Privacy Policy and Data Processing Agreement | Checkit

Privacy Policy and Data Processing Agreement

This Application collects some Personal Data from Authorised Users.

 

  1. Provider of this App

We are Checkit Ltd, Broers Building, 21 JJ Thomson Avenue, Cambridge, CB3 0FA, United Kingdom

Provider contact email: privacy@checkit.net and “we” and “our” and similar expressions refer to us.

 

  1. Terms of Service and Data Processing Agreement

2.1 This Application is to be used only by Checkit customers and in accordance with the Checkit Terms of Service available here: https://checkit-old.local/customer_tc/. In this policy “you” means the organisation which has a contract with us. Terms defined in the Checkit Terms of Service shall have the same meanings in this policy unless context otherwise requires and “Privacy Policy” means this privacy policy and data processing agreement.

2.2 This is a binding contract between you and us for data processing.

 

  1. Data

3.1 You will own all right, title and interest in and to all of the Data and shall have sole responsibility for its legality, reliability, integrity, accuracy and quality. You are the Data Controller of the Data, to the extent it consists of Personal Data.

3.2 We require Personal Data about your Authorised Users (comprising identifiers such as names, email addresses and mobile telephone numbers) to be stored on our systems so that you can access it and to enable you to instruct us to set up reports for you using such Personal Data. To that limited extent only we process Personal Data in connection with your Subscription as your Data Processor. Except as expressly set out in this Privacy policy, you will not transfer, process or otherwise transmit any Personal Data to us or request, authorise or permit us to process any Personal Data. To the limited extent that we are your Data Processor, as described above, you may only give us instructions to process such Personal Data within those limits and may not instruct us to process Personal Data such that you or we may breach Data Protection Laws.

3.3 You also agree to us accepting and using the Data in order to assist you with your use of Checkit but accept that we have no duty to do so.

3.4 You further agree and acknowledge that we may, for our own purposes, process any of the Data which is Personal Data by anonymising it so that it is no longer capable of identifying individuals, and further process it for product development, benchmarking, research and marketing purposes.

3.5 You agree to allow us to audit your and/or the Authorised Users’ use of Checkit to ensure that these Terms of Service are being complied with. We will give you reasonable advance notice if we wish to carry out an audit. This audit right does not entitle us to access to confidential intellectual property or financial, payroll, personnel or other confidential records that belong to you that do not relate directly to the Subscription.

3.6 Without limiting any other provision of this Privacy policy, you undertake to obtain any necessary consents from all Data Subjects with respect to the processing of Data by you or by us.

3.7 We will follow our archiving procedures for Data stored in the cloud as set out in our current data back-up policy available on request. In the event of any loss or damage to Data, your sole and exclusive remedy shall be for us to use reasonable commercial endeavours to restore the lost or damaged Data from the latest back-up of such Data we maintain. We will not be held responsible for any loss, destruction, alteration or disclosure of Data caused by any third party. Data stored by us may be held in the UK, the USA, Germany and Ireland.

3.8 We will use our reasonable endeavours to ensure that appropriate safety and security services and procedures are maintained and enforced to prevent unauthorised access or damage to the Data or the Cloud Software.

3.9 You agree to indemnify us, our employees, subcontractors and agents against all losses, liabilities, damages, fines, penalties and expenses (including reasonable legal fees) incurred by us arising from any breach by you, your employees and agents of this Privacy policy and/or the Data Protection Laws.

 

  1. Types of Data collected

4.1 Among the types of Personal Data that this Application collects, by itself or through third parties, there are: Camera permission; Approximate location permission (non-continuous); Phone permission; Storage permission; Photo Library permission; Call permission.

4.3 Personal Data may be freely provided by you, or, in case of Usage Data, collected automatically when using this Application.

4.4 Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Data is not mandatory, you are free not to communicate this Data without consequences to the availability or the functioning of the Service.

4.5 Any use of Cookies – or of other tracking tools – by this Application or by the owners of third-party services used by this Application serves the purpose of providing the Service required by you, in addition to any other purposes described in the present document and in the Cookie Policy, if available.

