Privacy Notice

We at Autofleet Systems Ltd. ("Autofleet" "us", "we", or "our") recognize and respect the importance of maintaining the privacy of our customers and their end users. This Privacy Notice describes the types of information we collect from you when you use our mobile application and/or Platform (collectively "Platform") and/or our services ("Services"). This Privacy Notice also explains how we collect, process, transfer, store and disclose the information collected, as well as your ability to control certain uses of the collected information. "You" means any adult user of the Platform and/or Services.

Autofleet is the data controller in respect of certain processing activities outlined in this Privacy Notice. Our registered office is Shevach 7, Tel Aviv, Israel and our registration number is 515754224. Autofleet is the data processor in respect of processing activities preformed of behalf of its customers (each a "Customer"), including relating to Customer's end users (each an "End User").

"Personal Data" means any information that refers, is related to, or is associated with an identified or identifiable individual or as otherwise may be defined by applicable law.

Privacy Notice Key Points

The key points listed below are presented in further detail throughout this Privacy Notice. These key points do not substitute the full Privacy Notice.

Personal Data We Collect. When you register, we collect Personal Data provided by you, such as your name, phone number, photograph, service related addresses and vehicle information, if and as applicable. We also collect Personal Data when you use the Platform and/or Services, or contact us with questions or complaints. When you visit our Platform and/or use our Services, we automatically collect your IP address and operating system and other information about your use of the Platform and/or Services.
How We Use Your Personal Data. We use the information (including Personal Data) we collect and/or receive mainly to administer and provide the Platform and/or Services, contact you and/or our Customers with administrative information and improve the Platform and Services.
Basis for Processing Your Personal Data. Processing your Personal Data is necessary for the provision of the Services to you. Processing for the purposes of developing new and enhancing our products and Services, for analytics and usage analysis, fraud prevention and security and for our recordkeeping and protection of our legal rights – are all necessary for the purposes of legitimate interests that we pursue.
Sharing the Personal Data We Collect. We share the Personal Data we collect with our service providers and subcontractors who assist us in the operation of the Platform and process the information on our behalf and under our instructions. When we act as a processor on behalf of our Customers, we will share your Personal Data with the applicable Customer.
International Transfer. We use service providers and/or subcontractors located in countries other than your own, and send them your Personal Data. We will ensure to have agreements in place with such parties ensuring the same level of privacy and data protection as set forth in this Privacy Notice. You hereby consent to such international transfer.

Your Rights. Subject to applicable law and additional rights as set forth below, you may have a right to access, update and/or delete your Personal Data and obtain a copy of the Personal Data we have collected about you. You have the right to withdraw your consent to processing, if provided, at any time by contacting us as detailed in this Privacy Notice.

Use of Cookies and Similar Technologies. We use cookies and similar technologies to help personalize your experience by helping save your settings and customizations across visits and for analytics purposes. You can adjust your settings to determine which cookies you do or do not allow. Changing your settings and/or deleting existing cookies may affect the Services.
Data Retention. We retain information for as long as necessary for the purposes set forth in this Privacy Notice. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether those purposes can be achieved through other means, as well as applicable legal requirements.
Security. We implement industry standard measures aimed at reducing the risks of damage and unauthorized access or use of Personal Data, but they do not provide absolute information security. Such measures include physical, electronic, procedural safeguards (such as secure servers, firewalls, antivirus and SSL encryption), and access control and other internal security practices.
Children. We do not knowingly collect personally-identifiable information from children under the age of sixteen (16). In the event that you become aware that an individual under the age of sixteen (16) has enrolled without parental permission, please advise us immediately.
Third-Party Applications and Services. All use of third-party applications or services is at your own risk and subject to such third party's privacy policies.
Communications. Subject to your consent if required under applicable law, we may send you e-mail or other messages about us or our Services. You can stop receiving future communications from us by following the UNSUBSCRIBE link located at the bottom of each communication, by emailing us at hey@autofleet.io.
Changes to the Privacy Notice. We may change this Privacy Notice from time and shall notify you of such changes.
Comments and Questions. If you have any comments or questions about this privacy notice, or if you wish to exercise your legal rights with respect to your Personal Data, please contact us at hey@autofleet.io.

Personal Data We Collect

We collect information from you when you choose to use our Platform and/or Services. In order to use our Platform and/or receive related Services (as a representative of a Customer, a driver and/or passenger and/or fleet operator), you will be required to register and provide us with certain Personal Data, such as your name, phone number, driver home addresses and vehicle information, if applicable.

If you are a “rider”, we may receive your Personal Data as provided by our Customer.

If you are a “driver” or “fleet operator”, you are our Customer’s employee or contractor and you use our Services on behalf of the Customer or as part of your employment and/or provision of services to the Customer. We collect your Personal Data, when you use the Services.

