Pointr Maps® (Android & IOS) Privacy Policy
We take security & data privacy very seriously and we continuously ensure all data is secured safely and in line with regulations.
Pointr Maps® (Android & IOS) Privacy Policy
The protection of personal data is of the utmost importance to Pointr. Any information relating to an identified or identifiable individual is considered personal data at Pointr (in accordance with common regulations as GDPR, CCPA etc.). If any information on its own or with another set of information can identify an individual, it is personal data.
We’ve built Pointr Deep Location® from the ground up to enable our customers to be in control of data at all times. We combine these controls with strong data security processes. Data is secured, encrypted and is not shared with external people or companies. Pointr’s information security is ISO 27001, ISO 27701 and ISO 27017 certified. ISO 27701 certification process has been completed in 2023 to address our Privacy and Personal Data focus.
Data Collected & Security Measures
The table below identifies the types of data collected by Pointr Maps® as well as how this data is secured/protected.
Pointr Maps® do not collect or process: User Identification Information, Mac IDs or IP Addresses.
Data |
Security Measures |
Additional Notes |
|
|
|
Pointr Maps® (Android & IOS) Privacy FAQ
Is the data collected completely anonymous?
Pointr Maps® collects all personal information anonymously. Pointr’s Maps do not collect any data without a user’s permission. We equip our users with transparent consent and preference management tools to help them stay in better control of their location data.
Does Pointr Maps® send data to third parties ?
Absolutely not. In fact, we use a completely different system that is device and user agnostic, so a user’s device ID and location are never in danger of being revealed.
Is user’s personal information used for marketing purposes or sold to data brokers to be sold on?
Never. We have very strict protocols in place to ensure this never happens and any information collected is completely anonymous and unable to be re-identified through a common reference point.
Is Pointr Deep Location® vulnerable to attack over an internet connection?
It’s not possible to compromise our platform through an internet connection. Our databases are only accessible through our secure VPN and with the right credentials. Additionally, we are constantly monitoring for any unusual or suspicious activity.
Pointr Maps® (Android & IOS) Privacy Policy
We are committed to the protection of personal data and will ensure adequate preventative measures are in place at all times to ensure compliance with the GDPR rules and other relevant regulations. This regulation entitles data subjects to the following rights:
-
Right to be informed – For Pointr Maps® we inform data subjects which data we collect,store and process.
-
Right to access – Pointr can accommodate an access request if any form of identifiable/trackable data is requested. But as no personal data is stored within Pointr’s databases right to access is not applicable in most if not all cases.
-
Right to rectification – As no personal data is stored within Pointr’s databases rectification is not applicable.
-
Right to erasure – Provided the data is identifiable, Pointr can remove location history from its database.
-
Right to withdraw consent – A user can withdraw consent for the permissions.
-
Right to data portability – the data held within the database is random and only applicable to Pointr’s maps and systems.
-
Right to object – A user can uninstall the app or remove permissions at any time.
As Pointr is not a data controller and keeps limited to no personal data, we can confirm compliance and support of the above rights where applicable.
External Data Breach
In the event a breach is uncovered, Pointr Information Security team will follow the relevant incident management procedures, inform relevant parties and ensure timely resolution.
Internal Data Protection
Pointr ensures all contractors, consultants and employees agree to uphold Pointr’s privacy policies as well as to protect any personal data.
Data Storage
Server components of our App is hosted on Azure. Access to these systems are protected with HTTPS, secure password and optionally multi factor authentication. All activity is logged with activity detail, any unusual behavior triggers alerts and the users are will be notified in case of any breach.
Contact Us
For any concern or inquiry please contact us via email at: infosec@pointr.tech
GDPR
Mobile SDK (Maps, Search, Indoor Navigation)
Device Identifier
When a phone runs an app containing our SDK (software library), it creates a random unique identifier for this device ("device identifier"). The device identifier is globally unique to that smartphone and app; this device identifier does not give away any personally identifiable information or device information such as MAC/IP. It is unique to that particular app running the Pointr SDK (hence, even if our SDK was used in another app on the same device, it would be a different identifier).
-
On iOS, users may reset this identifier as they wish by going to phone settings. Pointr follows Apple’s official recommendation for identifying devices utilising the device identifier method available in the default iOS SDK.
-
On Android, Pointr follows best practices from Android known as Instance ID. Which similarly to iOS provides a globally unique device ID that is easily resettable, unique and does not give away any personally identifiable information or device information such as MAC/IP.
