Privacy Policy - IndoorAtlas

IndoorAtlas™ Developer Privacy Policy

Last modified: June 11th, 2018

General

IndoorAtlas Ltd., including its group companies and affiliates (together “IndoorAtlas”, “we”, “us”), is committed to protecting and respecting your privacy. We offer a variety of products and services for application developers (referred to herein as “you” or “Developer”), and for persons who otherwise choose to use our websites or otherwise interact with us. This Developer Privacy Policy applies to persons that access or use our products and services in order to develop and/or distribute an application which integrates our products and services.

The Developer Privacy Policy explains our practices regarding the collection, use and disclosure of personal data (defined below) that we receive from Developers in connection with our different products and services, such as our positioning service and our software development kit (“SDK”) that you may access or use (collectively the “Services”). If you are a Developer, we may collect and process certain personal data about you for example if you sign up for an IndoorAtlas account (the “Account”) which gives you access to our Developer tools. We may also collect certain personal data about you in connection with your use of indooratlas.com website and its subdomains, or in connection with any email, text and other communications you may send to us. In this Developer Privacy Policy, the term “personal data” means information that relates to an identified or identifiable natural person.

Please also note that, unless we define a term in this Privacy Policy, all capitalized words used in this Privacy Policy have the same meanings as in the IndoorAtlas™ Developer Service Terms and Conditions, accessible at https://www.indooratlas.com/terms/.

We wish to remind you that this Developer Privacy Policy applies to the information we collect from our Developers. Developers may use the Services and the Company Software as an element of their own applications. If you are using an application which integrates the Company Software, but are not the Developer, please refer to the End User Privacy Policy of that application.

Information We Collect

The personal information listed here is required by IndoorAtlas in order to provide our services

Basic account Information

You will need the Account in order to access or use the Services, in particular in order to access and use our Developer tools. When you create the Account, we’ll collect certain personal data that can be used to identify you, such as

username
email address
company name
password

Moreover, to manage access to our Services, we may record which service terms or other agreements you accept in connection with the Account.

Mapping data

Recordings collected using our mobile mapping application, Map Creator. These include

Location data provided by the user (e.g., waypoint check-ins)
Location data recorded by the device (including but not limited to GPS/GNSS)
Wi-Fi and BLE signal data
Magnetic and inertial sensor data recorded by the device
Detailed device model information
Exact collection time

Mapping recordings are always associated with an user account. Mapping data is used to generate signal maps, which are required for the IndoorAtlas positioning service to work. Signal maps do not contain any personal data and may be stored indefinitely by IndoorAtlas.

Sensor and location data for testing

When you, the developer, test the indoor positioning service with an application provided by IndoorAtlas (such as Map Creator), or with your own application that integrates the IndoorAtlas SDK, data is recorded from your device and processed in the IndoorAtlas cloud, this data includes:

Location data provided by the device (including but not limited to GPS/GNSS)
Wi-Fi and BLE signal data
Magnetic and inertial sensor data
Detailed device model information
Exact collection time

This data is processed and stored in order to provide the Service; including providing the indoor location of the device and enabling troubleshooting by the developer.

Floor plans

Images uploaded by the developer. These are used in mapping (fingerprinting) and can optionally be made accessible to the end-users using IndoorAtlas SDKs & APIs. The floorplan pictures are never shown to end-users by IndoorAtlas directly, it is up to the developer’s application to decide how to present floor plans to the end users.

Cookies

We collect certain information through the use of “cookies,” which are small text files that are saved by your browser when you access our Services. We may use both session cookies and persistent cookies to identify that you’ve logged in to the Services and to tell us how and when you interact with our Services. Unlike persistent cookies, session cookies are deleted when you log off from the Services and close your browser. Although most browsers automatically accept cookies, you can change your browser options to stop automatically accepting cookies or to prompt you before accepting cookies. Please note, however, that if you don’t accept cookies, you may not be able to access all portions or features of the Services.

Cookies are required to enable secure log-in for our Services. In addition, third party cookies (such as Google Analytics) are used for collecting detailed anonymous usage statistics about how our developers interact with the Services.

The third-party analytics providers (who provide the third-party cookies), on behalf of IndoorAtlas, may record various information about how you use our Services. This data may include information such as device configuration, IP address, browser type, and operating system, the third-party application or web page through which you access or navigate to our Services, the pages or features of our Services accessed by you and the time spent on those pages or features, search terms, the links on our Services that you click on and other statistics.

