Urban.io Privacy and Data Protection Policy
Last updated: 18th Dec 2020
What is this Policy all about?
Our company – URBAN.IO PTY LTD, registered under the Australian Company Number 624925024, has decided to implement a solid IT security, e-mail and internet usage policy, with a view to achieving the following results:
- Full protection of any data being in our control and operational management as well as prevention of any misuse thereof;
- Providing all users with transparent and comprehensive information about how their personal data is being processed by us.
The reason for this decision is that in today’s fast-moving, but inevitably technically fragile, business environment, it is pivotal to ensure that appropriate use is made of any IT resources that lead to processing of certain personal data. Failure to do so would in fact expose staff members, the company, its affiliates and their property (including confidential data and information) to a number of risks, which may impact our work environment, our assets and productivity, and most importantly your basic personal rights and freedom.
We are dedicated to prevent the above from happening, therefore, we have adopted this Policy, which is applicable also to our Bulgarian affiliate – URBAN.IO EOOD, registered under Unified Identification Code 205053158, acting from time to time as your data processor in our own name and under our instructions.
Information we collect
To run our business, provide customer support and to deliver
collectively “The Services” we need to know a little about you:
If you fill out a contact form on our website we will collect certain information information in order for us to fulfill your request or answer your questions.
If you require customer support you will be required to register within our online ticketing platform in order for us to respond to your request and track the progress of our interactions with you. As well as to ensure that we resolve those requests to your satisfaction.
When you are registered as an Authorised User of the IoT platform, under the Terms Of Service (TOS), an account is created for you; all of your activities on the IoT Platform are then tied to this account, those TOS that are have been accepted and this Privacy and Data Protection Policy.
Hereunder we outline what information Urban.io collects, how we collect said information, what we do with it upon its collection and what rights you dispose of in this respect:
A) Content you provide through our website(s):
The Services also include providing such throughout our websites which are owned or operated entirely by us. We collect various other content that you decide to submit to these websites, which include the contact data as provided by you and certain personally identifiable information that can be used to contact you or to identify you. For example, you provide content to us when you provide your feedback or send us an enquiry in relation to our platform or our partnership.
B) Information you provide through our support channels:
The Services include our on-going customer support, where you may choose to submit information regarding a problem you are experiencing with the Urban.io platform. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information as under p. C) below, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
C) Information you provide through our platform:
Your name (First and Last name)
We require a chosen name be provided when an Urban.io account is created.
Your email address
We require email address when an Urban.io account is created.
Your password
We require you to enter a password for your Urban.io account on first log in.
Your computer’s Internet Protocol address. Your “IP Address” is a designator that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP)
An IP Address may be identified and logged automatically in our server log files whenever you use our platform and services, along with the time of your visit. The IP information is stored for up to an hour.
Your telephone number
You may choose to provide your telephone number in your account. Providing this information is not required to use the platform. However, if you’d like to opt-in for receiving SMS notifications depending on your notification preferences, phone should be provided.
We do not use any tracking or preference cookies, nor any similar tracking technologies to track the activity on our websites, however, we use session cookies so to operate our services and security cookies for security purposes as the necessary minimum.
How we use your information and your personal data
Here are the ways we might use your information to run our platform, provide our services and serve you better.
Providing the functionality of our platform.
We engage in these activities to manage our contractual relationship with you. For example to send administrative information to you, information regarding our services and changes to our terms, conditions, and policies.
Customer support.
We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyse crash information, and to repair and improve The Services.
For safety and security.
We use information about you and your log in to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of The Services policies.
To protect our legitimate business interests and legal rights.
Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
Website Analytics
We use Google Analytics for aggregated, anonymized website traffic analysis on our public website. In order to track your session usage, Google drops a cookie (_ga)
with a randomly-generated ClientID in your browser. This ID is anonymized and contains no identifiable information like email, phone number, name, etc. We also send Google your IP Address. We use GA to track aggregated website behavior, such as what pages you looked at, for how long, and so on. This information is important to us for improving the user experience and determining site effectiveness. If you would like to access what browsing information we have – or ask us to delete any GA data – please delete your _ga
cookies, reach out to us via this form, and/or install the Google Analytics Opt-Out Browser Add-On.
