Intelligent Location Solution (“ILS”)
Overview
Your employer (“we” or “us”) has implemented an infrastructure-free asset tracking solution, Intelligent Location Solution (“ILS” or the “system”), that uses location data and asset tags to monitor, track and report. ILS enables us to efficiently track and locate assets within the workplace.
You will be given access to a pool of smartphones (“Devices”) for you to use when doing your work. You must keep the Device safe and charged and carry it with you for the duration of your shift in accordance with our equipment policy in the Employee Handbook.
We have set out below details of what types of personal data we collect when using ILS, what it is used for and how long it is kept. We also describe the legal basis for collecting the data, who it is shared with and what your rights are.
Personal data we collect and method of collection
- Information you provide directly
In the commissioning phase of ILS we may ask you to provide information:
- By which you may be personally identified, such as name, email address and telephone number (“personal data”).
- That is about you but individually does not identify you.
These data and their uses are outlined below:
| Personal data collected | Retention Period | Business use |
| Name | For the duration of the contract and up to 3 years after the end or more under special circumstances. | To be able to associate location data with user |
| Username | For the duration of the contract and up to 3 years after the end or more under special circumstances. | To be able to associate location data with user |
| User ID | For the duration of the contract and up to 3 years after the end or more under special circumstances. | To be able to associate location data with user |
| For the duration of the contract and up to 3 years after the end or more under special circumstances. | To be able to associate location data with user and communicate information about the user’s account |
Table 1: Personal data we collect directly from you. Once a user deletes their account this information is no longer available.
Additionally, we may collect:
- Information when you report a problem with the system.
- Records and copies of your correspondence (including email addresses and phone numbers), if you contact us.
2. Information we collect through automatic data collection technologies
When you use the system, it uses technology to automatically collect the following information:
| Personal Data collected | Retention Period | Business use |
| Location data | ||
| Location (within 1000m of premises) | Indefinitely | To establish if user is in the vicinity of the premises |
| Location (within 400m of premises) | Indefinitely | To establish user’s likely entrance to premises |
| Sensor data (accelerometer, gyroscope, magnetometer, pressure gauge) | Indefinitely | To update signal maps used for location estimation |
| Wi-Fi scan data | Indefinitely | To update signal maps used for location estimation and to estimate location |
| BLE scan data | Indefinitely | To estimate location |
| GPS data | Indefinitely | To estimate location outside to determine task response/ completion times |
| Semantic/physical/signal maps | Indefinitely | To estimate location |
| Displaying Users Location | ||
| Last known Location (Latitude, Longitude, Region in venue) | Permanent | Key feature of the product |
| User Trajectories | 3 months | Key feature of the product |
Table 2: Personal data we collect automatically through your use of the system.
Location information will include GPS data and sensor data from the Device (from the accelerometer, gyroscope, magnetometer, Wi-Fi, BLE beacon or pressure information). The ILS system will start to acknowledge GPS signals when the Device is within 1km of the premises and this frequency will increase the nearer you get. Once you enter the premises, the system will then use a combination of the sensor data and the building plan to work out your location which is then linked to room references inside the premises.
You should note that the Device will continue to determine your approximate location until you log out of your account. We recommend that you log off the Device if you leave the premises or when you have finished your shift.
Use of your personal data
We will use your personal data, during the commissioning of ILS, to make sure that the system is set up and functions properly. After commissioning, ILS will use that information, together with the location information it collects when you are using the system, to determine the location of assets with attached tags.
Legal basis for processing
We process the personal data collected by the Device on the basis of company legitimate interest, being monitoring and maintaining company assets. We have performed a Legitimate Interest Assessment in order to do so.
Sharing of your personal data
We will share your personal data with the supplier of ILS, Navenio Limited, who acts as a data processor on our behalf. We may also disclose your personal data to others where necessary in order to comply with any legal or regulatory obligations.
If you are located in the UK, your personal data will not be stored outside of the United Kingdom and Ireland. If you are located elsewhere, your personal data will be securely stored in accordance with arrangements made with Navenio Limited.
Data Security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and where they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Retention period
Unless we are under a legal obligation to retain information for a longer period, we will keep your personal data for no longer than is necessary for the purposes set out above under “Legal basis for processing”. The normal retention periods are as detailed in tables 1 and 2.
If we change the way we process your personal information or how long we need to keep it, we will notify you accordingly.
At the end of the retention period your personal data will either be deleted or anonymised.
Your rights
You are entitled to make a request to us to get access to your personal data.
If your personal data is inaccurate or misleading, you are entitled to request that we rectify the information.
Under certain conditions, you have the right (i) to request us to erase or restrict access to your personal data or (ii) to object to the processing.
You may also have the right to data portability and, where you do, we will provide you with your data in a suitable format at your request.
If you have any further questions about why and how we process your personal data or if you wish to exercise any of the rights described above, in the first instance please contact our Data Protection Officer.
If you have any concerns or complaints about the way your personal data is being handled, you may also contact the Information Commissioner’s Office online or by calling 0303 123 1113.