Privacy Policy - Mobile Applications

This Privacy Policy applies to use of the Opensignal (“Opensignal,” “we,” “us,” or “our”) mobile application and mobile applications operated by one of our partners (each, a “Partner”) who has implemented our Software Development Kit, or “SDK.”

1. WHO WE ARE

Opensignal works with the global telecom ecosystem to help it understand and improve network speeds and network coverage for consumers like you. We help companies build better networks in the areas that need it most. Opensignal takes great pride in providing a service that benefits many.

When you opt-in to allowing Opensignal to collect network performance readings from your device, we work with our Partners and companies in the telecom ecosystem to provide you with a better network and application experience. We rely on your choice and consent to initiate any transfer of data. Our mobile application Partners support us entering into this relationship with you by facilitating our disclosure and consent process. We never collect anything that directly identifies you or your mobile handset. We depersonalize all data prior to any external sharing, which may include insights, aggregations, and analyses.

This Privacy Policy describes how we, Opensignal, collect, use, and share the data that you consent for us to collect, including personal data, when you opt in to allow us access to data in connection with the network performance experienced through a mobile application operated by one of our Partners.

As a company whose livelihood depends on data and its proper treatment, Opensignal takes data privacy and security very seriously. As such we have taken steps to go well beyond basic privacy and data protection requirements.

We request your consent to collect information relating to the network performance your device experiences, which may include the types of personal data described below, in order to measure the performance, availability and/or signal quality of communication networks (the “Opensignal Services”).

Opensignal is responsible for the collection, control and processing of personal data that we collect from your device. If you have any questions or concerns about Opensignal’s use of your personal data, please contact us at [email protected].

The purpose of this Policy is to inform you about our privacy practices and to ensure that you understand the purposes for which we collect and process  personal data. The following is a brief summary of the manner and purposes for which we process personal data.

IF YOU HAVE RIGHTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT, PLEASE SEE THE CCPA SUPPLEMENT BELOW IN SECTION 10. IF YOU HAVE RIGHTS AS A RESIDENT OF NEVADA, PLEASE SEE YOUR NEVADA PRIVACY RIGHTS IN SECTION 11.
 

2. MOBILE APPLICATIONS

At Opensignal, we use mobile network experience measurements to publish independent reports and insights on the real-world mobile network experience of everyday users worldwide. We obtain the relevant data by collecting measurements relating to signal reception and quality from mobile devices. The Opensignal mobile application and our Partner’s mobile applications (each, a “Mobile Application”) enable us to request your consent to our data collection. If you consent to initiate our collection of   data, we may collect data from your mobile device when you are using a Mobile Application and/or when it is running in the background pertaining to network and wireless device experience.
 

HOW WE COLLECT AND USE PERSONAL DATA

If consent has been granted, we take measurements from devices from time to time including location data (which include GPS coordinates or similar information regarding the location of a network reading taken from your device), network type, network operator, cellular and Wifi signal strength and quality, and the identifiers of connected cell towers and Wifi routers (including both BSSID and SSID). Location readings are never tied to a device identifier such as a mobile handset MAC or IMEI, which we do not collect, and are instead the locations of network experience readings for purposes such as building general heatmaps of good and poor performance. We measure the performance of the data connection including the speed, responsiveness and reliability along with the total amount of data transferred. We do not monitor or collect user generated content or personal demographic data on users such as the name, age, gender, or telephone number. We also do not collect information about the use of a device such as apps used, or the content accessed. The goal of collecting limited device data is to measure the experience that devices have on wireless networks.

We collect information from environmental sensors on devices (depending on which ones are integrated in the device), which allows us to measure things such as the device acceleration, orientation and the external atmospheric pressure and light intensity. We also measure some internal device conditions – such as battery temperature and voltage. The goal of collecting this data is to understand how instantaneous device conditions may affect the experience of wireless networks.  To better understand differences between devices, we collect data on device hardware such as the model, manufacturer, and manufacturers and models of sub-components (such as the cellular radio) and the capabilities of these components (for example the number of cores on the CPU). Similarly, to understand differences caused by software, we collect information on the mobile platform version used and whether custom ROMs or Android skins are installed, as well as the operating system. The goal of collecting this data is to understand how device properties affect the experience of wireless networks.

When a Mobile Application containing our SDK is installed and consent is provided, an identification code (“Resettable ID”) is randomly generated by our software and allocated to that installation instance rather than the device when we take measurements. A different and unique Resettable ID will be generated by each Mobile Application on a particular device. New installations of the same Mobile Application will also generate new unique Resettable IDs. Resettable IDs are random, unrelated to each other, specific to Opensignal, and never shared externally. To further help us manage the data, we also collect IP addresses. These fields are needed for statistical purposes, for example to understand how much data is contributed by each software instance.

