Driver Privacy Policy

Trakm8 is committed to respecting and protecting your privacy

Introduction

This Privacy Notice explains what information Trakm8 collects and processes as part of our telematics service provision.

The telematics service may be arranged by you directly or more typically will be arranged by your employer, insurance provider, vehicle leasing company or similar organisation. The organisation arranging the telematics services is referred to as the Contracting Entity throughout this policy document.

This Privacy Notice only covers the processing performed by Trakm8 and its processors; it does NOT cover any additional processing that is undertaken by the Contracting Entity once the telematics data has been provided to them.

It is therefore important that you also read the Privacy Notice provided by the Contracting Entity in order to obtain a full understanding of the processing activities being undertaken.

Any phrases or wording that uses capital letters (for example “Telematics Device”) are defined in the Definitions section at the end of this notice.

Who we are

In this privacy notice, the terms “Trakm8”, “we”, “us”, “our” refers to Trakm8 Limited (company number 04415597) who may be acting both as a Controller in relation to the data we collect or hold about you and/or as a Processor.

Trakm8’s registered office is at 4 Roman Park, Roman Way, Coleshill, West Midlands, B46 1HG.

Trakm8 Controller / Processor status

Depending on the specific contractual agreement in place, Trakm8 may operate as either a Controller and/or a Processor under Data Protection Legislation.

The Contracting Entity will always be a Controller under Data Protection Legislation.

Revisions to this Driver Privacy Policy

As our products and services develop, there may need to be revisions to this Privacy Policy. You should refer back to this website (https://www.trakm8.com/driver-privacy-policy) from time to time to view the latest Driver Privacy Policy.

How and when we obtain your Personal Information

Trakm8 may obtain your Personal Information directly from yourself or the Contracting Entity, from our Telematics Devices, and via our web-based portals and Apps.

It is important that you are aware that, once a Telematics Device is installed in your vehicle, data will be collected every time you use your vehicle.

It is also important that you ensure any other person allowed to drive or use the vehicle (referred to as Nominated Driver or Associated Person) is informed that a Telematics Device is present in the vehicle and that data will be collected.

Nominated Drivers or Associated Persons should be advised of this policy and should be provided with a copy or information on how they may access and read this notice.

Initial Registration for Service

When you or the Contracting Entity registers you for our telematics service, we will typically collect such Personal Information as may be required to set up and deliver that service.

This will typically be a basic level of information such as:

Driver(s) name
Contact details (telephone, email, address)
Vehicle registration(s)
Vehicle make, model and year
Proof of identity

In addition, we may collect information relating to the Contracting Entity which may include such Personal Information as:

Contracting Entity name
Contracting Entity address
Contracting Entity billing information such as billing address, bank account and sort code
Administrator details (name, contact details etc.)
Driver details (name, contact details, allocated vehicle etc.)
Insurance policy number

Note that this information may be collected directly from the Drivers or may be provided to Trakm8 by the Contracting Entity.

Installation of Telematics Devices

Where the Telematics Device requires professional installation, we will collect Personal Information from yourself or the Contracting Entity to allow for the installation to take place.

This information may include such items as:

Contact Name and Details (telephone number, email, address etc.)
Vehicle Registration
Installation site or address

We typically share this information with our Installation Partners so they are able to install the device in an efficient and effective manner.

A full list of our Installation Partners may be located on our website: Trakm8 Installation Partners

Use of Telematics Device

Once the Telematics Device has been installed and activated, it will record and analyse data relating to the vehicle to which it has been fitted. It is important that you are aware that, once a Telematics Device is installed in your vehicle, data will be collected every time you use your vehicle.

The data collected by the Telematics Device will depend on the services being supplied and the type of device that has been fitted but may include:

Dashcam Data
- Image Data
- Audio Data
- GPS positions
Telematics Data consisting of:
- Journey data
  - GPS Location (Journey start / journey end positions / GPS waypoints)
  - Speed
  - Date
  - Time
  - Acceleration/deceleration rates
  - Cornering data
- Diagnostic Data
  - On Board Diagnostic Data –all raw, unprocessed data available at a Vehicle or plant’s J1962 diagnostic socket (as specified under the European On-Board Diagnostic standards)
  - Diagnostic Data – refined data which is derived from the On-Board Diagnostic Data
FNOL Data – first notification of loss whereby an alert is generated following a suspected crash event and the relevant Dashcam and/or Telematics Data is preserved for later use
Driver Profile Data – the scoring output from the Trakm8’s driver profiling algorithm based on Telematics Data and defined system thresholds.

