WOLFCOM CLOUD SERVICES PRIVACY POLICY
This WOLFCOM Cloud Privacy Policy applies only to the information that we (WOLFCOM) collects and you or your employer (collectively, “Customer”) provide to WOLFCOM in connection with Customer’s use of WOLFCOM Cloud Services (as defined below:
Unless otherwise provided in this Policy, this Policy is subject to the terms of the Master Services Purchasing Agreement, or other similar agreement, if any, between WOLFCOM and Customer (“Agreement”). To the extent this Policy contains terms and conditions that differ from those contained in the Agreement, the Agreement shall control. A concept or principle covered in this Policy shall apply and be incorporated into all other provisions of the Agreement in which the concept or principle is also applicable, notwithstanding the absence of any specific cross-reference thereto. All capitalized and defined terms referenced, but not defined, in this Policy shall have the meanings assigned to them in the Agreement.
By using WOLFCOM Cloud Services, Customer acknowledges that Customer has read and understand this Policy and Customer agrees to be bound by its terms and conditions. WOLFCOM may occasionally update this Policy. When WOLFCOM posts changes, WOLFCOM will revise the "last updated" date at the top of this page. Customer’s continued use of WOLFCOM Cloud Services will signify Customer’s agreement and acceptance to any such changes.
Definitions
- “WOLFCOM Cloud Services” means WOLFCOM’s web services hosted on WOLFCOM Cloud including WOLFCOM COPS, WOLFCOMCLOUD.COM, and other related offerings, including, without limitation, interactions between WOLFCOM Cloud Services and WOLFCOM Products (as defined below).
- “WOLFCOM Products” means:
(1) WOLFCOM Cloud Services;
(2) devices sold by WOLFCOM (including, without limitation, cameras, sensors, and docking systems) (collectively, “WOLFCOM Devices”);
(3) other software offered by WOLFCOM (including, without limitation, WOLFCOM BodyCam Sync ™, (WEMS) WOLFCOM Evidence Management System, WOLFCOM x2 Uploader, and WEMS Lite and WEMS Pro) (collectively, “WOLFCOM Client Applications”); and
(4) ancillary hardware, equipment, software, services, cloud-based services, documentation, and software maintenance releases and updates. WOLFCOM Products do not include any third-party applications, hardware, or warranties.
- “Customer Data” means:
(1) “Customer Content”, which means data uploaded into, ingested by, or created in WOLFCOM Cloud Services within Customer’s tenant, including, without limitation, media or multimedia uploaded into WOLFCOM Cloud Services by Customer (“Evidence”); and
(2) “Non-Content Data”, which means:
(a) “Customer Entity and User Data”, which means Personal Data and non-Personal Data regarding Customer’s WOLFCOM Cloud Services tenant configuration and users;
(b) “Customer Entity and User Service Interaction” Data which means data regarding Customer's interactions with WOLFCOM Cloud Services and WOLFCOM Client Applications;
(c) “Service Operations and Security Data”, which means data within service logs, metrics and events and vulnerability data, including, without limitation: (i) application, host, and infrastructure logs; (ii) WOLFCOM Device and WOLFCOM Client Application logs; (iii) service metrics and events logs; and (iv) web transaction logs;
(d) “Account Data”, which means information provided to WOLFCOM during sign-up, purchase, or administration of WOLFCOM Cloud Services, including, without limitation, the name, address, phone number, and email address Customer provides, as well as aggregated usage information related to Customer’s account and administrative data associated with the account; and (e) “Support Data”, which means the information WOLFCOM collects when Customer contacts or engages WOLFCOM for support, including, without limitation, information about hardware, software, and other details gathered related to the support incident, such as contact or authentication information, chat session personalization, information about the condition of the machine and the application when the fault occurred and during diagnostics, system and registry data about software installations and hardware configurations, and error-tracking files.For purposes of clarity, Customer Content does not include Non-Content Data, and Non-Content Data does not include Customer Content.