Contact information & communications

If you contact us, we may collect your contact details and other personal data you have provided to us. Moreover, a record of the correspondence may be kept. Your contact details may also be shared with the third party service on which the communication takes place (such as our ticketing system). In this case, the third party processes your personal data on behalf of IndoorAtlas and must be fully compliant with GDPR.

Payment information

If you make a purchase in the Services, we may collect information related to the transaction for bookkeeping purposes. When payments are made through third parties (such as Stripe), IndoorAtlas does not have access to credit card numbers or other such sensitive payment information.

Usage logs

Your use of the services may generate server logs, crash reports and audit logs. These are used by IndoorAtlas to ensure the technical functionality and security of the Services, audit and analyze the Services, and to prevent and investigate fraud and other misuses.

End user session statistics

IndoorAtlas collects non-personal usage statistics and server event logs related to the end-users of applications which use the IndoorAtlas SDK. These are used by IndoorAtlas to ensure the technical functionality and security of the Services, audit and analyze the Services, and to prevent and investigate fraud and other misuses. These are also used for billing purposes.

The Purposes for Which We Use The Personal Data and the Lawful Bases for Processing

1. We use the personal data you provide to us directly for the following purposes:

To set up and maintain your registration;
To operate and manage the Services;
To provide features available in the Services;
To develop, improve, and protect the Services;
To communicate with you;
To prevent and investigate fraud and other misuses;
To protect our rights and/or our property;
For market research;
For electronic direct marketing, in compliance with applicable laws;
To audit and analyze the Services; and
To ensure the technical functionality and security of the Services.

The processing of personal data for the purposes listed above is based on the fulfilment of contract between you and us as well as our legitimate interest to communicate with you and to maintain and develop our products and services.

2. We use the data collected automatically for the following purposes

To improve customer service;
To personalize user experience;
To manage the Services;
To provide features available in the Services;
To develop, improve, monitor, and protect the Services;
For market research;
To audit and analyze the Services, including analyzing trends related to the use of the Services; and
To ensure the technical functionality and security of the Services.

The processing of personal data for the purposes listed above is based on either your consent or our legitimate interest to maintain and develop our products and services and to ensure the security of the Services.

3. In addition, location data and the associated sensor data recorded by the developer is used to

Provide the indoor positioning service,
Enable testing of the indoor positioning service by the developer,
Processing to produce anonymized data for IndoorAtlas research & development

The processing of personal data for the purposes listed above is based on the fulfilment of a contract between you and us, and on our legitimate interest to anonymize personal data for the purposes of IndoorAtlas research & development.

Where we collect the information from

Information collected by us is either directly provided by the user or generated by the use of our digital services.

What Information Do We Share With Third Parties?

We do not sell, lease, rent or otherwise disclose the personal data collected from the Website to our users or to third parties unless otherwise stated below:

Customer support

Basic account information may be shared with third parties, such as Freshdesk or Intercom, to enable providing customer support through such third party services.

Legal obligations

Public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties.

Service providers

Cloud data storage providers such as Amazon Web Services are responsible for physically storing data. They act as data providers for IndoorAtlas (the data controller) in the GDPR framework.

Usage statistics tracking

The data collected about your interactions with our website and web application through cookies is shared with and processed by third-party analytics providers, such as Google Analytics.

Aggregate non-personal data

We may disclose information to third parties in an aggregate format that does not constitute personal data and does not allow the identification of individual users.

How long do we hold your personal data?

Personal data is as described in this document is stored as long as you are willing to use services provided by us.

Personal data about you and the Account can be deleted by contacting us. We’ll take steps to delete personal data about you as soon as is practicable, but some information may remain in archived/backup copies for our records or as otherwise required by law.

Floor plans are also deleted when the corresponding user account is deleted.

Aggregated non-personal data such as signal maps and application usage statistics may remain stored by IndoorAtlas for research and development purposes after the associated account is deleted.

The Security of Your Information

We take reasonable measures to protect the information that we collect from or about you (including personal data about you) from unauthorized access, use or disclosure.
For example:

We encrypt all of our public facing services using TLS/SSL.
We review our information collection, storage and processing practices.
We restrict access to personal information to IndoorAtlas employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations.

Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information. Further, while we attempt to ensure the integrity and security of personal data, we cannot guarantee that our security measures will prevent third-parties such as so-called hackers from illegally obtaining access to personal data. We do not warrant or represent that personal data about you will be protected against, loss, misuse, or alteration by third parties.

GDPR-compliant data storage providers, such as Amazon Web Services and Azure may be used and are responsible for the physical security of the data. Our data is physically stored in the EU, Japan and the US. The third-party cloud data storage providers act as data processors and IndoorAtlas remains the data controller in the GDPR framework.

Your Rights

Right to object to direct marketing – The right to opt out of receiving electronic direct marketing communications from us: We may use your contact information to market to you, and provide you with information about, our products and services. If you decide at any time that you no longer wish to receive such information or communications from us, please follow the unsubscribe instructions provided in any of the communications. All electronic direct marketing communications that you may receive from us, such as e-mail messages and SMS-messages, give you an option of not receiving such communications from us in the future. If you have any additional questions about electronic direct marketing received from us, please contact us by using the contact information provided below at the end of this Privacy Policy.

You have the following rights with respect to the personal data we hold about you:

Right of access – you are entitled to have information concerning your personal data we process as well as a copy of such data. If you would like to know what personal data we hold about you, please contact us by using the contact information provided below at the end of this Privacy Policy. We seek to swiftly respond to your inquiry.

Right to rectification – you have a right to have inaccurate personal data related to you corrected. If you have signed up for the Account, you can access and modify the personal data associated with the Account by accessing your user profile in the Developer Tools. You can also contact us at with your request for rectification.

Right to erasure – you have the right to require us to delete your personal data if the continued processing of that data is not justified. If you want us to delete personal data about you and the Account, please contact us at with your request. We’ll take steps to delete personal data about you as soon as is practicable, but some information may remain in archived/backup copies for our records or as otherwise required by law.

Right to withdraw consent (when processing is based on consent) – in order for a consent to be valid, it needs to be withdrawable, and you have the right for such withdrawal at any time, free of charge. You can withdraw your consent in the IndoorAtlas Developer Tools.

Right to data portability – under certain conditions, you may require your data to be ported to yourself or to another data controller in a commonly used machine-readable format.

Right to object – In certain situations you have the right to object to processing of your personal data. You have the right, on grounds relating to your particular situation, to object to processing if the processing is based on legitimate interest.

Right to restrict processing – you have, in some situations, the right to limit the processing of your data to some purposes. If you choose to exercise this right, we will refrain from using the data during the period for which the right applies. This right may be used e.g. if you contest the lawfulness of the processing or the accuracy of the data, and we are in the process of replying to your request or verifying the data.

Right to lodge a complaint with the supervisory authority – if you suspect that we are not complying with applicable privacy laws and regulations, you have the right to lodge a complaint with the competent supervisory authority.

If you wish to make use of your rights stated above, or if you have additional questions regarding the correction, deletion, or updating of the personal data we hold about you, please contact us by using the contact information provided below at the end of this Privacy Policy.

International Transfers of Personal Data

Personal data about you may be transferred to, and processed or maintained on, computers and servers located outside of the state, province, country or other governmental jurisdiction where you reside and/or where personal data about you was collected. The privacy laws in such areas may not be as protective as those in your jurisdiction. In particular, if you are located within the European Union / European Economic Area, please note that personal data collected by us may be transferred outside the European Union / European Economic Area. Appropriate safeguards under the GDPR are applied to the transfer. For more detailed information about how the appropriate handling of personal data is ensured in case of transfer ouside the European Union, please contact us.

Our Policy Toward Children

Our Services are not directed to children under 13 and we do not knowingly collect personal data from children under 13. If we learn that we have collected personal data of a child under 13 we will take steps to delete such information from our files as soon as possible.

Changes to Privacy Policy

We may modify and revise this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we’ll notify you of such changes by posting them on the Services (for example, on our website) or by sending you an email or other notification, and we’ll indicate when such changes will become effective. You are also advised to consult this Privacy Policy regularly for any changes.

Contacting Us

Please contact us at or the mailing address below if you have any questions about our Privacy Policy or if you wish to exercise your rights.

IndoorAtlas Ltd.
Kampinkuja 2
00100 Helsinki
FINLAND

Business ID (Y): 2457028-6

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.