OWL Privacy Policy
The Privacy Policy for the OWL Solution is shown below…
ONWAVE OWL SERVICE
PRIVACY POLICY 21 Mar 2022
Onwave is committed to protecting the privacy and security of your personal information.
This privacy policy describes how we collect and use personal information about you in accordance
with data protection law in relation to information which is collected via the OWL Portal and
related OWL tracker (being either the OWL App or other tracker device).
Please read this privacy policy carefully.
For more general information about how Onwave uses your personal data outside of the OWL Portal
and Tracker, please see our general privacy notice which can be provided to you on request.
Data protection law says that the personal information we hold about you must be:
• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept securely
If you have any questions about this policy or how we collect and use personal information about you please contact us.
1 INFORMATION ABOUT US AND OWL
1.1 We are Onwave UK Ltd. Our registered office is at 4 Abbey Wood Road, Kings Hill, West Malling, England, ME19 4AB
and our registered company number is 07490613.
1.2 If you have any questions, our contact details are set out at https://onwave.com/contact-us/
1.3 The OWL geofencing portal and the related mobile app / tracker device (together the OWL Service)
is a zonal working solution designed to provide health, safety, environmental and productivity benefits. It works as follows:
1.3.1 Onwave customers (referred to as a Customer or Customers in this document)
create an account with us and establish geographic zones within a project (Project) which have different rules and alerts applied to them.
1.3.2 Visitors to a Project then either download the OWL App onto their mobile device, or carry a mobile device
or a specialised tracking unit supplied by Onwave to the Customer.
1.3.3 If you use a mobile device, your Project Administrator will create your account, providing
an email address which will act as your username. A password will be automatically generated.
We recommend that you change this password on your first login to the system.
1.3.4 The mobile device or tracker uses its geolocation signal to receive information and alerts from the OWL Portal based
on its reported location, for example if a Customer has configured a zone to provide an alert when you enter,
your device would provide an alert to you when its geolocation signal told the OWL Portal you were in that zone.
1.3.5 The Customer will receive information about the different devices which are registered with a Project
when logged-in to the OWL Portal or OWL App, including their geolocation data. Customers will receive this for as long as the
tracking unit is turned on, and for as long as the tracking function on the OWL app on a mobile device is turned on.
If you do not log out of the Owl App after you leave a Project, your geolocation data will continue being sent
to the Customer even when you are not on Project.
1.3.6 Customers receive and use the data in their own right as data controllers.
This means they decide what to do with the information and how long to keep it. If you have any queries about how your data is
being used by a Customer, you should contact them directly.
2 WHAT INFORMATION WE COLLECT OR GENERATE
2.1 When you set up to use the OWL App or tracker (or a Customer or someone else does so on your behalf)
there will be personal information about you relating to that account such as your email address, contact details, and potentially
correspondence with us about your account. A Customer may provide us with your information in order for us to
send an account setup email to you.
2.2 Required information. You will need to provide certain information to us to enable us to setup a
relevant OWL account on the OWL Portal or OWL App. Mandatory information fields are generally set out when you are setting up an account,
but in particular, you must provide a valid email address. Your password will be emailed to you upon account enrolment.
2.3 Tracking information. Whether you are using a mobile device or tracker, the OWL portal will collect detailed
information about your location (based on the geolocation signal of your device), the time-stamp of that location information,
and alerts or other information which has been provided to you. This information is saved to a location history of all of
the tracking data which has been collected about you and how you interacted with it. This information is linked with your account
and is shared with the applicable Customer.
We may also create or use unique identifiers associated with a tracker or app or mobile device in order to associate
tracking data with an individual or profile.
2.4 Geolocation signal is determined by collecting data about your device’s geolocation signal as well as
potentially its proximity to certain other signals (for instance, Bluetooth™ beacons, Wi-Fi signals, and mobile phone masts).
This process is carried out internally by your device, and we simply receive the data from your device.
2.5 How long you are tracked for. Your geolocation information is recorded and shared with the
Customer</strong when you are logged-in to the OWL App or when you are using a powered up tracking device
(provided in each case that they are associated with a Project).
2.6 Device information. We may collect and record how often you use the app or a tracking device and for
how long, your device type, unique identifiers, operating system type & version, battery usage, information that you viewed on
the app, the Internet Protocol (IP) address and the name of the domain that serves you to access the app.
