This Policy creates the legal framework for processing of personal data in a manner compliant with EU General Data Protection Regulation 2016/679 (GDPR), and describes how Accessy collects, uses, shares and secures the personal data. It also describes Your choices regarding the use, access and correction of Your personal data.
If You have questions or complaints regarding this Policy or about Accessy’s privacy practices, please write to us at email@example.com.
Why does Accessy collect and process Personal Data?
The Service is intended for use by enterprises and organizations (each an Administrator) that has subscribed for use of the Service. The Administrator is, through the subscription, authorized to publish the Administrator’s Assets (as defined below) in the Service.
The App is intended for use by persons using the Service (each a User or collectively Users).
Asset – An object that belongs to an Administrator and that has been published in the Service by the Administrator. An Asset has certain asset operations where Asset Access (defined below) is controlled.
Asset Access – Access to an Administrator’s Asset published in the Service, to which a User has been granted access by the Administrator. A User may have one or multiple Asset Accesses and may be granted access by one or multiple Administrators.
The Administrator may invite Users to become a member of the Administrator’s organization. Once approved as a member the User will be entitled to request access or be invited to access such organization’s published Assets (Asset Access).
A User’s Asset Access or utilization of the Service requires the App and a registration for an individual account with Accessy (Account). When the User has registered the Account, then Assets published in the Service will be available to the User. Once approved by the Administrator in control of the published Assets, the User may use the Service for Asset Access. Other Asset availabilities and Asset Access require memberships controlled by Administrators.
For the purposes of this Policy, we refer to any Account registration information as Account Information.
Where the Service is made available to You through an Administrator, that Administrator (enterprise or organization) is the data controller of Your Personal Data submitted during use of the Service. As such any User data privacy questions and requests should initially be submitted to the Administrator in its capacity as Your data controller. Accessy is not responsible for the Administrator’s privacy or security practices, which also may be different than those set forth in this Policy.
The Service collects information as described below and Accessy has no direct relationship with the individuals whose Personal Data is processed in connection with use of the Service. The use of Personal Data collected through the App and the Service is for the purpose of providing and supporting the Service. In certain situations, Accessy may be required to and may disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Accessy may also disclose Personal Data to respond to subpoenas, court orders, or legal process, or to establish or exercise Accessy’s legal rights or defend against legal claims. Accessy may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of agreement, or as otherwise required by law.
When creating an Account to use the Service and by voluntarily providing us with Account Information You also give Your consent that we process Your personal data. By doing so You also represent that You are the owner of such Account Information or otherwise have the requisite consent to provide it to Accessy.
The lawful basis for Accessy to process Your personal data is Your consent. We also base the processing of Your personal data on our legitimate interest; to ascertain that the right person is granted access to the right asset, to provide You with the necessary functionality required during Your use of our Service, to do technical enhancements and for improving the standard of the Service and security, to prevent misuse and illegal action, to collect statistics for the Service, and to handle Personal Data when performing necessary log/register maintenance.
We follow generally accepted standards to protect the Personal Data submitted to us, both during transmission and once it is received. These security and privacy practices, including how we protect, collect, and use electronic data, text, messages, communications or other materials submitted to and stored within the Service by You are found Accessy’s applicable Data Security Standards (DSS).
We collect and process Your Personal Data when You register for an Account to access or utilize our Service, such as Your name (first name and last name), mobile phone number, to be able to provide our Service and to identify Your Account in our Service.
Your mobile phone number is used to send You a SMS for activating Your Account.
Your name is only shared when requesting an Asset Access and within organizations You choose to join.
Using the Service, Access Log and other User statistics
While using our Service we collect information about Asset Access, such as door operations, enabling charging stations or whatever operation that may be available from an Asset.
When You request an Asset Access, You will provide us with Your Personal Data and data of the Asset You request access to. Your Personal Data will be available to Administrator who has the authorization to approve Your request. This information is stored if Your Account is registered for use of the Service.
When Your access request is approved and You choose to use it, every Asset Access attempt is logged in the System’s access log. This data is stored for 14 days, as default. The publisher of the Asset may require this access data to be stored longer, but that will require Your consent when You apply for membership controlled by Administrators.
We may also collect anonymous usage statistics to be used solely by Accessy to improve the Service and to find and fix problems. We may also use mobile analytics software to allow us to better understand the functionality of our mobile versions of the App and the Service on Your mobile device. This mobile analytics software may record information such as how often You use the App, the events that occur within the App, aggregated usage, performance data, and where the application was downloaded from.
We do not link any information that we store as usage statistics to any personally identifiable information that You submit for the mobile application.
The System will request permission of Your location for helping You finding Assets nearby, but the System does not store this location data. Some Assets may be configured to require a location when accessing them, then the System will store Your location as part of our Asset Access logs.
When registering an App to Your Account and downloading the App to Your mobile device, the System automatically collects information on the type of device You use, and the operating system version. If the App is running in iOS You will also provide the System with information on the device name such as “Eric’s iPhone”.
