Last Updated on March 3rd, 2021.
When you use Lockated’s FM Matrix Mobile App Services, either via Website or the App, you are trusting us with some of your information. We understand this is a big responsibility on our shoulders and we are always working hard to keep your information safe and secure, and give you control over your data. We are independently certified for protecting privacy of Personal Identifiable Information (PII) under GDPR readiness, and working on a few other major data privacy certifications.
Index of content,
- Information Lockated Collects
- How the Information is collected
- Why information is collected
- User privacy controls
- Sharing your information and disclosures
- Your information security
- Your information retention and deletion
- Role and details of data protection officer
Lockated is a comprehensive proptech and community management platform helping millions of users to make their life safe, secure and convenient.
Lockated seamlessly connects the community – commercial community and residential community, employees, facility managers, admins, management and end users – through the app and web platform with a view to improving the security and convenience of the premises and business operations.
Apart from using our services, all users can use our web and app in a variety of ways to manage their data privacy.
Information Lockated Collects
We would like you to understand that the information collected via the Lockated app or website is to help us provide you with superlative service.
The information Lockated collects, and how that information is used, depends on how you use our services and how you manage your privacy controls. For example standard Lockated services, only your details such as name and number will be needed. However if your residential community or commercial community which is your office chooses to use advanced features like attendance, payments, seat booking, residential community features, additional information may be needed to render services. All the personally indentifiable information is treated as sensitive information by us and you will have full control over this data.
Information collected on the Lockated App and Website
Residents: Name, Email Address, Mobile Number, Your Apartment/Villa Number, Vehicle Number (if any) and any other data you may have chosen to provide on Lockated.
Guests: Name, and resident flat to be visited. No other guest information is required on Lockated App for entry at gate. (Note: Individual RWAs may mandate additional information such as phone number which is totally at discretion of respective RWAs) Residential Welfare Associations.
Employees: Name, Email Address, Mobile Number, Photograph, Location, Vehicle Number (if any)
Service Providers to Society/Individual Homes:
The name, phone number, resident flat to be visited (if any), vehicle number (if any), entry/exit time, visit purpose and photograph. For security reasons, some personally identificable information of service providers including delivery executives is taken at the gate as per appropriate local laws. Lockated processes the information as per service requirements.
Additional Information: IP address, webpages visited (pages of Lockated) by the user, a standard practiced to optimize user experience and curate content of a website, browser, device and operation system information, mobile network information, the date, time and referrer URL of your request (the website from which the user was redirected to Lockated, a standard practive to track and compensate the originator of traffic to Lockated website, websites, app and apps as when a visitor clicks on a Google ad or any other medium of add for Lockated.
Information Collected from Other Sources / Third Parties:
In addition to the above, in light of COVID Pandemic, Employees, Residents, Guest and/or Service Providers to the Society/ Individual Homes, Offices, Buildings, Facilities shall have the option to use the Aarogya Setu Mobile App to initiate the permission to gain entry into the respective flat/society/office. Lockated shall receive the following information from the Aarogya Setu App upon scanning of the QR Code:
2. Mobile Number
3. Risk Category
Individual RWAs may mandate the use of the Aarogya Setu App for gaining entry into the RWA which is totally and solely at the discretion of respective RWAs.
We collect standard website access information (type of browser etc) using cookies and other similar technologies on all our websites. We do this to measure, improve and personalize our services for you and we do not share this information with any third party organizations for commerial purposes.
We don’t sell or trade user information in any form to anyone. The information is used solely for the purpose of enabling services and making your experience better on Lockated platforms. On a case to case basis we give you great value add from third party partners where information will be shared after your explicit consent.
Lockated’s services are an extension of the services offered by the Resident Welware Association (RWA) (being our direct customer) or Property Management (PM) Company of the premises. The RWA members or PM company will have access to all the information collected for their society on Lockated for recording and security purposes. In case any of the RWA members access any of resident data, Lockated will transparently convey the same to the user along with the reason for access of the information.
