PRIVACY POLICY

Cambridge Mobile Telematics Inc (“CMT”) are committed to protecting and respecting your privacy.

1. Scope

This privacy policy (“Privacy Policy”) together with our Mobile App License Agreement, and any other documents referred to therein, sets out the basis on which CMT collects personal data from users, or which users provide, when using the CMT app (the “App”) or the services via CMT’s website at www.cmtelematics.com (“Services”) and how such personal data will be stored, processed or shared by CMT. Please read the following carefully to understand our views and practices regarding your personal data and how CMT will treat it. By registering to use the App or Services, clicking the relevant tick boxes prior to installing the App and then using the App and Services, you agree to the practices described in this Privacy Policy.

2. Data Controller

Cambridge Mobile Telematics Inc. of 101 Main Street, Suite 1400, Cambridge, MA 02142, USA is the data controller of your personal data when it collects data from individuals employed by CMT’s customers or partners who register to use the Services or from individuals who register directly with CMT to use the App. In all other circumstances CMT is not a data controller but a data processor of its customers and partners, who are data controllers and who collect personal data from individuals using the Services or App.

3. Legal Basis for Processing

CMT collects and uses the personal data described below in order to provide you with access to our App and Services in a reliable and secure manner. We also collect and use personal data:

  • For our legitimate business needs;
  • To fulfil our contractual obligations to you;
  • To comply with our legal obligations.

To the extent CMT processes your personal data for any other purposes, we ask for your consent in advance or require that our partners who provide you with access to the App or Services obtain such consent.

4. Collection of Information

CMT provides various solutions to its customers and partners and collects personal data from the individual users of its partners and customers when they use the website, personal data is collected from users when they purchase products, use the Services or App register on our website, log-in to their account, complete surveys, request information, fill in forms or correspond with us by phone, email or otherwise or report a problem with the App or Services.

Information you provide

The information you give us may include your name, user name, password, address, email address, work telephone number, title, company name, and any additional information you choose to provide. Such information is requested from you when you create an account as it is necessary to enable the website, App, or Services to function in accordance with the terms of our agreement with you.

Information we collect

The information that CMT collects from you may vary based on your interaction with our website, Services or App. CMT may automatically collect the following information:

  • Each time you visit the website. Our server collects technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, user name, date, time and files accessed, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform, phone settings, WIFI settings, GPS data and phone sensor data and phone state. These access logs are kept for a reasonable period of time;
  • When you use the App or Services CMT will collect behavioral information about your driving style and habits, such as speed, acceleration, braking and cornering and combine this with weather, traffic, time of day and other contextual data. Such use is based upon you giving explicit consent to this profiling when registering to use the App or Services.
  • Information from other online accounts to which you have given us permission to collect data from within your settings or the privacy policies of these other online services. For example, you consent to sending us your geographical location data when accessing our App or Services from your smartphone or from the integrations and connections that you choose to install when using the App or Services. CMT requires this information in order for the App and Services to function properly.

Information we receive from other sources

CMT may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected from using the App or Services. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.

Sensitive Data

CMT does not collect personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data.

5. Cookies

We use cookies to distinguish you from other users of our website for security and authentication purposes and also to track activity, such as page views and downloads. For further information about the cookies we use, please see our Cookie Policy.

6. Use of Information

We use information held about you in the following ways.

Information you provide

We will use this information:

  • To carry out our obligations arising from any contracts entered into between you and us (including managing transactions, reporting, invoices, renewals, and other operations related to providing services to you);
  • To provide you with the information, products and services that you request from us;
  • To maintain, support, deliver and provide you with requested products and Services;
  • To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
  • To provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (email or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this by ticking the relevant box situated on the form on which we collect your data;
  • To notify you about changes to our website, App or Services;
  • To ensure that content from our website and Services is presented in the most effective manner for you and for your computer.
  • To satisfy governmental reporting, tax, and other requirements (e.g., import/export rules).

