privacy statement

Privacy Policy This privacy policy is designed to inform users of our proprietary sensing as a service dashboard available at pharox.io, including all sub-sites and micro-sites controlled by us, and any related software, hardware, smartphone or mobile application (collectively, the “Service”) about how Pharox.io (“Pharox”, “we” or “us”) gathers and uses personal information submitted to Pharox through the Service/Application/Servers. By accessing our website, using our software services or Pharox sensor devices, or by otherwise providing us with your personally identifying information, you are accepting the practices and policies described in the Privacy Policy. Our Privacy Policy may change from time to time, and any changes will be posted on this page, and if the changes are significant, we will provide a more prominent notice. If you have questions or concerns regarding the Privacy Policy, you should first contact us at [email protected] Our Privacy Policy does not apply to services offered by other companies or individuals, including third party services used by Pharox. For these third party services, we encourage you to familiarize yourself with the applicable third party privacy policies. PHAROX PRIVACY STATEMENT What Information Do We Collect? Personal Information If you sign up to create an account, we may ask you for certain personal information for the account, including the name of the individual creating the account, business email address, business phone number, company name, and payment information such as credit card number (the “Personal Information”). In addition, if you contact Pharox and disclose additional personal information, we may store that Personal Information. User Data When you use the Pharox sensors, as well any related software and application, you transmit to Pharox certain user-specific data (“User Data”) that we use to provide the Service, including to but not limited to the route data, device location, various sensor measurements relating to your use of the Service, and additional information that the Service allows you to input, such as device names, device group names, device update rates, and any other related sensor and device settings or thresholds . Web Tracking Information We, and third party service providers that we engage to provide services to us (“Contractors”), may use web tracking technologies such as cookies, web beacons, pixel tags and clear GIFs in order to operate the Service efficiently and to collect data related to usage of the Service. Such collected data (“Web Tracking Information”) may include the address of the websites you visited before and after you visited the Pharox website, the type of browser you are using, your Internet Protocol (IP) address, what pages in the Service you visit and what links you clicked on, and whether you opened email communications we send to you. In order to collect Web Tracking Information and to make your use of the Service more efficient, we may store cookies on your computer. We may also use web tracking technologies that are placed in web pages on the Service or in email communications to collect information about actions that users take when they interact with the Service or such email communications, and our Contractors may also do so. We do not correlate Web Tracking Information to individual user Personal Information. Some Web Tracking Information may include data, such as IP address data, that is unique to you. You may be able to modify your browser settings to alter which web tracking technologies are permitted when you use the Service, but this may affect the performance of the Service. Our privacy principles and promises 1. We intend to be fully transparent and as clear as possible about your privacy. If you have any questions, concerns or remarks, please contact our privacy desk via [email protected] 2. We keep you up to date at all times We will always keep you fully informed about your data, We make sure you understand which data from or about you we use, why we use it, and who can use it. 3. We enable you to remain in control of your data We consider the data from or about you to be yours. We only use it for the purposes for which you have given it to us, or for which we collected it from you. At any time you can opt-out or opt-in using our software and websites. 4. We protect your data Your data is yours. We keep it that way by protecting it at all times to prevent it from falling into the wrong hands. 5. The area we operate in We operate according to the Dutch privacy law. Because the Netherlands is part of EU, European privacy laws support Dutch law. These laws are considered to be the most extensive in the world. They offer a high level of protection to you by only allowing us to use your data when the strict conditions of these laws are met. Our company policy on privacy and processing of personal data reflects these laws and we apply this policy. Knowing this, any event requiring legal action will take place in Dutch Court and will serve The Netherlands as its legally binding jurisdiction. 6. We will only use your data for the purposes we have stated to you. If we ask your permission to use your data for specific purposes, we also allow you to withdraw your permission. We will allow you to access and correct your data. We keep as little of your data as possible, and only for as long as we need it. When we no longer need data we destroy it, we block it, we irreversibly anonymise it, either way it so it is no longer linked to you. If we engage others to use your information on our behalf, we will ensure they act in accordance with our policies. If we share your data with others, we will first ask you for permission, unless there is a legal obligation that prohibits us from asking. Extraterrestrial Data Transferring Following the GDPR protocol and Data Protection Directive, being based in the EU and protected under the Dutch privacy law. Personal data has a complex jurisdiction. In relevance to transfer. The general principle for transfers is outlined in Article 44, which can be summed up as saying, if you transfer EU personal data out of the EU, make sure that this data still enjoys the same level of protection it gets under GDPR. In other words, the entity or company that you pass the data to outside the EU must be under a legally binding obligation to follow GDPR data protection principles or the equivalent. Still our services fall under Dutch law and will remain legally binding under Dutch Court and Jurisdiction. This legally binding obligation can be achieved in multiple ways. Here is a sampling: 1. The entity to whom you pass the data to happens to be in a country that has data protection laws that are just as strong as GDPR (as determined by the EU Commission). 