Hero

Last updated: August 20, 2018

Privacy Policy

To deliver the Mapiq smart building platform to our users, we need to process personal information, like your name or business email address. In this privacy policy we explain how we use that information, how we safeguard that information, and how you can contact us for queries about your personal information. This document explains in non-technical terms how Mapiq makes sure your data is safe and how we comply with the latest privacy regulations (the GDPR).

This document is targeted towards all individual Mapiq users. Please note however that Mapiq is a product that is made available through your company or organization. That means that your company or organization has an agreement with us that states who can use Mapiq, what features are enabled and what information is being processed by Mapiq. Therefore, your own company’s service desk or privacy officer is a good starting point if you have any questions or privacy concerns about Mapiq. Feel free though to contact us directly at privacy@mapiq.com if there is anything we can help you with.

What is personal data?

Personal data is all data that tells us something about you or that can be linked to you as a person. For example, when you log on to Mapiq with your corporate or institutional account Mapiq receives your name, email address and additional business contact information. A room reservation that you create within the Mapiq application becomes part of your personal data as well, as it is linked to you as a user. Your personal data might also exist of technical details, like your computer’s IP-address that is used to log on to the Mapiq web service.

In contrast to personal information Mapiq also handles anonymous information. The occupancy status of a room or flex desk that is measured with a sensor is no personal data, as Mapiq cannot link that data to who is keeping the room or workplace occupied.

In summary, personal information is all information that we have that links to you as a person.

Our vision on privacy

The goal of our Mapiq product is to give you a great and efficient day at work. Processing personal data is part of that and should always serve your interests.

We care for your private data. That means that we see it as our responsibility to keep your data secure, to handle your data according to the privacy laws and to only allow access to your data to systems or persons that have the right and need to access it. The Mapiq company is ISO-27001 certified, which means that we have security policies in place that are regularly verified by an independent external auditing party.

You are in control. Mapiq does not own the data we have on you. We handle (process) your data on behalf of your company or organization (that purchased the Mapiq service). We can only use your data for the purposes described in the agreement with your organization. Features of Mapiq that allow you to share information with your colleagues (such as our colleague-finding feature) are only enabled after you opt-in for that feature. You can opt-in and opt-out as frequently as you want. If you want to know what data Mapiq has on you, if you see that your data is incorrect, or if you want your data to be removed entirely we are happy to help you.

We only use your data for the intended purpose. That means that Mapiq uses personal data only to deliver and improve the Mapiq functionality and to keep Mapiq performing and secure.

For which purposes does Mapiq use personal data?

  • Delivering our Mapiq service. This includes:
    • Authenticating you to the Mapiq web app or Mapiq Now app.
    • Authorizing you forx certain functionalities, such as booking a room or placing an order for catering. These functionalities depend on the functionalities that your organization has in its Mapiq subscription.
    • Offering the functionalities of our web app and/or Mapiq Now mobile app, such as room booking, controlling light and temperature settings, finding a suitable available workplace.
    • Determining your location within your office building to provide location-based services. Your location is only visible to your colleagues when you explicitly enable this functionality (opt-in). Mapiq only stores your last known location, so no location history is kept except that single last known location. Your last known location is also not stored for a period longer than 24 hours. Finally, Mapiq can only determine your location within the office building, so not outside or at home.
      • Providing support and maintaining contact with your organization’s representatives.
  • Keeping our services secure. We need to make sure that our software platform is secure and therefore need to be able to detect potential malicious activity or flaws in our systems. Web requests and security-sensitive actions (like logon attempts) are therefore logged and analyzed. These log files are kept no longer than required.
  • Keeping our services performing. It is important to us to keep Mapiq performing optimally. When we detect a problem, like functionality slowing down, we need to investigate what actions have led to the problem. We use our log files to investigate and solve such issues.
  • Improving our services. We always want to keep innovating. We therefore perform analytics on how our users use the product to gain insights in how we improve. Whenever possible these analyses are performed using anonymous data.

Whose personal data does Mapiq have?

Mapiq has personal data of the people that use Mapiq. That data is first transferred to Mapiq when you log on to Mapiq for the first time. Using a process called Single Sign On, your organization sends us the required information to log you on and get you started with Mapiq. That means that Mapiq only receives your personal data when you start using the Mapiq service.

Further, Mapiq may receive your personal data when you contact us directly, for instance when you create a support request or contact us by phone.

Mapiq provides integrations with technical systems that your organization owns or maintains. For example, we may integrate with a room booking system to provide convenient meeting room reservations, or we may integrate with the Wi-Fi network to provide location-based services. It can happen, that the system that we integrate with also provides us with personal data of people who are not actively using Mapiq. That means that Mapiq receives more information than it asks for and strictly requires. When this happens, the non-required data is disposed directly upon receival, to ensure that we do not store personal data from non-Mapiq users.

We only use your data for the intended purpose. That means that Mapiq uses personal data only to deliver and improve the Mapiq functionality and to keep Mapiq performing and secure.

What personal data does Mapiq have?

