Silvasti Software Oy’s LogiApps is a cloud-based software service for road transport and mobile work management (“LogiApps” or “LogiApps system”). The LogiApps system includes ERP and transport management, automatic route optimisation and vehicle telematics. The LogiApps Android application (“Mobile Application”) is part of the cloud service.
LogiApps and Mobile Application collect personal data during use. When ordering LogiApps and Mobile Application for its use, the company (Silvasti Software Oy’s customer, hereinafter “Company”) acts as a controller within the meaning of data protection legislation for the data, which its personnel store in LogiApps. Silvasti Software acts as a processor of personal data for this information.
Silvasti Software Oy strives to guide Companies to act correctly and in accordance with regulations from the point of view of privacy protection.
PURPOSE OF USE OF PERSONAL DATA AND DESCRIPTION OF THE GROUP OF DATA SUBJECTS
LogiApps processes data regarding the Company’s customer, Customer’s contact persons, delivery customers, subcontractors, suppliers and employees.
Customer Register: Includes customers’ general contact information for billing. If the Company has personal customers or the Company otherwise stores the personal data of its customers’ representatives (see Contacts of Customer below), this will also form a personal data register. The customer register is intended to be used for billing, customer communication and the Company’s marketing communications.
Contacts of Customer: Contact information can be sent to companies registered in the customer register. This information on contacts is intended for use in communication and real-time monitoring of the Company’s services by individuals assigned as contacts for the customer.
Delivery Customers: Delivery customers contain the contact information connected to the service execution points. For example, in distribution traffic, a consignee may be registered as a Delivery Customer and may be sent real-time tracking information related to deliveries. If persons are entered in the delivery customer register, this will form a personal data register.
Subcontractor Register: Subcontractors are primarily companies, but if individuals are entered in the register (e.g. co-operation partners who run a sole proprietorship), it is possible that this will also form a personal data register.
Supplier Register: Suppliers are related to purchased products. Only companies are intended to be processed as suppliers. If individual persons are entered in the register (e.g. co-operation partner who runs a sole proprietorship or purchases from an individual), it is possible that this will also form a personal data register.
Viewing Users: Viewing users are only intended for the maintenance of shared login credentials with read-only access, which can create a secure view of, for example, common areas of office premises. If persons are entered in the viewing user register, this will form a personal data register.
Employee Registers: Company employees (= users of the LogiApps system) are registered in two different registers with different content and purposes of use.
- Mobile and Web application personal login credentials and determination of user licenses and user log
- Driver competence management (competency)
- Planning shifts and assigning tasks to registered persons
- Selection of the driver’s working hours format and allocation of the calculation of working hours to the employee
- Monitoring the driver’s working hours, holidays and working hours account balance
- Targeting of reports and entries made by drivers to the author of the report
- Personal messages can be sent to the driver in the LogiApps application by the Office Staff. The messages are visible to all Office Staff and the reading of the messages by the driver is recorded.
- Targeting car digital tachograph data to drivers (statutory data collection and storage)
It is possible to attach the location information on performed work to the working time entries reported with the Mobile Application, provided that the user of the Mobile Application has given permission to save the location information in the settings of the Mobile Application.
- Web application IDs and determination of user privileges
- Project resource planning
- Matching reports and entries made by office staff with the author of the report.
- Log data of logins with driver login credentials
Personal data collected and stored in personal registers can be used by the Company after the termination of the customer relationship in accordance with the applicable data protection legislation. The controller must take care of the processing and erasure of register data in accordance with data protection legislation.
DESCRIPTION OF DATA SOURCES
Applications are always logged in with the login credentials of a user company. The Application allows viewing the information entered by the Company in LogiApps and sending the information to LogiApps for other users of the Company to see.
Communication between the Mobile Application and LogiApps servers occurs using an encrypted HTTPS connection. Short header-level notifications are delivered through Google Cloud Messaging.
In no event, will the Mobile Application monitor or forward user call information, address book information, usernames, messages, photos, or other information stored on the device unless the user has entered the information into the application.
Mobile Application sends location information to LogiApps in the following instances, provided that the user of the Mobile Application has given permission to save location information in the settings of the Mobile Application or chooses to do so on an case-by-case basis:
- The device is registered for LogiApps continuous vehicle monitoring
- In connection with activities that are essentially based on location information (for example, the locations of the vehicle and loading and unloading locations that have been defined in the waste transfer document)
- For other entries, if the user has allowed location information to be sent in the settings.
Location information can be viewed by Company users who have user privileges to that feature. The information will not be passed on or made available to unauthorised users.
DESCRIPTION OF DATA RELATED TO DATA SUBJECT
Customer Register: Name, internal classification of LogiApps and assigned responsible person, Contacts, Address Information, Billing Information, Interfaces’ information, Username, User License, Contact persons.
Contacts of Customer: Name, Job, internal classifications of LogiApps and assigned responsible person, Contacts, Address Information, Language, Username, User License, Notes and Activities.
Delivery Customers: Name, Address, Contact details and possible Linking to the customer
Subcontractor Register: Name, Contact details, Address Information, Payment information and Username.
Supplier Register: Name and additional information.
Viewing Users: User ID and User License
Employee register – Office staff: Name, Contact details, LogiApps internal classification, User Licenses and Working periods.
Device management: Username, Timestamp, IP address, manufacturer and model of Device and status of GPS setting.
DESCRIPTION OF THE MAIN PRINCIPLES OF REGISTRY PROTECTION
The Controller (the Company) shall protect the personal data that the Controller collects in such a way that other persons than those specified by the Controller are not able to process the personal data. The Controller shall ensure that the data systems used to process personal data are adequately technically protected and the access to those data systems is protected by password.
DATA TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA
Personal data shall not be transferred without the consent of the user outside the Controller or its current or future group companies in such a way the information/data would be identified relating to an individual user in other situations than the following: obliged by law or a regulatory order, an order of a court or otherwise necessary to prevent or settle suspected infringements of law, the terms and conditions of online services or good practice or to protect rights of the Controller or third parties
RIGHTS RELATING TO PROCESSING PERSONAL DATA
The Data Subject has the right to inspect and correct or require correction of inaccurate personal data. Requests and requests for correction shall be addressed to the Controller personally. The Controller shall respond to the requests in accordance with law and practices in force.
In case the register contains inaccurate, unnecessary, incomplete or outdated personal data, the Data subject may ask the contact person of the Controller to correct, delete or complete such information.
The Company acting as a Controller shall be responsible for the fulfilment of the rights of the Data subjects and may provide more detailed guidance for the fulfilment of these rights. Silvasti Software Oy as a processor of personal data shall assist the controller in responding to data requests of data subjects to the extent required by law and as further agreed with the Company.
LogiApps shall not save cookies on the user’s device that shall remain on the device after the use of application shall be discontinued.