� Last modified 23 September 2016
Key Systems, Inc. (KSI), offers an object (�Asset�) monitoring and locating Service via our Asset Tracker smartphone app (�this Application�) in conjunction with software on a Cloud Server, software and hardware under a Service Customer�s control, and Bluetooth-enabled tags that can interact with a mobile device, such as User�s smartphone, running this Application. Users are typically engaged by Customer in relationships, e.g. as employees or contractors, requiring User access to Assets owned by Customer, such as keys or equipment. Bluetooth-enabled Asset Tracker tags attached to the Assets interact with the User�s device upon checkout to allow this Application to monitor Asset location, Asset distance from device, and tag status. As a result, this Application collects Personal Data and passes some of it to the Cloud Server and/or Customer as part of the Service. KSI is not responsible for loss or theft of items tracked by Asset Tracker tags, nor is KSI responsible for the handling of Personal Data by Customer, User, or any party other than KSI and any of its agents or affiliates contracted to handle such Personal Data. Definitions of terms used herein can be found in the section of this Policy entitled, �Definitions and Legal References� (hotlinked).
Consent: Grant and Revocation
Data Controller(s) and Owner(s)
Service Customer (Customer) � Identity and contact information vary
Types of Data Collected
Purpose of Collection
Any use of Personal Data, or of other tracking tools in connection with use of this Application, unless stated otherwise, serves to identify Users, verify Users, and remember Users� preferences, as well as to monitor and locate a Bluetooth tag device attached to an Asset for the sole purpose of providing the Service required by the Customer and/or User. Failure or refusal to provide or to allow collection of certain Personal Data may prevent this Application from providing its part in the Service, as well as inability of User to access to one or more Assets. The Customer and/or User assumes responsibility for the Personal Data of third parties published or shared through this Application by User and by such action(s) declare(s) to have the right to communicate or broadcast such information, thereby relieving the Data Controller of all responsibility therefor.
Method of Processing
The Personal Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. More specifically, the Personal Data is processed using a cloud-based Service, hosted on a Cloud Server, that maintains a Database on behalf of Customer. The cloud-based Service also interacts with Customer�s existing installation of software produced by Data Controller, Global Facilities Management System (GFMS), which is installed and operated on hardware controlled by Customer. The Personal Data is used to verify and identify the User, to monitor the location of any tag monitored by the Application and its distance from User�s device, to report circumstances or events as requested by Customer, to report various conditions of any tag being monitored by the Application, and/or to alert User of a potential loss of an Asset to which a monitored tag is attached.
Data Controller shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of the Personal Data under its control, which shall not include Personal Data relayed to Customer once under Customer�s control. In addition to the Data Controller, the Data may in some cases be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.
The Personal Data is processed at a facility hired by the Data Controller for the purpose of hosting the software providing the Service on a Cloud Server. Additional processing may occur at Customer�s facilities, which are not under Controller�s control and for which Controller is not responsible in any way.
The Data is kept by the Data Controller for the time necessary to provide the Service requested by the Customer. Subject to restrictions imposed by law, the Customer, the Service Agreement between Customer and Data Controller, and the relationship between the Customer and the User, the User can request the Data Controller suspend Data Collection or remove Personal Data under Data Controller�s control.
The Use of the Collected Data
The Data concerning the User is collected to allow the Application to furnish information required to provide the Service, and can include sending e-mail, push, and notification messages.
Customer Installation of KSI�s Global Facilities Management System (GFMS)
GFMS is used by Customer to monitor and control access to Assets stored in KSI Security Asset Managers (SAMs) and related Asset storage hardware owned and/or controlled by Customer. Among other services, GFMS maintains a database of Authorized Users, Monitored Assets, hierarchical permissions assigned to Users and Assets, Events associated with Assets and Users, and Asset Location Data. User Personal Data, including Location Data, is used by the Service to generate Asset Location Data that is relayed to GFMS. GFMS also includes e-mail address management and message sending capabilities and interacts with the Cloud Server to generate notifications and/or messages on User�s Device, as well as to send notifications to Customer personnel under certain conditions set by Customer.
Personal Data collected: GFMS UserID, GFMS-Associated User e-Mail Address, Location Data, Usage Data (e.g. Asset Transaction and Events).
