Octopus privacy statement

  1. Personal data we collect
    1. Your privacy is important to us. This privacy statement explains what personal data Octopus collects from you, through our interactions with you and through our product and related services, and how we use that data.
    2. Octopus offers a wide range of services as part of its product, from the main software (Octopus C&C PSIM – Control & Command, Physical security information management) to 45 different modules.
      1. This statement applies to Octopus’s interactions with you and the Octopus C&C, PSIM different modules listed below:
        1. CCTV, Video analytics
        2. Intrusion, Access control, Fire alarm
        3. LPR, Perimeter, Radars
        4. Communications
        5. Location based devices
        6. Cyber and Network alerts
        7. Social media and open source intelligence
        8. Organizational systems and ERP
        9. Live video transmission from the mobile app
        10. Incident management and log system
        11. Security operations system
        12. Route management system
        13. Visitors, suppliers and contract employee’s management system
        14. Asset management system
        15. Building management and maintenance operations system
        16. Safety management system
        17. Weapons management system
        18. SIEM - security information and event management for cyberattack alerts
      2. This statement applies to Octopus’s interactions with you and the Octopus App different modules listed below:
        1. Distress button
        2. Gyro Mode “man down”
        3. Location transmission and GPS positioning
        4. Encrypted communication system
        5. Receiving incidents and dispatch
        6. Incident log and manual incident reporting
        7. Inspection reporting and form generator
        8. Patrol and route module and navigation
        9. View force location on GIS
        10. Receiving forms/documents
        11. Task management
        12. Time & attendance reporting
        13. Bar-code scanning system
        14. Visitor/Supplier invitation module
        15. Vehicle license plate verification
        16. Access control system
        17. Organization phonebook
        18. Places near me
    3. Octopus PSIM also obtaining data from third parties and/ or IoT devices. We protect data obtained from third parties according to the practices described in this statement, plus any additional restrictions imposed by the source of the data. These third-party sources vary over time, but have included:
      1. Data brokers from which we purchase data to supplement the data we collect.
      2. Social networks when you grant permission to Octopus services to access your data on one or more networks.
      3. Service providers that help us determine your location, based on your IP address or GPS data, to customize certain services to you.
      4. Customer service providers that supplement the data we collect by means of integration and/ or IoT.
      5. Partners with which we offer co-branded services or engage in joint activities.
      6. Publicly-available sources such as open government databases or other data in the public domain.
      You have choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide data that is necessary to provide a service or feature, you may not be able to use that service or feature.
    4. The data we collect depends on the context of your interactions with Octopus, the choices you make, including your privacy settings, and the products and features you use. The data we collect can include the following:
      1. Personal & contact data: We collect passport picture or face photo, first and last name, email address, postal address, phone number, ID number, passport number, date of birth, profession, car plate, social media account details, and other similar contact data.
      2. Employment data: We collect profession, occupation, working address and building/ campus, employee ID, personal manager, training, personal working equipment, location, weapon and other sensitive security equipment details, system messages and event tracking, and other similar contact data
      3. Medical data: medical history, blood type, allergies, medication, medical documents, emergency contact data, and other similar medical data.
      4. Media data: video, stills picture, audio recording, and other similar media data. Your image may be captured by security cameras.
      5. Biometric data: face recognition, finger print, retinal imprint, and other similar biometric data.
      6. Credentials. We collect passwords, password hints, and similar security information used for authentication and account access.
      7. Demographic data. We collect data about you such as your age, gender, country, and preferred language.
      8. Payment data. We collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument, bank account details.
      9. Device and Usage data. We collect data about your device and how you and your device interact with Octopus systems and our products. For example, we collect:
        • Product use data. We collect data about the Octopus system related features you use. This data includes which application version is installed on your device, is it runs in the background, are you online.
