Effective date: June 5, 2018
For the prior policy effective August 31, 2017 to June 4, 2018, click here.
Nauto Global Limited, an Irish registered company, will provide the Services to Nauto’s Customers in the European Union, and Nauto, Inc., a United States company, will provide Nauto’s customers with the Services in all other countries. Details of these Nauto companies are set out at the end of this Policy.
Nauto may, on behalf of its customers, collect and analyze information (including personal information) about users (such as drivers and passengers) of the Services and other individuals (such as members of the public whose images may be captured by the Services). This content and information is referred to in this Policy as “Customer Data” and is controlled by Nauto’s customers . To the extent that Nauto captures, stores and analyses Customer Data, Nauto does so on behalf of its customers.
The Nauto device is an intelligent camera and sensor system that allows the collection of internal and external event data from vehicles in order to improve driver safety and fleet operations. Nauto devices use camera and sensor technology to scan a driver’s environment and collect information. The device’s cameras are both inward and outward facing. In addition to capturing video clips and images of drivers and passengers, the Nauto device also collects the following types of information:
The Nauto device and Services may also collect information about a vehicle’s environment and experience while on the road, including information about:
The Nauto device and Services may also collect other personal information about drivers (and passengers where indicated) such as:
The Nauto device also uses face scanning and facial recognition software on the data captured by the Nauto device in order to create a profile of a driver for Nauto’s customers. For example, this software may create a profile based on a driver’s facial features, such as the distance between the eyes, nose and ears, for a particular driver, that it uses to connect a driver in one particular photo or video to another photo or video for customer’s benefit. The device’s software may also analyse facial features, driver behaviour, posture and movements in order to ensure safety and to prevent accidents. This is done for safety reasons in order to protect the vital interests of drivers and passengers. For example, the device may process the following information about a driver’s behavior:
Some of this information may be considered to be sensitive personal information. Some images and information about members of the public may also be captured by the device.
To the extent requested by a customer, we may create account “Profiles” for drivers. These Profiles allow Nauto to display a driver’s Profile name and photo, and to link that Profile with information collected by that driver’s Nauto device. In order to create these Profiles on behalf of customers, Nauto may collect information such as names, username, password, photographs, location, and contact information of drives. Nauto may also collect information derived from its use of facial scanning and facial recognition software and its analysis of behavior, posture, and movements of persons who appear in data captured on Nauto devices.
In addition, drivers and passengers may transmit information to Nauto on behalf of customers by recording a short voice note using the Nauto device. Nauto processes the voice note on behalf of its customer to understand additional details of an incident or passenger interaction and may use the information to offer technical or emergency support to drivers on behalf of its Nauto customers.
The device may also, on a customer’s behalf, collect other information about a driver’s environment and experience on the road including a vehicle’s speed, acceleration, braking, collision events, mileage, relative proximity to other vehicles, road conditions/hazards, traffic patterns/density and the details of surrounding vehicles.
Nauto may also process the following information (collectively referred to as “Nauto Data”) in order to provide the Services to Customers:
Account creation information: Customers may create a Nauto account to make it easier to communicate with us and access the Services we provide. To create an account, customers may be asked to provide information such as names, usernames, passwords and contact information.
Billing and other information: Nauto or our partners acting on our behalf may collect and store payment information including a credit or debit card number, card expiration date, CVV code, billing address, and shipping address to complete transactions through our Services.
Services usage information: This is information about customers and customer personnel who are accessing and using the Services, which may include details of administrative, technical and support communications with us.
Log data: When our Customers use the Services we may collect log data such as your Internet Protocol address, the date and time of your use of the Services and cookie data.
Nauto may access and use Customer Data as reasonably necessary and in accordance with a customer’s instructions to provide and improve the Services. For example, Nauto may, on its customers’ behalf and in accordance with their instructions, use this information to understand and predict traffic flows, advise drivers of hazards in real time, determine the cause and consequence of individual driving behavior and events and develop composite safety scores for drivers.
Nauto may also use this information to provide technical support, to prevent or address service, security, technical issues, to improve the quality of service Nauto provides or at a customer’s request in connection with customer support matters.
Nauto may also use Customer Data as set forth in our agreement with its customer or as expressly permitted in writing by the customer or as required by law.
We also use information:
To understand and develop our Services: We carry out research and analyze trends to better understand how users are using the Services and improve them.
