ConfidentialityPersonal data protection policy
SA ARHS SPIKESEED (hereinafter, the 'Provider') has developed a computer system, named Fleetback. Fleetback allows you to create a set of photos and videos, associate them with a set of structured data and attached files (all constituting the 'Interventions') via Internet services (the 'Services') through mobile applications to be installed and executed on a mobile device, as well as a web application located at www.fleetback.com (the 'Website'). A description of the Service features (the 'Features') is available on the Website.
'User' means any staff member of a car dealership who uses its Services. To do this, the user must create an account (the 'Fleetback Account').
ABOUT THE DATA OBTAINED
The Services allow subscribed Users to have a communication tool available for communicating with the car dealership's customers. This tool allows the User to take photos and / or videos in order to record a message and also enter the customer's contact information or automatically import this data from the dealership's internal software ('Dealer Management System' or 'DMS').
The Provider does not interfere with the User's use of the personal data processed via the Application.
The User agrees to comply with the legislation on the protection of personal data to which it is subject. The User ensures to obtain the consent of their customers or any other concerned persons for the use of their contact information and sending of messages.
It guarantees the Provider against any action by a third party claiming the existence of a violation of legal provisions as a result of data processing operations carried out via the Services in the context of its own data processing.
As a subcontractor, the Provider is required to perform technical operations on the User's data and undertakes to perform operations on such data only in a context which is strictly required for the provision of Services, such as those described in the Features.
REGARDING THE DATA PROCESSED BY THE PROVIDER AS PART OF THE ADMINISTRATION OF USERS' FLEETBACK ACCOUNTS
The User can access their Fleetback Account online by connecting from a specially created account within the web application. Access to the Fleetback Account only requires authentication via an e-mail address and password. The user can freely choose, when creating the Fleetback Account, the e-mail address and password.
When creating the Fleetback Account, the User is asked to provide certain data for identification purposes. These include the following: email address, last name, first name, phone number (optional), and profile picture (optional). This User is able to modify this information at any time in the web application.
The data communicated by Users as well as data related to their use of the Services will be processed by the Provider for the provision of the Services, the management of its customers and the production of statistics to help it improve its Services. These data will not be communicated to third parties, unless the Provider is required to do so by law. The Provider may also process this data in the context of preventing and managing fraud in the use of the Services and, in the event of a dispute, to defend its interests.
USE OF USER CONTACT DATAThe Provider uses the contact data provided by the User:
- To contact the User for the purposes of providing the Services, in particular to inform them of new Functionalities;
- To send them information on new services offered by the Provider.
The User has the ability to object at any time to the continued use of his or her contact data, in the latter case by unsubscribing to the mailing lists.
THE FLEETBACK DATABASE
The User authorizes the Provider to enter the data intended to enable the processing of the Intervention files created by the User (customer name, email address and telephone number of the customer, quote) into the Fleetback Database.
PRIVACY AND SECURITY
The Provider undertakes to respect the strictest confidentiality regarding the personal data it stores and processes in connection with the Services and not to disclose them to third parties except to the extent necessary for the provision of the Services or if it is required to do so by law. The Provider shall ensure observance of this obligation by our employees, agents or potential subcontractors.
Data storage and security
The Provider shall take all reasonable technical measures in the light of the state of the art to protect personal data against accidental or unauthorized destruction by third parties, accidental loss and modification, access and all other unauthorized processing by third parties. However, the Provider cannot guarantee that this data cannot be accessed by third parties in the case of hacking or computer piracy, even if the latter takes all reasonable measures to ensure data protection.
With regard to data storage services, the servers, on which the data associated with Fleetback Accounts are stored, are located within the European Economic Area or in a country offering an adequate level of protection. The Provider may use third party companies and sub-contract services or rent data storage media to them. In this case, the Provider obtains commitments from the subcontractor or third party in terms of confidentiality and security equivalent to those offered to the User in the context of this document in terms of security and confidentiality of the data.
The User, whose data are stored by the Provider, may request information from the Provider at any time about the place where the data are stored and request a written description of the technical and organizational measures implemented to ensure the confidentiality and security of the data by sending a request to the following address: email@example.com. In its response and description, the Provider is likely to omit any technical elements or details where required, if their disclosure could compromise the security of the data.By using the Services, the User acknowledges that:
- they have been sufficiently informed of the technical and organizational measures that the Provider takes to ensure the security and confidentiality of its data so that they are adequately protected, taking into account the state of the art and technology, against accidental or unauthorized destruction by third parties, against accidental loss and against modification, access and any other processing not authorized by third parties;
- these measures are sufficient and adequate with regard to the data that the User intends to store in the context of the Services.
Damage to data security
If a user notices a data security incident, they shall let the Provider know as soon as possible at the following address: firstname.lastname@example.org.
RIGHT TO ACCESS, MODIFY AND DELETE DATA
Data accessible via the Accounts
Users who have created a Fleetback Account can consult and modify their personal data at any time. All they have to do is log into their Fleetback account, go to their profile and make the desired changes or deletions.
Other personal data
Any User or any third party may exercise their rights to access, modify and object regarding their personal data. For personal data that the Provider processes and that can not be accessed, modified or deleted directly by the User through the features of the Services, the User or the third party may address a request for access, modification or objection by post to the following address:
ARHS SPIKESEED S.A.
2b, Rue Nicolas Bové
Proof of identity will be requested, which implies that they must attach a copy of their identity card. The application must be dated and signed. The Provider will respond to this request within the period set out by the Luxembourg data protection legislation.
AMENDMENT OF OUR DATA PROTECTION POLICY
The Provider reserves the right to update and modify the terms of its data protection policy at any time and on a regular basis, provided that Users are informed 8 days before the updated or modified terms enter into force. The updated version of this policy will always be available on the Website. Use of the Website or Services by the User after changes or revisions to the data protection policy implies acceptance of the policy as amended. If the User does not accept these changes, it is up to the User to cancel their account.
Our commitments and requirements regarding the protection of personal data are subject to Luxembourg legislation on the protection of personal data.