Privacy Policy for EMSO

Effective Date: October 10, 2024

At EMSO (referred to as "we," "us," or "our"), we are deeply committed to safeguarding your privacy and the security of your personal information. This Privacy Policy outlines our practices concerning the collection, use, disclosure, and protection of your data when you utilize our mobile application and related services (collectively, the "Application"). Please review this policy thoroughly to understand how we handle your information and your rights concerning it.

1. Introduction and Scope

This Privacy Policy applies to all users of the EMSO Application, including employees, administrators, and any other individuals interacting with our services. Our primary goal is to provide an efficient and secure platform for workforce management, attendance tracking, and shift scheduling. By accessing or using the EMSO Application, you agree to the terms of this Privacy Policy. If you do not agree with these terms, please do not use our Application.

2. Information We Collect

To provide and enhance our services, we collect various types of information, including:

a. Personal Information (Identifiable Information):

• Identification and Contact Details: Your full name, email address, contact number, employee ID, job title, department, and other identifiers provided during registration or account setup.
• Attendance and Work Data: Detailed records of your check-in/check-out times, work shifts, assigned tasks, project codes, absence records (e.g., sick leave, vacation), and any manual attendance adjustments or requests.
• Location Data: Precise or approximate geolocation data, including GPS coordinates, collected from your device when the Application is in use (foreground or background). This data is specifically used for geofencing, verifying attendance at designated work locations, and for features like real-time tracking during approved work activities. We will always seek your explicit consent before collecting precise location data.
• Communication Data: Records of communications with our support team, including emails and in-app messages.

b. Technical and Usage Information:

• Device Information: Information about your mobile device, such as its model, manufacturer, operating system version, unique device identifiers (e.g., IMEI, Android ID, IDFA), screen resolution, and mobile network information.
• IP Address: Your Internet Protocol (IP) address, which may be used to estimate your general location and for security purposes.
• Application Usage Data: Information about how you interact with the Application, including features used, screens viewed, frequency of use, errors encountered, and timestamps of activities. This helps us understand user behavior and improve the app.
• Log Data: Server logs that automatically record information when you use our services, including the date and time of your visit, the pages you view, and the referring website.

c. Information from Third Parties:

• We may receive information about you from your employer (our client) to facilitate your account creation and management within the EMSO Application, such as your initial employee ID and assigned work schedules. This is done to integrate seamlessly with your company's existing systems.

3. How We Use Your Information

We use the collected data for the following primary purposes:

• Attendance Tracking and Management: To accurately monitor and record your attendance, check-ins, check-outs, and breaks, ensuring compliance with company policies and for accurate payroll processing.
• Shift Scheduling and Workforce Coordination: To manage and allocate doctor shifts, assign tasks, and optimize working hours within your organization.
• Real-time Monitoring and Oversight: To enable authorized administrators within your organization to track attendance status, monitor adherence to work schedules, and ensure operational efficiency.
• Geofencing and Location Verification: To verify that check-ins and check-outs occur within designated work areas, preventing unauthorized attendance logging.
• Account Management and Authentication: To create, maintain, and secure your user account, verify your identity, and enable secure login, including optional biometric authentication.
• Communication: To send you important notifications related to your shifts, attendance, policy updates, and other service-related announcements. We may also send push notifications for reminders (e.g., forgotten check-outs) if enabled.
• Security and Fraud Prevention: To detect, prevent, and investigate unauthorized access, fraudulent check-ins, or other malicious activities within the Application, thereby protecting both your data and your employer's interests.
• Performance Monitoring and Improvement: To analyze Application usage patterns, identify technical issues, optimize performance, and develop new features to enhance user experience.
• Reporting and Analytics: To generate comprehensive attendance reports, workforce management analytics, and statistical data for your employer's operational insights and strategic planning. This data is often aggregated or anonymized where possible.
• Compliance with Legal and Regulatory Obligations: To comply with applicable laws, regulations, legal processes, or governmental requests.

4. How We Share and Disclose Your Information

We understand the importance of your data privacy and share your information only in specific circumstances:

• With Your Employer (Our Client): The core functionality of EMSO is to provide workforce management services to your employer. Therefore, all information collected through the Application, particularly your personal information, attendance data, and location data, is shared with and accessible by your employer for their legitimate business purposes, including payroll, HR management, and operational oversight. Your employer is the primary controller of this data for their specific purposes.
• Service Providers: We engage third-party service providers who assist us in operating the Application, providing infrastructure, analyzing data, and delivering customer support (e.g., cloud hosting providers, analytics services, email communication platforms). These providers are contractually obligated to protect your information and are only permitted to use it for the purposes of providing services to us.
• Legal Compliance and Protection: We may disclose your information if required by law, court order, or governmental regulation, or if we believe in good faith that such disclosure is necessary to:
  • Comply with a legal obligation.
  • Protect our rights, property, or safety, or the rights, property, or safety of our users, the public, or your employer.
  • Prevent or investigate possible wrongdoing in connection with the Application.
  • Protect against legal liability.
• Business Transfers: In the event of a merger, acquisition, asset sale, or other corporate restructuring, your personal information may be transferred to the acquiring entity or successor as part of the transaction. We will notify you of any such change in ownership or control of your personal data.
• Aggregated or Anonymized Data: We may share aggregated or anonymized data (data that does not identify you personally) with third parties for research, analysis, statistical purposes, or for marketing and promotional activities.