We prevent user identification; we do not collect name, email address, phone number, social media ID, contact list, mobile handset MAC/IMEI, or anything else which directly identifies an individual or their specific device.
 

THE PURPOSES FOR WHICH WE USE PERSONAL DATA

Opensignal depersonalizes or aggregates all data prior to sale. The purposes for which we collect, store, and then depersonalize/aggregate personal data for external use are the following:

We do not use the measurements we take from mobile devices for any individualized user identification or individualized user tracking. Measurements that we take from the mobile devices of individual network users allow us to measure the performance of a carrier and the service availability, quality and performance of numerous communication networks across the world and over time. For example, we use data to improve wireless networks, research market performance, identify aggregate trends in device and network utilization patterns, understand the network-based drivers of subscriber churn and acquisition, and design effective network performance communication campaigns. Furthermore, we use data for the purpose of providing aggregated telecommunications network flow share, market share and other market analysis, using proprietary algorithms generating observations of market behavior, activations and deactivations across the telecom infrastructure. We publish some of the statistical data that we generate and we provide it to our customers (such as network operators) to help them understand, communicate and optimize their own network’s service coverage, performance and signal quality (and those of their competitors). We also create de-identified, depersonalized and aggregated information. Although the end-product we produce is depersonalized, the underlying test-level data that we store internally and do not share contains personal data and is important for us for generating statistical data, validating the results, quality control and further analysis. While non-personal test-level data, including depersonalised location information, may be shared with customers, no personal data is provided to customers.

We use data to test, monitor, improve or upgrade the Mobile Applications or SDKs, to meet our legal obligations and the regulatory requirements to which we may be subject, for loss prevention purposes and to protect and enforce our rights and meet our obligations to third parties, and for our internal business purposes, such as compiling and analyzing usage information for general operational, statistical and business purposes.

Our customers and Partners are not permitted to use our data to identify the mobile applications or publishers that our data has been received from. We collect data from various mobile applications, and our reports, data, and documentation do not reveal which mobile applications the source data was collected from. We do not publicly disclose our Partners without their permission.
 

3. LEGAL BASIS FOR PROCESSING YOUR DATA

We collect and process personal data based on your express consent. If consent is provided, it can be withdrawn via measures provided by the Mobile Application, such as through the personal settings menu in the Mobile Application. In respect of any personal data collected from devices with your consent we also rely on our legitimate interest in conducting our business and in carrying out statistical and scientific research work and in providing analytical data to our clients and improving global connectivity for users like you.
 

4. HOW WE SHARE PERSONAL INFORMATION

1. Customers. We share analysis and statistical information based on measurements that we collect from users’ mobile devices with some of our customers under the terms of data license agreements and data sharing agreements. Our customers are not permitted to associate the data with any personal data they may otherwise access to communicate with you, to influence you or to profile or track individual users. They are required to keep the statistical data and analysis we provide confidential and to use appropriate means to protect it. Our customers that receive such data from us are not permitted to disclose any datasets to their own customers or any third parties.

2. Partners. We collect data from your mobile device through software incorporated into the Mobile Application which you download onto your device. We may share depersonalized and aggregated data for the purpose of helping a Partner improve the Mobile Application experience and performance based on network conditions.    

3. Service Providers. We may share datasets containing personal data with third-party service providers that perform services on our behalf in connection with the Opensignal Services, such as cloud service providers for storage and the processing required for depersonalization. Where this information is shared with such third parties, we obligate the third-party service provider to manage the information only on our behalf and solely for our benefit (and not for its own benefit).

4. Business Change. If we become involved in a merger, consolidation, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution or other transaction, or if the ownership of all or substantially all of our business otherwise changes, we may share or transfer databases containing personal data to successor party or parties in connection with such transaction or change in ownership or legal structure.

5. Necessary Disclosure. Regardless of the choices you make regarding your information and to the extent permitted or required by applicable law, we may disclose information about you to third parties to: (i) enforce or apply the terms and conditions of the Opensignal Services; (ii) comply with laws, subpoenas, warrants, court orders, legal processes or requests of government or law enforcement officials; (iii) protect our rights, reputation, safety or property, or that of our users or others; (iv) protect against legal liability; (v) establish or exercise our rights to defend against legal claims; or (vi) investigate, prevent or take action regarding known or suspected illegal activities; fraud; our rights, reputation, safety or property, or those of our users or others; violation of the Terms of Use, our policies or agreements; or as otherwise required by law.

