Privacy Policy for Nauto Services and Products

Effective date: June 5, 2018

For the current policy effective August 31, 2017 to June 4, 2018, click here.

This Privacy Policy (“Policy”) describes what information Nauto, Inc. and Nauto Global Limited, its service providers, and affiliates (collectively, “Nauto”, “we,” “our” or “us”) collects and how Nauto uses this information.

When we talk about the “Services” in this Policy, we are referring to the use of the Nauto device (both the device hardware and the software which supports and interacts with the device), Nauto’s applications or other Nauto products and services. We provide additional details about how we collect and use information from our public web site in our Privacy Policy for Nauto Website Visitors <insert link>.

Nauto Global Limited, an Irish registered company will provide the Services to Nauto’s Customers in the European Union, and Nauto, Inc., a US company, will provide Nauto’s customers with the Services in all other countries .  Details of these Nauto companies are set out at the end of this Policy.

What Information Does Nauto Collect and Receive?

Nauto may, on behalf of its customers, collect and analyse information (including personal information) about users (such as drivers and passengers) of the Services and other individuals (such as members of the public whose images may be captured by the Services). This content and information is referred to in this Policy as “Customer Data” and is controlled by Nauto’s customers. To the extent that Nauto captures, stores and analyses Customer Data, Nauto does so on behalf of its customers.

If you are using the Services by invitation of a Nauto customer, whether that customer is your employer, another organization, or an individual, Nauto collects, stores, and analyses your data on behalf of its customer in a manner consistent with this Privacy Policy, though that customer will otherwise determine its own additional policies regarding the treatment of Customer Data which may apply to your use of the Services. Nauto may implement some of these policies on its customers’ behalf.  Please check with the customer about the policies it has in place.

1. Nauto Device and Customer Data

The Nauto device is an intelligent camera and sensor system that allows the collection of internal and external event data from vehicles in order to improve driver safety and fleet operations. Nauto devices use camera and sensor technology to scan a driver’s environment and collect information. The device’s cameras are both inward and outward facing. In addition to capturing video clips and images of drivers and passengers, the Nauto device also collects the following types of information:

  • GPS location
  • Network or internet protocol addresses
  • Operating system ID
  • Mobile network details
  • Nauto device identifier or registration details
  • Nauto device settings
  • Date, time and type of web requests

The Nauto device and Services may also collect information about a vehicle’s environment and experience while on the road, including information about:

  • Geographic location and relative proximity of a vehicle to other vehicles
  • Hazards, such as pedestrians (whose faces may be blurred), bicycles, weather, and other vehicles
  • Collision, near-miss, hard braking, acceleration or cornering events
  • Traffic patterns, speeds, and flow
  • Lane and road departure
  • License plate numbers (which may be blurred) and other information such as color or make of surrounding vehicles
  • Not obeying the rules of the road e.g. running a red light

The Nauto device and Services may also collect other personal information about drivers (and passengers where indicated) such as:

  • Name
  • Phone number
  • Email address
  • Home/work address
  • Driver’s license / ID information
  • Date of birth
  • Vehicle identification number ("VIN")
  • License plate
  • Emergency contact information
  • Face of driver
  • Driver’s posture and other physical characteristics when driving
  • Who was in a collision including passengers
  • Live camera feed / photo images including passengers
  • Audio recordings including passengers

The Nauto device also uses face scanning and facial recognition software on the data captured by the Nauto device in order to create a profile of a driver for Nauto’s customers. For example, this software may create a profile based on a driver’s facial features, such as the distance between the eyes, nose and ears, for a particular driver, that it uses to connect a driver in one particular photo or video to another photo or video for customer’s benefit.  The device’s software may also analyse facial features, driver behaviour, posture and movements in order to ensure safety and to prevent accidents. This is done for safety reasons in order to protect the vital interests of drivers and passengers.   For example, the device may process the following information about a driver’s behavior:

  • Driver behavior and actions or inaction
  • Risks
  • Number of passengers in the vehicle
  • Drowsiness
  • Inattention  (e.g., phone use, passenger activity)
  • Braking
  • Speed, acceleration, and mileage
  • Driving time
  • Nauto device tampering
  • Vehicle security (e.g., audio listening of broken glass, stolen vehicle)
  • Not obeying the rules of the road, e.g. texting while driving, ignoring traffic control signals or signs, DUI (i.e. drink-driving)

 

Some of this information may be considered to be sensitive personal information which is needed by the Customer to protect the vital interests of drivers, passengers and members of the public. Some images and information about members of the public may also be captured by the device.

