ICU App Privacy Policy

PLEASE READ THIS PRIVACY POLICY CAREFULLY

This Privacy Policy is published in support of the OEG iCU App (the “App”) and made available by OEG Offshore Limited, a company registered in Scotland with number SC092719 and with registered address Cothal House, Cothal View, Pitmedden Road Industrial Estate, Dyce, Aberdeen, Aberdeenshire, AB21 0BA. (“OEG”, “us”, “we” or “our”). Our VAT registration number is: 125469800.

This iCU App Privacy Policy should be read alongside the iCU App Terms Of Use. Terms defined within the App Terms shall have the same meaning in this iCU App Privacy Policy unless stated otherwise.
 
For the purpose of “Data Protection Laws” (hereinafter meaning any and all data protection and privacy legislation in force from time to time in the United Kingdom including the Data Protection Act 1998 and the “GDPR” (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016)), we are the data controller.
 
OEG respect the privacy rights of our App Users and we are committed to protecting the personal information collected about you. To further this commitment, we have adopted this Mobile Application Privacy Policy (“iCU App Privacy Policy” or “Privacy Policy”) to help our Users make an informed decision about whether to use or continue using the App. This iCU App Privacy Policy will inform you about OEG’s policies and procedures regarding the collection, use and disclosure of your user information.
 
BY INSTALLING, USING, REGISTERING TO OR OTHERWISE ACCESSING THE APP AND ITS SERVICES, YOU AGREE TO THIS MOBILE APP PRIVACY POLICY AND GIVE AN EXPLICIT AND INFORMED CONSENT TO THE PROCESSING, USE AND DISCLOSURE OF YOUR PERSONAL DATA IN ACCORDANCE WITH THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT INSTALL, USE, REGISTER TO OR OTHERWISE ACCESS THE APP OR ITS SERVICES. OEG reserves the right to make any changes to the Mobile App Privacy Policy as deemed necessary or desirable, in accordance with Data Protection Laws, without prior notification to you. OEG will use all reasonable efforts to ensure users will be informed of the new Mobile App Privacy Policy by e-mail or notification, but it is your responsibility to verify regularly this iCU App Privacy Policy to be informed of any changes. Your continued use of the App after any such changes or after explicitly accepting the new iCU App Privacy Policy upon using the App shall constitute your consent to such changes.

1.0 The Information OEG Collects

This iCU App Privacy Policy applies only to information submitted and collected by OEG via the App, including information you provide when you register to use the App, subscribe to any of our services, make an in-App request, share third party email addresses, any notes or additional detailed information added to notifications, geo-location data, and when you report a problem with an App. If you contact us, we will keep a record of that correspondence.

The third party online/mobile store from which you download and/or install the Apps may also collect and use personal and non-personal information about you. Further details and links such policies can be found in our App Terms.  The App Terms must be accepted by you to proceed with the installation process of the App. This iCU App Privacy Policy does not apply to information that may be collected by such third party application store such as Apple or Google, and OEG is therefore not responsible for the information collected by such third parties. OEG will not share personally identifiable data with any third party – we promise.

1.1 User-Provided Personal Information

You may provide certain personally identifiable information to OEG (such as your phone number, e-mail address, company, location, etc.) prior to installing the App, in addition to the information that we collect through your download and use of the App. This information may include, but is not limited to, your first and/or last name, company, company location, contact details, profile picture, and e-mail address. 

For the support of internal operations, OEG collects your device identifier (“device ID”) and IP address. We do not access or store information that you have saved on your mobile device such as contacts and appointments. In addition, if permitted by your mobile device settings, the App may gather your location data.

1.2 Anonymous Information

This is information that does not directly or indirectly identify you as an individual user. OEG and other third parties incorporated software may passively collect non-personal information from you when you access or use the App.

We may collect usage, viewing and technical data; and any other information (such as device type) that may be passively collected by third party software such as;

We use Crashlytics to collect information about our products if they crash on you. You can find more information about Crashlytics' privacy policy at http://try.crashlytics.com/terms/privacy-policy.pdf.

