
Shield for business
Privacy Policy and Information Security
Publication date: 21/07/2020,
Privacy Policy and Information Security, Community Shield Application
What is the purpose of the application?
The application is designed to help you and other members of your workplace communities to comply with regulations and reduce mutual risks. The application is based on voluntarily sharing of information between members for the common good of the workplace community. We refer to a “workplace community” as the employees and contractors who share significant time in a common physical environments. For example, your workplace community may include employees and suppliers.
Who developed the application?
The workplace community shield (also referred to as shield for business) was developed in a joint effort by Metrix ltd. The developer of Hamagen – the Israeli contact tracing app and Onspota location Technologies Ltd, a developer of Proximity and indoor location technologies.
Who is sponsoring the application service:
The application is contracted and made available to you by companies and organizations who wish to provide a safer environment for you and other members of your workplace community. The application will work only after you complete your registration process using the registration code which should be provided to you by your organization coordinator.
What does the application do?
While you are in the community location (e.g your workplace environment, campus, Building) the application collects your location and proximity timeline based on preset periods of time (currently once every 5 minutes) and save it to your local device. Your time is kept on your device for 14 days and then removed automatically. At any moment you can stop the timeline collections and remove the historical timeline.
Who can see my timeline?
No one can see your timeline nor have access to your locations and proximity information. This information is not sent out of your device unless you have specifically and voluntarily authorized sharing this information with your community in one of the following cases:
-
In case you choose to alert members of your community who have been exposed to you and should consider entering home isolation.
-
In case you choose to help your workplace to identify locations where you spent significant amount of time (currently more than 30 min for the last 4 days) and should be disinfected.
-
In case someone else in your community has shared an alert and you choose to check if you were in proximity to him/her or to places on their timeline.
In any of the above cases the information about your locations and times is cross-referenced with similar information of other relevant members of your community who have explicitly requested to share their timeline for the common good. Following this process any instance of such information, excluding your device, is deleted.
Should the application discover that there is a possibility that you have been at the same place and at the same time as an alerting person, you will receive a notification from the application with the details of the location and times where you have spend in proximity to each other been and with any other details the alerting person would like to share.
Where and in what manner is my information stored?
-
Information about your locations is only stored on your device.
-
Information is stored via the SQLite database, accessible only to the application.
-
If you wish to alert your community or to cross reference your time line with other members, the application will ask your consent to do so. In such case, the information you agree to share will be securely handled for the minimal possible amount of time until such cross–reference can be performed and will be removed immediately after. This process is estimated between 1 min and 30 min as per the size of your community and the number of cross reference which should be processed.
How does the application know where I've been, and why does it require authorizations to my device?
-
The application uses device location data and sensors data (e.g. GPS, wifi, Bluetooth) to log you location and proximity timelines.
-
Internet access is required to continuously updated your device as per notifications and send alerts from your community. The application also use the internet for communicating telemetric data for the purpose of service and battery optimization.
What kind of information does the application keep about me?
-
Location history of last two weeks only (dates, times, and places) according to the tracking services
-
History of wireless networks (WiFi) that you came across in the last two weeks.
-
Cross-references of locations with diagnosed patients (if any) – in the last two weeks only.
-
Everything is stored in the memory of your phone and is not forwarded.
-
In case you decide to alert your community and share your location and proximity timeline, your community manager will have a record of your share-request, but will not have access to your actual historical timeline or any personal information which you didn’t explicitly shared.
Why is this information necessary for my community?
-
Communities can reduce risks and may provide safer and more efficient environments by endorsing voluntarily sharing of information and alerts between members.
On what technologies and infrastructures is the application based?
-
The application is written with React Native
-
The application uses CPS SDK (Composite Location Services) by Onspota
-
The information on the device is stored in SQLite
-
The application is using Firebase to deliver different push notifications, monitor faults and to let the App run efficiently and smoothly.
Some applications monitor use. Do you also do that?
-
We use Google's Firebase service
-
The service collects anonymous information for purposes of monitoring the application's functionality only
-
We use anonymous information to learn the application's functionality so that we can improve it for the benefit of the user public, and for this purpose only
-
We do not collect identifying information about your use of the application, your use of other applications, network traffic, internet use, phone calls, or any other content related to your device. The application will neither collect nor store information on anything that does not pertain to your location: place, date, and time only.
Should I do anything to maintain the privacy of my information?
-
Physically protect your smartphone device – as usual
-
Lock your device with a password when it is not in use – as usual
What security checks did this application pass?
The application was tested by specialists from the commercial sector, and leading information security and cyber experts from the civil cyber and information security community in Israel. Security checks included architectural checks, code reviews, and PT (breach checks). Adjustments were made according to the recommendations received, and we are currently convinced that the application is sufficiently secure for use, adequately protected from attacks and malfunction, and capable of providing user services in accordance with its purposes.
How should we act in the case of an information security incident?
Although we spared no effort, professional experience, and controls, there is no such thing as a completely secure system. Therefore, we are committed to informing the user public of information security incidents that affect them, so that they can take necessary precautions.
You are welcome to send us your questions, and suggestions for improving the application or reports of information security or privacy issues.