This Privacy Policy explains how personal data is collected, used, shared, and protected in connection with BEAM Device Management, a business-to-business Android management service provided by B8N LTD t/a BAYTON ("BAYTON", "we", "us", or "our").

B8N LTD is a private limited company registered in England and Wales under company number 16444194. Our registered office is Agincourt House, 14 Clytha Park Road, Newport, Gwent, United Kingdom, NP20 4PB.

It should be read alongside the BEAM Device Management Terms and Conditions, whose Data Protection section sets out the data processing terms that apply between BAYTON and its Customers. Where this policy uses defined terms such as "Customer", "Reseller", "Admin User", "End User", "Device", and "Customer Data", those terms have the meaning given in the Terms.

For privacy questions, data requests, or legal notices, contact [email protected].

1. Who We Are

BEAM Device Management is a service of B8N LTD t/a BAYTON, a private limited company registered in England and Wales under company number 16444194, with its registered office at Agincourt House, 14 Clytha Park Road, Newport, Gwent, United Kingdom, NP20 4PB.

BAYTON is responsible for the personal data described in this policy in the manner set out below. You can reach us at [email protected] for any matter relating to privacy or data protection.

2. Scope of This Policy

This policy covers personal data processed in connection with:

  1. The BEAM Device Management website, contact form, and related online presence.
  2. Account registration, administration, billing, support, and service communications.
  3. The operation of the BEAM Device Management service itself, including the management of Android Devices and End Users on behalf of Customers.

BEAM Device Management is a service supplied to organisations for business use only. It is not directed at consumers or members of the public. Where Devices and End Users are managed through the service, the relevant Customer or Reseller is responsible for providing its own privacy notices to its staff, contractors, and End Users.

3. Our Role: Controller and Processor

Our role under data protection law depends on the data in question.

For Customer Data processed through BEAM Device Management on behalf of a Customer, the Customer is the controller and BAYTON is the processor, unless applicable law requires a different role. Our processing of that data is governed by the Data Protection section of the Terms and Conditions, which forms our data processing terms.

For our own account administration, billing, legal compliance, security, support, business operations, fraud prevention, service communications, and the BEAM website, BAYTON acts as an independent controller.

4. The BEAM Website and Contact Form

If you submit the contact or enquiry form on the BEAM website, we collect the information you provide, which may include your name, email address, organisation, device estate size, and the content of your message. This information is sent to BAYTON by email so that we can respond to your enquiry, assess suitability, and follow up about BEAM Device Management.

We use this information on the basis of our legitimate interest in responding to enquiries and in taking steps at your request before entering into a contract. We do not use website enquiry data for unrelated marketing without an appropriate lawful basis.

5. Personal Data We Process

Depending on how you interact with BEAM Device Management, the personal data we process may include:

  1. Enquiry and website data: name, email address, organisation, device estate size, and message content submitted through the contact form.
  2. Account and Admin User data: Admin User names, email addresses, roles, authentication records, group membership, and audit logs.
  3. Organisation and billing data: Customer and Reseller organisation names, addresses, billing details, contact details, subscription records, and commercial records.
  4. End User data: End User names, email addresses, identifiers, group assignments, Device associations, and support records.
  5. Device and management data: Device identifiers, serial numbers, IMEI, MEID, Android IDs, hardware IDs, enrolment identifiers, operating system information, app inventory, compliance state, policy state, network information, IP addresses, location data where enabled by the Customer, command history, logs, and other MDM-related data.
  6. Configuration data: policy, workflow, application, enrolment, audit, diagnostic, and configuration data.
  7. Support and communications data: correspondence, support requests, and records of communications with us.

Much of the device and management data above is submitted to or generated through the service by Customers and their Admin Users. As described in section 3, BAYTON processes that data as a processor on the Customer's behalf.

6. How and Why We Use Personal Data

We use personal data to:

  1. Provide, operate, support, secure, maintain, troubleshoot, and improve BEAM Device Management.
  2. Respond to enquiries, set up trials and accounts, and communicate about the service.
  3. Administer subscriptions, orders, invoicing, and payments.
  4. Provide support and respond to security, abuse, and operational matters.
  5. Monitor service performance, reliability, and capacity, and prevent fraud and misuse.
  6. Comply with our legal, regulatory, platform, and contractual obligations.

We do not sell personal data, and we do not use Customer Data for third-party advertising. We may use aggregated or de-identified operational information to understand service performance, improve reliability, monitor abuse, generate product statistics, or plan capacity, provided it does not identify a Customer, End User, or Device. No automated decision-making or profiling producing legal or similarly significant effects is carried out on the personal data we process.

7. Legal Bases for Processing

Where BAYTON acts as a controller, we rely on the following legal bases under the UK GDPR and EU GDPR:

  1. Contract: to provide the service to Customers and Resellers and to take steps at their request before entering into a contract.
  2. Legitimate interests: to operate, secure, support, and improve the service, respond to enquiries, prevent fraud and abuse, and run our business, provided these interests are not overridden by your rights and interests.
  3. Legal obligation: to meet our legal, tax, accounting, and regulatory obligations.
  4. Consent: where we ask for it for a specific purpose, which you may withdraw at any time.

Where BAYTON acts as a processor, we process personal data on the documented instructions of the Customer as controller, as set out in the Data Protection section of the Terms.

