Your privacy is important to us. This privacy statement explains what personal
data Octopus collects from you, through our interactions with you and through
our product and related services, and how we use that data.
Octopus Systems LTD offers a wide range of services as part of its product, from the main software (Octopus C&C PSIM – Control & Command, Physical security information management) to 45 different modules.
This statement applies to Octopus’s interactions with you and the Octopus
C&C, PSIM different modules listed below:
CCTV, Video analytics
Intrusion, Access control, Fire alarm
LPR, Perimeter, Radars
Location based devices
Cyber and Network alerts
Social media and open source intelligence
Organizational systems and ERP
Live video transmission from the mobile app
Incident management and log system
Security operations system
Route management system
Visitors, suppliers and contract employee’s management system
Asset management system
Building management and maintenance operations system
Safety management system
Weapons management system
SIEM - security information and event management for cyberattack
This statement applies to Octopus’s interactions with you and the Octopus
App different modules listed below:
Gyro Mode “man down”
Location transmission and GPS positioning
Encrypted communication system
Receiving incidents and dispatch
Incident log and manual incident reporting
Inspection reporting and form generator
Patrol and route module and navigation
View force location on GIS
Time & attendance reporting
Bar-code scanning system
Visitor/Supplier invitation module
Vehicle license plate verification
Access control system
Places near me
Octopus PSIM also obtaining data from third parties and/ or IoT devices. We
protect data obtained from third parties according to the practices described in
this statement, plus any additional restrictions imposed by the source of the
data. These third-party sources vary over time, but have included:
Data brokers from which we purchase data to supplement the data we
Social networks when you grant permission to Octopus services to access
your data on one or more networks.
Service providers that help us determine your location, based on your IP
address or GPS data, to customize certain services to you.
Customer service providers that supplement the data we collect by
means of integration and/ or IoT.
Partners with which we offer co-branded services or engage in joint
Publicly-available sources such as open government databases or other
data in the public domain.
You have choices about the data we collect. When you are asked to provide
personal data, you may decline. But if you choose not to provide data that is
necessary to provide a service or feature, you may not be able to use that service
The data we collect depends on the context of your interactions with Octopus,
the choices you make, including your privacy settings, and the products and
features you use. The data we collect can include the following:
Personal & contact data: We collect passport picture or face photo, first
and last name, email address, postal address, phone number, ID number,
passport number, date of birth, profession, car plate, social media account
details, and other similar contact data.
Employment data: We collect profession, occupation, working address and
building/ campus, employee ID, personal manager, training, personal
working equipment, location, weapon and other sensitive security
equipment details, system messages and event tracking, and other similar
Medical data: medical history, blood type, allergies, medication, medical
documents, emergency contact data, and other similar medical data.
Media data: video, stills picture, audio recording, and other similar media
data. Your image may be captured by security cameras.
face recognition, finger print, retinal imprint, and other
similar biometric data.
Credentials. We collect passwords, password hints, and similar security
information used for authentication and account access.
Demographic data. We collect data about you such as your age, gender,
country, and preferred language.
We collect data necessary to process your payment if you
make purchases, such as your payment instrument number (such as a credit
card number), and the security code associated with your payment
instrument, bank account details.
Device and Usage data.
We collect data about your device and how you
and your device interact with Octopus systems and our products. For
example, we collect:
Product use data. We collect data about the Octopus system related
features you use. This data includes which application version is
installed on your device, is it runs in the background, are you online.
Device, connectivity and configuration data. We collect data about
your device and the network you use to connect to our services. It
includes data about the operating systems. It also includes device
type and manufacturer, identifiers (such as the IMEI number for
phones), regional and language settings, battery state, IP address,
online connectivity, last date of connectivity, GIS location, device
positioning (balanced or vertical)
Error reports and performance data. We collect data about the
performance of the services and any problems you experience with
them. This data helps us to diagnose problems in the service you use,
and to improve our products and provide solutions. Error reports
(sometimes called “crash dumps”) can include data such as the type
or severity of the problem, details of the software or hardware
related to an error, contents of files you were using when an error
occurred, and data about other software on your device.
