Effective date: 10/28/2024
This Privacy Policy ("Policy") describes what information Nauto, Inc. and Nauto Global Limited, its service providers, and affiliates (collectively, "Nauto," "we," "our" or "us") collects when you use Nauto's product and services and how Nauto processes this information for itself and on its customers' behalf.
When we talk about the "Services" in this Policy, we are referring to the use of the Nauto device (both the device hardware and the software which supports and interacts with the device), Nauto's applications, use of your account through the Nauto website or other Nauto products and services. If you are a website user, we provide additional details about how we collect and use information from our public website in our Privacy Policy for Nauto Website Visitors.
Nauto Global Limited, an Irish registered company, will provide the Services to Nauto's Customers in the European Union, and Nauto, Inc., a United States company, will provide Nauto's customers with the Services in all other countries. Details of these Nauto companies are set out at the end of this Policy.
Nauto is a processor of any personal information it processes when providing the Services. This means that it will only process the personal information pursuant to the controllers' ( i.e. "customers" such as your employer) instructions.
Nauto may, on behalf of its customers, collect and analyze information (including personal information) about users (such as drivers and passengers) of the Services and other individuals (such as members of the public whose images may be captured by the Services). This content and information is referred to in this Policy as "Customer Data" and is controlled by Nauto's customers. To the extent that Nauto captures, stores and analyzes Customer Data, Nauto does so on behalf of its customers.
If you are using the Services by invitation of a Nauto customer, whether that customer is your employer, another organization, or an individual, Nauto collects, stores, and analyzes your data on behalf of its customer in a manner consistent with this Privacy Policy, though that customer will otherwise determine its own additional policies regarding the treatment of Customer Data in its possession which may apply to your use of the Services. Nauto may implement some of these policies on its customers' behalf. Please check with the customer about the policies it has in place.
Nauto is a controller of "Nauto data". Nauto anonymizes or pseudonymizes certain personal information to train the Nauto algorithm, which will benefit the customers from which the data originates, Nauto and other Nauto customers as well as improve road safety.
The Nauto device is an intelligent fleet safety system that allows the collection of internal and external event data from vehicles in order to improve driver safety and fleet operations. Nauto devices use image sensor and position sensor technology to scan a driver's environment and collect information. This includes:
Technical information: The device's image sensors are both inward and outward facing. In addition to potentially capturing limited video clips and images of drivers and passengers, the Nauto device may also collect the following types of information:
Information about driving and road conditions: The Nauto device and Services may also collect information about a vehicle's environment and experience while on the road, including information about:
Information about drivers and passengers: The Nauto device and Services may also collect other personal information about drivers (and passengers where indicated) such as:
Driver activity: The Nauto device's software may also analyze driver behavior, posture and movements in order to help ensure safety and prevent accidents. This is done for safety reasons in order to protect the vital interests of the drivers and passengers. The device may process the following information about a driver's behavior:
Driver profile: If specifically requested by the customer, the Nauto device may use videos and photographs in order to create a limited abstracted non-geometric visual profile of a driver for that Nauto customer. Only at the customer's direction, this software may create a limited profile that is used to determine similarity of appearance of a driver in one particular photo or a video captured by a Nauto device to another photo or a video captured by a Nauto device to match multiple trips (potentially across multiple vehicles in the fleet) into one driver record for the customer's benefit.
To provide more details, and to the extent requested by a customer, we may display a driver's Profile name and photo, and link that Profile with information collected by that driver's Nauto device. In order to create these Profiles on behalf of customers, Nauto may collect information such as names, username, password, photographs, location, and contact information of drivers.
Customer or emergency services: At customer's request, for coaching or emergency services, the Nauto
Services may also receive from customer input or customer systems other personal information about drivers to be added, only at customers' request, to driver profiles such as:
Passersby: Some images and information about members of the public may also be captured by the device.
Account creation information
Customers may create a Nauto account to make it easier to communicate with us and access the Services we provide. To create an account, customers may be asked to provide information such as names, usernames, passwords and contact information.
Services usage information
This is information about customers and customer personnel who are accessing and using the Services, which may include details of administrative, technical and support communications with us.
Log data
When our Customers use the Services we may collect log data such as your Internet Protocol address, the date and time of your use of the Services and cookie data.