This information is processed and stored on Trakm8 servers and both live and historic data may be passed on to the Contracting Entity, depending on the extent of the Services we are providing to them.

Please refer to the Contracting Entity’s Privacy Policy for details of what information the Contracting Entity receives and how they use that information.

When you use one of the Trakm8 APPs

When you access the App via a mobile device, we will process data about your device as well as your device location and settings.

Device location is required for the ‘Find my Car’ function – location data processed for this purpose is used locally by the App and is not transferred from the device.

Device location is also required to support the Incident Reporting function and to assist in Bluetooth and/or Wi-Fi connectivity.

Granting permission to use Location Data is necessary for the Apps to operate correctly.

We may also collect Personal Information that you enter into the App such as the type of journey (e.g. Business or Private) or when you amend Vehicle details. This information will be passed on to the Contracting Entity as part of the Services we are providing to them.

Please refer to the Contracting Entity’s Privacy Policy for details of what information the Contracting Entity receives and how they use that information.

Use of Route Optimisation

When you use our Optimisation services, we will collect relevant information to allow an optimised route to be calculated. The exact information to be processed will be agreed with you or the Contracting Entity but may include information such as:

Driver Data (allocated Vehicle, start/finish times, working hours etc.)
Vehicle Data (registration, make, model, capacity, weight limits etc.)
Delivery or Order Data (order number, delivery address, planned dates/times, weights/size of delivery etc.)
Depot Data (depot name, location, opening hours etc.)

We will use this information to calculate optimised routes based on the size and capabilities of your fleet and to help ensure that vehicles & drivers across the complete operation are utilised to make delivery or service schedules as efficient as possible

If you also utilise our Electronic Point of Delivery (EPOD) services, we may also collect:

Customer signature
Proof of delivery photos

What data do we collect when you use our Support Services?

Where you contact our Customer and Technical Support teams for any reason, we will collect such information as may be required to deal with and respond to your enquiries.

This information may include such items as:

Driver Name(s)
Administrator Name and Details (e.g. telephone number, email)
Organisation Name and Details (name, address etc.)
Vehicle Registration(s)
Details of the Support enquiry

Where you contact us using our Out of Hours support service, we will share this data with our Contact Centre Service Partners.

How and why we use your Personal Information

We use your Personal Information for the following purposes:

For account set-up and administration, billing and payments
For device installation(s) / de-installation(s) / Service Calls
For performing our contract(s) and delivering the service(s)
For essential communications such as password resets and service notifications
For providing technical and customer support
For internal R&D to enhance our products and services.
For marketing – unless you or the Contracting Entity has asked us not to do so

Note, that Trakm8 may aggregate and anonymise location and/or driving behaviour for statistical or business purposes. All aggregated and anonymised Data is the property of the Trakm8 where it does not constitute Personal Data.

Essential Communications

From time to time, we will need to send Essential communications relating to our service. These will be delivered to registered users either via email or SMS using the email address or mobile contact details that you or the Contracting Entity provided as part of the initial registration.

Essential communications might include reminders to install your device, password resets, service notifications of planned maintenance or reminders to return your device once the service is terminated.

It is not possible to opt-out of these communications as they are essential to the service being offered.

Those users nominated as Administrators will also receive additional emails intended to assist in ensuring that the system is correctly set up and configured.

Profiling – Driver Behaviour Profiles / Scores

Trakm8 systems allow Driver Behaviour to be analysed and scores to be generated based on recorded Telematics Data and other publicly available data such as speed limits. The calculation of Driver Behaviour Scores may be a form of profiling under Data Protection legislation.

