Data Storage and Use

2-Dec-2023

 

Dattrax’s Software’s various computer systems store the following information:

 

Your account

 

                When you create an account on our system, we store:

·         The name you provide so we know what you like to be called

·         The e-mail you provide so we can contact you electronically

·         The date and time you created the account so we can analyse patterns of use of our systems

·         Credential information that lets us validate your password in the future

·         When you verified your account, for security reasons

·         The times you logged into our site to help with business analysis

·         The last time you attempted to reset your password for security purposes

 

Company

 

                When you set up a company, we store:

·         The name you provide so we know what the company is called

·         The date and time you created the company in our system

·         The name and e-mail address of the billing person that you provided so we know who to contact about billing issues

·         The name and e-mail address of another general contact person that you provided so we know who to contact if you are unavailable

When you delete a company, we record the date and time you did that, but we keep the company records for up to 90 days from that point in case you want them back.  After that, the record of the company and all associated data is deleted from our main database.  However, it may reside on our long-term system backups until they naturally expire through the backup cycle.

 

User details

 

                When you create a user, we store:

·         Their name and e-mail address that you provide, so they can be identified and potentially sent e-mails from applications.

·         The date and time you registered them in our system.

·         The RFID tag details that you used to register them (if you did so through RFID registration), or a system-generated ID if you added them manually.

·         The date and time that they last performed an action in the system, so we can tell whether they may no longer be actively using the system.

 

When you delete a user, we store:

 

·         The date and time that they were deleted out of our system by an administrator.  We retain their record for up to 90 days in our main database in case we need to refer back to it for identifying issues (e.g. accidental deletion investigation etc.).  Beyond this time, we will permanently delete the user record, though it may persist on long-term backup for some time in line with our backup policy.

 

RFID Tags

 

                When you scan an RFID-enabled badge, we store:

·         The unique electronic number encoded on the RFID badge

·         Any associated information that you provide when you configure the tag (User or Functional Location)

·         The GPS location that the device recorded around the time that the badge was scanned, which may be used in geo-fencing for security reasons

 

When you delete an RFID record, we store:

·         The date and time that this data is deleted out of our system by an administrator.  We retain their record for up to 90 days in our main database in case we need to refer back to it for identifying issues (e.g. accidental deletion investigation etc.).  Beyond this time, we will permanently delete the user record, though it may persist on long-term backup for some time in line with our backup policy.

 

Device Location

 

A single Latitude, Longitude, Altitude and Precision set of data, identifying the last-known device location information is sent for every device running Dattrax’s Account Manager app.  This may used to help a Company’s administrator to identify the last-known location of devices that they have registered, to aid recovery of lost or stolen devices.

Company administrators have the option of turning ON Device Location History.  Note that this is switched OFF by default, and must be enabled on each device manually by the administrator.

Device Location History allows the location information to be recorded over time, and may be used by the Company administrator to identify where a device has been over a period of time.

Device Location History is stored for a maximum of 90 days.  Records of location history older than 90 days are deleted.

Switching OFF Device Location History will trigger the delete of the location history of a device.

Device Location History should be used only once the Company administrator understand the legal position they are in around tracking device location, which may be tied to a user of a device.

 

The following is intended to be for consideration, and is not in any way legal advice:

If you switch ON Device Location History, you should inform any user of your devices as to the purpose of switching it on.  Moreover, they should acknowledge that they understand it is on, and in some cases it may be prudent to even have them provide consent to allow it to be switched on.  You should consult a legal expert as to your own situation.

Many businesses operate on a “Shared Device” model, whereby devices are deemed to be company assets, and can be used by any individual at any time.  As such, devices which are simply company assets, and therefore do not belong to any individual, may be tracked by the company for the sole purpose of asset security, provided that no effort is made to align personal activity with device location.