This Privacy Statement applies to the business communication tools provided through the Citymesh mobile app, installed from Google Play or App Store (the “App”). All services provided through the App are collectively referred to as the “Services”. The Services are provided to you, as an authorized user on an organisation account controlled by your employer or another third party that has invited you to use the App (“you” or “user”).
Access and Use
Your access and use of the Services is governed by a separate agreement (the “Customer Agreement”) entered by the company that has invited you to use the Services (the “Customer”). The App provides access to Services purchased by a Customer and can only be accessed and used by users invited by the Customer. The Services can only be used with an account created for you in advance by a Customer. An account can never be created in the App itself.
The Services are provided by the Citymesh group entity that the Customer has entered into a Customer Agreement with (“Citymesh”). The Customer controls the organisation account you are invited to and governs the processing of any messages, voice recordings, files or other content submitted through the Services (collectively “Customer Data”). The Customer is the data controller for Customer Data and Citymesh is the data processor. If you have any questions about the data processing described in this document, please contact the Customer that has invited you to user the Services.
The Services
The content of the Services may differ depending on the Customer Agreement. Examples of available functions are:
- Making calls (GSM or mobile VoIP) to contacts configured in your own or linked organisation(s) or contacts on your own device.
- Searching for contacts configured in your own or linked organisation(s).
- Viewing contact information, such as name, avatar, email address, telephone number, and presence status.
- Establishing individual chat sessions and collaborative groups (rooms). In these chats or rooms, information can be shared. This includes file sharing as well as online meetings with screen sharing and video. Participants in rooms can be internal users (organisational contacts) as well as external (invited by email). In online meetings, external users may participate after having been invited with their mobile phone number.
Collected Data
The Services include functions for messaging and sharing files and other content with other users. To be able to use these functions, you need to give the App necessary permissions to access e.g., photo library, contacts list, microphone, camera, or file system. The App does not automatically collect these data from the device, nor from any native personal configuration or any other apps. Only you as a user of the App can authorize data collection and sharing content with other users.
What data the App collects about you depends on what Services you use and what data you choose to share with others.
- Chats and collaboration rooms: You can choose to share text, any type of file, and voice recordings (as a message). This data is stored on an integrated third-party server while the Service is in use. You can at any time delete files shared by you. Shared text and voice recordings can only be deleted by the owner of a collaborative room (“Admin”). Admin can at any time delete all data collected and shared in the chats and collaboration rooms.
- Avatars: You can choose to upload a profile picture (an “Avatar”) by selecting an image from your photo library or by using the camera to take a photo. The Avatar will be stored on the Customers server and be visible to other users that are authorized to search for your profile.
- Contact list: You can choose to add native contacts as contacts in the App. These contacts’ vCards are stored on a server provided by the Customer but can only be accessed by the user that added it. Contacts from within the organisation of the Customer can also be synced to your local (native) address book. The purpose with this is to enable you to search for contact details also when you are offline and to enable name lookups when you receive direct GSM calls from these contacts.
On Android, synced contacts are stored in a separate group inside the native contacts App. The group (including all vCards) is automatically removed when sync is disabled, or the App is uninstalled. On iOS, the sync is implemented by installing a profile (downloaded from the Customer’s server) and the contacts can be synced to the device. When sync is disabled in the iOS App, the contacts will remain until the profile is deleted. The synced contacts may also be removed if the Customer removes the Service or alters the configuration of which type of contacts that can be synced.
Removal of Data
As the main purpose with the App is to give access to purchased (preconfigured) Services, the App does not offer a way to remove your account and data connected to you as a person. If you want your account to be removed, please contact the Customer who has invited you to use the Services. If you uninstall the App from your device, all local data will be automatically deleted. Other data collected and shared through the Services, will be stored until your account is removed.
Crash Reports and Diagnostics
In addition to the data collected to provide the functions stated above, the App may collect certain data to ensure the functionality and maintain the security of the Services.
- Crash reports: Crash reports never include data that can identify a user or person. They are entirely used for fault locating purposes by the developer. They are stored on Google and Apple servers. Crash reports from the Android App are automatically submitted. Crash reports from the iOS App are submitted only if you have activated crash reports on your device (go to Settings/Privacy/Analytics & Improvements: enable Share iPhone Analytics + Share with App Developers).
- Diagnostics: The App holds a feature to collect clear text diagnostics for fault locating purposes, including information about your device and how you have used the App. This feature is by default turned off and can only be activated by you. When diagnostics is collected, it stays inside the App until you decide to share it. Diagnostics can only be shared by the means of including the diagnostics file in an email. You can therefore always inspect the content before it is shared with someone else.
Third-party Disclosure
The Services are integrated with certain functions provided by trusted third parties. Third-party services are used to for example to provide certain functions such as Call Recording or integration to CRM systems. User data is never transferred, traded, or disclosed to any third party that is not an integrated part of the purchased Services. When data is shared with third parties for the purpose of providing the purchased Services, only such data that is required to perform the Service in question is shared. For more information, please contact the Customer that has invited you to user the Services.
Security
Several steps are taken to keep your data secure through access control, authorization control, entry control, and encryption procedures. For example, all data in transit is encrypted using TLS (Transport Layer Security) and the App is run in a sandbox meaning that the data in the App is not available from the outside.