Last updated: 13.11.2024
1. Introduction
This Privacy Policy describes how [Service Provider’s Company Name] (referred to as ”we,” ”our,” or ”us”) collects, uses, and shares information in connection with the Fleet and Asset Management solution (the “Service”). This policy applies to all users of our Service, including customers and their employees who interact with our web application, mobile application, or use data collection devices installed on vehicles and machinery.
2. Data Controller and Data Processor Roles
In accordance with the General Data Protection Regulation (GDPR), the Customer is the data controller and is responsible for collecting and managing personal data. We act as the data processor and process personal data on behalf of the Customer only as instructed by them.
3. Types of Data Collected and Retained
Our Service involves the collection and storage of several categories of data:
- Operational Data: Daily usage data generated through interactions with the Service, including data collected from vehicles or machinery, is stored within the EU.
- Analytics and Reporting Data: Aggregated data used for analytics, reporting, and other operational improvements. This data is anonymized and stored securely within Finland.
- User Information: Information provided by the Customer, such as employee names, driving behavior, hours worked, and, where applicable, license details. We retain user information for as long as the user is active in the Service. If a user is removed, their personal information is deleted unless anonymized for reporting and analytics.
4. Data Protection and Security Measures
We are committed to maintaining high standards of data protection. Our Service is provided with industry-standard security measures and practices designed to protect personal data and to comply with applicable privacy laws and regulations.
5. Data Deletion and Anonymization
When users are removed from the Service or when the Customer ceases use of the Service, any personal information linked to those users will be deleted. Anonymized data, such as aggregate usage metrics for analytics and reporting, may be retained securely.
6. User Access Management
The Customer is responsible for:
- Assigning appropriate access rights to users,
- Restricting access to sensitive data as needed,
- Removing unnecessary users from the Service to ensure data security and compliance.
7. Data Subject Rights
As a data controller, the Customer is responsible for ensuring that their employees (data subjects) can exercise their rights under GDPR, including:
- Right of Access: To view the personal data collected by the Customer.
- Right to Rectification: To correct inaccurate or incomplete data.
- Right to Erasure: To have their data deleted when it is no longer needed or upon request.
- Right to Data Portability: To receive their data in a structured format.
- Right to Restrict Processing: To limit the processing of their data under certain conditions.
- Right to Object: To object to data processing, such as for analytics purposes.
We assist the Customer in fulfilling these rights where applicable.
8. Data Transfers
All data is stored securely within the EU, with analytics and reporting data anonymized and stored within Finland. If data is transferred outside these regions, we will implement additional safeguards in accordance with GDPR requirements.
9. Updates to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or industry standards. Any changes will be communicated through the Service or via email to primary users as designated by the Customer.
10. Contact Information
For questions or concerns about this Privacy Policy or data protection practices, please contact:
Procode Oy
myynti@procode.fi