Communicating with customer personnel and marketing: If customer personnel contact us with a problem or question, we will use customer personnel information to respond. We may also send customer personnel service and administrative emails and messages. We may also contact customer personnel to inform them about changes in our Services, our service offerings, and important service related notices, such as security and fraud notices. These emails and messages are considered part of the Services we are contractually obliged to provide to customers’ personnel and, apart from marketing emails, customer personnel may not opt-out of them. Where we send emails about new product features or other news about Nauto, customer personnel and other recipients can opt out of these at any time.
Billing and account management: We use account data to administer accounts and keep track of billing and payments. This processing of Nauto Data is necessary for us to provide the Services to Customers.
Investigating fraud and abuse: We work hard to keep the Services secure and to prevent abuse and fraud. Any processing of Nauto Data in these circumstances will be in our legitimate interests and the legitimate interests of our customers and their personnel to have their data kept secure and free from abuse and fraud. Processing of Customer Data in these circumstances shall be on behalf of our customers.
Where the processing described in this Section 2 comprises Nauto Data processing, Nauto processes such data in accordance with its and its customers’ legitimate interests described above and because such processing is necessary for Nauto to discharge its contractual obligations.
Use of Aggregated/De-identified data: This Policy is not intended to place any limits on what Nauto does with data that is aggregated and/or de-identified so the data is no longer associated with and can no longer be linked to an identifiable user or customer of the Services. Nauto uses aggregate or de-identified information for business purposes, including for product improvement, analytics, industry and market research, and other purposes consistent with Nauto’s business needs. Examples of aggregated or de-identified information used by Nauto include information on:
Nauto may share information described in this Policy from time to time. Our customers determine their own policies for the sharing and disclosure of Customer Data. Nauto does not control how customers or their third parties choose to share or disclose Customer Data.
Nauto may share Customer Data and other information in accordance with our agreement with our customers and our customers’ instructions, including with:
Customers: Nauto may share Customer Data and other information in accordance with our agreement with customers. This means that customers, and third parties that customers designate to receive their Customer Data, can receive up-to-date information about a driver’s location, speed, driving hazards, and attentiveness, in addition to in-depth analysis of driver safety, traffic dynamics, or insurer loss data. There may be times when a user contacts Nauto to help resolve an issue specific to the Services. In order to help resolve the issue and given our relationship with our customer, we may share this concern with our customer.
Third Party Service Providers and Agents: Nauto may provide information to vendors, service providers, and other partners who help provide the Services and who, like Nauto, will use this information in accordance with instructions from Nauto’s customers either directly or through Nauto. These partners must adhere to strict confidentiality obligations that are consistent with this Policy and the agreements Nauto enters into with them.
Sharing of Aggregated/De-identified Data: We may disclose or use aggregate or de-identified information for any purpose, including for business, public interest, or research purposes. For example, we may use this information to advise other customers, including fleet owners and insurers, and Nauto drivers about driving conditions and to warn them of hazards. Nauto may also use this information to provide customers with other fleet management services, general risk analysis and traffic analysis.
Affiliates: We may engage affiliates in our corporate group to process Customer Data in accordance with our agreement with Customers.
Legal Compliance: Nauto may share information in order to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
Emergency Services: Nauto may contact emergency services and share Customer Data on behalf of its customers if there is an accident based on information that Nauto receives from Nauto devices. This is to protect the vital interests of drivers, passengers or members of the public.
Nauto, pursuant to its legitimate interests and those of its customers and their users, may also share Nauto Data in the circumstances described above. Such sharing might also be required in order for Nauto to perform its contractual obligations in its customer agreements. Such Nauto Data sharing may also occur in the following circumstances:
Changes to Business Structure: In the event Nauto is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Nauto’s assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
Fraud and Illegal Activity: Nauto may share Nauto Data to enforce our rights, prevent fraud and for safety. This is in order to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.
Nauto takes security seriously. Nauto maintains administrative, technical, and physical safeguards designed to protect the privacy and security of the Biometric Information that it collects. These safeguards take into account the nature of the information we collect, process and store, and the current state of technology. The Nauto cloud is supported by customer authorized third-party vendors and service providers that process and store information in compliance with this Policy and any other appropriate confidentiality and security measures.
In addition to technological security measures, Nauto places access controls on its employees, contractors, and agents.
Despite these measures, Nauto cannot guarantee that the information described in this Policy will be completely secure.
We only retain Customer Data if necessary in accordance with our agreement with the customer or as expressly permitted in writing by the customer or as required to comply with our legal obligations.