To the extent requested by a customer, we may create account “Profiles” for drivers. These Profiles allow Nauto to display a driver’s Profile name and photo, and link that Profile with information collected by that driver’s Nauto device. In order to create these profiles on behalf of customers, Nauto may process information such as names, username, password, photographs, location, and contact information of drives.

In addition, drivers and passengers may transmit information to Nauto on behalf of customers, by recording a short voice note using the Nauto device. Nauto processes the voice note on behalf of its customer to understand additional details of an incident or passenger interaction and may use the information to offer technical or emergency support to drivers on behalf of its Nauto customers.

The device may also, on customer’s behalf, collect other information about a driver’s environment and experience on the road including a vehicle’s speed, acceleration, braking, collision events, mileage, relative proximity to other vehicles, road conditions/hazards, traffic patterns/density and the details of surrounding vehicles.  

2. Other Information  

Nauto may also process the following information (collectively referred to as “Nauto Data”) in order to provide the Services to Customers:

Account creation information: Customers may create a Nauto account to make it easier to communicate with us and access the Services we provide. To create an account, customers may be asked to provide information such as a names, usernames, passwords and contact information.  

Billing and other information: Nauto or our partners acting on our behalf may collect and store payment information including a credit or debit card number, card expiration date, CVV code, billing address, and shipping address to complete transactions through our Services.

Services usage information: This is information about customers and customer personnel who are accessing and using the Services, which may include details of administrative, technical and support communications with us.

Log data: When our Customers use the Services we may collect log data such as your Internet Protocol address, the date and time of your use of the Services and cookie data.

How Does Nauto Use the Information it Collects?

1. Provide and Improve Nauto Services

Nauto may access and use Customer Data as reasonably necessary and in accordance with Customer’s instructions to provide and improve the Services. For example, Nauto may, on its customers’ behalf and in accordance with their instructions, use this information to understand and predict traffic flows, advise drivers of hazards in real time, determine the cause and consequence of individual driving behavior and events and develop composite safety scores for drivers.

Nauto may also use this information to provide technical support, to prevent or address service, security, technical issues, to improve the quality of service Nauto provides or at a customer’s request in connection with customer support matters.  

Nauto may also use Customer Data as set forth in our agreement with its customer or as expressly permitted in writing by the customer or as required by law.

2. Other Purposes

We also use information:

To understand and develop our Services: We carry out research and analyze trends to better understand how users are using the Services and improve them.  

Communicating with Customer personnel and marketing: If Customer personnel contact us with a problem or question, we will use customer personnel information to respond. We may also send customer personnel service and administrative emails and messages. We may also contact customer personnel to inform them about changes in our Services, our service offerings, and important service related notices, such as security and fraud notices. These emails and messages are considered part of the Services we are contractually obliged to provide to customers’ personnel and, apart from marketing emails, customer personnel may not opt-out of them. Where we send emails about new product features or other news about Nauto, customer personnel and other recipients can opt out of these at any time.

Billing and account management: We use account data to administer accounts and keep track of billing and payments.  This processing of Nauto Data is necessary for us to provide the Services to Customers.

Investigating fraud and abuse: We work hard to keep the Services secure and to prevent abuse and fraud.  Any processing of Nauto Data in these circumstances will be in our legitimate interests and the legitimate interests of our customers and their personnel to have their data kept secure and free from abuse and fraud.  Processing of Customer Data in these circumstances shall be on behalf of our customers.

