Privacy Policy Moove Connected Mobility B.V.

Introduction

Moove Connected Mobility B.V. (“Moove”) is an expert in the field of automotive telematics. In cooperation with, among others, our partner Geotab Inc. (“Geotab”), we connect vehicles to the internet and provide access to a wide range of relevant data. This data comes from the engine management (on board diagnostics) and from additional devices and sensors (internet of things).

Based on this data, which we provide to our customers via customised interfaces and dashboards, referred to as the "Connected Mobility Services", Moove enables lease companies, insurers and other vehicle fleet managers to adjust their business operations and thus improve road safety, carry out vehicle maintenance more efficiently (or have this done by others) and/or reduce the burden on the environment.

Moove is located in The Hague. Our contact details are as follows:

Visiting address:
Moove Connected Mobility B.V. Telephone number: +31 (0) 30 202 4520
Stadsplateau 11 Email: info@mooveconnected.com
3521 AZ Utrecht

Postal address:
Moove Connected Mobility B.V.
Postbus 30503
3503 AH Utrecht

Moove processes and collects personal data, possibly including your data. In most cases, we do this on the basis of agreements with our Clients, which can be regarded as data controllers within the meaning of the General Data Processing Regulation ("GDPR"), and in that role also determine the purpose and means of processing and collecting personal data. If we also process your personal data because, for example, you have been designated by our client as the actual user of a vehicle belonging to the client's vehicle fleet (referred to below as the "Fleet") and which we have connected to the Internet by means of one of our Connected Mobility Services at the Client's request, you are a data subject within the meaning of the GDPR and this Privacy Policy also applies to you.

The processing and collection of personal data is an important part of the delivery of our products and services. Moove is responsible in its capacity as processor for protecting this data as well as possible. In doing so, we must meet the requirements of the GDPR. We also want to be transparent about the types of data we process and collect from the drivers, the purposes and basis for this processing, with whom we share data and what rights the drivers have with regard to their own data. We would like to inform you about this by means of this Privacy Policy. Do you have any questions after reading this Privacy Policy? If so, please feel free to contact us. This can be done by contacting our Data Protection Officer using the above email-address and telephone number, or by sending a letter to the postal address given above.

  1. Types of data

1.1 Moove strives to process only personal data that is required, relevant and proportionate to the purposes for which it was collected. If a function or Connected Mobility Service can be achieved with anonymous data, we will try to anonymise that personal data. In cases where anonymous or non-personal data is combined with personal data, we will treat this as personal data.

1.2 Depending on the Connected Mobility Service provided by us to the client, we may process the following personal data of the driver provided by the client or (indirectly) by the driver of a vehicle:

  • your contact details, such as name, address, residence, telephone number and email address;
  • your age and sex;
  • your driving licence details;
  • details of your employment, profession and employer;
  • the registration number, vehicle identification number and data related to the vehicle used by you, such as the date of purchase, mileage, data related to previous maintenance and damage, etc;
  • location data of the vehicle generated by actions actively performed by you, such as navigation aids, searches entered into the navigation system, etc;

In addition, the vehicle being used by you automatically collects data that is not directly related personally to you. This data recorded by the vehicle or by a dongle installed in the vehicle for the purpose of the Connected Mobility Services is usually linked to the vehicle's registration number or vehicle identification number and can therefore be traced back to you and for this reason is considered to be personal data. The data recorded by the vehicle may include the following data:

  • technical safety related data, such as information on the activation of airbags and belt tensioners, windows and doors that may or may not be closed, etc;
  • technical data relating to engine status, control, braking, maintenance, remaining mileage and months for next service, etc;
  • driving information such as speed, use of brake and accelerator pedals, direction of the vehicle, fuel consumption, how much fuel a vehicle still has, driving time, etc;
  • location information, such as the actual position of the vehicle at that moment, determination of the zone in which the vehicle is located, geofencing, etc;
  • ambient data, such as outdoor temperature; and
  • all other data required for the execution of the agreement with the client and the improvement of vehicle-related information and (mobile) electronic communication services, including data that enables a connection to be made between the driver of a vehicle and the vehicle.
  1. Purposes and legal grounds for the processing of data

2.1 We process and collect the personal data first and foremost in order to execute the supply agreement which we have concluded with our client and which is aimed at improving road safety, carrying out maintenance on vehicles more efficiently and/or reducing the burden on the environment. It is also possible that legal obligations may require us to retain your personal data. In the context of our business operations, the data recorded by the vehicle can also be used by us to offer new or current mobility services to the client, for the improvement and/or further development of the current or future services provided to the client and for other functionalities that may be relevant to the client, for analysis purposes and/or for research purposes. We also assume when collecting and processing your personal data that our client (i) has sufficiently ascertained your interests, (ii) has properly balanced these interests of yours, and his own - legitimate - interests in the collection and processing of relevant personal data, and (iii) has been able to make the reasoned decision that he has a legitimate interest in the processing of your data on these grounds or for these purposes. You can also restrict the collection and processing of your personal data at any time by making use of the rights assigned to you by the GDPR.

