phone-icon

Privacy policy for mobile apps

Baseline limited liability company sp. k. with its registered office in Kraków, ul. Wadowicka 8A, 30-415 Kraków, KRS No. 0000581581, is the producer of the Baseline™ mobile application, however, it is not the administrator of data collected by this application within the meaning of the Personal Data Protection Act. This document describes the privacy policy, i.e. the rules for processing data of users of the Baseline™ mobile application available on Android and iOS platforms.

1. MOBILE APP

The Baseline™ mobile application is part of a large CRM & DMS that is deployed on the client’s server. The Baseline™ platform is not a SaaS service – it is a solution implemented mainly in the on-premise model, and the data collected by these systems are processed by the client (license owner), who is also the administrator of personal data within the meaning of the GDPR. The Baseline™ application is an application for business applications, which means that it is not used by ordinary consumers (private persons).

After installation, the application works in demo mode, the user can only navigate in the application without the possibility of editing and entering data. Activating the application and pairing it with the customer’s production environment enables full-scale work in the application on the terms implemented by the license owner (client). In order to pair the application with the customer’s own production environment, the QR code available in the Baseline™ system available on a www browser should be scanned. After scanning the code, the mobile application downloads security certificates and switches to the appropriate server with which it will communicate. The user must provide a login and password, which is normally used to authenticate to the system via a web browser. The application configured in this way is ready to work in the customer’s production environment.

1. WHEN AND WHAT INFORMATION WE COLLECT

Logging in to the application – the user logs in with his ID (login) and access password. In the logging process, the application transfers to the server information about the version of the device’s operating system, as well as the IP address and identifier used to send push messages from the server.

Location tracking – one of the main features of the Baseline™ application is the ability to track the location of the device. The purpose of the service is to enable the supervisor to analyze the salesman’s route in the field. By default, the application has the tracking service turned off – it can be turned on in the application settings. Enabling tracking requires explicit user consent to the Location service on your phone. The application additionally informs the user about the reasons why the above permission is required for the operation of this system function.
The collected location information is stored only on the license owner’s server and is available from the Baseline™ www system by authorized persons. The data is not transferred anywhere else.

Call logging – one of the main features of the Baseline™ application is the ability to record notes on phone calls in the CRM. After the phone call ends, the application retrieves the caller’s phone number and tries to identify the caller with the database of contacts in the Baseline™ CRM system. After identifying the contractor, the application allows you to add notes from the conversation directly to the contractor’s file. Therefore, the application needs access to the call log and contact list on the phone. Call recording is disabled by default. The user must consciously activate it by giving explicit consent in terms of permissions to the call log and contacts (READ_CALL_LOG). The data that the application sends to the server contain only the telephone number of the interlocutor without personal data. The telephone number is used only to identify the caller and is not further processed or shared.

Using the application – the user using the application can add notes, events and photos or other files on the phone at any time. These resources are ultimately saved in the web server database and are not transferred for further processing. They are only information about a given element of the system and are assigned to it.
Push notifications – the user is asked to grant permissions to notifications when logging into the application for the first time. These permissions are necessary to be able to receive push notifications about important notifications regarding tasks or events configured in the CRM system. Granting consent is not mandatory for the correct operation of the mobile application.

STATISTICAL ANALYSIS

The application does not collect any data on conducting analyzes and statistics such as Google Analytics.

DATA SHARING

The data that is entered into the mobile application is not transferred for further processing by external entities. We do not transfer any data to international organizations or so-called third countries. The collected data is processed on the fly or saved on a server that is owned by the license holder (client).

DELETE OF DATA AND ACCOUNT

Deleting the account and data is possible directly in the Baseline™ system via a web browser. To do so, you can contact your local administrator on behalf of your organization. It should be noted that in this type of business systems, the rules for creating and deleting user accounts are different than those usually implemented in typical consumer applications operating in the SaaS model.

SECURITY MEASURES

The mobile application uses the http protocol for communication. To ensure the integrity and confidentiality of data in the communication process, we use SSL certificate encryption and validate this certificate on the server, which means that only devices with an uploaded certificate can communicate with the main Baseline™ server.
Each user has their own ID and access password. Depending on the configuration of the server environment instance, the user can log in to the application using domain access data using LDAP credentials.
Access to the production environment of the license owner (client) is possible only after pairing the application using a special QR code, which is a secret code available to the user after authentication in the Baseline™ system via a web browser.
As an application producer, we care about the highest data security standards. We have a current “Data protected” security certificate issued by an independent certification body Tuv Nord Polska.