- “Data Controller”means the natural or legal person, public authority, or any other body which alone or jointly with others determines the purposes and means of the processing of Personal Data (as defined below).
- “Data Processor”means a natural or legal person, public authority or any other body which processes Personal Data on behalf of the Data Controller.
- “Data Exporter”means the Data Controller who transfers the Personal Data.
- “Data Importer” means the Data Processor who agrees to receive from the Data Exporter Personal Data intended for processing on Data Exporter's behalf after the transfer in accordance with the Agreement and who is not subject to a third country’s system ensuring adequate protection within the meaning of the General Data Protection Regulation (EU) 2016/679 of the European Parliament (“GDPR”)
- “Personal Data”means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Sub-processor” means any processor engaged by the Data Importer or by any other sub-processor of the Data Importer who agrees to receive from the Data Importer or from any other sub-processor of the Data Importer Personal Data exclusively intended for processing activities to be carried out on behalf of the Data Exporter after the transfer in accordance with its instructions, the terms of the Clauses and the terms of the written subcontract.
WOLFCOM's Role
WOLFCOM is a Data Processor of Customer Content. Customer controls and owns all right, title, and interest in and to Customer Content and WOLFCOM obtains no rights to the Customer Content. Customer is solely responsible for the uploading, sharing, withdrawal, management and deletion of Customer Content. Customer grants WOLFCOM limited access to Customer Content solely to provide and support WOLFCOM Cloud Services to and for Customer and Customer’s end-users. Customer represents and warrants to WOLFCOM that: (1) Customer owns Customer Content; (2) and Customer Content, and Customer’s end-users’ use of Customer Content and WOLFCOM Cloud Services, does not violate this Policy or applicable data protection laws and regulations.
WOLFCOM may also collect, control, and process Non-Content Data. WOLFCOM is a Data Controller for Non-Content Data. WOLFCOM collects, controls, and processes Non-Content Data to provide WOLFCOM Cloud Services and to support the overall delivery of WOLFCOM Products including business, operational, and security purposes. With Non-Content Data, WOLFCOM may analyze and report anonymized and aggregated data to communicate with external and internal stakeholders. In regard to Customer Entity & User Data, WOLFCOM is a Data Controller and Customer is an independent Data Controller, not a joint Data Controller with Customer.
Data Collection and Processing Activities
CUSTOMER CONTENT
WOLFCOM will only use Customer Content to provide Customer WOLFCOM Cloud Services. WOLFCOM will not use Customer Content for any advertising or similar commercial purposes.
WOLFCOM periodically upgrades or changes WOLFCOM Cloud Services to provide customers with new features and enhancements in alignment with the WOLFCOM Evidence Maintenance Schedule. WOLFCOM communicates such upgrades or changes to customers one week prior to release via mechanisms outlined in the Maintenance Schedule. Changes to WOLFCOM Cloud Services may increase the capabilities of the service and ways in which Customer Content can be processed.
NON-CONTENT DATA
Non-Content Data includes data, configuration, and usage information about customer's WOLFCOM Cloud Services tenant, WOLFCOM Devices, WOLFCOM Client Applications, and users that is transmitted or generated when using WOLFCOM Products. Non-Content Data includes the following:
Customer Entity & User Data
Customer Entity and User Data includes personal and non-personal data regarding Customer's WOLFCOM Cloud Services tenant configuration and users. WOLFCOM uses Customer Entity and User Data to: (1) provide WOLFCOM Cloud Services, including, without limitation, user authentication and authorization functionality; (2) improve the quality of WOLFCOM Products or provide enhanced functionality and features; (3) contact Customer to provide information about its account, tenant, subscriptions, billing, and updates to WOLFCOM Cloud Services, including, without limitation, information about new features, security and other technical issues; and (4) market our products or services to Customer via email, by sending promotional communication including targeted advertisements, or presenting a Customer with relevant offers.
Customer cannot unsubscribe from non-promotional communications but may unsubscribe from promotional communications at any time.
