Visma Enterprise Oy Mobile app Privacy

Visma M2 and Visma Tiima

Visma Enterprise takes security and privacy very seriously. We are ISO 27001 certified and run a private Bug Bounty program on hackerone.com. The collected data is used solely for the intended purpose and for improving the service, via statistics and usage analysis, no personal data is sold to any third party.

What data we collect

M2

The collected data includes the pictures you take or pick from gallery that you want to attach to travel claims as receipts. The pictures that you have taken or selected as attachments will not be sent to our service until you click the “send attachments” button. Camera is also used to handle QR code reading which can be used to login to mobile app.

While using “Journeys” function, your device collects data about your location and route. When you send data to the server, only the journey’s time, length as well as starting- and endpoints of the route, location of the stops and their addresses are shown on the kilometre claim. All data is treated according to Finnish law and used only accordance with the agreement made with your employer.

You are, at any time able to disable the location data or camera access from the application settings in iOS and Android 6.0 or later, thus disabling “Journeys” function or camera functions.

 

Android specific permissions

android.permission.ACCESS_FINE_LOCATION, CAMERA, WRITE_EXTERNAL_STORAGE

IOS specific permissions

Privacy - Location, Location Always, Location When In Use, Camera


Tiima

Camera is used to handle QR code and barcode reading which can be used to read stamp data (if used by your organisation).

If you permit the collection of tracking information, this information can be saved with the stamps. The administrator can set the saving of tracking information with stamps as mandatory. In this case, stamping without tracking information will not be possible. All data will be processed in compliance with Finnish laws and only used for the purposes agreed upon in the agreement with your employer.


You can disable the location tracking function in the Android app’s settings at any time. In iOS and Android 6.0 or later you can at any time disable the location data or camera access from the application settings thus disabling location tracking or camera functions.


Android specific permissions

android.permission.ACCESS_FINE_LOCATION, CAMERA

IOS specific permissions

Privacy - Location, Location When In Use, Camera


Tiima Notifications

Tiima uses Amazon Simple Notification Service (Amazon SNS) to send notifications to users. At the moment it's only used to send notifications of offered work shifts (if these are used in your organisation).

If you give Tiima a permission to send notifications, then UUID given by GMC (Android) or APN (iOS) is stored in Tiima's database. If Tiima ever tries to send you a notification then Amazon Simple Notification Service is called with this UUID and SNS endpoint for sending notifications to this device is created. We use AWS services in Ireland (EU).


WHAT IT’S NOT USED FOR
We do not sell your personal information to anyone, ever.

 

Security

Apps

Our app security measures include but are not limited to:

  • HTTPS -protocol using TLS with the most secure algorithms

  • Network encryption

  • Secure authentication

Data centre location

All your data will be stored in Finland and Finland only. No data will be sent outside of EU/ETA. Very limited information is stored in Amazon AWS in Ireland (EU) and only for Tiima in case notifications are used.


Third party libraries

Android apps use a third party library called Zxing, under Apache 2.0 license.

Tiima iOS app uses a third party library called Kal, under MIT license.