Troubleshooting and Help Data. When you engage Octopus for
troubleshooting and help, we collect data about you and your
hardware, software, and other details related to the incident. Such
data includes contact or authentication data, the content of your
chats and other communications with Octopus, data about the
condition of the machine and the application when the fault occurred
and during diagnostics, and system and registry data about software
installations and hardware configurations.
For services with location-enhanced features, we collect
data about your location, which can be either precise or imprecise. Precise
location data can be Global Navigation Satellite System (GNSS) data (e.g.,
GPS), as well as data identifying nearby cell towers and Wi-Fi hotspots, we
collect when you enable location-based products or features. Imprecise
location data includes, for example, a location derived from your IP address
or data that indicates where you are located with less precision, such as at
a city or postal code level.
We collect content of your Octopus system related
communication when necessary to provide you with the services you use.
Such data can include:
Text or other content of a push or email message
Audio and video recording of a video message
Audio recording and transcript of a voice message you receive or a
text message you dictate
Traceability changes: We collect all logs traceability changes of your user.
Such data can include: date, time, IP address, location, data changes (old
and new) etc.
We also collect information you provide to us and the
content of messages you send to us, such as service request, feedback and
product reviews you write, or questions and information you provide for
customer support. When you contact us, such as for customer support,
phone conversations or chat sessions with our representatives may be
monitored and recorded.
Product-specific sections below describe data collection practices applicable to use of
Why we collect the data
Octopus uses the data we collect for a basic purpose: To operate our business
and provide the services we offer (including improving and personalizing).
In carrying out these purpose, we combine and fuses data we collect to give our
customer a simple and more seamless, consistent and personalized data view.
We have built in technological and procedural safeguards designed to prevent
certain data combinations and leakage.
Providing and improving our products and services:
We use data to provide
and improve the products and services we offer and perform essential business
operations. This includes operating the products, maintaining and improving the
performance of the products, developing new features, conducting research,
and providing customer support. Examples of such uses include the following:
Providing the Products. We use data to carry out your transactions
with us and to provide our services to you. Often, those services
include personal and personalized features and data as describe in
We use data to diagnose product and services
problems and provide other customer care and support services.
We use data—such as device and application
type, location, and unique device, application, network and
subscription identifiers—to activate software and devices that
We use data to continually improve our
product and services, including adding new features or capabilities.
For example, we use error reports to improve security features.
Security, Safety and Dispute Resolution.
We use data to protect the
security and safety of our services related product, our customers and
users, to detect and prevent fraud, fishing, identity theft, data
leakage, to confirm the validity of software licenses, to resolve
disputes and enforce our agreements. Our security services features
can disrupt the operation of malicious software and notify you if
malicious software is found on your devices or systems.
We use data to develop aggregate analysis and
business intelligence which enable us and our customers to operate,
protect, make informed decisions, and report on the performance of
Automated decision-making and profiling.
We use data from different data sources of our system to fuses together to streamline the situational awareness and response of our customers. However, any final decision-making needs human approval. Please notice: automated decision-making and profiling are subject to our customer’s systems definitions. If you are end user of the systems and you have complaints regarding this feature you should contact your organization.
We use data we collect to communicate with our customers.
We may contact our customer by phone, email or other means to inform, when
a subscription is ending, discuss licensing account, let you know when software
updates are available, update or inquire about a service or repair request, invite
to participate in a survey, or remind you to act to keep your account active.
Octopus systems does not advertise and does not use any data to
target ads to you or any of the end users.
In the interests of the customer, we retain data according to our retention policy and as necessary or required by the applicable laws & regulations. Nevertheless, some data such as TMP files are regularly deleted.
In the interests of the customer, we archive data every 30 days.
Retrieval of archived data can be performed by Octopus only when our
customer has requested or authorized us to do so. In such cases, only the
specific and relevant data in the request will be retrieved.
