Privacy Policy


Last updated on July 28, 2022

Rarestep, Inc. trading as "Fleetio" ("Fleetio", "we", "us", or "our") has created this privacy policy ("Policy") to inform you ("you" or "your") of when and how your personal information is collected, used, disclosed and protected when you use our services ("Service").

You acknowledge that this Policy is to be read in conjunction with our Terms of Service (available at https://www.fleetio.com/terms) or any other agreement entered into between you and us ("Agreement"), and that by accessing and using our websites, our apps, or Service, you agree to be bound by the Agreement as well as this Policy.

We reserve the right to update and change this Policy from time to time and will provide notice to you by changing the "last updated" date above. All changes are prospective only. It is your obligation to be familiar with the most current version of the Policy. Continued use of the Service after any such changes shall constitute your acknowledgment of and consent to such changes. You can review the most current version of the Policy at any time at https://www.fleetio.com/privacy.

If you are using the Service on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that company or other legal entity to this Policy, in such event, "You" will refer and apply to that company or other legal entity.

ABOUT US

Fleetio is a company incorporated in the United States of America that provides its software as a service which enables its customers to track, analyze and improve their fleet operations.

WHAT INFORMATION DO WE PROCESS?

We collect, use and disclose two types of information: Personal Information and Non-Personal Information.

"Personal Information" is information that is directly associated with a specific person or entity, including but not limited to, names, email addresses, usernames, passwords, and payment information. When we process your Personal Information, we do so in accordance with this Policy.

"Non-Personal Information" is information we collect or compile that by itself cannot be directly associated with a specific person or entity. We may compile "Non-Personal Information" into "Aggregate Data". This Policy in no way restricts or limits our collection and use of Non-Personal Information and Aggregate Data, and we may share Non-Personal Information and Aggregate Data that we collect or compile with third parties for various purposes, including to help us better understand our customer needs and improve our Service, and for advertising and marketing purposes.

WHOSE PERSONAL INFORMATION DO WE PROCESS?

We collect and process your Personal Information when you are a visitor to our website (as well as any microsites and apps) ("Visitor") or when you are a customer or user of our software ("Customer").

Our website and our Services are not targeted at children nor do we allow children to use our Services and website. We will not knowingly process the Personal Information of children.

HOW DO WE COLLECT YOUR PERSONAL INFORMATION?

Most of the Personal Information we process about you is information that you knowingly provide to us (i.e., Personal Information that you provide directly to us). However, in some instances, we process Personal Information that we are able to infer about you based on other information you provide to us (such as supporting documents) or on our interactions with you, or Personal Information about you that we receive from a third party using a process that we have told you about. We shall also automatically receive certain types of information when you interact with our Service or browse our website.

WHAT PERSONAL INFORMATION DO WE PROCESS AND WHY?

Visitor

When you visit our website, we may collect your computer's IP address, access times, your browser type and language, and referring website addresses. We may also collect information about the type of operating system you use, your account activity, and files or pages accessed or used by you. We use collected information to track engagement in key product areas in an effort to continually improve the user experience. You reserve the right to remove yourself from that type of tracking. We use cookies to process information, which may include your Personal Information. Please refer to the "COOKIE POLICY" section below for more information about what cookies we use and why.

When you as a Visitor contact us or ask us to contact you, for example by you filling in your details on our websites using the "Contact Sales" function, we collect your Personal Information and use it to respond to your questions and contact you.

Customer

When you are a customer or prospective customer, we collect certain Personal Information about you such as your name, contact details and further information about the organization you represent. We use collected information about you to enter into the Agreement with the organization you represent; to process your requests or billing transactions; to provide you with information or services you request; to inform you about other information, events, promotions, products, or services we think will be of interest to you and to which you have consent; and to support and facilitate your usage of the Service.

INFORMATION SHARING AND DISCLOSURE

We will not give, sell, rent, share, or trade any of your Personal Information or any data that you store using our Service to any third party except i) with your explicit consent or ii) as outlined in this Policy. We reserve the right to share Non-Personal Information and Aggregate Data as described in this Policy.

We may, however, disclose and share your Personal Information:

  • With third party service and technology providers to facilitate the operation of the Service, to perform related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Service's features, or to process credit card payments), or to assist us in analyzing how our Service is used.
  • With a third party to comply with a court order, subpoena, search warrant, or other legal processes; to comply with legal, regulatory, or administrative requirements of any governmental authorities; to protect and defend us, our subsidiaries and our affiliates, and our officers, directors, employees, attorneys, agents, contractors, and partners, in connection with any legal action, claim, or dispute; to enforce the Agreement; to prevent imminent physical harm; and in the event that we find that your actions violate any laws, our Agreement, or any of our usage guidelines for specific products or services.
  • in connection with an acquisition, merger, consolidation or sale of all or a portion of our business, with or to another company. In any such event, you will receive notice if your data is transferred and becomes subject to a substantially different privacy policy.

