Skyhook Privacy Policy

Last Updated and Effective Date: 03/29/24

Skyhook Privacy Policy

Last Updated and Effective Date: 03/29/24

This Skyhook Privacy Policy (the “Policy”) applies to Skyhook Wireless, Inc. (“Skyhook” or “we”, “us” and “our”). Skyhook is wholly owned by Qualcomm Technologies, Inc. (“QTI”). Skyhook values the privacy of our customers, prospects and end users, and we are committed to maintaining the trust placed in us by our customers since Skyhook’s founding in 2003. A critical part of that trust involves transparency – the responsibility to be clear about the information which we may collect, how we intend to process and store that data, and how we may use this data. Accordingly, the Policy explains how Skyhook will collect and use information that is obtained from (or used by) Terrestrial Positioning Service (“TPS”).

For this Policy, we use the term “personal data” broadly to cover many privacy and data protection laws applicable to us. “Personal data” generally means information related to an identified natural person or that could reasonably be used (by itself or in combination with other data available) to identify a natural person.

1. Scope and Applicability of This Policy

This Policy covers the data we may collect through TPS, and other data we compile from third parties in order to provide TPS.

As a technology and data enablement provider to mobile devices, application providers, and advertisers, Skyhook does not have a direct relationship with end users of devices or mobile applications, which may incorporate the Skyhook services (described in Section 2 below). We impose strict contractual requirements on our customers that require adherence to privacy requirements that are generally more stringent than common industry practice. However, the ultimate nature, scope and use of information that is collected from users of devices or mobile applications is subject to the privacy policies of our customers, not Skyhook. If you have questions or concerns about data collected by a particular device or application, you should contact that provider or refer to such device or application-specific privacy policy.

Please note that this Policy describes the data handling practices of Skyhook in connection with the Skyhook services. To learn more about the data handling practices of Qualcomm family of companies and additional privacy rights you may be entitled to, please visit Qualcomm Privacy Policy.

2. Overview of the Skyhook Service

So that you can better understand the TPS and how and why data collection is important to the provision of this service, below is a brief description of the functionalities of TPS.

As part of TPS, Skyhook offers software (“SDK”) and cloud-based technology platform interfaces (“APIs”) that may be used to calculate the approximate geographic location of a device. The Skyhook geolocation technology determines the location of a device by interfacing with Global Navigation Satellite Systems (such as GPS), as well as by utilizing the IP address of the device and nearby Wi-Fi access points and cell towers visible to the device. This information is then processed on the device or on TPS servers to calculate and return the approximate geolocation (i.e., latitude/longitude) of the device. We may also receive or assign a unique device identifier to location requests.

3. Information Collection

When users engage with mobile devices or other services that use TPS (including via SDK, API or otherwise), Skyhook may collect data that may (but does not necessarily) include the following:

  • Approximate or precise geolocation information (latitude/longitude);
  • Information regarding the identity (e.g., MAC address or Cell ID) of Wi-Fi access points or cell towers in proximity to a mobile device, along with received signal strength measurements;
  • IP address of the device used to contact us (which may be the IP address of either a mobile device or a Wi-Fi access point);
  • Unique device identifiers (not an IMEI or MAC address) that may be assigned by Skyhook or our customer’s system to location requests;
  • Network information, including information regarding connected MAC addresses;
  • Sensor information such as barometric pressure, accelerometer measurements, gyroscope measurements, device orientation, magnetic field measurements, direction of travel, motion activity (e.g. walking), or other similar sensor measurements;
  • General information about the device, including the device manufacturer, model, platform or operating system, time zone, network status (connected to Wi-Fi, etc.), timestamp and other similar information; and
  • Information about the version and use of the TPS technology.

4. Information Obtained from Partners

Skyhook may also receive information from our partners, which are usually location data aggregators and application developers/publishers. These partners may send to us the same type of geolocation information (latitude/longitude) as described above.

5. How Skyhook May Use Information

In general, Skyhook uses the information collected in order to operate, maintain and deliver the TPS and to develop new products, services or datasets. In particular, Skyhook uses the information generated or collected as follows:

  • To provide location-enabling service(s) by calculating and providing geographic location to application developers, device makers and operating systems, when users have opted in;
  • To improve the quality, accuracy and precision of Skyhook’s location database by adding the estimated location of new Wi-Fi access points or cell towers or refining the estimated positions of existing access points or cell towers;
  • To infer relationships and linkages between devices and device identifiers and location, such as a relationship between or among a device, a MAC address and/or IP address to a particular venue, store or location;
  • To aggregate geolocation data in an anonymous manner in order to provide Skyhook and our partners with insights into location of mobile devices and the number and frequency of location requests in a particular area during a particular time interval;
  • To infer the geographic location where IP addresses are used; and
  • To achieve other business operation purposes such as accounting, auditing, or legal compliance.