We use secure session based app tokens. Token based authentication is stateless so we do not store identifiable information about the user on the server or in a user session token. Every request from the App will require a secure session token. This method of communication is a more efficient and secure alternative to cookies and is required for all message exchanges between the App and the server. The secure sessions tokens have been implemented to ensure confidentiality and integrity of data:

a.       Confidentiality: Only the server will be able to interpret session data.

b.       Data integrity: Only the server will be able to  manipulate session data

c.       Authenticity: Only the server will be able to initiate valid user sessions.

1.3 Explicit Consent

Explicit User Consent is a key requirement for mobile apps. The legislation says that businesses must request and receive consent to collect use and move personal data. Further, this request must be made and given in clear intelligible and easily accessible way. It cannot be confusing. As well as this the user must be able to withdraw consent as quickly as they can give it.

In order to provide a clear view of the iCU App, it's functionality and features and prior to any account set up or consent requests, a full presentation of the iCU App is provided to the company/users to ensure complete awareness of the data collected and how it is distributed. The company/user will be in control of the distribution process and can request amendments or removal of users as required.

We have a standard form (part of our QMS) which is used to collect the company and users data such as, company, contact details, address, contact numbers, email address, etc. In additional the form contains a section for consent by the designated user(s) which must be authorised before a user account can be set up.

Consent must also be provided from other users who are on the information distribution list being provided with information on unit status but may not have iCU App access.

Once a user is set up with an account there will be two further consent requests; 1. Allow access to the camera – this is essential for the operation of the iCU App & 2. Allow access to your location – This is also essential for the operation of the iCU App.

1.4 Why do we collect data

The OEG iCU App is not available for immediate worldwide use by the public and use by the general public. The OEG iCU App is not used for monetisation and has been developed for existing/new consignment stock customers who are selected by OEG to use the iCU App.

This means that we communicate directly with the company designated contact / user to specify the type of personal data we collect in order to set up new user accounts. The data we collect is used to provide the necessary functionality in the routing of unit status information to the consented parties within a customer’s organisation.  

1.5 Your right to be forgotten

One of the key focuses of the GDPR legislation is your right to be forgotten. This means that users are in control of the data collected through the iCU App by requesting that the entire data history is deleted and removed from all records.

Data stored on the users end device will be deleted when the iCU App is deleted. A request for removal must also be made to OEG which would initiate deletion of the user account and any data stored against that account. This request should be made to compliance@oegoffshore.com

The aim of this area is to put the user in control of their data. OEG have developed the iCU App to facilitate this control to provide a better experience when using the iCU App.

1.6 Privacy by design

This section is all about the proper encryption and data handling procedures. It is important to remember that the user account set up for the iCU App is a manual process which includes company/user consent prior to creation.

We recognise that your privacy must be proactive, not reactive, and we have built on this thinking from stage one of the design process to beyond account termination. From the iCU App inception to every point in the lifecycle privacy and data protection been front and centre in the development. It's about anticipating, managing and preventing privacy issues.

The OEG iCU App does not use browser cookies. It is a native app and does not use web views to manage/display content. External web links contained in the iCU App (social media links, website) will open in the user’s end device designated browser. Links to OEG documents through the iCU App would also open in the user’s designated end device browser but without a cookie session – a direct link to the file.

The iCU App has anonymised app session tokens stored on the app and on the server. This is done to provide additional security by not storing the user’s password on the end device and also eliminates continuous transfer of user credentials in communications with the server. When processing user data in communications with the server we have integrated encryption to secure the data at a server level, iCU App communication level and administration level.

The distribution function of the unit status can include external 3rd parties (defined by the user during the set up process) to receive email notifications. The email notifications sent out do not expose personal email details of others on the distribution maintaining security of data. It is assumed that all user’s will have equal consent to send emails to any 3rd parties using the iCU App.

By taking this approach we believe that we have created a user app experience that is operationally functional and secure. It provides users with the controls to input data in the knowledge that it is secured and that they can have it removed at any time.

2.0 The Way OEG Uses Information

We may use certain App data information such as user usage, App crash data, to assist us in the development and improvement of the quality and design of the App. We will use this data to  create new features, App functionality and services.

3.0 User profile

By providing information to allow creation of a User profile for the App, you accept that the personal data provided such as your User Name, email, contacts, etc will be visible to other Users within your specific User Group displayed on the iCU App.    