How the Information is Collected
Lockated provides its services through our website and mobile app (will be collectively referred to as “Platforms”). User information is collected via our platforms either directly or indirectly to give great product and service experience.
All personally identifiable information as mentioned in “Information Lockated Collects” segment is explicitly collected on the platform where users fill in their details and give necessary consent to be contracted or their information to be used by Lockated for serving them better via the platforms.
Information like IP Address, Device Data, Browsing Data and other information as detailed in “Information Lockated Collects” is collected while the user is interacting with our platform. The same is collected to make user experience on our platforms better.
Why the Information is Collected
We use information collected from users to provide our services. The data is collected on Lockated website as per the discretion and inputs given by users. On the mobile app information is collected as per our agreement with RWA of societies OR Property Management Companies who act as an extended service provider to all residents within the society/ commercial office/ buildings.
Following are the key services which will require information collected
- Account set up and administration
- Personalization of content, business information or user information
- Periodically communicate with you (like new feature/benefits introduction, feature usage guidance etc.)
- Data recording and analysis on platforms usage to improve future services (All analysis are done only at aggregate level and Lockated never accesses or analyses data at user level)
- Legal obligations and meeting internal audit requirements (Non-guest visitor information)
- Protect our users, Lockated: Information is used to improve safety and reliability of services across platforms. This include detecting, preventing and responding to security risks, fraud or any technical issues which can harm our users on Lockated.
USER PRIVACY CONTROLS
Lockated ensures that you are in full control of the information we collect and how it is used.
This section describes key controls for managing your privacy across our platforms and services. In addition to this we also provide few other mechanisms by which users can reach out to us to modify or erase their information available with us.
Managing, reviewing, and updating your information: When you’re signed in, you can always review and update information by visiting the services you use. For example, you can change your control details such as your name, email and phone number.
Choice to Opt-out: We provide all users with options to opt-out from receiving non-essential (promotional, marketing related etc.) communications from us. This can be done directly on our platforms or providing us with necessary information at firstname.lastname@example.org
Unsubscribing, removing and deleting your information: If you choose to unsubscribe from our platforms or delete any of all your information, you can delete your apartment and then delete your apartment and then uninstall the app. In addition to this you may also send an email to email@example.com for specific information about your account or deletion of your account history. However, we may still retain some information and records of transaction for specific period as required by any law, contract with RWA or policy as applicable.
Sharing Your Information and Disclosures
We do not share your personal information with companies, organizations, or individuals outside of Lockated or anyone within Lockated.
There may be few expectations:
- When user reaches out to Lockated cutomer care for specific query/issues and customer care personnel has to access your information for resolution of your query.
- Explicit user consent will be taken by Lockated in case we partner with companies, organizations, or individuals outside of Lockated to provide services or offerings to users. The use of such services may require you to share your name, email, phone number, flat details or other information with these partners. In such cases, Lockated will only share your information and offer you the service with your explicit opt-in.
For Legal Reasons: We may need to share or disclose some of your information outside Lockated if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonable necessary in the following events:
- Meet any law, regulation or legal process as applicable or enforceable request from government.
- To enforce applicable terms of service, including investigation of potential violations, fraud, security or technical issues/breaches.
- Information as necessary with your respective societies RWA as per terms of agreement.
- Protect against harm to the rights, property or safety of our users, Lockated, or the public as required or permitted by Law.
Consent: In some cases, we may process some of your information based on the consent you expressly grant to use at the time we collected such data. In case we need to process any of your information we will be clearly indicating to you at the point and time of collection.
We have enabled societies to collect explicit consent from service providers while capturing their data. During the onboard process of any service provider, they will be getting an SMS with a phone number on which they can give a missed call to give consent for their data capture.
You have the right to withdraw your consent at any given point of time either via platform or writing to us at firstname.lastname@example.org
We do not share your information with companies, organizations or individuals. However, if any case in future arises where some data needs to be shared, we will keep your informed and take your consent as applicable.
Your Information Security
We build security into each and every system and services to protect your information.
