Mobile App Privacy Notice (IWS and ILS)
This App supports a range of services (Services) developed by Navenio Limited (Navenio) that use location data and location-powered scheduling algorithms to track asset and people movements and to improve resource allocation and workflow.
The Services include:
- Intelligent Location Services (ILS) that use signal data collected from mobile devices to provide accurate locations of people and assets.
- Intelligent Workforce Solutions (IWS) that offer an automated solution for assigning tasks to workers based on their skillset, location and availability.
- Tools that are used to collect signal data to build the signal maps required for determining device-location in ILS.
- Analytics that provide insight into how the Services improve our processes and deliver value.
This privacy notice explains what personal data we collect when using the Services, what it is used for and how long it is kept. The notice also describes the legal basis for collecting the data, who it is shared with and what your rights are.
Information we collect
We collect the following data when commissioning the system and while the Services are being used:
Location data (ILS and IWS)
Such as GPS, Wi-Fi, Bluetooth low energy (BLE) and sensor (accelerometer, gyroscope, magnetometer and pressure) data from the mobile device together with more accurate location data derived from that data.
When the App is in use, location data collected by the mobile device is compared against prebuilt signal maps that have been downloaded onto the device in order to calculate your location. Depending on the mobile settings (which may differ by venue, application, user or group), the location data (including the on-device calculated location data) may be recorded to files on the mobile device itself and uploaded to the system.
App and mobile device data (IWS and ILS)
Such as the operating system and software version, resettable device identifiers, mobile settings and system log, and power, battery and network usage data.
When the App is in use, depending on the mobile settings, the system creates a metadata file which includes version numbers for the mobile operating system, the App, and the system’s SDK and location engine. The file also contains a resettable device identifier, timestamps for the start and end of the data collection, and a list of files that were created during that session.
Depending on the mobile settings, the system also records (to data files on the device) system-log events, battery levels over time, and power and network usage.
Task-handler and tasking data (IWS)
Such as name, user ID, role, login/shift times, user state, task state and lapse times.
This information is collected during commissioning, or when you log into the system or communicate with the person assigning tasks. For example, if you accept a task, IWS will track the status of the task and how long it takes to be completed. At the end of your shift, when you log out, IWS will record when this happens.
Asset data (ILS)
Such as the asset identifier, description and asset type, and signal strength and battery-level Information.
We compile and maintain a list of assets equipped with BLE beacons and other identifying information such as mac address or Universally Unique Identifier (UUID).
Mobile devices that use ILS (and have the appropriate settings) will listen for BLE events and will record the signal strength and battery level for any assets it detects. This information, along with the location of the mobile device, is communicated to the ILS system to provide an approximate real-time location of the asset and provide other information such as whether an asset is in use or might need attention (for example for battery maintenance).
Some of this data is collected during the commissioning of the system and other data is collected automatically when the system is being used.
Use of your personal data
General (IWS and ILS)
We will use your personal data, during the commissioning of the system, to make sure that the system is set up and functions properly.
When the system is in use, we use information about the App and the mobile device to provide support for technical issues, such as network timeouts and battery usage, and to monitor the health of the system.
The location/signal data collected when using the Service is used to build and maintain the signal maps that are required to provide an accurate location for the person or the asset being located. The data is also used to help narrow down the approximate position of any assets that are attached with beacons emitting BLE signals.
IWS will take into account availability and skills of the user, together with the location information it collects when you are using the system, to determine which tasks should be allocated to you. The system is designed to ensure that tasks are assigned to the right person, in the right place at the right time to improve productivity and enable better healthcare outcomes.
Analytics data helps us understand how the Services are being used and allows us to assess the benefits they provide.
For example, we use the information collected by IWS to review task-completion data and to run reports. Those reports show aggregated data across a work group or team, or specific data relating to particular tasks or individuals. This information provides us with an insight into work and task-completion patterns and allows us to optimise our internal processes.
User and asset-location data within ILS provides an insight into how facilities and assets in those facilities are being used. System-data usage can also be used by Navenio to improve the Services by optimizing product design.
Legal basis for processing
We process the personal data collected by the system (i) in the case of healthcare, to comply with our legal obligations as a healthcare provider, (ii) outside of healthcare, for our legitimate interests and (iii) to perform our contract of employment with you.
Sharing of your personal data
We will share your personal data with the supplier of the Services, Navenio, who acts as a data processor on our behalf. We may also disclose your personal data to others where necessary in order to comply with any legal or regulatory obligations.
If you are located in the UK and the European Economic Area (EEA), your personal data will not be transferred outside the United Kingdom and the European Economic Area. If you are located elsewhere, your personal data will be securely stored in accordance with arrangements made with Navenio.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These measures include the use of encryption when data is in transit and at rest.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and where they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Unless we are under a legal obligation to retain information for a longer period, we will keep your personal data for no longer than is necessary for the purposes set out above under “Legal basis for processing”. The normal retention periods are as follows:
For data that is needed for you to access and use the system, such as username and contact details, this information is kept for as long as you have access to the system.
If we change the way we process your personal information or how long we need to keep it, we will notify you.
At the end of the retention period your personal data will be securely deleted or anonymised.
You are entitled to make a request to us to get access to your personal data.
If your personal data is inaccurate or misleading, you are entitled to request that we rectify the information.
Under certain conditions, you have the right (i) to request us to erase or restrict access to your personal data or (ii) to object to the processing.
You may also have the right to data portability and, where you do, we will provide you with your data in a suitable format at your request.
If you have any further questions about why and how we process your personal data or if you wish to exercise any of the rights described above, please contact our Data Protection Officer.
If you have any concerns or complaints about the way your personal data is being handled, you may also contact the Information Commissioner’s Office:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF | Tel: 0303 123 1113