Thank you for using NFC Scanner. This Privacy Policy explains what personal data we collect when you use the app, why we collect it, the legal basis we rely on, and what rights you have over your data. We have written this in plain language — if anything is unclear, please use the contact details at the end of this document.

1. Who We Are (Data Controller)

civilsafety.tech is operated by Dot Design Media, based in Romania, is the data controller responsible for the personal data processed through the NFC Scanner application. As a Romanian company, we are subject to EU GDPR (Regulation 2016/679) and are supervised by the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP).

 

For users based in the United Kingdom, we also comply with UK GDPR as retained in UK law. The Information Commissioner’s Office (ICO) is the relevant supervisory authority for UK users.

 

NFC Scanner is a business-to-business application intended for use by authorised employees within organisations that have licensed the service. It is not a consumer app available to the general public.

2. What Personal Data We Collect

We collect the following categories of personal data:

Account & Authentication

  • Your email address and password, used to authenticate you in the app.
  • A session token stored securely on your device to keep you signed in between sessions.

NFC Scan Data

  • The identifier of each NFC tag scanned, along with the time and date of each scan.
  • The scanning round you were conducting when each scan was recorded.
  • Your GPS coordinates at the time of scanning, so the system can log the physical location where each checkpoint was verified. You will be prompted to grant location permission before this data is collected.

Device Information

  • Your device’s push notification token and platform (Android or iOS), used to deliver alerts relevant to your role. You will be asked for notification permission before this is collected.

Photos

  • If you submit a support ticket with an image attachment, the photo you select or capture is uploaded as part of that ticket. Camera and photo library permissions are requested before this happens.

Offline Queue Data

  • If your device loses connectivity while scanning, scan records are temporarily saved to a local database on your device and automatically uploaded to the server once connectivity is restored. This data is deleted from your device once successfully synced.

We do not collect any special categories of personal data (such as health information, biometric data, or political opinions), and we do not collect data from anyone under the age of 16.

3. Legal Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. The legal bases we rely on are:

 

  • The core operational data — scan records, GPS coordinates, round history, and device tokens — is processed on the basis of legitimate interests. Specifically, the legitimate interest is enabling your employer to manage and verify security checkpoint rounds. We have balanced this against your interests and rights, and consider this processing proportionate given the professional context.Legitimate interests (Article 6(1)(f)):
  • Your login credentials and session data are processed to provide access to the service as agreed between your employer and Dot Design Media.Performance of a contract (Article 6(1)(b)):
  • We may process or retain data where required to do so by applicable law, including Romanian law.Legal obligation (Article 6(1)(c)):

 

We do not rely on consent as our legal basis for any processing described in this policy, and therefore you do not have the right to withdraw consent (since consent was never the basis). Your rights under GDPR are set out in Section 9 below.

4. How We Use Your Personal Data

We use the data described above exclusively for the following purposes:

 

  • To authenticate you and maintain your session securely.
  • To record and verify NFC checkpoint scans as part of your organisation’s security rounds.
  • To attach GPS location data to scan records for audit and operational compliance purposes.
  • To send push notifications relevant to your duties, such as round assignments or alerts.
  • To process support tickets you submit, including any photos you attach.
  • To reliably sync scan data even when your device temporarily loses internet connectivity.

 

We do not use your personal data for advertising, automated decision-making, profiling, or any purpose unrelated to the core functionality of the app.

5. Data Retention

We retain personal data for as long as is necessary for the purposes for which it was collected, subject to the following:

 

  • Session tokens are removed from your device when you log out.
  • Offline scan data stored locally on your device is deleted automatically once it has been successfully synced to the server.
  • Scan records, round history, checkpoint definitions, and tickets held on the server are retained for as long as your employer’s licence is active, or as long as required for operational or legal compliance purposes.
  • When a user account is deactivated, access is revoked immediately. Residual data associated with that account may be retained for a reasonable period for audit trail purposes, after which it is deleted or anonymised.

 

If you wish to request deletion of your personal data, please see Section 9 (Your Rights) below.

