Openpath Privacy Policy

Effective Date: December 20, 2021

This Privacy Policy (the "Privacy Policy") describes how Openpath collects, uses, and discloses data, and what choices you have regarding your data. Updates in this version of the Privacy Policy reflect changes in data protection law.

This Privacy Policy applies to general business practices and the use of the Company’s websites (collectively, the "Website"), the data Openpath receives through the use of hardware, services, and applications provided by Openpath (collectively, the "Openpath System"). Openpath Security Inc is referred to in this Privacy Statement as "Openpath".

International Data Transfers and GDPR Statement as of December 20, 2021.

To learn more about how Openpath proactively protects against system vulnerabilities, read our security statement.

Types of Privacy

This Privacy Statement refers to two types of data:
  • Visitor Data, which includes:

    • Personal information we collect through the Website
    • Personal information we collect about you in the course of interacting with you, such as when you engage with us as a customer, potential customer, vendor, service provider, potential partner, partner, applicant, consultant, contractor or other third party in relation to the operation of our business generally. This includes sales, marketing, business contact and/or registration activities conducted by Openpath
  • Account Data, which includes:

    • Personal information that a Customer, a Customer’s Administrator, or Partner, inputs, uploads, or otherwise captures in the Openpath System;
    • Activity and event data that is automatically collected by Customers using the Openpath System; and
    • Personal and business information captured about Customers and their users, Partners and/or applicants in order to establish or maintain their business relationship with Openpath.

Administrator refers to an individual administrator of the Openpath System authorized by the Customer, which may, in the discretion of the Customer, include Customer’s employees, agents, and contractors. Customer is an end user of the Openpath System. Partner refers to an authorized Openpath reseller or technology partner from whom a Customer obtains access and use to the Openpath System or related third-party services.

Go to top

How Openpath Collects and Uses Visitor Data

Openpath only collects the personal information necessary to enable us to respond to your requests for our products and services. When you use our Website, complete forms, schedule a demo, respond to a survey, complete a partner application, contact us or otherwise interact with our business, we usually collect personal information such as your name, email address, postal address, company name, phone number and any other information you choose to optionally provide that will enable us to respond as requested to you.

You can opt out of providing personal information by not entering it to the Website or otherwise not providing it if asked.

Go to top

Computer Information Collected

When you use our Website, we automatically collect certain computer information by the interaction of your mobile phone or web browser with our Website. Such information is typically considered Non Personal Information. We also collect the following:

Go to top

Cookies

Our Website uses “Cookies” to identify the areas of our Website that you have visited. A Cookie is a small piece of data stored on your computer or mobile action by your web browser. We use Cookies to personalize the Content that you see on our Website. Most web browsers can be set to disable the use of Cookies. However, if you disable Cookies, you may not be able to access functionality on our Website correctly or at all. We never place Personally Identifiable Information in Cookies.

Go to top

Automatic Information & Log Files

We automatically receive information from your web browser or mobile action. This information includes the name of the website from which you entered our Website, if any, as well as the name of the website to which you’re headed when you leave our website. This information also includes the IP address of your computer/proxy server that you use to access the Internet, your Internet Website provider name, web browser type, type of mobile action, and computer operating system. Openpath may sometimes use IP addresses to analyze trends, administer the site, track user movement, and to gather broad demographic information for aggregate use. The IP addresses collected are not linked to PII unless a user specifically provides us that information during a session, such as by completing an inquiry form.

Go to top

How We Use Visitor Data

We use the information we receive from you as follows:

Sharing Information with Affiliates and Other Third Parties

We do not sell, rent, or otherwise provide your Personally Identifiable Information to third parties for marketing purposes. We may provide your Personally Identifiable Information to affiliates that provide services to us with regards to our Website (i.e. payment processors, Website hosting companies, etc.); such affiliates will only receive information necessary to provide the respective services and will be bound by confidentiality agreements limiting the use of such information.

Go to top

Data Aggregation

We retain the right to collect and use any Non Personal Information collected from your use of our Website and aggregate such data for internal analytics that improve our Website and Service as well as for use or resale to others. At no time is your Personally Identifiable Information included in such data aggregations.