Customer Entity and User Service Interaction Data
Customer Entity and User Service Interaction Data includes data regarding Customers' interactions with WOLFCOM Cloud Services and WOLFCOM Client Applications. WOLFCOM uses Customer Entity and User Service Interaction Data to improve the quality of WOLFCOM Products and provide enhanced functionality and features.
Service Operations and Security Data
WOLFCOM uses Service Operations and Security Data to provide service operations and monitoring.
Account Data
WOLFCOM uses Account Data to provide WOLFCOM Cloud Services, manage Customer's accounts, market to, and communicate with Customer. Customer may unsubscribe from promotional communications at any time.
Support Data
WOLFCOM uses Support Data to resolve Customer’s support incident, and to operate, improve, and personalize WOLFCOM Products. If Customer shares Customer Content to WOLFCOM in a support scenario, the Customer Content will be treated as Support Data but will only be used for resolving support incidents.
WOLFCOM may provide support through phone, email, or online chat. With Customer’s permission, WOLFCOM may use Guest Access (“GA") to temporarily navigate Customer’s WOLFCOM Cloud Service's tenant to view data in order to resolve a support incident. Phone conversations, online chat sessions, or GA sessions with WOLFCOM support professionals may be recorded and/or monitored.
Server and Data Location
CUSTOMER CONTENT
WOLFCOM offers WOLFCOM Cloud Services in numerous geographic regions. Before creating an account in WOLFCOM Cloud Services, Customer determines where WOLFCOM will store Customer Content by designating an economic area.
| Region Code | Economic Area | 3rd Party Sub Processors and Infrastructure | Data Center Location |
| US | United States | Amazon Web Services
GovCloud |
Oregon |
| US | United States | Amazon Web Services
GovCloud |
Virginia |
NON-CONTENT DATA
Customer Entity and User Data
Customer Entity and User Data is located in Customer's selected economic area for Customer Content. Customer Entity and User Data may be copied or transferred to the United States.
Customer Entity and User Service Interaction Data
Customer Entity and User Service Interaction Data is located in Customer's selected economic area for Customer Content and the United States.
Service Operations and Security Data
Service Operations and Security Data is located in Customer's selected economic area for Customer Content and the United States.
Account Data and Support Data
Account and Support data is located is in the United States and may be located in Customer's selected economic area for Customer Content.
Information Sharing
WOLFCOM may transfer data with its direct and indirect subsidiaries and Sub-processors, including, without limitation, service providers and other partners to support the overall delivery of WOLFCOM Products as described in “Data Collection and Processing Activities” section of this Policy.
WOLFCOM exercises commercially reasonable efforts in connection with contractual obligations to ensure its Sub-processors are compliant with all applicable data protection laws and regulations surrounding the Sub-processors access and scope of work in connection with Customer Content.
Customer consents to the transfer of Customer Content to WOLFCOM's Sub-processors for the purpose of storing Customer Content. Such Sub-processors responsible for storing Customer Content are contracted by WOLFCOM for data storage services. Ownership of Customer Content remains with Customer.
WOLFCOM may hire Sub-processors to provide or enhance WOLFCOM Products on its behalf. WOLFCOM will only permit any such Sub-processors to obtain Customer Content from WOLFCOM Cloud Services to deliver services to WOLFCOM and will be prohibited from using Customer Content for any other purpose. WOLFCOM may engage new Sub-processors. WOLFCOM will give Customer notice (by updating the website) of any new Sub-processor.
Prior to onboarding Sub-processors, WOLFCOM conducts an audit of the security and privacy practices of Sub-processors to ensure Sub-processors provide a level of security and privacy appropriate to its access to data and scope of services.
WOLFCOM remains responsible for personal data that may be shared with WOLFCOM's Sub-processors.
Customer can transfer data from WOLFCOM Cloud Services to third parties. Customer must ensure data sharing agreements are in place with third parties to protect data throughout its lifecycle.
WOLFCOM Sub-Processors
Understand the server locations, data processed, and functions performed.
WOLFCOM maintains an up-to-date list of the names and locations of all Sub-processors. This list is below.