5. Data Security

We are deeply committed to protecting the security of your personal information. We implement a variety of robust technical, administrative, and physical safeguards to prevent unauthorized access, alteration, disclosure, or destruction of your data, including:

• Encryption: Data transmitted between your device and our servers is encrypted using industry-standard protocols such as SSL/TLS (Secure Sockets Layer/Transport Layer Security) to ensure secure communication. Data at rest (stored on servers) may also be encrypted.
• Access Controls: We employ strict role-based access controls and least privilege principles, ensuring that only authorized personnel with a legitimate need have access to sensitive data. Access is regularly reviewed and revoked when no longer necessary.
• Physical Security: Our servers and data centers are hosted in secure facilities with physical access controls, surveillance, and environmental monitoring.
• Regular Audits and Penetration Testing: We conduct regular security audits and vulnerability assessments, including penetration testing, to identify and address potential security weaknesses.
• Employee Training: Our employees receive ongoing training on data privacy and security best practices to ensure they understand their responsibilities in protecting your information.
• Incident Response Plan: We have an established incident response plan to promptly address and mitigate any potential data breaches or security incidents.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, provide our services to your employer, and comply with our legal and contractual obligations. This typically means:

• For active users: Your data is retained for the duration of your employment with the company using EMSO.
• After termination of employment: We will retain your data for a period as required by your employer's data retention policies, or as mandated by applicable laws (e.g., labor laws, tax laws), typically for a period of several years (e.g., 3 to 7 years) to meet audit and compliance requirements.
• Anonymized data: We may retain anonymized or aggregated data indefinitely for analytical and reporting purposes, as it no longer identifies individuals.

Once the retention period expires, your personal data will be securely deleted or anonymized in a manner that prevents its reconstruction.

7. Your Rights

Depending on your jurisdiction and applicable data protection laws (such as GDPR in Europe or CCPA in California), you may have the following rights regarding your personal information. We are committed to facilitating these rights in collaboration with your employer:

• Right to Access: You have the right to request access to the personal data we hold about you.
• Right to Rectification (Correction): You have the right to request that we correct any inaccurate or incomplete personal data.
• Right to Erasure (Deletion): You have the right to request the deletion of your personal data, subject to certain legal obligations for data retention or legitimate business purposes of your employer.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You may have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to Object: You have the right to object to the processing of your personal data in certain situations, particularly where it is processed based on legitimate interests.
• Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe your privacy rights have been violated.

To exercise any of these rights, please contact us using the contact information provided below. Please note that for many of these rights, especially those concerning data accuracy, deletion, or restriction, you may need to first contact your employer's HR department or the designated administrator, as they are often the primary data controller and responsible for managing your employment-related data. We will work with your employer to address your request in accordance with applicable laws.

8. Cookies and Tracking Technologies

The Application may utilize "cookies" and similar tracking technologies (e.g., web beacons, pixels) to enhance your user experience, analyze app usage, and improve our services. These technologies may collect information such as your device type, IP address, Browse activity within the app, and preferences.

• What are cookies? Cookies are small data files placed on your device.
• How we use them: They help us remember your preferences, maintain your login session, and understand how you interact with the app.
• Your choices: You can manage or disable cookies through your device or browser settings. However, please be aware that disabling cookies may affect the functionality and your experience of the Application.

9. Children's Privacy

The EMSO Application is designed for use by individuals who are at least 18 years of age and for professional workforce management. It is not intended for or directed at children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal data from a child under 18 without appropriate parental consent, we will take immediate steps to delete such information from our records.

10. Third-Party Links

The Application may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of any third-party websites or services you visit.

11. International Data Transfers

Your information, including personal data, may be stored and processed in any country where we have facilities or where we engage service providers. By using the EMSO Application, you consent to the transfer of your information to countries outside of your country of residence, which may have different data protection laws than those in your jurisdiction. We will ensure that such transfers comply with applicable data protection laws and that your data remains protected.

12. Changes to this Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. Any revisions will be communicated by posting the updated Privacy Policy within the Application or on our website, and the "Effective Date" at the top of this policy will be revised accordingly. We encourage you to review this Privacy Policy frequently to stay informed about how we are protecting your information. Your continued use of the Application after any changes indicates your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@coolbeanstech.com

For specific requests related to accessing, correcting, or deleting your employment-related data, we recommend contacting your company's HR department or the designated EMSO administrator first, as they are responsible for your employee data management. We will work in cooperation with them to address your inquiries.