Driver Behaviour Scores are calculated using a combination of recorded Telematics Device data, speed limit or similar data and system thresholds that may be defined within our systems by the Contracting Entity. These thresholds typically relate to legal speed limits (speeding events), acceleration rates (harsh acceleration events), deceleration rates (harsh breaking events) or other driving behaviours (such as harsh cornering).

Trakm8 does not use the Driver Behaviour Scores for any form of automated decision making.

Where contracted, calculated Driver Behaviour Scores will be passed directly from Trakm8 to the Contracting Entity for their subsequent processing and use, depending on the Services provided to the Contracting Entity.

Trakm8 does not control or define the use of Driver Behaviour Score Data by the Contracting Entity and you should contact the Contracting Entity directly for further information on their use of this Data.

Enquiries relating to Driver Behaviours Scores and whether and how it is used by the Contracting Entity should be directed to the Contracting Entity in the first instance.

Lawful Basis

Trakm8 and its partners will collect, process and use personal data collected by the Telematics Device and will pass this information to the Contracting Entity on the basis of its Legitimate Interests in order to provide the Service.

Trakm8’s Legitimate Interests are:

to run, grow and develop our business;
to administer our contracts with our customers;
to make and receive payments
to provide goods and services to our customers;
to provide support for our goods and services;
marketing, market research and business development.

Please note that the Contracting Entity will have determined their own, separate lawful basis for their collection, processing and use of Personal Information and the subsequent collection, processing and use of the Personal Information provided by Trakm8.

Enquiries relating to the Contracting Entity’s lawful basis for processing Personal Information should be directed to the relevant individual within the Contracting Entity’s organisation responsible for data protection and/or fleet related matters.

Retention Period

Typically, Trakm8’s retention periods for Telematics Data are determined by reference to Trakm8’s own retention policies or otherwise defined by the Contracting Entity as part of the contractual agreement in order to reflect the Contracting Entity’s legal and organisational requirements.

Enquiries relating to the retention of data should be directed to the relevant individual within the Contracting Entity’s organisation responsible for data protection and/or fleet related matters in the first instance.

The length of time Trakm8 retains Personal Information will depend on the purposes for which it collects and uses it, or as required to comply with applicable laws, or to establish, exercise or defend our legal rights. However, Trakm8 only keeps your Personal Information for as long as is necessary for the purposes for which the Personal Information is used, processed or required.

Trakm8 may retain Personal Information for a longer period where it deems it necessary to reflect its own legal and organisational requirements. For example, Trakm8 may need to retain elements of your Personal Information for 7 years in case of any investigation by the tax authorities.

Further information on retention periods for specific items of information can be obtained by contacting the Contracting Entity or Trakm8’s Data Protection Officer.

Other parties who may receive or have access to your Personal Information

Contracting Entity

We will share your Personal Information with the Contracting Entity in order to fulfil our contractual agreements with them.

Amazon Web Services EMEA SARL / Amazon Web Services Inc. (AWS)

Trakm8’s systems are hosted on AWS infrastructure within the UK / EEA.

Standard Contractual Clauses will apply to personal data that is transferred via the Services from the UK to AWS in the US.

For more information please refer to: https://aws.amazon.com/privacy/

Esendex

We may use Esendex to send SMS service messages to specific individuals, including messages relating to the fitment or installation of the telematics device and messages relating to the return of devices at the end of the service period.

We share your mobile number with Esendex along with the content of the SMS so that they are able to deliver the message on behalf of the Contracting Entity.

This information is also shared with the mobile network operators, again to allow them to deliver the message on behalf of the Contracting Entity.

Esendex will provide Trakm8 will information relating to the delivery status of each message.

For more information please refer to: https://www.esendex.co.uk/information-security-statement/

Salesforce.com Inc.

We use a CRM system provided by Salesforce for processing installation and support related information. We also use a Salesforce supplied ‘chat’ application on our websites.

These services are hosted from within the UK / EEA

Standard Contractual Clauses and Saleforce’s Binding Corporate Rules will apply to personal data that is transferred via the Services from the UK to Salesforce in the US.

For more information please refer to: https://www.salesforce.com/company/privacy/

SendGrid (Twilio)

We use SendGrid for sending service related emails necessary for the set-up and operation of our services. We may also use SendGrid for sending marketing related emails.