CROSS-BORDER DATA TRANSFERS

Fleetio is headquartered and processes Personal Information in the United States of America ("US"). The US may have different data protection laws to the country where you reside. If you are required to execute a data processing agreement with us, please refer to our Data Processing Agreement (available here) which includes the European Union's Standard Contractual Clauses.

HOW LONG DO WE RETAIN YOUR PERSONAL INFORMATION?

We will not retain your Personal Information longer than is necessary to achieve the purpose for which the information was collected and processed, unless we are required to do so by law, there is another lawful purpose to retain your information for a longer period; we reasonably need it for lawful purposes related to the performance of our functions and activities or you agree to us retaining it for a specified further period.

MODIFYING YOUR PERSONAL INFORMATION

If you are a registered user of our Service, you may review, update, correct or delete your personal information by logging into the Service and editing your profile.

SECURITY: HOW DO WE PROTECT YOUR PERSONAL INFORMATION?

We are very concerned with safeguarding your information. We take reasonable steps to protect the information we collect from you to prevent loss, misuse and unauthorized access, disclosure, alteration, and destruction. Highly confidential personal information such as credit card data is protected with encryption using Secured Socket Layer (SSL) technology during transmission over the Internet. But, remember that no method of transmission over the Internet or method of electronic storage is 100% secure.

Your account information and access to our Service is accessible only through the use of an individual username and password. You should keep your password confidential and do not disclose it to any other person. Please note that we will never ask you to disclose your password in an unsolicited phone call or email. You are responsible for all activities which are conducted using your account or password.

All data in the Service is stored and processed through third party subprocessor Amazon Web Services (AWS), which has its processing in the United States of America and Ireland. You can learn more about AWS' privacy and security processes here: https://aws.amazon.com/privacy/

COMMUNICATION, DIRECT MARKETING AND OPT-OUT OF TARGETED ADVERTISING

We may, from time to time, send you emails or communicate with you about updates to our Services, updated legal documents and for customer support purposes. Where such communication amounts to direct marketing, we shall only do so with your consent and in all other instances we communication with you because it is necessary for our legitimate business interests. Unless we are required by law to communicate with you (e.g., where we are required to notify you about data breaches), we will always give you the opportunity to unsubscribe from receiving our communication.

If you would like to opt-out of targeted advertising, you may find additional information at www.aboutads.info, networkadvertising.org/choices, or youronlinechoices.eu (Europe only), otherwise no additional action is required.

BREACH PROTOCOL

In the case of a data breach, we will notify affected users – without undue delay and where feasible – within 72 business hours. The notification will include the nature of the breach, likely consequences, a detail action plan and a main technical point of contact at Fleetio.

NON-U.S. USERS

European Union General Data Protection Regulation (GDPR)

As a data controller, we have updated our Service and processes as required by GDPR, including giving data subjects in the European Union the following rights:

  • Right of access : While using our Service, you will have access to all data within your account. You reserve the right to access this data and/or request copies of this data.
  • Right to rectification : You can require us to have inaccurate personal information corrected.
  • Right to erasure : You can require us to erase personal information in certain circumstances where there is no lawful basis for us to retain such personal information. Please note, however, that in some instances we must retain your personal information for certain periods of time as required by law.
  • Right to restriction of processing : You can require us to restrict our processing of your personal information in certain circumstances
  • Right to object : You reserve the right to ask us what personal data is being processed and the rationale for such processing if that should ever be unclear.You have the right to object to the processing of your personal information at any time, on reasonable grounds relating to your particular situation, unless the processing is required by law.
  • Right to data portability : You reserve the right to erasure and data portability. You will have the ability to export data in your account and keep for yourself or import into another system. After Service cancellation, data will not be retained on our servers if requested in writing. In addition, you can delete any type of personally identifiable information within your account or request to be removed from any type of customer communication at any time.
  • Right to withdraw consent : You maintain the right to withdraw consent to manual or automated data processing when previous consent has been given. This could include all future processing or processing during a specific timeframe. This could include removal of data from an account or a request to remove an email from a specific mailing list.
  • Reject cookies: You can reject the use of cookies by changing your browser settings or clicking "reject" when you first enter our website.
  • Right to complain : You can raise a complaint about our processing with the data protection regulator in your jurisdiction, or with our data protection officer.