Go to top

Legally Required Releases of Information

We may be legally required to disclose your Personally Identifiable Information, if such disclosure is (a) required by subpoena, law, or other legal process; (b) necessary to assist law enforcement officials or government enforcement agencies; (c) necessary to investigate violations of or otherwise enforce our Legal Terms; (d) necessary to protect us from legal action or claims from third parties including you and/or other Members; and/or (e) necessary to protect the legal rights, personal/real property, or personal safety of Openpath Security Inc, our Users, employees, and affiliates.

Go to top

Our Website may contain links to other websites that are not under our direct control. These websites may have their own policies regarding privacy. We have no control of or responsibility for linked websites and provide these links solely for the convenience and information of our visitors. You access such linked Websites at your own risk. These websites are not subject to this Privacy Policy. You should check the privacy policies, if any, of those individual websites to see how the operators of those third-party websites will utilize your personal information. In addition, these websites may contain a link to Websites of our affiliates. The websites of our affiliates are not subject to this Privacy Policy, and you should check their individual privacy policies to see how the operators of such websites will utilize your personal information.

Go to top

Surveys

We may occasionally request information from users via voluntary surveys. Information requested may include contact and demographic information. Survey data may be used to monitor or improve the use and satisfaction of our web site, products, or services. Openpath will retain ownership to all data provided via these surveys.

Go to top

How Openpath Collects and Uses Account Data

Openpath collects and processes all Account Data strictly on behalf of Customers and Partners in accordance with Openpath’s contractual agreements with them and/or as defined in the Terms and Conditions and/or as required or permitted by law.

Customers and Partners are responsible for ensuring that Account Data is obtained and processed in accordance with all applicable laws. Since Account Data is managed by the Customer, the Customer is responsible for providing appropriate notice and choice regarding Openpath’s processing of Account Data on behalf of the Customer. If an individual has any questions or concerns related to Openpath’s handling of Account Data pertaining to them, they may contact our Privacy Officer via dpo@openpath.com and we will work with the applicable Customer to address the concern.

From Customers, Openpath collects the personal information that is needed to properly manage Openpath’s business relationship. Customers will receive login credentials to manage their Openpath System accounts.

Go to top

Roles of Customers, Partners, and Openpath in Protection of Account Data

Openpath provides the Openpath System to Customers via its Partner channel. Partners selected by the Customer handle the initial setup and configuration of the Customer’s Openpath account.

Customers are responsible for verifying that all individuals who are designated as Administrators are authorized by the Customer for the levels of access granted. In general, Openpath recommends that the Customer designate an employee of the Customer to be the Super Admin. If the Customer chooses to permit an individual who is not an employee of the Customer (such as, for example, an employee of a Partner to have any administrative rights or other access or privileges to the Customer’s account or Account Data), the Customer is responsible for monitoring the third party’s access to and use of the account and Account Data. Openpath is not responsible for any unauthorized use or misuse of the Customer’s account access, account privileges or Account Data by anyone using access provided by the Customer.

Certain Openpath employees also will have access to Account Data, solely in connection with the provisioning of the Openpath System and to respond to specific Customer and Partner requests for technical support. Openpath will access Account Data only for the purposes of providing the Openpath System, preventing or addressing service or technical problems, in accordance with the provisions of any separate written agreement between Openpath and Customer (such as, for example, the Openpath Terms and Conditions applicable to the Openpath System (as applicable, the “Terms and Conditions”)), or as may be required by law.

Go to top

Openpath collects the following types of Account Data:

Information provided by Customers: The Openpath System provides the capability for Customers to store basic personal information such as an individual’s name, credential number, email address and photograph. This information is used to correlate security events to the correct individual, as well as to enable notifications and mobile application functionality. The Customer is solely responsible for determining if storage of this data is appropriate in the context of applicable laws and regulations.

Information generated from events: The Openpath System is used by the Customer to collect activity and event data. For example, the Customer can use the Openpath System to record that an access card was used at a particular door at a certain time. Through correlation with the information a Customer provides, Openpath may be able to tie an access event to a particular individual’s credential.

