A comprehensive approach to privacy and governance.
At Xfleet we take privacy very serious and we believe in the importance of thoughtfully handling personal information. This Privacy Policy sets out how Xfleet uses the personal information we collect and stores about you.By accessing or using the Services, you agree to this Privacy Policy, our Terms of Service and Use Policy.
The Privacy Policy applies to our Services available under the domain Xfleet.io (hereinafter referred to as the “Website”). When you use Xfleet web-based and mobile mobile application and Xfleet website you agree to this Privacy Policy and other policies. If you do not agree please do not use or access the website.
Types of Personal Information
Xfleet collects personal information in support of its mission to help people see and understand their data. This personal information is collected through a variety of ways as part of our normal operation of Services. For example, we collect personal information through the registration and use of our software and mobile apps, whether downloaded or accessed through a cloud-based service. We also collect personal information when you use or visit Xfleet website or participate in a Xfleet community. We may receive your personal information if you are a Xfleet supplier or partner. We may also receive your information from third party partners. If you have other agreements with Xfleet, then those agreements control with regard to the subject matter they cover.
The type of information we collect will depend on your interactions with Xfleet. It may include:
Account and product registration and administration of your account
The Xfleet Services that you use
Requests or questions you submit to us via forms or email (e.g., support forms, sales forms, user research participation forms)
Your communications and dealings with us
Payment Information. Credit card number, banking information and billing address.
Usage and Geographic Data. Xfleet collects personal information related to your use of our products, services and websites so that we can analyse and improve.
Uploads or posts to the Services
Requests for customer support and technical assistance
Content. In using the Services, you may upload or input various types of content, including but not limited to: resource details, attachments, orders and customers details, driver names, coordinates, GPS tracking files and conversations (together, the “Content”). If you are using the Services in connection with an account created by an Xfleet Customer (e.g., employer, organization, or an individual), we collect and process the Content you submit on behalf of the Customer. As described more throughout this Policy, our Customers, and not Xfleet, determine their own policies regarding storage, access, modification, deletion, sharing, and retention of Content which may apply to your use of the Services. For example, a Customer may provide or remove access to the Services, enable or disable third party integrations, manage users and permissions, retention and export settings, transfer or assign drivers, or share content. Please check with the Customer about the policies and settings that they have instituted with respect the Content that you provide when using the Services.
We receive information from partners to help us find potential customers and enhance our Services with useful information. For example, information provided by our partners allows us to provide route optimization services, such as when we receive mapping and location information or spatial data analytics from Google Maps, Open Street Maps or Mapbox.
Ways we Use Personal Information
Client customers – We may receive personal data about you from one of our Client’s customers. We will only use this information for the purpose of providing our Services. For example, a recipient of a delivery may provide personal information about you when submitting a support ticket.
Development, improvement & testing
As a software developer we need to be able to continuously develop, improve, maintain and test our software products which we regard our own legitimate interest. This typically includes:
Removal of bugs and other software faults or errors;
Development of new application updates, versions or functionalities (features);
General analysis of application;
Analysis of user trends within the application including general user profiling based on that;
Accuracy analysis GPS (location, speed, direction or other values);
Customer polls focused on improvement of the Services;
Customer feedback on design and user experience;
Testing on the production copies of partially anonymized data.
Your Rights
Xfleet acknowledges you have the right to access and change the Personal Information we collect and process. If you wish to access or to correct, amend, or delete Personal Information, please send us an email to:
office@xfleet.io and we will respond within a reasonable timeframe, but in any event no later than permitted by applicable law.
Note to our Users in the EU:
We hereby inform you of the following rights (by virtue of EU law), in respect of your Personal Information:
• Right to access: you may have the right to request a review of your Personal Information held by Xfleet.
• Right to rectification: if the Personal Information processed by Xfleet is incorrect, incomplete or not processed in compliance with applicable law or this Privacy and Cookie Policy, you may have the right to have your Personal Information rectified.
• Right to erasure: under certain conditions, you may be entitled to require that Xfleet will delete or “block” your Personal Information (e.g. if the continued processing of those data is not justified).
• Right to Portability: you may have the right to transfer your Personal Information between data controllers (i.e. to transfer your Personal Information to another entity).
• Right to object to or withdraw consent: where that lawful basis for processing your Personal Information is either “public interest” or “legitimate interests”, those lawful bases are not absolute, and you may have a right to object to such processing. If the processing of your Personal Information is based on your consent, you have the right to withdraw your consent to such processing at any time.
• The right to restrict processing – under certain circumstances, you may have the right to object to the processing of your Personal Information due to your particular situation.
• Right to lodge a complaint: you have the right to lodge a complaint before the relevant data protection authority or supervisory authority.
