PRIVACY POLICY WORKPLACE EXPLORER

This document describes the methods and logic of the processing of personal data of data subjects following the use of the Workplace Explorer. This information is provided pursuant to Articles 13 and 14 of EU Reg. 2016/679, respectively, to the Principal and to all interested parties who may interact with Synapses Srls by providing their personal data directly and/or indirectly.

1. References of the Data Controller and Data Protection Officer

1.1 Data controller

The data controller of the data collected is Synapses Srls, located in Via Madre Geltrude Comensoli 5 26833 Comazzo, Italy

1.2 Data Protection Officer

The Data Protection Officer is Stefania Pusateri, who can be contacted at dpo@synapseslab.com.

2. Services provided by the Data Controller

Synapses Srls provides its customers with Workplace Explorer, which can be installed either in the cloud or on premises. It is an RTLS middleware whose primary function is to manage positional information from one or more RTLS (Real-Time Location System) systems. The platform also enables the management of information from third-party systems, such as IoT sensors.

2.1 Data Sources

Workplace Explorer can be interconnected to RTLS systems of various types. In general, such systems can be classified into the following categories:

• Centric Server: The position is calculated by a central server that receives information from a sensor network and then can be sent constantly or on demand to the Workplace Explorer server.
• Mobile Centric: The position is calculated by a mobile device (sensor or smart phone) based on a set of information received from a set of sensors. and can then be sent to the Workplace Explorer server or used exclusively on the device itself.

Workplace Explorer can also be interconnected to systems that provide information from sensors (e.g. temperature, presence, parking, desk sensors, etc.).

2.2 Management of incoming information

In general, Workplace Explorer is able to handle incoming information in different ways:

• Saving to Database with automatic deletion scheduled on a time or space basis (e.g. automatic deletion after 1 month or when 1GByte of data has been reached)
• Anonymisation of data after a certain time interval. Anonymisation involves replacing references to the source of the data with a random value that makes it impossible to trace the traced object.

No saving but only using the last information received (typically in the order of 1-2 minutes)

2.3 Other additions

Workplace Explorer can be interconnected with the following systems in order to implement specific use cases:

• SSO systems: For authentication with third-party Single Sign On systems
• Microsoft Calendar O365: For booking and personal calendar management.
• Access control systems: To perform access unlocking functions, and display the last accesses of an individual user.
• Locker Control Systems: For the Reservation and Unlocking of Lockers.
• Lift control systems: To make a lift call.
• Building Management Systems: To control lights, temperature, blinds etc. inside a building.

2.4 Interfaces

The Workplace Explorer framework can be provided with the following interfaces involving end users:

• Management interface (web APP)
• Booking interface (web APP)
• Indication interface (web APP)
• Mobile APP interface (end user)
• Asset Manager interface (web and mobile APP)

2.5 Activatable modules

Workplace Explorer can be supplied with the following modules and/or functions involving end users:

• SSO Module
• RTLS module
• BMS module
• BOOKING module (ROOM/DESK/PARK/ASSET)
• LOCKER module
• ACCESS CONTROL module
• LIFT module

In general, individual modules enable specific functionalities, while other functionalities are the result of combinations of several modules.

2.5.1 SSO

Integration with the SSO of third-party systems (e.g. Microsoft SSO) allows the user to log in to both mobile APP and WEB Booking without the user having to perform any registration process. The configuration of the SSO module can be done by defining in detail what user information will be sent to Workplace Explorer. In general, only the e-mail address, first name and last name are required. Other information such as department, working groups etc. can be used for specific use cases (e.g. generating aggregated statistics for departments).

2.5.2 RTLS

When this module is enabled, the system is able to know and historicise the position of the individual user in accordance with the logics defined with the DPO of the Client/Purchaser.

If the user's location is calculated on the basis of information generated through the APP, the user will have the option of not granting location use privileges or disabling Bluetooth and GPS by preventing the APP from generating information to locate the user.

If, on the other hand, the user is tracked by means of a badge, it will not be possible to inhibit the information on the user's location, but only to intervene on the use the system can make of it.

The RTLS module usually enables the following basic functionalities for the end user of the APP:

• Displaying your location on a map
• Navigation to a point of interest
• Position-based Ticket Entry
• Searching for a specific resource or type of resource
• Searching for the resource closest to the user

In combination with other modules, the following functions can be implemented:

• Light/Temperature/Curtain control only when in proximity (BMS module)
• Automatic stamping as the user passes by (ACCESS CONTROL module)

On the other hand, from the system point of view, the RTLS module enables the following functionalities:

• Route analysis. Display of the position history of a single tag. The function is closely linked to the saving of positions to the DB.
• Counting the number of users in a single area/floor
• Emergency Management Function: The system creates and historicises a map of the individual floors with the last known location of all users. This image can be made available in the event of an emergency.

2.5.3 BMS

This module allows the user to control from the mobile APP or devices that can be managed by the BMS itself (lights, temperature, blinds, etc.). In general, control can also take place remotely, but only if such privileges have been assigned to the user. Workplace Explorer allows the user to define authorisations to control items in individual rooms at the individual user and individual room level.

2.5.4 BOOKING

This module allows the user to make reservations for Meeting Rooms, Desks, Parking lots or Assets. In general Workplace Explorer provides internal management of bookings by storing all relevant information.

In combination with the SSO and the integration with Microsoft Calendar O365, it will also be possible to book resources defined on the latter. Only with regard to these resources, Workplace Explorer will not store any information, but will ask the O365 system for the necessary information from time to time (e.g. list of commitments of the individual user, list of availability of a bookable resource, etc.).

