The prodigious step taken by the European Commission, General Data Protection Regulation (GDPR) will not only strengthen and unify the personal data of individuals within the European Union (EU) but will also address the export of personal data outside the EU. The regulation which comes into effect on May 25, 2018, will handle EU residents’ data, specifying what type of data a business may collect, how, where, when and why it should be stored, used, processed, or disposed. It will also enhance the current data protection laws that are designed to enhance the rights of individuals and protection of their personal information.
The GDPR is expected to set new standards for consumers by giving them augmented rights over their personal data. If you or your organization offers services or products to EU resident’s or have plans to process EU resident’s data, then you should be compliant with the GDPR on or before the given deadline.
Before we further drill down the details on how GDPR is affecting us, let’s have a quick primer on legalese associated with GDPR:
Web, App, IoT and GDPR
Internet of Things (IoT) is a volatile industry with a heavy focus on data collection. Data gathering is one of the key aspects of IoT. Every second humongous amount of data is generated & gathered from millions of IoT devices. The GDPR aims to provide you a fair and consistent legal framework to enable the developments in IoT and to protect your right to privacy as connected machines play an ever-increasing role in daily lives. The GDPR has built-in principles of privacy by design and privacy by default.
In practice, these principles mean:
Steps taken by Pupa Clic to be GDPR compliant
Designed with built-in data security and privacy services, we welcome GDPR as an opportunity to deepen our commitment to data protection. Our product and solutions has features which are capable of collecting and managing data in a GDPR-compliant way as straightforward as possible. Our entire team is hard at work ensuring that our own practices are GDPR-compliant. But equally important to us is helping you, our partners and customers, understand what GDPR means for your businesses and build compliant processes of your own.
What information do we collect?
The login screen collects the data such as username and password. This data will be encrypted and saved in the database.
The administrator will provide a username & password. After the first successful login, you will be redirected to the UI where the password needs to be changed mandatorily. You will be prompted to accept the terms & conditions and you will be able to proceed only if you accept the same.
All the personal information that is collected at different modules in our product and conventional solutions are detailed below:
User configuration: Information such as Username, Password, Mobile number, Email Id.
Note: The Mobile number and Email Id are not mandatory fields in the User Configuration.
Mail server settings: Information such as Account name, Server name/IP Address, Server port, UserName (mail server), Password (mail server), From Email Id, To Email Id.
SMS Profile settings: Information such as Profile name and Recipient phone/mobile number.
Client Name: Information such as Organization name, Organization Email Id, and Organization address.
Driver Configuration: Information such as Name, Contact number, Address, Organization name, and Email id.
Note: Address field is not a mandatory information in driver configuration.
RTU configuration: Information such as Gateway name, Serial number, Organization name, Email Id, Name, Latitude, Longitude, Parent Site, Server IP address, Port, Building name, Building address, Region name, Region longitude & latitude, Country, Site name, Site longitude & latitude, and Gateway mobile number.
Fleet related information:
Device details: Information such as Device identification number, Vendor, SIM number, Organization name, Organization Email Id.
Vehicle details: Information such as Organization name, Organization Email Id, Vehicle registration number, Device identification number, Driver, Assigned client, Vehicle manufacturer.
Pupa Clic products and solutions are intended for use only by those who are 13 years or above. We do not target children, and we do not knowingly collect any personal data from any person under 13 years of age.
Purpose of the collected information:
With data protection law coming into effect, your administrator should be using your data only for the purpose it was collected at first. Listed below are some information on what is the purpose of each personal data that is collected from you.
The asset information is collected to maintain a hierarchy which is used to display geolocation in maps in the web client.
At Pupa Clic, we believe that privacy is a fundamental right of any person. On that grounds, you have the choice to not provide your administrator with any of your personal data. If you want to withdraw your previously given consent, you can inform about the same by writing to your administrator. Once you have withdrawn your consent, your administrator should stop processing your data if they don’t have any other legal grounds to do so.
Your rights as a data subject:
You as a data subject can exercise your rights defined in GDPR by contacting your administrator at any given point of time. Listed below are the different rights that GDPR provides you as data subject:
Right of access: You have the right to be informed about your data. You can request your administrator to provide you the following information:
Right to rectification: You have the right to rectify any inaccurate personal data that your administrator possesses.
Right to erasure: You have the right to ask your administrator to erase any information that they hold about you if it is no longer necessary for the purpose for which it was collected.
Right to restrict processing: You have the right to restrict processing your data if it is unlawful or if it is not intended for the purpose it was collected.
Right to data portability: You have the right to directly export the data reports in .csv format.
Right to object: You have the right to object the processing your personal data.
Rights related to automated decision making & profiling: You have the right to not be subjected to a decision solely based on automated profiling and processing of your data.
Security of your data:
We at Pupa Clic take reasonable measures to protect your information from unauthorized access, misuse, or alteration by third parties. Your data is secured in our database and the password for the same is encrypted.
Where we store your data?
The personal data collected is stored in Pupa Clic database, MariaDB, MySQL databases.
The data that is saved and stored is non-sensitive personal data. Data is retained for as long as it serves the purpose it was collected for. Any unused personal data will be deleted. Data retention is a configurable feature of Pupa Clic and you as a data subject have the rights to choose the time duration you want the data to be retained.
You can exercise your right to erasure at any given time in case you want us to delete any data that your administrator withholds by letting him know the same.
External Third party Integration:
In order to make our product and solutions more beneficial, we integrate with third party applications to enable features like sending notification through SMS, Email and Firebase cloud messaging (for android mobile apps), etc. We also have features to show the geolocation on maps.
In order to enable these features, your administrator may choose from any of the supported third party sub-processors. The administrator will configure the external third party integration, with API key of your organization’s account with the respective third-party, in Pupa Clic webclient. Your administrator is required to ensure GDPR compliance with these third parties.
Data which will be shared to the third parties for each feature:
Partners/System Integrators – Guidelines to help you become GDPR compliant
Our key to success lies in our strategic partnerships with various System Integrators, Resellers, and Hardware Partners. We give you the liberty of customizing our Platform or Solutions. As a partner, you can white label/rebrand our Platform & ready to deploy solutions and can deploy it to the customer base. You will then act as data controller/processer who is responsible for handling the personal data of the data subjects. Any additional personal data that you are collecting due to customizations in our platform or solutions, you have to ensure that it is GDPR compliant. Becoming compliant with the regulation can be summarized in five different stages. You can consider the following points.
Changes to our policy
Pupa Clic reserves the right to update and revise this product and solutions readiness from time to time to take into account legislative and other developments. Any changes we make to this policy will be posted on this page with a revision date to reflect when the last changes occurred.
Disclaimer: This document is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and/or your organization. We encourage you to obtain independent professional advice, before taking or refraining from any action on the basis of the information provided here.