The University’s Privacy Policy Regarding the Use of HID Mobile Access
Last modified: September 17, 2020
Introduction
The University of California, Davis ("University") respects your privacy and is committed to protecting it through compliance with this policy. This policy describes:
- The information the University collects or that you may provide when you download, install, register with, access, or use the HID Mobile Access (the "App").
- The information stored from this App.
- The University’s practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies only to information the University collects in this App. This policy also explains how that collected information will be used by the University.
Although HID, the manufacturer and developer of the App (HID Mobile Access) has its own privacy policies, the terms of the contract between the University and HID govern data use and collection.
Information the University Uses and Collects and How the University Uses and Collects It
The University collects information from and about you and your device (“personal information”):
- Directly from you when you provide it to us through the registration process.
- Automatically when you use the App for electronic access control.
The University will use the following information from University data sources to generate an invitation to send you a mobile credential invitation: first name, last name, email address, and a unique, internal UC Davis database data field. Once you download the App and accept the invitation, the App will generate a unique credential number and associate it with your name. That unique credential number will be matched to your information in the AggieAccess system to provide building and facility access.
Per the manufacturer’s privacy policy, the App will automatically collect information to create a unique credential for you, which allows your unique credential to provide you access to a building or facility, and to push updates to you to maintain building and facility access. The App will collect the following information from you and your device after downloading and installing the App:
- Usage Details. How you access and use the App, including application state, events, usage statistics, reader interaction logs, error logs, and country and city based on IP address lookups.
- Device Information. Information about your mobile device, including the device's manufacturer and model, transmission protocol (Bluetooth or NFC), hardware capabilities, operating system version, identifier and version information for the app, unique push notification identifier, unique application identifier, and carrier.
- Location Information. This App collects real-time GPS information about the location of your device, in conjunction with presenting a mobile credential to an access control card reader, to allow the smart device to communicate with an electronic access control card reader within close proximity. Each App installation is assigned a random, unique number on the device level that does not include personal data, in order to transmit low accuracy GPS coordinates. This random, unique number is used to transmit device location information in a deidentified manner, and this data is stored separately from personal user data. This allows the correlating of location data events to the device’s random, unique number and deters correlation of location data to an individual.
Opt-out of Location Information. Your geolocation data is collected automatically if you enable that function on your phone. You may turn off the geolocation function by turning off Location Services for this App, if you do not wish for that data to be collected. Disabling Location Services may degrade performance and may not provide a quality user experience.
Withdrawal
You may opt out of use of this App at any time by submitting a request through the AggieAccess website. You will be provided a physical access card to gain access to University facilities. You may opt out of location services at any time but this may degrade App performance.
Third-Party Information Collection
The corporate group (ASSA ABLOY) that owns the App may share automatically collected information with third parties. These third parties include companies within ASSA ABLOY and service providers to maintain the HID Mobile Access Application service.
The contract between the University and the App’s corporate group prohibits the corporate group from using data collected for any purpose except to provide the Service to the University. This means the corporate group is prohibited from selling, trading, collecting, or using the data for marketing, advertising, licensing, or research purposes, unless expressly approved in writing by the University.
How the University Uses Your Information
The University uses information collected about you or that you provide, including any personal information, to:
- Provide building and facility access at electronic access control points.
- Assist University police investigations for campus security and safety.
- Assist University investigations related to compliance with University policies and procedures.
- Federal, state, or local governmental authorities as required by law.
Disclosure of Your Information
The University may disclose de-identified information about users without restriction.
The University may disclose personal information that the University collects or you provide, pursuant to the restrictions established in UC Davis PPM 360-50. Additionally, the University may disclose personal information with your consent. The University will not disclose your personal information if such disclosure is inconsistent with PPM 360-50.
Your Choices About Our Collection, Use, and Disclosure of Your Information
The University strives to provide you with choices regarding the personal information you provide. This section describes how you can control what information is collected about you.
- Location Information. You can choose whether or not to allow the App to collect and use real-time information about your device's location. If you block the use of location information, some parts of the App may operate in a degraded capacity or not function properly.
Data Retention Period
Collected personal information from the App, including name, email address, user identifier, unique push notification identifier, unique application identifier, and device information will be retained by HID for 30 days following termination of the Service. Collected application state, events, usage statistics, and location data will be retained in deidentified form by HID for 3 years. Technical usage information and data analytics related to the App will be maintained by HID for 10 years in deidentified form.
Data Security
The University has implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide is stored on the University’s secure servers behind firewalls and encrypted pursuant to UCOP Policy IS-3.
The safety and security of your information also depends on you. Where the University has given you (or where you have chosen) a password for access to certain parts of our App, you are responsible for keeping this password confidential. The University asks you not to share your password with anyone. The University urges you to maintain unique passwords for your apps and services and not to reuse your Kerberos password. The University urges you to keep your smart device locked behind a PIN or biometric credential (fingerprint, facial recognition). The University urges you not to circumvent operating system protocols. The University strongly urges you not to share your device and mobile credential with anyone to provide facility or building access to unauthorized individuals.
The University is not responsible for the circumvention of any privacy settings or security measures the University provides. Circumventing security measures will lead to you being removed from the App. If removed, you will be required to use a physical access card.
Changes to Our Privacy Policy
The University may update this privacy policy from time to time. If the University makes material changes to how the University treats the users' personal information, the University will post the new privacy policy on the AggieAccess website at: https://aggieaccess.ucdavis.edu/privacy-policy.
The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring the University has an up-to-date active and deliverable email address for you and for periodically visiting this privacy policy to check for any changes.
Contact Information
To ask questions or comment about this privacy policy and our privacy practices, contact us at: https://aggieaccess.ucdavis.edu/contact or privacy@ucdavis.edu.