PRIVACY POLICY

Cambridge Mobile Telematics Inc (“CMT”) are committed to protecting and respecting your privacy.

Privacy Policy

Scope

Cambridge Mobile Telematics, Inc. (CMT) takes your privacy seriously. This policy explains how we collect, use, and protect Personal Data submitted and collected by our website located at www.cmtelematics.com and through CMT-branded mobile applications.

This Policy Only Applies to the Processing or Collection of Personal Data

Personal Data means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

Role as Controller

This Privacy Policy describes our role as a ‘controller’ of Personal Data (the party that decides the purpose and means of the processing of Personal Data).

Role as Processor

This Privacy Policy does notapply to the extent we process Personal Data in the role of a ‘processor’ (service provider) on behalf of our customers as part of our telematics service.

If you are enrolled in a telematics program with one of our customers (insurance company, etc.), you must contact them (and not CMT) regarding privacy issues and to exercise any of your privacy rights.

By visiting our website or using our services or CMT-branded mobile applications (including without limitation, the DriveWell Go app and OpenRoad app and not mobile applications with customer branding), you are accepting and consenting to the terms of this Privacy Policy.


2. Processing Activities Covered


3. Data Collection

A. Personal Data We Collect Directly from You

The Personal Data we collect directly from you may include identifiers, commercial information, and internet activity information, among others.

We may collect such information in the following situations:

B. Personal Data We Collect Directly from Other Sources

We also collect information from other sources including third parties (from whom we may purchase Personal Data and from publicly available information). We may combine this information with Personal Data provided by you.

We collect such Personal Data from these sources: Third-party providers of business contact email addresses, IP addresses, social media profiles, LinkedIn URLs, and custom profiles, for purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility, and verifying contact information.

C. Use of Tracking Technologies and Cookies

We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons, pixels, and similar technologies to automatically collect information that may contain Personal Data as you navigate our websites, our services, or interact with emails we have sent to you.

Automatically When You Visit Our Sites

This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider and/or mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites.

This information is used to analyze overall trends, help us provide and improve our websites, offer a tailored experience for website users, and secure and maintain our websites.

Automatically (as a Controller) as Part of Our Cloud Services

This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server), mobile device number, device and application identification numbers, location, browser type, Internet service provider or mobile carrier, the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system and system configuration information and date and time stamps associated with your usage.

This information is used to maintain the security of the services, to provide necessary functionality, to improve the performance of the services, to assess and improve customer and user experience of the services, to review compliance with applicable usage terms, to identify future opportunities for the development of the services, to assess capacity requirements, and to identify customer opportunities.

Some data collected by the services, whether alone or in conjunction with other data, could be personally identifiable to you. Please note that this data is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers.

Cookies

We use technologies, such as cookies, to gather information about the use of our websites and how people interact with our emails.

When you visit our websites, we, or an authorized third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer browsing preferences, and improve and customize your browsing experience.

In many cases, you may opt-out of the collection of non-essential device data on your web browser by managing your cookies at the browser or device level.

For further information about our use of cookies please see our Cookie Policy.

Notices on Behavioral Advertising and Opt-Out for Website Visitors

We or one of our authorized partners may place or read cookies on your device when you visit our websites to serve you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”). To learn more about targeted advertising and advertising networks please visit the opt-out pages of the Network Advertising Initiative at https://optout.networkadvertising.org/ and the Digital Advertising Alliance at https://optout.aboutads.info/.

To manage the use of targeting and advertising cookies on this website, click the Cookie Preferences link in the footer of the page or consult your browser settings for cookies.

Do Not Track

While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform. Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our websites.


4. Purposes for Processing and Legal Basis

We rely on the following authorized legal basis to collect and process your Personal Data, unless consent is required by law, for the purposes in the chart below:

  • To fulfill our contractual obligations to you
  • To comply with our legal obligations
  • Legitimate business purpose/interest

5. Disclosure and Sharing

CMT does not sell your Personal Data.  For specific information, or to ask questions of our privacy team, please contact us at privacy@cmtelematics.com.

