PCN Verifier App Privacy Policy

1.0 Our core beliefs regarding user privacy and data protection

User privacy and data protection are human rights
We have a duty of care to the people within our data
Data is a liability, it should only be collected and processed when absolutely necessary
We loathe spam as much as you do!
We will never sell, rent or otherwise distribute or make public your personal information

2.0 Relevant legislation

Along with our business and internal computer systems, the named app & the corresponding infrastructure is designed to comply with the following national and international legislation with regards to data protection and user privacy:

The PCN Verifier app compliance with the above legislation, all of which are stringent in nature, means that the app is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether the app is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact our data protection officer (details of whom can be found in section 9.0) for clarification.

3.0 Personal information that the app collects and why we collect it

The PCN Verifier app collects and uses personal information for the following reasons:

3.1 IP address logging

When the app on your device connects to our server to download content, your device’s IP address (which could be used to personally identify you) is logged by our server.

3.2 Crash reporting

If you opt-in to allow sending of crash reports, if the app crashes, some data about your device is sent to the provider of this service, Firebase Crashlytics

This data is used by us to try and ascertain why the app on your device crashed. Collecting this data helps us identify recurring problems that need to be fixed in future app updates.

Full details of data collected can be found here. Below is a typical example of the type of data that is sent from your device:

	Value
Date of crash	05/02/2024 5:36:58 PM
App Name	PCN Verifier
App Version	2.0.4 (9)
Device OS Name	iOS
Device OS Version	17.3.0
Device Model	iPhone 12
Device RAM free	80.02 MB
Device Disk Space	7.62 GB
Device Orientation	Portrait
Jailbroken/rooted	No
App running in background	No
Class/Module Name	MasterViewController.swift
Line Number	179
Method	tableView
Crash Stack Trace	Fatal Exception: NSRangeException 0 CoreFoundation 0xec678 (Missing UUID 5a6c1f41bf7032f6a1d65b894dd21362) 1 libobjc.A.dylib 0x2bc80 objc_exception_throw 2 CoreFoundation 0xb4460 (Missing UUID 5a6c1f41bf7032f6a1d65b894dd21362) 3 PCNVerifier 0x80fc tableView + 179 (MasterViewController.swift:179) 4 PCNVerifier 0x83d0 tableView + 188 (MasterViewController.swift:188) 5 UIKitCore 0x287588 (Missing UUID 6398ddd4ea3631cdb8492f6217205bed) 6 UIKitCore 0x286f24 (Missing UUID 6398ddd4ea3631cdb8492f6217205bed) 7 UIKitCore 0x28550c (Missing UUID 6398ddd4ea3631cdb8492f6217205bed) 8 UIKitCore 0x284ff4 (Missing UUID 6398ddd4ea3631cdb8492f6217205bed) 9 UIKitCore 0x32c04 (Missing UUID 6398ddd4ea3631cdb8492f6217205bed) 10 QuartzCore 0x667ec (Missing UUID 5c3ee3d91aaa3052a6c7b957b454ad71) 11 QuartzCore 0x66374 (Missing UUID 5c3ee3d91aaa3052a6c7b957b454ad71) 12 QuartzCore 0x6c860 (Missing UUID 5c3ee3d91aaa3052a6c7b957b454ad71) 13 QuartzCore 0x65b80 (Missing UUID 5c3ee3d91aaa3052a6c7b957b454ad71) 14 QuartzCore 0x65834 (Missing UUID 5c3ee3d91aaa3052a6c7b957b454ad71) 15 UIKitCore 0xaaf34 (Missing UUID 6398ddd4ea3631cdb8492f6217205bed) 16 UIKitCore 0xaaa4c (Missing UUID 6398ddd4ea3631cdb8492f6217205bed) 17 UIKitCore 0xaa13c (Missing UUID 6398ddd4ea3631cdb8492f6217205bed) 18 UIKitCore 0xaa1f8 (Missing UUID 6398ddd4ea3631cdb8492f6217205bed) 19 CoreFoundation 0x370ac (Missing UUID 5a6c1f41bf7032f6a1d65b894dd21362) 20 CoreFoundation 0x36328 (Missing UUID 5a6c1f41bf7032f6a1d65b894dd21362) 21 CoreFoundation 0x34adc (Missing UUID 5a6c1f41bf7032f6a1d65b894dd21362) 22 CoreFoundation 0x33818 (Missing UUID 5a6c1f41bf7032f6a1d65b894dd21362) 23 CoreFoundation 0x333f8 (Missing UUID 5a6c1f41bf7032f6a1d65b894dd21362) 24 GraphicsServices 0x34f8 (Missing UUID ac07ebbed8bc3e55a13a07bb548734d1) 25 UIKitCore 0x22c8a0 (Missing UUID 6398ddd4ea3631cdb8492f6217205bed) 26 UIKitCore 0x22bedc (Missing UUID 6398ddd4ea3631cdb8492f6217205bed) 27 PCNVerifier 0x5b30 main + 15 (DetailViewController.swift:15) 28 ??? 0x1bc6eadcc (Missing)
Generated User UUID	F3888367-92A4-5A33-D576-777C30877AF4

