1.1. INTERNATIONAL DATA LAW COMPLIANCE

GPS Insight General Data Protection Regulation (GDPR/UK GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws.

GPS Insight processes Personal Information in accordance with applicable privacy laws, including  the EU/UK General Data Protection Regulation (GDPR/UK GDPR), the California Consumer Privacy Act, as amended by the CPRA (CCPA), and Canada’s Personal Information Protection Electronic Documents Act (PIPEDA).

When we transfer Personal Information internationally, we use legally recognized transfer mechanisms, including the EU Standard Contractual Clauses and the UK Addendum, and we impose equivalent protections on our subprocessors. Our DPA includes the appropriate transfer terms for customer data

1.2. BUSINESS ACCOUNTS AND DATA PROCESSING AGREEMENTS

In certain circumstances, particularly where GPS Insight provides services to business customers under a Master Services Agreement or similar enterprise contract, the processing of Personal Information related to those Services may also be governed by a separate DPA or equivalent contractual terms. Where a DPA has been executed, the DPA governs the collection, use, disclosure, storage, security, and international transfer of Personal Information processed by GPS Insight on behalf of that business customer in connection with the provision of the Services, and the terms of the DPA will control over this Privacy Policy to the extent of any conflict as it relates solely to such Service-related data. The DPA sets out specific obligations, instructions, and rights regarding the processing, security, sub-processor use, and international transfer of customer data, as required by applicable data protection laws such as the GDPR, CCPA, and PIPEDA. Business customers are responsible for ensuring that their use of the Services, including the Personal Information of their end users or employees they submit to the Services, complies with applicable data protection laws and with the terms of the DPA. This Privacy Policy continues to apply to Personal Information we collect and process as a data controller, including information related to website visitors, marketing activities, and account management, except where superseded by the DPA for Service-related data. If you are a business customer and do not have a DPA in place, please contact us at [email protected].

“Personal Information” means any information that relates to an identified or identifiable individual. This includes an individual’s name, home address and phone number, email address, age, sex, marital or family status, an identifying number, driver’s license number, license plate number, financial information, educational history, employer information, and other identifying information necessary or useful to providing the telematics products or services to you. We may collect Personal Information for the following purposes: (i) providing the Services and any contents, features, information, products, or services that we may make available through the Services; (ii) opening and managing your account; (iii) identifying and communicating with you about the Services; (iv) responding to your requests and inquiries; (v) servicing and managing your account and orders; (vi) delivering requested products and services; (vii) enrolling you in programs and processing subscriptions; (viii) providing warranties for products and services; (ix) contacting you about appointments and following up to determine satisfaction with products and services; (x) communicating with you about our Services and promotions; (xi) notifying you of upcoming events of interest; (xii) improving our Services, including by analyzing your information and creating aggregated data derived from your information to develop, maintain, analyze, improve, optimize, measure, and report on our Services and how users interact with them; (xiii) carrying out our obligations and enforcing our rights arising from any contracts entered into between you and us, including for billing, collection, and granting credit; (xiv) enabling AI and automated technologies integrated with the Services to process, analyze, and derive insights from collected data, including for safety scoring, event detection, route analysis, and other telematics-based features; and (xv) for any other purpose for which you provide it or with your consent.

GPS Insight is careful about what information is collected and retained. We subscribe to a transparent information collection approach to allow our customers awareness about what information may be captured by the system, including data processed by AI-enabled devices and automated technologies. Our management team reviews policies and practices on a defined cadence to confirm information is obtained and retained appropriately. GPS Insight complies and adheres to relevant rules of law with respect to data collection and data privacy.

When GPS Insight collects Personal Information from a third-party source, we validate that the sources are reputable, and the information is collected fairly and legally.

We inform our customers, before or at the time of collecting Personal Information, of the purposes for which we are collecting the information. However, we may not provide this notification when a customer volunteers information for an obvious purpose (for example, providing a credit card for a purchase when the information will be used only to process the payment).

You are not required to provide the Personal Information that we have requested, but, if you choose not to do so, in some cases we will not be able to provide you with certain features within our products or services.

