Data Policy
Introduction
The IoT Provider (TIP) understands the diverse connectivity needs of today’s global IoT-driven businesses. Recognising that no single solution fits all, we offer a comprehensive suite of connectivity opEons – from cellular technologies like 2G, 3G, 4G, LTE-M, and NB-IoT to LPWA solutions such as Sigfox, LoRaWAN., and sub-GHz, even extending to satellite services. Beyond mere connectivity, we enhance your IoT experience with our integrated data, cloud services, device management and device configuration opEons and cutting-edge algorithms. TIP places a strong emphasis on the seamless integrations of various connectivity and device options into delivering data via a single API in a licensee friendly manner. Our solutions are tailored to address the needs of a diverse range of industries, device and connectivity types. This data policy outlines (together with any terms and conditions applicable to any services we supply) how we collect, use, protect, and manage data, particularly data related to the devices managed.
Definitions used in this policy.
In this policy the following words have the following meanings:
Licensee(s), you: Means any of our customers who have a contract with us for the supply of our products and services.
TIP, we, us: Means the limited liability company Niobium Blue B.V., registered in the Dutch trade register under number 74616277.
Data: All types of data as mentioned in chapter 2.
GDPR (General Data Protection Regulation): GDPR is a comprehensive data protection regulation that applies across the EU and the European Economic Area (EEA). It sets out rules for the processing of personal data, including how personal data should be collected, stored, used, and protected. GDPR also grants various rights to individuals regarding their personal data.
ISO (International Organization for Standardization) Standards: Standards related to data and information security that are relevant to organizations operating within the European Union. ISO 27001 is one of the most well-known standards for information security management systems (ISMS). It provides a framework for organizations to establish, implement, maintain, and continually improve their information security management processes. ISO 27701 is an
extension of ISO 27001 specifically focused on privacy management within an ISMS, which is essential for complying with EU data protection regulations like GDPR.
Data Collection and Source
When using the service of TIP, we collect Data primarily, but not limited, through the devices and the connectivity we manage. We, depending on the setup of hardware and configuration, collect the following types of Data:
• Technical Information: Unique identifiers related to your devices and connectivity.
• Location Data: Precise location, direction, speed, and timing of measurements (subject to consent).
• Asset Data: Characteristics of your asset for service provision like route advice.
• Environmental Data: Information from Bluetooth devices, Wi-Fi networks, temperature, movement, cell towers, and GPS satellites for asset tracing.
• Personal Contact Details: Name, phone number, company/organization details, email address, and password, along with Internet Protocol (IP) addresses and cookies.
• Usage Data: Information regarding your use of the application, additional services, and preferences.
Data Usage
Data is used for the following:
• Provision of our services: e.g. device management and connectivity dashboard, key-statistic on devices and connectivity;
• Improvement of TIP services, e.g. by looking at which (parts of) our products and services are or are not popular and which functionalities can still be improved;
• For statistics about the use of our products & services;
• To further secure our products and services against misuse;
• To comply with all legal obligations that apply to us;
• To settle any disputes;
• To respond to customer inquiries and support requests;
• To use Telemetry, and Calculated data for commercial purposes.
TIP utilizes User data and Company data information in order to send quotes and invoices and provide access to our device and connectivity management platform. The processing of certain personal data (User data) is necessary for the performance of our contract with you.
We do never give/sell User data or Company data to third parties. However, we may share data with:
• Business partners and/or suppliers who help us deliver our services;
• Legal authorities if required by law.
Data Security
We are committed to ensuring the security of the Data. We employ encryption methods for data transmission and data is stored complying with security certifications such as ISO 27001. Comprehensive access controls and monitoring are in place to prevent unauthorized use, access and respond to security incidents. TIP has implemented stringent measures to safeguard the Data:
• Data Encryption: We use state-of-the-art encryption methods to protect data during transmission and storage, ensuring that information regarding your assets remains confidential and secure.
• Security Certifications: TIP maintains security certifications, including ISO 27001(in development), and undergoes regular security audits to maintain the highest standards of data security.
