EROAD DATA USE AND PRIVACY ACT STATEMENT
Last Update Date: 21 June 2016
1.0 EROAD PRINCIPLE
EROAD cares about keeping data safe. This policy explains how and why EROAD collects data about its customers and users, what it uses the data for, who it shares it with and customers’ and users’ rights to access the data.
The EROAD Solution helps EROAD Customers with tax management, regulatory compliance and commercial services for commercial vehicles. In order to provide the EROAD Solution, EROAD Limited and its subsidiaries (collectively “EROAD”) must collect data about its Customers’ businesses and those who drive their vehicles in which EROAD Devices are installed (“Drivers”).
EROAD collects data via the EROAD Solution from:
- customers who have entered into a customer contract with EROAD (“Customers”) and their businesses through use of the various features of the EROAD Solution;
- individuals designated by Customers who use features of the EROAD Solution, including business administrative users and fleet managers (“Business Admin Users”) and
- Drivers. EROAD also collects data from individual Drivers who are not affiliated with EROAD Customers, but who install and use Devices or use EROAD Mobile in an individual capacity and for a Customer. This data includes personally identifiable information (“PII”) about those Business Admin Users and Drivers.
EROAD takes customers’ and users’ data and privacy seriously. EROAD also believes that strong Customer relationships are built on trust and that Customers should be in control of how to use the data that EROAD collects or obtains via the EROAD Solution. With this in mind, EROAD is committed to the following Privacy Principles:
- EROAD will keep its Customers informed about the data that it collects or obtains through Customers’ use of the EROAD Solution and how EROAD uses this data and with whom it is shared.
- Customers decide how they use their data. EROAD will only use it for the purposes for which it is collected or obtained by EROAD.
This Data Use and Privacy Statement describes EROAD’s data collection and use practices. It does not apply to any third-party websites, services or applications, even if they are accessible through the EROAD Solution.
2.0 REVISIONS TO THIS DATA USE AND PRIVACY STATEMENT
Any data that is collected via the features of the EROAD Solution is covered by the Data Use and Privacy Statement in effect at the time such data is collected. EROAD may revise this Data Use and Privacy Statement from time to time. If EROAD makes any material changes to this Data Use and Privacy Statement, EROAD will provide notification of those changes by posting them on the EROAD website, Devices, EROAD Mobile or by other methods, and EROAD will update the “Last Updated Date” above to indicate when those changes will become effective.
3.0 THE EROAD SOLUTION
The “EROAD Solution” is comprised of the following:
- “Devices” are secure GPS electronic distance recorders units which can be installed in vehicles.
- “EROAD Mobile” is EROAD’s mobile device data collecting and tracking solution available via EROAD’s mobile app (including for vehicle inspection and hours of service).
- “Depot” is an online platform available via secure websites including depot.eroad.com, depot.eroad.co.nz and depot.eroad.com.au via which data received from Devices is processed by EROAD’s application server and made available to Business Admin Users and Drivers to be viewed, saved and exported or downloaded.
- “Payment Gateway” means EROAD’s bank-grade payment gateway which enables Customers to file and pay their road taxes and regulatory charges (including road user charges, weight-mile tax and IFTA obligations).
- Interfaces with transport agencies (including the Oregon Department of Transport and New Zealand’s Transport Agency) to retrieve and maintain motor carrier records.
This Data Use and Privacy Statement also describes the data EROAD collects via its corporate website located at eroad.com/us, eroad.co.nz, eroad.com.au and eroadglobal.com.
4.0 HOW AND WHY DOES EROAD COLLECT, OBTAIN AND/OR USE DATA?
EROAD’s Devices are connected to Depot. Consequently, on behalf of its Customers, EROAD tracks and collects and/or obtains data continuously from the Devices installed in vehicles. This data includes vehicle speed, location of vehicle, distances travelled, direction of vehicle movement, ignition on/off, harsh acceleration, braking or lateral movements, vehicle registration plate number, serial number of the tracking device, vehicle weight type, refuelling of vehicle, vehicle registration data, data about the behaviour of the Drivers of the vehicles, including hours of service, Drivers’ license information data, Drivers’ employer identification information data, and certain Driver medical and health information.
Subject to this Data Use and Privacy Statement, Customer decides the purposes for which this data is subsequently used and who will have access to the data. If someone other than a Driver is using a Customer’s vehicle, Customer is responsible for informing those individuals about the data that is collected from the vehicle via the Devices and that Customer and EROAD have access to this data.