2.1. PERSONAL INFORMATION CATEGORIES

The categories of Personal Information that we collect or may collect include, but are not limited to, the following:

Location Information. Telematics units may track device location by sending GPS coordinates to the GPS Insight Portal application. We may also determine location by using other data from your mobile device, such as information about wireless networks or cell towers near your device. We use and store information about your location to enable many product features that are dependent upon location tracking. We may also use collected location information to troubleshoot software, to conduct data analysis, to do testing, research, and to monitor and analyze usage and activity trends to improve and customize the Services. AI-enabled features integrated with the Services may use location data to generate route analytics, safety scores, and predictive insights.

Device Information. We may collect information about the devices you use to access our Services, including hardware details, operating system details, software details, unique device identifiers, serial numbers, device motion information, device location, mobile network information, and telematics device data such as odometer readings, engine diagnostics, fuel consumption, and vehicle identification numbers (VINs).

Log Information. As you interact with our Services, we may collect server logs, which may include information such as device IP address, access dates and times, application pages viewed, app crashes, browser details, and other system activities. In addition, we may use third-party services such as Google Analytics that collect, monitor, and analyze this type of information in order to increase our Services’ functionality. These third-party service providers have their own privacy policies addressing how they use such information. For information about Google Analytics’ privacy practices, you can visit http://www.google.com/policies/privacy/partners/.

Camera and Video Data. Some of our third-party products and services that may be integrated with the Services include AI-enabled cameras and video-capture devices installed in or around vehicles. These devices may collect video footage, images, and audio recordings. AI and machine learning technologies integrated with these products may analyze such footage to detect events such as harsh braking, distracted driving, collisions, or other safety-relevant behaviors. Such analysis may generate event clips, safety scores, behavioral alerts, or other derived data. We do not operate the AI systems embedded in third-party camera products, but we may receive and process data outputs generated by those systems as part of our telematics Services. Where you are subject to camera monitoring through your employer’s use of the Services, your employer is responsible for providing you with notice of such monitoring.

Vehicle and Fleet Telematics Data. We may collect data generated by vehicles and fleet assets in connection with our telematics Services, including ignition status, speed, heading, acceleration, braking, cornering, idle time, fuel levels, engine fault codes, maintenance alerts, driver identification, and other vehicle health or performance metrics. This data may be processed by automated systems to generate safety reports, compliance alerts, and fleet optimization insights.

Communications Data. We may collect information you provide when you contact us, including through email, phone, chat, or support submissions. This may include the content of your messages, your contact details, and records of your interactions with us.

Payment and Financial Information. We may collect payment card information, billing address, and other financial details as needed to process transactions and manage your account. Payment card data is processed by our payment service providers and is subject to industry-standard security controls.

Inferences and Derived Data. We, or AI and automated systems used in connection with the Services, may derive inferences about individuals or fleet assets from the data we collect. These inferences may include assessments of driver behavior, safety performance, fuel efficiency, route patterns, and compliance status. Such inferences may be used to generate reports, scores, and recommendations as part of the Services.

2.2. STATISTICS OR AGGREGATED INFORMATION

We may derive statistical or aggregated information from Personal Information we collect (for example, aggregating usage data to calculate the percentage of users that access a specific feature). Such information does not directly identify an individual; provided, however, if we combine or connect non-personal statistical or technical data with Personal Information so that it directly or indirectly identifies an individual, we treat the combined information as Personal Information. Where we de-identify Personal Information, we implement technical and organizational measures designed to prevent reidentification and we do not attempt to reidentify the information, except as permitted to test and verify our de-identification processes. We may also use AI and automated systems to generate aggregated insights, analytics, and reports from de-identified or anonymized data. We may use and disclose de-identified and aggregated information for our business purposes, including analytics, reporting, and improving the Services.

2.3. EMPLOYMENT AND APPLICANT DATA

If you apply for employment with GPS Insight or are employed by us, we may collect additional Personal Information as necessary for recruitment, employment, and human resources purposes. Such information may include employment history, qualifications, references, background check information, and other employment-related data. This information is processed in accordance with applicable employment and privacy laws.

2.4. CHILDREN AND MINOR DATA

Our Services are not intended for, and we do not knowingly collect any Personal Information from, children under the age of 18. If we learn we have collected or received Personal Information from a child under 18 years old without verification of parental consent, we will delete that information.

If you are a parent or legal guardian and you believe that your child has provided us with Personal Information without your permission, please contact us at [email protected], and we will take steps to delete such information from our systems.

If you are a California resident under 16 years of age, you may have additional rights under the CCPA. We do not knowingly sell or share the Personal Information of consumers under 16 years of age. If you believe that a child under the age of 16 has provided Personal Information to us, please contact us at [email protected].