        • Device, connectivity and configuration data. We collect data about your device and the network you use to connect to our services. It includes data about the operating systems. It also includes device type and manufacturer, identifiers (such as the IMEI number for phones), regional and language settings, battery state, IP address, online connectivity, last date of connectivity, GIS location, device positioning (balanced or vertical)
        • Error reports and performance data. We collect data about the performance of the services and any problems you experience with them. This data helps us to diagnose problems in the service you use, and to improve our products and provide solutions. Error reports (sometimes called “crash dumps”) can include data such as the type or severity of the problem, details of the software or hardware related to an error, contents of files you were using when an error occurred, and data about other software on your device.
        • Troubleshooting and Help Data. When you engage Octopus for troubleshooting and help, we collect data about you and your hardware, software, and other details related to the incident. Such data includes contact or authentication data, the content of your chats and other communications with Octopus, data about the condition of the machine and the application when the fault occurred and during diagnostics, and system and registry data about software installations and hardware configurations.
      10. Location data. For services with location-enhanced features, we collect data about your location, which can be either precise or imprecise. Precise location data can be Global Navigation Satellite System (GNSS) data (e.g., GPS), as well as data identifying nearby cell towers and Wi-Fi hotspots, we collect when you enable location-based products or features. Imprecise location data includes, for example, a location derived from your IP address or data that indicates where you are located with less precision, such as at a city or postal code level.
      11. Content. We collect content of your Octopus system related communication when necessary to provide you with the services you use. Such data can include:
        • Files
        • Stills pictures
        • Text or other content of a push or email message
        • Audio and video recording of a video message
        • Audio recording and transcript of a voice message you receive or a text message you dictate
      12. Traceability changes: We collect all logs traceability changes of your user. Such data can include: date, time, IP address, location, data changes (old and new) etc.
      13. Customer service: We also collect information you provide to us and the content of messages you send to us, such as service request, feedback and product reviews you write, or questions and information you provide for customer support. When you contact us, such as for customer support, phone conversations or chat sessions with our representatives may be monitored and recorded.
    Product-specific sections below describe data collection practices applicable to use of those products.
  2. How we use personal data
    1. Octopus uses the data we collect for a basic purpose: To operate our business and provide the services we offer (including improving and personalizing).
    2. In carrying out these purpose, we combine and fuses data we collect to give our customer a simple and more seamless, consistent and personalized data view. We have built in technological and procedural safeguards designed to prevent certain data combinations and leakage.
    3. Providing and improving our products and services: We use data to provide and improve the products and services we offer and perform essential business operations. This includes operating the products, maintaining and improving the performance of the products, developing new features, conducting research, and providing customer support. Examples of such uses include the following:
      • Providing the Products. We use data to carry out your transactions with us and to provide our services to you. Often, those services include personal and personalized features and data as describe in paragraph 1.
      • Customer support. We use data to diagnose product and services problems and provide other customer care and support services.
      • Product activation. We use data—such as device and application type, location, and unique device, application, network and subscription identifiers—to activate software and devices that require activation.
      • Product Improvement. We use data to continually improve our product and services, including adding new features or capabilities. For example, we use error reports to improve security features.
      • Security, Safety and Dispute Resolution. We use data to protect the security and safety of our services related product, our customers and users, to detect and prevent fraud, fishing, identity theft, data leakage, to confirm the validity of software licenses, to resolve disputes and enforce our agreements. Our security services features can disrupt the operation of malicious software and notify you if malicious software is found on your devices or systems.
      • Business Operations. We use data to develop aggregate analysis and business intelligence which enable us and our customers to operate, protect, make informed decisions, and report on the performance of the business.
    4. Communications. We use data we collect to communicate with our customers. We may contact our customer by phone, email or other means to inform, when a subscription is ending, discuss licensing account, let you know when software updates are available, update or inquire about a service or repair request, invite to participate in a survey, or remind you to act to keep your account active.
    5. Advertising. Octopus systems does not advertise and does not use any data to target ads to you or any of the end users.
    6. Data Retention. In the interests of the customer, we retain data forever. Nevertheless, some data such as TMP files are regularly deleted.
    7. Data Archives. In the interests of the customer, we archive data every 30 days. Retrieval of archived data can be performed by Octopus only when our customer has requested or authorized us to do so. In such cases, only the specific and relevant data in the request will be retrieved.
