Cambridge Mobile Telematics, Inc. (CMT) takes your privacy seriously. This policy explains how we collect, use, and protect Personal Data submitted and collected by our website located at www.cmtelematics.com and through CMT-branded mobile applications.
This Policy Only Applies to the Processing or Collection of Personal Data
Personal Data means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
Role as Controller
Role as Processor
If you are enrolled in a telematics program with one of our customers (insurance company, etc.), you must contact them (and not CMT) regarding privacy issues and to exercise any of your privacy rights.
2. Processing Activities Covered
3. Data Collection
A. Personal Data We Collect Directly from You
The Personal Data we collect directly from you may include identifiers, commercial information, and internet activity information, among others.
We may collect such information in the following situations:
B. Personal Data We Collect Directly from Other Sources
We also collect information from other sources including third parties (from whom we may purchase Personal Data and from publicly available information). We may combine this information with Personal Data provided by you.
We collect such Personal Data from these sources: Third-party providers of business contact email addresses, IP addresses, social media profiles, LinkedIn URLs, and custom profiles, for purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility, and verifying contact information.
C. Use of Tracking Technologies and Cookies
We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons, pixels, and similar technologies to automatically collect information that may contain Personal Data as you navigate our websites, our services, or interact with emails we have sent to you.
Automatically When You Visit Our Sites
This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider and/or mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites.
This information is used to analyze overall trends, help us provide and improve our websites, offer a tailored experience for website users, and secure and maintain our websites.
Automatically (as a Controller) as Part of Our Cloud Services
This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server), mobile device number, device and application identification numbers, location, browser type, Internet service provider or mobile carrier, the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system and system configuration information and date and time stamps associated with your usage.
This information is used to maintain the security of the services, to provide necessary functionality, to improve the performance of the services, to assess and improve customer and user experience of the services, to review compliance with applicable usage terms, to identify future opportunities for the development of the services, to assess capacity requirements, and to identify customer opportunities.
Some data collected by the services, whether alone or in conjunction with other data, could be personally identifiable to you. Please note that this data is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers.
We use technologies, such as cookies, to gather information about the use of our websites and how people interact with our emails.
When you visit our websites, we, or an authorized third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer browsing preferences, and improve and customize your browsing experience.
In many cases, you may opt-out of the collection of non-essential device data on your web browser by managing your cookies at the browser or device level.
Notices on Behavioral Advertising and Opt-Out for Website Visitors
We or one of our authorized partners may place or read cookies on your device when you visit our websites to serve you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”). To learn more about targeted advertising and advertising networks please visit the opt-out pages of the Network Advertising Initiative at https://optout.networkadvertising.org/ and the Digital Advertising Alliance at https://optout.aboutads.info/.
To manage the use of targeting and advertising cookies on this website, click the Cookie Preferences link in the footer of the page or consult your browser settings for cookies.
Do Not Track
While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform. Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our websites.
4. Purposes for Processing and Legal Basis
We rely on the following authorized legal basis to collect and process your Personal Data, unless consent is required by law, for the purposes in the chart below:
- To fulfill our contractual obligations to you
- To comply with our legal obligations
- Legitimate business purpose/interest
5. Disclosure and Sharing
CMT does not sell your Personal Data. For specific information, or to ask questions of our privacy team, please contact us at email@example.com.
We may share your Personal Data as follows:
A. Service Providers
Our contracted service providers, who provide services such as IT and system administration, help desk, CRM, marketing automation, cloud-hosting, and deploying emergency medical services and tow services for our crash-detection offerings.
B. Customers of CMT.
If you are invited to use our services or mobile app by a CMT customer (for example, auto insurance company), we may share your Personal Data with such customer to the extent this is necessary for verifying accounts and activity, performing under a contract, investigating suspicious activity, or enforcing our terms and policies.
C. Our Affiliates
With affiliates within our corporate group, to the extent such sharing of data is necessary to fulfill a request you have submitted via our websites or for customer support, marketing, technical operations, and account management purposes of fulfilling our contractual obligations to you.
D. Event Sponsors
If you attend a physical or online event or contest organized by us, or download or access content, we may share your Personal Data with sponsors of the event. If required by applicable law, you may consent to such sharing via the registration form or by allowing your attendee badge to be scanned at a sponsor booth. In these circumstances, your information will be subject to the sponsors’ privacy policies.