2.5 HOW WE COLLECT INFORMATION

We may collect information about you when you provide it to us directly or as you interact with our Services, such as when you create or update an account, place an order, subscribe, make a purchase, complete a form, participate in a survey, or engage with customer support.

As you navigate through and interact with our Services, we may use automatic data collection technologies to collect information that may include Personal Information. Information collected automatically may include usage details, IP addresses, operating system, browser type, and information collected through cookies, web beacons, and other tracking technologies including details of your interactions with our Services, such as traffic data, location data, logs, and other communication data, and the resources and Service features that you access and use.

We may use these automatic collection technologies to collect information about your online activities over time and across third-party sites or other online services (behavioral tracking).

Using automatic collection technologies helps us to improve our Services and to deliver a better and more personalized experience.

The technologies we use for this automatic data collection may include:

• A cookie is a small text file that is used to collect information about web site activity. Some of our web pages utilize cookies to recall previous session information provided by a web user. Most browsers allow you to control cookies, including whether or not to accept them and provide details about how to remove them. Many browsers provide an option to notify you if you receive a cookie and allow you the ability to block cookies. Cookies may record information such as Internet domain and host names, usernames, Internet protocol (IP) addresses, browser and operating system types, clickstream patterns, and/or dates and times that our site is accessed. Cookies may be used to gather user analytics which will be used to analyze trends and statistics. Users can opt-out of Google Analytics Advertising Features through Ads Settings, Ad Settings for mobile apps, or any other available means (for example, NAI’s consumer opt-out). For a full description of our cookie practices and your options for managing cookie preferences, please review our Cookie and Tracking Notice.
• Web Beacons, Pixels, Tages and Scripts. Parts of the Services and our emails may contain small electronic files or snippets of code (e.g., clear gifs, pixel tags, single‑pixel gifs, and JavaScript) that permit us to count users who have visited certain pages or opened an email, measure the effectiveness of features or campaigns, record the popularity of content, and verify system and server integrity.
• SDKs and Mobile Identifiers. Our mobile applications may include software development kits provided by us or third parties to collect app usage, performance, device, and diagnostic information. Where applicable, we may use mobile identifiers (such as Apple’s IDFA or Google’s Advertising ID) for analytics and attribution, subject to your device or platform settings.
• LSO and Similar Technologies. We may use HTML5 local storage, session storage, and browser caches to store information on your device to remember settings, maintain sessions, and enable features. These technologies can function similarly to cookies but are stored differently by your browser or device.
• Log Files and Telemetry. We automatically collect certain information and store it in logs, including IP address, device and browser type, operating system, timestamps, crash data, and feature interactions. We use this information to secure and operate the Services, troubleshoot, and improve reliability and performance.

2.6. THIRD-PARTY BUTTONS

Our websites and Services may include buttons, tools, or content that link to other companies’ services (for example, a Facebook “Like” button or LinkedIn sharing feature). We may collect information about your use of these features. In addition, when you see or interact with these buttons, tools, or content, or view a GPS Insight web page containing them, some information from your browser may automatically be sent to the other company. This Privacy Policy does not apply to that other company’s collection or use of that information. Please read that company’s privacy policy for more information regarding its collection and use of your information.

2.7. SOCIAL MEDIA

We maintain pages on many social networking sites, including LinkedIn, Facebook, Twitter/X, and others. We may collect information when you interact with our social networking pages. The provider of the social networking site may also collect information about you in connection with your interaction with our pages. This Privacy Policy does not apply to that social networking company’s collection or use of that information.

2.8. ONLINE ADVERTISING

We advertise online, including displaying GPS Insight ads across the Internet on websites and in apps. When we advertise online to you, we may collect information about which ads are displayed to you, which ads you click on, and the web page where the ad was displayed to you. We may also partner with third-party advertising companies to serve online advertising regarding our products and services to you after you use our website and/or Services. For more information on such advertising targeting practices you may visit http://www.aboutads.info. For the ability to opt-out of such targeting practices, you can visit http://www.aboutads.info/choices/ and also download and use the apps referenced at http://www.aboutads.info/appchoices.

2.9. PUBLIC FORUMS, MESSAGE BOARDS, AND USER POSTINGS

You might provide Personal Information through your public participation in chat sessions, message boards, user communities associated with our Services, blogs, email exchanges, or forums on our websites or applications. That information may be available to anyone who has access to the website or application. This Privacy Policy does not apply to information that you make generally available through such public features.

