Geotab Inc. Privacy Policy

Effective as of April 5, 2018, Geotab Inc., its affiliates and subsidiaries (collectively “Geotab” or “we” or “us” or “our”) have updated our Privacy Policy (“Policy”).

1. Introduction

This Policy outlines Geotab’s commitment to protecting the privacy of individuals (“you”) who: visit our website, subscribe to the Geotab Solution or other services of ours, resell the Geotab Solution, or attend events sponsored by Geotab or its affiliates.

2. Scope of the Policy

This Policy applies to our collection, processing and use of personal data when you use the following:

For the purposes of this Policy, personal data means information or data relating to an identified or identifiable natural person. A person is considered identifiable if they can be identified directly, or indirectly, by reference to an identification number or to one or more factors that indicate their identity.

Our website may contain links to other websites that are operated by third parties. This Policy does not apply to those websites. We strongly suggest that you carefully review the privacy policies and statements of any third-party websites to properly understand their information practices.

3. Information Provided to Geotab

MyGeotab

Information in MyGeotab is either entered by you when setting up your account, or is collected when you drive a vehicle connected to the Geotab Solution.

To use MyGeotab, you or another representative from your organization must set up a MyGeotab account and provide us with certain information such as name, address, phone number, email address, company name, or company website.

We also collect information about an account holder’s activities on MyGeotab. MyGeotab provides Customers with the ability to obtain, among other types of data, GPS vehicle location data, engine and diagnostic data, and mapping information. GPS coordinates can be anonymously provided to a third party service provider to obtain mapping information without identifying a particular vehicle, Customer, or driver. We only process personal data about a driver operating a vehicle connected to the Geotab solution when that Customer enters the driver's personal data into the MyGeotab platform, and only in accordance with the Customer's written instructions or as required by applicable law.

MyAdmin

To use MyAdmin, a reseller’s representative must set up a MyAdmin account and provide us with certain information such as name, address, phone number, email address, company name, company website, company financial information, and payment information. We also collect information about a reseller’s activities on MyAdmin. MyAdmin enables resellers to provide support, functionality, reports, and other product features to Customers.

Device and Vehicle Data

The Geotab Solution is comprised of a software platform and a vehicle device (hardware) to enable Customers to collect vehicle data to manage their fleets. The vehicle device is installed into a vehicle’s on-board diagnostic port (also called the OBDII) that facilitates the extraction of data about the vehicle and its use. Any data that is temporarily stored on the device is encrypted. The vehicle data on a device is then transmitted to Geotab’s servers through secured wireless telecommunications networks and stored on encrypted cloud servers, in accordance with the applicable providers’ respective privacy, data handling and data usage policies. For more information, see the Geotab End User Agreement - Third Party Wireless Terms. To the extent such data includes personal data about you, we only use such data at the direction of the Customer who uses the MyGeotab Solution to collect personal data about you.

Geotab Marketplace

To offer a product or service on the Geotab Marketplace, a marketplace partner must set up an account and provide certain information such as name, address, phone number, email address, company name, company website, and product information. We also collect information about a marketplace partner’s activities on the Geotab Marketplace.

Geotab Website

We may also collect personal data from our website in the event you use the interactive features of the website, such as accessing a white paper, commenting on a blogpost, or participating in surveys, contests, or promotions. If you apply for a position with Geotab through a job posting on our website, we will collect personal data about you such as your name, resume, phone number, and email address. If you comment on articles or blog posts, we may also collect certain personal data about you that you include in your comment. We and our authorized partners may also collect information using cookies and other information gathering technologies for a variety of reasons. For more information on how we use cookies, visit our Cookie Policy.

The Geotab website may also use web beacons, tags, and scripts or use them in email or other electronic communications we send to you. These assist us in sending cookies and counting visits to our website while helping us understand usage and the effectiveness of various campaigns and promotions. Furthermore, we may receive and develop reports based on the use of these technologies by our third party service providers on an individual and aggregated basis.

Geotab Events

We may also ask for and collect personal data from individuals who register for or attend events sponsored by Geotab or its affiliates. Such data may include your name, address, phone number, and email.