4.0 When OEG Discloses Information

We may share non-personally-identifiable information (such as anonymous user usage data, mobile device type, etc.) with our development team to assist them in understanding the usage patterns for certain functionality on the App. We may release personally identifiable information and/or non-personally-identifiable information:

a. to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries; and

b. to third parties (i) in the event that OEG sells or buys any business or assets, in which case, OEG may disclose your personal data to the prospective seller or buyer of such business or assets; or (ii) if OEG or substantially all of its assets are acquired by a third party, in which case personal data held by it about its App Users will be one of the transferred assets. 

Additionally, OEG may receive and release personally identifiable information and/or non-personally-identifiable information if required to do so by any legal or regulatory obligation or request, or in the good-faith belief that such action is necessary to comply with any applicable laws.

In instances when OEG is provided with personally identifiable information and/or non-personally-identifiable information, we reserve the right to disclose such information that we believe, in good faith, is appropriate or necessary to enforce our App Terms (if applicable), take precautions against liability, to investigate and defend ourselves against any third party claims or allegations, to assist government enforcement agencies, to protect the security or integrity of our App, and to protect the rights, property, or personal safety of OEG, our Users or others, in accordance with Data Protection Laws.

5.0 Location Data

Location data collection is a core function of the App and is a prerequisite for the correct operation of the App functionality. Location data will only be collected when the App is in use. Your mobile device may allow you to opt out of the collection of precise location data. However, you will be prompted to allow the location data to be gathered by the App.

iOS – Please see additional information about privacy and location services from Apple here : https://support.apple.com/en-us/HT203033

Android – Please see additional information about privacy, security and location services from Google here : https://support.google.com/accounts/answer/3467281?hl=en&ref_topic=7189122

6.0 OEG’s Commitment to Data Security

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing personal data as well as the risk of varying likelihood and severity for the rights and freedoms of you, OEG uses commercially reasonable, physical, managerial, organisational and technical safeguards to preserve the integrity and security of our systems. These safeguards include, among other things, limiting access to such data to those employees performing a legitimate business function, use of encryption and passwords, and the storage of data on secure servers or computers. These measures are also designed to protect any user information OEG may obtain, collect and/or retain as described in this Privacy Policy from unauthorized access, disclosure, use and modification. However, please be aware that, despite our best efforts, no security measures are perfect or impenetrable and we cannot guarantee the security of your data transmitted to or via the App or use of the App; any transmission is at your own risk.

7.0 Right to Access your Personal Data

You may at any time, request access to User’s Personal Data collected by the Company, request that inaccurate information be amended, or that the collected Personal Data be erased in accordance with Data Protection Laws. Such request for access must be sent to : OEG Offshore, Cothal House, Cothal View, Pitmedden Road Ind. Est., Dyce, Aberdeen, Aberdeenshire – AB21 0BA, Scotland or email us at :  app@oegoffshore.com

8.0 Links to other Resources

The App may contain links to other OEG websites or OEG services of interest. However, once you have used these links to leave our App, you should note that we do not have any control over those third party sites or services. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. Such sites and services have not been verified or reviewed by us and we have no liability for any use and access to them. Such links may include social media ICONs linking to registered OEG social media accounts;

a.       Twitter               https://twitter.com/en/privacy 

b.       Instagram          https://help.instagram.com/155833707900388 

c.       Facebook            https://www.facebook.com/legal/FB_Work_Privacy 

d.       Google+             https://www.google.com/policies/privacy/ 

e.       LinkedIn             https://www.linkedin.com/legal/privacy-policy 

f.        Pinterest            https://policy.pinterest.com/en/privacy-policy 

g.       YouTube             https://www.youtube.com/static?template=privacy_guidelines

h.       OEG website       https://www.oegoffshore.com/65_WebsitePrivacyPolicy.html          

10.0 Push Notifications/Alerts

We may send push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings within your device settings or by uninstalling the App from your device. The notifications or alerts will be associated with App improvements or new App services.

11.0 Questions or Comments about this iCU App Privacy Policy

If you have questions or wish to send us comments about this Mobile Privacy Policy, please contact us at:

OEG Offshore

Cothal House, Cothal View

Pitmedden Road Ind. Est.

Dyce, Aberdeen

Aberdeenshire – AB21 0BA

Scotland

Or email us at :  app at oegoffshore dot com