Privacy and Security Policy
At Brivo, privacy and security are core elements of our service. Accordingly, we are always conscious and respectful of the privacy and confidentiality of individuals who visit Brivo’s websites (“Visitors”), individuals who use our services (“Subscribers”), individuals who develop applications using Brivo’s APIs (“Partners”) and individuals engaged in selling Brivo’s products (“Dealers”).
Brivo.com is our public website which also contains a login portal for our Brivo OnAir® application and our Dealer Partner Portal.
Brivo OnAir (acs.brivo.com) is our application for delivering physical security management services using the Software as a Service (SaaS) model. Brivo OnAir uses a common interface to control and display elements related to physical access control, ID badging, and video surveillance. Brivo OnAir is a web-hosted application that allows Subscribers to manage physical security devices and monitor security events from their facilities.
Developer.brivo.com and apidocs.brivo.com provide services and information for Partners developing applications using Brivo’s APIs.
Brivo’s websites may contain links to other websites. The privacy statements of those websites govern the information practices and the content of those websites. Brivo encourages you to review the privacy statements of other websites to better understand their information practices.
Roles of Participants in Information Management
Brivo provides products to Subscribers via its authorized Dealer channel. Brivo’s Dealers handle the initial set-up and configuration of the Brivo OnAir application and hardware. Subscribers can choose what data to share with the Dealer during the set-up process. After initial set-up, access to the Subscribers Brivo OnAir account is limited to authorized Administrators. Brivo employees have access to Subscriber data solely to provide our services and in response to specific customer requests for technical support.
Collection and Use of Information
From Visitors to our websites, Brivo collects only the personal information necessary to enable us to respond to your requests for our products and services. When you visit our website, you may be asked to identify your product needs or the business category of your company, as well as your e-mail address, company name, business address and phone number. This information will better enable us to respond to your requests. If you wish to subscribe to news and information, we will use your address information for this purpose. We will provide you a way to modify your communication preferences and to unsubscribe.
As Visitors navigate Brivo’s websites, we may also collect information through the use of commonly used information-gathering tools, such as cookies and Web beacons (“Web Site Navigational Information”). Web Site Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on our websites, such as the pages viewed and the links clicked. The information we collect from our websites (such as domain name, number of hits, pages visited, and length of user session) may be combined to analyze how our websites are used. This information is then used to improve the usefulness of the sites.
From Subscribers, Brivo collects information (Customer Data) for the purposes of providing our services. We collect information in the following ways:
- Information provided by Subscribers: Brivo OnAir provides the capability for Subscribers to store basic personal information such as an individual’s name, email address and photograph. This information is used to correlate security events to the correct individual, as well as to enable notifications and Brivo Mobile Pass functionality. Though the system has the capability to store a number of personal data elements, these items are not essential for operation of the system.
- Information generated from events: Brivo OnAir collects access control and video event data. For example, Brivo OnAir records that an access card was used at a particular door at a certain time. This event may also be recorded on video, if that service is active. Through correlation with the information our Subscribers provide, we can tie that access event and video to a particular individual’s credential.
- Log Information: Brivo OnAir records the actions of system Administrators, as well as the status and the settings of various devices that have been configured to operate with Brivo OnAir. Customer Data entered in Brivo OnAir by Subscribers or collected through the operation of the system are for the exclusive use of our Subscribers. Brivo may access Customer Data only for the purposes of providing the Services, preventing or addressing service or technical problems, or as may be required by law.
- Third Parties: Brivo shares data with relevant third party processors when explicitly authorized by Administrators in the relevant Brivo OnAir account; for example, to enable integrations via our Application Programming Interface (API).
- Right of Individual Access and Limited Use: EU citizens may request access to or limited use of their personal data within the Brivo system by submitting a request to: email@example.com or calling 301-664-5242.
- Lawful Requests: Brivo also may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure. Please be aware that Brivo may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Brivo is liable for appropriate onward transfers of personal data to third parties.
