This policy notice concerns customers who are using the NIBC tracking system. If you have any questions about this information, please contact firstname.lastname@example.org.
WHAT INFORMATION DO WE COLLECT?
We collect data for tracking vehicles, providing services in relation to the tracking of vehicles and communicating with the customer company for whom the vehicle is being tracked. This data includes personal data such as the below:
- Address(es) – home/ work/ other significant addresses
- Telephone number(s)
- Email Address(es)
- Vehicle Location data from GPS with date and time from the tracking unit
For insurance the customer company is the driver’s insurer who may contract our services through a third party. Personal data provided to us also includes date of birth.
Additional data collected by the unit from the tracking unit is :
- Vehicle ignition state
- Vehicle speed and, heading
- Vehicle acceleration and braking data in 3 dimensions
- Tracking Unit orientation, signal strength and GPS satellites in view data
- Driver tag identification when fitted
- Additional wired input when fitted, such as temperature monitoring, attached device state (tail-lift, pump, spreader, mowing equipment etc…), vehicle door open/closed or vehicle load state.
Data that is not from the tracking device is provided and maintained by the customer company that contracts our services. Vehicle location data is processed to determine an address for the location and may also provide driving style and driving time information for the customer company.
WHAT DO WE USE THE INFORMATION FOR?
We use your information to provide the services for which we have been contracted by the customer company that could be your employer, a company to which you are contracted or your insurance company. The customer company is the data controller for whom we are acting as a data processor, the data controller should inform data subjects of their lawful basis for processing and the purpose(s) of processing in the use of our services.
Services provided by NIBC are as detailed on our product pages including:
- Real-Time Vehicle Tracking including display on maps.
- Vehicle Trip logs and reports including display on maps.
- Timesheet reports including mileage, vehicle speeds, driving time, idle time and time on site.
- Driving style data covering acceleration, deceleration and speed in comparison to other vehicles.
- Geofencing and Alerts to highlight activity in particular locations.
HOW DO WE PROTECT YOUR INFORMATION?
We implement a variety of security measures to maintain the safety of your personal information. Security credentials are required to access the tracking application with feature accessibility by user account determined by the customer company system administrator.
All supplied sensitive/credit information is encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential.
After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be kept on file for more than 60 days.
WILL WE CONTACT YOU?
We may contact you as part of the services we provide to the customer company, this includes sending reports, arranging appointments for installation of the vehicle tracking unit, to discuss issues with the data received from the vehicle tracking unit or to arrange service appointments to investigate issues with the vehicle tracking unit.
DO WE RECORD PHONE CALLS?
Phone calls may be recorded for quality and training purposes
Disabling/Enabling Cookies – users have the ability to accept or disable cookies by modifying the settings in their browser. Disabling cookies however, may mean that some functionality may be affected. For further directions on how to disable cookies please visit http://www.allaboutcookies.org/manage-cookies/stop-cookies-installed.html
DO WE DISCLOSE ANY INFORMATION TO OUTSIDE THIRD PARTIES?
No, we will not pass your contact details to any outside third party. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or other’s rights, property, or safety. However, non- personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
DATA SUBJECT RIGHTS
Individuals have a number of rights with regard to the data held about them, in the first instance requests should be made to the Customer company and any requests made directly to NIBC will be referred to the customer company. Requests to NIBC should be made to our support team who can be contacted as detailed at email@example.com.
- a) Right to be informed
Data subjects have the right to be informed of the personal data held about them, the processing of that personal data and of the lawful the basis of processing and purpose(s) of processing. This privacy notice provides details of the personal data held and processing of that personal data NIBC carries out as a data processor on behalf of the customer company as a data controller that should provide the lawful the basis of processing and purpose(s) of processing.
- b) Right of Access
More commonly known as Subject Access Requests or “SARs”, Data Subjects have the right to request and obtain from information relating to, and to receive a copy of, their Personal Data.
- c) Right to Rectification
Data Subjects have the right to obtain the rectification or completion of inaccurate or incomplete Personal Data concerning him or her. Most of the personal data in the NIBC system can be amended through the NIBC web application by an administrative user of the customer company.
- d) Rights to Erasure, Restriction, Data Portability and to Object
In certain circumstances and, in some cases, subject to specific exceptions, Data Subjects have the right to:
- Obtain the erasure of Personal Data concerning him or her;
- Obtain the restriction of Processing of Personal Data concerning him or her;
- Obtain the Personal Data concerning him or her, which he or she has provided to a data controller, to transmit to another data controller without hindrance to have us transfer the personal data directly to another data controller where technically feasible;
- Object at any time to Processing carried out in our legitimate interests, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or carried out for direct marketing purposes.
TRANSFER OUTSIDE OF THE EU
NIBC will only transfer (‘transfer’ includes making available remotely) Personal Data to countries outside of the EEA where:
- The transfer is to a country (or an international organisation), that the European Commission has determined ensures an adequate level of protection;
- Standard contractual clauses adopted by the European Commission have been put in place between NIBC and the entity located outside the EEA;
- binding corporate rules have been implemented, where applicable; or the transfer is otherwise permitted by the GDPR.
The length of time NIBC will retain tracking data can be set through the NIBC web application by an administrative user from the customer company, the maximum retention period is 7 years and the minimum is 3 months. The data is available through the web application for up to 1 year with archive data available by request to the support team at firstname.lastname@example.org.
Customers should consider the length of time it is necessary for the tracking data to be retained for their purpose(s) of processing and an administrative user should configure the retention appropriately.
Any complaints should be raised with NIBC at the email address above in the first instance. Data subjects can raise complaints to the supervisory authority in the UK this is the Information Commissioners office – www.ico.org
NIBC has appointed a Data Protection Officer in line with the requirements of the General Data Processing Regulation (GDPR) who can be contacted by email to DPO@nibc.co.uk.
This policy was last modified on May 22nd 2018