6. Subsidiaries and affiliates. We may share the data that we collect from users’ mobile devices with the Opensignal subsidiaries and affiliates, with the purpose of bringing together complementary data on consumer experience, network performance, and subscriber behaviour.
 

5. HOW WE PROTECT PERSONAL INFORMATION

We take certain measures to protect personal data collected through the Opensignal Services against loss, theft, and unauthorized access, use, disclosure, destruction or modification. These include physical, technological, contractual, and administrative measures.
 

6. HOW LONG WE KEEP PERSONAL INFORMATION

Any personal data which may be contained in the sets of measurements of mobile network signal performance is retained for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
 

7. COUNTRY OF PROCESSING

We operate globally. The collection of data from devices takes place in the country where the device is used. We store and otherwise process data (including personal data) through third party cloud service providers who offer a range of global storage location options. We store personal data records predominantly through third-party cloud service providers on servers located in the United States of America. When transferring personal data records to a country which does not provide an adequate level of protection to privacy rights, we put in place appropriate safeguards including data transfer agreements.
 

8. CHILDREN'S PRIVACY

The Opensignal Service is not directed to children and is intended for use by adults only. We do not knowingly solicit or collect personal data from individuals under 18 years of age. If you are under the age of 18, please do not submit any information through the Opensignal Service and do not provide your consent for the use of your data.
 

9. DATA SUBJECT RIGHTS

Data subjects have the following legal rights in respect of their personal data that we process:

1. The right to require Opensignal to confirm whether or not your information is being processed, the purpose of any such processing, the recipients of any information that has been disclosed, the period for which your information is to be stored and whether any automated decision-making processes are used in relation to your information;

2. The right to require access to the personal data and to require Opensignal to rectify inaccurate information without undue delay;

3. Where Opensignal has relied on the ‘consent’ basis for processing that information, the right to withdraw your consent at any time. This right to withdraw consent does not affect the lawfulness of processing based on consent before its withdrawal;

4. The right to request the erasure of their information. You can make a request for erasure where:

1. the information is no longer necessary in relation to the purpose for which it was collected;
2. where the processing of the information is based on your consent (and the other circumstances described in the ‘Legal Basis for Processing Your Data’ and ‘How We Share Personal Information’ sections above no longer apply), if you withdraw your consent; or
3. where the personal data is processed by Opensignal solely on the basis of our ‘legitimate interest’, if you withdraw your consent for the processing of your data and you object to the processing of your personal data and there are no overriding legitimate grounds for the processing (such as, for example, the achievement of the purpose of using your data for statistical or scientific research purposes or where the processing of the data is required to meet statutory obligations or for the defense of legal claims).

Where Opensignal has disclosed your information of a data subject to a third party and you request the erasure or rectification of the data, Opensignal will take all reasonable steps to inform the third party of such request;

1. The right to require Opensignal to restrict its processing of your personal data in certain circumstances, such as where the accuracy of that data is disputed or an objection has been raised. In such circumstances, Opensignal will only process that information with your express consent, or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest;

2. Where data is processed based on your consent or to fulfil a contractual obligation, you have the right to receive your personal data from Opensignal in a structured, commonly used and machine-readable format;

3. The right to object to the processing of personal data where:

a. Opensignal relies solely on the ‘legitimate interest’ basis for processing that data, in which case we will be legally required to stop processing your information unless we have compelling legitimate grounds for the processing which override your privacy rights and interests; or
b. the information is used for direct marketing purposes, in which case we will immediately stop processing your information for such purposes.

4. You have the right to lodge a complaint with the UK’s Information Commissioner’s Office or in some cases with the data protection supervisory authority of the EU member state where you reside.

The above legal rights are subject to various conditions and exceptions including where the data is used for statistical or scientific research purposes and the exercise of the right would prevent such purposes from being attained or would seriously impair their attainment.
 

10. SUPPLEMENT FOR CALIFORNIA RESIDENTS

You will not need to create an account to exercise your rights. California residents have the right to:

