1. We care about privacy, and this is who we are
This policy describes how VOSTROM Holdings, Inc. ("VOSTROM", "our", "us" or "we"), collects, utilizes, and shares any type of data (personal or not) when you allow us access to data on your device or in connection with your use of a web site or software ("Software") operated by us, or by one of our partners ("Partner").
We are responsible for the processing and control of data we collect. If you have any questions or concerns about our use of data, please contact us at privacymanager [at] positiveidcheck [dot] com.
This policy explains our privacy practices to help you understand when we collect data, and how or why we use it.
2. This is how we obtain and process data
If (and only if) you permit the operation of Software through your device settings and preferences, we may attempt to collect data through the Software, with great concern for reducing battery consumption and keeping your device running smoothly.
If (and only if) you grant permission for the Software to use location services, our Software may periodically collect location data (geo coordinates and related location information) correlated with network connectivity details such as the cellular, WiFi or Bluetooth network information (but never network security keys or credentials).
We do not collect content from any of the other apps installed on your device or record anything about your actual usage of these apps. We collect information on your battery consumption so we can measure the real impact of our Software on your battery. In order to do this accurately, we also store other configuration information that may have an impact on your battery, for example whether or not it is charging during the measurements, and the make and model of the device and related component information such as the number of CPU cores and software revision numbers.
We assign our own unique identifier for each device we measure in order to avoid continuous collection and transmission of your real individual hardware identifiers. At least one of your real hardware identifiers (e.g., IMEI, IMSI, MAC, AAID, IDFA, etc.) may be used initially as input to the algorithm that generates our unique identifier, but once calculated this hash cannot be reversed to expose any of those real hardware identifiers because it is based on a one-way hash algorithm (an "HMAC").
3. What we do with data once we have it
We do not use the data to target advertising or for any other direct marketing purposes, nor do we sell your identifying data to advertisers or other businesses who seek to identify you for similar or related purposes.
4. Consent-based collection
Our data processing is based precisely on your consent and the permissions you grant to the Software. The easiest way to limit (or stop) our data collection is to deny permissions inside the Software using your device permissions. Alternatively, you may completely opt-out of data collection at any time by utilizing our opt-out form provided in the Software or by emailing our privacy manager directly, as referenced herein.
5. If and how we share
We primarily use data we collect to improve our own software. We hope this improves our business processes and encourages our software development teams to innovate and create new Software and business solutions.
We use some third party services to host our infrastructure, protect ourselves from cyber attacks, or to back-up the data subject to strict privacy policies of the providers themselves. Although they may temporarily retain or have visibility into a raw form of the data in their physical space (data center) or through their network, they are not permitted to share it with anyone else in any form, except as required by law in their jurisdiction, or as required in order to perform services on our behalf.
If someone acquires our company or we become bankrupt or for any other reasons our assets are subject to sale or other disposition, the acquiring party would retain equal rights and obligations to protect the data.
Based on our own legal jurisdiction and requirements to protect our company or the data itself, we reserve the right to use or share the data under the following circumstances: (i) to enforce our own terms and conditions, or to protect ourselves from liability (ii) to exercise our rights and legally defend against claims; (iii) to comply with law, court orders, subpoenas, or other legal processes or requests of government or law enforcement; or (iv) to unilaterally prevent or investigate suspected illegal activity, threats to life, fraud, civil or human rights, suspected violations of our policies and agreements.
6. Where we process data
Our technical operations are primarily in Arizona in the USA. We have regional sales and marketing offices around the world, however we retain and process data through a variety of third party providers to cloud-enable our offerings. Many of these are located in other countries outside of our control, but still subject to our privacy policy and their own, though that may not be enforceable depending on their own legal jurisdiction. We reference the GDPR and EU Commission regulations when dealing with these entities regardless of their jurisdiction and location to promote compliance and use commercially reasonable efforts to safeguard any data transfers within and outside our legal jurisdiction.
7. How long we retain data
Data is held indefinitely as we are always developing new ways to model, summarize and present the data to our customers. However, we make every effort to design security safeguards and privacy principles into each and every product and service we provide to our customers and we endeavor to share data only in summarized or aggregate form when possible, even within our company itself.
8. How we protect data
We undertake commercially reasonable efforts to protect all data collected against loss, theft, unauthorized disclosure or deletion, modification or any form of misuse. We have physical and technical safeguards, an employee privacy awareness training program, and a stringent legal review process for our business relationships, making data protection a top company priority. We index data based on our own unique identifier in order to avoid continuous collection and transmission of your real individual hardware identifiers.
9. GDPR and EU Commission Regulations
Based on EU regulations including GDPR, European end-users have the following rights with regard to our data collection:
- Receive clear and understandable information about who is processing one's personal data and why;
- Consent affirmatively to any data processing;
- Access any personal data collected;
- Rectify inaccurate personal data;
- Erase one's personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data (the "right to be forgotten");
- Restrict or object to certain processing of one's data;
- Be notified without "undue delay" of a data breach if there is a high risk of harm to the data subject; and
- Require the transmission of one's data to another controller (data portability).
We believe we comply with these principles for data collection and processing and end-users may contact us directly should they have any questions or requests pertaining to these or other privacy matters. Please contact us by email to privacymanager [at] positiveidcheck [dot] com
10. Application
This policy prescribes how we collect, utilize, and share any type of data (personal or not) when you allow us access to data on your device in connection with your use of Software operated by us, or by one of our Partners. For pseudonymized or aggregate data abstracted out of collected data ("Resultant Data"), we reserve the right to utilize, share, commercialize and retain Resultant Data for any purpose.
11. Things change, but your privacy is always important
We will post updates to this policy periodically but the most recent version will always be available at this location.
12. Getting in touch
If you have any privacy-related questions, please contact us directly by email to privacymanager [at] positiveidcheck [dot] com