If you are a driver or a rider using our Platform and/or Services we also collect your photograph.

We collect ride orders (including pickup, drop-off and passenger details, as detailed above) and vehicle data (such as model, color and MPG) both from our Customers as well as driver data (as detailed above).

We also collect Personal Data when you request information from us or contact us for any other reason. Examples of the Personal Data that we collect from you when you engage in any of the activities detailed above, may include name, email address and phone number. Such Personal Data may be collected by us through the Platform or by our Customers, as applicable.

In addition, when you use the Platform, certain information may be automatically gathered by us or by our Customers about your computer, mobile device or the vehicle, such as operating system, IP address, device ID, driving speed and subject to your consent as may be required under applicable law, vehicle (geo) location, as well as your browsing history and any information regarding your viewing and service history on our Platform.

It is your voluntary decision whether to provide us with any such Personal Data, but if you refuse to provide such information we may not be able to register you to the Platform and/or provide you with the Services.

How We Use Your Personal Data

General

We and any of our trusted third-party subcontractors and service providers use the Personal Data we collect from and about you for any of the following purposes: (1) to provide you and/or our Customer(s) with the Platform and/or Services; (2) to respond to your and/or the Customer’s inquiries or requests, contact and communicate with you; (3) to develop new products or services and conduct analyses to improve our current content, products, and Services; (4) to review the usage and operations of our Platform and Services; (5) to use your data in an aggregated, non-specific format for analytical purposes (as detailed below); (6) to prevent fraud, protect the security of our Platform and Services, and address any problems with the Platform and/or Services and (7) to provide customer support.

Statistical Information

By analyzing all information we receive, including all information concerning users, we may compile statistical information across a variety of platforms and users ("Statistical Information"). Statistical Information helps understand trends and customer-needs so that new products and services can be considered and so existing products and services can be tailored to customer desires. Statistical Information is anonymous and aggregated and we will not link Statistical Information to any Personal Data. We may share such Statistical Information with our partners, without restriction, on commercial terms that we can determine in our sole discretion.

Analytics

We and/or our service providers or subcontractors, use analytics tools ("Tools"), including "Google Analytics" to collect information about the use of the Platform and/or Services. Such Tools collect information such as how often users visit the Platform, what features they use when they do so, and what other sites and mobile applications they used prior to visiting the Platform. The Tools may collect certain Personal Data, and may link such Personal Data to specific information stored in our customer database. We use the information we get from the Tools to improve our Platform and Services. Google's ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use located at http://www.google.com/analytics/terms/us.html and the Google Privacy Policy located at http://www.google.com/policies/privacy/.

Legal Uses

We may use your Personal Data as required or permitted by any applicable law.

Basis for Processing Your Personal Data

Processing your Personal Data is necessary for the provision of the Services to you, including responding to your inquiries or requests, contacting and communicating with you and providing customer support.

We use your Personal Data based upon the following legal bases: (i) when necessary for legitimate interests we pursue; (ii) when necessary for the provision of the Services to you; and (iii) when necessary to comply with a legal or regulatory obligation.

The legitimate interests we pursue when processing your Personal Data include the following purposes: (i) developing and enhancing our products and Services; (ii) for analytics and usage analysis of our Platform and/or Services; (iii) for fraud prevention and security; and (iv) for our recordkeeping and protection of our legal rights. In conducting such processing activities, we balance these legitimate interests against the rights and interests of our users. If you would like more information regarding how we make such determinations, please contact us through the contact information specified below.

Please note that we may process your Personal Data for more than one legal basis depending on the specific purpose for which we are using your Personal Data. Please contact us if you would like details about the specific legal ground we are relying on to process your Personal Data.

Disclosure of Information

We share your information, including Personal Data, as follows:

Service Providers and Subcontractors

We disclose information, including Personal Data we collect from and/or about you, to our trusted service providers and subcontractors, who use such information to: (1) help us provide you with the Services; (2) aid in their understanding of how users are using our Platform and/or Services.

Such service providers and subcontractors include:

Google Cloud Platform based in US and EU who provide hosting and database services
Google Analytics based in the United States who provide analytic services with respect to our Platform.
Nexmo Inc. based in the United States to send SMS code for authentication of users of our driver mobile application.
Mixpanel, Inc. based in the United States to provide analytic services with respect to our platform.

Data Controllers

When you use our Platform and/or Services, we also disclose your Personal Data to the Customer that acts as a controller with respect to the collection of your Personal Data and through which you use the Services.