Information we collect

We will use this information:

  • To profile and analyze the driving habits of users and create a personalized driving score for each user;
  • To create aggregated statistics on all users of the Service and App;
  • To administer our website, App or Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • To inform you about scheduled website or Services downtimes and new features;
  • To improve our website, App or Services to ensure that content is presented in the most effective manner for you and your computer;
  • For the purposes of performance, usability, site administration, security reviews, and to help improve the experience of visitors to our website;
  • To allow you to participate in interactive features of our website, App or Services, when you choose to do so;
  • As part of our efforts to keep our website, App or Services safe and secure.

Information we receive from other sources

We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

We will not sell or rent your personal data to any third parties.

You can withdraw consent to us using your personal data or behavioral data for profiling purposes or receiving marketing communications, at any time, free of charge, by deleting the App from your device or making a request to us as at: privacy@cmtelematics.com.

7. Disclosure of Information

CMT also may disclose personal data for other purposes or to other third parties where you have explicitly consented to this on registering to use the App or Services.

Please be aware that CMT may be required to disclose personal data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. CMT is liable for appropriate onward transfers of personal data to third parties.

Information we share with third parties

Information about you is an integral part of our business. We neither rent nor sell your personal data to any third party. We will share your personal data only with entities that are controlled by or under common control of CMT, as described below:

  • Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 for the purpose of conducting our operations and offering our products and Services;
  • Third parties who act as agents, consultants, suppliers and contractors to perform tasks on behalf for the performance of any contract we enter into with them or you to provide our products or Services to you, or to otherwise communicate with you, such as to provide marketing or offers to you. Examples may include removing repetitive information from customer lists, analyzing data, providing marketing assistance, conducting billing, engaging technical support for our Services, providing customer service, and performing analysis related to our products or Services. We may also provide your personal data to such third parties who may verify or compile aggregate usage data that we provide to our partners. When we share this information in this way, we require the third party to agree to maintain the confidentiality and the security of the personal data. CMT only discloses personal data to such third parties who reasonably need to receive the data for the scope of the transaction and not for other purposes. Such third parties must be under contract with CMT, binding them to adhere to the Privacy Shield standards;
  • Analytics and search engine providers that assist us in the improvement and optimization of our website;
  • Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.

Information we disclose to third parties

We may disclose your personal data to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • If we or a member of our group of companies or substantially all of their assets are acquired by a third party, in which case personal data held by them about their customers will be one of the transferred assets;
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Mobile App License Agreement, and/or any other agreements; or to protect the rights, property or safety of CMT, our users, Customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Notification of Disclosures

Except as set out above, you will be notified when your personal data may be shared with or disclosed to third parties.

Information you post on our website

Our website or Services may provide you with opportunities to post comments and identifying information, such as to our blog. When you post to the blog, this information may appear in public ways, such as through search engines or other publicly available platforms and may be “crawled” or searched by third parties. Please do not post any information that you are not comfortable revealing to the public at large.

Unsubscribing

CMT respects your privacy and has no desire to contact you if you do not wish to hear from us. If, for any reason, you wish to cease receiving messages from CMT, please send an email to privacy@cmtelematics.com with a subject line of “Unsubscribe”, including any other details that will help us fulfill your request. You may also click on the “unsubscribe” link at the footer of any email you receive from CMT.

8. Protection of Information

Security and Privacy Group

CMT has designated the security and privacy group to oversee its information security program, including its compliance with the EU and Swiss Privacy Shield Frameworks. The security and privacy group shall review and approve any material changes to this Privacy Policy as necessary. CMT will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the personal data that it collects. CMT personnel will receive training, as applicable, to effectively implement this Privacy Policy.

Security

CMT uses reasonable efforts to maintain the accuracy and integrity of personal data and to update it as appropriate. CMT has implemented physical and technical safeguards to protect personal data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored personal data is stored on a secure network with firewall protection, and access to CMT’s electronic information systems requires user authentication via password or similar means. CMT also employs access restrictions, limiting the scope of employees who have access to personal data.

