PRIVACY POLICY

Cambridge Mobile Telematics Inc (“CMT”) are committed to protecting and respecting your privacy.

1. Scope

This privacy policy (“Privacy Policy”) together with our Mobile App License Agreement, and any other documents referred to therein, sets out the basis on which CMT collects personal data from users, or which users provide, when using the CMT app (the “App”) or the services via CMT’s website at www.cmtelematics.com (“Services”) and how such personal data will be stored, processed or shared by CMT. Please read the following carefully to understand our views and practices regarding your personal data and how CMT will treat it. By registering to use the App or Services, clicking the relevant tick boxes prior to installing the App and then using the App and Services, you agree to the practices described in this Privacy Policy.

2. Guiding Privacy Principles

  • CMT only collects and maintains the minimum amount of data necessary to provide the services CMT offers
  • CMT does not sell any customer information
  • CMT does not share customer information with third parties unless expressly authorized by the customer – and then only as part of providing CMT’s services, or required by law
  • CMT handles all collected data in the same uniform fashion – for prospective, current or former customers
  • CMT maintains physical, procedural and technological controls to protect customer information and to comply with international privacy laws and regulations.

3. Data Controller

Cambridge Mobile Telematics Inc. of 101 Main Street, Suite 1400, Cambridge, MA 02142, USA is the data controller of your personal data when it collects data from individuals employed by CMT’s customers or partners who register to use the Services or from individuals who register directly with CMT to use the App. In all other circumstances CMT is not a data controller but a data processor of its customers and partners, who are data controllers and who collect personal data from individuals using the Services or App.

4. Legal Basis for Processing

CMT collects and uses the personal data described below in order to provide you with access to our App and Services in a reliable and secure manner. We also collect and use personal data:

  • For our legitimate business needs;
  • To fulfil our contractual obligations to you;
  • To comply with our legal obligations.

5. Collection of Information

CMT provides various solutions to its customers and partners and collects personal data from the individual users of its partners and customers when they use the website, personal data is collected from users when they purchase products, use the Services or App register on our website, log-in to their account, complete surveys, request information, fill in forms or correspond with us by phone, email or otherwise or report a problem with the App or Services.

Information you provide

The information you give us may include your name, user name, password, address, email address, work telephone number, title, company name, and any additional information you choose to provide. Such information is requested from you when you create an account as it is necessary to enable the website, App, or Services to function in accordance with the terms of our agreement with you.

Information we collect

The information that CMT collects from you may vary based on your interaction with our website, Services or App. CMT may collect the following information:

  • Each time you visit the website. Our server collects technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, user name, date, time and files accessed, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform. These access logs are kept for a reasonable period of time;
  • When you use the App or Services CMT will collect information about your driving style and habits, such as location, speed, acceleration, braking and cornering and combine this with weather, traffic, time of day and other contextual data. Such use is based upon you giving explicit consent to this profiling when registering to use the App or Services.

Sensitive Data

CMT does not collect personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data.

6. Cookies

We use cookies to distinguish you from other users of our website for security and authentication purposes and also to track activity, such as page views and downloads. For further information about the cookies we use, please see our Cookie Policy.

7. Use of Information

We use information held about you in the following ways.

Information you provide

We will use this information:

  • To carry out our obligations arising from any contracts entered into between you and us (including managing transactions, reporting, invoices, renewals, and other operations related to providing services to you);
  • To provide you with the information, products and services that you request from us;
  • To maintain, support, deliver and provide you with requested products and Services;
  • To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
  • To notify you about changes to our website, App or Services;
  • To ensure that content from our website and Services is presented in the most effective manner for you and for your computer.
  • To satisfy governmental reporting, tax, and other requirements (e.g., import/export rules).

Information we collect

We will use this information:

  • To profile and analyze the driving habits of users and create a personalized driving score for each user;
  • To create aggregated statistics on all users of the Service and App;
  • To administer our website, App or Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • To inform you about scheduled website or Services downtimes and new features;
  • To improve our website, App or Services to ensure that content is presented in the most effective manner for you and your computer;
  • For the purposes of performance, usability, site administration, security reviews, and to help improve the experience of visitors to our website;
  • To allow you to participate in interactive features of our website, App or Services, when you choose to do so;
  • As part of our efforts to keep our website, App or Services safe and secure;

8. Disclosure of Information

CMT also may disclose personal data for other purposes or to other third parties where you have explicitly consented to this on registering to use the App or Services.

Please be aware that CMT may be required to disclose personal data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. CMT is liable for appropriate onward transfers of personal data to third parties.

Information we share with third parties

Information about you is an integral part of our business. We neither rent nor sell your personal data to any third party. We will share your personal data only with entities that are controlled by or under common control of CMT, or with third parties who are directly participating in or related to the services being provided by CMT.  In any such case, these third parties will be clearly identified and CMT will obtain your consent prior to sharing any such information.   As an example of cases when such sharing may arise, if you download a safe driving application run by your city, for which CMT provides the driver rating features, CMT may provide driving data to the organization responsible for building and administering that application.    You will have had to review and agree to the sharing and terms of use prior to utilization of the application.