Most data (including most Customer Data) are temporarily stored locally on the Nauto device and only select data (including only select Customer Data) is sent up into the cloud.
Generally, we only store Nauto Data for as long as is necessary for the business purposes for which the data is processed by Nauto. This means certain account creation information and general account information along with Services usage information will typically be stored while the account remains active or for shorter periods if possible. We may retain certain Nauto Data after an account has closed if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, prevent fraud or abuse, or enforce this Policy and our agreements with customers. For example, certain Nauto Data such as financial and payment information may need to be stored for a number of years after payment is made in accordance with applicable tax and corporate laws. Nauto may store depersonalized data, indefinitely.
As noted above, Nauto may use face scanning technology and facial recognition software on the data captured by the Nauto devices in order to create mathematical representations that correspond to images of faces for purposes of identifying employees of Nauto’s customers. Nauto’s software may also analyse and collect data from the facial features, driver behavior, posture and movements of persons who appear on data captured by Nauto devices, including employees of Nauto’s customers, in order to ensure safety and to prevent accidents. Nauto may also collect and store other information derived from or based upon biological attributes that may be used to identify a person. Nauto protects all such information using the same or more strict security procedures that it uses to protect other confidential and sensitive data.
Generally, Nauto retains such information for no longer than is reasonably necessary. Subject to legal obligations and restrictions, Nauto will make reasonable, good-faith efforts to permanently destroy all such information pertaining to a person under the following circumstances:
The Services are not directed at children under 13 years. If you learn that a child under 13 has provided us with personal information without parental or guardian consent, please contact us. Should our Services capture information about children (as passengers or outside the relevant vehicle), this information will only be processed on behalf of customers where it is in the vital safety interests of children or those of others or where the processing is in our customers’ legitimate interests or those of the children or the public.
If you are using the Services in the European Union or other regions outside of the United States with laws governing data collection and use that may differ from U.S. law, be advised that Nauto may transfer your information, Customer Data and Nauto Data to the United States and other countries with differing data protection laws and differing government agency data access rules. By using the Services, you explicitly consent to that transfer. Nauto Inc., complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Nauto has certified to the Department of Commerce that it adheres to the EU-U.S. Privacy Shield Framework. If there is any conflict between the terms in this Policy and these Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Under the Privacy Shield Principles, Nauto Inc. has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Nauto complies with the Privacy Shield Principles for all onward transfers of personal information from the E.U., including the onward transfer liability provisions.
In compliance with the Privacy Shield Principles, Nauto commits to resolve complaints about our collection or use of your personal information. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Nauto at firstname.lastname@example.org. If there is a dispute that we are unable to resolve, Nauto has committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you are unsatisfied with the resolution of your complaint, you may contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield for further information and assistance. You may also have the ability, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by a complaint to Nauto or through JAMS. More information related to this arbitration procedure is available at https://www.privacyshield.gov/article?id=ANNEX-I-introduction. Nauto is subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to its compliance with the Privacy Shield.
If your personal data is comprised in Customer Data, then you should contact the customer in relation to any statutory rights you may have to access, rectify, erase, restrict or object to customer’s processing of your data.
If your personal data is comprised in Nauto Data, then you may have rights to rectify, erase, restrict and object to Nauto processing your personal data. Please use the contact details set out below to contact Nauto Global Limited should you wish to exercise these rights. You can also access your personal information comprised in the Nauto Data by sending us a request at email@example.com. After we verify your identity, we will provide you with a copy of this personal information.If you are based in the European Union, without prejudice to any other rights you may have, you also have the right to file a complaint against Nauto Global Limited with your lead supervisory authority, and also with the Irish Data Protection Commissioner, which is our Lead Supervisory Authority by contacting them at firstname.lastname@example.org.
We may revise this Policy from time to time. We will provide notice of any changes on this page, and if the changes are significant, we will provide a more prominent notice, for example by contacting our customers. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Policy.
If you have any questions about Nauto’s Policy or practices and if you are based in the European Union, please contact Nauto Global Limited at email@example.com or at the address below:
Nauto Global Ltd
Bank of Ireland Workbench
39 St Stephen’s Green
Dublin 2, D02 HF62, Ireland
Nauto Global Limited will be the data controller of Nauto Data in relation to its customers in the European Union.
If you have any questions about Nauto’s Policy or practices and if you are based outside the European Union, please contact Nauto Inc. at firstname.lastname@example.org or at the address below:
220 Portage Ave
Palo Alto, CA 94306