  1. Storage and retention period of personal data

3.1 Our client, as the controller, keeps a record of the processing activities that take place under its responsibility.

3.2 We only retain your personal data for as long as and to the extent that we need it to be able to fulfil the agreement with our client, for our business operations, for the time required to fulfil our legal obligations or for a maximum of the statutory storage periods applicable to us.

  1. Information, modification, deletion and objection

4.1 Moove strives to ensure that your personal data is accurate and up to date. We will at all times try to delete or change incorrect and incomplete personal data. Your personal data belongs to you and you therefore have specific rights with regard to how it is processed. You can always contact us about this, but you will usually have to consult our client, who is considered to be the controller. We will refer you to the relevant client if required.

4.2 This certainly applies (also) to the following subjects:

  • whether we process your personal data;
  • how we process your personal data;
  • access to the personal data we process about you;
  • objections to the processing of your personal data;
  • modification of your personal data if it is or may be incorrectly processed;
  • restricting your personal data;
  • deletion (erasure) of your personal data; and
  • transfer of your personal data to yourself or to another organisation at your request.

Of course, you can always ask us questions about the content of this Privacy Policy. The contact details of our Data Protection Officer have already been given above.

4.3 If a vehicle connected to the internet by us has more than one driver, you as the data subject can only inspect your own personal data (and only if this is technically possible). If you make a request for inspection, you must therefore state the period or periods during which you were the actual driver of the vehicle in question and provide supporting evidence of this.

4.4 Modifying or deleting personal data may not always be possible (technically or otherwise). In such cases, we will provide you with a reasoned explanation as to why the change or deletion you want is not possible. If possible and desirable, we will then keep a separate note of the corrections you require.

  1. Protection of your data

5.1 Moove makes every effort to adopt and implement such technical and organisational measures as may reasonably be expected to protect your personal data against accidental or unlawful destruction, accidental loss, unintentional modification, unauthorised disclosure or making available and all other forms of unlawful processing. We do this by taking the measures that may reasonably be expected of us on the basis of the state of technology.

  1. Provision of data to third parties

6.1 We do not provide your personal data to others without good reason. We may do this if such provision serves the purposes of processing the personal data (as set out in article 2 of this Privacy Policy and only if the client has given his consent to this), if we or the parties involved in the proper performance of the agreement are obliged to do so by law or a court order, in order to safeguard our rights or those of the parties involved in the proper performance of the agreement, to protect the personal security of (the employees of) Moove or the parties involved in the proper performance of the supply agreement, or if you have given us permission for this to be done.

6.2 For the purpose of our business operations and depending on the products and services we provide to our client, we may also provide your personal data to the following persons or parties:

  • external parties that process data under our control and responsibility, such as Geotab;
  • external parties that (on the request of the client) are or should be involved in the proper performance of an agreement with our client, such as loss adjusters, auditors, logistics service providers, suppliers of software and hardware, etc.

Processing shall not take place outside countries belonging to the European Union, unless they offer at least such guarantees as the European Union and it has been agreed in writing with the client that processing may also take place in those countries, such as in the case of Geotab, which has its head office in Canada.

6.3 External parties that process the personal data under our control and responsibility do so exclusively for the purposes and under the conditions agreed by the client and subsequently with these third parties. We lay this down in writing in processor's or sub-processor's agreements that also ensure that these external parties assume at least the same obligations as we have agreed with our client. In addition, we oblige these external parties to treat the data provided by us safely and confidentially.

6.4 We reserve the right to share aggregated (not personally identifiable) information obtained in the course of providing its services to the client with third parties for any purpose whatsoever.

  1. Amendments to the Privacy Policy

7.1 It is possible that we will amend this Privacy Policy in the future. You will always find the most recent policy on our website. The latest change date is shown at the bottom of this Privacy Policy. If and as soon as we have made changes to our Privacy Policy, we will make an amended version of this policy available on our website.

  1. Right to complain

8.1 Do you disagree with how we process your personal data or deal with your rights as a data subject? If so, please contact us via our Data Protection Officer. This can be done using the email address and telephone number given above or by sending a letter to the postal address also given above.

8.2 f you are unable to reach agreement with us, you can also submit a complaint to the Dutch Data Protection Authority. For this purpose, we refer you to the website of the Dutch Data Protection Authority ( www.autoriteitpersoonsgegevens.nl).

Where reference is made in this Processor's Agreement to provisions of the GDPR, this refers to the corresponding provisions of the Dutch Personal Data Protection Act (Wbp) until 25 May 2018.

Moove Connected Mobility B.V.
The Hague, April 2018