How do we secure this data?
All the communication that happens between our system and yours, is secured by standard SSL encryption. All the data that is stored in our systems follows the standard industry practices of security and privacy.
Do we disclose this information to any third party?
No, we don't. We never share any of the above mentioned information with any third party or organization unless, it is required to do so as per the law. However, please be informed that in the cases when the business that hosts the service queue, requires the consumer to identify themselves by providing their Name or Phone number or Email address, this data is visible to the operator or staff at that particular business. They can use this data to contact or identify the consumer in their system. Please also note, this data is retained in our systems as per our Data retention policy that is defined below.
When using our services: no, we don't. We don't use any cookies or such technologies to store or collect any information or analytical data when a user is using our services. We however use user's device's local storage to store their language preferences and other relevant application settings including but not limited to device's Unique identity, PUSH notification id etc.
Data collection policy
Any information collected by our systems is classified into 4 categories, namely: T1, T2, T3, T4. This categorization is done on the basis of the purpose of collection, usage and storage of that specific data. These categories are defined below.
- T1-data: Non-personal data collected for analytical purposes only.
- T2-data: Non-personal data that is collected and used, but never stored.
- T3-data: Non-personal data that is collected and stored on user's device and is sent to our systems only when a user joins a queue.
- T4-data: Personally identifiable data that is collected on-demand when:
- A user joins a specific queue which is configured by the business that owns such a queue to collect personally identifiable information like Name, Phone number or Email address.
- A user selects an external notification channel to receive queue update notifications. Such channels include, but are not limited to services like SMS, WhatsApp, Telegram or Email.
- A business or a business representative chooses to create an account on our system to manage the customer service queues and feedback for their business premises.
- A business or business representative chooses to evaluate the demo version of our product and services.
When visiting our website(s), we only collect non-personal data [T1-data] by using Google Analytics as the tool for collecting such data. This data collection does not start automatically and the user has the choice to accept or decline the collection of such analytical data during their first visit to the website. The user's preferences are saved and respected during their subsequent visit(s) to the website. No personal data or any such data that can be used to identify a user personally is collected without the consent of the user.
When using our services as a consumer, we collect the following personal or non-personal data which is used, processed or stored in our systems based on specific requirements or use-cases:
- User's current location [T2-data]
- User's device's unique identity [T3-data]
- User's device's PUSH notification id [T3-data]
- User's response to service specific questions[T3-data]
- User's name, phone number or email address [T4-data]
- User's id for a specific notification channel [T4-data]
When using our services as a business, we collect the following data which is processed and stored in our system:
- Details of the business like:
- Business name
- Business address
- Business owner name (person or organization)
- Details of the person-in-charge / additional staff:
- Email address
- Phone number
We do not collect any personal or non-personal data without the consent of the user.
Data retention policy
Any personal data that is collected by our system during the "Take ticket" or "Join queue" process, on-demand from the business or on-demand from the user for notification purposes, is stored securely in our systems and is protected by multiple layers of security. By default, all such data is retained in our system for the duration the business account is active. However, it is also possible for the business to configure the lifetime of such data by choosing any one of the following options:
- 12 months from the date of joining the queue
- 06 months from the date of joining the queue
- 03 months from the date of joining the queue
- Let user delete their data after they have provided feedback for the service they received.
Any personal data that is collected by our system during the "Account creation" process in user's role as a business or business representative is stored securely and is retained by our system for the duration the business account remains active.
Once a business withdraws from using our services or they choose to delete their account:
- All the personal and non-personal data that is a part of a ticket is wiped out from our systems;
however, the following data still remains for analytical and statistical purposes:
- Ticket date
- Ticket number
- Queue and business to which the ticket belongs
- Time statistics for a ticket (e.g. Take time, Call time, Finish time)
- Unique identity of the device which was used to procure the ticket (join the queue)
- All the personal data that is a part of operator or business staff profile is wiped out from our
systems; however, the following data still remains:
- User id of the staff
Data usage policy
Any personal data that is a part of operator or business staff profile is used for following purposes:
- Login and accessing services
Any personal data, that is a part of a ticket, collected on-demand by the business which owns the queue is only visible to the person who joins the queue or the staff at the business that has requested such data to be collected. This personal data is used by the business as per their organization's data-usage policy and also to identify the ticket holder from their customer register by using the name, phone number or email address as the search input or search string. We do not use any of this data in any form other than displaying it to the business staff in their control panel from where they manage the queue.
Any personal data, that is collected on-demand for sending notifications via external services is used by our system to send queue update notifications to the ticket holders. We do not use this data in any way other than for sending notifications.
Any non-personal data, that is collected as a part of the "Join a queue" or "Take ticket" process is used as follows:
- User's location is used to return the list of nearby places within a specific radius.
- Unique identity of device is used to discourage one device to have multiple open tickets in the same queue on the same date.
- PUSH notification id of device is used to send queue update notifications to the user by using the Firebase push notification service.
No personal data is used for any marketing or sales or promotional activities, however contextual data related to queuing and relevant statistics can and will be used for further statistical and research purposes. We can also use this anonymous statistical data for marketing purposes. Examples of such data include (but are not limited to):
- Total number of tickets taken in any duration (e.g. per day, per week).
- Statistics interpreted from tickets - like Average waiting time, Average service duration.
Under GDPR (EU) 2016/679, any personal data that is collected during the usage of our service, like Name, Phone number or Email address is stored securely in our systems - following the standard industry practices of security and privacy. Any such data is not shared with any third party or organization, unless it is required to do so by the law.
Under GDPR (EU) 2016/679, any personal data that is collected during the usage of our service, is stored for a maximum of 12 months, unless the user has requested a deletion of their personal data. In case of a request for deletion, the data is removed from live and backup systems within 180 days.