-
https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor
-
https://developer.android.com/training/articles/user-data-ids#working_with_instance_ids_&_guids
Real-Time Location
When the app starts, the SDK triggers a permission dialog (on iOS and Android) to request permission from user to track their location (while running the app and/or in background). If a user declines this request, no location tracking is carried out. Users may at any time opt in / out of location tracking for the particular app that includes our SDK.
The SDK detects Bluetooth signals and processes them along with phone inertial motion sensors (such as gyroscope and accelerometer) to calculate indoor position of the device (smartphone).
Similarly, the SDK detects GPS signals to calculate the outdoor position of device (smartphone). The SDK uploads this location information to Pointr Cloud, along with Device Identifier.
Anonymity
Through this process, the SDK produces a random device identifier (eg. "ABCD") with timestamp and location (eg. "Device ABCD was at this position at this time") it is important to note:
-
This is not a device's MAC address, this is not user's ID (eg. if another user used the same device, we wouldn't be able to distinguish)
-
This doesn't say anything about user's personal information (such as first name, email, address, gender, etc.)
-
In all our settings, it's practically impossible to work out who a Device Identifier belongs to.
However, there is a possibility that:
-
Only one user was standing at a particular location at a venue (and no one else) and
-
You can see this through a camera (or in-person)
If you can see real-time location information coming from a specific device identifier at that time and location then you can guess that this user must have that specific device ID which is unique to Pointr and has no other information attached to it.
Analytics
A random device identifier (eg. "ABCD") with timestamp and location (eg. "Device ABCD was at this position at this time") and Session ID is used for analytics along with the Event data.
-
The identifiers are not a device's MAC address, this is not user's ID (eg. if another user used the same device, we wouldn't be able to distinguish)
-
This doesn't say anything about user's personal information (such as first name, email, address, gender, etc.)
-
In all our settings, it's practically impossible to work out who a Device Identifier belongs to.
Thus our analytics do not process personal data (PII - Personally Identifiable Data is excluded by design)
Website maps / Kiosks
By default, our web maps and kiosk software do not capture any information about the user. There is no login system either. They only record general usage stats (such as "how many people used Poi search today" or "what is the most frequently searched for product")
Pointr’s GDPR Policy
We are committed to the protection of personal data and will ensure adequate preventative measures are in place at all times to ensure compliance with the new GDPR rules and regulations. This new regulation entitles data subjects to the following rights:
-
Right to be informed – the products provided by Pointr are embedded within clients’ solutions. It is therefore their responsibility to inform data subjects.
-
Right to access – Pointr can accommodate an access request. This would only be possible if a user Provided their MAC ID and was connected to the WiFi at the time (as if using iOS 8 or later the MAC ID is randomized automatically). Otherwise all other information is randomized.
-
Right to rectification – As no personal data is stored within Pointr’s databases rectification is not applicable.
-
Right to erasure – Provided the data is identifiable, Pointr can remove location history from its database.
-
Right to withdraw consent – A user can disable location tracking (SDK) at any time as well as ask to have their device disabled on WiFi analytics products. This feature is known as Blacklisting on the Pointr Dashboard. Once a ID is blacklisted the Pointr Cloud ignores and no longer stores any information relating to that ID.
-
Right to data portability – the data held within the database is random and only applicable to Pointr’s maps and systems.
-
Right to object – A user can disable location tracking (SDK) at any time and have their device disabled on WiFi analytic products.
As Pointr is not a data controller and keeps limited to no personal data, we can confirm compliance and support of the above rights where applicable.
External Data Breach
Although high care is taken to protect our systems and databases, no system is 100% secure and it is always possible for an external party to access our database. Given all data is anonymous no personal data would be attained from the data alone. In the event a breach is uncovered, Pointr personnel will follow the data procedures and ensure timely resolution.
Internal Data Protection
Pointr ensures all contractors, consultants and employees agree to uphold Pointr’s privacy policies as well as to protect any personal data.
Data Storage
All projects are hosted on Azure with regional instances ensuring data is not passed outside of the area the data is collected. It is possible for client users to open the Pointr dashboard (where data is converted to visual data and analytics) is stored form abroad, however access to these systems are protected with HTTPS, secure password and optionally multi factor authentication. All activity is logged with activity detail, any unusual behavior triggers alerts and the venue is notified immediately.