Where the processing described in this Section 2 comprises Nauto Data processing, Nauto processes such data in accordance with its and its customers’ legitimate interests described above and because such processing is necessary for Nauto to discharge its contractual obligations.  

Use of Aggregated/De-identified data: This Policy is not intended to place any limits on what Nauto does with data that is aggregated and/or de-identified so the data is no longer associated with and can no longer be linked to an identifiable user or customer of the Services. Nauto uses aggregate or de-identified information for business purposes, including for product improvement, analytics, industry and market research, and other purposes consistent with Nauto’s business needs. Examples of aggregated or de-identified information used by Nauto include information on:

  • Road signs and traffic lights
  • Vehicle density and speeds
  • Parking spaces
  • Collision and near miss hotspots
  • Parking and stops
  • Risk scoring
  • Scenario risk, based on context (e.g. risk in a construction zone, pothole)
  • Location and labeling of objects such as vehicles and traffic signs
  • Driving paths
  • Risk events
  • Vehicle speed and change in velocity or delta-V
  • Dynamic aggregated data (e.g., traffic data, construction activity, weather, road conditions)
  • Infrastructure data (e.g., pot holes, number of lanes, lane markers, stop sign / signal locations)

 

How Does Nauto Share the Information It Collects?

Nauto may share information described in this Policy from time to time. Our customers determine their own policies for the sharing and disclosure of Customer Data. Nauto does not control how customers or their third parties choose to share or disclose Customer Data.

Nauto may share Customer Data and other information in accordance with our agreement with our customers and our customers’ instructions, including with:

Customers: Nauto may share Customer Data and other information in accordance with our agreement with customers. This means that customers, and third parties that customers designate to receive their Customer Data, can receive up-to-date information about a driver’s location, speed, driving hazards, and attentiveness, in addition to in-depth analysis of driver safety, traffic dynamics, or insurer loss data. There may be times when a user contacts Nauto to help resolve an issue specific to the Services. In order to help resolve the issue and given our relationship with our customer, we may share this concern with our customer.

Third Party Service Providers and Agents: Nauto may provide information to vendors, service providers, and other partners who help provide the Services and who, like Nauto, will use this information in accordance with instructions from Nauto’s customers either directly or through Nauto.  These partners must adhere to strict confidentiality obligations in a way that is consistent with this Policy and the agreements Nauto enters into with them.

Sharing of Aggregated/De-identified Data: We may disclose or use aggregate or de-identified information for any purpose, including for business, public interest, or research purposes. For example, we may use this information to advise other customers, including fleet owners and insurers, and Nauto drivers about driving conditions and to warn them of hazards. Nauto may also use this information to provide customers with other fleet management services, general risk analysis and traffic analysis.

Affiliates:  We may engage affiliates in our corporate group to process Customer Data in accordance with our agreement with Customers.

Legal Compliance: Nauto may share information in order to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.

Emergency Services: Nauto may contact emergency services and share Customer Data on behalf of its customers if there is an accident based on information that Nauto receives from Nauto devices. This is to protect the vital interests of drivers, passengers or members of the public.

Nauto, pursuant to its legitimate interests and those of its customers and their users, may also share Nauto Data in the circumstances described above.  Such sharing might also be required in order for Nauto to perform its contractual obligations in its customer agreements. Such Nauto Data sharing may also occur in the following circumstances:

Changes to Business Structure: In the event Nauto is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Nauto’s assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).

Fraud and Illegal Activity: Nauto may share Nauto Data to enforce our rights, prevent fraud and for safety. This is in order to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.

Security and Data Retention

Nauto takes security seriously. We take various physical, administrative, and technological steps to transmit your data securely including HTTPS, TLS/SSL protocol, AES and RSA data encryption. These steps take into account the nature of the information we collect, process and store, and the current state of technology. The Nauto cloud is supported by customer authorised third-party vendors and service providers which process and store information in compliance with this Policy and any other appropriate confidentiality and security measures.

In addition to technological security measures, Nauto places access controls on its employees, contractors, and agents.

Despite these measures, Nauto cannot guarantee that the information described in this Policy will be completely secure.