We may share your Personal Data as follows:

A. Service Providers

Our contracted service providers, who provide services such as IT and system administration, help desk, CRM, marketing automation, cloud-hosting, and deploying emergency medical services and tow services for our crash-detection offerings.

B. Customers of CMT.

If you are invited to use our services or mobile app by a CMT customer (for example, auto insurance company), we may share your Personal Data with such customer to the extent this is necessary for verifying accounts and activity, performing under a contract, investigating suspicious activity, or enforcing our terms and policies.

C. Our Affiliates 

With affiliates within our corporate group, to the extent such sharing of data is necessary to fulfill a request you have submitted via our websites or for customer support, marketing, technical operations, and account management purposes of fulfilling our contractual obligations to you.

D. Event Sponsors

If you attend a physical or online event or contest organized by us, or download or access content, we may share your Personal Data with sponsors of the event. If required by applicable law, you may consent to such sharing via the registration form or by allowing your attendee badge to be scanned at a sponsor booth. In these circumstances, your information will be subject to the sponsors’ privacy policies.

E. Third-party Networks and Websites

With market our services to you on  third-party social media networks, advertising networks, websites, and third-party platforms (e.g., Google, Twitter, LinkedIn, and Facebook), and assess the performance of our marketing efforts.

F. Professional Advisers 

In individual instances, we may share your Personal Data with professional advisers acting as service providers, processors, or joint controllers – including lawyers, bankers, auditors, and insurers based in countries in which we operate, and to the extent, we are legally obliged to share or have a legitimate business interest in sharing your Personal Data.

G. Change in Ownership

To a successor, if we engage in a merger, reorganization, or other corporate change, or sell a business unit, or a significant portion of our business. By applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.

H. Anonymous and Aggregated

We use driving data to look at driving trends, such as how often people drive distracted, which cities/states have the highest prevalence of speeding, or how the average length or distance of trips changes around holidays, etc. CMT de-identifies your Personal Data to the extent that it cannot be reasonably re-associated with you. Where possible, data is not only anonymized but data such as name, address, age, gender, etc., is made inaccessible. We may also share anonymous and aggregated usage data in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our services. In cases where the results of these processing activities are shared with third parties, such anonymous and aggregated data does not contain any of your Personal Data.

I. Legal Requirements

We may be required by law or legal process to disclose your Personal Data, to enforce our legal agreements, or to protect our rights, property, safety, our customers, or others, and we will try to take steps to limit any such disclosure.


6. Retention

We may retain your Personal Data for a period consistent with the original purpose of collection (see Section 4 above) or if required to fulfill our legal obligations. We determine the appropriate retention period for Personal Data based on the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorized use or disclosure of the Personal Data, the need to maintain and improve our technology, whether we can achieve the purposes of the processing through other means and based on applicable legal requirements (such as applicable statutes of limitation).

After the expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.


7. Your Rights Relating to Your Personal Data

A. Your Rights

You may have certain rights relating to your Personal Data, subject to data protection laws that apply to you based on your residency (whether the GDPR or a US State Data Protection Law). Depending on the applicable laws these rights may include the right to:

  • Access your Personal Data held by us;
  • Know more about how we process your Personal Data;
  • Rectify inaccurate Personal Data and, considering the purpose of processing the Personal Data, ensure it is complete;
  • Erase or delete your Personal Data;
  • Restrict our processing of your Personal Data;
  • Transfer your Personal Data to another controller, to the extent possible;
  • Object to any processing of your Personal Data;
  • Opt-out of certain disclosures of your Personal Data to third parties;
  • Know what categories of Personal Data are shared for delivering advertisements on non-CMT websites, applications, and services and the categories of recipients of such Personal Data;
  • Opt-out of the sharing of your Personal Data for delivering advertisements on non-CMT websites, applications, and services;
  • Withdraw your consent at any time (to the extent we base processing on consent), without affecting the lawfulness of the processing based on such consent before its withdrawal; and
  • Not be discriminated against for exercising your rights as described above.

Where we process your Personal Data for our direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.