4.6 You are responsible for any third-party Personal Data obtained, published or shared through this Application and you confirm that you have the third party’s consent to provide the Data to us.

 

  1. Our obligations as data processor

5.1 In relation to any Personal Data processed in connection with the performance by us of our obligations under this policy/agreement or the Terms of Service we will:

5.1.1 Process that Personal Data only on your written instructions unless we are required by the laws of any member of the European Union or by the laws of the European Union applicable to us to process Personal Data (“Applicable Laws”). Where we are relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, we shall promptly notify you of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit us from so notifying you;

5.1.2 Ensure that we have in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);

5.1.3 Ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and

5.1.4 Not transfer any Personal Data outside of the European Economic Area unless your written consent has been obtained and the following conditions are fulfilled:

5.1.4.1 You or we have provided appropriate safeguards in relation to the transfer;

5.1.4.2 The data subject has enforceable rights and effective legal remedies;

5.1.4.3 We comply with our obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and

5.1.4.4 We comply with reasonable instructions notified to us in advance by you with respect to the processing of the Personal Data.

5.1.5 Assist you, at your cost, in responding to any request from a Data Subject and in ensuring compliance with your obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

5.1.6 Notify you without undue delay on becoming aware of a Personal Data breach;

5.1.7 At your written direction, delete or return Personal Data and copies thereof to you on termination of this agreement unless required by Applicable Law to store the Personal Data;

5.1.8 Maintain complete and accurate records and information to demonstrate our compliance with this Agreement; and

5.2 The exclusion of and the limitations on liability contained in the Terms of Service also apply in this Policy/Agreement.

 

  1. Device permissions for Personal Data access

6.1 Depending on the Authorised User’s specific device, this Application may request certain permissions that allow it to access the Authorised User’s device Data as described below.

6.1.1 By default, these permissions must be granted by the Authorised User before the respective information can be accessed. Once the permission has been given, it can be revoked by the User at any time. In order to revoke these permissions, Authorised Users may refer to the device settings or contact us for support at the contact details provided in the present document.

6.1.2 The exact procedure for controlling app permissions may be dependent on the Authorised User’s device and software.

6.1.3 Please note that the revoking of such permissions might impact the proper functioning of this Application.

If the Authorised User grants any of the permissions listed below, the respective Personal Data may be processed (i.e. accessed to, modified or removed) by this Application.

6.2 Approximate location permission (non-continuous)

6.2.1 Used for accessing the Authorised User’s approximate device location. This Application may collect, use, and share User location Data in order to provide location-based services.

6.2.2 The geographic location of the Authorised User is determined in a manner that isn’t continuous. This means that it is impossible for this Application to derive the approximate position of the Authorised User on a continuous basis.

6.3 Call permission

Used for accessing a host of typical features associated with telephony.

6.4 Camera permission

Used for accessing the camera or capturing images and video from the device.

6.5 Phone permission

Used for accessing a host of typical features associated with telephony. This enables, for instance, read-only access to the “phone state”, which means it enables access to the phone number of the device, current mobile network information, or the status of any ongoing calls.

6.6 Photo Library permission

Allows access to the Authorised User’s Photo Library for storage of Photos taken with the App.

6.7 Storage permission

Used for accessing shared external storage, including the reading and adding of any items.

 

  1. Detailed information on the processing of Personal Data

7.1 Personal Data is collected for the following purposes and using the following services:

7.1.1 Device permissions for Personal Data access

7.1.2 Infrastructure monitoring

7.1.3 Internal processing tool

 

  1. Further information about Personal Data

8.1 Push notifications

8.1.1 This Application may send push notifications to users.

8.2 The Service is not directed to children under the age of 13

8.3 Unique device identification

8.3.1 The Application may track Authorised users by storing a unique identifier of their device, for analytics purposes or storing Authorised user’s preferences.

 

Last updated: 8th May 2019

 

Ready to get started?

Book a discovery meeting and take the first step to optimizing performance across your operation with Checkit.

Related datasheets