Please note: the transfer of information about crashes and malfunctions to the Crashlytics service is optional and can be enabled or disabled at any time from within the app settings.

4.0 How we store your personal information

As detailed in section 3.1 above, if you use the app some personal information will be stored within our server logs. Your IP Address will be stored in a plain text format until the end of the current day (up to a 24-hour period) and, under normal circumstances, can only be accessed by our server operators who have the highest system privileges. At the end of each day the server logs are encrypted, these encrypted logs are retained for a further 30 days before being anonymised. The anonymisation process alters any personally identifiable information to the point where it cannot be linked back to you as an individual.

The data collected in section 3.2 is sent directly to the provider of this service, Firebase Crashlytics. Some of the data is copied to an offline spreadsheet which is used to identify repeat crashes in the same module/method.

5.0 About this app’s server

The server providing the supporting infrastructure for the PCN Verifier app is hosted by Digital Ocean within their London, UK region.

DigitalOcean’s infrastructure is continually maintained following internationally recognised security controls. Their infrastructure is monitored 24/7/365 and undergoes third-party audits as well as targeted testing annually. For physical security, each of their data centre colocation providers maintain industry-recognized certifications and it's networks are MANRS certified.

All traffic (transferral of files/data) between the server and the app is encrypted and delivered over HTTPS.

6.0 Our third-party data processors

We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and comply with the legislation set out in section 2.0.

Cloudflare (Privacy Policy)
DigitalOcean (Privacy Policy)
Firebase Crashlytics (Privacy Policy)

7.0 Data breaches

We will report any unlawful data breach of this app’s database or the database(s) of any of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

8.0 Data controller

The data controller for this app is: The British Institute of Non-Destructive Testing Limited, a UK Private Limited Company with company number: 969051

Whose registered office is:
  Midsummer House,
  Riverside Way,
  Bedford Road,
  Northampton .
  NN1 5NX

9.0 Data Protection Officer

Alicia Carroll
Quality Officer, The British Institute of Non-Destructive Testing Ltd.
Telephone: 01604 438300
Email: [email protected]

10.0 Changes to our privacy policy

This privacy policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or app users of these changes. Instead, we recommend that you check this page occasionally for any policy changes. Specific policy changes and updates are mentioned in the change log below.

10.1 Change log

30/04/2020

11/01/2024

Removed references to the unique Device ID which is no longer transmitted nor stored (since app version 2024.02)
Added information about crash reporting and what is contained within a report
Server logs are now anonymised (rather than deleted) after 30 days
Updated server details to reflect new hosting company
Updated Data Protection Officer details

14/08/2024

Updated Data Protection Officer email address