Social Media Widgets

The Geotab website includes social media features such as the Facebook “Like” and “Share” buttons as well as mini-programs that run on our website. These features may collect your internet protocol address (IP address), which webpage you are visiting, and may set a cookie to enable the feature to function properly. The use of such features is governed by the privacy policies of the feature owner.

4. Geotab’s Use of Information

MyGeotab

If you created a MyGeotab account, we use your personal data to provide, maintain, improve, and promote the Geotab Solution. We may also use personal data to enable authorized Customers to access MyGeotab, and to send Customers transactional messages in order to respond to comments, questions, and requests or to distribute important Customer information.

MyAdmin

If you created a MyAdmin account, we use your personal data to provide,maintain improve, and promote MyAdmin. We also use your personal data to process transactions, obtain purchase confirmations and invoices, and to send reseller specific communications, or to respond to comments, questions, and requests or distribute information pertaining to the Geotab solution.

Device and Vehicle Data

If you drive a vehicle connected to the Geotab solution, we receive personal data about you to the extent our Customer provides such personal data to us, and we process such personal data in accordance with our Customer’s written instructions or as required by applicable law. To the extent that personal data about you may be inferred from technical vehicle information collected from the device, we process such personal data in accordance with this Policy.

Geotab Marketplace

If you submit your personal data through our website or Geotab Marketplace, we use your personal data to provide and support the interactive features or applications you are seeking to use and to generally improve our products and services. Where permitted by applicable law, we may also send you promotional communications from time to time to inform you of products, services, features, surveys, newsletters, offers, promotions, contests and events. Information and news about our partners may also be communicated from time to time.

You can opt out of marketing communications at any time by contacting us at: legal@geotab.com or following the unsubscribe or opt-out instructions included in our marketing communications.

Geotab works closely with its Marketplace partners during onboarding to ensure that their security policies, application development and data storage and processing follow industry best practices. Marketplace Partners may choose to process and/or store data outside of the MyGeotab application. By using any Marketplace Application, you acknowledge that your data may be  processed and/or stored outside of the MyGeotab application, and accordingly Geotab does not warrant or endorse, nor does it assume or will have any liability or responsibility for the data handling, storage or security practices of Marketplace partners.

Geotab’s Website, Communications and Support

We also use your personal data to provide customer service and support. Such support may include technical notices, updates, security alerts, and administrative messages. Where permitted by applicable law, we may also send you promotional communications from time to time to inform you of products, services, features, surveys, newsletters, offers, promotions, contests, and events. Information and news about our partners may also be communicated from time to time.

You can opt out of marketing communications at any time by contacting us at legal@geotab.com or following the unsubscribe or opt-out instructions included in our marketing communications.

If you applied for a job position through our website, we may provide your data to a third party service provider to assist us in managing your application. The job application data you provided to us may also be used or accessed from any of Geotab’s locations depending on the nature of the position.

Additionally, we use information to monitor and analyze trends, usage, and activities in connection with our website and Customer accounts in order to investigate and prevent fraudulent transactions, unauthorized access to the Geotab Solution, and other illegal activities. We may also use personal data for any other purpose for which we have obtained your consent or where permitted or required by applicable law.

Data Science and Analytics

We extract vehicle data using the Geotab device and aggregate it through Google’s BigQuery enterprise data warehouse. Aggregated data sets made available by Geotab do not contain personal data and cannot reasonably be used to identify an individual. Information processed using BigQuery is carried out on servers located in the European Economic Area (EEA). For more information on Geotab’s data science and analytics solutions, click here.

Legal Basis for Processing Personal Data(Applicable to EEA only)

If you are located in the European Economic Area (EEA), Geotab’s legal basis for collecting and processing the personal data we receive depends on the context in which it is sent to us. In our normal course of business, we will only collect and process personal data that has been sent to us by you or our Customer through: the Geotab website, the MyGeotab platform, the MyAdmin platform, or the Geotab Marketplace. We will process the personal data sent to us where you have provided your consent (as of May 25, 2018 based on Art. 6 of the GDPR) or where the processing of the information is necessary for the purposes of the legitimate interests pursued by the controller or by a third party and not overridden by your data protection interests or fundamental rights and freedoms (as of May 25, 2018 based on Art. 6 of the GDPR). We may also process your personal data where we have a legal obligation to collect and process personal data and are the controller in respect of such data (as of May 25, 2018 based on Art. 6 of the GDPR), or where the processing is necessary to protect your vital interests or that of another natural person (as of May 25, 2018 based on Art. 6 of the GDPR).