  • To the extent permitted by applicable law, we may combine the data as described above with other data (e.g., scanned data from Wi-Fi access points or cell towers) that we collect from different sources. In addition, as specified above, we may de-identify and/or anonymize the personal data we collect such that it no longer can be used to identify you. When doing so, we publicly commit to maintain and use the information in an anonymized or de-identified form and not attempt to re-identify the information, unless permitted or required by law.

6. Opt-Out Choices

Skyhook requires customers and third parties using TPS to provide notice regarding data collection and use, and obtain legally required permissions, including without limitation for any data such party collects, uses, and/or discloses from its users, the provision of such data to Skyhook, and the other party’s use of such data.

In addition, Skyhook also allows users to directly opt-out as follows:

Location Information: For users who do not want any location data of their devices to be collected by TPS-enabled applications, services or devices, the application, device, or operating system provides controls for disabling location services. This choice may limit the functionality of the device or installed applications.

MAC Addresses: If users wish to opt out of Skyhook’s use of the Wi-Fi access point’s MAC address to provide location, users may opt-out by clicking here. If users choose to opt out, Skyhook will blacklist that MAC address to not use that MAC address information in the future.

IP Addresses: If users wish to opt out of Skyhook’s use of the home IP address, users may opt-out by clicking here. If you choose to opt out, Skyhook will blacklist that IP address to not use that IP address in the future

7. Data Retention and Data Security

Data on Device: Skyhook may store an encrypted local cache of all Wi-Fi access points and cell towers in a surrounding area on the user’s device to allow the device’s location to be determined without connecting to our servers. A temporary encrypted history of scanned Wi-Fi access points and cell towers nearby may also be kept in memory on the user’s device and later transmitted to our servers. A maximum of 100 historic scans will be retained on device. This encrypted cache information will be deleted from the device the next time the TPS technology connects to the servers, when the application terminates, or when the device is turned off.

Data Retention: Skyhook will retain the data described in Section 3 above generally for no longer than two (2) years or in limited cases for a longer period, as necessary to provide the services or for any other purposes described above. After that time, some of the information may be archived for statistical purposes and stored indefinitely in de-identified, anonymized or aggregated form.

Data Security: Skyhook uses a variety of technical, administrative, and organizational measures to protect data, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of all information.

8. How We May Share Information

Skyhook may share information as follows:

  • With our customers to provide location-based services;
  • With agents, vendors, processors or service providers that help Skyhook to process the data or operate our business, such as cloud service providers;
  • To comply with legal requirements or to respond to a lawful subpoena, search warrant or other legal process or government request received by Skyhook;
  • When Skyhook believes in good faith that disclosure is necessary to protect our legal and contractual rights or the safety of others or to investigate fraud;
  • If Skyhook is involved in a merger, acquisition, or sale of all or a portion of our assets, in which case users will be notified via a prominent notice on our website of any change in ownership or uses of the information; or
  • Where you have granted us permission.

Skyhook may also disclose the data to QTI and its affiliates.

9. Children’s Privacy

TPS is not developed or intended for persons under 13 years of age. We do not knowingly solicit or collect any personal data from children under the age of 13, nor do we knowingly market our services to children under the age of 13.

10. The EU GDPR, UK GDPR and Data Protection

With respect to individuals in the European Union, the European Economic Area (the “EEA”), the United Kingdom (the “UK”) and Switzerland who use TPS, the following policies, clarifications and rules also apply.

Key Terms

“Personal Data” means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Purposes and Lawful Basis for Processing Personal Data

Except where Skyhook Processes data on behalf of Skyhook’s customers, Skyhook is a data controller and Processes data for the purposes as set forth in this Policy, including to provide the TPS to our customers. To fulfill these purposes, Skyhook may access information, which may include personal data, to provide the TPS, to develop additional products or features, or in response to contractual requirements. Please see the sections above for additional details on how we collect, use, disclose and share data, make automated decisions and retain data, including personal data.

In general, the lawful basis for Skyhook’s Processing of personal data are: (i) informed consent, including as obtained via partners through contractual requirements and/or established consent frameworks, (ii) our legitimate interests, and (iii) the necessity of contract performance.

In particular, with respect to collection, use and other Processing of data specified under Section 3 of this Policy, including location data and MAC address of end user devices, which may constitute personal data, Skyhook relies upon the informed consent of the end user, as received through our customers and supply partners, or where applicable, the necessity of contract performance.

