[mc4wp_form id="2231"]

Ostara Mobile Application Privacy Policy

Ostara Systems Limited is committed to protecting and respecting your privacy.

The General Data Protection Regulation (GDPR) came into force in May 2018 and a key part of this is being open about how we use personal information and what rights you have in respect of information we hold about you.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us and refers to our obligations as a “data processor”.  Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Our clients are the “data Controllers” for all data elements held in the system that we supply to them and will therefore have their own obligations with regard to GDPR.

The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).

Definitions

Data controller – A controller determines the purposes and means of processing personal data.

Data processor – A processor is responsible for processing personal data on behalf of a controller.

Data subjectNatural person.

Categories of dataPersonal data and special categories of personal data.

Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.

Special categories of personal data The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.

Processingmeans any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

What Information do we hold?

As part of your use of the Ostara Mobile Application, we may hold numerous elements of information which include but is not limited to Names, salutation, Job title, email address, phone number and physical building location at the point of starting or stopping a work order. We also record incoming and outgoing phone calls. This information is held to enable us to provide our contractual service to our clients and we therefore have a legitimate interest in holding the data. We do not hold any “Special categories of personal data”. 

Why do we have it and what do we use it for?

As stated above we require certain elements of personal data to enable communications to the individuals in question or indeed this data is used as part of a secure logging in process. The use of bluetooth beacons, GPS and QR code check-ins that identify the location of an individual is an intrinsic part of an audit process and also drives certain financial calculations within the system that are relied on by our clients. Any phone call data is used as an audit for certain events along with being an intrinsic part of training our staff. 

How long do we keep your personal data?

We keep your personal data for no longer than reasonably necessary. This will be based on either a legal requirement (where a law says we have to keep information for a specific period of time) or accepted business practice. The data is generally stored for a minimum period of 7 years after the end of any contract with a client, after which it is destroyed using secure methods.

Which security methods will protect your information?

Cisco firewalls are in place to ensure no unauthorised access is permitted to the Ostara Network.  User access to data is defined by the Client and restricted via the role policies of the application.

The application is encrypted to 128-bit encryption, and all usernames and passwords are also encrypted to 128-bit encryption

The system is segregated to ensure one Client’s data is kept separate from another. All data is stored using a unique client identifier.  This key is used for all data requests to guarantee that incorrect data is not transmitted.  The key is only provided upon successful application login.

The software runs in an isolated environment, with limited access to invasive infrastructure on the machine it is installed on.

Phone call recordings are held securely within our partner phone system provider and are saved in a secure location on our network if they are downloaded.

CCTV recordings are retained on a password protected CCTV hard drive. For other information regarding CCTV please see the “Ostara Systems CCTV Policy.

Who do we share this information with and why?

Your personal data will be treated as strictly confidential, Ostara Systems never shares data with any third parties, however, data held in the system could be shared by our client “the Controller” with any third party as per their privacy policy.

The Rights you have

Unless subject to an exemption under the GDPR, you have various rights with respect to your personal data. All queries should be directed to the data controller who will be the company whose system you have provided data for.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

How to Contact the company

If you have any queries about this privacy statement please contact Ostara at info@ostarasystems.com or by calling 0844 8802582. Alternatively, contact the company who has contracted with Ostara for the provision of the system, “the Controller”.

If this does not resolve your query to your satisfaction, you have a right to contact the Information Commissioners Office.

Content is protected. Right-click function is disabled.