Privacy Policy for Nauto Website Visitors

Privacy Policy for Nauto Website Visitors

Effective date: January 17, 2024

For the prior policy effective November 8, 2023 to January 17, 2024, click here.

Nauto is committed to producing data-driven insights to help companies evaluate driver risk, prevent crashes, create efficiencies by understanding traffic and road conditions, and improve driver performance.  This Privacy Policy (“Policy”) describes how and when Nauto, its service providers, and affiliates (collectively, “Nauto”), collect, use, and share the information they gather.  When you use Nauto’s applications, website, or other online products and services (“Website”), you consent to the collection, transfer, storage, use, and disclosure of information as described in this Policy.

1. Scope and Application

This Policy applies to all Nauto Website visitors and Nauto users using our Website to access their Nauto account.

For information about our privacy policies governing our products and services, please see Nauto’s Privacy Policy for Nauto Services and Products for Fleet Owners and Insurance Providers.

2. What Information Does Nauto Gather?

When you visit our Website, Nauto collects information about your visit in order to provide you with Nauto services and products, allow us to understand how visitors navigate our Website, and use our Services.

2.1 Information Provided By You

You have the option of writing us by email at info@nauto.com to give us your name, email address, phone number, and other information, which we will use to respond to your inquiries about Nauto, and to send you news about Nauto-related services, products, or promotions.  We may use a service provider to send or administer these messages, but we will never share or sell the information you provide with spammers or any other third parties without your consent. We will provide you with any personal information submitted by you to us by email upon request.

2.2 Device Usage Information

Once you become a Nauto user, you may be asked to create a Nauto account “Profile,” which is connected or registered to your Nauto device(s), to make it easier for you to communicate with us and access the Services we provide to you.  When you use our Website to log into your account Profile, we collect information about the IP address that you use to visit our website and record adjustments that you may make to the Nauto device through the website interface.  We store this data, in addition to information about your Nauto device(s), data collected directly by the device(s), a history of your device(s) settings, and any other information we have collected about your use of Nauto products and services.  

To learn more about the information collected by our products and services, please see our Nauto’s Privacy Policy for Nauto Services and Products for Fleet Owners and Insurance Providers.

2.3 Online Tracking

When you visit Nauto’s Website, we and our third-party partners analyze log file information and other data collected through cookies, web beacons, and other tracking technology, to collect information about your browsing behavior.  This information may include, for example, your browser type, domains, page views, IP address, referring/exit pages, information about how you interact with our Website and links, traffic and usage trends, etc.  We may use session or persistent cookies to keep you logged in while you use features of our website or online services, and which may allow us to recognize you when you return to the Website.

Although most Internet browsers automatically accept cookies, some permit you to change your settings to stop accepting cookies or to ask you before accepting a cookie from a website that you visit.  If you change your settings to reject cookies, parts of our Website may not work for you.  

Nauto respects Do Not Track (“DNT”) settings in browsers.  If you are logged out of our services and have DNT enabled, we will not set cookies that can be used to aggregate information about your usage.  We may use some cookies to enhance your experience by storing preferences or options.

2.4 Third-Party Sites

Nauto’s Website may contain links to third-party websites or social media features, such as Facebook or Twitter buttons (e.g., “Like” or “Tweet”).  Your interactions with, and information collected by, these linked websites are governed by the privacy policies of those sites, over which we have no control.  We encourage you to review your privacy settings and the privacy policies governing the third-party sites that you visit.

2.5  Minors

Our Website does not knowingly collect or store any personal information about children under the age of 13.

3. How Will Nauto Share the Information It Collects?

We do not share or sell your personal information to any third-party company or organization outside the Nauto network, for any commercial or marketing purpose, without asking you first.  The following are the limited situations in which we may share your information.

3.1 Vendors, Service Providers, and Other Partners

Nauto may provide your personal information to vendors, service providers, and other partners who support Nauto’s business by providing technical infrastructure services, analyzing how our services are used, measuring the effectiveness of our services, providing customer service, facilitating payments, or conducting academic research and surveys.  These partners must adhere to strict confidentiality obligations in a way that is consistent with this Policy and the agreements we enter into with them.  

3.2 Third Parties

We may share, license, or sell anonymized, non-personal data publicly and with third parties.  For example, Nauto may publish information about common driving mistakes or trends in traffic patterns.  We take steps to keep this non-personal information from being associated with you and we require our partners to do the same.

Nauto may share your personal information only with your explicit consent.  For example, you may wish to connect a third-party product or service to your Nauto device.  When you do so, you will be shown details about any proposed exchange(s) of data between Nauto and the third party that is providing the product or service.  In some cases, Nauto or the third party will instead (or also) ask for permission to control the products that you have connected.  Your explicit consent is required to allow any of these exchanges or requests for control and you will be able to revoke it at any time.

Any Nauto data that you choose to share with a third party is governed by that third party’s privacy policy while in that party’s possession.  Any data that Nauto receives from third-party products and services will be processed and stored by Nauto and will be treated in accordance with this Policy.  This information may be processed in the same ways as any other data that is a part of your Nauto account or Nauto logs.