B. How to Exercise Your Rights

To exercise your rights, please contact us by email at privacy@cmtelematics.com, or by phone at 800-941-7177. Your Personal Data may be processed in response to these rights. We try to respond to all legitimate requests within 45 days unless otherwise required by law. We will contact you if we need additional information to honor your request or verify your identity.

To exercise your rights as they pertain to driving or vehicle information, CMT must be able to identify you in our system.  To do this, we need to know which CMT mobile application you have used and if you registered with us, the email address and phone number used to sign up. 

C. Your Rights Relating to Customer Data

As described above, we may also process Personal Data submitted by or for a customer to our services. If not stated otherwise in this Privacy Policy or a separate disclosure, we process such Personal Data as a processor on behalf of our customer (and its affiliates) who is the controller of the Personal Data. We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those explained in this Privacy Policy. If your data has been submitted to us in our role as a processor by or on behalf of a CMT customer and you wish to exercise any rights you may have under applicable data protection laws, CMT may not be authorized to respond to your request and you must inquire with them directly.


8. Your Rights as a Data Subject in the European Union

If you are a “Data Subject” in the European Economic Area, (EEA), the UK, or Switzerland, (together Europe) and we collect or you provide us with any Personal Data as that term is defined under the General Data Protection Regulation (GDPR) or UK equivalent, the following applies:

A. Data Subject Rights

Data Requests. You can ask us what Personal Data we hold, about you, and you can ask us to access it, have a copy of it, correct it if it is inaccurate, restrict the processing of it, object to the processing of it, erase it or withdraw your consent to us processing it, under certain circumstances.

Exercise Rights. To exercise your rights regarding your Personal Data by email, mail, or phone, please use the contact information provided at the bottom of this Privacy Policy. We will respond to all legitimate requests within 30 days, where possible, and will contact you should we require additional information to honor your request. You may also complain to the supervisory authority of the country in which you are located or to our EU (or UK) representative.

Storage Outside the EU. When you register for our service, your Personal Data will be stored outside of Europe on our servers in the United States. If we further transfer this Personal Data, it will be transferred to a Sub-processor that: (i) is located in a third country or territory recognized by the EU Commission to have an adequate level of protection; (ii) we have entered into Standard Contractual Clauses with; or (iii) has other legally recognized appropriate safeguards in place. By submitting your Personal Data, you agree to this transfer, storing, or processing of your Personal Data outside of Europe.

Retention. We will retain your Personal Data for as long as necessary for the relevant activity for which it was provided or collected, by our then current data retention policy, unless you otherwise request that it be deleted sooner by this Privacy Policy. We may retain Personal Data for longer, where necessary to comply with our legal obligations (including law enforcement requests), to meet regulatory requirements, resolve disputes, enforce our legal agreements, or fulfill your request to “unsubscribe” from further messages from us. We will retain de-personalized information.

Opt-Out Process. We will send you marketing emails if you “opt-in” to receive marketing emails when registering to use our website, mobile app, or service, or if you have enquired about, or purchased any of our goods or services. Please note that, if you change your mind about being sent marketing emails you can “opt-out” at any time by clicking the “unsubscribe” link at the bottom of any marketing email. Once you “opt-out,” you will no longer receive any marketing emails from us. We will continue to communicate with you regarding your service billing and support via email.

B. Data Controller

Cambridge Mobile Technology Inc. of 314 Main Street Cambridge, MA 02142, USA is the data controller for the GDPR. Please note that we have a data protection officer (DPO) who can be contacted as follows: tim.vogel@cmtelematics.com CMT’s lead supervisory authority is the Hungarian Data Protection Authority. CMT utilizes DataRep for UK representation.


9. International Transfer of Personal Data

CMT ensures any transfers of personal data to a third country or an international organization are subject to appropriate safeguards by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR). Where required by applicable law, we will only share, transfer, or store your Personal Data outside of your jurisdiction with your prior consent.


10. Your Rights as a Resident of California, Colorado Connecticut, Virginia, and Utah

A. Coverage. This section applies to you only if you are a natural person and live in California, Colorado, Connecticut, Virginia, or Utah. We use this notice to make disclosures required by these state laws. Please note that the rules implementing some of these laws have not yet been finalized. We are continuously working to better comply with these laws, and we will update our processes, disclosures, and this notice as these implementing rules are finalized.