Log Information: The Openpath System records the actions of Administrators, as well as the status and the settings of various devices that have been configured to operate with the Openpath System. Log information may be used by the Customer to review the activity of Administrators.

Mobile Application: Openpath provides a mobile application which can be used with the Openpath System. The Openpath Mobile App is a form of digital credential used to authorize physical access to a building. Openpath collects information about the location of the device and its proximity to certain available Openpath readers within Bluetooth range of the Openpath Mobile App to simplify authorization to open the proper lock or door. In order to provide these services, Openpath collects various types of device, WiFi access point data and Bluetooth data. In order to use the services of the Openpath mobile applications, various features such as location services, WiFi, and Bluetooth communication will need to be enabled on the mobile device.

Location Data: In order for some features to work reliably, the Openpath Mobile App requires Location Services always enabled. We don't ever collect your physical location or GPS information, and do not share or sell your data to third parties. The app doesn't actually use your physical location, but rather Bluetooth Low Energy (BLE), which iOS and Android consider as part of their Location Services.

  • On iOS devices: The Openpath app also uses Motion Services in order to detect if a phone is in motion – if it is stationary, the Openpath background service will shut down in order to conserve battery. If the app detects the phone is moving, the Openpath service will resume in order to communicate with any nearby Openpath readers.

  • Logging data: Openpath does not log the geolocation or GPS of your phone. We temporarily log motion data on iOS devices and can only receive that data if you Send Feedback via the app for troubleshooting purposes.

If you'd rather not enable these features, you can still unlock entries on iOS devices by using Touch to Unlock with the Openpath app open and Bluetooth turned on. On Android devices, Touch to Unlock won't work if Location Services is turned off regardless if the app is open or not, but you can still use the app to unlock entries by tapping on the lock icons next to the entries.

Account Data may be used by Openpath to:
  • Enable event notifications and Openpath Mobile App functionality.

  • Contact the Customer to inform it of product and service enhancements that Openpath thinks may be of interest to it.

  • Provide important service notices regarding the Openpath System and related devices. While Customers use Openpath System services, it will not be possible to opt out of communications regarding Openpath System service notices.

  • Ask the Customer to participate in surveys that help Openpath better understand the Customer’s needs in order to improve Openpath products and services.

  • Openpath also shares data with relevant third-party service providers when explicitly authorized by Administrators in the relevant Openpath System account; for example, to enable integrations with Video Management Systems, Alarm Systems, or Directory Services such as Active Directory.

Go to top

Compliance with General Data Protection Directive (GDPR)

In the context of GDPR, individuals residing in the European Economic Area with data stored in the Openpath System or using Openpath applications are considered “Data Subjects.” Customers (and in some cases Partners) are considered “Data Controllers.” Openpath is a “Data Processor.”

In Openpath’s role as a Data Processor, Openpath is the responsible custodian of the Data Subject’s data, performing this role on behalf of the Data Controller. The Data Controller is completely responsible to determine what data is captured, stored and processed within the Openpath System. Openpath does not share, sell, rent, or trade personally identifiable information with third parties unless directed by a Data Controller.

Within Openpath’s service model, most Data Subjects will have limited direct interaction with the Openpath System applications that capture and store their data. This interaction by Data Subjects will primarily be via the Openpath Mobile App. Most Data Subjects will be employees, visitors, or contractors of the Data Controller. Data is captured based on their relationship with the Data Controller. The Data Controller is responsible for gaining necessary consent from the Data Subject regarding the data to be stored. In cases where a Data Subject requests Account Data to be deleted from the Openpath System, Openpath will refer such request to the Data Controller for adjudication.

The GDPR includes provisions that grant Data Subjects portability rights in their personal data. Openpath will coordinate with Data Controllers and, as applicable Data Subjects, when requested to delete, anonymize or port data. Openpath provides for portability and is continually working to enhance its data export capabilities.

Openpath will continue to monitor the GDPR and evolve Openpath’s systems and processes to ensure continued compliance.