We provide your name, email address and the email content and SendGrid sends the email to you on our behalf.

The information may be stored on SendGrid servers based in the US.

In addition to simply sending e-mail, SendGrid provides different analysis options to inform us of whether, when and where the distributed emails are opened, used or rejected. To achieve this, SendGrid uses cookies and similar technologies.

The UK International Data Transfer Agreement and/or Standard Contractual Clauses will apply to personal data that is transferred via the Services from the UK to SendGrid in the US.

For more information, please refer to: https://www.twilio.com/legal/privacy

Installation Partners

We may also share your Personal Information with our installation partners in order to deliver and support our goods and services.

A full list of current installation partners can be found here: Trakm8 Installation Partners

‘Out of Hours’ Support Service Provider

Where you contact us for support outside of core hours, our Out of Hours service provider will collect data relating to your enquiry and will pass that data to Trakm8.

Where necessary, our Out of Hours service provider is able to escalate issues to Trakm8 outside of working hours.

Google Maps

For the visual presentation of geographic information, we use Google Maps API, a service provided by Google Inc. in accordance with Google’s privacy policy.

By using these maps you agree to be bound by the Google Maps/Google Earth additional terms of service.

Each time the components of Google Maps are used, Google places a cookie in order to process the user’s settings and the user’s Data while the user uses the website or application into which the Google Maps service has been integrated.

The information generated through Google Maps API is generally transferred to a Google server in the USA and stored there. Google may transmit the Data obtained through the use of Google Maps to third parties if they process this Data on behalf of Google or in cases in which it is legally permitted or prescribed. The IP address provided by your browser as part of Google Maps usage will not be merged with other Google Data.

Nevertheless, it is technically possible that Google could process the Data received for other purposes or could identify individual users without Trakm8 having or being able to exert any influence over this.

For more information on the terms and conditions for Google Maps, please see: http://www.google.com/intl/de_de/help/terms_maps.html and Google’s Data privacy statement: http://www.google.com/intl/de_de/help/terms_maps.html

Other Parties

We will also share your personal information with third parties in the following circumstances:

companies assisting us in our support activities;
companies assisting us in our marketing, advertising and promotional activities;
third party payment processors in relation to credit/debit card payments;
fraud prevention agencies if false or inaccurate information is provided to us as part of your use of our services or otherwise, and fraud is identified or suspected;
credit reference agencies, fraud prevention agencies, payment processors, suppliers of technical and support services, insurers, logistics providers, manufacturers and cloud service providers, debt collectors, our legal and other professional advisors, including auditors;
if we are under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers; and
when we restructure or sell our business or its assets or are subject to a merger or re-organisation.

International Transfers

A number of the service providers that we use are based outside of the UK or European Economic Area (EEA). As such your personal information may be accessed from or transferred to countries that are outside of the UK/EEA.

Wherever Data is transferred, or potentially made available outside of the UK/EEA, we undertake due diligence on the entity accessing or receiving your Personal Information to ensure that they have put in place appropriate technical and organisational measures to protect and secure your Personal Information.

If we do transfer your information outside the UK/EEA we will take appropriate steps to protect that information, which include:

transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Secretary of State and/or the European Commission
entering into an agreement with the recipient, which includes the UK international data transfer agreement and/or standard contractual clauses that the UK Secretary of State and/or the European Commission has determined offer adequate protection for your information
entering into an agreement with the recipient who have Binding Corporate Rules (BCR) in place that have been approved by the UK Secretary of State/ICO or an EU competent Supervisory authority

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Your Rights – Controlling your Personal Information

Under Data Protection Legislation, you have the right to:

Request access to the personal data we hold about you and details of any other party we share that data with;
Request a copy of the personal data that we hold about you;
Request that we correct your personal data when it is incorrect, out of date or incomplete;
Request that we stop using your personal data for direct marketing communications;
Request that we stop any consent-based processing of your personal data after you withdraw that consent.

You have the right to request a copy of any information about you that Trakm8 holds at any time, and also to have that information corrected if it is inaccurate.

