Cambridge Mobile Telematics, Inc. takes your privacy seriously. This policy explains how we collect, use, and protect Personal Data submitted and collected by Cambridge Mobile Telematics, Inc. on its website located at www.cmtelematics.com and via its CMT branded mobile apps.
- Personal Data means information that determines the identity of an individual.
- Controller (Not Processor).
- DATA COLLECTION.
- Interest in Services. If you have an interest in obtaining information about our services; request customer support; contact us; register to use our websites; sign up for an event, webinar or contest; or download content, we may require that you provide to us your contact information (name, title, company name, address, phone number, email address or username and password);
- Purchases. If you make purchases via our website or register for a trial usage of any of our services, we may require that you provide to us your financial and billing information, such as billing name and address, number or bank account information;
- If you interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails (such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data;
- If you attend a physical or online event, we may scan your attendee badge or ask you to provide us with your information (which may include your name, title, company name, address, country, phone number and email address);
- Log Files. If you use and interact with our services, we automatically collect information about your device and your usage of our services through log files and other technologies, some of which may qualify as Personal Data;
- If you voluntarily submit certain information to our service, such as filling out a survey about your experience, we collect the information you have provided;
- Office Visits. If you are a customer or prospective customer and you visit our offices, you will be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival; and
- Other Sources. We also collect information about you from other sources including third parties from whom we purchase Personal Data and from publicly available information.
- We may combine this information with Personal Data provided by you.
- We collect such Personal Data from these sources.
- Third party providers of business contact email addresses, IP addresses, social media profiles, LinkedIn URLs and custom profiles, for purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility and verifying contact information.
- USE OF TRACKING TECHNOLOGIES AND COOKIES.
We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons, pixels, and similar technologies to automatically collect information that may contain Personal Data as you navigate our websites, our services, or interact with emails we have sent to you.
- Automatically When you Visit our Sites.
- This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider and/or mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites.
- This information is used to analyze overall trends, help us provide and improve our websites, offer a tailored experience for website users, and secure and maintain our websites.
- Automatically (as a Controller) as part of our Cloud Services.
- This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server), mobile device number, device and application identification numbers, location, browser type, Internet service provider or mobile carrier, the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system and system configuration information and date and time stamps associated with your usage.
- This information is used to maintain the security of the services, to provide necessary functionality, to improve performance of the services, to assess and improve customer and user experience of the services, to review compliance with applicable usage terms, to identify future opportunities for development of the services, to assess capacity requirements, and to identify customer opportunities.
- Some of the data collected by the services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this data is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers.
- We use technologies such as cookies, to gather information about the use of our websites and how people interact with our emails.
- Notices on behavioral advertising and opt-out for website visitors.
- We or one of our authorized partners may place or read cookies on your device when you visit our websites for the purpose of serving you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”). To learn more about targeted advertising and advertising networks please visit the opt-out pages of the Network Advertising Initiative at https://optout.networkadvertising.org/?c=1, and the Digital Advertising Alliance at https://optout.aboutads.info/?c=2&lang=EN.
- To manage the use of targeting and advertising cookies on this website, click the Cookie Preferences link in the footer of the page or consult your individual browser settings for cookies. To learn how to manage privacy and storage settings for Flash cookies, click here. Various browsers may also offer their own management tools for removing HTML5 local storage.
- Do Not Track.
- While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform. Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our websites.
- LEGAL BASIS FOR PROCESSING.
We rely on the following authorized legal basis to collect and process your Personal Data, unless consent is required by law:
- To fulfil our contractual obligations to you.
- To comply with our legal obligations.
- Legitimate interests.
- DATA Use.
