Cambridge Mobile Telematics Inc (“CMT”) are committed to protecting and respecting your privacy.
2. Guiding Privacy Principles
- CMT only collects and maintains the minimum amount of data necessary to provide the services CMT offers
- CMT does not sell any customer information
- CMT does not share customer information with third parties unless expressly authorized by the customer – and then only as part of providing CMT’s services, or required by law
- CMT handles all collected data in the same uniform fashion – for prospective, current or former customers
- CMT maintains physical, procedural and technological controls to protect customer information and to comply with international privacy laws and regulations.
3. Data Controller
Cambridge Mobile Telematics Inc. of 314 Main Street, Cambridge, MA 02142, USA is the data controller of your personal data when it collects data from individuals employed by CMT’s customers or partners who register to use the Services or from individuals who register directly with CMT to use the App. In all other circumstances CMT is not a data controller but a data processor of its customers and partners, who are data controllers and who collect personal data from individuals using the Services or App.
4. Legal Basis for Processing
CMT collects and uses the personal data described below in order to provide you with access to our App and Services in a reliable and secure manner. We also collect and use personal data:
- For our legitimate business needs;
- To fulfill our contractual obligations to you;
- To comply with our legal obligations.
5. Collection of Information
CMT provides various solutions to its customers and partners and collects personal data from the individual users of its partners and customers when they use the website, personal data is collected from users when they purchase products, use the Services or App register on our website, log-in to their account, complete surveys, request information, fill in forms or correspond with us by phone, email or otherwise or report a problem with the App or Services.
Information you provide
The information you give us may include your name, user name, password, address, email address, telephone number, title, company name, and any additional information you choose to provide. Such information is requested from you when you create an account as it is necessary to enable the website, App, or Services to function in accordance with the terms of our agreement with you.
Information we collect
The information that CMT collects from you may vary based on your interaction with our website, Services or App. CMT may collect the following information:
- Each time you visit the website. Our server collects technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, user name, date, time and files accessed, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform. These access logs are kept for a reasonable period of time;
- When you use the App or Services CMT will collect information about your driving style and habits, such as location, speed, acceleration, braking and cornering and combine this with weather, traffic, time of day and other contextual data. Such use is based upon you giving explicit consent to this profiling when registering to use the App or Services.
CMT does not collect personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data.
7. Use of Information
We use information held about you in the following ways.
Information you provide
We will use this information:
- To carry out our obligations arising from any contracts entered into between you and us (including managing transactions, reporting, invoices, renewals, and other operations related to providing services to you);
- To provide you with the information, products and services that you request from us;
- To maintain, support, deliver and provide you with requested products and Services;
- To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- To notify you about changes to our website, App or Services;
- To ensure that content from our website and Services is presented in the most effective manner for you and for your computer.
- To satisfy governmental reporting, tax, and other requirements (e.g., import/export rules).
Information we collect
We will use this information:
- To profile and analyze the driving habits of users and create a personalized driving score for each user;
- To create aggregated statistics on all users of the Service and App;
- To administer our website, App or Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To inform you about scheduled website or Services downtimes and new features;
- To improve our website, App or Services to ensure that content is presented in the most effective manner for you and your computer;
- For the purposes of performance, usability, site administration, security reviews, and to help improve the experience of visitors to our website;
- To allow you to participate in interactive features of our website, App or Services, when you choose to do so;
- As part of our efforts to keep our website, App or Services safe and secure;
8. Disclosure of Information
CMT also may disclose personal data for other purposes or to other third parties where you have explicitly consented to this on registering to use the App or Services.
Please be aware that CMT may be required to disclose personal data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. CMT is liable for appropriate onward transfers of personal data to third parties.
Information we share with third parties
- In addition, CMT may provide anonymous application or website usage data to analytics and search engine providers that assist us in the improvement and optimization of our website and applications.
- Analytics and search engine providers that assist us in the improvement and optimization of our website;
Information we disclose to third parties
We may disclose your personal data to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- If we or a member of our group of companies or substantially all of their assets are acquired by a third party, in which case personal data held by them about their customers will be one of the transferred assets;
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Mobile App License Agreement, and/or any other agreements; or to protect the rights, property or safety of CMT, our users, Customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Notification of Disclosures
Except as set out above, you will be notified when your personal data may be shared with or disclosed to third parties.
Information you post on our website
Our website or Services may provide you with opportunities to post comments and identifying information, such as to our blog. When you post to the blog, this information may appear in public ways, such as through search engines or other publicly available platforms and may be “crawled” or searched by third parties. Please do not post any information that you are not comfortable revealing to the public at large.