We only retain Customer Data if necessary in accordance with our agreement with the customer or as expressly permitted in writing by the customer or as required to comply with our legal obligations.   

Most data (including most Customer Data) are temporarily stored locally on the Nauto device and only select data (including only select Customer Data) is sent up into the cloud.

We only store Nauto Data for as long as is necessary for the business purposes for which the data is processed by Nauto.  This means certain account creation information and general account information along with Services usage information will typically be stored while the account remains active or for shorter periods if possible.  We may retain certain Nauto Data after an account has closed if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, prevent fraud or abuse, or enforce this Policy and our agreements with customers.  For example, certain Nauto Data such as financial and payment information may need to be stored for a number of years after payment is made in accordance with applicable tax and corporate laws. Nauto may store depersonalized data, indefinitely.

Children’s Information

The Services are not directed at children under 13 years. If you learn that a child under 13 has provided us with personal information without parental or guardian consent, please contact us.  Should our Services capture information about children (as passengers or outside the relevant vehicle), this information will only be processed on behalf of customers where it is in the vital safety interests of children or those of others or where the processing is in our customers’ legitimate interests or those of the children or the public.

International Data Transfers

If you are using the Services in the European Union or other regions outside of the United States with laws governing data collection and use that may differ from U.S. law, be advised that Nauto may transfer your information, Customer Data and Nauto Data to the United States and other countries with differing data protection laws and differing government agency data access rules.  By using the Services, you explicitly consent to that transfer.  Nauto Inc., complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.  Nauto has certified to the Department of Commerce that it adheres to the EU-U.S. Privacy Shield Framework.  If there is any conflict between the terms in this Policy and these Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Under the Privacy Shield Principles, Nauto Inc. has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Nauto complies with the Privacy Shield Principles for all onward transfers of personal information from the E.U., including the onward transfer liability provisions.

In compliance with the Privacy Shield Principles, Nauto commits to resolve complaints about our collection or use of your personal information.  European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Nauto at privacy@nauto.com.   If there is a dispute that we are unable to resolve, Nauto has committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States.  If you are unsatisfied with the resolution of your complaint, you may contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield for further information and assistance.  You may also have the ability, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by a complaint to Nauto or through JAMS.  More information related to this arbitration procedure is available at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.   Nauto is subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to its compliance with the Privacy Shield.

Data Subject Rights

If your personal data is comprised in Customer Data, then you should contact the customer in relation to any statutory rights you may have to access, rectify, erase, restrict or object to customer’s processing of your data.

If your personal data is comprised in Nauto Data, then you may have rights to rectify, erase, restrict and object to Nauto processing your personal data.  Please use the contact details set out below to contact Nauto Global Limited should you wish to exercise these rights.  You can also access your personal information comprised in the Nauto Data by sending us a request at privacy@nauto.com.  After we verify your identity, we will provide you with a copy of this personal information.If you are based in the European Union, without prejudice to any other rights you may have, you also have the right to file a complaint against Nauto Global Limited with your lead supervisory authority, and also with the Irish Data Protection Commissioner, which is our Lead Supervisory Authority by contacting them at info@dataprotection.ie.

Changes to This Privacy Policy

We may revise this Policy from time to time. We will provide notice of any changes on this page, and  if the changes are significant, we will provide a more prominent notice, for example by contacting our customers. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Policy.

Click here for the privacy policy in effect prior to June 5, 2018.

Contact Us

If you have any questions about Nauto’s Policy or practices and if you are based in the European Union, please contact Nauto Global Limited at privacy@nauto.com or at the address below:  

Nauto Global Ltd
Bank of Ireland Workbench
39 St Stephen’s Green
Dublin 2, D02 HF62, Ireland

Nauto Global Limited will be the data controller of Nauto Data in relation to its customers in the European Union.

If you have any questions about Nauto’s Policy or practices and if you are based outside the European Union, please contact Nauto Inc. at privacy@nauto.com or at the address below:  

220 Portage Ave
Palo Alto, CA 94306