FleetGuru OÜ tietosuojakäytäntö

1. GENERAL

1.1. FleetGuru OÜ (“FleetGuru”) provides companies as its clients with fleet management software available through website www.fleetguru.app (“Website”), mobile application (“App”), and which allows to track vehicle’s condition and related costs throughout its lifecycle (“Service”). This Privacy Policy (“Policy”) explains the principles on how we collect and use information when you interact with FleetGuru in situations which exceed the provision of the Service to the organisation you work in or represent (as described in Section 1.2).

1.2. For the purposes of providing the Service to the company, FleetGuru collects information about the vehicle, the user of the vehicle, the company’s representatives, insurance, and other relevant aspects subject to the Service’s features. In regard to data which is necessary for the provision of the Service to the company, FleetGuru is considered to be a data processor and the processing of such data is governed by the data processing agreement concluded with the company as a data controller. The company as the organisation you work in or represent, is obliged to provide you information about such data processing.

1.3. In case you disclose any personal data regarding any third person(s) (e.g. your employee, management board member, co-worker, etc.) to us, you are obligated to refer them to this Policy.

2. PERSONAL DATA CONTROLLER

2.1. For the personal data processing purposes brought out in Section 4 of this Policy, the controller of your personal data is:

FleetGuru OÜ
Registry code: 16051979
Address: Valukoja 10, 11415 Tallinn, Estonia
E-mail: fleetguru@fleetguru.app

2.2. In case of personal data protection related inquiries, please contact us by writing to: dpo@fleetguru.app.

3. CATEGORIES AND SOURCES OF PERSONAL DATA

3.1. Personal data are information that can be used to directly or indirectly uniquely identify, contact, or locate you as a private individual (“Personal Data”). The source of the collected Personal Data depends on how you interact with us. We may obtain and process the following categories of Personal Data:

3.1.1. Main data: name, e-mail address, phone number, position (“Main Data”).

Source: Personal Data you directly provide to us upon contacting us or submitting your information via the Service; or information provided by your organisation.

3.1.2. If you interact with us via the Website, the App, or e-mails, we process the following Personal Data: Main Data, contents of your message („Communication Data“).

Source: Personal Data you directly provide to us upon contacting us.

3.1.3. Marketing data: Main Data, position, information provided upon our request (e.g. your photo, testimonial). Additionally, we may supplement the Personal Data that you have provided to us directly with information that has been obtained from publicly available resources (“Marketing Data”).

Source: Information we have obtained from you or your organisation or you provide to us upon subscribing to our newsletter or the information we have obtained from publicly available resources (e.g. Commercial Register, LinkedIn).

3.1.4. Upon visiting the Website and using the Service, our server processes the following data: IP address, access-provider, referring URL, date, time, access tokens, session key, browser type and version, operating system, amount and state of transferred data (“Technical Data”).

Source: While you are browsing through the Website or using the Service, our server automatically generates and collects the Technical Data from your browser and device.

3.1.5. Cookie data. We implement cookies on the Website, for optimising the Website, the App, the Service and their functionalities. The cookies may collect your Personal Data. For further information on the purposes and functions of the cookies, please see our cookie Policy.

3.2. If you do not provide the required information, we may not be able to contact you or fulfil any other purposes provided in Section 4 of this Policy.

4. LEGAL BASIS AND PURPOSES FOR PROCESSING THE PERSONAL DATA

4.1. Our legal basis to process your Personal Data depends on the objective and context in which we collect the Personal Data. The following depicts a descriptive list of processing purposes that are linked to the specific data categories and legal basis for processing:

Processing purpose Legal basis for the processing purpose Personal Data used for the processing purpose
Administering the contract concluded or to be concluded with the organisation you work in / represent and ensuring the provision of the Service Taking and implementing the pre-contractual measures of a contract or performing the contract concluded between you and the organisation you work in / represent Main Data, Communication Data
Responding to your enquiries and requests submitted via the Website, the App, or e-mail Our legitimate interest in ensuring effective relations management with potential customers, partners and interested parties.
If you wish to become or are already our client or partner and the enquiry or request is related to your potential or ongoing customer or partnering relationship with us, the legal basis is taking and implementing the pre-contractual measures of a contract or performing the contract concluded between you and the organisation you work in / represent
Communication Data
Disclosing your testimonial on our online channels Your consent Marketing Data
Sending newsletters and other marketing information regarding us and our business via e-mail Consent given upon subscribing to our newsletter.
In case we have been in contact regarding our products and services, our legitimate interest in promoting our similar services
Marketing Data
Administering marketing content subscription list Our legitimate interest in ensuring valid legal basis for sending marketing content and recording given and withdrawn consents (subscriptions) Marketing Data
Diagnose and repair problems with the Website, the App and the Service Our legitimate interest in providing data security and preventing fraudulent actions related to the Website, the App and the Service; ensuring the functioning of the Website, the App and the Service Technical Data
Storing information containing Personal Data in our backup systems Our legitimate interest in ensuring the security of data processing operations All data categories named in Section 3.1
Data disclosures to our service providers or law enforcement and supervisory authorities Our legitimate interest in utilising the information technology infrastructure and services provided by our co-operation partners or performance of our legal obligation All data categories named in Section 3.1
Intra-group data disclosures and transfers Our legitimate interest in utilising common technical infrastructure All data categories named in Section 3.1
Arrange the sale or merger of our company and provide information for conducting the legal or other audit and the data exchange thereof Our legitimate interest in facilitating proper due diligence process and business continuity All data categories named in Section 3.1
Establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure in relation to our, our users’ or employees’ rights Our legitimate interest in facilitating effective establishment, exercise, or defence of legal claims All data categories named in Section 3.1

4.2. We may process your Personal Data for other purposes, provided that we disclose the purposes and use to you at the relevant time, and that you either consent to the proposed use of the Personal Data, other legal grounds exist for the new processing purposes or the new purpose is compatible with the original purpose brought out above.

5. PERSONAL DATA RETENTION PERIOD

5.1. Your Personal Data shall be stored insofar as reasonably necessary to attain the objectives stated in Section 4 of this Policy, or until the legal obligation stipulates that we do so. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the processing purposes and whether we can achieve these purposes through other means, and applicable statutory obligations. Whilst retaining the Personal Data, we take into account the viable need to resolve disputes and enforce the contract between us or anonymize your Personal Data and retain this anonymized information indefinitely.

5.2. Data which relates to the contract concluded with the organisation you work in / represent, is usually retained as a part of accounting information and will be retained for up to seven years as of the end of the accounting year during which the contract expired or was terminated.

5.3. After the expiry of the retention period determined in accordance with this Section 5 of this Policy or the termination of the legal basis for processing purpose, we may retain the materials containing the Personal Data in the backup systems, from which the corresponding materials will be deleted after the end of the backup cycle. We ensure that during the backup period appropriate safeguards are applied and the backed-up materials are put beyond the use.

6. YOUR RIGHTS AS A DATA SUBJECT

6.1. We have a legal obligation to ensure that your Personal Data is kept accurate and up to date. We kindly ask you to assist us to comply with this obligation by ensuring that you inform us of any changes that have to be made to any of your Personal Data that we are processing.

6.2. You may, at any time, exercise the following rights with respect to our processing of your Personal Data by contacting us via contact information referred to in this Policy:

6.2.1. Right to access: you have the right to request access to any data that can be considered your Personal Data. This includes the right to be informed on whether we process your Personal Data, what Personal Data categories are being processed by us, and the purpose of our data processing;

6.2.2. Right to rectification: you have the right to request that we correct any of your Personal Data if you believe that it is inaccurate or incomplete;

6.2.3. Right to object: you are entitled to object to certain processing of Personal Data, including for example, the processing of your Personal Data for direct marketing purposes or making automated decisions based or when we otherwise base the processing of your Personal Data on our legitimate interest;

6.2.4. Right to restrict Personal Data processing: you have the right to request that we restrict the processing of your Personal Data if you wish to: (i) object the lawfulness of the processing; (ii) contest the accuracy of the Personal Data; (iii) restrict the processing, instead of erasure in case unlawful processing has taken place; or (iv) demand restriction of the processing until assessing the plausibility of our legitimate interest in the specific processing activity;