CMT respects your privacy and has no desire to contact you if you do not wish to hear from us. If, for any reason, you wish to cease receiving messages from CMT, please send an email to firstname.lastname@example.org with a subject line of “Unsubscribe”, including any other details that will help us fulfill your request. You may also click on the “unsubscribe” link at the footer of any email you receive from CMT.
9. Protection of Information
Security and Privacy Group
CMT uses reasonable efforts to maintain the accuracy and integrity of personal data and to update it as appropriate. CMT has implemented physical and technical safeguards to protect personal data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored personal data is stored on a secure network with firewall protection, and access to CMT’s electronic information systems requires user authentication via password or similar means. CMT also employs access restrictions, limiting the scope of employees who have access to personal data.
All information you provide to us is stored on our secure servers. CMT uses secure encryption technology to protect certain categories of personal data. Any credit card information or payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the website or Services, you are responsible for keeping this password confidential. We ask you not to share any password with anyone.
Despite these precautions, the transmission of information via the Internet is not completely secure. Although CMT will endeavor to protect your personal data, we cannot guarantee the security of your data. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
10. Links to other websites
Our website and the Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
11. Accessing Information
CMT personnel may access and use personal data only if they are authorized to do so and only for the purpose for which they are authorized.
Our website, the App and the Services are not intended for and shall not be used by anyone under the age of 18
13. Right to Access or Rectify Information
You have the right to know what personal data CMT holds about you to ensure that such personal data is accurate and relevant for the purposes for which CMT collected it. You may review your own personal data stored in the databases and correct, erase, or block any personal data that is incorrect, as permitted by applicable law and CMT policies. You may edit your personal data by logging into your account profile or by contacting CMT by email at email@example.com. In making modifications to your personal data, you must provide only truthful, complete, and accurate information.
14. Users located within the EU
You have the right to request:
- Access to your personal data;
- Rectification or deletion of your personal data;
- A restriction on the processing of your personal data;
- Object to the processing of your personal data;
- A transfer of your personal data (data portability).
Where we store Information
The Services are global and your information (including personal data) may be stored and processed in any country where CMT has operations or where we engage service providers, and we may transfer your information to countries outside of your country of residence, which may have data protection rules that are different from those of your country of residence.
The personal data that we collect from you may therefore be transferred to, and stored at, a destination outside the European Economic Area (“EEA“). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or partners. Such staff or subcontractors maybe engaged in, among other things, the fulfillment of your order, the processing of your payment details or the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing outside of the EEA.
Our website, App and Services are accessible via the internet and may potentially be accessed by anyone around the world. Other users may access the website, App or Services from outside the EEA. This means that where you chose to post your data on our website or in the Services, it could be accessed from anywhere around the world and therefore a transfer of your data outside of the EEA may be deemed to have occurred. You consent to such transfer of your data for and by way of this purpose.
Where we process your personal data for marketing purposes, we will inform you and obtain your opt in consent (before collecting your personal data) if we intend to use your personal data for such purposes or if we intend to disclose your information to any third party for such purposes. If you change your mind about being contacted in the future, please opt out by clicking the “unsubscribe” link at the bottom of any email. Once you do this, you will no longer receive any marketing emails from us. We will continue to communicate with you regarding your service billing and support via email.
We send push notifications from time to time in order to update you about any service updates, phone settings issues, events and promotions we may be running. If you no longer wish to receive these communications, please disable these in the settings on your device.
We retain personal data for as long as necessary for the relevant activity for which it was provided or collected. This will be for as long as we provide access to the website, App or Services to you, your account with us remains open or any period set out in any relevant contract you have with us. However, we may keep some data after your account is closed or you cease using the website, App or Services for the purposes set out below.
After you have closed your account or ceased using the Services for a period of at least 90 days, we usually delete personal data, however we may retain personal data where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our Mobile App License Agreement,, or fulfill your request to “unsubscribe” from further messages from us.
We will retain de-personalized information after your account has been closed.
Please note: After you have closed your account or deleted information from your account, any information you have shared with others will remain visible. We do not control data that other users may have copied from the Services. Your profile may continue to be displayed in the services of others (e.g. search engine results) until they refresh their cache.
15. EU – US Privacy Shield
Right to Access, Change or Delete personal data
Upon reasonable request and as required by the Privacy Shield principles, CMT allows you to access your personal data, in order to correct or amend such data where inaccurate.
To request erasure of personal data, you should submit a written request to CMT.
Requests for Personal Data
CMT will track each of the following and will provide notice to the appropriate parties under law and contract where:
- A legally binding request for disclosure of personal data is made by a law enforcement authority, unless prohibited by law or regulation; or
- Requests are received from a user.
