Smart Track Privacy Policy
Last modified 25 May 2022
Key Systems, Inc. (KSI), offers our Smart Track smartphone app ("this Application") to set up, administer, and operate a KSI-manufactured Smart Track Wireless Communications Key Cabinet ("Smart Track SAM™" or "Smart Track") under a Customer's control in conjunction with software and hardware on the Smart Track also under the Customer's control using wireless communication capabilities of the smartphone and the Smart Track. Users are typically engaged by Customer in relationships, e.g. as employees or contractors, requiring User access to Assets owned by Customer, such as keys or equipment. SmartFobs™ attached to assets stored in the Smart Track provide unique electronic IDs for the assets so that upon login and checkout/return with this Application the Smart Track can record User's removal and/or return of specific assets stored in the Smart Track. As a result, this Application collects Personal Data and passes some of it to the Smart Track, but does not store the Personal Data on the User's smartphone unless User opts for authentication via the smartphone's onboard biometric authentication service. KSI is not responsible for loss or theft of items monitored by and/or stored in Smart Track , nor is KSI responsible for the handling of Personal Data by Customer, User, or any party other than KSI and any of its agents or affiliates contracted to handle such Personal Data. Definitions of terms used herein can be found in the section of this Policy entitled, "Definitions and Legal References" (hotlinked).
Your installation, continued use, and allowing this Application to use your smartphone's wireless communications hardware constitute your explicit consent to the collection of Personal Data as described in this Privacy Policy and to the terms of this Privacy Policy. You may revoke consent to the collection of Personal Data at any time by deleting this Application from your smartphone, bearing in mind that such revocation does not pertain to Personal Data collected prior to such revocation of consent.
Data
Controller(s), Processor(s), and Owner(s)
Customer
(Customer) – Identity and contact information vary.
Types
of Data Collected
This
Application collects Personal Data, by itself or through third
parties, including: User Personal Identification Number(s) in
Standard Mode, and additionally User Names and UserIDs in
Administration Mode, which are defined in "Definitions and Legal
References," below. Other sections of this Privacy Policy may
describe other Personal Data collected, and some Personal Data may be
described contextually in dedicated text at the time of collection.
Some Personal Data may be freely provided by the User, and other
Personal Data may be collected automatically when using this
Application, whether the Application is in the foreground or
background.
Purpose
of Collection
Any
use of Personal Data, unless stated otherwise, serves to identify
Users, verify Users, and remember Users' preferences, as well as to
monitor User checkout and return of an Asset stored in the Smart
Track for the sole purpose of providing the Service required by the
Customer and/or User. Failure or refusal to provide or to allow
collection of certain Personal Data may prevent this Application from
providing its part in the Service, as well as inability of User to
access to one or more Assets. The Customer and/or User assumes
responsibility for the Personal Data of third parties published or
shared through this Application by User and by such action(s)
declare(s) to have the right to communicate or broadcast such
information, thereby relieving the Data Controller of all
responsibility therefor.
Method of
Processing
The
Personal Data processing is carried out using computers and/or IT
enabled tools, following organizational procedures and modes strictly
related to the purposes indicated. More specifically, the Personal
Data is processed using this Application on User's
smartphone and software on the Smart Track that maintains a Database
on behalf of Customer. The Personal Data is used to verify and
identify the User, and to monitor the checkout and return of any
Asset with the Application by User with User's device.
Security
Data
Controller shall take appropriate security measures to prevent
unauthorized access, disclosure, modification, or destruction of the
Personal Data under its control, which shall not include Personal
Data relayed to Customer once under Customer's control. In addition
to the Data Controller, the Data may in some cases be accessible to
certain types of persons in charge, involved with the operation of
the site (administration, sales, marketing, legal, system
administration) or external parties (such as third party technical
service providers, mail carriers, hosting providers, IT companies,
communications agencies) appointed, if necessary, as Data Processors
by the Owner. The updated list of these parties may be requested from
the Data Controller at any time.