6.2.5. Right to erasure: you may request your personal data to be erased if (i) the Personal Data is no longer necessary for the purposes for which it was collected, (ii) you withdraw your consent for processing; (iii) you contest our legitimate interest and we have no overriding legitimate interest to continue processing; (iv) you object direct marketing; (v) you consider that the processing is unlawful, (vi) you consider that the Personal Data has to be erased to enable us to comply with a legal requirement;

6.2.6. Right to data portability: if your Personal Data is being automatically processed with your consent or on the basis of a mutual contractual relationship, you may request that we provide you that Personal Data in a structured, commonly used and machine-readable format. Moreover, you may request that the Personal Data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible;

6.2.7. Right to withdraw your consent: in cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time without any adverse effect;

6.2.8. Right to contact the supervisory authority: if you are not satisfied with our response to your request in relation to Personal Data or you believe we are processing your Personal Data not in accordance with the law, you can submit your claim with the Estonian Data Protection Inspectorate (in Estonian Andmekaitse Inspektsioon) at info@aki.ee (https://www.aki.ee).

6.3. Please note that you will need to provide sufficient information for us to handle your request regarding your rights brought out in Section 6.2 of the Policy. Prior to answering your request, we may ask you to provide additional information for the purposes of authenticating you and evaluating your request.

7. DATA TRANSFERS

7.1. We disclose your Personal Data to third parties only in accordance with this Policy to recipients who have undertaken to observe confidentiality or are subject to statutory confidentiality. Your Personal Data will be disclosed to our employees who due to their duties have the necessity to process your Personal Data.

7.2. Only if necessary, for fulfilling our statutory or contractual obligations, we may disclose your Personal Data to the following recipients acting as separate data controllers:

Type of the recipient Purpose of disclosure Location of recipient
Law enforcement and supervisory authorities We disclose your Personal Data to law enforcement and supervisory authorities only if we are under a duty to disclose or share these data in order to comply with legal obligations (for example, if required to do so under applicable law, by a court order or for the purposes of prevention of fraud or other crime) European Union
Professional advisors (legal advisors, accounting etc. bound to confidentiality) In case not operating as data processors, the legitimate interests in conducting and supporting our regular business activities European Union
Providers of integrated third-party IT-tools In case the organisation you work in or represent has requested to integrate a third-party IT-tool to the Service, then certain Personal Data will be made available to such service providers. Such data processing is governed by the service provider’s privacy documentation. World-wide
Potential business acquirers and business transferee(s) If necessary and required for successfully transferring our business or for the purposes of mergers and acquisitions, your Personal Data may be disclosed to the specified acquirers and their representatives and / or legal counsels World-wide

7.3. In addition to the third parties brought out in Section 7.2 of the Policy, we may disclose Personal Data to third party service providers who act as data processors and may operate the technical infrastructure that we need to host, store, manage and maintain the daily business. The following depicts the main categories with examples of our authorised processors, their location and reason for processing:

Category of the authorised processor Processing purpose Safeguard Location
Providers of IT-services Providing IT-solutions necessary for the daily business functions Data processing agreements, standard contractual clauses World-wide
Providers of analytics and marketing software services Providing analytical insight and marketing tools for bettering daily business functions Data processing agreements, standard contractual clauses World-wide
Providers of customer relations management and sales software Assisting sales and managing of the customer relationships Data processing agreements, standard contractual clauses EU/EEA and/or U.S.

7.4. In some cases, we may transfer your Personal Data outside the European Union or European Economic Area, if the respective operational service providers located outside the European Union or European Economic Area. We shall opt to use special Personal Data protection safeguards, in order to ensure the safety of your Personal Data. For obtaining further information on the processors engaged by us or if you wish to get acquainted with or obtain information on the transferring of your Personal Data outside the European Union or European Economic Area and the safeguards implied thereof by contacting us using the contact information specified in this Policy.

8. AMENDMENTS TO THIS POLICY

8.1. This Policy may be amended or modified from time to time to reflect changes in the way we process Personal Data and, in such case, the most recent version of the Policy will appear on this page. Please check back periodically, and especially before you provide any new personally identifiable information.