- General Information
- Data Controller
For the purposes of the Applicable Privacy Laws, Octo Telematics is the data controller for the Personal Data it collects and processes relating to use of the Application and Application Services by Users.
- Type of Data Collected and Processed
We collect the Personal Data specifically and voluntarily provided by Users and collected as clarified below and through the use of Application and Application Services.
“Personal Data” is understood to be any information by which a living individual may be identified, such as the name and surname, user name, password, , email address, place of birth, country, region, city of residence, current geographical location and vehicle information, including make, model, year and vehicle identification number, of a vehicle being driven by a User. The provision and collection of Users’ Personal Data is necessary in order to allow the Service to function as described in the ULA – accordingly, it is requested of Users when they create an account.
To provide the Service, we need to collect data on Users’ geographical location when they use the Application and the Application Services. For the Application to function properly, it requires the GPS technology and location services on Users’ devices to be switched on and the Application granted permission to use them in order determine their current location. By downloading and using the Application, Users accept to their data being collected and used for this purpose. Providing the Service also requires that we collect data on Users’ driving styles and habits, the Application can automatically record the trip’s commencement and termination, along with the GPS latitude, longitude and heading by the second, plus data from other sensors on the device (e.g. accelerometer, gyroscope), in order to record driving behaviour, and which are supplemented by contextual data (traffic, weather, time of day).
We also collect technical information, including the type of mobile device Users use, mobile network information, Users’ mobile operating systems, the type of mobile browser used, time zone setting etc.
However, we will not collect or process sensitive data, which is to be understood as personal data that is capable of revealing Users’ racial and ethnic origin, their religious, philosophical or other types of beliefs, political opinions, membership of political parties, trade unions, religious, philosophical, political or trade union associations or organizations, as well as personal data capable of revealing Users’ state of health and sexual habits. Users are kindly asked not to provide us with their sensitive data.
- Data Processing Methods, Purposes and Legal Basis
Octo Telematics processes Users’ Personal Data by automated means using software and other IT instruments, in order to make the Service, the Application Services and the Application available, for the following purposes:
a) performance of the ULA;
b) compliance with obligations set forth by the applicable law provisions and, in particular, by the Applicable Privacy Laws;
c) protection of Octo Telematics rights, also before Courts;
d) carrying out activities related to company and business branch sales, acquisitions, mergers, divisions or other corporate transformations involving Octo Telematics, and the relevant implementation;
e) Octo Telematics legitimate interest to improve its own technological platforms, the services and the products offered to current and potential clients.
The provision of Personal Data for the purposes referred to in letters a), b), c) is mandatory, as it is necessary for the performance of the ULA and for the fulfillment of the obligations laid down by legal provisions or regulations, as well as for the legal protection of Octo Telematics rights, according to art. 6 of GDPR, point b), and c) Therefore, the failure to provide such Personal Data, as well as any request for the cancellation thereof, will make it impossible to establish or continue the performance of the ULA.
The Personal Data processing for the purposes referred to in letters d) and e) is necessary for the pursuit of Octo Telematics legitimate interest, which will be adequately balanced with the rights and freedoms of the User, provided that the Personal Data processing is performed within the limits strictly necessary for carrying out these activities.
Octo Telematics has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk and in compliance with art. 32 of GDPR.
- To Whom We Might Disclose Users’ Data
Personal Data will not be disclosed or communicated to third parties without authorization, including through their provision or consultation, both electronically or on paper. However, in certain specific cases, Personal Data may be disclosed to the following categories of recipients:
a) subjects, internal or external to Octo Telematics structure, duly appointed in writing as processors or sub-processors pursuant to the Applicable Privacy Laws, for the performance of processing activities necessary in order to perform the ULA (including other companies belonging to OCTO group);
b) public, judicial or police authorities, within the limits established by applicable laws and regulations;
- Persons Tasked with Processing the Personal Data
- Data Subject’s Rights
In accordance with Applicable Privacy Laws, Users are granted with the following rights and faculties:
a) the right to be informed on the Personal Data processing purposes and modalities;
b) the right to access Personal Data pertaining to them;
c) the right to obtain a copy of the Personal Data, if the latter is stored in countries outside the European Union, as well as to obtain indication of the place where such Data is stored or transferred;
d) the right to request the rectification, the updating or the integration of Personal Data;
e) the right to request the erasure or the anonymization of Personal Data or the blocking of the Personal Data processing;
f) the right to object, in whole or in part, to any processing performed through automated decision-making processes, including profiling;
g) the right to withdraw their consent to the processing, where given, freely and at any time;
h) the right to Personal Data portability, i.e. the right to receive Personal Data in a structured format, commonly used and readable by automatic devices, and the possibility to transmit said Data to another controller freely and without hindrances;
i) the right to request the limitation of Personal Data processing;
j) the right to contact Octo Telematics data protection officer;
k) the right to file a complaint with the personal data protection supervisory Authority.
- Where We Store Users’ Personal Data
OCTO will only process personal data in countries located in the European Union and will not carry out any cross-border transfer of personal data outside the EEA, unless such transfer is based on the prior written consent of the Data Subject or any other suitable safeguard, including (a) the EU Commission standard contractual clauses; (b) EU Commission’s decisions of adequacy pertaining to the countries to which Data are transferred; (c) binding corporate rules adopted by OCTO Group or by OCTO’s designated processors or sub-processors.
- How Long We Store Users’ Personal Data
Personal Data provided to us by Users will be retained for one year following the collection in order to process it in accordance with the provisions set forth in ULA . After one year the data relating to the User’s Driving Behavior will be made anonymous, while all Personal Data relating to the User will be deleted or anonymized. If the User deletes his profile from the Application, all Personal Data will be immediately anonymized.
- Contact Details
For any information or request on the protection of Users’ Personal Data, please contact: email@example.com.
Users may also contact Octo Telematics data protection officer in order to exercise their rights, using the following contact details:
Tel. +39 (06) 726 53 41