2.10. DO NOT TRACK SIGNALS

Some browsers include a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. GPS Insight does not currently respond to web browser “Do Not Track” signals or other similar transmissions that indicate a request to disable online tracking of users who visit our websites or use our Services. If you elect to opt-out of data collection (to the extent available) and subsequently use our websites through a different device or otherwise change your cookie or privacy settings on your device, you may need to opt-out again.

2.11. INFORMATION COLLECTED VIA SMS

We may offer programs that communicate with you via text messages sent using SMS. By enrolling in an applicable program, you consent to receive SMS messages related to your account or the Services (for example, service alerts, appointment or job updates, security verifications, or support communications). Message frequency will vary by program. Message and data rates may apply. You can opt out at any time by replying STOP to any message from us; you may also reply HELP for assistance. Consent to receive SMS messages is not a condition of purchase. Carriers are not liable for delayed or undelivered messages. We process information associated with SMS programs (such as your phone number, message content, timestamps, delivery status, and program enrollment) to provide the program, maintain security, prevent fraud, and comply with law. Information collected via SMS is not shared with third parties unless we are required to do so in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

3. HOW WE USE YOUR INFORMATION

3.1. SERVICE DELIVERY AND OPERATIONS

We may use information that we collect to fulfill your requests as part of our service offerings, to communicate with you about our products and services, and to assist with any questions you have about our products. This information also helps us maintain the safety and security of our users and the Services we provide. The information we collect also may contribute to the research and development of existing and future products. Collected information may be used in cooperation with government officials or under process of law or regulation, or as otherwise required in connection with legal proceedings. Personal information may be locally stored on your device. GPS Insight does not sell or share your Personal Information to third parties for direct marketing purposes. Some of our third-party products and services that are integrated with our platform may use AI technologies, including AI-enabled cameras, to process, analyze, and generate insights from data collected through the Services. Such AI processing may include automated event detection, safety scoring, behavioral analysis, and similar features. GPS Insight may receive and use data outputs generated by such AI systems as part of the Services it provides. For business customers whose data is subject to a DPA, the purposes for which GPS Insight may use Personal Information processed on behalf of that customer are governed by the instructions and terms set forth in the applicable DPA, and GPS Insight will process such data only as a processor acting on documented instructions from the business customer, except as otherwise required by applicable law.

We may use and disclose customer Personal Information only for the purposes for which the information was collected, except as authorized by law. For example, we may use customer contact information to deliver goods or services, send service-related communications, or contact you about your account. The law also allows us to use that contact information for the purpose of collecting a debt owed to our organization, should that be necessary.

3.2. MARKETING AND PROMOTIONAL COMMUNICATIONS

We may use your Personal Information to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you, including information about our products, services, events, and partnerships. We may also use your information for targeted advertising purposes, including interest-based advertising delivered through third-party platforms, to the extent permitted by applicable law. You may opt out of receiving any, or all, of the communications from us by following the unsubscribe link or instructions provided in any email we send, or by emailing [email protected].

3.3. DE-IDENTIFIED AND ANONYMIZED DATA

We may anonymize or de-identify your Personal Information. Anonymized and de-identified information is not considered Personal Information, and we may use and disclose such information for our own business purposes, which may include improvement and/or development of our products and services, training and improving AI and machine learning models used in connection with the Services, and/or creating statistical reports or materials.

3.4. PERSONALIZATION

We may use your Personal Information to personalize your experience with the Services, including by tailoring content, features, recommendations, and communications to your preferences and usage patterns. Automated systems and AI technologies integrated with the Services may analyze your usage data to generate personalized recommendations or customized reports.

3.5. ANALYTICS AND SERVICE IMRPOVEMENT

We may use your Personal Information to monitor, analyze, and improve the performance, reliability, and functionality of the Services, including for troubleshooting, diagnostics, usage analytics, and internal reporting. We may also use automated systems and AI technologies to analyze service data, identify patterns, and generate insights that help us improve the Services and develop new features.

3.6. FRAUD PREVENTION AND SECURITY

We may use your Personal Information to detect, investigate, and prevent fraudulent transactions, unauthorized access, abuse, and other illegal or harmful activities in connection with the Services. We may use automated systems and AI-based tools to assist with fraud detection, anomaly identification, and security monitoring.