In circumstances where we rely on your consent to process the personal data, you have the right to withdraw your consent at any time. However, this may not affect the lawfulness of the processing based on the consent Geotab has received prior to the withdrawal of consent.

If you provide Geotab your personal data to comply with a legal requirement (e.g. Hours of Service) or to perform a contract (e.g. End User Agreement), we will make this clear to you at the relevant time. Geotab recommends that Customers, users, and resellers take steps to minimize the personal data they ask Geotab to process.

5. Sharing of Information

Service Providers

Geotab may share information, including personal data, with our third party service providers that we engage for providing hosting, for maintenance of our websites, applications, backup, storage, payment processing, analytics, and other services. We do not allow our service providers with whom we share personal data to use that information for marketing or any other purpose other than in connection with the services they provide to Geotab. See Exhibit “A” below for more information.

Complying with the Law and Law Enforcement Requests

In some circumstances, we may receive a request from public authorities to disclose personal data in response to a legally binding request to meet national security or law enforcement requirements. As applicable, we may disclose personal data to comply with subpoenas, court orders, or legal process, or to enforce our legal rights and defend against legal claims. In some cases, we may also share personal data if we believe that illegal or fraudulent activity is or has taken place so that we can investigate, prevent, and take appropriate action regarding such activities that may pose a potential threat to the physical safety of any person, violations of our Customer agreements, or to comply with the law. If your personal data becomes subject to a legal disclosure requirement and we are permitted to do so, we will attempt to notify you of said disclosure, if we have current contact information on file.

Success Stories

From time to time, we may post success stories on our website or in other publicly distributed material that contains personal data. In such cases, we obtain your written consent before posting your name or other personal data with the success story. If you wish to delete or remove your success story, you can contact us at legal@geotab.com.

Geotab Community Forum

Our website provides Customers, resellers, and users access to a community forum for questions, comments, and other information. Any information that you post to such forum might be collected and used by others who access it. You may request to have your personal data removed from such forums by contacting us at legal@geotab.com. If we cannot remove your information, we will contact you with reasons why.

Geotab Internal Sharing

We may share information, including your personal data, within the Geotab group of companies.

Sharing with Consent

We may also share information with third parties when you have provided us with your consent to do so.

6. International Transfers of Data

Geotab stores data about website visitors, Customers, and resellers on cloud servers located in North America, , Europe, and Asia. We may also store data on cloud servers located in other countries from time to time. Geotab operates on a global scale and we may transfer and access such personal data from various parts of the world, including from other countries where Geotab has Customers and operations. Geotab stores European Customer data on servers located within the EEA and North American Customer data on servers within North America. However, data (including personal data) may be transferred across national boundaries for load balancing, availability, or other reasons. We have entered into the EU Standard Contractual Clauses with our cloud service provider to comply with the most stringent privacy laws.

Personal Data Transfers outside of the EEA (Applicable to EEA only)

To the extent Geotab is a controller of your personal data and you reside in the EEA, please note the following. We may transmit some of your personal data to an international organization or a country where the data protection laws may not provide a level of protection equivalent to the laws in your jurisdiction. As required by applicable law, we will provide an adequate level of protection for your personal data using various means, including, where appropriate:

Any onward transfer is subject to appropriate onward transfer requirements as required by applicable law.

7. Communication Preferences

You can choose how we use your personal data to communicate with you through our website, Geotab Solution, or email. You can manage your receipt of marketing and non-transactional communications by clicking an unsubscribe link in emails received from us or you may send a request to legal@geotab.com.

8. Correcting, Updating, and Removing Your Information

Customers may change or update the information associated with their MyGeotab and MyAdmin accounts by logging into these services and editing their profile. You may request to have personal data that we maintain returned or removed by contacting our Customer support department or legal@geotab.com. Geotab reserves the right to validate requests to ensure legitimacy. Valid requests will be handled within 30 days.