  • Request that we delete personal information about you that we may have collected. To exercise this right, you must provide a verifiable consumer request by either calling us at +44 0845 834 0987 or by emailing us at [email protected].
  • Request that, for personal information that we have collected in the preceding 12 months, we disclose, free of charge (unless your requests are manifestly unfounded or excessive), the categories of personal information that we have collected about you, the categories of sources from which the personal information was collected, the business or commercial purpose for collecting or selling personal information, the categories of third parties with whom we share personal information. To exercise this right, you must provide a verifiable consumer request by either calling us at +44 0845 834 0987 or by emailing us at [email protected].
  • Request that, for personal information that we have sold or disclosed for a business purpose in the preceding 12 months, we disclose, free of charge (unless your requests are manifestly unfounded or excessive), the categories of personal information that we have collected about you, the categories of personal information that we have sold about you, the categories of third parties to whom each category of personal information was sold, the categories of personal information that we have disclosed about you for a business purpose, and the categories of third parties to whom each category of personal information was disclosed. To exercise this right, you must provide a verifiable consumer request by either calling us at +44 0845 834 0987, or by emailing us at [email protected].
  • Direct us, at any time, not to sell your personal information. We may sell your personal information within the meaning of the California Consumer Privacy Act of 2018 (“CCPA”). Under the CCPA, “sell” means sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, or by electronic or other means a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration. The law contains exceptions to this definition which may limit how we respond to your direction. To exercise this right to opt out, you may call us at +44 0845 834 0987 or email us at [email protected]. We do not have actual knowledge that we sell the personal information of minors under 16 years of age, and minors under the age of 16 may not use the Opensignal Services.

You can also authorize another person, called an agent, to exercise your rights on your behalf. You must provide the authorized agent written and signed permission to act on your behalf. We may deny requests from an authorized agent who does not submit proof that he or she has been authorized to act on your behalf. Furthermore, we may require you to verify your identity directly with us. We may also require you to directly confirm with us that you have provided the authorized agent permission to submit a request on your behalf. An authorized agent can make a request on your behalf by either calling us at +44 0845 834 0987 or by emailing us at [email protected].

Please note that we cannot fulfill requests to know the specific pieces of personal information that we may have collected about you. In order to disclose the specific pieces of personal information that we may have collected about you, we would have to verify your identity to a reasonably high degree of certainty. Given the limited amount of information that we collect about you, we do not maintain enough data points to verify your identity to the reasonably high degree of certainty required by the CCPA.

We may not discriminate against you because you exercised any of your rights under the CCPA.

To the extent that anything in this Section 10 conflicts with this Privacy Policy, this Section 10 shall govern.

The categories of California consumers’ personal data we may have collected in the past 12 months are listed above in Sections – HOW WE COLLECT AND USE PERSONAL DATA. Within the past 12 months we may have sold or shared the following categories of personal information: (1) Location, (2) Identifiers, and (3) Internet or other electronic network activity information, all of which we have collected from your mobile device. We may collect the categories we’ve previously identified (which include GPS coordinates or similar information), network type, network operator, cellular and Wifi signal strength and quality, and the identifiers of connected cell towers and Wifi routers (including both BSSID and SSID). We also measure how data is flowing, both passively (by monitoring how fast it moves through other Mobile Applications), and actively (by running a test that downloads or uploads data within our SDK). We do not monitor the content of your data usage. The goal of collecting the above data is to measure the experience you have of wireless networks. We also collect information from environmental sensors on your device (depending on which ones are integrated in your device), this allows us to measure things such as the device acceleration, orientation and the external atmospheric pressure and light intensity. We also measure some internal device conditions – such as battery temperature and voltage. The goal of collecting this data is to understand how instantaneous device conditions affect the experience of wireless networks.

To better understand differences between devices, we collect data on your device hardware such as the model, manufacturer, and manufacturers and models of sub-components (such as the cellular radio) and the capabilities of these components (for example the number of cores on the CPU). Similarly, to understand differences caused by software, we collect information on the mobile platform version used and whether custom ROMs or Android skins are installed. The goal of collecting this data is to understand how device properties affect the experience of wireless networks.

When you first use a Mobile Application an identification code (“Resettable ID”), is randomly generated by our software and allocated to that installation instance rather than the device whenever we take measurements. A different and unique Resettable ID will be generated by each Mobile Application on a particular device. New installations of the same Mobile Application will also generate new unique Resettable IDs. Resettable IDs are random, unrelated to each other, specific to Opensignal, and never shared externally. To further help us manage the data, we also collect IP addresses. These fields are needed for statistical purposes, for example to understand how much data is contributed by each software instance.

We use this data for the purposes listed above the Sections – THE PURPOSES FOR WHICH WE USE PERSONAL DATA. Measurements that we take from the mobile devices of individual network users allow us to create a detailed picture of the service availability, quality and performance of numerous communication networks across the world and over time.