With respect to the collection of the approximate location of wireless hotspot information (MAC address, received signal strength, and location-related information), Skyhook relies upon its legitimate interest of delivering its services to its customers through providing approximate location calculation as a basis for collection and Processing.

With respect to the collection of IP addresses and approximate location associated with their use, Skyhook is not an Internet service provider (or ISP) providing the connectivity and does not maintain or have access to information linking the IP address to an individual subscriber. Nevertheless, to the extent that such information might constitute personal data as Skyhook uses it to develop a coarse geolocation position, Skyhook relies on (i) its legitimate interest of collecting location data in order to develop and deliver its services to customers and (ii) as necessary for Skyhook to comply with its contractual obligations to calculate the location and send it back to requesting devices, as a basis for Processing.

Additional Rights for Individuals in Europe

You may have one or more of the following additional rights available to you:

  • Access. With the exception of customer account information, Skyhook does not maintain any information regarding names, e-mail addresses, home addresses, nor do we attempt to link any location data to such fields. You may request a copy of the personal data we Process about you; we may request that you provide an unique device ID that is used by your service provider in order for Skyhook to locate your personal data.
  • Objection / Opt-Out / Erasure. To object to, restrict or erase (in certain circumstances) personal data (e.g., online identifiers such as the MAC address of your Wi-Fi access point) being Processed about you, as described above, you may directly opt-out from Skyhook’s use of MAC address or IP address by visiting our opt-out page available here.
  • Right to Lodge a Complaint with a Data Protection Authority (“DPA”). If you believe our Processing of personal data about you is inconsistent with the applicable data protection laws, lodge a complaint with your local supervisory DPA.

To exercise any of the above-listed rights (with the exception of the right to lodge a complaint with a DPA, which you may do directly to a DPA), please contact us by completing our web form here, or emailing us at [email protected]. We will process any requests in accordance with applicable law and within a reasonable period. We may need to verify your identity before processing your request.

Compelled Disclosures

Skyhook may be required to disclose personal data in response to lawful requests by public authorities, including disclosures necessary to meet national security or law enforcement requests or requirements, or pursuant to judicial orders, subpoenas, or similar legal process.

11. Cross-Border Transfers & Data Privacy Framework (“DPF”)

Skyhook has business processes, and technical systems that operate across borders. The information we collect is stored and processed on cloud servers in regions comprising the United States and other locations around the world. We may transfer information to affiliated entities, or to other third parties across borders and to other locations around the world. Use of the TPS constitutes consent to the transfer of the information described in this Policy to locations that may be outside of the country in which you live, and such places may be in the United States. In particular, if you are located within the EEA or the UK, please note that personal data received by Skyhook may be transferred outside the UK / EEA. Other than where we transfer personal data to the United States in accordance with the EU-U.S. DPF or the Swiss-U.S. DPF, we transfer personal data outside of these regions to jurisdictions which neither the European Commission nor the UK Government (as applicable) have determined as adequate from a data protection perspective, by utilizing standard contractual clauses (a copy of which can be obtained at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) to give legal effect to those transfers.

In addition, Skyhook complies with the principles of the EU-U.S. DPF and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States. Skyhook has certified to the Department of Commerce that it adheres to the EU-U.S. and Swiss-U.S. DPF Principles. If there is any conflict between the terms in this Policy and the EU-U.S. and Swiss-U.S. DPF Principles, the EU-U.S. and Swiss-U.S. DPF Principles shall govern. To learn more about the DPF, please visit our Skyhook Data Privacy Framework Notice and/or view our certification at www.dataprivacyframework.gov.

12. Your California Privacy Rights (For California Residents Only)

Our privacy practices are aligned with the requirements of the California Consumer Privacy Act (as may be amended from time to time) (CCPA). If you reside in California, we are required to provide additional information to you about how we use and disclose your Personal Information, and you may have additional rights with regard to how we use your Personal Information.

Personal Information

Consistent with Sections 3 to 5 above, we collect, and have collected in the prior 12 months, certain categories and specific pieces of information about individuals that are (or may be) considered “Personal Information” under the CCPA. Specifically, we may collect, receive or process the following types of Personal Information:

  • Identifiers, such as unique personal identifiers, hashed unique device identifiers, IP addresses, and MAC addresses of nearby Wi-Fi access points;
  • Geolocation, such as data regarding the physical location of devices or things (including mobile phones, Wi-Fi access points, etc.), or information about the location where internet connections are used; and
  • Sensitive Personal Information, such as precise geolocation. Please note that we will only use precise geolocation data for limited purposes under the CCPA, such as performing the services or providing the goods reasonably expected by an average consumer who requests those goods or services; preventing, detecting, and investigating security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information; resisting malicious, deceptive, fraudulent, or illegal actions directed at Skyhook and to prosecute those responsible for those actions; ensuring the physical safety of natural persons; verifying or maintaining the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by Skyhook; and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by Skyhook. We also do not collect sensitive personal information for the purpose of inferring characteristics about you.

