Effective date:

PRIVACY POLICY

PURPOSE
We are committed to maintaining the accuracy, confidentiality, and security of our users’ personal information. This Privacy Policy describes the personal information that we collect from or about our users, how we use that information, and to whom it is disclosed.

This Policy is designed to comply with the privacy requirements established by the General Data Protection Regulation (“GDPR”), as well as with other applicable laws around the world that are intended to protect an individual’s privacy. It supports our need to collect information from our users as necessary for our performance of business services and functions, while also recognizing a user’s right to have their information handled in a way that protects the privacy of their personal information. You may learn more about the GDPR here: https://www.eugdpr.org/

For purposes of this Policy, a user may also be referred to as “you,” “your,” or “data subject.”
COMMENCEMENT
This Policy will commence from 30/08/18. It replaces all other policies relating to the use of a user’s personal data, whether such a policy was made in writing or oral.
APPLICATION
Legal requirements may vary from country to country. This Policy applies to all users of our website, even those who access our site from a location outside of the European Union.

DEFINITIONS
Personal Data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient: a natural or legal person, public authority, agency or other body, to which the personal data are disclosed, whether a third party or not.

Third Party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor, or persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, relatability, behavior, location, or movements.

Filing System: any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis.
INFORMATION COLLECTED
We only collect information that is necessary for one or more of our legitimate business functions or activities. The information we collect from our users may include:

    • Personal identification data, including, but not limited to, your name, permanent address, mailing address, telephone number(s), email address, and company name, if applicable.
    • Account login information including, but not limited to, your login credentials.
    • Geographical and/or tracking data of your TrueTrace device including, but not limited to, your device’s location or coordinates, speed traveled, altitude, and date and time of travel. This information is collected and displayed in both live and historical reports and is updated approximately every 60 seconds when moving and approximately every 12 hours when motionless.
    • Network traffic data including, but not limited to, your IP address, identification numbers, location data, cookies, online identifiers, language settings, and device identification.
    • Financial information provided by you including, but not limited to, bank account and credit card information.
    • Information you voluntarily share with us including, but not limited to, suggestions, reviews, opinions, and feedback.
    • Images, documents, or videos you voluntarily share with us including, but not limited to, photographs and documents shared with us regarding your use of our products or system or provided in your profile account.
    • We may also collect information from third party channels including, without limitation, factual research our employees perform on you or your business, or from your interactions with our employees.


The information collected is considered “personal data” as defined by Article 4(1) of the GDPR.
RETENTION OF PERSONAL DATA
In compliance with Article 5(1)(e) of the GDPR, we keep your personal information data for the period necessary to fulfil the purposes for which it has been collected. We may also retain and use your data to inform you of new products and services based on your preferences, in the event you have consented to us doing so.

To the extent you terminate your account with us, your account information, including your personal information, as defined above, will be marked for deletion. However, your information may continue to remain on our servers for a period of time due to delays in the deletion process.
SECURITY
We take precautions to protect your personal information. Our website is administered by TrueTrace, and access is limited to our employees and contractors, when required. Our website is hosted by DigitalOcean, which is secured through a defense-in-depth layered approach. Our email system is provided through GoDaddy and is secured through a Secure Sockets Layer (“SSL”) Certificate, which ensures the security of data sent via the Internet using encryption. Your personal information may be accessible to the companies that host our website, mobile application, and email. These sites are governed by their own privacy and digital security policies, of which we are not in control.

We take precautions to protect your personal information however we cannot always guarantee the security of your personal information. Transmissions over wireless networks, including the Internet, can, at times, be defective, falsified, or tampered with. You acknowledge and agree that such circumstances are out of our control, and we cannot be held responsible or liable any limitation, failure, or breach of any transmission of your personal information over wireless networks.
YOUR RIGHTS
The GDPR was created to protect your privacy rights. You have the right to access, rectify, object to, or erase the data maintained by us pursuant to Articles 12 – 23 of the GDPR. You may request a change to your personal data by contacting us by email or postal correspondence.

TrueTrace Ltd
Ground Floor North Warehouse
Gloucester Docks, Gloucester
Gloucestershire
GL1 2EP
United Kingdom

Email: contact@truetrace.io

If you believe our processing of your personal data infringes data protection laws, you have a legal right to initiate a complaint with a supervisory authority responsible for data protection in accordance with Article 77 of the GDPR.
COOKIES
Our service providers use cookies and those cookies may be stored on your computer when you visit our website. Most browsers allow you to refuse and delete cookies. You can find more information regarding cookies here: http://www.allaboutcookies.org/
DATA PROTECTION OFFICER
If you have questions or concerns regarding this Policy, your personal information, or how we may use it, please contact us by writing to our “Data Protection Officer” at the previously stated address or email. Our data protection officer is responsible for overseeing this Policy and privacy notice.
AMENDMENTS
We may update this Policy from time to time by publishing a new version on its website. We will alert you about any changes by updating the “Last updated” date of this Policy.