- Websites and Services. We process your Personal Data to perform our contract with you for the use of our websites, mobile apps and services and to fulfill our contractual obligations; if we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate business interest to operate and administer our websites and to provide you with content you access and request (e.g., to download content from our websites); With our contracted service providers, who provide services such as IT and system administration, hosting, help desk, CRM, marketing automation, including: AWS (if you need more specific information, please contact email@example.com );
- Contact and User Support. If you request support, or if you contact us by other means including via a phone call or webform, we process your Personal Data to perform our contract and to the extent it is necessary for our legitimate business interest in fulfilling your requests and communicating with you;
- Payments. If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you;
- We process your Personal Data by tracking use of our websites and services, creating aggregated non-personal data, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies to the extent it is necessary to comply with our contractual obligations, our legal obligations and for our legitimate business interests in promoting the safety and security of the services, systems and applications and in protecting our rights and the rights of others; With our contracted service providers, who provide services such as IT and system administration, hosting, help desk, CRM, marketing automation, including: AWS (if you need more specific information, please contact firstname.lastname@example.org );
- We process your Personal Data to analyze trends and to track your usage of and interactions with our websites and services to the extent it is necessary for our legitimate business interests (and with your consent, where this is required), in order to develop and improve our websites and services and provide our users with more relevant content and service offerings; With our contracted service providers, who provide services such as IT and system administration, hosting, help desk, CRM, marketing automation, including: AWS (if you need more specific information, please contact email@example.com );
- We process your Personal Data to review compliance with our contracts and policies to the extent that this required as part of our legal obligations, contractual obligations or for our legitimate business interests;
- Customer Opportunities. We process your Personal Data to assess new potential customer opportunities to the extent that it is in our legitimate business interests, where you are a customer of ours;
- Marketing Communications. We will process your Personal Data or device and usage data to conduct market research – send you marketing information, product recommendations and other non-transactional communications about us and partners, including information about our products, promotions or events as necessary for our legitimate interests, where you are our customer or you have expressed an interest in our goods or services, or where you have consented to this (if required be law).
- Managing Events, Contests or Promotions. If you register for an event, contest or promotion, we process your Personal Data to perform our contract, which includes sending related communications to you;
- Registering Office Visitors. We process Personal Data of customers and prospective customers for security reasons, to register you as a visitor to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for compliance with our legal obligations and for our legitimate business interests; and
- Legal Obligations. We process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or is necessary for our legitimate business interests.
- DISCLOSURE AND SHARING.
- Service Providers. With our contracted service providers, who provide services such as IT and system administration, hosting, help desk, CRM, marketing automation, including: AWS (if you need more specific information, please contact firstname.lastname@example.org );
- Your Affiliates. If you use our services as a user, we may share your Personal Data with your affiliated customer responsible for your access to the services to the extent this is necessary for verifying accounts and activity, investigating suspicious activity, or enforcing our terms and policies;
- Our Affiliates. With affiliates within our corporate group, to the extent such sharing of data is necessary to fulfill a request you have submitted via our websites or for customer support, marketing, technical operations and account management purposes of fulfilling our contractual obligations to you;
- Event Sponsors. If you attend a physical or online event or contest organized by us, or download or access content, we may share your Personal Data with sponsors of the event. If required by applicable law, you may consent to such sharing via the registration form or by allowing your attendee badge to be scanned at a sponsor booth. In these circumstances, your information will be subject to the sponsors’ privacy statements;
- Third party networks and websites. With third-party social media networks, advertising networks and websites, so that we can market and advertise on third party platforms and websites (e.g. Google, Twitter, LinkedIn, Facebook);
- Professional Advisers. In individual instances, we may share your Personal Data with professional advisers acting as service providers, processors, or joint controllers – including lawyers, bankers, auditors, and insurers based in countries in which we operate, and to the extent we are legally obliged to share or have a legitimate business interest in sharing your Personal Data;
- Change in Ownership. To a successor, if we are involved in a merger, reorganization, or other corporate change, or sell a business unit, or a significant portion of our business. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party;
- Anonymous and Aggregated. We use drive data to look at driving trends, such as how often people drive distracted, which cities/states have the highest prevalence of speeding, or how the average length or distance of trips change around holidays, etc. There is no PII involved – everything is not only anonymized, but that data like name, address, age, gender, etc., isn’t even accessible. We may also share anonymous and aggregated usage data in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our services. Such anonymous and aggregated usage data does not contain any Personal Data; and
- Legal Requirements. We may be required by law to disclose your Personal Data, or in order to enforce or legal agreements, or to protect our rights, property, safety, our customers or others, and we will try to take steps to limit any such disclosure.
- YOUR RIGHTS AS A DATA SUBJECT IN THE EU.
- Data Subject Rights. If you are a “Data Subject” in the European Economic Area, (EEA), the UK or Switzerland, (together Europe) and we collect or you provide us with any Personal Data as that term is defined under the General Data Protection Regulation (GDPR), the following applies:
- You can ask us what Personal Data we hold, about you, and you can ask us to access it, have a copy of it, correct it if it is inaccurate, restrict the processing of it, object to the processing of it, erase it or withdraw your consent to us processing it, under certain circumstances.
- When you register on our service, your Personal Data will be stored outside of Europe on our servers in the United States. If we further transfer this Personal Data, it will be transferred to a Sub-processor that: (i) is located in a third country or territory recognised by the EU Commission to have an adequate level of protection; or (ii) we have entered into Standard Contractual Clauses with; or (iii) has other legally recognized appropriate safeguards in place. By submitting your Personal Data, you agree to this transfer, storing or processing of your personal data outside of Europe.