E. Third-party Networks and Websites
With market our services to you on third-party social media networks, advertising networks, websites, and third-party platforms (e.g., Google, Twitter, LinkedIn, and Facebook), and assess the performance of our marketing efforts.
F. Professional Advisers
In individual instances, we may share your Personal Data with professional advisers acting as service providers, processors, or joint controllers – including lawyers, bankers, auditors, and insurers based in countries in which we operate, and to the extent, we are legally obliged to share or have a legitimate business interest in sharing your Personal Data.
G. Change in Ownership
To a successor, if we engage in a merger, reorganization, or other corporate change, or sell a business unit, or a significant portion of our business. By applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.
H. Anonymous and Aggregated
We use driving data to look at driving trends, such as how often people drive distracted, which cities/states have the highest prevalence of speeding, or how the average length or distance of trips changes around holidays, etc. CMT de-identifies your Personal Data to the extent that it cannot be reasonably re-associated with you. Where possible, data is not only anonymized but data such as name, address, age, gender, etc., is made inaccessible. We may also share anonymous and aggregated usage data in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our services. In cases where the results of these processing activities are shared with third parties, such anonymous and aggregated data does not contain any of your Personal Data.
I. Legal Requirements
We may be required by law or legal process to disclose your Personal Data, to enforce our legal agreements, or to protect our rights, property, safety, our customers, or others, and we will try to take steps to limit any such disclosure.
We may retain your Personal Data for a period consistent with the original purpose of collection (see Section 4 above) or if required to fulfill our legal obligations. We determine the appropriate retention period for Personal Data based on the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorized use or disclosure of the Personal Data, the need to maintain and improve our technology, whether we can achieve the purposes of the processing through other means and based on applicable legal requirements (such as applicable statutes of limitation).
After the expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.
7. Your Rights Relating to Your Personal Data
A. Your Rights
You may have certain rights relating to your Personal Data, subject to data protection laws that apply to you based on your residency (whether the GDPR or a US State Data Protection Law). Depending on the applicable laws these rights may include the right to:
- Access your Personal Data held by us;
- Know more about how we process your Personal Data;
- Rectify inaccurate Personal Data and, considering the purpose of processing the Personal Data, ensure it is complete;
- Erase or delete your Personal Data;
- Restrict our processing of your Personal Data;
- Transfer your Personal Data to another controller, to the extent possible;
- Object to any processing of your Personal Data;
- Opt-out of certain disclosures of your Personal Data to third parties;
- Know what categories of Personal Data are shared for delivering advertisements on non-CMT websites, applications, and services and the categories of recipients of such Personal Data;
- Opt-out of the sharing of your Personal Data for delivering advertisements on non-CMT websites, applications, and services;
- Withdraw your consent at any time (to the extent we base processing on consent), without affecting the lawfulness of the processing based on such consent before its withdrawal; and
- Not be discriminated against for exercising your rights as described above.
Where we process your Personal Data for our direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.
B. How to Exercise Your Rights
To exercise your rights, please contact us by email at firstname.lastname@example.org, or by phone at 800-941-7177. Your Personal Data may be processed in response to these rights. We try to respond to all legitimate requests within 45 days unless otherwise required by law. We will contact you if we need additional information to honor your request or verify your identity.
To exercise your rights as they pertain to driving or vehicle information, CMT must be able to identify you in our system. To do this, we need to know which CMT mobile application you have used and if you registered with us, the email address and phone number used to sign up.
C. Your Rights Relating to Customer Data
8. Your Rights as a Data Subject in the European Union
If you are a “Data Subject” in the European Economic Area, (EEA), the UK, or Switzerland, (together Europe) and we collect or you provide us with any Personal Data as that term is defined under the General Data Protection Regulation (GDPR) or UK equivalent, the following applies:
A. Data Subject Rights
Data Requests. You can ask us what Personal Data we hold, about you, and you can ask us to access it, have a copy of it, correct it if it is inaccurate, restrict the processing of it, object to the processing of it, erase it or withdraw your consent to us processing it, under certain circumstances.
Storage Outside the EU. When you register for our service, your Personal Data will be stored outside of Europe on our servers in the United States. If we further transfer this Personal Data, it will be transferred to a Sub-processor that: (i) is located in a third country or territory recognized by the EU Commission to have an adequate level of protection; (ii) we have entered into Standard Contractual Clauses with; or (iii) has other legally recognized appropriate safeguards in place. By submitting your Personal Data, you agree to this transfer, storing, or processing of your Personal Data outside of Europe.