If you are a current WOLFCOM Cloud Services customer with a data processing agreement in place with WOLFCOM, you may subscribe to receive notifications of a new Sub-processor(s) before WOLFCOM authorizes any new Sub-processor to process personal data in connection with the provision of your service.
For a complete list of WOLFCOM Sub-Processors, see Below:
| Region Code | Economic Area | 3rd Party Sub Processors and Infrastructure | Data Center Location |
| US | United States | Amazon Web Services
GovCloud |
Oregon |
| US | United States | Amazon Web Services
GovCloud |
Virginia |
TELECOMMUNICATION SUB-PROCESSORS
WOLFCOM Commander includes embedded cellular technologies used to connect to telecommunication networks in order to provide connectivity between WOLFCOM Commander and WOLFCOM Cloud Services. Cellular technologies enable WOLFCOM’s Emergency SOS Connect. Customer’s WOLFCOM Commander cameras will send data to the respective WOLFCOM Cloud Services region selected telecommunications providers as needed to enable cellular connectivity. Data includes Personal Data, such as location data. For WOLFCOM Commander, WOLFCOM manages all cellular registration and account management associated to the cellular subscription. Personal Data of Customers is not collected by WOLFCOM or telecommunications providers for the purposes of cellular account management.
Outlined below is the telecommunication sub-processors. In regions where there are more than one telecommunication sub-processor, WOLFCOM will manage customers’ WOLFCOM Commander cellular registration.
| Region Code | Economic Area | Telecommunication
Provider |
| US | United States | Verizon Wireless
Sprint Wireless |
| US | United States | Verizon Wireless
Sprint Wireless |
Required Disclosures
WOLFCOM will not disclose Customer Content except as compelled by a court or administrative body or required by any law or regulation. WOLFCOM will notify Customer if any disclosure request is received for Customer Content so Customer may file an objection with the court or administrative body.
Customer's Access and Choice
Customer Content
Customer can access Customer's tenant to manage Customer Content.
Non-Content Data
Within the scope of WOLFCOM's authorization to do so, and in accordance with WOLFCOM's commitment, WOLFCOM will work with Customers to provide access to Personal Data about Customer that WOLFCOM or Sub-processors holds. WOLFCOM will also take reasonable steps to enable Customers to correct, amend, or delete Personal Data that is demonstrated to be inaccurate.
If at any time after registering an account on WOLFCOM Cloud Services you desire to update Personal Data you have shared with us, change your mind about sharing Personal Data with us, desire to cancel your Customer account, or request that WOLFCOM no longer use provided Personal Data to provide you services, please contact us at infosec@wolfcomglobal.com. We will retain and use Personal Data for as long as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements.
Certain data processing is determined by Customer based on WOLFCOM Product usage, Customer network or device configuration, and administrative settings made available with WOLFCOM Cloud Services or WOLFCOM Client Applications:
User Analytics
Customers can opt-out of user analytics tracking on WOLFCOM Cloud Services by disabling cookies or preventing Customer's browser or device from accepting new cookies.
Service Support
Mobile client application crash analytics are used provide WOLFCOM personnel insight to crashes when using WOLFCOM client applications.
Geolocation Services
Geolocation services are critical to proper user functionality of many of WOLFCOM products. However, customers can choose to opt out of mapping and geolocation functionality by disabling GPS in the camera settings.
Data Security Measures
WOLFCOM is committed to help protect the security of Customer Data. WOLFCOM has established and implemented policies, programs, and procedures that are commercially reasonable and in compliance with applicable industry practices, including administrative, technical and physical safeguards to protect the confidentiality, integrity and security of Customer Content and Non-Content Data against unauthorized access, use, modification, disclosure or other misuse.
WOLFCOM will take appropriate steps to ensure compliance with the data security measures by its employees, contractors and Sub-processors, to the extent applicable to the respective scope of performance.
CONFIDENTIALITY
Customer Content and Non-Content Data is encrypted in transit over public networks. Customer Content is encrypted at rest in all WOLFCOM Cloud Service regions.