  • In addition, CMT may provide anonymous application or website usage data to analytics and search engine providers that assist us in the improvement and optimization of our website and applications.
  • Analytics and search engine providers that assist us in the improvement and optimization of our website;

Information we disclose to third parties

We may disclose your personal data to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • If we or a member of our group of companies or substantially all of their assets are acquired by a third party, in which case personal data held by them about their customers will be one of the transferred assets;
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Mobile App License Agreement, and/or any other agreements; or to protect the rights, property or safety of CMT, our users, Customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Notification of Disclosures

Except as set out above, you will be notified when your personal data may be shared with or disclosed to third parties.

Information you post on our website

Our website or Services may provide you with opportunities to post comments and identifying information, such as to our blog. When you post to the blog, this information may appear in public ways, such as through search engines or other publicly available platforms and may be “crawled” or searched by third parties. Please do not post any information that you are not comfortable revealing to the public at large.

Unsubscribing

CMT respects your privacy and has no desire to contact you if you do not wish to hear from us. If, for any reason, you wish to cease receiving messages from CMT, please send an email to privacy@cmtelematics.com with a subject line of “Unsubscribe”, including any other details that will help us fulfill your request. You may also click on the “unsubscribe” link at the footer of any email you receive from CMT.

9. Protection of Information

Security and Privacy Group

CMT has designated the security and privacy group to oversee its information security program, including its compliance with the EU and Swiss Privacy Shield Frameworks. The security and privacy group shall review and approve any material changes to this Privacy Policy as necessary. CMT will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the personal data that it collects. CMT personnel will receive training, as applicable, to effectively implement this Privacy Policy.

Security

CMT uses reasonable efforts to maintain the accuracy and integrity of personal data and to update it as appropriate. CMT has implemented physical and technical safeguards to protect personal data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored personal data is stored on a secure network with firewall protection, and access to CMT’s electronic information systems requires user authentication via password or similar means. CMT also employs access restrictions, limiting the scope of employees who have access to personal data.

All information you provide to us is stored on our secure servers. CMT uses secure encryption technology to protect certain categories of personal data. Any credit card information or payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the website or Services, you are responsible for keeping this password confidential. We ask you not to share any password with anyone.

Despite these precautions, the transmission of information via the Internet is not completely secure. Although CMT will endeavor to protect your personal data, we cannot guarantee the security of your data. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

10. Links to other websites

Our website and the Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

11. Accessing Information

CMT personnel may access and use personal data only if they are authorized to do so and only for the purpose for which they are authorized.

12. Children

Our website, the App and the Services are not intended for and shall not be used by anyone under the age of 18

13. Right to Access or Rectify Information

You have the right to know what personal data CMT holds about you to ensure that such personal data is accurate and relevant for the purposes for which CMT collected it. You may review your own personal data stored in the databases and correct, erase, or block any personal data that is incorrect, as permitted by applicable law and CMT policies. You may edit your personal data by logging into your account profile or by contacting CMT by email at privacy@cmtelematics.com. In making modifications to your personal data, you must provide only truthful, complete, and accurate information.

14. Users located within the EU

The following section only applies to personal data of users located in the European Union. The European Union shall for the purposes of this Privacy Policy include the UK.

Your rights

You have the right to request:

  • Access to your personal data;
  • Rectification or deletion of your personal data;
  • A restriction on the processing of your personal data;
  • Object to the processing of your personal data;
  • A transfer of your personal data (data portability).

You can make a request in relation to any of the above rights by contacting CMT as set out at the end of this Privacy Policy. We will respond to such queries within 30 days and deal with requests we receive from you, in accordance with the provisions of applicable data protection law.

Where we store Information

The Services are global and your information (including personal data) may be stored and processed in any country where CMT has operations or where we engage service providers, and we may transfer your information to countries outside of your country of residence, which may have data protection rules that are different from those of your country of residence.

The personal data that we collect from you may therefore be transferred to, and stored at, a destination outside the European Economic Area (“EEA“). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or partners. Such staff or subcontractors maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details or the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing outside of the EEA.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. In particular, this means that your personal data will only be transferred to a country that provides an adequate level of protection (for example, where the European Commission has determined that a country provides an adequate level of protection) or where the recipient is bound by standard contractual clauses according to conditions provided by the European Commission (“EU Model Clauses”).

Our website, App and Services are accessible via the internet and may potentially be accessed by anyone around the world. Other users may access the website, App or Services from outside the EEA. This means that where you chose to post your data on our website or in the Services, it could be accessed from anywhere around the world and therefore a transfer of your data outside of the EEA may be deemed to have occurred. You consent to such transfer of your data for and by way of this purpose.

Consent

You have the right to withdraw your consent to us processing your personal data, at any time, by writing to us at the contact address given at the end of this Privacy Policy.