We also collect information about the interaction of your devices with the app, including crash reports, system activity and
the date, time, and referrer URL of your request.
2.7 Other correspondence or interaction (for example by email, telephone, post, SMS or via our website)
between you and us, will include personal information (such as names and contact details) in that correspondence.
This may include enquiries, reviews, follow-up comments or complaints lodged by or against you and disputes with you
or your organisation. If you work for one of our Customers, suppliers, business partners or are a
third party contractor, the information we collect about you may include your contact information, details of your employment
and our relationship with you. This information may be collected directly from you, or provided by your organisation.
Your organisation should have informed you that your information would be provided to us, and directed you to this policy.
We use this as necessary for our legitimate interests in managing our relationship with your organisation.
If we have a business relationship with you or your organisation, we may receive information about you from your organisation.
3 IF YOU DO NOT WISH TO BE TRACKED
3.1 You must either return the tracker, or log-out from the OWL App, in order to not be tracked.
3.2 Turning off geolocation functionality on your mobile device does not stop geolocation data being reported
and shared (although it may be less accurate).
3.3 Closing the app in your “recent apps” settings or otherwise trying to close the OWL App will not successfully stop geolocation data being reported and shared.
3.4 Leaving a Project does not stop geolocation data from being reported and shared.
4 HOW WE USE THAT INFORMATION
4.1 We will:
4.1.1 Collect and store that information and share it with the relevant Customer (please note Customers can see a live feed and view historic data).
4.1.2 Use it to generate individual and aggregated statistics, profiles and other analyses regarding user activity,
and share these with Customers. While we produce these by automated means, we do not use them to make any significant decisions
regarding you. Customers may use this information in order to make decisions about you however, and if you have
any queries or issues regarding those decisions or the logic on which they are based, you should contact the relevant Customer directly.
4.1.3 Use it to display alerts or other information to you based on your geolocation or your history.
4.1.4 Use it to review and improve our offerings, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
4.1.5 Communicate with you regarding your app or tracker and to provide other operational information about our service.
4.2 We will also keep and use that information to carry out our contract with you (if applicable) and to comply with any
legal requirements for us to maintain certain records or carry out certain verifications and money laundering checks,
and/or for our legitimate interests in carrying out our contracts with Customers, preventing fraud, dealing with a complaint
or enquiry and setting up and/or administering your account or order and any services we offer.
4.3 We will only use your personal information for the purposes for which we collected it as set out in this policy,
unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
5 HOW LONG WE KEEP YOUR INFORMATION
5.1 Information you have inputted into your account (or which is inputted into the OWL Portal by a Customer)
such as your email address (but not information which the app collects) is kept for a period of up to 90 days after
either you close your account or the Customer whose Project you have checked into or otherwise associated your account
with terminates their contract with us. Just because you close your account or delete the app, does not mean that your data will be deleted.
5.2 Information which the app or a tracker collects, such as geolocation information, is kept for a period of up to 90 days
after the Customer whose Project you have checked into or otherwise associated your account with terminates their contract
with us. The Customer may retain the data themselves for longer, and you should contact them directly if you have any queries
about how long they retain your data for. Just because you close your account or delete the app, does not mean that your data will be deleted.
5.3 Other information, such as correspondence or interaction around disputes or other issues, is kept for up to 7
years after the relevant issue has been resolved.
5.4 In some circumstances, it may be necessary to keep your information for longer than that in order to fulfil the purposes we collected
it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
5.5 To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the
personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which
we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
5.6 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case
we may use such information without further notice to you.
6 LEGAL CLAIMS
Where we consider there to be a risk that we may need to defend or bring legal claims, we may retain your personal information as necessary
for our legitimate interests in ensuring that we can properly bring or defend legal claims.
We may also need to share this information with our insurers or legal advisers. How long we keep this information for will depend on the
nature of the claim and how long we consider there to be a risk that we will need to defend or bring a claim.
7 SHARING YOUR INFORMATION
7.1 We share your information with Customers as set out above. This section sets out the other ways in which we might share your information.
7.2 We never sell your data to third parties. But we may need to share your information with third parties, including third-party
service providers and other entities in our group. Third parties are required to respect the security of your personal information and to
treat it in accordance with the law.
7.3 Why might we share your personal information with third parties?
We may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with
any legal obligation, or in order to enforce or apply our agreements with you, or to protect the rights, property, or safety of us, our Customers,
or others or where we have another legitimate interest in doing so.