As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when You interact with our websites and Service. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information You search for, locale and language preferences, identification numbers associated with Your devices, Your mobile carrier, and system configuration information. Occasionally, we connect Personal Data to information gathered in our log files as necessary to improve our Websites and the Service. In such a case, we would treat the combined information in accordance with this Policy.
Will collected Information be shared?
All Your data in the Service is processed by services hosted within the European Economic Area (EEA) and servers are hosted on our third-party service provider Azure’s servers in North and West Europe (Ireland and Netherlands).
We only share information, including Personal Data, with our subscribing Administrators and the organizations they belong to (see description below), and our third-party service providers that we use to provide hosting for and maintenance of our Service, App development, backup, storage, payment processing, analytics and other services for us. These third-party service providers may have access to or process Your Personal Data for the purpose of providing these services for us.
Accessy does not permit any third-party to use the Personal Data for marketing purposes or for any other purpose than in connection with the services they provide to us.
In certain situations, Accessy may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Accessy may disclose Personal Data to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. Accessy may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our applicable subscription/license agreements, or as otherwise required by law.
We may also share Personal Data with third parties when we have Your consent to do so.
Will transfer of Personal Data occur?
Except as approved by You or as requested by Your Administrator (data controller) acting on Your approval, Accessy (as a data processor) and Accessy’s sub-processors (as applicable) will only maintain Personal Data processing operations in countries that are inside of the EEA.
If You or Your Administrator (data controller) acting on Your approval has approved that Your Personal Data processed in the Service is transferred and/or processed in a country outside the EEA, the Accessy shall ensure that such transferred and/or processed Personal Data are adequately protected. To achieve this, the Accessy shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of Personal Data.
Accessy offers Administrator’s to enter into a separate Data Processing Agreement (DPA), provided upon request, which outlines Accessy’s and the Administrator’s respective rights and obligations to guarantee an adequate level of data protection of Personal Data.
How long do we keep Your Personal Data?
Accessy will retain Your personal information for as long as Your Account is active or as needed to perform our contractual obligations to You and Your Administrator, to provide the Services and App to You, to comply with legal obligations, to resolve disputes, to preserve legal rights, or to enforce our agreements.
Once Your Account is closed, we will automatically delete all Your Personal Data within 3 months from Account-closure. If You want us to delete Your Personal Data more promptly, for example if You believe a Service Account was created for You without Your permission, or You are no longer an active User, You can request that we delete Your Account You by sending an email to firstname.lastname@example.org with a request to do so. Your Personal Data will then be deleted no later than 28 days after receiving Your request.
Please note that if You are using the Service via an Administrator, You should first contact the Administrator via designated channels and request to stop You Asset Access, and storage and use of Your Personal Data. If there is delay or dispute as to whether Accessy has the right to continue using Your Personal Data, Accessy will restrict any further use of Your Personal Data until the request is honoured or the dispute is resolved, provided the Administrator does not object (where applicable).
How do I delete my Account?
If You no longer wish to use our Service You and close Your Account, You need to contact us and request to deactivate and delete Your Account, please email email@example.com. Please note that the deactivating and deletion of Your Account the telephone number linked to any Asset Access is deleted. The Service data related to ordering, payments etc. for the Service will be stored for accounting and legal requirement purposes.
You may request that Your Personal Data to no longer be accessed, stored, used and otherwise processed by us, see above under How long do we keep Your data?
What if there is a data security breach?
Accessy has implement and maintains appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or Asset Access (a ”Data Security Breach”), provided that such measures shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, so as to ensure a level of security appropriate to the risks represented by the processing and the nature of the Personal Data to be protected, including data security consistent with the Accessy’s applicable Data Security Standards.
If You want to report a Data Security Breach please contact us via firstname.lastname@example.org.
Upon confirmation of a Data Security Breach concerning Your Personal Data, we will notify You without undue delay but in any event within 48 hours, and we will take necessary actions and measures to investigate, mitigate or remedy such Data Security Breach.
What are Your rights?
You have the right to be informed by what data Accessy collect about You when using the Service and the App, which is covered by this Policy. Furthermore, You have the right to review Your data.
If You believe that the information that we have collected about You may be incorrect, then You have the right to have it amended and also, in some cases, deleted.
If You wish to exercise any of Your rights please contact us via email@example.com.
You have the right to complain to a Data Protection Authority about our collection and use of Your Personal Data. For more information, please contact Your local data protection authority in the EEA. If You are in Sweden you have the opportunity to complain to Datainspektionen, with contact details available at www.datainspektionen.se.
Will this Policy change?
Should European Parliament and/or the Council pass new regulations and/or issue any guidelines which contains terms that conflict with those used in this Policy, We reserve the right to change this Policy from time to time to make it compliant with any such new legislation or guideline. If we change the Policy the new version is valid from the moment we publish it on our website.
Do You still have an unanswered question?