Where we process your personal data for marketing purposes, we will inform you and obtain your opt in consent (before collecting your personal data) if we intend to use your personal data for such purposes or if we intend to disclose your information to any third party for such purposes. If you change your mind about being contacted in the future, please opt out by clicking the “unsubscribe” link at the bottom of any email. Once you do this, you will no longer receive any marketing emails from us. We will continue to communicate with you regarding your service billing and support via email.

We send push notifications from time to time in order to update you about any service updates, events and promotions we may be running. If you no longer wish to receive these communications, please disable these in the settings on your device.

Data Retention

We retain personal data for as long as necessary for the relevant activity for which it was provided or collected. This will be for as long as we provide access to the website, App or Services to you, your account with us remains open or any period set out in any relevant contract you have with us. However, we may keep some data after your account is closed or you cease using the website, App or Services for the purposes set out below.

After you have closed your account or ceased using the Services for a period of at least 90 days, we usually delete personal data, however we may retain personal data where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our Mobile App License Agreement,, or fulfil your request to “unsubscribe” from further messages from us.

We will retain de-personalized information after your account has been closed.

Please note: After you have closed your account or deleted information from your account, any information you have shared with others will remain visible. We do not control data that other users may have copied from the Services. Your profile may continue to be displayed in the services of others (e.g. search engine results) until they refresh their cache.

Complaints

If you have any complaints about our use of your personal data please contact us as set out at the end of this Privacy Policy or contact our supervisory authority.

15. EU – US Privacy Shield

Right to Access, Change or Delete personal data

Upon reasonable request and as required by the Privacy Shield principles, CMT allows you to access your personal data, in order to correct or amend such data where inaccurate.

To request erasure of personal data, you should submit a written request to CMT.

Requests for Personal Data

CMT will track each of the following and will provide notice to the appropriate parties under law and contract where:

  • A legally binding request for disclosure of personal data is made by a law enforcement authority, unless prohibited by law or regulation; or
  • Requests are received from a user.

Satisfying Requests for Access, Modifications, and Corrections

CMT will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate personal data.

CMT respects consumer concerns about privacy. We comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data transferred from the European Union and/or Switzerland to the United States. CMT has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

To learn more about the Privacy Shield program, and to view our certification page, please visit: www.privacyshield.gov

The Federal Trade Commission (FTC) has jurisdiction with enforcement authority over CMT’s compliance with the Privacy Shield.

Renewal / Verification

CMT will renew its US-EU Privacy Shield and Swiss-US Privacy Shield certifications annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.

Prior to the re-certification, CMT will conduct an in-house verification to ensure that its attestations and assertions about its treatment of personal data are accurate and that CMT has appropriately implemented these practices. Specifically, as part of the verification process, CMT will undertake the following:

  • Review this Privacy Policy to ensure that it accurately describe the practices regarding the collection of personal data:
  • Ensure that the publicly posted Privacy Policy informs users of CMT’s participation in the US EU Privacy Shield and US Swiss Privacy Shield programs and where to obtain a copy of additional information (e.g., a copy of this Privacy Policy);
  • Ensure that this Privacy Policy continues to comply with the Privacy Shield principles;
  • Confirm that users are made aware of the process for addressing complaints and any independent dispute resolution process (CMT may do so through its publicly posted website, Individual customer contract, or both;
  • Review its processes and procedures for training CMT employees about CMTs participation in the Privacy Shield programs and the appropriate handling of personal data;
  • CMT will prepare an internal verification statement on an annual basis.

Notification

CMT notifies users about its adherence to the EU-US Privacy Shield and Swiss-US Privacy Shield principles through this publicly posted website Privacy Policy, available at: www.cmtelematics.com/privacy

Complaints

In compliance with the US-EU and Swiss-US Privacy Shield Principles, CMT commits to resolve complaints about your privacy and our collection or use of your personal information. EU and Swiss individuals with questions or concerns about the use of their personal data should contact us at: privacy@cmtelematics.com.

If your question or concern cannot be satisfied through this process CMT has further committed to refer unresolved privacy complaints under US-EU Privacy Shield and Swiss-US Privacy Shield to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus, located in the United States and provided to individuals free of charge.

If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed by CMT, EU and Swiss individuals may bring a complaint before the BBB EU Privacy Shield program details of which can be found at: https://www.bbb.org/EU-privacy-shield/file-a-complaint/

Finally, as a last resort and in limited situations, EU and Swiss individuals with unresolved complaints may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.

16. Changes to the Privacy Policy

This Policy may be amended from time to time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles. We will make CMT employees aware of changes to this Privacy Policy either by posting to our intranet, through email, or other means. Any changes we make to this Privacy Policy will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.

This Privacy Policy was last updated on the 13th of May, 2019 and replaces any other Privacy Policy previously applicable from this date.

17. Contact

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to:

By post: Cambridge Mobile Telematics Inc. of 101 Main Street, Suite 1400, Cambridge, MA 02142, USA

By email: privacy@cmtelematics.com