• Access Control: We employ robust access control mechanisms to prevent unauthorized access to data, both internally and externally. Role-based access controls limits data access based on user roles and responsibilities.
• Security Incident Response: TIP has a comprehensive procedure for monitoring, detecting, and responding to potential security incidents or breaches. We maintain a record of past incidents and can provide examples of how they were handled.
Please note, however that despite all measures that have been taken by TIP, there are inherent risks in transmission of information over the Internet and the connectivity (such as mobile network access) we supply.
Data Retention and Deletion
What period of time do we keep Data accessible or when will it be deleted:
• User Authentication: We authenticate and authorize users who access Data to ensure that only authorized personnel can view, manage, and manipulate data.
• Data Deletion: TIP has a clear process for handling data deletion requests from customers regarding Company and/or User data and/or Location data. We ensure that all copies, including backups, are properly deleted upon request.
• User data will be processed during the term of your contract and will be deleted 3 months after termination of the contract, unless required to keep by law (for tax purposes).
Data Transfer and Storage
Data is stored conform stringent data protection standards:
• Data Storage: We store data only within the European Union (EU)/European Economic Area (EEA) or in countries with adequate data protection levels ensured. Our data centres are strategically located so we can guarantee best up-time in case of a geo-local incident.
• International Data Transfers: We do not share any type of data we collect nationally and internationally other than described under 4 Data usage.
Compliance with Regulations
TIP is committed to complying with all relevant data protection regulations, including GDPR. We have documented compliance measures and processes for international data transfers. TIP adheres to GDPR and data protection laws.
Data Subject Rights
TIP respects data subject rights, including access, rectification, and data portability requests. We have established procedures to address such requests promptly. You have certain rights regarding User and Company Data, including:
• The right to access and review.
• The right to correct inaccuracies.
• The right to request data deleEon.
• The right to object to data processing.
• The right to submit a complaint to the Dutch Data Protection Authority.
To exercise these rights or if you have any questions or concerns about User and Company data, please contact us.
Data Breach Response
We have a robust procedure for detecting, reporting, and responding to data breaches. Affected parties and authorities are notified promptly, and we assess the impact of breaches on individuals and organizations. Our procedure for detecting, reporting, and responding to data breaches is comprehensive:
• Notification: We notify affected parties and authorities promptly in the event of a data breach.
• Impact Assessment: We assess the impact of a data breach on affected individuals and your organization.
Training and Awareness
TIP employees receive regular training on data protection and privacy practices. We maintain relevant certifications and credentials. Our team is well-prepared:
• Employee Training: We provide training to our employees regarding data protection and privacy practices;
• Awareness Programs: We conduct regular awareness programs on data protection.
Data Ownership and Control
Our terms of service include provisions related to Data ownership and intellectual property rights. We clarify Data ownership:
• Ownership: We (TIP) retain ownership of the Telemetry data, Connectivity data, Calculated data.
• Location, User and Company data remains the property of the Customer.
• Customers can use Telemetry and Calculated data for internal operational use only; it is not permitted to use or sell Telemetry and/or Calculated data in any shape or form with or to any third party.
• Data Retrieval: Customers can retrieve a copy of their Calculated data via API.
• When a Customer wants to acquire Data that falls out of scope of this contract, TIP can make this Data available with additional commercial terms, but will never be obliged to do so.
Insurance
TIP maintains insurance coverage for potential data breaches and data-related incidents.
• Insurance: We have insurance that covers potential data breaches or mishandling of data.
• Coverage: Our insurance covers data breaches and data-related incidents.
Changes to this Policy
We may update this data policy to reflect changes in our data handling practices. Any changes will be posted on our website, and we encourage you to review this policy periodically. We may change this policy from time to time to take account of:
• changes to Data Protection Laws and other laws which may affect this policy.
• guidance issued by the ICO and others.
• issues raised by our customers, partners and end users.
Contact Information
Last updated: Feb. 2024