General Data Protection Regulation (GDPR)

alertdriving values the trust of our customers and is committed to keeping all customer data safe and secure. Accordingly, we comply with data privacy legislation worldwide and have embedded high standards of security and privacy across all our operations. This commitment enables us to support our customers' compliance with the General Data Protection Regulation (GDPR), which came into effect on May 25th, 2018.

What is the GDPR?

The General Data Protection Regulation (GDPR) is a European Union data privacy regulation designed to strengthen the protection of personal data and harmonize data protection laws across EU member states.

Processor and Controller

A "Controller" means the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. alertdriving customers are considered data controllers.

A "Processor" means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller. alertdriving is considered a data processor.

These roles are defined in accordance with Article 4 of the GDPR.

GDPR Principles

Personal data must be:

Processed lawfully, fairly, and in a transparent manner
Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes
Limited to what is necessary in relation to the purpose for which it is processed
Accurate and, where necessary, kept up to date
Kept only as long as necessary for the purposes for which it is processed
Processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage

"The controller shall be responsible for, and be able to demonstrate, compliance with the principles relating to the processing or personal data." - GDPR, Article 5(2)

GDPR Compliance

alertdriving acts as a data processor and has processes and policies in place to support our customers, who act as data controllers, in fulfilling their obligations under the GDPR.

Data Subject Rights

alertdriving supports the handling of data subject requests to access, correct, amend, or delete personal data. If alertdriving is contacted directly by a data subject (for example, a driver) regarding such a request, the request will be referred back to the relevant customer (the data controller) so that appropriate action can be taken.

Data Breach Notification

alertdriving maintains procedures to identify and report personal data breaches and will notify customers without undue delay so that they may meet their obligations to notify supervisory authorities and data subjects in accordance with GDPR requirements.

Compliance

alertdriving is able to demonstrate its compliance with the GDPR as it relates to the alertdriving services. Upon request by a customer (the data controller) or a supervisory authority, alertdriving will provide relevant information to demonstrate such compliance.

GDPR Readiness

alertdriving is committed to GDPR readiness and has implemented policies, procedures, and technical measures designed to support our customers in meeting their data protection obligations. This commitment is reflected in the following policies and processes:

Data Retention Policy
Privacy Policy
Cookie Policy
Incident Response Plan
Data Breach Policy
Process Documentation
Employee Awareness Training
Data Security
Privacy by Design
Acceptable Use Policy
Clean Desk Policy

Data Subject Rights

Under the GDPR, data subjects (including drivers, administrators, and other individuals who provide us with personal data) have the following rights:

Right to Be Informed
Right of Access
Right to Rectification
Right to Erasure
Right to Restrict Processing
Right to Data Portability
Right to Object
Rights Related to Automatic Decision-Making

What Data Do We Collect?

The types of personal data we may collect and maintain include:

Employee ID
Name
Email address
Company group
Language preference
Country code
IP address

alertdriving does not knowingly collect personal data from children, nor does it collect special category (sensitive) personal data as defined under the GDPR.

About Consent

Consent is a critical component of the GDPR. Where consent is used as the legal basis for processing personal data, it must be freely given, specific, informed, and unambiguous. Records of consent must be maintained where required. Responsibility for obtaining and managing consent rests with our customers, who act as data controllers.

Consent may be withdrawn at any time. alertdriving is able to facilitate the withdrawal of consent upon instruction and approval from the relevant customer.

Data Breach Notification Process

A data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data that is transmitted, stored, or otherwise processed.

alertdriving maintains a breach response process that includes the following steps:

Preparation
Detection
Triage
Investigation with breach notification
Containment
Analysis
Tracking
Recovery

If alertdriving experiences a personal data breach, we are contractually and legally required to notify any affected customer and to cooperate with them in meeting GDPR reporting obligations. Data controllers will be notified without undue delay, enabling them to comply with their obligation to notify supervisory authorities within 72 hours, where applicable.

For Further Information

alertdriving has designated a senior executive to oversee the company's compliance with global data privacy and information security principles. If you have questions or concerns regarding your privacy or personal data, you may contact us using the information below:

Phone (North America): 1-877-867-6642
Phone (International): 1-416-750-0210
Email: privacy@alertdriving.com