GDPR

Overview

Alertdriving values our customer trust and is committed to keeping all customer data safe and secure. Hence, we conform to data privacy legislation around the globe and have enshrined the highest standards of security and privacy in all our operations. This gives us a strong position on supporting our customers compliance with The General Data Protection Regulation (“GDPR”) requirements which becomes effective on May 25th, 2018.

What is GDPR?

The General Data Protection Regulation (“GDPR”) is a new European privacy regulation which replaced the EU Data Protection Directive (“Directive 95/46/EC”). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection Law.

GDPR Principles

Personal Identifiable Information (PII) must be:

• Processed in a lawful, fair and transparent manner
• Collected for specific purpose and cannot be further processed
• Data collection limited to what is necessary for processing
• Data must be accurate and kept up to date
• Kept only for time necessary
• Data Must have appropriate security

“the controller/processor shall be responsible for, and be able to demonstrate, compliance with the principles.”

GDPR Compliance

Alertdriving (the processor) have processes and policies in place so that our customers (controllers) can fulfill their obligations under GDPR.

• Data Subject Rights: Respond to requests from data subjects to correct, amend or delete personal data. If contacted by a Data Subject (driver) to correct or delete their personal data then Alertdriving will direct the request back to our customer (their company) to take the appropriate action.
• Data Breach Notification: Be made aware of and report personal data breaches to relevant supervisory authorities and data subjects in accordance with GDPR timeframes.
• Compliance: Demonstrate their compliance with the GDPR as pertaining to Alertdriving Services. If called upon by our customer (the Data Controller) or a supervisory authority, we will demonstrate our compliance with the GDPR in provision of alertdriving services.

GDPR Readiness

Alertdriving is GDPR ready. We have invested heavily in preparation to support our clients. This is reflected in the following policies and processes.

• Data Retention Policy
• Privacy Policy
• Cookie Policy
• Incident Response Plan
• Data Breach Policy
• Process Documentation
• Employee Awareness Training
• Data Security
• Privacy by Design
• Acceptable Use Policy
• Clean Desk Policy

Data Subject Rights

Data subjects (drivers, administrators and other that provide us with personal data) has the following rights under GDPR.

• Right to be Informed
• Right of Access
• Right to Erasure
• Right to Restrict Processing
• Right to Data Portability
• Right to Object
• Rights related to Automatic Decision Making

About Consent

Data subjects consent is critical component of GDPR. Consent must be freely given, specific and unambiguous. Consent must be stored when Personal Identifiable information (PII) is involved. This consent management lies with our customers (controllers). Consent can be withdrawn at any time and alertdriving is able to facilitate this once it is approved by our customers.

What Data do we collect?

The type of information we usually collect and maintain may include:

• Employee ID
• Name
• E-mail Address
• Company Group
• Language Preference
• Country Code
• IP Address

Alertdriving does not collect information on children or any special category or sensitive information.

Processor and Controller

"Controller" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Alertdriving customers are considered controllers.

"Processor" means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller. Alertdriving is considered a processor.

Data Breach Notification Process

A data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Alertdriving breach process follows the steps below:

1. Prepare
2. Detect
3. Triage
4. Investigation** breach notification
5. Containment
6. Analysis
7. Tracking
8. Recovery

If we experience a data breach, then alertdriving is contractually and legally required to notify any affected customer of the breach and to cooperate with them to satisfy GDPR reporting obligations

Controllers will be notified without undue delay and within 72 hours.

For further information:

AlertDriving has designated a senior management executive to oversee the company's compliance with Global Data Privacy and Information Security Principles. If you have questions or concerns regarding your privacy or Personal Information, you may contact us at the address listed below:

Chief Privacy Officer 
AlertDriving
North America:  1-877-867-6642
International:  001-416-750-0210
Fax:  416-750-7862
Email:  privacy@alertdriving.com
12 Concorde Place, Suite 800
Toronto, Ontario, M3C 3R8
Canada