Customer Asset Storage Hardware
Assets with tags are stored in hardware under Customer�s control, which may include SAMs and related KSI products. It is also possible for tagged Assets to be stored in other ways under Customer�s control. GFMS gathers tag and Asset information directly from tags or via storage hardware and relays some Data to the Service, which then relays some Data to the Application. In addition, Data collected by this Application may ultimately reach Customer�s Asset storage hardware. Data Controller has no control over the Customer�s Asset storage hardware.
User�s Personal Data may be used for legal purposes by Data Controller in Court or in the stages leading to possible legal action arising from improper use of this Application or the related services.
Additional Information about User�s Personal Data
System Logs and Maintenance
For operation and maintenance purposes, this Application and any third party services may collect files that record interaction with this Application (System Logs) or use for this purpose other Personal Data (such as IP Address).
Information Not Contained in This Policy
More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time at its contact information.
Subject to restrictions imposed by the Customer, the Service Agreement between Customer and Data Controller, and the relationship between the Customer and the User, the User has the right, at any time, to know whether his or her Personal Data has been stored, as well as the contents and origin of the Personal Data, to verify accuracy or to ask for the Personal Data to be supplemented, cancelled, updated or corrected, to ask the Personal Data to be converted into an anonymous format, to block any of the Personal Data held in violation of the law, and/or to oppose the treatment of the Personal Data for any and all legitimate reasons, with the caveat that doing so may prevent this Application from providing the Service. Requests should be sent to Data Controller at the contact information set out above. This Application does not support �do not track� requests inasmuch as the whole point of the Service is to track and monitor Assets attached to tags in communication with User�s device and to enable Customer to hold User accountable for such Assets� disposition.
The Service and its original content, features, and functionality are and will remain the exclusive property of Key Systems, Inc., and its licensors, protected by copyright, trademark, patent, and/or other laws of the United States and other countries. Prior written consent of Key Systems, Inc., is required for use of KSI�s trademarks and trade dress in connection with any product or service.
Links to Other Web Sites
This Application and/or the Service may provide links to third party web sites or services that are not owned or controlled by Key Systems, Inc. Key Systems, Inc., has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party web sites or services, nor does Key Systems, Inc., warrant the offerings of any of these entities/individuals or their websites. User acknowledges and agrees that Key Systems, Inc., shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any content, goods or services available on or through any such third party web sites or services. Key Systems, Inc., strongly advises User to read the terms and conditions and privacy policies of any third party web sites or services visited.
Personal Data (or Data)
Any information relating to an identified or identifiable natural person, where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier (such as a User Name), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The KSI Asset Tracker application, a software tool that may collect Personal Data to provide services described above.
A smartphone or other computing device on which this Application is installed and/or runs, whether owned by User or another party and operated by User.
The individual using this Application, which must coincide with or be authorized by the legal or natural person to whom the Personal Data refer (the Data Subject).
Includes User-supplied e-mail address(es), as well as authorization, and confirmation messages sent to the User�s e-mail account(s). This may also include dates and times of viewing, reading, deleting, or otherwise manipulating such messages and/or their content, such as links in the messages.
Includes a unique device ID created by this Application, as well as platform and other device information needed to perform the Service.
Information collected automatically from or on behalf of this Application, which can include: name/attributes of computer network(s) to which the Device connects; identifiers of Assets User is authorized to check out; events regarding Assets checked out to User; IP addresses/domain names of the Device hosting this Application and/or computers or other devices used by Users of this Application; Uniform Resource Identifiers (URIs) used to submit requests to a server(s), as well as time/method of submission, the size of any file received in response, any numerical code representing the status of a server�s answer (successful outcome, error, etc.), the country of origin of the request, operating system of the Device, various time details per visit (e.g., the time spent on each page within the Application) and details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User�s IT environment.
User Name (or User ID)
An identifier by which the User is known to a computer-implemented system, such as KSI�s GFMS, a facilities maintenance system, an access control system, an e-mail service provider, or other service provider, for the purposes of authorization and/or access, particularly in conjunction with a password, challenge question(s), security token, and/or other authorization tools.
Data Controller (or Application Owner, or Owner)
The natural person, legal person, public administration, or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
A small piece of data stored in the User�s device, typically as a result of using a web browser to access a web page, but also used in other contexts.
Last modified 23 September 2016