8. Cookies and Tracking

The BEAM Device Management website does not use advertising cookies or third-party analytics tracking. We may use a minimal number of strictly necessary cookies or equivalent technologies required for the website and any administrative interfaces to function and remain secure.

BEAM Device Management does not use cookies or similar tracking technologies on managed Devices for advertising or independent surveillance purposes. Device and management data is processed solely to deliver enterprise mobility management on behalf of the Customer.

9. Sub-processors and Other Recipients

We use a small number of carefully selected sub-processors and providers to deliver BEAM Device Management. Current sub-processors include:

Sub-processorPurposeProcessing location
Amazon Web ServicesHosting, infrastructure, storage, compute, networking, security, backupsUK and EU
Google / Android Management APIAndroid Enterprise device management, policy application, Android Device Policy, device and enterprise processingIncludes United States processing for AMAPI device information
StripePayment processing where Stripe is usedAs provided by Stripe
Drewdan LtdService operations, development, technical support, or related service assistanceUK

We impose on each sub-processor, by written contract, data protection obligations that are materially equivalent to our own, and we remain responsible for their processing of Customer personal data. We may update sub-processors where needed to provide, secure, or improve the service. Where required by data protection law, we will give notice of material sub-processor changes and provide an opportunity to object on reasonable data protection grounds, as set out in the Terms.

We may also disclose personal data where required by law, court order, regulator, or platform provider, or to protect our rights, the service, our Customers, End Users, or third parties. We do not otherwise sell or share personal data with third parties for their own commercial purposes.

10. International Data Transfers

We primarily host and process personal data in the UK and EU. Some processing may occur elsewhere where required by third-party providers, including Google AMAPI processing of device information in the United States.

Where personal data is transferred internationally, we take steps designed to ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, international data transfer agreements, provider transfer mechanisms, or other lawful transfer safeguards.

11. How Long We Keep Data

We keep personal data for as long as needed for the purposes described in this policy.

  1. Customer Data processed as processor: retained for the duration of the relevant Account, Order, subscription, trial, or support relationship. Following termination or expiry, we delete or anonymise Customer Data within 30 days, unless retention is required by law, billing, tax, accounting, dispute resolution, security, backup expiry, fraud prevention, or legitimate business records.
  2. Account, billing, and commercial records: retained for as long as required to administer the relationship and to meet legal, tax, and accounting obligations.
  3. Enquiry and support correspondence: retained for as long as needed to handle the enquiry and for our reasonable business records.

Customers should export any data they require before termination. We may provide export assistance where available and reasonably requested.

12. How We Protect Data

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure.

These measures may include access controls, authentication controls, encryption in transit, provider security controls, logging, backups, vulnerability management, role-based access, and operational monitoring. Persons authorised to process personal data are subject to appropriate obligations of confidentiality.

Customers remain responsible for Account security, Admin User permissions, policy configuration, local device security, End User practices, and any systems or integrations under their control.

13. Your Rights

Subject to applicable data protection law, individuals have the following rights in relation to their personal data: access, rectification, erasure, restriction of processing, objection to processing, and data portability. Where we rely on consent, you may withdraw it at any time without affecting processing carried out before withdrawal.

Because BEAM Device Management is a business service, much of the personal data we process relates to Customers' staff and End Users and is processed by us as a processor on the Customer's behalf. If you are an End User or Admin User, you should normally direct rights requests to the organisation that manages your Device or account, as that organisation is the controller. Where a request relates to data for which a Customer is the controller, we may redirect it to, or require approval from, the relevant organisation's representatives, which may delay a response.

To exercise your rights or ask a question about how your data is handled, contact [email protected].

14. Data Breaches

Where we act as a processor, we will notify the affected Customer without undue delay after becoming aware of a personal data breach affecting Customer Data we process, with the information reasonably available to us at the time, provided in phases as our investigation progresses. The Customer, as controller, is responsible for assessing whether notification to regulators or individuals is required, unless we are legally required to notify directly.

Where we act as a controller, we will assess and, where required, report personal data breaches to the relevant supervisory authority and affected individuals in line with our legal obligations.

15. Children's Data

BEAM Device Management is a business service and is not intended for children. We do not knowingly collect personal data directly from children. Where a Customer uses the service to manage Devices used by individuals under the age of consent, that Customer is responsible for ensuring it has a lawful basis and appropriate notices and consents in place. If we become aware that we have inadvertently processed a child's personal data without an appropriate lawful basis, we will take reasonable steps to address it.

16. Changes to This Policy

We may update this policy from time to time. Where changes are material, we will take reasonable steps to notify affected Customers, such as by email, in-product notice, or website notice. The updated policy will be posted on this page with a revised "Last updated" date, and will apply from the date of publication unless stated otherwise.

17. Contact Us and Complaints

For any question, request, or concern about this policy or our handling of personal data, contact us at [email protected], or write to B8N LTD t/a BAYTON, Agincourt House, 14 Clytha Park Road, Newport, Gwent, United Kingdom, NP20 4PB.

If you are in the UK and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. If you are in the EU, you may lodge a complaint with your local data protection supervisory authority. We would, however, appreciate the chance to address your concerns before you do so.

↑ Back to top