Evox Mobile Application Privacy Policy

The Evox mobile app enables users to seamlessly access and utilise Evox system functions directly from their handheld devices. The app is designed to align with our existing privacy policy, with previously gathered data used to configure and enable user access to the application when requested.

 

The app serves as an addition and alternative to the existing Evox system, giving users the flexibility to download and use it if they choose. It is important to note that the mobile application has been developed to complement Evox’s core functionality, not to replace it.

How is Your Personal Information Collected?

We collect personal information about employees, workers and contactors through the application and recruitment process, either directly from candidates or sometimes from an employment agency. We may sometimes collect additional information from third parties including former employers or background check agencies, e.g. Disclosure Scotland. We will collect additional personal information in the course of job-related activities throughout the period of you working for us.

 

For more information about how we use your data, please visit our company privacy policy.

Mobile Application Third Party Data Gathering & Validation

Authentication & User Identity Data

Microsoft Authentication Data

  • We authenticate with Microsoft and retrieve basic profile data from Microsoft Graph (/v1.0/me): display name, email (userPrincipalName), and user ID. Scopes: openid, profile, email, User.Read.
  • We store an OAuth access token locally on the device to keep you signed in

Company Validation

  • Company Names: User-entered company identifiers sent to https://evoxsolutions.tech/EndpointFinder/lookup/

Local Device Storage

  • Onboarding status flag - to ensures users complete onboarding only once
  • Authentication tokens - as part of session management
  • App preferences

Timesheet & Work Data Collection

Data is collected in order to handle all information related to adding and editing timesheets in the app and is passed to the backend API for storage.

Work Hours & Time Tracking Timesheet Data:

  • Time entry details with specific job, activity, hours and dates
  • Timesheet status
  • Timesheet IDs

Device & System Information

  • Platform (iOS/Android) and app version may be processed for compatibility. We do not currently collect analytics, crash reports, or installation/update events.
  • The application will be installed on users personal and/or company devices.


Third-Party SDK Data Collection

Key Dependencies with Potential Data Collection:

  • expo-auth-session (authentication), expo-web-browser (auth UI), @react-native-async-storage/async-storage (local storage), axios (HTTP client). expo-crypto/haptics/linking are used for in-app functionality and do not collect or transmit personal data.

Platform-Specific Permissions

  • iOS Permissions (from app.config.js)
  • No explicit permissions currently configured beyond defaults

Android Permissions (from app.config.js)

  • Internet access (implicit)
  • Network state access (implicit)

 

Data Retention and Deletion

Data Retention

As per our existing privacy Policy, We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. If we have a relationship with you, we hold your personal information for a maximum of 7 years from the date our relationship ends, the only exception to this is some Health and Safety records which we are required to keep for a minimum of 40 years. All personal information held will be securely and effectively destroyed or permanently erased from IT systems when no longer necessary to be held. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Right to Withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please email People And Culture peopleandculture@gegroup.com.  Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.