Privacy Policy - Flowscape Mobile App

Purpose
Provision of the Service in accordance with the Master Agreement.
The processing of customer support issues aims to ensure that the product and service offerings function as intended and is delivered in a safe and stable way.
In the Admin Portal (Flow Manager), system administrators and other roles can administer rights and users regarding who can do what in the system and, of course, to set up and administer the system and products to function as intended.
The data processor also collects information from various underlying services and products are used to provide, protect, and improve Flowscape products. This in order to deliver the intended functionality of the products listed in our quotes. The Personal Data Processor is the data controller responsible for these tasks.


Types of personal data
Personal Data processed in the Service are the username, fore- and last name, contact details (mobile phone number, phone number, e-mail address), job title, text message, mac-address, pictures, attachments, audio files, movie recordings.

Details (email, username, password, type of user and role) belonging to the administrators of the data controller.

Contact details (such as name, e-mail, mobile phone number, phone number) associated contacts with the Data Controller.

Categories of data subjects: Registered users and administrators of the Service, Contacts of the Data Controller.

Types of processing
Collection, registration, storage, operation processing and dissemination within the framework of the provision of the Service.
The service collects personal data originating from the Active Directory (AD), Microsoft Office365 and GSuite of the data controller. To use the Service, the user needs an AD account / Google account.

Information about a user's room bookings comes from Microsoft Exchange or Google G Suite.

Information regarding the user's position comes from position sensors of different types and brands. This information is updated continuously. All positioning data stored in cloud services are anonymous.

Attendance detection in rooms is via presence sensors and the information is not connected to a specific user. The information is continuously updated by the system.
Information about the user's desk books comes either from desk sensors under the table or when the user checks through Desk-Dongle or thin clients.

The Housekeeper service and its case list are provided by the users themselves. The information that causes a matter (text and image) comes from the users themselves.
The service logs different types of events (various operating problems and debug logs, such as server logs). Personal data may occur.

Personal information about system administrators is collected directly in the Flow Manager / Admin Portal.

Customer support cases are collected from users themselves via different channels, such as phone / email or web form.

Data Storage: All personal data about the user is stored in a postgres database (except customer support cases stored in Zendesk and Atlassian JIRA products).
Personal information such as name, email, username, phone number, image, etc. is used primarily to provide users' contact information to other users and not in any other context such as for statistics or data analysis.

The information originating from user room bookings are aggregated in a database for the purpose of providing office utilization statistics.

All data is stored either in the cloud (usually Azure) or on-premise depending on the customer's wishes. Personal data is updated when the user logs in.

The user contact information stored is made available to all users via Flowscape's various products, with the purpose of finding colleagues and accessing their contact information. However, thru the mobile apps, users have an option to turn themselves as invisible on the map. Then, the user's position is not exposed to anyone but to the person herself, but its position is still updated and stored in the system in order to allow for wayfinding. Please note that the user's contact information is still searchable. This also applies to a user who does not yet have an account in Flowscape's system.

Location of the Processing
Processing of personal data takes place within the European Union.


Duration of the Processing
Personal data will only be processed during the time stipulated in the Flowscape Main Agreement.


Security Aspects
Taking into account the latest developments, implementation costs, type of processing, scope, context and purpose as well as the risks, of varying probability and seriousness, for the rights and freedoms of natural persons, the data controller and the data processor shall take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, where appropriate, comprising
a. encrypted data transmission (Https / TSL),
b. encryption or hash of different types of passwords,
c. isolated customer database with custom settings and configurations,
d. the ability to manage authorization levels for different administrators and users of the admin portal,
e. an internal password management system within Flowscape AB, used to provide only relevant personnel with access to the systems and services covered by the Service,
f. the systems the service uses whose servers can handle data transmitted between non-EU / ESS countries should be covered by the so-called " Privacy Shield Frameworks,
g. the possibility of cleaning backups and server logs to minimize the risk of personal data remaining longer than necessary.