An individual who seeks access to, or wishes to correct, amend, or delete inaccuracies in personal data stored or processed by Geotab may have to direct such inquiries to the appropriate Customer who has access to MyGeotab and acts as the data controller. Customers may, if required, then make a request to Geotab who will act on valid requests within 30 days. We retain personal data that we store and process on behalf of Customers, resellers, and website visitors for as long as necessary to provide the Geotab Solution. Information (including personal data) will be retained and used as necessary to enable us to comply with our legal obligations, resolve disputes, support our Customers and resellers, and to comply with and enforce our agreements.

We take the security of your personal data very seriously and follow generally accepted technological and organizational measures to safeguard such information. We do this when the information is in transit, in use, and at rest. For more information about our security process, visit our security page or read our technological and organizational measures security statement.

Data Retention

Geotab will retain your personal data for as long as needed to fulfill the purposes for which the data was provided. Geotab will delete or anonymize your personal data when we no longer have a legitimate business need for it. If it is no longer possible to delete it because, for example, it has been backed up in archives, then we will securely store the personal data and isolate it from further processing until deletion is possible.

For personal data that we process on behalf of resellers and customers users, we will retain such personal data in accordance with the terms of our agreement with them, subject to applicable laws.

Additional Rights for EEA and Certain Other Jurisdictions

If you reside in the EEA or certain other jurisdictions, you have the right to exercise additional rights available to you under the local law that applies to you:

In the event you would like to inquire about exercising these rights, you may contact our privacy officer by emailing us at legal@geotab.com. In order to protect your privacy and that of others, we may take steps to verify your identity and the validity of your request before we comply.

You also have the right to communicate with a data protection authority about our collection and processing of your personal data. You may contact your local data protection authority for more information.

9. Children’s Personal Data

We do not knowingly or intentionally collect or process any personal data from children under the age of 13. If you are under the age of 13, do not submit any personal data through our website or the Geotab Solution. Parents and legal guardians are encouraged to monitor their children’s internet use and assist in helping us enforce this Policy by teaching their children never to provide personal data through our website or the Geotab Solution. If you have reason to believe that we may have been sent personal data of a child under the age of 13, contact us at legal@geotab.com and we will use reasonable efforts to delete such information.

10. Assignment or Transfer

If Geotab was to sell or divest all or substantially all of our business, stock, or assets with another entity, we may assign or transfer this Policy as well as your account and related data (including personal data) in accordance with applicable law.

11. Changes to This Policy

If we make any changes to this Policy, we will post an updated policy on our website. You should periodically review this page for the latest information on our privacy practices. If you continue to use our website or the Geotab Solution, you agree to be bound by such changes to this Policy. If you do not agree to such changes, please contact us. We will attempt to resolve your concern by either providing an explanation or making an accommodation. If we cannot accommodate you, then your only remedy is to discontinue use of the website or Geotab Solution.

12. Supplemental Terms and Conditions for Certain Regions

Canada

Geotab, as a Canadian headquartered company, complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canadian Anti-Spam Legislation (CASL), and other applicable provincial and federal laws regarding the data we process, collect, store and use to provide the Geotab Solution. Canada’s data protection standards have been deemed adequate by the EU.

13. How to Contact Us

If you have questions about this Policy or about Geotab’s privacy practices, you can contact us by email at legal@geotab.com or at:

Geotab Inc.

Attn: Data Privacy Officer

21-1075 North Service Road West

Oakville, Ontario, Canada L6M 2G2

14. English Version Controls

Non-English translations of the Policy, if any, are provided for convenience only. If any ambiguity or conflict exists between such other translations, this English version will be held as the authoritative version.

Exhibit “A’ - Sub-Processors

Sub-Processors Used by Geotab to Support the Geotab Solution, Recruitment activities, Marketplace and Website

Google Cloud Platform

G-Suite

Zendesk

Fogbugz

Salesforce.com

Raygun

SendGrid

RingCentral

PagerDuty

Crazy Egg

LinkedIn