Where the EU General Data Protection Regulation 2016/679 (“GDPR”) applies to the processing of your personal data, especially when you access our websites from a country in the European Economic Area (“EEA”), you have the rights described herein.
At Activcargo, , we may collect and use information that could identify an individual, in relation to your purchase or use of our mobile devices or use of our websites . The protection of your personal data is very important to us, and we understand our responsibilities to handle your personal data with care, to keep it secure and to comply with legal requirements.
We may make changes to this Policy from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. We will notify you about significant changes by prominently posting a notice on our websitehttps://www.activcargo.com. We encourage you to regularly check and review this policy so that you will always know what information we collect, how we use it, and who we share it with.
This Policy was updated on October 19, 2018.
1. WHO is responsible for looking after your personal data? Activcargo is a London based company.
Activcargo is a London based company. As Activcargo is the company that was originally responsible for collecting information about you, it will be the data controller. You should be aware that although Activcargo may be principally responsible for looking after your personal data, information may be held in databases which can be accessed by other Activcargo group companies.
2. WHAT personal data do we collect?
Personal data we collect includes:
• Contact details that you provide directly to us, such as your name, telephone number, email address;
• Your marketing preferences including interests, marketing list assignments, record of permissions or marketing objections, website data;
• Device data and log information including unique device identifiers (such as IMEI number and CU reference number); and
For more information on the data we collect, please read Appendix 1 of the Policy.
3. WHEN do we collect your personal data?
We will collect information from you directly when you use your device, when you upgrade your device, when you knowingly choose to provide us with your personal data and contact details, when you sign up for marketing materials, or where you contact us with questions, complaints or suggestions or provide us with any feedback.
We may collect information about you indirectly from other sources and combine that with information we collect through our services where this is necessary to help manage our relationship with you. These other sources may include third party software applications and social media platforms such as Facebook, Google + and Twitter.
We will not knowingly collect any personal data about children under 13 without making it clear that such information should only be provided with parental consent, if this is required by applicable laws. Activcargo will only use the personal data of children as far as is permitted by law where the required parental or guardian consent has been obtained.
4. What PURPOSES do we USE your personal data for?
We use your personal data to:
• Keep you posted regarding software updates, technical updates, security alerts and support, and administrative messages;
• Help us create, provide, develop, operate, deliver, maintain and improve our products, services, content, advertising and continually improve users’ experiences;
• Assess customer satisfaction and link with information we obtain from others to help understand your needs and provide you with an improved user experience;
• Respond to your comments, feedback, enquiries, , provide customer service and support, and fulfil your requests;
• Assist with identification of users, and to determine appropriate services;
• Monitor, evaluate and analyse trends, data, and activities in connection with our products and services;
• Facilitate internal purposes such as auditing, data analysis, and research to improve our products services, user experience and customer communications;
• Send you marketing materials, news and information which we think will be of interest to you such as our latest product announcements and upcoming events (where we have obtained your consent, or are otherwise permitted by law to do so), this process may include profiling; and
• Use your personal data for purposes associated with our legal and regulatory obligations.
We have to establish legal grounds to use your personal data, so we will make sure that we only use your personal data for the purposes set out in this Section 4 and in Appendix 1 where we are satisfied that:
• Our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (e.g. to fulfil obligations under the contract signed between you and us), or
• Our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we are subject to, or
• Our use of your personal data is necessary to support 'legitimate interests' that we have as a business (for example, to improve our products, or to carry out analytics across our datasets), provided it is always carried out in a way that is proportionate, and that respects your privacy rights.
5. Who do we SHARE your personal data with?
We may share your data with third parties, to help manage our business and deliver services. These third parties may, from time to time need to have access to your personal data. These third parties may include:
• Our regulators and law enforcement agencies in the E.U. and around the world;
• Other third parties, for the purposes of detecting, preventing or otherwise addressing fraud, security or
technical issues, protecting against harm to the rights, property or safety of our users or the public;
• Solicitors and other professional services firms (including our auditors).
Also, if we were to sell part of our businesses we would need to transfer your personal data to the purchaser.
6. Will I receive DIRECT MARKETING communications?
We may use your personal data that you provide directly to us to send you direct marketing communications about our products and services or our related services (including our latest product announcements and upcoming events) when you sign up to receive such communications from us. This may be in the form of email, post, SMS, telephone or targeted online advertisements. We limit direct marketing to a reasonable and proportionate level, and to send you communications which we think will be interesting and relevant to you, based on the information we have about you.
For the purposes of GDPR our processing of your personal data for direct marketing purposes is based on our legitimate interests as further detailed in Appendix 1, but where opt-in consent is required by the relevant European laws such as the Privacy Laws, we may ask you for your consent. You have a right to stop receiving direct marketing at any time. You can do this by following the opt-out links in electronic communications or by contacting us by email.
