Effective Date: November 28, 2016
1. Scope and Application
If you interact with our Services as both a fleet owner or insurance provider, and a driver, the respective privacy statements apply to your different interactions.
2. What Information Does Nauto Gather?
2.1 Driving Data
Nauto collects information about your driving environment and experience while on the road (“Driving Data”). Nauto uses forward-facing camera and sensor technology to scan your environment, collecting information about:
• Geographic location and relative proximity of your vehicle to other vehicles
• Road signs and traffic lights
• Hazards, such as pedestrians, bicycles, weather, and other vehicles
• Collision, near-miss, hard braking, fast acceleration or hard cornering events.
• Traffic patterns and flow
• Lane departure
• Vehicle density
• Parking spaces
• License plate numbers of surrounding vehicles
• Vehicle Parked Location
At the same time, Nauto uses inward-facing camera and sensor technology to monitor your state and driving behavior, collecting information about:
• Your identity, face and behavior
• Passenger identity, face(s), count and behavior
• Inattention (e.g., phone use, passenger activity)
• Speed, acceleration, and mileage
• Driving time
• Device Tampering
• Vehicle Security (e.g., audio listening of broken glass, stolen vehicle)
In addition, Nauto uses automated means to collect information from drivers’ devices, such as:
• Network or Internet protocol addresses
• Operating system identification
• Mobile network identification
• Device identifier or registration
• Device settings
• Date and time of web requests
Once connected to a cellular network, your Nauto device regularly sends the data described in this Policy to Nauto to provide you with the Services.
2.2 Personal Data
Nauto collects personally identifiable information about the driver and passengers (“Personal Data”). Nauto uses this information for communication of events, notifications or updates. This data includes:
• Phone Number
• Email Address
• Other Contact Information (e.g., home address, work address)
• Driver’s License / ID Information
• Date of Birth
• Vehicle Identification Number (“VIN”)
• License Plate
• Driver Score - Driver Risk
• Emergency Contact Information
• Face of Driver
• Face of Passengers
• Face of Pedestrians
• Who was in an accident
• Live camera feed / photos
• Audio Recordings
• Un-blurred Video
• Un-blurred Photos
• Account / Payment / Billing Information
2.3 Other Data
Nauto uses aggregate, anonymized, non-personal driving to provide insights to improve driving behavior (“Other Data”). Such data includes:
• Location information including GPS position
• Accident hotspots
• Sensitive Aggregate Data (e.g., Fleet Risk)
• General Aggregate Data (e.g., Traffic data)
• Non Sensitive (e.g., Pot holes, weather, stop sign / signal locations)
2.4 Other Information Provided By You
You and your passengers may transmit information to Nauto voluntarily, by recording a short voice note using the Nauto device. Nauto processes the voice note to understand additional details of an incident or passenger interaction and may use the information provided to offer technical support to drivers.
2.5 Account, Payment, and Billing Information
You may be asked to create a Nauto account “Profile,” to make it easier for you to communicate with us and access the Services we provide to you. To create an account, you may be asked to provide some personal information, such as your name, username, password, email address, mailing address, and phone number. Nauto may also collect payment information from you or your company, including a credit or debit card number, card expiration date, CVV code, billing address, and shipping address, to complete a transaction through our Services.
2.6 Website Use
When you visit Nauto’s website or other online services, we and our third-party partners analyze log file information and other data collected through cookies, web beacons, and other tracking technology, to collect information about your browsing behavior. This information may include, for example, your browser type, domains, page views, IP address, referring/exit pages, information about how you interact with our website or online services interface and links, traffic and usage trends, etc. We may use session cookies to keep you logged in while you use features of our website or online services.
Nauto respects Do Not Track (“DNT”) settings in browsers. If you are logged out of our services and have DNT enabled, we will not set cookies that can be used to aggregate information about your usage. We may use some cookies to enhance your experience by storing preferences or options.
3. How Does Nauto Use the Data it Gathers?
3.1 Provide, Improve, and Develop Nauto Services
Nauto uses the driving and connectivity data it collects from your Nauto device, as well as any information voluntarily provided by you, to provide, improve, and develop its services. Using the data, Nauto is able to, among other things:
• Generate detailed maps of high-risk driving areas
• Understand and predict traffic flows
• Advise you of hazards in real time
• Determine the cause and consequence of individual driving behavior and events
• Develop composite safety scores for your driving
Nauto also uses the information it collects to provide technical support, improve the quality of service Nauto provides, and develop new services and technologies.
3.2 Business Development, Advertising, and Research
Nauto also uses aggregate, anonymized, non-personal driving and connectivity data for business purposes, including product improvement, analytics, industry and market research, and other purposes consistent with Nauto’s legitimate business needs.
4. How Will Nauto Share the Information It Collects?
4.1 With You
Nauto will share with you the data it collects. This means that you can obtain up-to-date information about driving hazards in your area and receive alerts.