All information you provide to us is stored on our secure servers. CMT uses secure encryption technology to protect certain categories of personal data. Any credit card information or payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the website or Services, you are responsible for keeping this password confidential. We ask you not to share any password with anyone.

Despite these precautions, the transmission of information via the Internet is not completely secure. Although CMT will endeavor to protect your personal data, we cannot guarantee the security of your data. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

9. Links to other websites

Our website and the Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

10. Accessing Information

CMT personnel may access and use personal data only if they are authorized to do so and only for the purpose for which they are authorized.

11. Children

Our website, the App and the Services are not intended for and shall not be used by anyone under the age of 18

12. Right to Access or Rectify Information

You have the right to know what personal data CMT holds about you to ensure that such personal data is accurate and relevant for the purposes for which CMT collected it. You may review your own personal data stored in the databases and correct, erase, or block any personal data that is incorrect, as permitted by applicable law and CMT policies. You may edit your personal data by logging into your account profile or by contacting CMT by email at privacy@cmtelematics.com. In making modifications to your personal data, you must provide only truthful, complete, and accurate information.

13. Users located within the EU

The following section only applies to personal data of users located in the European Union. The European Union shall for the purposes of this Privacy Policy include the UK.

Your rights

You have the right to request:

  • Access to your personal data;
  • Rectification or deletion of your personal data;
  • A restriction on the processing of your personal data;
  • Object to the processing of your personal data;
  • A transfer of your personal data (data portability).

You can make a request in relation to any of the above rights by contacting CMT as set out at the end of this Privacy Policy. We will respond to such queries within 30 days and deal with requests we receive from you, in accordance with the provisions of applicable data protection law.

Where we store Information

The Services are global and your information (including personal data) may be stored and processed in any country where CMT has operations or where we engage service providers, and we may transfer your information to countries outside of your country of residence, which may have data protection rules that are different from those of your country of residence.

The personal data that we collect from you may therefore be transferred to, and stored at, a destination outside the European Economic Area (“EEA“). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or partners. Such staff or subcontractors maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details or the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing outside of the EEA.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. In particular, this means that your personal data will only be transferred to a country that provides an adequate level of protection (for example, where the European Commission has determined that a country provides an adequate level of protection) or where the recipient is bound by standard contractual clauses according to conditions provided by the European Commission (“EU Model Clauses”).

Our website, App and Services are accessible via the internet and may potentially be accessed by anyone around the world. Other users may access the website, App or Services from outside the EEA. This means that where you chose to post your data on our website or in the Services, it could be accessed from anywhere around the world and therefore a transfer of your data outside of the EEA may be deemed to have occurred. You consent to such transfer of your data for and by way of this purpose.

Consent

You have the right to withdraw your consent to us processing your personal data, at any time, by writing to us at the contact address given at the end of this Privacy Policy.

Where we process your personal data for marketing purposes, we will inform you and obtain your opt in consent (before collecting your personal data) if we intend to use your personal data for such purposes or if we intend to disclose your information to any third party for such purposes. If you change your mind about being contacted in the future, please opt out by clicking the “unsubscribe” link at the bottom of any email. Once you do this, you will no longer receive any marketing emails from us. We will continue to communicate with you regarding your service billing and support via email.

We send push notifications from time to time in order to update you about any service updates, events and promotions we may be running. If you no longer wish to receive these communications, please disable these in the settings on your device.

Data Retention

We retain personal data for as long as necessary for the relevant activity for which it was provided or collected. This will be for as long as we provide access to the website, App or Services to you, your account with us remains open or any period set out in any relevant contract you have with us. However, we may keep some data after your account is closed or you cease using the website, App or Services for the purposes set out below.

After you have closed your account or ceased using the Services for a period of at least 90 days, we usually delete personal data, however we may retain personal data where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our Mobile App License Agreement,, or fulfil your request to “unsubscribe” from further messages from us.