6. How We Store and Protect Your Data

Your data is stored in two locations:

 

  • On your device: Your session token is stored in encrypted secure storage (Android Keystore / iOS Secure Enclave-backed storage). Offline scan data is stored in a local SQLite database and deleted after syncing.
  • On our servers: Scan records, round history, checkpoint data, tickets, and notification tokens are stored on the backend server configured for your organisation. All communication between the app and the server uses HTTPS encryption.

 

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure, in accordance with Article 32 of the GDPR.

7. Who We Share Your Data With

We do not sell your personal data. We do not share your data with advertisers or data brokers.

 

Your data may be accessible to the following parties:

 

  • Your employer or the organisation that has licensed NFC Scanner — as the data controller’s client, they have access to operational data generated by their employees through the app.
  • Dot Design Media technical staff — only to the extent necessary to maintain, support, and improve the service.
  • Competent authorities — if we are required to disclose data by law, court order, or at the request of a regulatory authority.

 

Where we engage third-party service providers who process personal data on our behalf (data processors), we ensure appropriate Data Processing Agreements are in place in accordance with Article 28 of the GDPR.

8. International Data Transfers

Dot Design Media is based in Romania and processes data within the European Economic Area (EEA). We do not routinely transfer personal data outside the EEA.

 

For users based in the United Kingdom, personal data may be transferred from the UK to Romania (an EU member state). Such transfers are permitted under UK GDPR as Romania is subject to EU GDPR, which the UK has recognised as providing an adequate level of data protection.

 

If any transfer outside the EEA or UK becomes necessary, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

9. Your Rights Under GDPR

As a data subject under EU GDPR or UK GDPR, you have the following rights:

 

  • You can request a copy of the personal data we hold about you.Right of access (Article 15):
  • You can ask us to correct inaccurate or incomplete personal data.Right to rectification (Article 16):
  • You can request deletion of your personal data, subject to certain conditions (for example, where we have a legal obligation to retain it).Right to erasure (Article 17):
  • You can ask us to limit how we use your data in certain circumstances.Right to restriction of processing (Article 18):
  • You can request your personal data in a structured, machine-readable format where technically feasible.Right to data portability (Article 20):
  • You can object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds that override your interests.Right to object (Article 21):
  • You have the right to complain to your national supervisory authority. For Romania, this is the ANSPDCP (www.dataprotection.ro). For the UK, this is the ICO (www.ico.org.uk).Right to lodge a complaint:

 

Because NFC Scanner is a workplace tool, some of these rights are best exercised through your employer, who may also act as a data controller for your employment data. For data held directly by Dot Design Media, you can contact us using the details in Section 11 and we will respond within 30 days, as required by GDPR.

10. Data Protection Officer

Given our size and the nature of our processing activities, we are not currently required to appoint a formal Data Protection Officer (DPO) under Article 37 of the GDPR. However, all data protection enquiries are handled directly by our management team. You can reach us using the contact details in Section 11.

11. Permissions We Request

The app will request the following device permissions. You can decline any of these, though doing so may affect certain features:

 

  • NFC — required to read NFC checkpoint tags. The core function of the app cannot operate without this.
  • Location (while in use) — used to record GPS coordinates at the point of each scan. Collected only while the app is open and actively being used.
  • Camera — used only if you choose to attach a photo when submitting a support ticket.
  • Photo Library — used only if you choose to select an existing image when submitting a support ticket.
  • Notifications — used to send alerts and updates relevant to your role.

12. Children’s Privacy

NFC Scanner is intended solely for use by working adults. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has used the app and submitted personal data, please contact us immediately so we can investigate and remove it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. If we make material changes, we will notify users through the app or by other appropriate means. The effective date at the top of this document will always reflect the most recent version.

 

We recommend reviewing this policy periodically. Continued use of the app after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

For any questions about this Privacy Policy, to exercise your data protection rights, or to raise a privacy concern, please contact us:

 

  • Company: Dot Design Media
  • Country: Romania (EU)
  • Email: office@dotdesignmedia.ro

We will acknowledge your request promptly and respond in full within 30 days, in accordance with GDPR requirements.