From a system perspective, aggregate statistics can be generated at various levels, but never on an individual user basis.

Other possible functions in combination with other modules are:

• Automatic cancellation of a reservation in the absence of the person in proximity (RTLS module)

2.5.5 LOCKER

This module allows the user to book and unlock a locker. In combination with other modules, the following functions will also be possible:

• Locker release only in proximity. (RTLS module)
• Notification of locker still engaged when the user exits the building (RTLS module)

2.5.6 ACCESS CONTROL

This module allows the user to clock in or out, as well as to view the list of his or her clockings via APP. Integration with access control systems involves only the generation of a call that emulates the passing of a physical badge in the vicinity of an opening head. All opening authorisation management will be handled by the access control system.

In combination with other modules, the following functions will also be possible:

• Automatic stamping as the user passes by (RTLS module)
• Limitation Door release only in proximity (RTLS module)

2.5.7 LIFT

This module allows the user to make a lift call, optionally also indicating the destination floor. In combination with other modules, the following functions will also be possible:

• Calling a lift in proximity without having to select it (RTLS module)

3. Information on data processing

3.1 Data processed

The information collected by Workplace Explorer mainly concerns the position of mobile devices and transponders, but may also include other personal information such as the user's identity, phone number and e-mail.

If required by the customer, other information, such as department and/or working groups etc., can be included to be used for specific use cases (e.g. to generate aggregate statistics for departments).

3.2 Data categories:

The data categories can be summarised as follows: personal, identification, location

3.3 Purpose of processing

The purposes of the above data processing are the localisation of mobile devices and transponders, access management, opening a ticket or booking a desk or meeting room.

3.4 Legal Bases

The legal basis for the processing of data are pre-contractual and contractual obligations with the Client/Purchaser, in compliance with the GDPR.

3.5 Treatment modalities

All data are processed using automated IT tools and not by staff specifically authorised by the data controller. These authorised personnel in a suitable number to ensure the service (with regard to operational continuity) and minimisation of the operating subjects (with regard to the basic concept of "need to know"), access the data by means of a two-factor authentication system, on the basis of the appropriate authorisations.

For these IT tools, there is also the possibility of tracking access or attempted access, in accordance with the GDPR, for greater data protection.

Workplace Explorer offers several functionalities to ensure the protection of users' personal data, such as the possibility of activating the 'privacy' function in order not to be searched within the platform by administrators or other users, if not allowed by the DPO or the user himself.

Workplace Explorer takes appropriate security measures to prevent the loss, theft, unauthorised access, disclosure, modification or destruction of users' personal data. For example, the platform uses advanced security protocols to protect communications between the device and the server, and data is stored in an encrypted format.

The technique of anonymisation of geolocation data is also applied, which allows a policy of permanent storage: this data is anonymised for statistical and analysis purposes, such as the creation of heatmaps or other data aggregations, to improve the service.

3.6 Addressees

The data contained within Workplace Explorer are made available to the Customer/Purchaser in accordance with the contract and in compliance with the GDPR. Under no circumstances shall they be sold or transferred to third parties.

3.7 Source of data acquisition

The data are acquired through communication by service users directly or through the Customer/Purchaser.

4. Provision of data

Whenever the processing of data includes as a legal basis pre-contractual and/or contractual obligations and/or fulfilment of tax law obligations and/or receiving answers to one's questions, the provision of the data is necessary in order to fulfil the requirements. Failure to provide such data will affect the customer's ability to use the service.

At any time, the user will have the option of not granting location use privileges or disabling Bluetooth and GPS, preventing the APP from generating location information.

5. Retention Period

Whenever the processing of data includes pre-contractual and/or contractual obligations and/or fulfilment of tax law obligations as a legal basis, the data will be retained for the time necessary to ensure the lawfulness of the processing in accordance with the law, and, alternatively, in accordance with contractual provisions.

Should the user request the deletion of his or her personal data, such as user name and password, Workplace Explorer promptly carries out the deletion from the system.

It is possible to customise the data anonymisation time according to the needs of the Customer/Purchaser. In addition, Workplace Explorer offers the option of either not saving any positioning data, if requested by the Customer/Purchaser, or anonymising them in real time, provided this has been previously contracted (given the increased complexity and cost of the project, as it requires a more advanced real-time anonymisation system).

6. Transfer of data to a third country and/or recipient in a third country

To date, the organisation has no plans to transfer the data of European citizens to a third country. All data of registered users are stored within the European Union and in accordance with European data protection legislation.

7. Rights of the data subject

At any time, the data subject may exercise, pursuant to Articles 15 to 22 of EU Regulation No. 2016/679, the right to:

1. request confirmation of the existence or otherwise of their personal data;
2. obtain information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed and, where possible, the storage period;
3. obtain rectification and deletion of data;
4. obtain restriction of processing;
5. obtain portability of data, i.e. receive them from a data controller, in a structured, commonly used and machine-readable format, and transmit them to another data controller without hindrance;
6. object to the processing at any time;
7. object to automated decision-making relating to persons;
8. to request from the data controller access to and rectification or erasure of personal data or restriction of the processing of personal data concerning him or her, or to object to their processing, in addition to the right to data portability;
9. revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation;
10. file a complaint with a supervisory authority.

The Data Subject may exercise his or her rights by sending a written request to the Data Controller, to the postal address of the registered office or to the e-mail address info@synapseslab.com.