Making and Dealing with Requests

Any requests relating to this Service and the Personal Information being processed will be handled jointly between Trakm8 and the Contracting Entity.

Requests relating to your Personal Information should be made to the Contracting Entity in the first instance – details of how to do that will be included in the relevant Privacy Notice provided by the Contracting Entity.

For those customers who are directly contracted with Trakm8, please send your request directly to Trakm8 using the details set out below.

Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. We will then cease processing your data for that purpose.

Right to Erasure / Deletion / Correction

You may request that some or all of your Personal Information is deleted or corrected; however, the Right to Erasure is not absolute and we may decide to retain the Personal Information if we have an overriding reason for doing so.

If we decide not to action your request, we will explain to you the reasons for that decision.

Direct marketing

You have the right to stop the use of your Personal Information for direct marketing activity through all channels, or selected channels. We will always comply with your request.

Checking your identity

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.

Trakm8 will normally accept the following forms of ID as proof of identity: a copy of your driving licence, passport, national ID card or in some instances photographic ID cards issued by your employer.

We may also request that the Contracting Entity assists us in verifying your identity.

If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

Contacting the Regulator

If you feel that your Personal Information has not been handled correctly or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

The Information Commissioner’s Office can be contacted via telephone on 0303 123 1113 or online at www.ico.org.uk/concerns

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

How to Contact Us

We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.

If you have any questions that haven’t been covered, please contact our Data Protection Officer who will be pleased to help you:

Email us at: Privacy@trakm8.com ;

Or write to us at:

Data Protection Officer

Trakm8

Roman Park

Roman Way

Coleshill

West Midlands

B46 1HG

Definitions

Administrator(s) – the individual(s) nominated by the Contracting Entity as the system administrator(s) and who manage the system and its users;

APP – software application typically installed on a mobile device;

Associated Person – any other person who has been authorised to drive the vehicle, travel in the vehicle (i.e. passengers) or to work on the vehicle (i.e. mechanics). It is important the Associated Persons are provided with the information contained within this Privacy Notice. See also Nominated Driver;

Contracting Entity – the person or organisation entering into the contract with Trakm8 and on whose instructions the Service is provided. This is typically an employer, insurer, leasing company or otherwise vehicle owner;

Controller – is a legal or natural person, or any other body who determines the purposes of any personal data and the means of processing it. Controllers may act independently or jointly with other Controllers;

Dashcam – dashboard and/or in vehicle or asset camera(s);

Dashcam Data – data captured by the dashcam. Depending on the dashcam and configuration, this may include image data (forward facing and/or in-cab) and/or audio data.

Data Protection Legislation – for UK customers, this means that Data Protection Act 2018, the Privacy in Electronic Communications Regulations and the UK GDPR and any national implementing laws, regulations and secondary legislation; For EU based customers, this means General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation

Diagnostic Data – data relating to the vehicle such as fault codes, battery health status and similar information.

Driver – the Driver and/or owner of the vehicle fitted with a Telematics Device for the purposes of carrying out their duties or for any other purpose;

Driver Profile Data – the scoring output from the Trakm8’s driver profiling algorithm;

FNOL (First Notification of Loss) Data – data collected whenever there is a suspected or actual crash incident. This may be Telematics Data, Dashcam Data or a combination of both;

Journey Data – data collected by the Telematics Device including date/time, GPS location, speed etc.;

Nominated Driver – any other person who has been authorised to drive or use the vehicle for any period of time and for any purpose. It is important the Nominated Drivers are provided with the information contained within this Privacy Notice. See also Associated Person;

Personal Information – information that relates to an identified or identifiable individual. All Telematics Data and Dashcam Data is considered to be Personal Information relating to the Driver;

Privacy Notice – information provided to an individual describing how an organisation collects, uses, retains and discloses Personal Information;

Processor – is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;

Telematics Data – all data collected by a Trakm8 supplied Telematics Device / Dashcam including Journey, Diagnostic and Driver Profile Data;

Telematics Device – the hardware device fitted to your vehicle(s);

Receiving updates to this Driver Privacy Policy

If you would like to receive an email notification whenever this policy is updated, click the link below and complete the form.

Version 1.12 Date: September 2023