2. The entity to whom you pass the data to agrees by legally binding contract to follow GDPR principles of data protection. 3. The company has enacted Binding Corporate Rules. 4. There is some regulatory-approved code of conduct to which the entity subscribes. II. Definitions “Pharox” – when we say Pharox, or “we” or “us” we refer to all our communications on which a link to this policy is displayed like our websites, software and mobile applications. “Service” means our website at https://www.pharox.io (the “Site”), all related websites and mobile applications (including tablet applications), and other services provided by us and on which a link to this Privacy Policy is displayed, and all other communications with individuals though from written or oral means, such as email or phone. “Device” means Pharox hardware installed that collects and outputs technical and/or digital data, which may or may not be linked, or can be read remotely, by which Personal Data, including tachograph data, is collected about the movement, the use of a vehicle, activity and time registration of a Driver. In addition it means any hardware installation of which any of Pharox’s products (connection, sensor, hardware, and firmware) whether on-site or in-transit are used under our services. “Client” means a customer or Partner of Pharox. “Client Data“ means Personal Data, reports, addresses, and other files, folders or documents in electronic form that a User of the Service stores within the Service. “Driver” means an individual, employee or co-driver, that is authorized by the Client for administrative purposes of the Service and/or who drives a vehicle that is equipped with a “device”. “Partner’’ means a business partner of Pharox. “Personal Data” means any data or information relating to an identified or identifiable natural person. “Public Area” means the area of the Site that can be accessed both by Users and Visitors, without needing to log in. “Restricted Area” means the area of the Site that can be accessed only by Users, and where access requires logging in. “User” means an employee, agent, or representative of a Client, who primarily uses the restricted areas of the Site for the purpose of accessing the Service in such capacity. “Visitor” means an individual other than a User, who uses the public area, but has no access to the restricted areas of the Site or Service. III. The Information We Collect Through Or On The Service The legal bases for Pharox’s processing of personal data are that the processing is necessary for providing the Service in accordance with Pharox’s General Terms & Service Agreement and that the processing is carried out in Pharox’s legitimate interests, which are further explained in the section “How We Use the Information We Collect” of this Policy. We may also process data upon your consent, asking for it as appropriate. We collect these types of information within these Categories of persona: Categories:  Employees (internal);  Customers;  Contacts;  Employees of external companies;  Interested parties;  Suppliers  Information types:  Name;  Professional, commercial or business addresses;  Phone numbers;  E-mail addresses;  Billing information;  Product interests;  Contract details (contractual relationship, product and / or contractual interests);  IP addresses;  Location data (GPS positions);  License plate of vehicle;  Service-related diagnostics;  Data on car use, such as: distance covered, time of day, vehicle, vehicle speed, engine speed, engine load (number of hours), engine temperature, braking / manoeuvring in curves / acceleration, mileage, travel time and distance, vehicle consumption, tire pressure, cruise control, tire position vehicle, diagnostic trouble codes, axle load, battery voltage, braking distance, distance to service, fuel level, total vehicle weight, PTO data, retarder data.  Drivers Data 3.1 User-provided Information When you use the Service, as a User or as a Visitor, you may provide, and we may collect Personal Data as stated above. You may provide us Personal Data in various ways on the Service, p.e. when you register to obtain a whitepaper, use the Service, post Client Data, interact with other Users of the Service through communication or messaging capabilities, or send us customer service – related requests. 3.2 Information Collected by Clients A Client or User may store or upload data into the Service Client Data. Digital data that is generated or processed by a “Device” that is installed by or in behalf of the Client and connected to a Driver is also information collected by Clients. Pharox has no direct relationship with the individuals and Drivers who are not a User of the Service and whose Personal Data it hosts as part of Client Data. Each Client is responsible for providing notice to the Driver and third persons concerning the purpose for which Client collects their Personal Data and how this Personal Data is processed in or through the Service as part of Client Data. A Client or User has only access to the Personal data of a Driver exclusively with the purpose of using and in respect of the Service. 3.3 “Automatically Collected” Information When a User or Visitor uses the Service, we may automatically collect certain information from the User’s or Visitor’s device by using various types of technology, including cookies, “clear gifs” or “web beacons.” This “automatically collected” information may include an IP address or another device address or ID, web browser and/or device type, the web pages or sites visited just before or just after using the Service, the pages or other content the User or Visitor views or interacts with on the Service, and the dates and times of the visit, access, or use of the Service. We also may use these technologies to collect information regarding a Visitor or User’s interaction with email messages, such as whether the Visitor or User opens, clicks on, or forwards a message. This information is collected from all Users and Visitors. 3.4 Information from Other Sources We may obtain information, including Personal Data, from third parties and sources other than the Service, such as our partners, advertisers, credit rating agencies, and Integrated Services. If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy. 3.5 How We Use the Information We Collect We use the information that we collect in a variety of ways in providing the Service and operating our business, including the following: 3.6 Operations We use the information – other than Client Data – to operate, maintain, enhance and provide all features of the Service, to provide the services and information that you request, to respond to comments and questions and to provide support to users of the Service. We process Client Data solely in accordance with the directions provided by the applicable Client or User. The only Client Data we process or use manually concern hand written notes or letters and manually signed contracts. 