Go to top

GDPR Right of Individual Access and Limited Use

Those residing within the European Economic Area may request to access, correct, or limit the use of their personal information within the Openpath System by submitting a request to their Openpath Administrator. Individuals may have the right to complain to a data protection authority in the country where they live, where they work or where they feel their rights were infringed if they have concerns about their rights.

Go to top

Information Security

Openpath maintains a comprehensive, written information security program that contains industry standard, administrative, technical, and physical safeguards designed to prevent unauthorized access to Account Data.

Go to top

Law Enforcement Requests

Openpath may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Go to top

Data Location & Transfer of Information

Openpath stores all Visitor Data and Account Data in the continental United States. To facilitate Customers’ global operations, Openpath transfers information to the United States and provides access to that information to Customers around the world.

Go to top

Data Processing Addendum

Go to top

Data Retention

Openpath retains Visitor Data in accordance with our data retention policies and practices. The length of time we keep your information depends upon a number of factors, including the type of information. In general, we retain personal information for as long as we have an ongoing business need to retain it. Following that period, we will delete it.

Go to top

Data Incidents

If Openpath becomes aware of any improper access, unauthorized use or disclosure of Account Data (a “Data Breach”), Openpath will analyze the facts of the Data Breach in the context of applicable laws, regulations, policies and contractual obligations to determine the appropriate notification process. Openpath will conduct notifications in a timely manner after becoming aware of a Data Breach and take reasonable steps to minimize harm and mitigate further risks to Visitor Data and Account Data.

Go to top

Third Parties Who May Receive Personal Data

Openpath works with a select number of third-party service providers to perform database monitoring and other technical operations, assist with the transmission of data, and provide data storage services. These third parties may access, process, or store personal data in the course of providing their services. Openpath maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our privacy obligations. Openpath may be liable if they fail to meet those obligations, unless we prove that we are not responsible for the event giving rise to the damage.

Go to top

Other International Users

The Website is hosted in the U.S. If you are a consumer accessing the Website from Asia, or any other region with laws or regulations governing personal data collection, use and disclosure that differ from U.S. laws, your continued use of the Website, which is governed by U.S. law and these terms, indicates your consent to transfer of your information to the U.S.

Go to top

Children's Privacy

Because protecting the privacy of young children is especially important, we do not knowingly collect or maintain information from or about persons under 13 years of age. No part of our Website is structured to attract anyone under 13. If you are under 13, do not use or access the Website at any time or in any manner. If we learn that personal information of persons under 13 has been collected on the Website without verified parental consent, we will take appropriate steps to delete this information.

Go to top

California Privacy Rights (For California Residents Only)

Section 1798.83 of the California Civil Code requires select businesses to disclose policies relating to the sharing of certain categories of customers' personal information with third parties. These businesses are required to accept requests for disclosures of these policies from customers but are only required to honor one request per calendar year. Businesses have thirty (30) days to respond to each inquiry to the designated address. Each inquiring customer will receive an explanation of the categories of customer information shared and the names and addresses of any third-party businesses. In limited circumstances, customers' failure to submit requests in the manner specified will not require a response from the business.

If you are a California resident, you may request such information from us by sending a letter to the address listed below. In your letter, please provide your name, address and email address, as well as a request that we provide such information to you, by using the following or similar language, “I request that Openpath provides its third-party information sharing disclosures required by section 1798.83 of the California Civil Code.”

Go to top

Changes to This Privacy Statement

Openpath reserves the right to change this Privacy Statement from time to time but will alert you that changes have been made by indicating on this Privacy Statement the date it was last updated. If Openpath makes a material update, Openpath may provide you with notice prior to the update taking effect, such as by posting a conspicuous notice on Openpath’s website or in the Openpath System or by contacting you using the email address you provided. We encourage you to periodically review this Privacy Policy to stay informed about Openpath’s collection, processing and sharing of Account Data.

Go to top

Contacting Us

For any security questions or concerns, please email security@openpath.com.

If you have questions regarding this Privacy Statement or if you need to request access to or update, change or removal of personal information that we control, you can do so by contacting:

Openpath Privacy Officer
Openpath Security Inc
13428 Maxella Ave, #866
Marina Del Rey, CA 90292
dpo@openpath.com
1-844-673-6728

Go to top