However, we may take certain measures to protect the privacy of third persons whose personal information may be collected by your Nauto device. Nauto reserves the right to withhold, within its sole discretion, identifying images and information of passersby or nearby drivers. For example, we may blur the faces of pedestrians or the content of vehicle license plates so that they cannot be identified in video content recorded by Nauto. Nauto also may blur the faces of passengers in your vehicles, unless passengers give consent to the disclosure of their identity.
4.2 Vendors, Service Providers, and Other Partners
Nauto may provide your personal information to vendors, service providers, and other partners who support Nauto’s business by providing technical infrastructure services, analyzing how our services are used, measuring the effectiveness of our services, providing customer service, facilitating payments, or conducting academic research and surveys. These partners must adhere to strict confidentiality obligations in a way that is consistent with this Policy and the agreements we enter into with them.
4.3 Third Parties
Nauto may share, license, or sell aggregate, anonymized, non-personal driving, connectivity, and user-generated data with and among other fleet owners, insurers, Nauto drivers, and other third parties. Nauto uses this information to advise other fleet owners, insurers, and Nauto drivers about driving conditions and to warn them of hazards. Nauto also uses this information to provide its clients with the most up-to-date and precise fleet management and mapping services, driver safety scores, risk analysis, and traffic analysis available.
Nauto devices are capable of warning drivers of safety concerns about other nearby drivers. To the extent that you present a safety risk or concern, Nauto may share personal information about you—such as your Driving Data and your vehicle make, model, or license plate—with another fleet owner, insurer, or driver in the Nauto network.
Under no circumstances do we share or sell your personal information to any third party company or organization other than as described in Section 4.2 above, for any commercial or marketing purposes, without your explicit consent. Nauto will never share or sell your account, payment, or billing information, other than as described in Section 4.2, without asking you first.
Signing up for or connecting to third-party products or services sometimes requires us to share data with third parties. Before we share your data with a third party, you will be shown details about any proposed exchange(s) of data between Nauto and the third party that is providing the product or service. In some cases, Nauto or the third party will instead (or also) ask for permission to control the products that you have connected. Your explicit consent is required to allow any of these exchanges or requests for control and you will be able to revoke it at any time.
4.4 Business Transaction
In the event Nauto is involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your information may be sold or transferred as part of that transaction. This Policy will apply to your information as transferred to the new entity.
4.5 Fraud and Illegal Activity
Nauto may access, preserve, and share your information when Nauto has a good faith belief that it is necessary to: protect the property and security of Nauto, Nauto users, and others; or to prevent death or imminent bodily harm.
4.6 Legal Compliance
Nauto may access, preserve, and share your information in response to a legal request (like a search warrant, court order, or subpoena) if Nauto has a good faith belief that the law requires it. Information concerning you may be accessed, processed, and retained for an extended period of time when it is the subject of a legal request or obligation, government investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
The information we collect may be processed and stored on Nauto servers located in the United States or in other countries. Your information may be subject to legal requirements, including disclosure requirements, in those jurisdictions.
5. Data Protection, Security, and Retention
5.1 Data Protection and Security
Nauto takes security seriously. We use commercially reasonable physical, administrative, and technological methods to transmit your data securely including HTTPS, TLS/SSL protocol, AES and RSA data encryption. The Nauto cloud is supported by third-party vendors and service providers which process and store information in compliance with this Policy and any other appropriate confidentiality and security measures.
In addition to technological security measures, Nauto places access controls on its employees, contractors, and agents. We restrict access to any personal information to those Nauto employees, contractors, and agents who need to know that information in order to transmit, store, or process it, and who are subject to strict contractual confidentiality obligations that are consistent with this Policy, and may be disciplined or terminated if they fail to meet these obligations.
Nauto cannot guarantee that unauthorized third parties will never be able to defeat our security measures or use your personal information for improper purposes. In the event that any information in our possession or under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
5.2 Data Retention and Deletion
We will retain the information that you provide only as long as needed to provide you Services. Most data are temporarily stored locally on the device and only select data is sent up into the cloud. We may retain your personal information after you have closed your account if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes between Nauto users, prevent fraud or abuse, or enforce this Policy and our User Agreement. You can request to delete your personal information from Nauto’s servers via an email request to email@example.com. Because of the way we maintain certain Services, after your information is deleted, backup copies may linger for some time before they are deleted, and we may retain certain data for a longer period of time if we are required to do so for legal reasons.
6. International Users
Under the Privacy Shield Principles, Nauto has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf under Section 4.2 above. Nauto complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
In compliance with the Privacy Shield Principles, Nauto commits to resolve complaints about our collection or use of your personal information. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Nauto at firstname.lastname@example.org. If there is a dispute that we are unable to resolve, Nauto commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to data transferred from the EU.
You also may have the ability, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by a complaint to Nauto or by the panel established by the DPAs. More information relate dto this arbitration procedure is available at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
The Federal Trade Commission has jurisdiction over Nauto’s compliance with the Privacy Shield.
We may revise this Policy from time to time. The most current version will govern our use of your information. If we make a change to this Policy that, in our sole discretion, is material, we will notify you via an email update using an email address associated with your account. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Policy.
If you have any questions, please contact us at email@example.com.