To exercise these rights, where applicable, please contact us by sending an email to:
Cookies and Web Beacon
Our websites may use various software technologies including “cookies,” “web beacons” and “pixel tags.” “Cookies” are small text files that we and others may place in visitors’ computer browsers to store their preferences. “Web beacons” or “Pixel tags” are small pieces of code placed on a web page or within the body of an email to monitor the behavior and collect data about the visitors viewing a web page or viewing or opening an email. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page. We may use web beacons on our websites from time to time for this and advertising purposes.
We partner with third parties who may place cookies on your browser when you visit our websites, may send their own cookies to your cookie file, and may use those cookies to track and collect information about you and your online activities over time and across different websites, devices, and applications and to provide targeted advertising based on your interests and previous browsing history.
Third party ad networks may automatically collect information about your visits to our websites and other websites, such as your IP address, your Internet service provider, and the browser you use to visit our websites. They do this using cookies, web beacons or other technologies. You can learn more about practices of many of these third parties by visiting the Digital Advertising Alliance (http://www.aboutads.info/choices/) in the USA or the European Digital Advertising Alliance (http://www.youronlinechoices.eu/) in Europe. This Privacy Policy does not apply to, and we are not responsible for, cookies or web beacons and other technologies in third party advertising. We encourage you to check the privacy policies of third party advertisers and/or ad services to learn about their use of cookies, web beacons and other technology.
GDPR
Xfleet’s Commitment to GDPR Compliance
The General Data Protection Regulation (“GDPR”) is a European law establishing protections for the personal data of EU residents that came into force on May 25, 2018. Under the GDPR, organizations that collect, maintain, use, or otherwise process EU residents’ personal data (regardless of the organization’s location) must implement certain privacy and security safeguards for that data. Xfleet has established a comprehensive GDPR compliance program and is committed to partnering with its customers and vendors on GDPR compliance efforts. Some significant steps Xfleet has taken to align its practices with the GDPR include:
Revisions to our policies and contracts with our partners, vendors, and users Enhancements to our security practices and procedures
Closely reviewing and mapping the data we collect, use, and share
Creating more robust internal privacy and security documentation
Training employees on GDPR requirements and privacy/security best practices generally
Carefully evaluating and building a data subject rights’ policy and response process Below, we provide additional details about the core areas of Xfleet’s GDPR compliance program and how customers can use Xfleet to support their own GDPR compliance initiatives.
Data Processing Agreements
Under the GDPR, “data controllers” (i.e. entities that determine the purposes and means of processing data) are required to enter into agreements with other entities that process data on their behalf (called “data processors”). Xfleet offers its customers who are controllers of EU personal data the option to enter into a robust data processing agreement under which Xfleet commits to process and safeguard personal data in accordance with GDPR requirements. This includes Xfleet’s commitment to process personal data consistent with the instructions of the data controller.
International Data Transfers
As with prior EU data protection laws, the GDPR requires organizations to use a recognized legal mechanism to transfer data from the EU to other countries that do not have a similar data protection framework, including the United States.
Data Access, Management, and Portability Tools
The GDPR gives individual data subjects in certain circumstances the rights to, among other things, access, delete, and make corrections to their data. Xfleet is committed to facilitating data subject requests consistent with the GDPR, as further described in our Privacy Policy.
Privacy Documentation
At its core, the GDPR is focused on transparency, fairness, and accountability. Accordingly, the law requires organizations to maintain documentation about their privacy practices and their decisions about how they handle individuals’ personal data. Xfleet shares the GDPR’s commitment to these principles, and has included within its ongoing GDPR compliance program documentation about its data collection and processing activities, and the various policies and guidelines it follows pursuant to the GDPR. You can learn more about how Xfleet collects, uses, and discloses personal data by visiting Xfleet’s Privacy Policy.
Data Security
The GDPR requires organizations to use appropriate technical and organizational measures to protect the security, confidentiality, and integrity of personal data. Security continues to be a priority for Xfleet: we implemented a variety of safeguards to protect the security of our platform, including encrypting web connections to protect data transmissions, replicating our databases to support reliability of the platform, and controlling access to our facilities and office network. Xfleet also offers customers the ability to use additional security controls to further enhance the security of their teams’ data.
Ongoing Compliance and Communication
The GDPR’s requirements are comprehensive, but the law and regulatory guidance will evolve. As data protection authorities in Europe interpret the GDPR’s requirements and issue guidance, we will continue to follow these developments closely and evaluate our program for any changes or enhancements as needed. We value communication with our customers. If you have any questions about our GDPR compliance efforts, or if you are a data controller customer with questions about how we can help support your own GDPR compliance efforts, please contact us at office@xfleet.io.
Read full text about GDPR here https://gdpr-info.eu/