    8. Data Sharing. In some cases, we share controlled data with third party services to provide our customer the agreed services. Such cases are pre-defined by contract with our customer. Any related data transection is securely controlled by different means of cyber security methods.
    9. Data Collected by Other services. Octopus system are integrated with various third-party services. Such services can include: IoT devices, beacons, cyber security systems, biometric systems, CCTV systems etc. The data is used for the functionality of the services to our customer as defined in the contract.
  3. Reasons we share personal data
    1. We share personal data with our customer or as necessary to provide any service our customer has requested or authorized. For example, we share your content with third parties when you tell us to do so, such as when a certain service need to be process by third party or when you provide payment data, we will share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.
    2. We may need to share personal data among our cloud service. For example, to provide customer service support or assist in protecting and securing our systems and services the cloud service admin may need access to personal data to provide those functions. In such cases, the cloud service supplier must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose.
    3. We may need to share some personal data among our development and customer service team. For example, to provide customer service and support or assist in protecting and securing our systems and services our development and customer service team may have access to personal data. In such cases, our personnel must abide by our data privacy and security requirements and policy and are not allowed to use personal data for any other purpose.
    4. We will access, transfer, disclose, and preserve personal data, including your content when we have a good faith belief that doing so is necessary to:
      1. comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; or
      2. protect our customers, for example to prevent spam or attempts to defraud you or users of our product and services, or to help prevent the loss of life or serious injury of anyone; or
      3. operate and maintain the security of our product and services, including to prevent or stop an attack on our computer systems or networks or data base; or
      4. protect the rights or property of Octopus, including enforcing the terms governing the use of the services. however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property, including stealing of Octopus data, we will not inspect a customer's private content ourselves, but we may refer the matter to law enforcement.
    5. Please note that:
      1. If you are an end user of Octopus’s customer, your data is governed by its privacy statements. However, Octopus will enforce this privacy statement and its privacy policy on all customer, users and data as far as it depends on it.
      2. Some of our products include links to products of third parties whose privacy practices differ from Octopus. If you provide personal data to any of those products, your data is governed by their privacy statements.
  4. How to access & control your personal data:
    1. You can view, edit, or delete your personal data online depend on which products you use. For example:
      1. Octopus C & C, PSIM
      2. Iinviteu module
      3. Octopus app for mobile devices
    2. If you are an end user of Octopus’s customer you can view, edit, or delete only some of your personal data. All your data is controlled and governed by Octopus’s customer privacy statements.
    3. If you cannot access certain personal data collected by Octopus system directly through the octopus service you use, you can always contact Octopus customer support, we will respond to requests to access or delete your personal data within 30 days.
    4. If you are using Octopus app for mobile devices you can choose to block the GPS location service when installing the app (simply do not approve the service).
    5. Browser-Based Controls
      1. Octopus uses cookies (small text files placed on your device) and similar technologies to provide our websites and online services and to help collect data. The text in a cookie often consists of a string of numbers and letters that uniquely identifies your computer, but it can contain other information as well.
    6. Our Use of Cookies and Similar Technologies
      1. Sign-in and Authentication. When you sign into Octopus system website, we store a unique ID number, and the time you signed in, in an encrypted cookie on your device. This cookie allows you to move from page to page within the site without having to sign in again on each page. You can also save your sign-in information, so you do not have to sign in each time you return to the site.
      2. Security. We use cookies to detect fraud and abuse of our websites and services.
      3. User Preferences. We use local storage to save user preferences such as user preferred language and session details
    7. How to control cookies:
      1. Most web browsers automatically accept cookies but provide controls that allow you to block or delete them. Instructions for blocking or deleting cookies in all browsers may be available in each browser's privacy or help documentation.
      2. Certain features of Octopus system depend on cookies and similar technologies. Please be aware that if you choose to block them, you may not be able to sign in or use those features, and preferences that are dependent on cookies may be lost. If you choose to delete cookies, settings and preferences controlled by those cookies, will be deleted and may need to be recreated.