7. International Transfers
We may transfer your personal data to ourselves in the United Kingdom or service providers that are located outside of Europe. We may also share your personal data overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body. We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests. Wewill only transfer your personal data to countries which are recognised as providing an adequate level of legal protection; and transfers to Activcargo in the United Kingdom service providers and other third parties will always be protected by contractual commitments for additional security. For example, the EU - US Privacy Shield for the protection of personal data transferred to the UK.
You have the right to ask us for more information about the safeguards we have put in place as mentioned above. Contact us (see Section 10 for details) if you would like further information or to request a copy of where the safeguard is documented (which may be redacted to ensure confidentiality).
8. HOW LONG do we keep your personal data?
We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 4 of this Policy. In some circumstances we may retain your personal data for longer periods of time, for example where we are required to do so to meet legal, regulatory, tax or accounting requirements.
In specific circumstances, we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your personal data or dealings. We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.
9. What are your RIGHTS?
You have a number of rights in relation to your personal data. In summary, you may request access to your data, rectification of any mistakes in our files, erasure of records where no longer required, restriction on the processing of your data, objection to the processing of your data, data portability and various information in relation to any automated decision-making and profiling or the basis for international transfers. You also have the right to complain to your supervisory authority (further details of which are set out in Section 11 below).
Access You can ask us to:
• confirm whether we are processing your personal data;
• give you a copy of that data;
• provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out automated decision-making or profiling, to the extent that information has not already been provided to you in this Policy.
You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.
You can ask us to erase your personal data, but only where:
• it is no longer needed for the purposes for which it was collected; or
• you have withdrawn your consent (where the data processing was based on consent); or
• following a successful right to object (see 'objection' below); or
• it has been processed unlawfully; or
• to comply with a legal obligation which Activcargo is subject to.
We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances where we would deny that request.
You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
• the accuracy of personal data is contested (see 'rectification' below), to allow us to verify its accuracy; or
• the processing is unlawful, but you do not want it erased; or
• it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
• you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal data following a request for restriction, where:
• we have your consent; or
• to establish, exercise or defend legal claims; or
• to protect the rights of another natural or legal person.
You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it 'ported' directly to another data controller, but in each case only where the processing is based on your consent or the performance of a contract with you; and the processing is carried out by automated means.
You can object to any processing of your personal data which has our 'legitimate interests' as its legal basis (see Appendix 1 for further details), if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights.
To exercise your rights, you may contact us as set out in Section 11. PLEASE NOTE the following if you do wish to exercise these rights:
• Identity. We take the confidentiality of all records containing personal data seriously and reserve the right to ask you for proof of your identity if you make a request.
• Fees. We will not ask for a fee to exercise any of your rights in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.
• Timescales. We aim to respond to any valid requests within one month unless it is particularly complicated, or you have made several requests, in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can help by telling us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.
• Exemptions. Local laws may provide additional exemptions, e.g. in the UK, where it is subject to legal privilege, the right of access to personal data can be withheld from you in certain circumstances.
• Third Party Rights. We do not have to comply with a request where it would adversely affect the rights and freedoms of other Data Subjects.
10. How we PROTECT your personal data?
We endeavour to protect us and you from unauthorised access to or unauthorised alteration, disclosure or destruction of personal data that we hold.
• We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems;
• We use encryption where appropriate;
• We use password protection where appropriate; and
• We restrict access to personal data to our employees, contractors and agents who need access to the relevant personal data to process it for us and who are subject to strict contractual confidentiality obligations.
You are responsible for the personal data that you choose to share, disclose or submit voluntarily while using our website or devices and which can be viewed by members of third-party applications or sites such as chat applications or messengers.
11. Contact and complaints
The primary point of contact for all issues arising from this Policy, including requests to exercise data subject rights, is our data protection officer. In order to facilitate your enquiries, requests or complaint, please contact our data protection officer at firstname.lastname@example.org
If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time. We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
APPENDIX 1 - LEGAL BASIS FOR PROCESSING ACTIVITY
Type of information collected and the basis on which we use information:
• Contact details and basic user information
• Device data and log information
• Legitimate interest (to improve product and customer service experience, to ensure quality and functions of products, to assess customer satisfaction and to handle requests from customers) Synchronising data
• Marketing preference, profiling and generating reports
• Cookies and tracking data
• Explicit consent (for the collection and processing of special categories of data: to provide users with certain products and services in relation to health and lifestyle)
• Consent (for the collection and processing of personal data for direct marketing purposes) System upgrades, bug fixing and sending notifications (e.g. software updates, technical updates, security alerts and support and administrative messages)
• System upgrades, bug fixing and sending notifications (e.g. software updates, technical updates, security alerts and support and administrative messages)
Product analysis, development, improvement and testing
Sale or reorganisation of our business
Monitor and detect fraud
• Anti-fraud data
• Legal obligation for detecting, preventing, or otherwise addressing fraud, security or technical issues and protecting users or public against harm