Place
Processed
The
Personal Data is processed on User's
smartphone and in the Smart Track. Additional processing may occur at
Customer's facilities, which are not under KSI control and for which
KSI is not responsible in any way.
Conservation
Time
The
Data is kept by the Data Controller for the time necessary to provide
the Service requested by the Customer. Subject to restrictions
imposed by law, the Customer, the Service Agreement between Customer
and Data Controller, and the relationship between the Customer and
the User, the User can request the Data Controller suspend Data
Collection or remove Personal Data under Data Controller's control.
The Use of the
Collected Data
The
Data concerning the User is collected to allow the Application to
furnish information required to provide the Service.
Customer
Asset Storage Hardware (the Smart Track)
Assets
with SmartFobs™ are stored in hardware under Customer's control,
namely one or more Smart Track SAMs. It is also possible for tagged
Assets to be stored in other ways under Customer's control. KSI has
no control over the Customer's Asset storage hardware.
Legal
Action
User's
Personal Data may be used for legal purposes by Data Controller in
Court or in the stages leading to possible legal action arising from
improper use of this Application or the related services.
Additional
Information about User's Personal Data
In
addition to the information in this privacy policy, this Application
may provide the User with contextual information concerning
particular services or the collection and processing of Personal
Data.
System
Logs and Maintenance
For
operation and maintenance purposes, this Application and any third
party services may collect files that record interaction with this
Application (System Logs) or use for this purpose other Personal Data
(such as IP Address).
Information
Not Contained in This Policy
More
details concerning the collection or processing of Personal Data may
be requested from the Data Controller (Customer) at any time at its
contact information.
User
Rights
Subject
to restrictions imposed by the Customer and the relationship between
the Customer and the User, the User has the right, at any time, to
know whether his or her Personal Data has been stored, as well as the
contents and origin of the Personal Data, to verify accuracy or to
ask for the Personal Data to be supplemented, cancelled, updated or
corrected, to ask the Personal Data to be converted into an anonymous
format, to block any of the Personal Data held in violation of the
law, and/or to oppose the treatment of the Personal Data for any and
all legitimate reasons, with the caveat that doing so may prevent
this Application from providing the Service. Requests should be sent
to Data Controller (Customer) at the contact information set out
above. This Application does not support "do not track"
requests inasmuch as the whole point of the Service is to monitor
Assets attached to Smart Fobs stored in the Smart Track(s), checked
out/returned with User's device, and to enable Customer to hold User
accountable for such Assets' disposition.
Changes
to This Privacy Policy
KSI
reserves the right to make changes to this privacy policy at any time
by giving notice to its Users on this page. It is strongly
recommended that the User check this page often, referring to the
date of the last modification listed at the bottom. If a User objects
to any of the changes to the Policy, the User must cease using this
Application and can request the Data Controller (Customer) to erase
the Personal Data, Subject to restrictions imposed by the Customer
and the relationship between the Customer and the User. Unless stated
otherwise, the then-current privacy policy applies to all Personal
Data the Data Controller has about Users.
Information
about This Privacy Policy
KSI
is responsible for this privacy policy.
European
Users
For
Customers monitoring Assets in the European Union, Controller hires
GDPR-compliant Cloud Server facilities in the European Union. or
elsewhere that have included the GDPR Model Clauses as set forth in
European Commission Decision (EC Dec.) C(2010)593. This Privacy
Policy constitutes a notice prepared in fulfillment of the
obligations imposed by Article 12 of Regulation (EU) No. 2016/679 and
is solely about this Application and the associated Service.
Controller does not employ a Data Protection Officer, nor does
Controller have an E.U. representative. User has a right to lodge a
complaint with an appropriate Supervisory Authority, such as the
European Data Protection Supervisor
(https://secure.edps.europa.eu/EDPSWEB/)
through which User can learn how to/with what body User should file a
complaint. The provision of the Personal Data is a contractual
requirement for providing the Service(s); conversely, failure to
provide the Personal Data will prevent User's access to Assets
monitored by the Service(s). Automated decision-making is employed
with regard to Asset use per any restrictions imposed upon User's
access, which may result in sending notifications to authorities in
Customer's organization, such as when contact with a monitored Asset
is established/lost, when an Asset enters/leaves a particular area or
is overdue for return, when an Asset tag battery has reached a
particular level of charge, and the like.