- We will send you marketing emails if you “opt in” to receive marketing emails when registering to use our website, mobile app or service, or if you have enquired about, or purchased any of our goods or services. Please note that, if you change your mind about being sent marketing emails you can “opt out” at any time by clicking the “unsubscribe” link at the bottom of any marketing email. Once you “opt out”, you will no longer receive any marketing emails from us. We will continue to communicate with you regarding your service billing and support via email.
- Data Controller. Cambridge Mobile Technology Inc. of 314 Main Street Cambridge, MA 02142, USA is the data controller for the purposes of the GDPR.
- Please note that we have a data protection officer (DPO) who can be contacted as follows: email@example.com
- EU and UK Representative. If you are based in Europe please feel free to contact us via our EU/UK Representative DataRep in the country in which you reside at:
- YOUR RIGHTS IF YOU ARE A “CONSUMER” UNDER THE LAWS OF THE STATE OF CALIFORNIA
- If you are a “Consumer” and any Personal Data that we collect falls under the definition of “personal information” as that term is defined under the California Consumer Privacy Act (CCPA), the following applies:
- You can ask us what personal data we hold about you, the source of the information, the use of your personal information, and you can ask us to access it, to have a copy of it, and to erase it, under certain circumstances (a “personal information request”) that was collected about you during the 12 months before your personal information request.
- You can ask us if the information was disclosed to third parties, the categories of personal information disclosed to third parties and the categories of third parties to whom such information was disclosed.
- To exercise your rights regarding your personal information by email, mail, or phone, please use the contact information provided at the bottom of this policy. When you make a personal information request, we will need to collect information from you so that we can verify your identity, and we will respond to all legitimate requests within 45 days.
- You have the right not to be discriminated against because of exercising any of your rights under the CCPA.
- No Sale. We do not sell your Personal Data to any third parties.
- OTHER TERMS.
Automated Decision Making. To conduct business and provide services to our customers with the CMT “branded” mobile application App for the purposes of free initial trials, CMT may utilize algorithms defined as automated decision making under Article 22 of the General Data Protection Regulation (GDPR). This processing is considered:
necessary for performance of a contract between the controller and the individual; and/or
where the controller has obtained the individual’s explicit consent
CMT has implemented physical and technical safeguards to protect personal data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. These measures also include controls to provide all individuals using the CMT “branded” mobile application with the following rights:
Access your personal data;
Rectification or deletion of your personal data;
A restriction on the processing of your personal data;
Object to the processing of your personal data;
A transfer of your personal data (data portability)
to obtain human intervention by CMT;
to express your view on the automated decision;
and to contest the automated decision.
- Industry Standard Security. While we use industry standard security measures to protect against the loss, misuse, and alteration of the Personal Data under our control, there is no guarantee that it cannot be compromised. We have aligned our Information Security Management System with ISO 27001 standards and is audited against the framework on an annual basis.
- No Children. We do not intentionally gather Personal Data about visitors who are under the age of 16. Our website, the CMT branded mobile app and the services are not intended for and shall not be used by anyone under the age of 18.
- Links to Third Party Sites. Our services and website may contain links to other sites and services, which are owned and controlled by others. These third-party websites have their own policies regarding privacy, and you should review those policies.
- App Privacy Details on the App Store. The following information applies only to CMT’s DriveWell branded mobile application (and not to mobile applications with customer branding or a customer’s mobile app that is integrated with CMT’s backend telematics service).
- As of December 8, 2020, CMT is required to provide information about our app’s privacy practices as part of the Apple App Store.
- This is intended to assist users in understanding an app’s privacy practices before they download the app on any Apple platform.
- The following data may be collected and linked to your identity.
- This information is not used for tracking* purposes:
- Contact Info – Email
- Health & Fitness – Fitness (Motion)
- Location – Precise
- User Content – Photos or Videos
- Identifiers – User ID and Device ID
- Usage Data – Product Interaction
- Diagnostics – Crash Data
- Other Data
*Apple defines tracking as: linking data collected about a user or device with third-party data for advertising, advertising measurement purposes, or sharing data about a user or device with a data broker.
– When you use the App or Services CMT will collect information about your driving style and habits, such as location, speed, acceleration, braking and cornering and combine this with weather, traffic, time of day and other contextual data. Such use is based upon you giving explicit consent to this profiling when registering to use the App or Services. When you use the App or Services CMT will collect information about your driving style and habits, such as location, speed, acceleration, braking and cornering and combine this with weather, traffic, time of day and other contextual data. This also includes your GPS coordinates. Such use is based upon you giving explicit consent to this profiling when registering to use the App or Services.