Satisfying Requests for Access, Modifications, and Corrections
CMT will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate personal data.
To learn more about the Privacy Shield program, and to view our certification page, please visit: www.privacyshield.gov
The Federal Trade Commission (FTC) has jurisdiction with enforcement authority over CMT’s compliance with the Privacy Shield.
Renewal / Verification
CMT will renew its US-EU Privacy Shield and Swiss-US Privacy Shield certifications annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.
Prior to the re-certification, CMT will conduct an in-house verification to ensure that its attestations and assertions about its treatment of personal data are accurate and that CMT has appropriately implemented these practices. Specifically, as part of the verification process, CMT will undertake the following:
- Confirm that users are made aware of the process for addressing complaints and any independent dispute resolution process (CMT may do so through its publicly posted website, Individual customer contract, or both;
- Review its processes and procedures for training CMT employees about CMTs participation in the Privacy Shield programs and the appropriate handling of personal data;
- CMT will prepare an internal verification statement on an annual basis.
In compliance with the US-EU and Swiss-US Privacy Shield Principles, CMT commits to resolve complaints about your privacy and our collection or use of your personal information. EU and Swiss individuals with questions or concerns about the use of their personal data should contact us at: firstname.lastname@example.org.
If your question or concern cannot be satisfied through this process CMT has further committed to refer unresolved privacy complaints under US-EU Privacy Shield and Swiss-US Privacy Shield to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus, located in the United States and provided to individuals free of charge.
If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed by CMT, EU and Swiss individuals may bring a complaint before the BBB EU Privacy Shield program details of which can be found at: https://www.bbb.org/EU-privacy-shield/file-a-complaint/
Finally, as a last resort and in limited situations, EU and Swiss individuals with unresolved complaints may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
California Consumer Privacy Act
CMT fully meets all provisions of the California Consumer Privacy Act (CCPA), enacted on January 1st, 2020. CMT is wholly committed to remaining transparent about the data we collect, process and store.
Consumer Rights under CCPA
- Right to request access to personal information from CMT, twice per year, at no charge. Access requests will be processed by CMT within 45 days, in a clear and understandable format. CMT will verify the identity of the consumer prior to providing the requested data.
- Right to access personal information that is sold. (Not applicable, as CMT does not sell personal information.)
- Right to request deletion of personal information collected or stored by CMT.
- Right of non-discrimination by CMT for exercising their consumer rights under CCPA.
Personal information collected by CMT in the past 12 months:
CMT typically only collects the following personal information:
- Unique identifiers
- GPS coordinates
- IP address
In certain cases, CMT may collect, process or store other information, based on contractual requirements or direction from CMT customers. In all cases, CMT only collects the minimum amount of personal information necessary to provide the services CMT offers.
CMT collects data from two different sources:
- CMT obtains data from the individual submitting the information. This information is provided by you to CMT when creating an account to use CMT services.
- CMT gathers information based on the individual’s interaction with CMT’s website, application or other services.
Purposes of personal information collection
CMT only collects data when necessary to provide services. All data is used for legitimate business purposes and only the least amount necessary for services is collected. Please reference section 7 above for explicit details on how information is used.
Sale of personal information in the last twelve months
Under no circumstances does CMT sell data. No personal information is disseminated by CMT to third-parties for monetary value. The consumer right to opt-out of data sales does not apply to the nature of CMT’s business. This includes the CCPA provision regarding the sale of data belonging to minors.
California residents may exercise their consumer rights under the CCPA by contacting CMT via the following methods:
- Emailing email@example.com
- Calling (800) 941-7177
By post: Cambridge Mobile Telematics Inc. of 314 Main Street, Cambridge, MA 02142, USA
By email: firstname.lastname@example.org
- App Privacy Details on the App Store
The following information applies only to CMT’s DriveWell branded mobile application (and not to mobile applications with customer branding or a customer’s mobile app that is integrated with CMT’s backend telematics service).
As of December 8, 2020, CMT is required to provide information about our app’s privacy practices as part of the Apple App Store. This is intended to assist users in understanding an app’s privacy practices before they download the app on any Apple platform.
The following data may be collected and linked to your identity. This information is not used for tracking* purposes:
- Contact Info – Email
- Health & Fitness – Fitness (Motion)
- Location – Precise
- User Content – Photos or Videos
- Identifiers – User ID and Device ID
- Usage Data – Product Interaction
- Diagnostics – Crash Data
- Other Data
Apple defines tracking as: linking data collected about a user or device with third-party data for advertising, advertising measurement purposes, or sharing data about a user or device with a data broker.