Pseudnomymized/Anonymized data
When permitted by our customers, we anonymize or pseudonymize certain Customer data to train our algorithm.
Provide and Improve Nauto Services
Nauto may access and use Customer Data as reasonably necessary and in accordance with a customer's instructions to provide and improve the Services. For example, Nauto may, on its customers' behalf and in accordance with their instructions, use this information to understand and predict traffic flows, advise drivers of hazards in real time, determine the cause and consequence of individual driving behavior and events and develop composite safety scores for drivers or vehicles or portions of the customer organization (e.g. a region or subfleet).
Nauto may also use Customer Data as set forth in our agreement with the customer or as expressly permitted in writing by the customer or as required by law.
Technical support
Nauto may also use this information to provide technical support, to prevent or address service, security, technical issues, to improve the quality of service Nauto provides or at a customer's request in connection with customer support matters.
To understand and develop our Services
We carry out research and analyze trends to better understand how users are using the Services and improve them for the customers.
Communicating with customer personnel and marketing
If customer personnel contact us with a problem or question, we will use customer personnel information to respond. We may also send customer personnel service and administrative emails and messages, and we may contact customer personnel to inform them about changes in our Services, our service offerings, and important service-related notices, such as security and fraud notices. These emails and messages are considered part of the Services we are contractually obliged to provide to customers' personnel and, apart from marketing emails, customer personnel may not opt-out of them. Where we send emails about new product features or other news about Nauto, customer personnel and other recipients can opt out of these at any time.
Billing and account management
We use account data to administer accounts and keep track of billing and payments. This processing of Nauto Data is necessary for us to provide the Services to Customers.
Investigating fraud and abuse
We work hard to keep the Services secure and to prevent abuse and fraud. Any processing of Nauto Data in these circumstances will be in our legitimate interests and the legitimate interests of our customers and their personnel to have their data kept secure and free from abuse and fraud. Processing of Customer Data in these circumstances shall be on behalf of our customers.
Anonymizing/pseudonymizing data to train the Nauto Algorithm
This Policy is not intended to place any limits on what Nauto does with data that it anonymizes/pseudonymizes such that the data is no longer associated with and can no longer be linked to an identifiable user or customer of the Services. Nauto uses anonymized/pseudonymized information for business purposes, including for product improvement, analytics, industry and market research, and other purposes consistent with Nauto's business needs. Examples of anonymized/pseudonymized information used by Nauto include information on:
Nauto may share information described in this Policy from time to time. Our customers determine their own policies for the sharing and disclosure of Customer Data. Nauto does not control how customers or their third parties choose to share or disclose Customer Data.
Nauto may share Customer Data and other information in accordance with our agreement with our customers and our customers' instructions, including with:
Security
Nauto takes security seriously. Nauto maintains administrative, technical, and physical safeguards designed to protect the privacy and security of the information that it collects. These safeguards take into account the nature of the information we collect, process and store, and the current state of technology. The Nauto cloud is supported by customer authorized third-party vendors and service providers that process and store information in compliance with this Policy and any other appropriate confidentiality and security measures.
In addition to technological security measures, Nauto places access controls on its employees, contractors, and agents.
Nauto protects all behavior and driver profile information using the same or more strict security procedures that it uses to protect other confidential data.
We only retain Customer Data if necessary in accordance with our agreement with the customer or as expressly permitted in writing by the customer or as required to comply with our legal obligations.
Generally, Nauto retains such information for no longer than is reasonably necessary. Subject to legal obligations and restrictions, Nauto will make reasonable, good-faith efforts to permanently destroy all such information pertaining to a person under the following circumstances:
Generally, we only store Nauto Data for as long as is necessary for the business purposes for which the data is processed by Nauto. This means certain account creation information and general account information along with Services usage information will typically be stored while the account remains active or for shorter periods if possible. We may retain certain Nauto Data after an account has closed if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, prevent fraud or abuse, or enforce this Policy and our agreements with customers. For example, certain Nauto Data such as financial and payment information may need to be stored for a number of years after payment is made in accordance with applicable tax and corporate laws. Nauto may store anonymized data, indefinitely.