Sources

The categories of third parties from whom we may collect or receive the Personal Information described above include the following:

  • Device makers or other enterprises who utilize our software or API services;
  • Partners, resellers and/or distributors of our software or API services;
  • Third party applications (such as Android or iOS applications); and
  • Data aggregators.

Purposes

We collect your Personal Information for the business and commercial purposes of providing the Skyhook services, as described in this Policy.

Disclosure

We may have disclosed, including in the prior 12 months, identifiers, geolocation, and precise geolocation data to the categories of recipients described in Section 8 above for the business purpose of providing the Skyhook services.

Your Rights

Subject to certain exceptions, as a California resident, you have the right to:

  • Request to know what Personal Information we have collected about you, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom we have disclosed your Personal Information, and the specific pieces of Personal Information we have collected about you;
  • Request deletion of your Personal Information;
  • Request correction of your Personal Information;
  • Not be discriminated against for exercising your privacy rights.

If you are a California resident and wish to exercise any of the rights described in this section, you may use the following methods to submit a request in relation to your Personal Information:

  • Enter on this webpage the MAC address or your home IP address which you would like to opt out with;
  • Contact us via the contact information in the end of this Policy.

Please note that we do not have the ability to connect your name with your device(s).However, we will ask you to provide your MAC address and home IP address to verify your identity (for right to know, correct and delete) and/or as necessary to process your request.

If permitted or required by applicable law, you may exercise your privacy rights through an authorized agent. If we receive your request from an authorized agent, we may ask for evidence that you have provided such agent with a power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf. If you are an authorized agent seeking to make a request, please contact us below.

In the context of the data processing activities within this Policy, we do not “sell” or “share” your personal information and have not done so in the prior 12 months.

13. Other Jurisdictions and Privacy Rights

Skyhook is a subsidiary of the Qualcomm family of companies. If you are a resident of another state or country and would like to exercise other privacy rights available in your region, please contact us below. You can also learn more about our broader data handling practices and other rights you may be entitled to by visiting Qualcomm Privacy Policy.

13. Updates and Changes to Privacy Policy

Skyhook may amend this Policy from time to time. When we do, we will also revise the “last updated” date at the beginning of the Policy. We encourage you to review this policy periodically to stay informed about how we collect, use, and share personal data.

14. Contact Information

If you have any questions, concerns or complaint regarding our privacy practices, would like to reach out to our Data Protection Officer, or if you’d like to exercise your choices or rights, you can contact us as follows:

  • By email at [email protected]
  • By mailing to Qualcomm Incorporated, Attn. Privacy Office, 5775 Morehouse Dr., San Diego, CA, 92121, USA

We will make every effort to resolve your concerns.

Related

Qualcomm relentlessly innovates to deliver intelligent computing everywhere, helping the world tackle some of its most important challenges. Our leading-edge AI, high performance, low-power computing, and unrivaled connectivity deliver proven solutions that transform major industries. At Qualcomm, we are engineering human progress.

Stay connected

Get the latest Qualcomm and industry information delivered to your inbox.

Subscribe
Manage your subscription
Also of Interest

© Qualcomm Technologies, Inc. and/or its affiliated companies.

Snapdragon and Qualcomm branded products are products of Qualcomm Technologies, Inc. and/or its subsidiaries. Qualcomm patented technologies are licensed by Qualcomm Incorporated.

Note: Certain services and materials may require you to accept additional terms and conditions before accessing or using those items.

References to "Qualcomm" may mean Qualcomm Incorporated, or subsidiaries or business units within the Qualcomm corporate structure, as applicable.

Qualcomm Incorporated includes our licensing business, QTL, and the vast majority of our patent portfolio. Qualcomm Technologies, Inc., a subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries, substantially all of our engineering, research and development functions, and substantially all of our products and services businesses, including our QCT semiconductor business.

Materials that are as of a specific date, including but not limited to press releases, presentations, blog posts and webcasts, may have been superseded by subsequent events or disclosures.

Nothing in these materials is an offer to sell or license any of the services or materials referenced herein.