For the purpose of “Data Protection Laws” (hereinafter meaning any and all data protection and privacy legislation in force from time to time in the United Kingdom including the Data Protection Act 1998 and the “GDPR” (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016)), we are the data controller.
1.0 The information OEG collects
1.1 User-Provided Personal Information
You may provide certain personally identifiable information to OEG (such as your phone number, e-mail address, company, location, etc.) prior to installing the App, in addition to the information that we collect through your download and use of the App. This information may include but is not limited to, your first and/or last name, company, company location, contact details, profile picture, and e-mail address.
For the support of internal operations, OEG collects your device identifier (“device ID”) and IP address. We do not access or store information that you have saved on your mobile devices such as contacts and appointments. In addition, if permitted by your mobile device settings, the App may gather your location data.
1.2 Anonymous Information
This is information that does not directly or indirectly identify you as an individual user. OEG and other third parties incorporated software may passively collect non-personal information from you when you access or use the App.
We may collect usage, viewing and technical data; and any other information (such as device type) that may be passively collected by third-party software such as;
We use secure session-based app tokens. Token-based authentication is stateless so we do not store identifiable information about the user on the server or in a user session token. Every request from the App will require a secure session token. This method of communication is a more efficient and secure alternative to cookies and is required for all message exchanges between the App and the server. The secure sessions tokens have been implemented to ensure confidentiality and integrity of data:
- Data integrity: Only the server will be able to manipulate session data
- Confidentiality: Only the server will be able to interpret the session data.
- Authenticity: Only the server will be able to initiate valid user sessions.
1.3 Explicit Consent
Explicit User Consent is a key requirement for mobile apps. The legislation says that businesses must request and receive consent to collect use and move personal data. Further, this request must be made and given in a clear intelligible and easily accessible way. It cannot be confusing. As well as this the user must be able to withdraw consent as quickly as they can give it.
In order to provide a clear view of the iCU App, it's functionality and features and prior to any account set up or consent requests, a full presentation of the iCU App is provided to the company/users to ensure complete awareness of the data collected and how it is distributed. The company/user will be in control of the distribution process and can request amendments or removal of users as required.
We have a standard form (part of our QMS) which is used to collect the company and users data such as, company, contact details, address, contact numbers, email address, etc. In additional, the form contains a section for consent by the designated user(s) which must be authorised before a user account can be set up.
Consent must also be provided from other users who are on the information distribution list being provided with information on unit status but may not have iCU App access.
Once a user is set up with an account there will be two further consent requests; 1. Allow access to the camera – this is essential for the operation of the iCU App & 2. Allow access to your location – This is also essential for the operation of the iCU App.
1.4 Why do we collect data
The OEG iCU App is not available for immediate worldwide use by the public and use by the general public. The OEG iCU App is not used for monetisation and has been developed for existing/new consignment stock customers who are selected by OEG to use the iCU App.
This means that we communicate directly with the company designated contact/user to specify the type of personal data we collect in order to set up new user accounts. The data we collect is used to provide the necessary functionality in the routing of unit status information to the consented parties within a customer’s organisation.
1.5 Your right to be forgotten
One of the key focuses of the GDPR legislation is your right to be forgotten. This means that users are in control of the data collected through the iCU App by requesting that the entire data history is deleted and removed from all records.
Data stored on the users' end device will be deleted when the iCU App is deleted. A request for removal must also be made to OEG which would initiate the deletion of the user account and any data stored against that account. This request should be made to firstname.lastname@example.org
The aim of this area is to put the user in control of their data. OEG has developed the iCU App to facilitate this control to provide a better experience when using the iCU App.
1.6 Privacy by design
This section is all about the proper encryption and data handling procedures. It is important to remember that the user account set up for the iCU App is a manual process which includes company/user consent prior to creation.
We recognise that your privacy must be proactive, not reactive, and we have built on this thinking from stage one of the design process to beyond account termination. From the iCU App inception to every point in the life cycle privacy and data protection been front and centre in the development. It's about anticipating, managing and preventing privacy issues.
The OEG iCU App does not use browser cookies. It is a native app and does not use web views to manage/display content. External web links contained in the iCU App (social media links, website) will open in the user’s end device designated browser. Links to OEG documents through the iCU App would also open in the user’s designated end device browser but without a cookie session – a direct link to the file.