Storage
Most data (including most Customer Data) is temporarily stored locally on the Nauto device and only select data as agreed with the customer (including only select Customer Data) is sent up into the cloud in the USA.
Does Nauto Use Children's Information?
The Services are not directed at children under 13 years. If you learn that a child under 13 has provided us with personal information without parental or guardian consent, please contact us. Should our Services capture information about children (as passengers or outside the relevant vehicle), this information will only be processed on behalf of customers where it is in the vital safety interests of children or those of others or where the processing is in our customers' legitimate interests or those of the children or the public.
Does Nauto Transfer Data Internationally?
If you are using the Services in the European Union or other regions outside of the United States with laws governing data collection and use that may differ from U.S. law, be advised that Nauto may transfer your information, Customer Data and Nauto Data to the United States and other countries with differing data protection laws and differing government agency data access rules.
If we collect your information in the EU or the UK when we transfer your information outside the EU or the UK, we may transfer it to countries that have been recognized as offering an adequate protection by the EU or the UK. When this adequacy status has not been offered, we use standard contracts that can be used in the EU or the UK to safeguard your information while transferring it outside the EU or the UK.
Nauto, Inc., complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Nauto, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this Policy and these EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view Nauto Inc.’s certification, please visit https://www.dataprivacyframework.gov/.
Nauto, Inc. is accountable for the personal information received under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, including any subsequent transfers to third parties Nauto, Inc. engages solely to the extent such third parties are acting on Nauto Inc.’s behalf.
If third-party agents process personal data on Nauto Inc.’s behalf in a manner inconsistent with the DPF Principles, Nauto, Inc. remains responsible and liable under the EU-U.S. DPF and the UK Extension unless Nauto, Inc. demonstrates that it is not responsible for the event giving rise to any damages.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Nauto commits to resolve DPF Principles-related complaints about our collection or use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact Nauto at privacy@nauto.com.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Nauto commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com for more information or to file a complaint. The services of JAMS are provided at no cost to you. You may also have the ability, under certain conditions, to invoke binding arbitration for complaints regarding EU-U.S. DPF and the UK Extension to the EU-U.S. DPF compliance not resolved by a complaint to Nauto or through JAMS. More information related to this arbitration procedure is available at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introductiondpf?tabset-35584=2. Nauto is subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to its compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
If your personal information is comprised in Customer Data, then you should contact the customer in relation to any statutory rights you may have to access, rectify, erase, restrict or object to customer's processing of your data.
If you are based in the EEA, UK, Switzerland or are a legal resident of California in the U.S., you have certain rights in relation to your information if your personal information is comprised in Nauto Data. Depending on your location, the following may apply:
In compliance with the EU-U.S. DPF Principles, individuals have the right to (a) access the personal information about them that is comprised in Nauto Data and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated and (b) opt out of (i) disclosing their information to a third party, unless such third party is acting as an agent to perform task(s) on behalf of and under the instructions of Nauto and (ii) their information being used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals.
Please use the contact details set out below to contact Nauto Global Limited should you wish to exercise these rights. You can also access your personal information comprised in the Nauto Data by sending us a request at privacy@nauto.com. After we verify your identity, we will provide you with a copy of this personal information. If you are based in the European Union, without prejudice to any other rights you may have, you also have the right to file a complaint against Nauto Global Limited with your lead supervisory authority, and also with the Irish Data Protection Commissioner, which is our Lead Supervisory Authority by contacting them at info@dataprotection.ie.
We may revise this Policy from time to time. We will provide notice of any changes on this page, and if the changes are significant, we will provide a more prominent notice, for example by contacting our customers. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Policy.
If you have any questions about Nauto's Policy or practices and if you are based in the European Union, please contact Nauto Global Limited at privacy@nauto.com or at the address below:
Nauto Global Ltd
Bank of Ireland Workbench
39 St Stephen's Green
Dublin 2, D02 HF62, Ireland
Nauto Global Limited will be the data controller of Nauto Data in relation to its customers in the European Union.
If you have any questions about Nauto's Policy or practices and if you are based outside the European Union, please contact Nauto, Inc. at privacy@nauto.com or at the address below:
1259 Reamwood Ave.
Sunnyvale, CA 94089 USA