Intellectual
Property
The
Service and its original content, features, and functionality are and
will remain the exclusive property of Key Systems, Inc., and its
licensors, protected by copyright, trademark, patent, and/or other
laws of the United States and other countries. Prior written consent
of Key Systems, Inc., is required for use of KSI's trademarks and
trade dress in connection with any product or service.
Definitions and Legal References
Personal
Data (or Data)
Any
information relating to an identified or identifiable natural person,
where an identifiable natural person is one who can be identified,
directly or indirectly, in particular by reference to an identifier
such as a name, an identification number, location data, or an online
identifier (such as a User Name), or to one or more factors specific
to the physical, physiological, genetic, mental, economic, cultural
or social identity of that natural person. In addition, for at least
the purposes of the Model Clauses of EC Dec. C(2010)593, 'personal
data', 'special categories of data', 'process/processing',
'controller', 'processor', 'data subject' and
'supervisory
authority'
shall have the same meaning as in Directive 95/46/EC of the European
Parliament and of the Council of 24 October 1995 on the protection of
individuals with regard to the processing of personal data and on the
free movement of such data.
This
Application
The
KSI Smart Track application, a software tool that may collect
Personal Data to provide services described above.
Device
A
smartphone or other computing device on which this Application is
installed and/or runs, whether owned by User or another party and
operated by User.
User
The
individual using this Application, which must coincide with or be
authorized by the legal or natural person to whom the Personal Data
refer (the Data Subject).
E-Mail
Data
Includes
User-supplied e-mail address(es), as well as authorization, and
confirmation messages sent to the User's e-mail account(s). This may
also include dates and times of viewing, reading, deleting, or
otherwise manipulating such messages and/or their content, such as
links in the messages.
Device
Data
Includes
a unique device ID created by this Application, as well as platform
and other device information needed to perform the Service.
Usage
Data
Information
collected automatically from or on behalf of this Application, which
can include: name/attributes of computer network(s) to which the
Device connects; identifiers of Assets User is authorized to check
out; events regarding Assets checked out to User; IP addresses/domain
names of the Device hosting this Application and/or computers or
other devices used by Users of this Application; Uniform Resource
Identifiers (URIs) used to submit requests to a server(s), as well as
time/method of submission, the size of any file received in response,
any numerical code representing the status of a server's answer
(successful outcome, error, etc.), the country of origin of the
request, operating system of the Device, various time details per
visit (e.g., the time spent on each page within the Application) and
details about the path followed within the Application with special
reference to the sequence of pages visited, and other parameters
about the device operating system and/or the User's IT environment.
User
Name (or User ID)
An
identifier by which the User is known to a computer-implemented
system, such as KSI's GFMS, a facilities maintenance system, an
access control system, an e-mail service provider, or other service
provider, for the purposes of authorization and/or access,
particularly in conjunction with a password, challenge question(s),
security token, and/or other authorization tools.
Data
Controller (or Application Owner, or Owner)
The
natural person, legal person, public administration, or any other
body, association or organization with the right, also jointly with
another Data Controller, to make decisions regarding the purposes,
and the methods of processing of Personal Data and the means used,
including the security measures concerning the operation and use of
this Application. The Data Controller, unless otherwise specified, is
the Owner of this Application. For the purposes of EC Dec.
C(2010)593, this is also the Data Exporter where the Personal Data is
transferred by Controller out of the EU and/or the Data Importer
where Controller transfers the Personal Data into the EU.
Data
Processor
A
natural person, legal person, public administration, or other body,
association or organization authorized by the Data Controller to
process the Personal Data in compliance with this privacy policy.
Cookie
A
small piece of data stored in the User's device, typically as a
result of using a web browser to access a web page, but also used in
other contexts.