This document governs your use of the software application Device Monitor ("Application") for mobile devices that was created by XLAB d.o.o. Device Monitor is part of the network security solution used to analyze network data traffic in order to detect malicious networks (botnets) and malicious software on mobile devices. Device Monitor interacts with service GCMServer ("Service"), also created by XLAB d.o.o.
By using the Application users monitor their device for malicious activities that may be running in the background of the device and user is not aware of them. Application monitors connections to external resources, and in case of detected connection to known malicious end-points notifies the user and issues report to the Service. The information gathered is anonymized to a high degree and no other personal data is exposed. See Data Collected section for more details. Device Monitor also inspects installed applications for known exploits and in case of detection of such it reports these to the Service.
The data reported to the Service can be later analyzed to find abnormalities in groups of devices. You can see all the data that is shared with the server in the "Event Viewer" section of Device Monitor.
The Data is kept for the time necessary to provide the service as stated by the purposes outlined in this document, and the User can request the Data Controller for suspension or removal of the data related to the User. In some cases the Data can not be related to the User (e.g. IP address has changed or is behind proxy server).
Personal Data is collected for the following purposes and using the following services:
The Service's component is capable of analysing and correlating of the data which has been aggregated during the time of Application's use. Results of the correlation may be shared with third parties restricted to the Consortium.
This Application may send push notifications to the User using Google Cloud Messaging mechanism.
The Data collected may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Application or the related services.
More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time at its contact information.
Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Data Controller at the contact information set out above.
Personal Data is any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including Internet Protocol Address (IP). We follow the opinion of the Article 29 Working Party which considers that IP addresses shall be treated as personal data in almost all situations.
Information collected automatically from this Application, which can include: the IP addresses of the device utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), and the operating system utilized by the User and other parameters about the device operating system.
The individual using this Application, which must coincide with or be authorized by the Data Subject, to whom the Personal Data refer.
The legal or natural person to whom the Personal Data refers to.
The natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
Device Monitor, the software tool, which is used to collect the User's Data.
The Consortium consists of partners within EU funded project Advaced Cyber Defence Center (ACDC). The updated list of members of the Consortium is available here: http://www.acdc-project.eu.
This privacy statement has been prepared in fulfillment of the obligations under Art. 10 of EC Directive n. 95/46/EC. To protect the fundamental rights and freedoms of users, especially the right to privacy with respect to the processing of personal data, we declare that we are in compliance with the European Data Protection Directive.