International Transfer

We use subcontractors and service providers and may have Customers who are located in countries other than your own (as set forth above), and send them information we receive (including Personal Data). We conduct such international transfers in order to provide you and/or our Customers with the Services. We will ensure that these third parties will be subject to written agreements ensuring the same level of privacy and data protection as set forth in this Privacy Notice, including appropriate remedies in the event of the violation of your data protection rights in such third country.

Whenever we transfer your Personal Data to third parties based outside of the European Economic Area (EEA), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in the EEA.
Where we use providers based in the US, we may transfer data to them if they have been certified by the EU-US Privacy Shield which requires them to provide similar protection to Personal Data shared between the Europe and the US or any other arrangement which has been approved by the European Commission.

Please contact us the contact information listed below if you would like further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.

You hereby consent to such international transfer described above.

Business Transfers

We may transfer our databases containing your Personal Data if we sell our business or part of it, including in cases of liquidation. Information about our users, including Personal Data, may be disclosed as part of, or during negotiations of, any merger, sale of company assets or acquisition and shall continue being subject to the provisions of this Privacy Notice.

Law Enforcement Related Disclosure

We will fully cooperate with any law enforcement authorities or court order requesting or directing us to disclose the identity, behavior or (digital) content and information of or related to an individual, including in the event of any user suspected to have engaged in illegal or infringing behavior. We may also share your Personal Data with third parties: (i) if we believe in good faith that disclosure is appropriate to protect our rights, property or safety (including the enforcement of the Terms and this Privacy Notice); (ii) to protect the rights, property or safety of third parties; (iii) when required by law, regulation subpoena, court order or other law enforcement related issues; or (iv) as is necessary to comply with any legal and/or regulatory obligation. You can request such Personal Data as specified herein by emailing us at hey@autofleet.io.

Security

We make efforts to follow generally accepted industry standards to protect the Personal Data submitted to and collected by us, both during transmission and once we receive it, including by implementing the below:

Safeguards - The physical, electronic, and procedural safeguard we employ to protect your data include secure servers, firewalls, antivirus and SSL encryption of data.

Access Control - We dedicate efforts for a proper management of system entries and limit access only to authorized personnel on a need to know basis of least privilege rules, review permissions quarterly, and revoke access immediately after employee termination.

Internal Policies - We maintain and regularly review and update our privacy related and information security policies.

Personnel - We require new employees to sign non-disclosure agreements according to applicable law and industry customary practice.

Encryption - We encrypt the data in transit using secure https TLS 1.2 protocol.

Database Backup – Our databases are backed up on a periodic basis for certain data and which are verified regularly. Personal Data included in our backups is encrypted and stored within the production environment to preserve their confidentiality and integrity and are tested regularly to ensure availability, and are accessed only by authorized personnel.

However, no method of transmission over the Internet, or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Your Rights - How to Access and Limit Our Use of Certain Information

You have certain rights in relation to the Personal Data that we hold about you, as detailed below. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information and/or comply with any of your requests, as detailed below:

Right of Access and Data Portability. You have a right to know what Personal Data we collect about you and, in some cases, to have the information communicated to you. Subject to the limitations in applicable law, you may be entitled to obtain from us a copy of the Personal Data you provided to us (excluding information that we obtained from other sources) in a structured, commonly-used, and machine-readable format, and you may have the right to request that we transmit such Personal Data to another party. If you wish to exercise this right please contact us letting us know what information in particular you would like to receive and/or transmit. Subject to applicable law, we may charge you with a fee. Please note that we may not be able to provide you with all the information you request, for instance, if the information includes Personal Data about another person. Where we are not able to provide you with information that you have asked for, we will endeavor to explain to you why. We will try to respond to any request for a right of access as soon as possible.
Right to Correct Personal Data. Subject to the limitations in applicable law, you may request that we update, correct or delete inaccurate or outdated Personal Data and/or that we suspend the use of Personal Data, the accuracy of which you may contest, while we verify the status of that Personal Data. We will correct your Personal Data within a reasonable time from the receipt of your written request thereof.
Deletion of Personal Data (“Right to Be Forgotten”). In certain circumstances you have a right to have Personal Data that we hold about you deleted. Should you wish to have any Personal Data about you deleted, please contact us, using the contact information specified in this Privacy Notice. Subject to applicable law, we will delete Personal Data provided to us by a user within a reasonable time from the receipt of a written (including via email) request by such user to delete such collected Personal Data. We cannot restore information once it has been deleted. Please note that to ensure that we do not collect any further Personal Data, you should also delete our Platform from any device you use to access it and terminate your account with us and clear our cookies from any device where you have used our Platform. We may retain certain Personal Data (including following your request to delete) for audit and record-keeping purposes, as well as other purposes, all as permissible and/or required under applicable law. We may also retain your information in an anonymized form.
Right to Object. Subject to applicable law, you may have the right to object to processing of your Personal Data for certain purposes.
Supervisory Authority. If you are a European Citizen, you may have the right to submit a complaint to the relevant supervisory data protection authority.