B. No Sale of Personal Data. CMT does not sell Personal Data. We may allow third parties to collect Personal Data from our sites or services if those third parties are authorized service providers who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Data, or if you use sites or services to interact with third parties or direct us to disclose your Personal Data to third parties.

C. Exercise Rights. Selected state laws grant their residents certain rights, which may include the rights to know and access specific types of Personal Data, to learn how we process Personal Data, to request deletion of Personal Data, to request correction of Personal Data, to opt-out of sharing your Personal Data for third party advertising purposes, and not to be denied goods or services for exercising these rights. To exercise your rights regarding your Personal Data, please see Section 7.b.

D. Opt-Out Process. If you would like to opt-out of shares using your cookie identifiers, turn on a Global Privacy Control in your web browser or browser extension. If you would like to opt-out of shares using other identifiers (like email address), please refer to Section 7.b. of this Privacy Policy. We may need to verify your identity and place of residence before completing your rights request.

E. Retention. We will retain your personal information by our then-current data retention policy, unless you otherwise request that it be deleted sooner, by this Privacy Policy.


11. Other Terms

A. Automated Decision Making

To conduct business and provide services to our customers with the CMT-branded mobile applications, CMT may utilize algorithms defined as automated decision-making under Article 22 of the General Data Protection Regulation (GDPR).

This processing is considered:

  • Necessary for the performance of a contract between the controller and the individual;
  • Where the controller has obtained the individual’s explicit consent; or
  • CMT has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. These measures also include controls to provide all individuals using the CMT-branded mobile applications with the following rights:
    • To access your Personal Data;
    • To rectify or delete your Personal Data;
    • To restrict the processing of your Personal Data;
    • To object to the processing of your Personal Data;
    • To transfer your Personal Data (data portability)
    • To obtain human intervention by CMT;
    • To express your view on the automated decision; and
    • To contest the automated decision.

B. Industry Standard Security

While we use industry-standard security measures to protect against the loss, misuse, and alteration of the Personal Data under our control, there is no guarantee that it cannot be compromised. We have aligned our Information Security Management System with ISO 27001 standards and are audited against the framework on an annual basis.

C. For CMT-Branded Mobile Applications.

Mobile Application Privacy Details

The following information applies only to CMT-branded mobile applications (including without limitation, the DriveWell Go app and OpenRoad app (and not to mobile applications with customer branding)).

    • As of December 8, 2020, CMT is required to provide information about our mobile application’s privacy practices as part of the Apple App Store.
    • This is intended to assist users in understanding an app’s privacy practices before they download the mobile application on any Apple platform.
    • The data below may be collected and linked to your identity. This information is not used for tracking* purposes:
      • Contact Info – Email
      • Health & Fitness – Fitness (Motion)
      • Location – Precise
      • User Content – Photos or Videos
      • Identifiers – User ID and Device ID
      • Usage Data – Interaction
      • Diagnostics – Crash Data
      • Other Data

*Apple defines tracking as: linking data collected about a user or device with third-party data for advertising, advertising measurement purposes, or sharing data about a user or device with a data broker.

Google Permissions Declarations 

This Privacy Policy together with our Mobile App License Agreement, and any other documents referred to, sets out the basis on which CMT collects Personal Data from users, or which users provide, when using the CMT-branded mobile applications.

D. Children

We do not intentionally gather Personal Data about visitors who are under the age of 16.

E. No Contractual Rights

This Privacy Policy is not a contract and does not create any contractual rights or obligations.

F. Links to Third Party Sites 

Our services and website may contain links to other sites and services owned and controlled by others. These third-party websites have privacy policies, and you should review those policies.

G. Revisions to this Policy 

We may change this policy at any time and changes will be posted on this page and, where appropriate, notify you through emails or by updating this policy online. Please check back frequently to see any updates or changes to our Privacy Policy.

This Privacy Policy was last revised on April 6, 2023