Latest update: March 8, 2017
1- Who we are
Gemalto Pte (Ltd) a company organized under the laws of Singapore.
2- What we do
We have developed this mobile application based on a One-Time Password (OTP) technology allowing a secure and convenient authentication to internet services via an OTP server.
3- Location of the OTP server?
Depending on the terms of the contract between us and your organization that acquires the OTP service, the OTP server can be located at the premises of your organization or in our data center located in Ottawa (Ontario - Canada).
4- Information collected by the Application
To activate the OTP service via the mobile application you will have to enter a PIN number, registration code, or OTP server URL. This information is entered by you to authenticate and to register to the OTP server of your organization. You also have the option to perform the activation via QR code.
5- Information that could be automatically collected by the Application
|Information automatically collected
Reasons for the automatic collection
Read phone status and identity
|It allows to identify the phone and to derive some parameters used for security functions
Take picture and videos
|It lets the app control the camera function on your phone. In theory this could be used maliciously to snap unsuspecting photos, but it would be unlikely and difficult to get a worthwhile picture or video. However, it is not impossible to make malicious use of cameras.
Modify, read or delete the content of the SD card
|The SD card is used to store some logs used for debugging or maintenance purpose
Find accounts on the device
|This is required by GCM service while getting a unique device ID.
View network connections
|This is required for accessing ConnectivityManager (mainly for monitoring network connections in general)
View WiFi connections
Allows the app to view information about wi-fi networking, such as whether wi-fi is enabled.
|This allows apps to turn on or off the LED "flash" light used by the camera
Prevent phone from sleeping
|This is required to keep processor from sleeping, in our case we are using WakefulBroadcastReceiver for handling push notifications, which keeps the processor from sleeping until the push notification message is processed.
6- Third parties access to information obtained by the Application
Third parties do not have access to the information obtained by the Application.
7- Sharing of data with third parties
We share information with your organization that has acquired the OTP service. We may also disclose personal information to respond to legal requirements (for example, in response to requests by federal, state or local authorities, including tax authorities, subpoenas, court orders or other legal processes) or in the good-faith belief that disclosure is legally required, enforce our policies, establish or exercise our legal rights or protect anyone's rights, property or safety.
8- Sharing of data for marketing purposes.
We do not share the data for marketing or advertising purpose.
9- Security and Retention
If your information is stored on our servers located in Ottawa (Ontario - Canada): we treat data as an asset that must be protected and use tools (encryption, passwords, physical security, etc.) to protect your personal information against unauthorized access and disclosure. However, as you probably know, third parties may unlawfully intercept or access transmissions or private communications, and other users may abuse or misuse your personal information that they collect from the site. Therefore, although we work very hard to protect your privacy, we do not promise, and you should not expect, that your personal information will always remain private.
We retain information in accordance with the duration of the agreement with your organization. In addition, we may retain personal information from closed accounts to comply with the law, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, enforce the agreement and take other actions permitted by law.