7.4 Which third-party service providers process your personal information?
We may need to share your personal information with third-party service providers (including contractors and designated agents) so that they can
carry out their services. We may use third-party service providers in relation to the following types of activity: legal advice, contract
administration, administration, hardware and software development and IT services.
7.5 When might we share your personal information with other entities in the group?
We may share your personal information with other entities in our group as part of our regular reporting activities on company performance,
in the context of a business reorganisation or group restructuring exercise, and for system maintenance support and hosting of data.
7.6 How secure is your information with third-party service providers and other entities in our group?
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your
personal information. Where third parties process your personal information on our behalf as “data processors” they must do so only
on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
7.7 What about other third parties? We may share your personal information with other third parties,
for example with potential buyers and professional advisers in the context of the possible sale or restructuring of the business where
necessary in connection with the purposes which your information was collected for. We may also need to share your personal information
with a regulator or to otherwise comply with the law.
8 WHERE WE STORE YOUR INFORMATION
8.1 Our office headquarters are based in the UK and our main data centre is located in the UK. We also use cloud services provided by
Microsoft in the Western Europe region. However, where required to perform our contract with you or for our wider business purposes,
the information that we hold about you may be transferred to, and stored at, a destination outside the UK and the EU.
It may also be processed by staff operating outside the UK and EU who work for us or for one of our service providers.
OWL is available internationally and when used outside of the UK and the EU then information that we hold about you will be stored at an
appropriate location, this may be local to you or may be within our main area of operation which is within the UK and the EU.
8.2 We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy policy.
8.3 Some countries or organisations outside of the UK and the EU which we may transfer your information to will have
an “adequacy decision” in place, meaning the EU considers them to have an adequate data protection regime in place.
These are set out on the European Commission website:
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
.
8.4 If we transfer data to countries or organisations outside of the UK and the EU which the EU does not consider to have an adequate
data protection regime in place, we will ensure that appropriate safeguards (for example, model clauses approved by the EU or a data protection
authority) are put in place where required. To obtain more details of these safeguards, please contact us at owlsupport@onwave.com.
9 DATA SECURITY
9.1 As well as the measures set out above in relation to sharing of your information, we have put in place appropriate internal security
measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business
need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
9.2 We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator
of a suspected breach where necessary.
10 YOUR RIGHTS
10.1 Data protection law gives you a number of rights when it comes to personal information we hold about you. The key rights are set out below.
More information about your rights can be obtained from the Information Commissioner’s Office (ICO). Under certain circumstances, by law you have
the right to:
10.1.1 Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights. This is
why we are providing you with the information in this policy. If you require any further information about how we use your personal information,
please let us know.
10.1.2 Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the
personal information we hold about you and to check that we are lawfully processing it.
10.1.3 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we
hold about you corrected.
10.1.4 Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there
is no good reason for us continuing to process it (for instance, we may need to continue using your personal data to comply with our legal obligations).
You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
10.1.5 Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party)
and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a
compelling legitimate basis for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal claim).
You also have the right to object where we are processing your personal information for direct marketing purposes.
10.1.6 Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of
personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
10.1.7 Request the transfer of your personal information to another party where you provided it to us and we are using it
based on your consent, or to carry out a contract with you, and we process it using automated means.
10.1.8 Withdraw consent.
In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and
transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you
originally agreed to, unless we have another compelling legitimate interest in doing so.
10.1.9 Lodge a complaint.
If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national
data protection supervisory authority (if you are in the UK, this will be the ICO).
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw
your consent to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us.
10.2 Customer uses of data.
Please note we are not in control of how our Customers use your information. If you have any queries or issues regarding a Customer’s use of your information,
please contact them directly. We will not be able to delete or provide access to information held by a Customer.
10.3 No fee usually required.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your
request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
10.4 What we may need from you.
We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure your right to
access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is
not disclosed to any person who has no right to receive it. If we request any identification from you for this purpose, it is on the basis that it is
necessary to comply with our legal obligations, and we will only keep and use this until your identity has been verified.
10.5 Timescale.
Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally, this will be within one
month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.
11 CHANGES TO THIS PRIVACY POLICY
Should we make any changes to this privacy policy in the future, we will upload the revised privacy policy to our website at
onwave.com
and where appropriate, notify you by e-mail or otherwise.
Please check back frequently to see any updates or changes to our privacy policy have been made and are relevant to you.