to the individual user that has been added. Only the administrator, can view the user information and for all other users, this information will be masked. Passwords will always be masked, even for the administrator.
  • E-mail addresses and contact numbers in the mail server settings & SMS settings respectively are collected for the purpose of sending you notifications on any alerts or events that may have occurred as per the escalation policy or notification settings done by your administrator.
  • Organization name & address collected at different places are only for display purposes.
  • Driver details such as name & address in driver configuration are stored for storage & display purposes and only the users with requisite permission can view this information for any unauthorized user, this information will be masked. Contact details of the driver like Email Id and contact number are collected to send notifications in case of alerts or events as per the escalation policy or notification settings done by your administrator.

Asset Information:

The asset information is collected to maintain a hierarchy which is used to display geolocation in maps in the web client.

At Pupa Clic, we believe that privacy is a fundamental right of any person. On that grounds, you have the choice to not provide your administrator with any of your personal data. If you want to withdraw your previously given consent, you can inform about the same by writing to your administrator. Once you have withdrawn your consent, your administrator should stop processing your data if they don’t have any other legal grounds to do so.

Your rights as a data subject:

You as a data subject can exercise your rights defined in GDPR by contacting your administrator at any given point of time. Listed below are the different rights that GDPR provides you as data subject:

Right of access: You have the right to be informed about your data. You can request your administrator to provide you the following information:

  • What data is being collected
  • The purpose of collecting data
  • All third party involved in your data processing
  • An envisaged period for which the data will be stored with your administrator

Right to rectification: You have the right to rectify any inaccurate personal data that your administrator possesses.

Right to erasure: You have the right to ask your administrator to erase any information that they hold about you if it is no longer necessary for the purpose for which it was collected.

Right to restrict processing: You have the right to restrict processing your data if it is unlawful or if it is not intended for the purpose it was collected.

Right to data portability: You have the right to directly export the data reports in .csv format.

Right to object: You have the right to object the processing your personal data.

Rights related to automated decision making & profiling: You have the right to not be subjected to a decision solely based on automated profiling and processing of your data.

Security of your data:

We at Pupa Clic take reasonable measures to protect your information from unauthorized access, misuse, or alteration by third parties. Your data is secured in our database and the password for the same is encrypted.

Where we store your data?

The personal data collected is stored in Pupa Clic database, MariaDB, MySQL databases.

Data retention:

The data that is saved and stored is non-sensitive personal data. Data is retained for as long as it serves the purpose it was collected for. Any unused personal data will be deleted. Data retention is a configurable feature of Pupa Clic and you as a data subject have the rights to choose the time duration you want the data to be retained.

You can exercise your right to erasure at any given time in case you want us to delete any data that your administrator withholds by letting him know the same.

External Third party Integration:

In order to make our product and solutions more beneficial, we integrate with third party applications to enable features like sending notification through SMS, Email and Firebase cloud messaging (for android mobile apps), etc. We also have features to show the geolocation on maps.

In order to enable these features, your administrator may choose from any of the supported third party sub-processors. The administrator will configure the external third party integration, with API key of your organization’s account with the respective third-party, in Pupa Clic webclient. Your administrator is required to ensure GDPR compliance with these third parties.

Data which will be shared to the third parties for each feature:

  • Sending SMS – Recipient mobile number & notification message
  • Sending Email – Recipient e-mail id, notification message, and SMTP credentials
  • Firebase cloud messaging – Recipient mobile number & notification message
  • Geolocation – Latitude & longitude coordinates

Cookies

Cookies are small text files which are transferred from our websites, applications or services and stored on your device. We use cookies to help us provide you with a personalised service and to help make our websites, applications, and services better for you. We use session cookies to maintain the persistent data across different pages.

Partners/System Integrators – Guidelines to help you become GDPR compliant

Our key to success lies in our strategic partnerships with various System Integrators, Resellers, and Hardware Partners. We give you the liberty of customizing our Platform or Solutions. As a partner, you can white label/rebrand our Platform & ready to deploy solutions and can deploy it to the customer base. You will then act as data controller/processer who is responsible for handling the personal data of the data subjects. Any additional personal data that you are collecting due to customizations in our platform or solutions, you have to ensure that it is GDPR compliant. Becoming compliant with the regulation can be summarized in five different stages. You can consider the following points.

  • IDENTIFY
    • Familiarize yourself with the requirements of GDPR and review your existing policies.
    • Create an inventory of all the personal data that you collect.
  • ASSESS
    • Re-examine the existing policies and contracts against data protection.
    • Review your agreements and contracts with the customers and third parties to make sure they are GDPR compliant.
  • DOCUMENT
    • Document all your data processing activities.
    • Maintain upto date documentation of all the activities.
  • MONITOR
    • Review the privacy policy and other policies relevant to data security from time-to-time
    • Ensure to follow privacy by design and stay compliant to GDPR at any point of time
  • IMPLEMENT
    • Ensure privacy notices are present wherever personal data is collected.
    • Establish mechanisms to get and manage consent from a data subject.
    • Establish procedures to respond to the requests of the data subject for access, rectification, objection, restriction, and right to be forgotten.
    • Establish the process for notification of data breaches.

Changes to our policy

Pupa Clic reserves the right to update and revise this product and solutions readiness from time to time to take into account legislative and other developments. Any changes we make to this policy will be posted on this page with a revision date to reflect when the last changes occurred.

Disclaimer: This document is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and/or your organization. We encourage you to obtain independent professional advice, before taking or refraining from any action on the basis of the information provided here.