ABT DPOS is an internal mobile application operated by [Company legal name] (“Company”, “we”, “our”, “us”). This app is publicly listed on the stores but accessible only to authorized employees using company-provided credentials. This Policy explains what information we collect, how we use it, how we share it, and the choices available to you.
1) Scope
This Policy applies to the ABT DPOS iOS and Android apps used by authorized employees to operate Digital POS workflows (attendance, coordination, order alerts, packing, QR handover, inventory, reconciliation, and support). The app is not for consumer use and does not process card payments.
2) Data we collect
We collect only what’s necessary to operate ABT DPOS safely and effectively. Categories include:
| Category | Examples | Purpose | Store label mapping* |
|---|---|---|---|
| Account & Contact Info | Name, phone number, employee ID, role, workplace/hospital | Authentication (OTP + password), role-based access, support | Personal Info → Name, Phone number; IDs |
| Identifiers & Device Data | Device ID, app instance ID, push token (OneSignal) | Security, notifications, fraud prevention, troubleshooting | Identifiers |
| Location | Precise & coarse location during shifts (foreground/background) | Attendance, routing/coordination with PGs, audit logs | Location → Precise, Coarse |
| App Activity & Diagnostics | Screen views, taps, timestamps, crash logs | Operational analytics, reliability, abuse detection | App Activity; Diagnostics |
| Operational Transactions | Order/packing lists, reference “money to collect”, EOD totals | Operational handover & reconciliation (no card data stored) | Purchases/Transactions (non-payment operational data) |
| Photos/Media (Proofs) | Transaction proof photos: PG without face + items | Anti-fraud evidence, audit trail, dispute handling | Photos/Media |
*This mapping is provided to help complete Google Play’s Data Safety form and Apple’s App Privacy labels.
3) How we use data
- Operate ABT DPOS: authenticate users, enforce roles, enable core workflows.
- Attendance & coordination: verify check-in/out and facilitate routing during shifts.
- Notifications: send operational alerts via OneSignal (orders, stock, EOD reminders).
- Inventory & auto-reorder: manage stock, trigger API-based reorders on thresholds.
- Fraud prevention: store photo proofs of handovers (PG without face) to mitigate risks.
- Security & compliance: logs, audits, anomaly detection, policy enforcement.
- Support: respond to requests via hotline or in-app contact.
- Analytics & troubleshooting: improve performance, reliability, and usability.
We do not sell personal data and do not use data for cross-app advertising.
4) Legal bases
Where applicable (e.g., GDPR jurisdictions), we rely on:
- Performance of a contract (employment/assignment and operational policies).
- Legitimate interests (operations, safety, fraud prevention, analytics, and security) balanced against employee privacy.
- Consent for optional features (e.g., background location during shifts, push notifications) where required.
- Compliance with legal obligations (audit, accounting, incident response).
5) Sharing & processors
We share data only as needed:
- Service providers (processors): hosting, analytics, push messaging (e.g., OneSignal), support. Each is bound by contractual safeguards.
- Logistics/operations partners: limited operational data for order handover and inventory fulfillment.
- Corporate & compliance: with parent/affiliates and auditors, as required.
- Legal: when required by law or to protect rights, safety, and security.
We do not permit third-party advertising SDKs. Push delivered via OneSignal: see provider’s policy: [OneSignal privacy].
6) Retention
We keep data only as long as necessary for the purposes above, then delete or anonymize it per our retention schedule:
- Operational logs & attendance: [X months]
- Location events (during shifts): [Y days/weeks]
- Photo proofs (no faces): [Z months/years], or until operational/legal needs end
- Account & role data: while your employment/access is active, plus [N months] thereafter
You can request deletion as described in Your rights.
7) Security
We use administrative, technical, and physical safeguards such as encryption in transit, access controls, role-based permissions, audit logs, and secure development practices. No system is perfectly secure; we continuously improve safeguards and monitor for incidents.
8) Background location (during shifts)
ABT DPOS may collect precise location in the foreground and background during active shifts to enable attendance verification and coordination. The app shows an indicator while location services are active, and you can pause/disable tracking when off shift in your device settings or app controls. We do not use location for advertising.
9) Transaction photo proofs (no faces)
For each handover, the app allows a photo “moment of transaction” to prevent fraud. Photos should include product items and the PG without capturing faces. The app provides guidance to avoid faces or other sensitive information. Photos are stored securely and retained per our retention schedule.
10) Your rights & choices
- Access/Correct/Delete: request a copy, correction, or deletion of your personal data.
- Location controls: manage background location permissions in the app and OS settings.
- Notifications: opt in/out of push notifications via app/OS settings.
- Appeals/complaints: contact us or a relevant data protection authority.
To exercise rights, use the in-app Help & Support or contact: [dpo@company.vn]. We may verify your identity before responding.
11) International transfers
If data is processed outside your country, we apply appropriate safeguards (e.g., contractual clauses, intra-group agreements) consistent with applicable laws.
12) Children’s data
This app is for authorized employees. It is not directed to children and does not knowingly collect children’s personal data.
13) Changes to this Policy
We may update this Policy from time to time. We will post the updated version here and indicate the “Last updated” date above. Material changes may be communicated in-app or by other appropriate means.
14) Store-specific notices
Apple App Privacy labels
On the App Store, we disclose the categories of data Linked to You (e.g., Contact Info, Identifiers, Usage Data, Location during shifts, Photos for proofs, Operational Transactions) and the purposes (App Functionality, Analytics, Fraud Prevention, Security, Compliance). We do not use data for “Tracking” for advertising.
Google Play Data Safety
On Google Play, we declare collection of Personal Info, Location (precise/coarse), App Activity, Device IDs, Photos/Media, and limited operational Transactions; data is encrypted in transit; deletion is available upon request; data is shared only with service providers and operations partners; no sale or cross-app advertising use.
15) How to contact us
[Company legal name]
Address: [Registered address]
Privacy/DPO: [dpo@company.vn]
Support: [support@company.vn] · Hotline: 1800 255 868
Website: [https://www.example.com/privacy]
Jurisdiction-specific disclosures (e.g., Vietnam, EU/EEA, UK, etc.) can be added here if required by your compliance team.