Customer Data may also be used by Brivo to:
- Enable event notifications and Brivo Mobile Pass functionality.
- Contact you to inform you of product and service enhancements that we think may be of interest to you.
- Provide important service notices regarding the Brivo OnAir application and related devices. While you use Brivo services, it will not be possible to opt out of communications regarding service notices.
Ask you to participate in surveys that help us better understand your needs in order to improve our products.
From Dealers, Brivo collects the personal information that is needed to properly manage our business relationship. Brivo Dealers will receive login credentials to manage Subscriber accounts. Dealers are able to create a new account for each subscriber by providing Account Name, Reference Numbers, Username, and Email address. We only collect this information for the purposes of allowing you to manage your Subscriber accounts and for the purposes stated above.
- Data Location & Transfer of Information
Brivo stores all Customer Data in the continental United States. To facilitate our Subscribers’ global operations, Brivo transfers information to the United States and provides access to that information to Subscribers around the world.
- Data Safeguards
The security of Customer Data, including personal data, is very important to Brivo. Brivo maintains a comprehensive, written information security program that contains industry standard, administrative, technical, and physical safeguards designed to prevent unauthorized access to Customer Data. Brivo OnAir is capable of safeguarding Personally Identifiable Information (PII), in accordance with NIST SP 800-122 and OMB memos M-06-16 and M-07-16 with specific provisions enabled by the Subscriber.
- Data Retention
Brivo retains Customer Data according to the timeframes set forth in the relevant subscription agreement.
E.U.-U.S. Privacy Shield Statement
In compliance with the Privacy Shield Principles, Brivo commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union with inquiries or complaints regarding our Private Shield policy should first contact Brivo at firstname.lastname@example.org or 301-664-5277.
If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed by Brivo, EU individuals may bring a complaint before the BBB EU Online Privacy Shield. Information about how to file a complaint before the BBB EU Privacy Shield program can be found at: www.bbb.org/EU-privacy-shield/for-eu-consumers/. Finally, as a last resort and in limited situations, EU individuals may seek redress from www.jamsadr.com/about/submit-a-case for more information or to file a complaint. The services of www.jamsadr.com are provided at no cost to you.
The Federal Trade Commission (FTC) has jurisdiction over Brivo’s compliance with the Privacy Shield.
Deleting or Updating Information
Brivo encourages you to contact us if you wish to delete, correct or update your business information in our systems, or if you desire to change your preferences with respect to marketing contacts from Brivo by emailing us at email@example.com.
Brivo reserves the right to change this Privacy and Security Policy. Any changes to this policy will be posted to this page as soon as reasonably possible and will become effective immediately. For that reason, it is important that you check this page periodically. Use of the Brivo site constitutes consent to any policies then in effect.
Changes to this Privacy Statement
“Individual Customer” means an Individual customer or client of Brivo from the EU. The term also shall include any individual agent, representative, of an individual customer of Brivo and all employee of Brivo where Brivo has obtained his or her Personal Data from such Individual Customer as part of its business relationship with Brivo.
“Data Subject” means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.
“Employee” means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of Brivo or any of its affiliates or subsidiaries, who is also a resident of a country within the European Economic Area.
“Europe” or “European” refers to a country in the European Union.
“Personal Data” as defined under the European Union Directive 95/46/EC means data that personally identifies or may be used to personally identify a person, including an individual’s name in combination with country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password, and identification numbers. Personal Data does not include data that is de-identified, anonymous, or publicly available. For Switzerland, the term “person” includes both a natural person and a legal entity, regardless of the form of the legal entity.
“Sensitive Data” means Personal Data that discloses a Data Subject’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership.
“Third Party” means any individual or entity that is neither Brivo nor an Brivo employee, agent, contractor, or representative.
If you have questions or comments about Brivo’s Privacy and Security Statement, please feel free to contact us at firstname.lastname@example.org.