In some cases, we share controlled data with third party services to provide our customer the agreed services. Such cases are pre-defined by contract with our customer. Any related data transection is securely controlled by different means of cyber security methods and or according to EEA Countries adequate levels.
Data Collected by Other services.
Octopus system are integrated with various
third-party services. Such services can include: IoT devices, beacons, cyber
security systems, biometric systems, CCTV systems etc. The data is used for the
functionality of the services to our customer as defined in the contract.
Reasons we share personal data
We share personal data with our customer or as necessary to provide any
service our customer has requested or authorized. For example, we share your
content with third parties when you tell us to do so, such as when a certain
service need to be process by third party or when you provide payment data,
we will share payment data with banks and other entities that process payment
transactions or provide other financial services, and for fraud prevention and
credit risk reduction.
We may need to share personal data among our cloud service. For example, to
provide customer service support or assist in protecting and securing our
systems and services the cloud service admin may need access to personal data
to provide those functions. In such cases, the cloud service supplier must abide
by our data privacy and security requirements and are not allowed to use
personal data they receive from us for any other purpose.
We may need to share some personal data among our development and
customer service team. For example, to provide customer service and support
or assist in protecting and securing our systems and services our development
and customer service team may have access to personal data. In such cases, our
personnel must abide by our data privacy and security requirements and policy
and are not allowed to use personal data for any other purpose.
We will access, transfer, disclose, and preserve personal data, including your
content when we have a good faith belief that doing so is necessary to:
comply with applicable law or respond to valid legal process, including from
law enforcement or other government agencies; or
protect our customers, for example to prevent spam or attempts to defraud
you or users of our product and services, or to help prevent the loss of life
or serious injury of anyone; or
operate and maintain the security of our product and services, including to
prevent or stop an attack on our computer systems or networks or data
protect the rights or property of Octopus, including enforcing the terms
governing the use of the services. however, if we receive information
indicating that someone is using our services to traffic in stolen intellectual
or physical property, including stealing of Octopus data, we will not inspect
a customer's private content ourselves, but we may refer the matter to law
Please note that:
If you are an end user of Octopus’s customer, your data is governed by its
privacy statements. However, Octopus will enforce this privacy statement
Some of our products include links to products of third parties whose
privacy practices differ from Octopus. If you provide personal data to any
of those products, your data is governed by their privacy statements.
How to access & control your personal data:
You can view, edit, or delete your personal data online depend on which
products you use. For example:
Octopus C & C, PSIM
Octopus app for mobile devices
If you are an end user of Octopus’s customer you can view, edit, or delete only
some of your personal data. All your data is controlled and governed by
Octopus’s customer privacy statements.
If you cannot access certain personal data collected by Octopus system directly
through the octopus service you use, you can always contact Octopus customer support, we will respond to requests to access or delete your personal data
within 30 days.
If you are using Octopus app for mobile devices you can choose to block the GPS
location service when installing the app (simply do not approve the service).
technologies to provide our websites and online services and to help collect
data. The text in a cookie often consists of a string of numbers and letters
that uniquely identifies your computer, but it can contain other information
Sign-in and Authentication.
When you sign into Octopus system website,
we store a unique ID number, and the time you signed in, in an encrypted
cookie on your device. This cookie allows you to move from page to page
within the site without having to sign in again on each page. You can also
save your sign-in information, so you do not have to sign in each time you
return to the site.
We use local storage to save user preferences such as
user preferred language and session details
How to control cookies:
Most web browsers automatically accept cookies but provide controls
that allow you to block or delete them. Instructions for blocking or
deleting cookies in all browsers may be available in each browser's
privacy or help documentation.
Certain features of Octopus system depend on cookies and similar
technologies. Please be aware that if you choose to block them, you
may not be able to sign in or use those features, and preferences that
are dependent on cookies may be lost. If you choose to delete cookies,
settings and preferences controlled by those cookies, will be deleted
and may need to be recreated.