3.7. BUSINESS TRANSFERS

We may use and transfer your Personal Information in connection with a corporate transaction such as a merger, acquisition, reorganization, sale of assets, or bankruptcy. For more information, please see the “Business Transfers” section of this Privacy Policy.

3.8 PARTNER AND PROSPECTING DATA

We may use Personal Information received from advertising, market research, or data enrichment partners to identify and contact prospective customers about our products and Services.

4. DATA RETENTION

The retention period for information that we collect about you depends on the type of information, as described in further detail below. We may retain customer Personal Information as long as is reasonable to fulfill the purposes for which the information was collected or for legal or business purposes. After the retention period has expired, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible. We render customer Personal Information non-identifying or destroy records containing Personal Information once the information is no longer needed. We use appropriate security measures when destroying customer Personal Information, including shredding paper records and permanently deleting electronic records. Data generated or derived by AI and automated systems in connection with the Services, including event clips, safety scores, and behavioral reports, may be subject to shorter or longer retention periods depending on the nature of the data and the applicable product features. For business customers whose data is governed by a DPA, retention and deletion of Personal Information processed on behalf of that customer shall be subject to the retention and deletion terms specified in the applicable DPA, and upon termination or expiration of the applicable agreement, GPS Insight will delete or return such data as directed by the customer and as required by applicable law.

4.1. ACCOUNT INFORMATION

We may retain your account information for as long as your account is active, and a reasonable period thereafter for re-use when you decide to reactivate the Services. We also retain your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, and to develop and improve our services. Where we retain information for Service improvement and development, it will be anonymized and used to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics of you. We may also retain certain inferences or derived data generated in connection with your use of the Services for internal analytics or product improvement purposes in de-identified form.

If the Services are made available to you through your organization (e.g., your employer), we retain information as long as required by your employer under our agreement with your employer as required by the administrator of your account. If your account is deactivated, your information, communications, and actions you may have taken regarding the Services will remain in order to allow your organization to make full use of the Services.

4.2. MARKETING INFORMATION

If you have elected to receive marketing emails or other contacts from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our services. Every marketing email we send will provide you with the option to Opt-Out of receiving future emails.

4.3. PARTNERS

We work with partners who may market, sell, or support our Services. These partners may provide us Personal Information so that we can contact you. We may also receive your Personal Information from advertising, market research, or data enrichment partners whom we engage to identify prospective customers.

We may share your Personal Information in the following circumstances: (a) with your consent; (b) with service providers who process data on our behalf; (c) with business partners who co-sponsor or participate in our programs; (d) to comply with legal obligations or respond to lawful requests by public authorities; (e) to protect the rights, property, or safety of GPS Insight, our users, or others; (f) in connection with a business transfer such as a merger or acquisition; (g) with our affiliates and brands for purposes consistent with this Privacy Policy; (h) with third-party providers of AI-enabled products and services integrated with our platform, to the extent necessary to enable those features; or (i) in de-identified or aggregated form for analytics, reporting, or other business purposes. For business customers whose Personal Information is subject to a DPA, GPS Insight will share or disclose such data only as authorized by the terms of the applicable DPA or as required by applicable law, and will notify the customer of any legally compelled disclosures to the extent permitted by law.

5.1. SHARING WITH YOUR CONSENT

We will share Personal Information with companies, organizations or individuals outside of GPS Insight when we have your consent to do so. Certain programs that may provide underwritten or subsidized pricing can require the sharing of vehicle, telematics safety data, or other data that we may consider sensitive Personal Information. We always require opt-in consent for the sharing of any Personal Information but note we may share de-identified and/or aggregated data without your consent.

We ask for consent to collect, use, or disclose customer Personal Information, except in specific circumstances where such collection, use, or disclosure without consent is authorized or required by law. We may assume your consent in cases where you volunteer information for an obvious purpose. Where express consent is needed, we will normally ask customers to provide their consent orally, in writing (by signing a consent form or checking a box on a form), or electronically (by clicking a button or via email).

A customer may withdraw consent to the use and disclosure of Personal Information at any time, unless the Personal Information is necessary for us to fulfill our legal obligations. We will respect your decision, but we may not be able to provide you with certain products and services if we do not have the necessary Personal Information.

