Data Protection Policy

  • PREAMBLE

    • Personal data is playing an increasingly important role in our economies, societies and everyday lives. New and innovative technologies are generating significant volumes of personal data, and modern communications networks and processing systems are enabling organisations to collect, analyse, use, share and store data on a global scale.

      It is against this context that data protection legislation has been developed and implemented in various regions across the world.

      Cartrack recognises the Data Subjects’ rights to privacy and is committed to protecting and controlling the use of the personal data that it collects, in accordance with the regulatory requirements of the jurisdictions in which it operates.

      Executive management is continuously assessing the need to develop and implement or amend further policies, procedures and terms and conditions, including those with regard to data protection; consent policies and forms; data access; security breaches and employee privacy requirements.
    • This policy governs the collection, use and disclosure of personal data provided to Cartrack. It directs how we gather, store and handle personal data of Data Subjects, customers and other stakeholders, in accordance with relevant data protection legislation.

    PURPOSE

  • APPLICATION

    • This policy applies to all legal entities within the Cartrack Group, including all employees, as well as third parties who provide services to the Group and covers personal data collected and managed by the Cartrack Group.
  • WHAT IS PERSONAL DATA

    • “Personal data” means any information or pieces of information relating to an individual, that could identify that individual, either directly (e.g. by name) or indirectly (e.g. through pseudonymised data). Personal data therefore includes things like email/home addresses, usernames, profile pictures, user generated content, financial information, and geolocation.
  • PRINCIPLES FOR THE COLLECTION AND PROCESSING OF PERSONAL DATA

    • Collection/processing

      Cartrack will only collect personal data when it is necessary to comply with legal obligations that apply, or when such processing operation is necessary for the performance of a contract or pre- contractual procedures.

      Cartrack may also process information if it has a legitimate interest, provided that in each case our interest is in accordance with applicable law and the rights of the Data Subject.

      When none of the other lawful processing conditions support the data processing operation, Cartrack will only process personal information if it has obtained the consent of the Data Subject to process said personal data for specific, explicit and legitimate purposes.
    • Purpose

      Cartrack will only disclose or use personal data for the fulfilment of the specific purposes for which it was obtained, or for other lawful processing.
    • Accuracy

      Cartrack will take all reasonable steps to ensure that personal data that it processes is accurate, complete and up to date.
    • Openness

      Cartrack is committed to openness regarding its policies and practices of handling of personal data.
    • Security

      Cartrack will ensure that appropriate security safeguards are in place to protect personal data from loss, unauthorised access, destruction, use, modification or disclosure.
    • Transfers

      Cartrack may transfer personal data outside the European Union to be processed by some of its service providers, companies associated with and/or belonging to the Cartrack Group. In this case, Cartrack ensures that this transfer takes place in accordance with the legislation in force and that an adequate level of protection of personal data is guaranteed based on standard data protection clauses adopted, in accordance with Article 46 of the European Union General Data Protection Regulation (“GDPR”).

      Under no circumstances does Cartrack transfer personal data, outside the conditions described above, or sell personal data to third parties.

    • Retention

      Cartrack will retain personal data for as long as is necessary for the purposes for which it was collected. In some cases, data retention may occur for longer periods, especially when applicable law so requires.
    • Access

      The Data Subject may request a copy of their personal data from Cartrack and, where required, instruct Cartrack to effect changes to correct the data or to permanently delete their personal data, in accordance with local regulations.
  • RIGHTS OF THE DATA SUBJECT

    • Withdrawing consent or choosing to delete some types of personal data may prevent Cartrack from supplying certain services to a Data Subject, or responding to queries as a prospective employee or supplier. In order to better protect and safeguard personal data, Cartrack takes steps to verify the identity of a Data Subject before granting access or making changes to personal data.
      Rights
      Explanation
      Information
      The Data Subject has the right to be provided with clear, transparent and easily understandable information about how we use personal data, and what the Data Subject’s rights are
      Access
      The Data Subject has a right to access, and to receive a copy of, any personal data we hold about the individual (subject to certain restrictions). A reasonable fee may be charged for providing such access but only where permitted by law
      Rectification
      The Data Subject has the right to have personal data rectified if it is incorrect or outdated and/or completed if it is incomplete
      To be forgotten
      The Data Subject has the right to have personal data erased or deleted; subject to legal or legitimate grounds for retaining the personal data
      Direct marketing
      The Data Subject may unsubscribe or opt out of direct marketing communication at any time
      Withdrawal of consent
      The Data Subject may withdraw consent to our processing of personal data when such processing is based on consent. Where consent is withdrawn, the lawfulness of processing prior to withdrawal is not affected
      Objection to processing
      The Data Subject may object to the processing of personal data when such processing is based on the legitimate interests pursued by the data controller, such as the:

      Improvement of our products and services

      Enhancement of our communication with the Data Subject

      Proper administration of our website

      Risk management
      Protection of legal rights
      Lodge a complaint
      The Data Subject has the right to contact the relevant data protection authority to lodge a complaint against our data protection and privacy practices
      Data portability
      The Data Subject has the right to move, copy or transfer personal data from our database to another. This only applies to personal data that the Data Subject has provided, where processing is based on a contract or explicit consent, and the processing is carried out by automated means
      Restriction
      In circumstances limited by the GDPR, the Data Subject may restrict the processing of personal data, so that it can be stored, but not used or processed further, such as:

      Inaccurate data contested by the Data Subject must be restricted until verified and corrected

      Processing is unlawful but the Data Subject objects to the erasure thereof

      Cartrack no longer requires the Data Subject’s data but the Data Subject requires it to be stored for the establishment, exercise or defence of legal claims

      The Data Subject objects to processing based on Cartrack’s legitimate interests, until verification of overriding rights
  • DATA PROTECTION OFFICER

  • RESPONSIBILITIES

    • This policy framework falls within the scope and responsibility of the Risk Committee which reports to Cartrack’s Board of Directors.

      Compliance is verified by Internal Audit which reports independently to the Board of Directors