3.3 Business Transactions

In the event Nauto is involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your information may be sold or transferred as part of that transaction.  This Policy will apply to your information as transferred to the new entity.

3.4  For use in protecting property and security of users

Nauto may access, preserve, and share your information when Nauto has a good faith belief that it is necessary to: protect the property and security of Nauto, Nauto users, and others; or to prevent death or imminent bodily harm.

3.5 Legal Compliance

Nauto may access, preserve, or share your information (including personal information) in response to a legal request (like a search warrant, court order, or subpoena) if Nauto has a good faith belief that the law requires it.  Information concerning you or your drivers may be accessed, processed, and retained for an extended period of time when it is the subject of a legal request or obligation, government investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.  

The information we collect may be processed and stored on Nauto servers located in the United States or in other countries.  Your information may be subject to legal requirements, including disclosure requirements, in those jurisdictions.

4. Data Protection, Security, and Retention

4.1  Data Protection and Security

Nauto takes security seriously.  We use commercially reasonable physical, administrative, and technological methods to transmit your data securely including HTTPS, TLS/SSL protocol, AES and RSA data encryption.  The Nauto cloud is supported by third-party vendors and service providers which process and store information in compliance with this Policy and any other appropriate confidentiality and security measures.

In addition to technological security measures, Nauto places access controls on its employees, contractors, and agents.  We restrict access to any personal information to those Nauto employees, contractors, and agents who need to know that information in order to transmit, store, or process it, and who are subject to strict contractual confidentiality obligations that are consistent with this Policy, and may be disciplined or terminated if they fail to meet these obligations.

Nauto cannot guarantee that unauthorized third parties will never be able to defeat our security measures or use your personal information for improper purposes.  In the event that any information in our possession or under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

4.2 Data Retention and Deletion

We will retain the information that you provide only as long as needed to provide you services.  We may retain your personal information after you have closed your account if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes between Nauto users, prevent fraud or abuse, or enforce this Policy and our User Agreement.  You can request to delete your personal information from Nauto’s servers via an email request to privacy@nauto.com.  Because of the way we maintain certain Services, after your information is deleted, backup copies may linger for some time before they are deleted, and we may retain certain data for a longer period of time if we are required to do so for legal reasons.

5. Information for California Residents

Nauto has not sold Personal Information in the preceding 12 months as the terms are defined under the California Consumer Privacy Act of 2018 (“CCPA”).

As a California resident, you may have certain rights regarding your Personal Information, including:

  • The right to know what Personal Information we have collected, disclosed, or sold
  • The right to request deletion of your Personal Information
  • The right to opt-out of the sale of your Personal Information (*note that Nauto has not sold Personal Information in the preceding 12 months)
  • The ability to exercise your rights through an authorized agent, which may require further verification by us
  • The right to treatment that’s free from discrimination for exercising your privacy rights under the CCPA

If you have questions about these rights or if you wish to exercise your rights under the CCPA, please contact us at privacy@nauto.com. When submitting a request please include your name and the email address associated with the Personal Information in order to help us verify and process your request. We will attempt to process such requests in a timely fashion, but we will notify you if we require additional time. Our fulfilment of verified requests is subject to applicable exemptions under the CCPA.

If you have a Nauto device installed in your vehicle and wish to submit a request, please contact the Nauto customer who installed the device (e.g., your employer).

6. International Visitors

The Nauto website is hosted in the United States and is intended for United States visitors. If you are accessing the site from the European Union, UK, or other regions with laws governing data collection and use that may differ from U.S. law, be advised that you are transferring your personal data to the United States and that, by providing your personal data, you consent to that transfer.

Nauto complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce.  Nauto has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Nauto is accountable for the personal information received under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, including any subsequent transfers to third parties Nauto engages solely to the extent such third parties are acting on our behalf.

If third-party agents process personal data on our behalf in a manner inconsistent with the DPF Principles, Nauto remains responsible and liable under the EU-U.S. DPF and the UK Extension unless Nauto demonstrates that we are not responsible for the event giving rise to any damages.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Nauto commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, should first contact Nauto at: privacy@nauto.com.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Nauto commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint.  The services of JAMS are provided at no cost to you. You may also have the ability, under certain conditions, to invoke binding arbitration for complaints regarding EU-U.S. DPF and the UK Extension to the EU-U.S. DPF compliance not resolved by a complaint to Nauto or through JAMS.  More information related to this arbitration procedure is available at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2. Nauto is subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to its compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

7. Your Choices

Upon request, individuals who wish to view, verify, correct, opt out of certain uses of, or remove their information collected under this policy, may contact Nauto at privacy@nauto.com. In compliance with the EU-U.S. DPF Principles, individuals have the right to access the personal information about them and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

8. Notification of Changes to This Privacy Policy

We may revise this Policy from time to time.  The most current version will govern our use of your information.  If we make a change to this Policy that, in our sole discretion, is material, we will notify you via an email update using an email address associated with your account.  By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Policy.  

9.  Questions?

If you have any questions, please contact us at privacy@nauto.com.

English