Opt-Out Process. We will send you marketing emails if you “opt-in” to receive marketing emails when registering to use our website, mobile app, or service, or if you have enquired about, or purchased any of our goods or services. Please note that, if you change your mind about being sent marketing emails you can “opt-out” at any time by clicking the “unsubscribe” link at the bottom of any marketing email. Once you “opt-out,” you will no longer receive any marketing emails from us. We will continue to communicate with you regarding your service billing and support via email.
B. Data Controller
Cambridge Mobile Technology Inc. of 314 Main Street Cambridge, MA 02142, USA is the data controller for the GDPR. Please note that we have a data protection officer (DPO) who can be contacted as follows: email@example.com CMT’s lead supervisory authority is the Hungarian Data Protection Authority. CMT utilizes DataRep for UK representation.
9. International Transfer of Personal Data
CMT ensures any transfers of personal data to a third country or an international organization are subject to appropriate safeguards by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR). Where required by applicable law, we will only share, transfer, or store your Personal Data outside of your jurisdiction with your prior consent.
10. Your Rights as a Resident of California, Colorado Connecticut, Virginia, and Utah
A. Coverage. This section applies to you only if you are a natural person and live in California, Colorado, Connecticut, Virginia, or Utah. We use this notice to make disclosures required by these state laws. Please note that the rules implementing some of these laws have not yet been finalized. We are continuously working to better comply with these laws, and we will update our processes, disclosures, and this notice as these implementing rules are finalized.
B. No Sale of Personal Data. CMT does not sell Personal Data. We may allow third parties to collect Personal Data from our sites or services if those third parties are authorized service providers who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Data, or if you use sites or services to interact with third parties or direct us to disclose your Personal Data to third parties.
C. Exercise Rights. Selected state laws grant their residents certain rights, which may include the rights to know and access specific types of Personal Data, to learn how we process Personal Data, to request deletion of Personal Data, to request correction of Personal Data, to opt-out of sharing your Personal Data for third party advertising purposes, and not to be denied goods or services for exercising these rights. To exercise your rights regarding your Personal Data, please see Section 7.b.
11. Other Terms
A. Automated Decision Making
To conduct business and provide services to our customers with the CMT-branded mobile applications, CMT may utilize algorithms defined as automated decision-making under Article 22 of the General Data Protection Regulation (GDPR).
This processing is considered:
- Necessary for the performance of a contract between the controller and the individual;
- Where the controller has obtained the individual’s explicit consent; or
- CMT has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. These measures also include controls to provide all individuals using the CMT-branded mobile applications with the following rights:
- To access your Personal Data;
- To rectify or delete your Personal Data;
- To restrict the processing of your Personal Data;
- To object to the processing of your Personal Data;
- To transfer your Personal Data (data portability)
- To obtain human intervention by CMT;
- To express your view on the automated decision; and
- To contest the automated decision.
B. Industry Standard Security
While we use industry-standard security measures to protect against the loss, misuse, and alteration of the Personal Data under our control, there is no guarantee that it cannot be compromised. We have aligned our Information Security Management System with ISO 27001 standards and are audited against the framework on an annual basis.
C. For CMT-Branded Mobile Applications.
Mobile Application Privacy Details
The following information applies only to CMT-branded mobile applications (including without limitation, the DriveWell Go app and OpenRoad app (and not to mobile applications with customer branding)).
- As of December 8, 2020, CMT is required to provide information about our mobile application’s privacy practices as part of the Apple App Store.
- This is intended to assist users in understanding an app’s privacy practices before they download the mobile application on any Apple platform.
- The data below may be collected and linked to your identity. This information is not used for tracking* purposes:
- Contact Info – Email
- Health & Fitness – Fitness (Motion)
- Location – Precise
- User Content – Photos or Videos
- Identifiers – User ID and Device ID
- Usage Data – Interaction
- Diagnostics – Crash Data
- Other Data
*Apple defines tracking as: linking data collected about a user or device with third-party data for advertising, advertising measurement purposes, or sharing data about a user or device with a data broker.
Google Permissions Declarations
We do not intentionally gather Personal Data about visitors who are under the age of 16.
E. No Contractual Rights
F. Links to Third Party Sites
Our services and website may contain links to other sites and services owned and controlled by others. These third-party websites have privacy policies, and you should review those policies.
G. Revisions to this Policy