Information on who you are

This is the basic personal information that we receive from your organization when you log on to Mapiq, like:

  • Your name
  • Your business email address
  • Your business phone number
  • Your job title
  • The department you work in

We use this information to:

  • Authenticate you for logging on to Mapiq
  • To provide the Mapiq application functionality, like showing a welcome message or sending you a confirmation email after booking a meeting room.
  • To determine authorizations, such as the meeting rooms that you may or may not book through Mapiq.
  • To provide business contact information to your colleagues, if you have opted in for colleague finding.

Data that results from using the Mapiq applications

Using Mapiq may generate new personal information, as the new data can be linked to you as a user:

  • The IP address of the computer or phone that was used to contact Mapiq webservices.
  • Which functionalities of the Mapiq webservices you are using.
  • Security logs of certain actions.
  • Cookies
  • Bookings (reservations) that are made through Mapiq.
  • A profile picture that you may set for your account.
  • You last known location, if you have enabled (opted in for) location based services.

We use this information to:

  • Keep our systems secure. IP addresses and security logs are used to detect possible malicious activity.
  • To analyze how our users use the Mapiq service, so we can keep improving our services and their performance. We anonymize data when possible.
  • Cookies are small text files that are stored on your computer and can be used to keep you logged on to the Mapiq service and to keep track of which services (websites/ pages) of Mapiq you have visited. The most basic cookies serve a pure technical purpose (the ones logging you on), others help us to understand how our services are being used.

Data that is generated during the use of Mapiq (bookings, a profile picture, your last known location) are all stored with the purpose of delivering that exact functionality. We need to store bookings to correctly manage concurrent reservations and we need to store your profile picture if you have chosen to set one to personalize your Mapiq experience. A special note on last known location is that we only store a single last known location, and only if you have opted in for localization. Location data is erased after 24 hours.

Data that we receive from your organization to integrate with their systems

This category of data varies from customer to customer, but the purpose for receiving the data is generally the same. When connecting to a system of your organization, it may be necessary for your organization to deliver additional personal data to correctly match your data within that system. This is best explained by a real-life example.

Mapiq offers integration with smart lockers. That means that you can use the Mapiq application to find and claim an available locker, and to open it using the Mapiq application. Your organization’s locker system may be designed to use your badge number to uniquely identify you as the owner of the locker. For Mapiq to integrate with that system, it will need to also know that badge number to claim a locker on your behalf.

Since it differs from customer to customer it is not possible to exactly specialize this category of data in this privacy policy. This type of data is governed by the data processing agreement between Mapiq and your organization, which assures that Mapiq can only use the data for the purpose intended by your organization.

Data retention

We store personal data no longer than required by law and no longer than required to deliver the Mapiq services. Retention varies between 24 hours (location data) and the duration of the subscription your organization has with Mapiq.

When your organization decides to stop their Mapiq subscription, your organization has two options to choose from:

  • Mapiq hands over all data in the organization’s subscription to your organization and then deletes the data.
  • Mapiq deletes the data and confirms that to your organization.

With whom do we share personal data?

In general, we do not share your data with other organizations unless there is a valid and legitimate reason. We do or may share your information with:

  • Your own organization. As the subscription holder, they own the data in their subscription.
  • Third parties that work for Mapiq. Third parties only receive the information that is strictly required to fulfill their services to Mapiq. These third parties are known by your organization. Our cloud hosting provider Microsoft for instance is used for hosting the Mapiq services.
  • Governmental agencies, when legally required.

How we care for your personal data

We secure your data

Technical and organizational security is an important aspect of keeping your data secure. The Mapiq company is an ISO-27001 certified company. ISO-27001 is an international standard on information security. If defines both technical and organizational measures that a company should implement to ensure security throughout all business processes: from hiring staff, to software development and hosting a service.

Although the ISO standard is much broader than the few examples we can give here, the following should give an idea of the aspects of caring for your data:

  • We use encryption for all internet communication.
  • We always have our systems updated to include the latest security patches.
  • All our databases are encrypted.
  • We have backup-and restore systems in place that are regularly tested.
  • Mapiq uses a software development cycle where each phase of development is securely separated from the next (the DTAP principle)
  • The Mapiq services are regularly penetration tested: ethical hackers try to find flaws by trying to hack into our systems.

Our information security standard is audited by an external auditor on a yearly basis.

Confidentiality

Privacy awareness amongst our personnel is an important aspect of caring for your data. All Mapiq employees have signed a confidentiality agreement. Only Mapiq employees that require access to personal data to fulfill their jobs (for instance our service administrators) can access personal data.

Requesting, correcting or deleting your personal data

You have the right to ask us:

  • What personal data we have on you and have us send it to you.
  • To correct an error in your personal data.
  • To delete all personal data we have on you.

Mapiq processes personal data on behalf of your organization, who have taken a subscription to Mapiq. To streamline communications, the best starting point for such a request would be your own organization’s service desk or privacy officer.

Nevertheless, you may always directly contact us at privacy@mapiq.com for such a request. By emailing to this address, a service ticket is created that will be handled by our support staff. Together with your organization we will then make sure to have your request handled within two weeks.

Further questions on privacy or personal data?

We are happy to answer any questions you may have on privacy or your personal data. Feel free to contact us at privacy@mapiq.com.

Mapiq