Your duty: While using our Service, you'll be able to update all personally identifiable information to maintain accuracy.

If you require measures beyond our Privacy Policy, please access our Data Processing Agreement (DPA) here.

EU-U.S. Privacy Shield Framework

Fleetio complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Fleetio has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the PrivacyShield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the Privacy Shield Principles, Fleetio commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our Data Protection Officer (DPO) at help@fleetio.com.

Fleetio has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.

As set forth in the Privacy Shield Principles - https://www.privacyshield.gov/EU-US-Framework - Fleetio is accountable for personal information that it receives and subsequently transfers to third parties acting as an agent on its behalf. If third parties that process personal information on our behalf do so in a manner that does not comply with the Privacy Shield Principles, we are accountable, unless Fleetio proves that it is not responsible for the event giving rise to the damage.

Should anyone feel that Fleetio has failed to comply with the Privacy Shield Principles concerning the handling of personal information, and if Fleetio has not been able to resolve that complaint itself, he/she may contact the applicable EU data protection authority (DPA).

As set forth in the Privacy Shield Principles, binding arbitration will also be made available to a complainant to address any complaints that have not been resolved through other mechanisms. Fleetio is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

COOKIE POLICY

Like many websites, we use "cookies" to collect information. A cookie is a small data file that we transfer to your computer's hard drive for record-keeping purposes. Most web browsers automatically accept cookies as the default setting. For example, we use cookies to enable you to use the Service without re-entering your username and password if you select to use the "Remember Me" functionality. A "web beacon" is an electronic image that is embedded in a web page. We use "web beacons" to count visits and compile statistics on usage or in our emails to tell if an email has been opened or acted upon.

We have also included information about cookies set by third parties. Given that these relate to third party services, we cannot guarantee the completeness or accuracy of the list, but we can say that we have done our best to ensure the list is as accurate as possible at the time this policy was prepared. Nevertheless, we strongly recommend that you consult the third party websites listed in the cookie descriptions to find out more about the third party cookies in question.

Cookies set by Fleetio

id This cookie provides a temporary identifier so that we can track unique users across different requests.

rememberMe This is a cookie which allows you to return to secure.fleetio.com without having to type in your username/password combination again.

_fleetio_reports_distance_unit, _fleetio_reports_volume_unit, mp, nav_state This cookie is used to keep track of a user's preferences.

_fleetio_session This cookies is used to keep track of a user's session, so that they can remain logged in.

Cookies set by third parties

identify, ajs_anonymous_id, ajs_user_id, ajs_group_id, seg_xid, seg_xid_fd, seg_xid_ts Cookies set by Segment. We use Segment to gain deeper understanding of how visitors and users engage with our service. You can find more information about Segment's privacy policy here: https://segment.com/docs/legal/privacy/

__utma, __utmb, __utmc, __utmv, __utmz, _ga Cookies set by Google Analytics, which is a service we use to gain a better understanding of how people use our service. You can read more about Google's privacy policy here: https://policies.google.com/privacy?hl=None

__distillery, muxData Cookies set by Wistia, a video player, to keep track of videos and video playback locations. You can find more information about Wistia's privacy policy here: https://wistia.com/privacy

_hp2_id Cookie set by Heap Analytics to capture customer touchpoints. You can find more information about Heap Analytics' privacy policy here: https://heapanalytics.com/privacy

_ok, _okbk, _okdetect, _oklv, olfsk, wcsid, hblid Cookie set by Olark Live Chat software, which provides functionality for websites to engage in instant messaging communication with visitors. Contains a site identifier, used for security purposes. You can find more information about Olark's privacy policy here: https://www.olark.com/privacy-policy/

fs_intercom, fs_uid Cookies set by Full Story to record user experiences, allowing us to the improve user experience of our product. You can find more information about Full Story's privacy policy here: https://www.fullstory.com/legal/privacy/

intercom_id, intercom_iou, intercom_session Cookies set by Intercom which allows us to help Customers better use Fleetio through opt-in email and in-app communication. You can find more information about Intercom's privacy policy here: https://www.intercom.com/terms-and-policies#privacy

km_ai, km_lv, km_ni, kvcd Cookies set by Kissmetrics which allows us to understand what visitors are interested in learning more about and improve our marketing site experience. You can find more information about Kissmetrics' privacy policy here: https://signin.kissmetrics.com/privacy/

We recommend that you review your browser's privacy settings and adjust them accordingly if you wish to deny cookies from any sites.

QUESTIONS AND CONTACT INFORMATION

If you have any questions about this Privacy Policy, please contact us.