1. Scope

This Policy applies to our websites, Cloud Portal, desktop and mobile applications, integrations, support channels, and any other services that link to it. It covers users, customers, partners, and visitors (“you”).

2. Roles Under Privacy Laws

• Data Controller: We act as Controller for our own business data (e.g., account, billing, support).
• Data Processor: We act as Processor when our software processes device information and generates reports or erasure certificates on behalf of customers.

In both roles we follow principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and accountability.

3. Information We Collect

Information you provide

• Identification and contact details (name, email, company, role, phone, address).
• Account credentials and settings.
• Requests, tickets, feedback, consent preferences.
• Payment and billing information (handled via compliant payment providers).

Automatically collected information

• Usage data: pages viewed, links clicked, content downloaded, access times, referrer URLs.
• Technical data: IP address, browser and device types, OS, app version, error and performance logs.
• Telecommunications metadata where applicable (e.g., mobile subscription number transmitted by a carrier).

Product and operational data

• Device identifiers (e.g., IMEI/serial) and diagnostics results when linked to a user or organisation.
• Validation statuses (e.g., blacklist/finance/MDM/FMI/FRP), OEM parts flags, erasure outcomes.
• Bench and connection (e.g., hub/port activity) and feature usage.

We do not intentionally collect special categories of personal data (e.g., health, religion, biometrics).
We also collect non-personal, de-identified or aggregated information about system performance and feature usage. R360 Solutions owns non-personal data and may use it to improve services.

4. How We Use Information

• Provide and operate services: set up accounts, run diagnostics/validation/erasure, generate reports and certificates, process payments, deliver support.
• Secure and maintain services: monitor, troubleshoot, prevent unusual activity and misuse.
• Improve products: analytics, feature development, quality assurance. Where possible we use aggregated or de-identified data.
• Communicate with you: service notices, critical alerts, updates, onboarding, training.
• Personalise experience: recommendations, content, language and regional settings.
• Marketing: with consent or as permitted by law (newsletters, promotions, surveys). You can opt out at any time.
• Legal and compliance: regulatory requests, dispute resolution, enforcing terms.

5. Legal Bases (Where Required)

We rely on one or more of the following: consent, contractual necessity, legal obligations, and legitimate interests (e.g., securing services, preventing abuse), balanced against your rights and expectations.

6. Cookies And Similar Technologies

We use cookies, SDKs, and similar tools for authentication, preferences, analytics, and to improve our sites and apps. You can manage preferences via our cookie banner or your browser settings. See our Cookie Policy for details.

7. Sharing And Disclosure

• We do not sell your personal data. We may share it:
• With your consent or at your direction.
• With service providers / authorised third parties that process data for us (hosting, customer support, analytics, payments, logistics, marketing execution). They may use data only under our instructions and must protect it appropriately.
• For joint activities with partners (e.g., co-marketing) where permitted by law; we avoid duplicate communications and respect your choices.
• For legal reasons (to comply with law or valid legal process, protect rights, safety, or prevent unauthorized use).
• Business transfers (merger, acquisition, restructuring), subject to this Policy.

8. International Data Transfers

Our products and services may use infrastructure in multiple countries. When moving data across borders, we implement appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions, and additional technical/organisational measures).

9. Data Security

We maintain layered technical and organisational measures to protect data, including encryption in transit and at rest, role-based access controls, authentication, logging, network segmentation, secure development practices, and regular security reviews. We use reputable data centres and vendors that meet recognised standards (e.g., ISO 27001).

10. Retention

We keep personal data only as long as necessary for the purposes described or as required by law. When no longer needed, data is securely deleted or de-identified. Customers may configure certain retention settings for Processor activities in line with their policies.

11. Your Choices And Rights

Depending on your location, you may have rights to access, rectify, erase, restrict, object, port data, and withdraw consent. To exercise rights or update preferences, contact (email address). We will respond within the time required by applicable law (e.g., 30 days under GDPR).

You can also:

• Update account details in the Cloud Portal.
• Opt out of marketing emails via unsubscribe links.

12. Children’s Privacy

Our services are not directed to children and we do not knowingly process children’s personal data.

13. Data Breach Notification

If a personal-data breach occurs, we will notify the relevant authority when required and inform affected individuals without undue delay where there is a high risk to their rights and freedoms.

14. Contact

R360 Solutions – Privacy Team
Email: info@r360solutions.com

If you believe your rights have been infringed, you may lodge a complaint with your local data protection authority (e.g., the EU/EEA authorities listed by the EDPB).