Data Retention

Subject to applicable law, we retain information as necessary for the purposes set forth above. We may delete information from our systems, without notice to you, once we deem it is no longer necessary for the purposes set forth in this Privacy Notice. We may also retain your information in an anonymized form. In addition, retention by any of our processors may vary, in accordance with the processor's retention policy.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether those purposes can be achieved through other means, as well as applicable legal requirements.

Autofleet data retention information:

We retain the Personal Data for the course of the ride and delete promptly after it ends.
We retain “Driver Data” for as long as is otherwise required to deliver our Services or as directed by the relevant Customer.
We retain “Vehicle Data” as long as is otherwise required to deliver our Services and as directed by the relevant Customer.

Please note that we retain the Personal Data throughout the period listed above, except for Personal Data we need to investigate and realize our legal rights and our claims, as well as certain Personal Data that we must store for a legally mandatory period of time. When certain Personal Data is only saved due to a legally mandatory preservation term, the processing of it by us is limited, even where you do not specifically request this.

Processors data retention information:

Name of processor	Default data retention period
Google Analytics	14 Months
Google Cloud Platform	For each type of data, they set retention timeframes based on the reason for its collection, for example: IP address- 9 months
Nexmo	12 months
Mixpanel	12 months

Cookies and Similar Technologies

We use cookies and similar technologies to help personalize your experience. Third parties through which we provide the Services may be placing and reading cookies on your browsers, or using web beacons to collect information in the course of assisting us in providing the Services. When visiting this Platform, you shall be informed of the terms of this Privacy Notice, including our use of and placement of cookies and other similar technologies on your device as specified herein.

What are Cookies?

A cookie is a small piece of text that is sent to a user's browser or device. The browser provides this piece of text to the device of the originating user when this visitor returns.

A "session cookie" is temporary and will remain on your device until you leave the Site.
A "persistent" cookie may be used to help save your settings and customizations across visits. It will remain on your device for much longer or until you delete it.
First-party cookies are placed by us, while third-party cookies may be placed by a third party. We use both first- and third-party cookies.
Information may also be collected through web beacons, which are small graphic images ("pixel tags"), which usually work together with cookies in order to identify users and user behavior. These may be shared with third parties.

We may use the terms "cookies" to refer to all technologies that we may use to store data in your browser or device or that collect information or help us identify you in the manner described above.

How We Use Cookies

We use cookies and similar technologies for a number of reasons, for example, in order to help personalize your experience and obtain analytical (anonymized) data for our own internal use.

The specific names and types of the cookies, web beacons, and other similar technologies we use may change from time to time. However, the cookies we use generally fall into one of the following categories:

Type of Cookie	Why We Use These Cookies
Security	These cookies can help us identify and prevent security risks. They may be used to store your session information to prevent others from changing your password without your login information.
Analytics	These cookies collect information regarding your activity on our Platform to help us learn more about which features are popular with our users and how our Platform can be improved.

How to Adjust Your Preferences

Most Web browsers are initially configured to accept cookies, but you can change this setting so your browser either refuses all cookies or informs you when a cookie is being sent. In addition, you are free to delete any existing cookies at any time. Please note that some features of the Services may function improperly when cookies are disabled or removed.

Third Party Cookies we use: Google Analytics. For more information, please see above.

Third-Party Applications and Services

All use of third-party applications or services is at your own risk and subject to such third party's privacy policies.

Communications

Subject to your consent and applicable law, we may send specific end users (drivers and passengers) messages, including push notification, about our Services. You may stop receiving future communication from us by emailing us at hey@autofleet.io. You will also be given the opportunity to unsubscribe from commercial messages in any such message we send. Please note that we reserve the right to send you service-related communications, including service announcements and administrative messages relating to your account, without offering you the opportunity to opt out of receiving them. Should you not wish to receive such communications you may cancel your account.

Children

We do not knowingly collect personally-identifiable information from children under the age of sixteen (16). In the event that you become aware that an individual under the age of sixteen (16) has enrolled without parental permission, please advise us immediately.

Changes to the Privacy Notice

When visiting this Platform, you shall be informed of the terms of this Privacy Notice. If you do not agree with the terms hereof, please do not use the Platform. We may update this Privacy Notice from time to time –in which case, we shall notify you of such changes. We will post the updated Privacy Notice on this page. Please come back to this page every now and then to make sure you are familiar with the latest version. Any new Privacy Notice will be effective from the date it is accepted by you.

Comments and Questions

If you have any comments or questions about this privacy notice, or if you wish to exercise any of your legal rights, please contact us at hey@autofleet.io.

Last updated: September 2018