To whom may your information be disclosed by us
Here we outline who may receive your information when it is shared either by you via the platform, the websites, or by us.
Our own business entities and service providers
We may share your information with the following third parties for the following purposes:
- Companies within the Urban.io structure (our related and affiliated companies). We may share your information with our affiliates, which are entities under common ownership or control of Urban.io, to provide The Services in different countries and for the purposes described in this Privacy Policy.
- Our suppliers, subcontractors and business partners (“service providers”): We may share information about you with our service providers who process information to provide The Services to us or on our behalf.
Such third parties would then have access to your personal data, however, only to perform the tasks assigned to be performed by them on our behalf and are contractually obligated not to disclose or use the personal data for any other purpose whatsoever.
Legal & administrative obligations
We may use and disclose your personal information as appropriate, in the good faith belief that such action is necessary, especially when we have a legal obligation or legitimate interest to do so, in order to pursue one of the following:
- Fraud prevention: We may use and disclose the information we collect from and about our users as we believe necessary to investigate, prevent, or respond to suspected illegal or fraudulent activity or wrongdoing, or to protect the personal safety, privacy, rights, or property of us, our users, or others.
- Law enforcement purposes: If validly requested or required by any public authorities, such as law enforcement authorities, courts, government regulators, state agencies, etc., so to comply with the law and the mandatory orders and other legal obligations (which may include laws outside your country of residence).
- Protect ourselves against legal liability
- Sale or merger of our company: We have no plans to sell our business. In this unlikely event, we may use, disclose, or transfer your personal information to a third party if we or any of our company affiliates are involved in a corporate restructuring (e.g., a sale, merger, or other transfer of assets, including in connection with any bankruptcy or similar proceedings).
Your privacy choices
A) Website Contacts
We shall use our contact data to address the enquiry and support the need for which you have approached us. Therefore, it is your own choice how much information you will provide us with. Still, we will need at least an email address, in order to be able to come back to you.
B) Support Channels
You may request our customer support for the information we have about you and your IoT Platform account and even ask us to delete it. For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will respond to your requests consistent with applicable law, and we will try to comply with your request as soon as reasonably practicable.
C) For Authorised Users of the IoT Platform
- Edit your data
You can edit your personal data and the emails you receive from Urban.io at any time through the User profile.
- Deactivate your account
If you no longer wish to use our Platform, you or your Administrator may be able to deactivate your account. If you are an Administrator and are unable to deactivate an account through your Administrator settings, please contact our support center. Please be aware that deactivating your account does not delete your information; your information remains visible to certain Platform users based on your past participation within The Services.
- Delete your information
Our Platform gives Administrators the ability to delete certain information about you from within the User Profile (like the phone number). Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Where the Services are administered for you by an Administrator (see “Notice to End Users” below), you may need to contact your Administrator to assist with your requests first. For all other requests, you may contact us as provided in the Contact Us section below to request assistance.
Data retention & security
We use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run our website, our support ticketing system and the IoT Platform. Although Urban.io owns the code, databases, and all rights to the IoT Applications, Devices and Gateways, you have full rights to your own personal data, whereas we shall retain the latter only for as long as is necessary for the purposes set out in this Policy. We will retain and use your personal data to the extent needed so to deliver The Services as required by you; comply with our legal obligations (for example, if we are obliged or required on a case-by-case basis to withhold your data for a bit longer than needed for our services so to comply with applicable laws); resolve litigation or out-of-court disputes; and enforce our legal agreements and policies. The exact criteria used to determine our retention periods in terms of timeframes include the length of time for which we have an ongoing relationship with you and provideThe Services to you, respectively our legal obligations or whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
After completion of the retention period, we will either obliterate or anonymise your personal information, as well as any hard or soft copies made thereof.
We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate The Services but in any case no longer than 5 years thereafter.