  5. Security of personal data:
    1. Octopus systems is committed to protecting the security of any personal data on its database. We use a variety of security technologies and procedures to help protect all personal data from unauthorized access, use or disclosure.
  6. Where we store and process personal data
    1. Personal data collected by Octopus services may be stored and processed in your region, or in any other country where Octopus maintain facilities.
    2. Octopus systems stores all data collected by its services on Microsoft AZURE cloud services which maintain major data centers in Australia, Austria, Brazil, Canada, Finland, France, Germany, Hong Kong, India, Ireland, Japan, Korea, Malaysia, the Netherlands, Singapore, the United Kingdom and the United States.
      1. The Microsoft Corporation complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Microsoft Corporation has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If third-party agents process personal data on Microsoft behalf in a manner inconsistent with the principles of either Privacy Shield framework, Microsoft remain liable unless it proves it not responsible for the event giving rise to the damage. The controlled U.S. subsidiaries of Microsoft Corporation, as identified in its self-certification submission, also adhere to the Privacy Shield Principles.
    3. Octopus primary database storage location is in the United states and the backup location is in Europe. The storage location(s) are chosen to operate efficiently, to improve performance, and to create redundancies that will protect the data in the event of an outage or other problem.
    4. Octopus systems take steps to ensure that the data we collect under this privacy statement is processed according to the provisions of this statement and the requirements of the EU GDPR and the requirements applicable law wherever the data is located.
    5. Octopus transfers personal data from the European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do, we use a variety of cyber security procedures and legal mechanisms, including contracts, to help ensure your rights and protections of your data.
    6. If there is any conflict between the terms in this privacy statement and the EU GDPR principles, the EU GDPR principles shall govern.
    7. If you have a question or complaint related to this privacy statement, our privacy policy, our why of data processing storage or managing we encourage you to contact us.
    8. For any complaints related to the privacy matter that cannot be resolved with Octopus directly, we have chosen to cooperate with the relevant data protection authority, or a panel established by the European DPAs for resolving disputes. Please contact us to be directed to the relevant DPA contacts.
    9. Octopus is subject to the investigatory and enforcement powers of The Privacy Protection Authority in Israel.
  7. Our retention of personal data:
    1. Octopus retains personal data for as long as necessary to provide the required services and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements.
    2. Some personal data can be deleted at any time by the customer or the end user. However, Octopus is obligated to maintain logs to enable the traceability of changes for as long as necessary. Such logs may include the following data:
      1. Who made the changes
      2. Date and time
      3. IP address
      4. The original data which has changed
      5. The new data that replaced the old one
    3. The right to be forgotten
      1. At the end of a contract period and its related services:
        1. Octopus provides a reversibility options, including data retrieval, until the customer confirms that the data is no longer required.
        2. The customer has the right to receive all related data, which may include: all data, personal data, logs, traceability changes records, backups etc.
        3. should the customer confirm that the data is no longer required, the customer environment will be cleared, if legally permitted, and all information relating to the customer will be deleted. However, in some jurisdictions, some customer related data may be retained by Octopus as required by law.
  8. Collection of data from and about children:
    1. Octopus official policy is not to collect any data from and/ or children under age 18. However, some services need to collect such data. Those services may include:
      1. Medical modules, for example to be able to supply a safe medical treatment.
      2. Security modules, for example when there is a security incident and data are being collected form the incident area, or when necessary in order to supply the contracted services, such as panic button.
  9. Notice to end user:
    1. Octopus C&C, PSIM with it satellite services are intended for use by organizations and are administered to you by your organization. Your use of Octopus services may be subject to your organization's policies, if any. If your organization is administering your use of the Octopus services, please direct your privacy inquiries to your administrator. Octopus systems is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this privacy statement.
  10. Changes to This Privacy Statement:
    1. Octopus will update this privacy statement when necessary to reflect customer feedback and changes in our products and its related services. When we post changes to this statement, we will revise the "last updated" date at the top of the statement and describe the changes in the traceability of changes table. If there are material changes to the statement or in how Octopus will use your personal data, we will notify you either by release note or by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how Octopus is protecting your information.