The Devices and EROAD Mobile automatically upload the data collected or obtained via the Devices and EROAD Mobile to Depot, where is it stored on behalf of EROAD’s Customers. Business Admin Users can log into Depot via their EROAD accounts (and Drivers if they have EROAD accounts), to access and view data that is collected by the Devices and EROAD Mobile. Upon creation of these accounts, EROAD will collect certain PII about the Business Admin Users and Drivers, such as names, email addresses, telephone numbers and, for Drivers, driver license and medical card details. EROAD will use this PII to (i) provide the EROAD Solution to these Business Admin Users, Drivers and Customers and to contact them in connection with their use of the EROAD Solution, (ii) contact these Business Admin Users and Drivers and Customers about the EROAD Solution, (iii) occasionally send data related to the EROAD Solution or related EROAD products/services to 0these Business Admin Users and Drivers and Customers, (iv) provide customer support requested by Customer, Business Admin Users or Drivers, or (v) make Customer, Business Admin Users and Drivers aware of updates to the EROAD Solution (the Collection Purposes). EROAD recommends that Customers, Business Admin Users and Drivers keep their account details confidential and use a password that they do not use elsewhere.
4.3 EROAD MOBILE
EROAD collects PII and other data from Business Admin Users and Drivers who use EROAD Mobile. Such data includes PII and other data about the Drivers’ use of the Devices and Customers’ vehicles – for example Drivers can log number of driving hours, breaks, rest stops and other driving related activity via EROAD Mobile. EROAD collects certain data that mobile devices send when Business Admin Users and Drivers use EROAD Mobile, like a device identifier, user settings and the operating system of the device, as well as data about use of EROAD Mobile. EROAD also collects and stores data about the location of the Business Admin Users and Drivers using EROAD Mobile by accessing the applicable mobile device’s GPS coordinates or coarse location on the mobile device. EROAD will use the PII collected from EROAD Mobile for the Collection Purposes outlined above.
4.4 Payment Gateway
Customers can pay road tax and other regulatory charges via the EROAD Payment Gateway feature. EROAD will collect financial data from the Customer or Business Admin Users in order to process such payments, together with the payment details.
4.5 EROAD Website
EROAD collects data from visitors to its website described below under the section entitled “Data Collected Using Cookies and other Web Technologies”. In addition, EROAD may collect some PII from such visitors in order to respond to visitor’s requests, for example, to respond to enquiries about the EROAD Solution.
4.6 BUSINESS INTERACTIONS
When Customers and Business Admin Users contact Customer’s EROAD account manager or Customer support teams, or acquire additional services from EROAD, EROAD will collect and use data about Customer’s business. In addition, Customers may be invited to participate in surveys, which will prompt collection of information about Customers’ businesses. EROAD also uses information about Customers and Drivers to offer promotions or information about EROAD products and services which may be of interest to the Customers and Drivers.
4.7 DATA COLLECTED USING COOKIES AND OTHER WEB TECHNOLOGIES
Like many website and mobile application operators, EROAD uses automated data collection tools such as Cookies and Web Beacons to collect certain data.
- Web Beacons
“Web Beacons” (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that EROAD includes on the EROAD websites, Depot and the Payment Gateway for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of those features, and to monitor how many visitors use those features.
- Log Data
EROAD servers automatically record certain data about how users use the EROAD Solution (EROAD refers to this data as “Log Data”), including Business Admin Users, Drivers and other non-registered users (either, a “User”). Log Data may include data such as a User’s Internet Protocol (IP) address, browser type, operating system, the web page that a User was visiting before accessing a feature of the EROAD Solution, the pages or features of the EROAD Solution to which a User browsed and the time spent on those pages or features, search terms, the links on features of the EROAD Solution that a User clicked on and other statistics. EROAD uses Log Data to administer the EROAD Solution and analyses (and may engage third parties to analyse) Log Data to improve, customize and enhance the features of the EROAD Solution by expanding their features and functionality and tailoring them to Users’ needs and preferences. EROAD may use a person’s IP address to generate aggregate, non-identifying information data about how features of the EROAD Solution are used.
- EROAD uses the following third-party data analytics platforms and services to improve the EROAD Solution in a variety of ways:
- EROAD also uses Google Analytics to help it understand how Customers and Drivers and other users use and interact with the EROAD Solution. You can read about how Google uses any data that it collects here – www.google.com/policies/privacy/partners/. If you prefer to not have data reported by Google Analytics, you can install the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout.
5.0 USE OF THE DATA
5.1 CONSENT FROM USERS
Customer understands that Customer must obtain all applicable permissions from Business Admin Users and Drivers to allow EROAD to obtain, collect and/or use the data, including PII, described in this Data Use and Privacy Statement and that Customer must take reasonable steps to ensure that the Business Admin Users and Drivers are aware of, and have consented to, such obtaining, collection or use of, PII by, EROAD.