WOLFCOM protects all Customer Content and Non-Content Data with strong logical access control mechanisms to ensure only users with appropriate business needs have access to data. Third-party specialized security firms periodically validate access control mechanisms. Access control lists are reviewed periodically by WOLFCOM.
INTEGRITY
As Evidence is ingested into WOLFCOM Cloud Services, a Secure Hash Algorithm (“SHA”) checksum is generated on the upload device and again upon ingestion into WOLFCOM Cloud Services. If the SHA checksum does not match, the upload will be reinitiated. Once upload of Evidence is successful, the SHA checksum is retained by WOLFCOM Cloud Services and is made viewable by users with access to the Evidence audit trail for the specific piece of Evidence. Tamper-proof audit trails are created automatically by WOLFCOM Cloud Services upon ingestion of any Evidence.
AVAILABILITY
WOLFCOM takes a comprehensive approach to ensure the availability of WOLFCOM Cloud Services. WOLFCOM replicates Customer Content over multiple systems to help to protect against accidental destruction or loss. WOLFCOM Cloud Services systems are designed to minimize single points of failure. WOLFCOM has designed and regularly plans and tests its business continuity planning and disaster recovery programs.
ISOLATION
WOLFCOM logically isolates Customer Content. Customer Content for an authenticated customer will not be displayed to another customer (unless Customers explicitly create a sharing relationship between their tenants or shared data between themselves). Centralized authentication systems are used across an WOLFCOM Cloud Service region to increase uniform data security.
Additional role-based access control is leveraged within Customer’s WOLFCOM Cloud Service tenant to define what users can interact with or access Customer Content. Customer solely manages the role-based access control mechanisms within its WOLFCOM Cloud Services tenant.
Within the WOLFCOM Cloud Services supporting infrastructure, access is granted based on the principle of least privilege. All access must be approved by system owners and undergo at least quarterly user access reviews. Any shared computing or networking resource will undergo extensive hardening and is validated periodically to ensure appropriate isolation of Customer Content.
Non-Content Data is logically isolated within information systems such that only appropriate WOLFCOM personnel have access.
PERSONNEL
WOLFCOM personnel are required to conduct themselves in a manner consistent with applicable law, the company’s guidelines regarding confidentiality, business ethics, acceptable usage, and professional standards. WOLFCOM personnel must complete security training upon hire in addition to annual and role-specific security training.
WOLFCOM personnel undergo an extensive background check process to the extent legally permissible and in accordance with applicable local labor laws and statutory regulations. WOLFCOM personnel supporting WOLFCOM Cloud Services are subject to additional role-specific security clearances or adjudication processes, including Criminal Justice Information Services background screening and national security clearances and vetting.
Data Breach
NOTIFICATION
If WOLFCOM becomes aware that Customer Data has been accessed, disclosed, altered, or destroyed by an unlawful or unauthorized party, WOLFCOM will notify relevant authorities and affected customers.
Within 48 hours of an incident confirmation, WOLFCOM will notify Customer administrators registered on WOLFCOM Cloud Services. Authorities will be notified through WOLFCOM's established channels and timelines. The notification will reasonably explain known facts, actions that have been taken, and make commitments regarding subsequent updates.
Data Portability, Migration, and Transfer Back Assistance
DATA PORTABILITY
Evidence uploaded to WOLFCOM Cloud Services is retained in original format. Evidence may be retrieved and downloaded by Customer from WOLFCOM Cloud Services to move data to an alternative information system. Evidence audit trails and system reports may also be downloaded in various industry-standard, non-proprietary formats.
DATA MIGRATION
In the event Customer’s access to WOLFCOM Cloud Services is terminated, WOLFCOM will not delete any Customer Content during the 90 days following termination. During this 90-day period, Customer may retrieve Customer Content only if Customer has paid all amounts due (there will be no application functionality of the WOLFCOM Cloud Services during this 90-day period other than the ability for Customer to retrieve Customer Content). Customer will not incur any additional fees if Customer downloads Customer Content from WOLFCOM Cloud Services during this 90-day period. WOLFCOM has no obligation to maintain or provide any Customer Content after the 90-day period and thereafter, unless legally prohibited, may delete Customer Content upon termination as part of normal retention and data management instructions from customers. Upon written request, WOLFCOM will provide written proof that all Customer Content has been successfully deleted and removed from WOLFCOM Cloud Services.