3.7 Improvements We use the information to understand and analyse the usage trends and preferences of our Visitors and Users, to improve the Service, and to develop new products, services, features, and functionality. Should this purpose require Pharox to process Client Data, then the data will only be used in anonymized or aggregated form. 3.8 Communications We may use a Visitor’s or User’s email address or other information – other than Client Data – to contact that Visitor or User (i) for administrative purposes such as customer service, to address intellectual property infringement, right of privacy violations or defamation issues related to the Client Data or Personal Data posted on the Service or (ii) with updates on promotions and events, relating to products and services offered by us and by third parties we work with. You have the ability to opt-out of receiving any promotional communications as described below in the “Your Choices” section. 3.10 Analytics We use Google Analytics to measure and evaluate access to and traffic on the Public and Restricted Area of the Site, and create user navigation reports for our Site administrators. Google operates independently from us and has its own privacy policy, which we strongly suggest you review. Google may use the information collected through Google Analytics to evaluate Users’ and Visitors’ activity on our Site. For more information, see Google Analytics Privacy and Data Sharing. We take measures to protect the technical information collected by our use of Google Analytics. The data collected will only be used on a need to know basis to resolve technical issues, administer the Site and identify visitor preferences; but in this case, the data will be in non-identifiable form. We do not use any of this information to identify Visitors or Users. We also use Analytics with Google Adwords for remarketing and keeping track of which products or pages a Visitor views or keeping track of whether the Visitor made a purchase / request based on one of our advertisements. This way we can measure how successful our marketing campaigns are and to what extent our offer matches our target group. These cookies may also ensure that our advertisements on third party websites are tailored to the Visitors interests, viewed pages or provided with interesting offers. These cookies are not personally identified and do not know who you are (name), nor what your address or e-mail address is. 3.11 Social media features Our Websites may include features from social media like LinkedIn and Facebook,that run on our Sites. These features may collect your IP address, which page you are visiting on our Sites, and may set a cookie to enable the feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Websites. This Privacy Policy does not apply to these features. Your interactions with these features are governed by the privacy policy and other policies of the companies providing them. 4. To Whom We Disclose Information Except as described in this Policy, we will not intentionally disclose the Personal Data or Client Data that we collect or store on the Service to third parties without the consent of the applicable Visitor, User or Client. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances: 4.1 Unrestricted Information Any information that you voluntarily choose to include in a Public Area of the Service, such as a public profile page, will be available to any Visitor or User who has access to that content. 4.2 Service Providers We may engage third party companies to perform services on our behalf (e.g. service providers who provide websites, application development, hosting, email, software maintenance and other services). These third parties may have access to, or process Personal Data or Client Data as part of providing these services. We limit the information provided to these service providers to that extent that is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information. They are not authorized by us to otherwise use or disclose your Personal Information, except to the extent required by law. 4.3 Non Personally Identifiable Information We may make certain automatically-collected, aggregated, or otherwise non personally identifiable information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our Clients’, Users’ and Visitors’ interests, habits, and usage patterns for certain programs, content, services, and/or functionality available through the Service. 4.4 Law Enforcement, Legal Process and Compliance We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others. 4.5 Change of Ownership Information about Users and Visitors, including Personal Data, may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of the User or Visitor Data commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy. Client Data may be physically or electronically transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets, for the sole purpose of continuing the operation of the Service, and only if the recipient of the Client Data commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy. 5. Your Choices 5.1 Access, Correction, Deletion You may choose not to provide or to decline to share certain Personal Data, even though that might impact your ability to register or receive particular features and functionality of the Service. If you do not want to receive interest-based advertisements, you can opt out. We provide you with access to the Personal Data that you may have provided through your use of the Service. If you wish to access or amend any other Personal Data we hold about you, please contact us as set forth in the “How to Contact Us” section. At your request, we will have any reference to you deleted, anonymised or blocked in our database. You may update, correct, or delete your Account information and preferences at any time by accessing your Account settings page on the Service. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact Pharox’s Privacy desk at [email protected] This provision does not apply to Personal Data that is part of Client Data. In this case, the management of the Client Data is subject to the Client’s own Privacy Policy, and any request for access, correction or deletion should be made to the Client responsible for the uploading and storage of such data into the Service. 5.2 Navigation Information You may opt out from the collection of navigation information about your visit to the site by Google Analytics by using the Google Analytics Opt-out feature. 5.3 Opting out from Commercial Communications If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the “How to contact us” section.. Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service. Pharox has no direct relationship with the Client’s customers or third party whose Personal Data it may process on behalf of a Client. An individual who seeks access, or who seeks to correct, amend, delete inaccurate data or withdraw consent for further contact should direct his or her query to the Client or User they deal with directly. If the Client requests Pharox to remove the data, we will respond to its request within thirty (30) days. We will delete, amend or block access to any Personal Data that we are storing only if we receive a written request to do so from the Client who is responsible for such Personal Data, unless we have a legal right to retain such Personal Data. We reserve the right to retain a copy of such data for archiving purposes, or to defend our rights in litigation. Any such request regarding Client Data should be addressed as indicated in the “How to Contact Us” section, and include sufficient information for Pharox to identify the Client or its customer or third party and the information to delete or amend. 6. Third Party Services The Service may contain features or links to websites and services provided by third parties. Any information you provide on third party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information. 7. The Following Types of Cookies Are Used In The Site: 1. strictly necessary/essential cookies – These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for cannot be provided. These cookies don’t collect information that identifies a Visitor. 8. Data Security The databases are hosted in the EU data centre. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use SSL technology to encrypt data during transmission through public internet, and we also employ application-layer security features to further anonymize Personal Data. For more details contact our privacy desk via [email protected] However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you believe your Personal Data has been compromised, please contact us as set forth in the “How to Contact Us” section. If we learn of a security systems breach, we apply a standard protocol to respond adequately on the breach also including to inform you and the authorities of the occurrence of the breach in accordance with applicable law. 9. Data Retention We only retain the Personal Data collected from a User for as long as the User’s account is active or otherwise for a limited period of time as long as we need it to fulfil the purposes for which we have initially collected it, unless otherwise required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows:  the contents of closed accounts are deleted after 10 years of the date of closure;  at Client’s request we delete or anonymise any Personal Data. 10. Settings Although we may allow you to adjust your privacy settings to limit access to certain Personal Data, please be aware that no security measures are perfect or impenetrable. We are not responsible for circumvention of any privacy settings or security measures on the Service. Additionally, we cannot control the actions of other Users with whom you may choose to share your information. Further, even after information posted on the Service is removed, caching and archiving services may have saved that information, and other Users or third parties may have copied or stored the information available on the Service. We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons. 11. Data Controller and Data Processor Pharox does not own, control or direct the use of any of the Client Data stored or processed by a Client or User via the Service. Only the Client or Users are entitled to access, retrieve and direct the use of such Client Data. Pharox is largely unaware of what Client Data is actually being stored or made available by a Client or User to the Service and does not directly access such Client Data except as authorized by the Client, or as necessary to provide Services to the Client and its Users. Because Pharox does not collect or determine the use of any Personal Data contained in the Client Data and because it does not determine the purposes for which such Personal Data is collected, the means of collecting such Personal Data, or the uses of such Personal Data, Pharox is not acting in the capacity of data controller in terms of the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR”) and does not have the associated responsibilities under the GDPR. Pharox should be considered only as a processor on behalf of its Clients and Users as to any Client Data containing Personal Data that is subject to the requirements of the GDPR. Except as provided in this Privacy Policy, Pharox does not independently cause Client Data containing Personal Data stored in connection with the Services to be transferred or otherwise made available to third parties, except to third party subcontractors who may process such data on behalf of Pharox in connection with Pharox’s provision of Services to Clients. Such actions are performed or authorized only by the applicable Client or User. The Client or the User is the data controller under the Regulation for any Client Data containing Personal Data, meaning that such party controls the manner such Personal Data is collected and used as well as the determination of the purposes and means of the processing of such Personal Data. Pharox is not responsible for the content of the Personal Data contained in the Client Data or other information stored on its servers (or its subcontractors’ servers) at the discretion of the Client or User nor is Pharox responsible for the manner in which the Client or User collects, handles disclosure, distributes or otherwise processes such information. 12. Specific Privacy Terms 12.1 Children’s Privacy Our Service is not directed to individuals under the age of 13. We do not solicit or knowingly collect Personal data from such individuals. If you become aware that a child has provided us with personal data, please contact us as indicated in the “How to Contact Us” section below. If we obtain actual knowledge that we have collected Personal data from a child under the age of 13, we will take steps to delete such information from our database. 13. Changes and Updates to this Policy Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision, and will comply with applicable law. Your continued use of the Service after the revised Policy has become effective indicates that you have read and understood the current version of the Policy. 14. How to Contact Us If you have any concerns, questions or complaints about this Policy, your Personal Data, our use and disclosure practices or your consent choices, please feel invited to contact our Privacy and Data Protection Desk by email at [email protected] .