GA2 App Privacy Policy

Privacy Policy for AM Site Solutions App

At AM Site Solutions, we respect your privacy and are committed to protecting the personal data of all users. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our mobile application (the "App"). We comply with the General Data Protection Regulation (GDPR) and other applicable laws to ensure your data is handled securely and transparently.

1. Data Controller and Data Processor

a. Data Controller

The organisation using the AM Site Solutions App (typically our customer- an employer of the user) is the data controller. The data controller determines the purposes and means of processing your personal data. They decide what data is collected, why it is collected, and how it is used. You should refer to your organisation’s privacy policy for more details on how they manage and use your personal data.

b. Data Processor

AM Site Solutions acts as the data processor. We process your personal data on behalf of the data controller, in line with their instructions. Our role is to collect, store, and transmit the data you enter into the App, and to generate PDF reports that are sent to the data controller. We do not use your personal data for any purposes other than those specified by the data controller.

2. Data We Collect

We collect the following types of personal data when you use the App:

  • Personal Information: Name, phone number, email address (for admin users), and work-related data (e.g., timesheets, forms).
  • Location Data: GPS location (with consent), or manually entered location data if GPS tracking is disabled.
  • Device Information: Details such as the type of mobile device, operating system, and diagnostic data to ensure the App functions properly.

3. How We Use Your Data

As a data processor, we use your personal data only to fulfill the functions of the App, as directed by the data controller. These include:

  • Form Submission: To submit health and safety (GA2) forms, including attached photos and optional location data.
  • Timesheet Tracking: To log working hours and locations (if enabled), and to send them to the organisation.
  • PDF Generation and Email: After submitting forms or timesheets, a PDF is generated and emailed to the organisation’s designated contact.
  • User Management: Admin users can manage user accounts through the app, including creating, editing, and deleting users.

4. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Consent: For collecting and using location data, you must give explicit consent, which can be revoked at any time by disabling location services in your phone’s settings.
  • Legitimate Interest: We process your personal data to provide the core functionality of the App, including submitting forms and tracking work hours.
  • Contractual Necessity: Processing personal data is necessary for fulfilling obligations related to the App's services, such as reporting hours worked or submitting forms.

5. Third-Party Services

To provide our services, we rely on trusted third-party providers, who help us process, store, and secure your data. These providers include:

  • GBA Solutions: GBA Solutions, as the app developer and service provider for AM Site Solutions, assists in the development, maintenance, and support of the App. GBA Solutions processes data strictly on behalf of AM Site Solutions and does not use your data for any other purpose.
  • Google Firebase: We use Firebase for user authentication, real-time database storage, and secure data hosting. Firebase is a product of Google, and it complies with GDPR by offering data encryption and secure data storage. All data stored in Firebase is encrypted while in transit
  • Google Cloud: In addition to Firebase, we use Google Cloud services for processing and storing data securely, ensuring high availability and data protection.

These providers act as data processors on behalf of AM Site Solutions, and they comply with GDPR standards. Your data is only shared with these third parties to provide essential functionality (e.g., user authentication, data storage, and backend processing). We use the infrastructure of these providers to implement strict security protocols and offer adequate safeguards for the protection of your data.

6. How We Share Your Data

We only share your personal data in the following ways:

  • With your designated administrator or organisation: Form submissions (including timesheets and any location data) are shared in the form of PDF documents.
  • Service Providers: We use trusted third-party service providers to process and store data (e.g., cloud storage and email services), all of whom are GDPR-compliant.
  • Legal Requirements: We may disclose your data if required by law or to protect the rights, property, or safety of our company or others.

7. Your Rights Under GDPR

As a user, you have the following rights regarding your personal data under the GDPR:

  • Right to Access: You have the right to request access to the personal data we hold about you.
  • Right to Rectification: You have the right to request corrections if any personal data we hold is inaccurate or incomplete.
  • Right to Erasure ("Right to be Forgotten"): You have the right to request that we delete your personal data under certain conditions.
  • Right to Restrict Processing: You can ask us to limit the processing of your personal data under specific circumstances.
  • Right to Data Portability: You have the right to obtain a copy of your data in a structured, commonly used format.
  • Right to Object: You have the right to object to the processing of your data based on legitimate interests.
  • Right to Withdraw Consent: If you have given consent for location tracking, you can withdraw it at any time by turning off location services in your phone settings.

To exercise any of these rights, please contact us at support@amsitesolutions.com.

8. Data Retention

We will retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting, or reporting requirements. If requested by your organisation, we may delete data after a certain period or at the end of your engagement with them.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. All data is encrypted during transmission, and access is restricted to authorised personnel.

10. Location Data

Location data is collected only when you give explicit consent by enabling location services on your mobile device. You are free to disable location tracking at any time, and if disabled, the app will ask you to manually enter location information where required.

11. Children's Privacy

The App is not intended for use by individuals under the age of 16, and we do not knowingly collect personal data from minors. If you believe we have collected data from someone under the age of 16, please contact us, and we will take steps to delete such information.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. You will be notified of any significant changes through the App or via email.

13. Complaints

If you have any concerns about how we handle your data, you have the right to lodge a complaint with a data protection supervisory authority in your country.