The iCU App has anonymised app session tokens stored on the app and on the server. This is done to provide additional security by not storing the user’s password on the end device and also eliminates the continuous transfer of user credentials in communications with the server. When processing user data in communications with the server we have integrated encryption to secure the data at a server level, iCU App communication level and administration level.
The distribution function of the unit status can include external 3rd parties (defined by the user during the setup process) to receive email notifications. The email notifications sent out do not expose personal email details of others on the distribution maintaining the security of data. It is assumed that all users will have equal consent to send emails to any 3rd parties using the iCU App.
By taking this approach we believe that we have created a user app experience that is operationally functional and secure. It provides users with the controls to input data in the knowledge that it is secured and that they can have it removed at any time.
2.0 The way OEG uses information
We may use certain App data information such as user usage, App crash data, to assist us in the development and improvement of the quality and design of the App. We will use this data to create new features, App functionality and services.
3.0 User profile
By providing information to allow the creation of a User profile for the App, you accept that the personal data provided such as your User Name, email, contacts, etc will be visible to other Users within your specific User Group displayed on the iCU App.
4.0 When OEG discloses information
We may share non-personally-identifiable information (such as anonymous user usage data, mobile device type, etc.) with our development team to assist them in understanding the usage patterns for certain functionality on the App. We may release personally identifiable information and/or non-personally-identifiable information:
a. to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries; and
b. to third parties (i) in the event that OEG sells or buys any business or assets, in which case, OEG may disclose your personal data to the prospective seller or buyer of such business or assets; or (ii) if OEG or substantially all of its assets are acquired by a third party, in which case personal data held by it about its App Users will be one of the transferred assets.
Additionally, OEG may receive and release personally identifiable information and/or non-personally-identifiable information if required to do so by any legal or regulatory obligation or request, or in the good-faith belief that such action is necessary to comply with any applicable laws.
In instances when OEG is provided with personally identifiable information and/or non-personally-identifiable information, we reserve the right to disclose such information that we believe, in good faith, is appropriate or necessary to enforce our App Terms (if applicable), take precautions against liability, to investigate and defend ourselves against any third-party claims or allegations, to assist government enforcement agencies, to protect the security or integrity of our App, and to protect the rights, property, or personal safety of OEG, our Users or others, in accordance with Data Protection Laws.
5.0 Location data
Location data collection is a core function of the App and is a prerequisite for the correct operation of the App functionality. Location data will only be collected when the App is in use. Your mobile device may allow you to opt-out of the collection of precise location data. However, you will be prompted to allow the location data to be gathered by the App.
iOS – Please see additional information about privacy and location services from Apple here: https://support.apple.com/en-us/HT203033
Android – Please see additional information about privacy, security and location services from Google here: https://support.google.com/accounts/answer/3467281?hl=en&ref_topic=7189122
6.0 OEG’S commitment to data security
7.0 Right to access your personal data
You may at any time, request access to User’s Personal Data collected by the Company, request that inaccurate information be amended, or that the collected Personal Data be erased in accordance with Data Protection Laws. Such request for access must be sent to : OEG Offshore, Cothal House, Cothal View, Pitmedden Road Ind. Est., Dyce, Aberdeen, Aberdeenshire – AB21 0BA, Scotland or email us at : app at oegoffshore dot com
8.0 Links to other resources
The App may contain links to other OEG websites or OEG services of interest. However, once you have used these links to leave our App, you should note that we do not have any control over those third party sites or services. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. Such sites and services have not been verified or reviewed by us and we have no liability for any use and access to them. Such links may include social media ICONs linking to registered OEG social media accounts;
- YouTube : https://www.youtube.com/static?template=privacy_guidelines
- LinkedIn : https://www.linkedin.com/legal/privacy-policy
- Instagram : https://help.instagram.com/155833707900388
- Twitter : https://twitter.com/en/privacy
- Facebook : https://www.facebook.com/legal/FB_Work_Privacy
9.0 Push notifications / alerts
We may send push notifications or alerts to your mobile device. You will be prompted to allow or decline. You can deactivate these messages at any time by changing the notification settings within your device settings or by uninstalling the App from your device. The notifications or alerts will be associated with App improvements or new App services.
OEG Offshore, Cothal House, Cothal View, Pitmedden Road Ind. Est., Dyce, Aberdeen, Aberdeenshire – AB21 0BA, Scotland or email us at : app at oegoffshore dot com