5.2 CUSTOMER’S USE OF DATA
Customer can access data on Depot (including PII about Customer’s Drivers) and use it for the following purposes:
- Payment of road taxes and regulatory charges for vehicles
- Scheduling and monitoring servicing and registrations for vehicles
- Monitoring fuel usage and efficiency for vehicles
- Monitoring vehicles to ensure they are being used in a safe and lawful manner
- Monitoring the location of vehicles and the distance and location that the vehicle has travelled to or from
- To assist in verifying complaints from the public about vehicles
6.0 DATA THAT EROAD SHARES WITH THIRD PARTIES
EROAD will not share any data and PII that EROAD has collected or obtains via the EROAD Solution except as described below:
6.1 DATA SHARED WITH CUSTOMERS
All data and PII collected or obtained by EROAD relating to Business Admin Users and Drivers will be available to the applicable Customer via Depot.
6.2 DATA SHARED WITH EROAD’S SERVICE PROVIDERS
EROAD may engage third-party services providers to work with EROAD to administer and provide the EROAD Solution, such as service providers to assist with processing credit card payments. These third-party services providers have access to the data and PII only for the purpose of performing services on EROAD’s behalf.
6.3 DATA SHARED WITH REGULATORY AUTHORITIES
EROAD may obtain carrier, vehicle, and transportation permit information from, and file reports with, the regulatory authorities, on behalf of Customers in order for the Devices to operate and for the Devices to calculate and pay road taxes and regulatory charges and consequently EROAD will provide applicable Customer data to the regulatory authorities. Drivers and Customers may request that EROAD provides, on the Driver’s or Customer’s behalf, hours of service or vehicle compliance information to regulatory authorities. EROAD may also provide, on request by regulatory authorities, data that is publically available or publically displayed on vehicles including the distance licences, the distance travelled by a vehicle, the distance purchased for a distance license, vehicle type, weight permits and registration number.
6.4 DATA SHARED WITH OTHER THIRD PARTIES
EROAD may use and share aggregated data and non-identifying data with third parties for industry research and analysis, demographic profiling and other similar purposes. EROAD may receive consideration from third parties in exchange for sharing such aggregated and non-identifying data with third parties.
6.5 DATA DISCLOSED IN CONNECTION WITH BUSINESS TRANSACTIONS
Data that EROAD collects or obtains via the EROAD Solution is considered to be a business asset. If EROAD is acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale or if EROAD’s assets are acquired by a third party in the event EROAD goes out of business or enters bankruptcy, some or all of EROAD’s assets, including data and PII, may be disclosed or transferred to a third party acquirer in connection with the transaction.
6.6 DATA DISCLOSED FOR EROAD’S PROTECTION AND THE PROTECTION OF OTHERS
To comply with the law, EROAD may disclose any data it collects or obtains via the EROAD Solution to government (including regulatory authorities) or law enforcement officials or private parties as EROAD, in its sole discretion, believes necessary or appropriate: (i) to respond to claims, pursuant to legal process (including subpoenas, summons, discovery or disclosure orders or compulsory production orders); (ii) to protect EROAD’s property, rights and safety and the property, rights and safety of a third party or the public in general; and (iii) to stop any activity that EROAD considers illegal, unethical or legally actionable activity.
7.0 CONSEQUENCES IF PERSONAL INFORMATION IS NOT PROVIDED
Business Admin Users or Drivers are not required to provide PII to EROAD. However, if Business Admin Users or Drivers, chose not to supply PII, EROAD may be unable to provide the Customer with the EROAD Solution, Devices or Mobile App.
8.0 RIGHT TO ACCESS DATA
If Business Admin Users or Drivers believe that EROAD holds PII about them is incorrect, incomplete or inaccurate, then they have the right to request EROAD to amend it. EROAD will consider if the PII requires amendment. If EROAD does not agree that there are grounds for amendment then EROAD will add a note to the PII stating that the Business Admin Users or Driver concerned disagree with it, or otherwise the action it deems appropriate.
9.0 RESPONDING TO DO NOT TRACK SIGNALS
The EROAD website does not have the capability to respond to “Do Not Track” signals received from various web browsers.
10.0 DATA SECURITY AND STORAGE
We regularly conduct independent security testing and our policies and procedures are aligned to internationally accepted control objectives and practices for privacy, security and information systems. EROAD encrypts PII using SSL or other technologies. Please be aware, however, that no method of transmitting data over the Internet or storing data is completely secure. Accordingly, EROAD cannot guarantee the absolute security of any data.
The data described in this Data Use and Privacy Statement, including PII, may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If Business Admin Users and Drivers are located outside the United States, their PII may be transferred to the United States and processed there.
EROAD stores all data collected from New Zealand and Australian Customers and Drivers on servers located in Australia.
11.0 LINKS TO OTHER SITES
Please contact EROAD’s Privacy Officer at firstname.lastname@example.org if you have any questions about this Data Use and Privacy Statement.
EROAD Limited’s registered office is located at 260 Oteha Valley Rd, Albany, Auckland, New Zealand 0632. EROAD Inc is located at 7618 SW Mohawk St, Tualatin, Oregon, United States 97062.