While being in hold of information that may contain personal data, we undertake significant but commercially acceptable measures to protect it. However, you remain responsible for ensuring that you protect and do not share your secure credentials to access either our support ticketing system or your Authorised User account to our IoT Platform. The security of your data is of crucial importance to us, but please remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. If you suspect someone else is using your account, you must let your designated administrator know immediately.
We seek to use reasonable organisational, technical, and administrative measures to protect your personal information within our organisation from its loss, misuse, unauthorised access to or disclosure, its unlawful alteration and/or destruction.
Cross-border transfers
Urban.io is a global organisation with offices around the world, so your information may be transferred across borders when you use the Platform and may be maintained on computers located outside of your state or other governmental jurisdiction where the data protection laws may be different than those from your jurisdiction. We have put in place measures to comply with laws regulating cross-border transfers. In this respect we have also entered into specific data processing agreements under Regulation (EU) 2016/679 (GDPR) with any of our affiliates and suppliers that may at certain point be in reach of personal data identifying you, thus, guaranteeing for any third parties we connect with and assign to process some information containing also personal data to comply with the highest up-to-date technical and organizational measures regarding your data protection.
By using the platform and submitting information throughout the platform or our websites you consent to the transfer of your personal information to countries outside of your country of residence, which may have different data protection rules from those of your country.
Links To Other Sites
Our websites may contain links to other sites, such as for example Twitter, Google+ and LinkedIn, which are not operated or hosted by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit throughout one of our websites.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Children’s Privacy
Our Services do not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children have provided us with personal data, please contact us. If we become aware that we have collected personal data from Children without verification of parental consent, we take steps to remove that information from our servers.
Policy updates & contacting us
This policy may change over time and be updated from time to time as legislative progress requires. We will notify you of any changes by means of posting the new Privacy and Data Protection Policy on this web-page. We will also try to let you know via email and/or a prominent notice on our platform, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy. However, we advise you to review this Policy periodically for any adopted changes thereto.
We’ve included here our contact information, but the best way to get in touch with us is through our customer support.
Notice to Authorised End Users
Our IoT Platform is intended for use merely by legal entities and not by individuals. Where access to the IoT Platform and The Services are made available to you through an organisation (e.g. your Employer or an IoT Service Provider), that organization is the Administrator of the IoT Platform and is responsible for the accounts over which it has control, whereas we are going to process your data in our capacity as processors acting on behalf of your designated organization (the Administrator) being the controller of your data.
If this is the case, please direct your data privacy questions to your Administrator, as your use of the Platform is subject to that organisation’s policies. We are not responsible for the privacy or security practices of an Administrator’s organisation, which may be different than this policy.
Administrators are able to:
- require you to reset your account password;
- restrict, suspend or terminate your access to The Services;
- access information in and about your account;
- access or retain information stored as part of your account;
In some cases, Administrators can also:
- restrict, suspend or terminate your account access;
- change the email address associated with your account;
- change your information, including profile information;
- restrict your ability to access information.
Your Rights
Urban.io aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data as per the terms and conditions set out in GDPR. Even if and when acting only in the capacity of data processor regarding your personal data, you may either address your request to the Administrator, or to us, whereas we shall take any steps necessary and without any undue delay so to assess whether your specific request is technically and legally feasible and manageable for us and to reply to your request.
Whenever made possible, you can update your personal data directly within your User Profile settings section in line with p. B) and C) under “Your Privacy Choices” hereinabove. If you are unable to change your personal data, please contact us to make the required changes.
If you wish to be informed what personal data we hold about you and to whom exactly we have eventually disclosed it or if you want it to be removed from our systems, please contact us.
In certain circumstances, especially set out in the GDPR, you have the right:
- To access and receive a copy of the personal data we hold about you;
- To rectify any personal data held about you that is inaccurate;
- To request the deletion of personal data held about you (“right to be forgotten”);
- To request restriction of the processing done on our side;
- To request the receipt of the personal data concerning you and to request the transition of those data to another controller.