Privacy Policy

 

1. Introduction and Scope

This Privacy Statement applies to the Gallagher SMB App, supplied by Gallagher Group Limited and explains how our organisation stores and uses the personal information we collect about you when you use the Gallagher SMB App. The Gallagher SMB App allows an authorised user to interact with their sites security system.

2. How to Reach Us

Please note that our app and our cloud services are processing personal information on behalf of a site that has a Gallagher SMB security system. For questions or complaints about the personal information they hold about you, please contact the site that invited you.

For privacy questions to Gallagher please contact us by email to privacy@gallagher.com or by phone by calling 0800 654 256.

3. Personal Information, Collection and Uses

3.1 How we collect personal information

Registration for the app will involve your business owner or administrator entering your name, email and mobile number in the Gallagher SMB cloud.  The service then uses these details to send an invite to you.  Once you register your details, a mobile credential is downloaded to your phone for the purpose of identifying your device when you connect to the system. This mobile credential is also stored in the cloud for the purposes of authentication and sending you notifications.

We also collect some basic information about your device such as model and operating system, to ensure functional operation of our service (see 3.4.3).

We also record actions performed using your device when it interacts with the security system, which are associated with your name for auditing purposes.

For sites with cameras, the site owner is responsible for placement/coverage of their cameras and for determining who can view feeds and footage. 3dEYE is the video data processor used and video will be stored in the 3dEYE cloud for a period determined by your site owner. 3dEYE’s privacy statement can be viewed here.

3.2 Marketing agencies

We do not share your personal information with marketing agencies. Your information will not be sold, exchanged, transferred or given to any other company.

3.3 Third-party service providers

We may temporarily provide your personal information to companies that perform services for us, such as Apple or Google Firebase.

For sites that have subscribed to guarding we will provide the guarding service with the name and phone number of the person who called the guard (via the app) or the Key Account Holder of the site if the call out is made automatically by the system. 

3.4 Situations where we process your personal information


3.4.1 Registration of your Mobile Credential ID

Registration will involve the site storing your name, email and phone number on the Gallagher SMB cloud. In the event you no longer have a security system role at an individual site, the site owner may delete your profile from that site. You may ask your site owner to delete your details from their system but you will no longer have access to use the Gallagher SMB App for that site. You may need to do this for more than one site.

We store your email and mobile number in the Gallagher SMB cloud which is hosted by AWS in Australia. Your email address is used for site invitations and as a unique identifier for your account. Your phone number may also be used if SMS verification is required and/or for the purpose of informing you of updates to the app.

3.4.2 Using your device


3.4.2.1 Mobile Arming when there’s no connection to the cloud service or for access through a door

The app communicates with the Gallagher Bluetooth® Low Energy or NFC equipped Reader in order to provide a connection to the system to perform actions such as arming/disarming areas or to provide access through doors. In order to use this functionality, you must have a registered Mobile Credential.

When your device communicates with a Reader, it sends your Mobile Credential ID (a random number which is associated to you) and then uses the FIDO UAF protocol to securely authenticate your device. More information on FIDO can be found at https://www.fidoalliance.org.

3.4.2.2 Location Services

The app may ask for permission to access your device's location. For Android devices, location permissions are required to use Bluetooth® Low Energy scanning in any way. For iOS devices, location permissions are required to enable Background scanning.

The Gallagher SMB cloud does not use your location. It is never stored or transmitted in any way. These location permission requests are only in place because the operating system requires them to enable the above Bluetooth® Low Energy features.

3.4.2.3 Log data and troubleshooting

The app will collect logs to assist in troubleshooting should an error occur. This includes information about your activity.  These logs are stored locally on your device and are not accessible to anybody unless you choose to share them.  The oldest logs will be replaced by newer ones when the log file reaches its size limit. Additionally details of the error may be sent to Gallagher’s Sentry account (www.sentry.io) and used to help us improve our product. These details include Device Type, OS Versions, IP address and user ID. 