POST-TERMINATION ASSISTANCE
WOLFCOM will provide Customer with the same post-termination data retrieval assistance that is generally made available to all customers. Requests for additional assistance to Customer in downloading or transferring Content will result in additional fees and WOLFCOM cannot warrant or guarantee data integrity or readability in the external systems.
Data Retention, Restitution, and Deletion
WOLFCOM maintains internal disaster recovery and data retention policies in accordance with applicable laws and regulations. The disaster recovery plan relates to WOLFCOM's data and extends to WOLFCOM Cloud Services and Customer Content stored within. WOLFCOM's data retention policies relate to WOLFCOM's Non-Content data. WOLFCOM's data retention policies instruct for the secure disposal of Non-Content Data when such data is no longer necessary for the delivery and support of WOLFCOM product and services and in accordance with applicable regulations. As outlined below, Customer is responsible for adhering to its own retention policies and procedures.
Evidence Retention
Customer defines Evidence retention periods pursuant to Customer’s internal retention policies and procedures. Customer can establish its retention policies within WOLFCOM Cloud Services. Therefore, customer controls the retention and deletion of its Evidence within WOLFCOM Cloud Services. WOLFCOM Cloud Services can automate weekly messages summarizing upcoming agency-wide deletions to all customer WOLFCOM Cloud Services administrators. Customer users can receive a weekly message regarding Evidence uploaded within their user account to protect against accidental deletions. Customer can recover Evidence up to 7 days after Customer queues such Evidence for deletion. After this 7-day grace period, WOLFCOM Cloud Services initiates deletion of Evidence. Data deletion processing may occur asynchronously across storage systems and data centers. During and after data deletion processing, Evidence will not be recovered or recoverable by any party.
Accountability
As outlined herein, WOLFCOM is committed to maintaining compliance with relevant security and privacy standards to ensure the continued security, availability, integrity, confidentiality, and privacy of WOLFCOM Cloud Services and Customer Data stored within.
Social Media Publishing
WOLFCOM provides social media features that enable Customer’s and their end users (“Users”) to share Customer Content directly from the Evidence Detail page in WOLFCOM Evidence to social media websites (“Publish to Social Media Feature”). For example: when a User uploads a video directly to YouTube from WOLFCOM Evidence. This may include Customer Content such as video, audio, images or other types of media or multimedia; and the title, description and tags associated with those media. Customer WOLFCOM Evidence administrators can manage the enablement of this feature, for all Users, within the administrative functions of WOLFCOM Evidence. The use of this feature by Users may result in the collection or sharing of information about them, depending on the feature. The privacy and security practices of the social media website is not covered by this Policy, and WOLFCOM is not responsible for, or makes attestations regarding, their privacy or security practices. When Users enable the Publish to Social Media Feature, and/or publish content to a social media website using this feature, they acknowledge and agree to be bound by the terms of service and privacy policy(s), if applicable, of the social media website in which the Customer Content is published to. WOLFCOM encourages Users to review the terms of service and privacy policy(s) of the social media website, to make sure they understand the data that may be collected, used, and shared by the website.
Insurance
WOLFCOM will maintain, during the term of the Agreement, a cyber-insurance policy and will furnish certificates of insurance following Customer's written request.
How to Contact Us
WOLFCOM commits to resolve complaints about Customer privacy and use of WOLFCOM Products. Complaints surrounding this Policy can be directed to Customer's local WOLFCOM representative or Infosec@wolfcomglobal.com. If Customer has any questions or concerns regarding privacy and security of Customer Content or WOLFCOM's handling of Customer's Personal Data, please contact Infosec@wolfcomglobal.com.