Security of personal data:
Octopus systems is committed to protecting the security of any personal data
on its database. We use a variety of security technologies and procedures to
help protect all personal data from unauthorized access, use or disclosure.
Where we store and process personal data
Personal data collected by Octopus services may be stored and processed in
your region, or in any other country where Octopus maintain facilities.
Octopus systems stores all data collected by its services on Microsoft AZURE
cloud services which maintain major data centers in Australia, Austria, Brazil,
Canada, Finland, France, Germany, Hong Kong, India, Ireland, Japan, Korea,
Malaysia, the Netherlands, Singapore, the United Kingdom and the United
Octopus systems take steps to ensure that the data we collect under this privacy
statement is processed according to the provisions of this statement and the
requirements of the EU GDPR and the requirements applicable law wherever
the data is located.
Octopus transfers personal data from the European Economic Area and
Switzerland to other countries, some of which have not been determined by the
European Commission to have an adequate level of data protection. When we
do, we use a variety of cyber security procedures and legal mechanisms,
including contracts, to help ensure your rights and protections of your data.
If there is any conflict between the terms in this privacy statement and the EU
GDPR principles, the EU GDPR principles shall govern.
For any complaints related to the privacy matter that cannot be resolved with
Octopus directly, we have chosen to cooperate with the relevant data
protection authority, or a panel established by the European DPAs for resolving
disputes. Please contact us to be directed to the relevant DPA contacts.
Octopus is subject to the investigatory and enforcement powers of The Privacy
Protection Authority in Israel.
Our retention of personal data:
Octopus retains personal data for as long as necessary to provide the required
services and fulfill the transactions you have requested, or for other essential
purposes such as complying with our legal obligations, resolving disputes, and
enforcing our agreements.
Some personal data can be deleted at any time by the customer or the end user.
However, Octopus is obligated to maintain logs to enable the traceability of
changes for as long as necessary. Such logs may include the following data:
Who made the changes
Date and time
The original data which has changed
The new data that replaced the old one
The right to be forgotten
At the end of a contract period and its related services:
Octopus provides a reversibility options, including data retrieval,
until the customer confirms that the data is no longer required.
The customer has the right to receive all related data, which may
include: all data, personal data, logs, traceability changes records,
should the customer confirm that the data is no longer required, the customer environment will be cleared, if legally permitted, and all information relating to the customer will be deleted according to our retention policy. However, in some jurisdictions, some customer related data may be retained by Octopus as required by law.
Collection of data from and about children:
Octopus official policy is not to collect any data from and/ or children under age
18. However, some services need to collect such data. Those services may
Medical modules, for example to be able to supply a safe medical
Security modules, for example when there is a security incident and data
are being collected form the incident area, or when necessary in order to
supply the contracted services, such as panic button.
Please be aware that according to GDPR any data collection of children under the age of 16 should be by parental consent or legal guardian only. If you are a child under the age of 16 or you are not the child parent or legal guardian, we are assuming that you got parental or legal guardian consent to collect the data by our system.
Please notice: If you are suspicious that data about children are being collected without the parent or legal guardian consent please contact our DPO ASAP at: Baruch@octopus-app.com
Notice to end user:
Octopus C&C, PSIM with it satellite services are intended for use by organizations and are administered to you by your organization. In addition to this privacy statement, your use of Octopus services may be subject to your organization's policies, if any. If your organization is administering your use of the Octopus services, please direct your privacy inquiries to your administrator. Octopus systems is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this privacy statement.
Changes to This Privacy Statement:
Octopus will update this privacy statement when necessary to reflect customer
feedback and changes in our products and its related services. When we post
changes to this statement, we will revise the "last updated" date at the top of
the statement and describe the changes in the traceability of changes table. If
there are material changes to the statement or in how Octopus will use your
personal data, we will notify you either by release note or by directly sending
you a notification. We encourage you to periodically review this privacy
statement to learn how Octopus is protecting your information.