3.4.3 Telemetry

Whenever your Gallagher SMB app communicates with Gallagher’s cloud services, we send and store the following information in order to provide you with services and to enable us to improve our products:

Last device logon date and time Mobile Device Operating System (e.g. iOS or Android)

Operating System Version (e.g. iOS 11.4.1)

Installed versions of the Gallagher SMB App

Authentication token

We store only the most recent copy of this information in the cloud, and we do not store history of your connections over time.

3.4.4 Other

System Administrators at Gallagher may access a site’s system for the purpose of troubleshooting.

4. Your Privacy Choices

We are processing your personal information on behalf of a site that has a Gallagher SMB security system installed. If you do not register using our app or if you delete the app or the credential, you will not be able to use your device to interact with the security system to perform actions e.g. arming or disarming the site. To stop receiving notifications from a particular site, or for questions or complaints about your personal information, please contact the site that invited you. To stop receiving notifications from the site, you may disable them for the app on your device. However, if you are a Site Manager, every time you log on you will be prompted to re-enable them as the ability to receive notifications is a fundamental part of that system role.

5. Minors

We do not knowingly collect or solicit personal information from children under 16. If you are under the age of 16 you must inform your parents or caregiver of the collection and use of your information and have them read this privacy notice. If you are a parent or caregiver of a child under the age of 16 you may request that the child’s personal data be removed from our database by contacting your Security Site Owner who can delete the data on your behalf.

6. Cookies, Web Beacons and Other Technologies

Wherever possible, we have disabled tracking by Google and Apple in the Gallagher Small Business app. We store Cookies.

7. Cross-Border Transfers

We use cloud services from Amazon AWS on computer systems hosted in Australia. We have a data processing agreement with AWS including Standard Data Protection Clauses to confirm the appropriate safeguards.

8. Data Retention

Data retention on Gallagher SMB cloud services

Your Name

Collected and stored

Your email address

Collected and stored

3.4.1

Your phone number

Collected and stored

3.4.1

Location

Not collected but is required to be activated on your device for Bluetooth service to work.

3.4.2.2

Log data

On your device and in the Gallagher cloud service. Collected logs are deleted after 30 days.

3.4.2.3

Telemetry data

We store only the most recent copy of this information in the cloud, and we do not store history of your connections over time

3.4.3

IP address

Collected and stored

3.4.3

9. Information Security

Gallagher takes cyber security seriously. We intend to protect your personal information and to maintain its accuracy. Gallagher implements reasonable physical administrative and technical safeguards (such as system monitoring and encryption) to help us protect your personal information from unauthorised access, use and disclosure. We restrict access to your personal information to those employees who “need to know” it to provide services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities. We also require that our suppliers protect personal information from unauthorised access, use and disclosure.

10. Complaints

In many countries, you have a right to lodge a complaint with the appropriate privacy or data protection authority if you have concerns about how we process your personal information.

We aim to resolve complaints quickly and informally. If you wish to proceed to a formal privacy complaint, we will need you to make your complaint in writing to our Privacy Officers, as above. We will then acknowledge your formal complaint within 10 working days.

If you are not satisfied with the responses from your site or from us you may contact the appropriate national privacy authority.

Note: under GDPR, our nominated contact in Europe is the Regional Manager of Gallagher Security (Europe) Ltd in the UK, whose supervisory authority is the Information Commissioner’s Office (http://www.ico.org.uk).

11. Changes and Updates to this Privacy Statement

This Statement is effective from 1 September 2020 and supersedes all previous notices or statements regarding our privacy and data protection practices and the terms and conditions that govern the use of the system. We recognise that privacy and data protection is an ongoing responsibility, and so we review this Statement regularly and will update it from time to time as we undertake new practices or adopt new policies. You should check our website frequently to see the current Statement that is in effect for any updates we have made. We reserve the right to amend our Privacy Statement at any time, for any reason, without notice to you, other than posting the updated version on our website.

Get started, request a free site visit today