Mobile app Privacy
Visma Enterprise takes security and privacy very seriously. We are ISO 27001 certified and run a private Bug Bounty program on hackerone.com. The collected data is used solely for the intended purpose and for improving the service, via statistics and usage analysis, no personal data is sold to any third party.
What data we collect?
The collected data includes the pictures you take or pick from gallery and PDF attachments that you want to attach to travel claims as receipts. The pictures that you have taken or files selected as attachments will not be sent to our service until you click the “send attachments” button. Camera is also used to handle QR code reading which can be used to login the mobile app.
While using the “Journeys” function, your device collects data about your phone location and route. When you send data to the M2 server, only the journey’s time, length as well as starting- and endpoints of the route, location of the stops and their addresses are shown on the kilometre claim. All data is treated according to Finnish law and used only accordance with the agreement made with your employer.
Force to follow roads feature
By enabling the “Force to follow roads” -setting in the app, you consent to send your route information anonymously to Google Snap to Road API. Google returns the enhanced route back to the App. You may turn the setting off whenever you want, if you want to use only GPS raw data without enhancing it with Google Snap to Road API.
You are, at any time, able to disable the location data or camera access from the application settings in iOS and Android 6.0 or later, thus disabling “Journeys” function or camera functions.
Android specific permissions:
INTERNET, VIBRATE, ACCESS_COARSE_LOCATION, ACCESS_FINE_LOCATION, FOREGROUND_SERVICE, CAMERA, READ_MEDIA_IMAGES, READ_EXTERNAL_STORAGE, SYSTEM_ALERT_WINDOW, POST_NOTIFICATIONS
iOS specific permissions:
CameraUsage, LocationAlwaysUsage, LocationWhenInUseUsage, LocationAlwaysAndWhenInUseUsage, PhotoLibraryUsage, PhotoLibraryAddUsage, MotionUsage
What it's not used for
We do not sell your personal information to anyone, ever.
Our app security measures include but are not limited to:
HTTPS -protocol using TLS with the most secure algorithms
Data centre location
Third party libraries
Detailed up to date list of used libraries is listed in the Apps.