Gallagher Small Business app for iOS and Android
1. Introduction and Scope
This Privacy Statement applies to the Gallagher Alarm app, supplied by Gallagher Group Limited.
The Gallagher Alarm app provides a connection to the Gallagher Small Business cloud service, allowing the user to access their site security system for the purpose of arming and disarming their system, and for a Site Manager, adding and removing users, viewing and managing alarms, and requesting a security guard.
2. How to Reach Us
Please note that our app and our cloud services are processing personal information on behalf of a site that has a Gallagher Small Business security system. For questions or complaints about the personal information they hold about you, please contact the site that invited you.
The world headquarters of Gallagher Group is in Hamilton, New Zealand, where we have appointed internal Privacy Officers. To enquire about this Privacy Statement, or if you have any technical questions about how the Gallagher Small Business app works, please contact us via email or by calling 0800 654 256. You can also write to Privacy Officer, Gallagher Group Limited, 181 Kahikatea Drive, Hamilton 3206, New Zealand.
3. Personal Information, Collection and Uses
3.1 What is personal information?
Personal Information is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number or location data.
3.2 How we collect personal information.
Registration for the app will involve your business owner or administrator entering your name, email and mobile number in the Gallagher Small Business cloud service. The service then uses these details to send an invite to you. Once you register your details, a credential is downloaded to your phone for the purpose of identifying your device when you connect to the system.
We also collect some basic information about your device such as model and operating system, to ensure functional operation of our service (see 3.5.4).
3.3 Marketing agencies
We do not share your personal information with marketing agencies. Your information will not be sold, exchanged, transferred or given to any other company.
3.4 Third-party service providersWhen we temporarily provide your personal information to companies that perform services for us, such as Apple or Google Firebase, written data processing agreements require them to protect the information.
3.5 Situations where we process your personal information
3.5.1 Registration of your Mobile Credential IDRegistration will involve the site storing your name, email and phone number for the duration of the time you use our service.
We store your email and mobile number for the purpose of contacting you should an event happen on your site.
3.5.2 Using your device
220.127.116.11 Mobile Arming when there’s no connection to the cloud service
The App communicates with the Gallagher Bluetooth® Low Energy or NFC equipped Reader in order to provide a connection to the system to perform actions such as arming/disarming areas or locking/unlocking doors. In order to provide this functionality, you must have a registered Mobile Credential.
When your device communicates with a Reader, it sends your Mobile Credential ID (a random number which cannot be associated to you) and then uses the FIDO UAF protocol to securely authenticate your device. More information on FIDO can be found at https://www.fidoalliance.org.
18.104.22.168 Location Services
The App may ask for permission to access your device's location. For Android devices, location permissions are required to use Bluetooth® Low Energy scanning in any way. For iOS devices, location permissions are required to enable Background scanning.
Gallagher Small Business does not use your location. It is never stored or transmitted in any way. These location permission requests are only in place because the operating system requires them to enable the above Bluetooth® Low Energy features.
22.214.171.124 Log data and troubleshootingThe App will collect logs to assist in troubleshooting should an error occur. This includes information about your activity. These logs are stored locally on your device and sent to Gallagher’s logging service. Error logs are deleted from our service after 30 days.
Whenever your Gallagher Alarm app communicates with Gallagher’s cloud services, in order to provide you services and to enable us to improve our products, we send and store the following:
- Mobile Device Operating System (e.g. iOS or Android)
- Operating System Version (e.g. iOS 11.4.1)
- Installed version of the Gallagher Alarm app (e.g. 126.96.36.199)
- Authentication token
We store only the most recent copy of this information in the cloud, and we do not store history of your connections over time. Your authentication token is a random number that cannot be associated with you without administrative access to the Gallagher Small Business cloud service.
4. Your Privacy ChoicesWe are processing your personal information on behalf of a site that has a Gallagher Small Business system installed. If you do not register using our App, or if you delete the App or the credential, then you will not be able to use your device to perform actions such as arming or disarming the site. To stop receiving notifications from a particular site, or for questions or complaints about your personal information, please contact the site that invited you.
5. Cookies, Web Beacons and Other Technologies
Wherever possible, we have disabled tracking by Google and Apple in the Gallagher Alarm app.
6. Cross-Border Transfers
We use cloud services from Amazon AWS on computer systems hosted in Australia, for which we rely on Standard Data Protection Clauses (Article 46 GDPR) to confirm the appropriate safeguards.
We also use cloud services from Apple and Google on computer systems hosted worldwide, for which we rely on a variety of legal mechanisms, including contracts and EU-US Privacy Shield.
7. Data Retention
Data retention on Gallagher Cloud Services
Collected and stored
Your email address
Collected and stored
Your phone number
Collected and stored
Not collected but is required to be activated on your device for Bluetooth service to work.
On your device and in the Gallagher cloud service. Collected logs are deleted after 30 days.
We store only the most recent copy of this information in the cloud, and we do not store history of your connections over time
Collected and stored
8. Information SecurityGallagher takes cybersecurity seriously. We intend to protect your personal information and to maintain its accuracy. Gallagher implements reasonable physical administrative and technical safeguards (such as system monitoring and encryption) to help us protect your personal information from unauthorised access, use and disclosure. We restrict access to your personal information to those employees who “need to know” it to provide services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities. We also require that our suppliers protect personal information from unauthorised access, use and disclosure.
In many countries, you have a right to lodge a complaint with the appropriate privacy or data protection authority if you have concerns about how we process your personal information.
We aim to resolve complaints quickly and informally. If you wish to proceed to a formal privacy complaint, we will need you to make your complaint in writing to our Privacy Officers, as above. We will then acknowledge your formal complaint within 10 working days.
If you are not satisfied with the responses from your site or from us you may contact the appropriate national privacy authority.
Note: under GDPR, our nominated contact in Europe is the Regional Manager of Gallagher Security (Europe) Ltd in the UK, whose supervisory authority is the Information Commissioner’s Office (http://www.ico.org.uk).
10. Changes and Updates to this Privacy Statement
This Statement is effective from 1 March 2019 and supersedes all previous notices or statements regarding our privacy and data protection practices and the terms and conditions that govern the use of the system. Any previous version of this Statement is available below:
We recognise that privacy and data protection is an ongoing responsibility, and so we review this Statement regularly and will update it from time to time as we undertake new practices or adopt new policies.
You should check our website frequently to see the current Statement that is in effect and any updates we have made. We reserve the right to amend our Privacy Statement at any time, for any reason, without notice to you, other than posting the updated version on our website.