We will retain de-personalized information after your account has been closed.

Please note: After you have closed your account or deleted information from your account, any information you have shared with others will remain visible. We do not control data that other users may have copied from the Services. Your profile may continue to be displayed in the services of others (e.g. search engine results) until they refresh their cache.

Complaints

If you have any complaints about our use of your personal data please contact us as set out at the end of this Privacy Policy or contact our supervisory authority.

14. EU – US Privacy Shield

Right to Access, Change or Delete personal data

Upon reasonable request and as required by the Privacy Shield principles, CMT allows you to access your personal data, in order to correct or amend such data where inaccurate.

To request erasure of personal data, you should submit a written request to CMT.

Requests for Personal Data

CMT will track each of the following and will provide notice to the appropriate parties under law and contract where:

  • A legally binding request for disclosure of personal data is made by a law enforcement authority, unless prohibited by law or regulation; or
  • Requests are received from a user.

Satisfying Requests for Access, Modifications, and Corrections

CMT will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate personal data.

CMT respects consumer concerns about privacy. We comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data transferred from the European Union and/or Switzerland to the United States. CMT has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

To learn more about the Privacy Shield program, and to view our certification page, please visit: www.privacyshield.gov

The Federal Trade Commission (FTC) has jurisdiction with enforcement authority over CMT’s compliance with the Privacy Shield.

Renewal / Verification

CMT will renew its US-EU Privacy Shield and Swiss-US Privacy Shield certifications annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.

Prior to the re-certification, CMT will conduct an in-house verification to ensure that its attestations and assertions about its treatment of personal data are accurate and that CMT has appropriately implemented these practices. Specifically, as part of the verification process, CMT will undertake the following:

  • Review this Privacy Policy to ensure that it accurately describe the practices regarding the collection of personal data:
  • Ensure that the publicly posted Privacy Policy informs users of CMT’s participation in the US EU Privacy Shield and US Swiss Privacy Shield programs and where to obtain a copy of additional information (e.g., a copy of this Privacy Policy);
  • Ensure that this Privacy Policy continues to comply with the Privacy Shield principles;
  • Confirm that users are made aware of the process for addressing complaints and any independent dispute resolution process (CMT may do so through its publicly posted website, Individual customer contract, or both;
  • Review its processes and procedures for training CMT employees about CMTs participation in the Privacy Shield programs and the appropriate handling of personal data;
  • CMT will prepare an internal verification statement on an annual basis.

Notification

CMT notifies users about its adherence to the EU-US Privacy Shield and Swiss-US Privacy Shield principles through this publicly posted website Privacy Policy, available at: www.cmtelematics.com/privacy

Complaints

In compliance with the US-EU and Swiss-US Privacy Shield Principles, CMT commits to resolve complaints about your privacy and our collection or use of your personal information. EU and Swiss individuals with questions or concerns about the use of their personal data should contact us at: privacy@cmtelematics.com.

If your question or concern cannot be satisfied through this process CMT has further committed to refer unresolved privacy complaints under US-EU Privacy Shield and Swiss-US Privacy Shield to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus, located in the United States and provided to individuals free of charge.

If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed by CMT, EU and Swiss individuals may bring a complaint before the BBB EU Privacy Shield program details of which can be found at: https://www.bbb.org/EU-privacy-shield/for-eu-consumers

Finally, as a last resort and in limited situations, EU and Swiss individuals with unresolved complaints may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.

15. Changes to the Privacy Policy

This Policy may be amended from time to time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles. We will make CMT employees aware of changes to this Privacy Policy either by posting to our intranet, through email, or other means. Any changes we make to this Privacy Policy will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.

This Privacy Policy was last updated on the 7th of June 2018 and replaces any other Privacy Policy previously applicable from this date.

16. Contact

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to:

By post: Cambridge Mobile Telematics Inc. of 101 Main Street, Suite 1400, Cambridge, MA 02142, USA

By email: privacy@cmtelematics.com