We may have shared or sold certain categories of personal data listed in the Sections - HOW WE COLLECT AND USE PERSONAL DATA to the third parties listed in the Sections - HOW WE SHARE PERSONAL INFORMATION for a business purpose and in order to provide the Opensignal Services in the past 12 months. Within the past 12 months we may have sold or shared the following categories of personal information: (1) Location, (2) Identifiers, and (3) Internet or other electronic network activity information, all of which we have collected from your mobile device. We may have shared or sold the following categories of personal data with the following third parties or may do so in the following instances:

1. Certain Customers. In the past, we shared some of the test level measurements that we collected from users’ mobile devices with some of our customers, such as network operators, under the terms of data license agreements and data sharing agreements. Some of the data we shared in the past with our customers may have contained pseudonymous data, which means it is de-identified data, and could only potentially be associated with an individual with the use of separate data sets that are not held or processed by us.  Our customers are permitted to use the depersonalized data we shared for the purpose of analyzing it and/or generating aggregated data relating to the performance of their networks or telecommunications equipment (and competing networks or equipment) and to use this data in their sales activities. Our customers who received such datasets are not permitted to use other information to associate the information with any individual users. They are required to keep the data confidential and to use appropriate means to protect it.

2.Partners. We collect data from your mobile device through software incorporated in the Mobile Application which you download onto your device.  We may share depersonalized and aggregated data for the purpose of helping a Partner improve the Mobile Application experience and performance based on network conditions.    

3. Service Providers. We may share datasets containing personal data with third-party service providers that perform services on our behalf in connection with the Opensignal Services, such as cloud service providers for storage and the processing required for depersonalization. Where this information is shared with such third parties, we obligate the third-party service provider to manage the information only on our behalf, and on our written instructions and solely for our benefit (and not for its own benefit).

4. Business Change. If we become involved in a merger, consolidation, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution or other transaction, or if the ownership of all or substantially all of our business otherwise changes, we may share or transfer databases containing personal data to successor party or parties in connection with such transaction or change in ownership or legal structure.

5. Necessary DisclosureRegardless of the choices you make regarding your information and to the extent permitted or required by applicable law, we may disclose information about you to third parties to: (i) enforce or apply the terms and conditions of the Opensignal Services; (ii) comply with laws, subpoenas, warrants, court orders, legal processes or requests of government or law enforcement officials; (iii) protect our rights, reputation, safety or property, or that of our users or others; (iv) protect against legal liability; (v) establish or exercise our rights to defend against legal claims; or (vi) investigate, prevent or take action regarding known or suspected illegal activities; fraud; our rights, reputation, safety or property, or those of our users or others; violation of the Terms of Use, our policies or agreements; or as otherwise required by law.

6. Subsidiaries and affiliates. We may share the data that we collect from users’ mobile devices with the Opensignal subsidiaries and affiliates, with the purpose of bringing together complementary data on consumer experience, network performance, and subscriber behaviour.
 

Shine the Light Notice

Section 1798.83 of the California Civil Code permits California residents to request from a business, with whom the California resident has an established business relationship, certain information about the types of personal information the business has shared with third parties for those third parties’ direct marketing purposes, and the names and addresses of the third parties with whom the business has shared such information during the immediately preceding calendar year. You may make one request each year by emailing us at [email protected] with "Request for California Privacy information" in the subject line, or by writing us at the address listed at the end of this Policy.
 

11. YOUR NEVADA PRIVACY RIGHTS

Senate Bill No. 220 (May 29, 2019) amends Chapter 603A of the Nevada Revised Statutes to permit a Nevada consumer to direct an operator of an internet website or online service to refrain from making any sale of any covered information the operator has collected or will collect about that consumer. You may submit a request pursuant to this directive by emailing us at [email protected]. We will provide further information about how we verify the authenticity of the request and your identity.
 

12. DEPERSONALIZED AND AGGREGATED INFORMATION

We may share depersonalized and aggregated, anonymized and deidentified data relating to users of the Opensignal Services with affiliated or unaffiliated third parties.
 

13. CHANGES TO THE PRIVACY POLICY

We may update this Policy from time to time, and the updated version of this Policy will be effective upon posting on the Opensignal Services. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. Please check this page to review the most up-to-date version of this Policy.
 

14. QUESTIONS / CONTACTING US

If you want to exercise your rights under paragraphs 9, 10 or 11 of our Privacy Policy, please email [email protected] with "Data Subject Request" in the subject line, or contact us by mail addressed to:

Opensignal Limited

7 Bell Yard,

London, WC2A 2JR

United Kingdom
 

15. EU LOCAL REPRESENTATIVE

In compliance with Article 27 of GDPR, Opensignal has designated Ametros Group Ltd as EU Local Representative:

Ametros Limited

Unit 3D - North Point House - North Point Business Park

New Mallow Road

Cork – Ireland

 

Last revised date: 16 May 2023