All Lockated platforms and processes are built with strong security features that continuously protect your information. We have multiple real time checks and tests running to help us detect and automatically block security threats from ever reaching you. In case of any detection of threat or risk that we deem you should be aware of, we will notify you and guide you through steps to keep your privacy protected.
We are constantly striving to protect your data from unauthorized access, disclosure, modifications, or destruction of any information we hold, including:
- All information going in and out of the app is 256 bit https encrypted. TLS encryption is used throughout the application for data in motion and data is also encrypted at rest.
- All information is stored in servers with best in class firewalls and needs multiple authentications for any access and no unauthorized person will have access to the same.
- We constantly review our information collection, storage and processing practices, including physical security measures, to prevent unauthorized access to our systems.
- We restrict access to personal information to employees, and external contractors who may need the information in order to process some services. Any internal employee with this access is subject to strict contractual confidentiality obligations and strict actions (up to termination or criminal action) will be taken if they fail to meet these obligations.
- Lockated app and family of apps are certified and audited on a regular basis. Lockated application and data servers do not use public accessible addresses or IP. The access is further secured through a VPN tunnel with 2FA (Two Factor Authentication). All traffic is routed through a WAF (Web Application Firewall) and is checked strictly for malicious traffic.
However, we would like you to understand and accept that data transmission over the internet may be liable to risk and we would assume no liability for any disclosure of information due to errors in transmission issues or unauthorized third-party access to our platforms or databases.
Your Information Retention and Deletion
The information collected on our platforms is retained for different periods of time depending on what the information is and how it is used and how you configure your settings.
Users can request to export a copy of their information or delete it from your Lockated account at any given point of time (some information deletion may be subject to RWA approval, Lockated will facilitate the approval process):
- All the visitors information is retained for a specific period of time (period beyond which the data is deemed not to be reasonably necessary for operation or by law) and this interval will be as per the discretion of the societies/companies. Lockated will delete all visitors’ information from its systems after 180 days by default. Once deleted, even Lockated will not be able to retrieve past data.
- Users may request at any time that their data on Lockated systems, app, and website be erased. This is referred to as the Right to be Forgetted and can be triggered from the Lockated App or by writing to email@example.com
- Guests visitor can get their details deleted at any given point of time, details for same is covered in Role and Details of Data Protection Officer
- We keep some data until your company or society is live on Lockated app and or any other family of apps. All such information is deleted if your company/organization/society/RWA is no longer live on our platform.
- However, some data we may retain for longer period of time when necessary for legal purposes, such as security, fraud or financial record keeping.
When you delete data or request for deletion of data, we follow a process to make sure that all your data is safely and completely removed from all our servers. We also ensure that none of your information is subject to accidental or malicious deletion. This may lead to some delay between actual requests made and final deletion as we ensure that information deletion is genuine and not accidental from our active and backup systems. Any request to DPO will be replied within 7 days and actioned within 30 days subject to approvals from the RWA/Company/Organization/Society/RWA and not including the time taken by them in approvals.
Role and details of Data Protection Officer (DPO)
Lockated has employeed a dedicated data protection and grievance officer who will be responsible for overseeing the company’s data protection strategy and its implementation to ensure compliance with various privacy law requirements.
Our DPO is responsible for the following:
- Constantly educating the company and employees on important data privacy compliances.
- Training all staff involved in data processing
- Conduct regular audits to ensure compliance and address any gap or issues proactively.
- Monitoring implementation and effectiveness of data protection efforts within company.
- Maintaining comprehensive records of all data processing activities, including purposes and necessity of all processing activities, which must be produced on request.
- Interfacing with data subjects to address how their information is being used, their right to have their personal data amended or erased and what measures Lockated has put in place to protect your personal information.
If you have queries regarding your data and privacy, please contact us on firstname.lastname@example.org
In case of any issue or grievance related to your data privacy, please contact our DPO at email@example.com or write to Lockated (Haven Infoline Pvt. Ltd.) office.
Lockated (Haven Infoline Pvt. Ltd.)
2nd Floor, Jyoti Tower, Opp. Versova Police Station,
Andheri West, Mumbai 400053, Maharashtra, India.