We may collect, use, or disclose customer Personal Information without consent only as authorized by law. For example, we may not request consent when the collection, use, or disclosure is reasonable for an investigation or legal proceeding, to collect a debt owed to our organization, in an emergency that threatens life, health, or safety, or when the Personal Information is from a public source.

5.2. SERVICE PROVIDERS AND AGENTS

We may employ third-party companies and individuals (our “agents”) to facilitate our Services, to provide Services on our behalf, to perform complementary services, and/or to assist us in analyzing how our Services are used. Examples may include compute hosting, storing data, delivering messages, processing payments, analyzing data, providing marketing assistance, supplementing the information you provide us in order to provide you with better service, and providing AI-enabled products and services integrated with our platform, such as AI-powered camera systems and analytics tools. These third parties have access to your Personal Information only to perform specific tasks on our behalf and are under obligation not to disclose or use your Personal Information for any purpose other than those disclosed in this Privacy Policy. Where Personal Information subject to a DPA is shared with sub-processors, GPS Insight will ensure that such sub-processors are bound by contractual obligations that provide at least equivalent protections to those set out in the applicable DPA, and GPS Insight will remain liable to the business customer for the acts and omissions of its sub-processors with respect to such data. A list of GPS Insight’s current sub-processors may be made available to business customers upon written request or as required by the applicable DPA.

Notwithstanding such legal and contractual obligations between us and such service providers, we remain potentially liable for any misuse of your Personal Information. We will only disclose Personal Information when we are required to do so in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

5.3. AFFILIATES AND BRANDS

We may share your Personal Information with our affiliates and brands, including ServiceBridge, ClearpathGPS, Fieldaware, and TitanGPS, for purposes consistent with this privacy policy, such as providing integrated services, account management, customer support, and internal business operations.

5.4. BUSINESS PARTNERS

We may share your Personal Information with business partners who co-sponsor or participate in our programs, such as partners who offer bundled products, joint promotional programs, or integrated solutions in connection with the Services. Any such sharing will be subject to contractual obligations consistent with this privacy policy.

5.5. LEGAL COMPLIANCE AND LAW ENFORCEMENT

We may disclose your Personal Information when required to do so by applicable law, regulation, legal process, or governmental request, including to comply with a subpoena, court order, or other legal obligation. We may also disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. To the extent permitted by law, we will endeavor to notify you of such disclosures.

5.6. PROTECTION OF RIGHTS, PROPERTY AND SAFETY

We may disclose your Personal Information when we believe disclosure is reasonably necessary to protect the rights, property, or safety of GPS Insight, our customers, users, employees, or others. This may include sharing information to prevent fraud, address security vulnerabilities, investigate potential violations of our terms of service, or protect against imminent physical harm.

5.7. THIRD-PARTY LINKS

Our Services may contain links to third-party websites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

5.8 NEW USES OF YOUR PERSONAL INFORMATION

GPS Insight will only use Personal Information for purposes previously indicated in this Privacy Policy. If Personal Information is used for a new purpose not previously indicated, GPS Insight will notify you of the new use and obtain and document your implicit or explicit consent.

5.9 LEGAL BASIS FOR PROCESSING (EEA, UK, and Swiss Users)

If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal basis for collecting and using the Personal Information described in this Privacy Policy depends on the Personal Information concerned and the specific context in which we collect it. We will normally collect Personal Information from you only where: (a) we have your consent to do so; (b) we need the Personal Information to perform a contract with you; (c) the processing is in our legitimate interests and not overridden by your rights; or (d) we have a legal obligation to collect Personal Information from you.

We make every reasonable effort to ensure that customer information is accurate and complete. We rely on our customers to notify us if there is a change to their Personal Information that may affect their relationship with our organization. If you are aware of an error in our information about you, please let us know and we will correct it on request wherever possible. Whenever information is held within GPS Insight systems, or on its behalf, we take reasonable and appropriate steps to protect the Personal Information from unauthorized access, disclosure, alteration, or destruction. We protect customer Personal Information in a manner appropriate for the sensitivity of the information. We make every reasonable effort to prevent any loss, misuse, disclosure, or modification of Personal Information, as well as any unauthorized access to Personal Information. We employ industry best practices, such as firewalls, encryption, data loss prevention, and physical security measures in order to prevent unauthorized use of Personal Information. Access and actions on Personal Information are restricted to employees of GPS Insight or authorized third-party agents, only when the information is required to perform a specific task, such as order processing and fulfillment. Data generated or processed by AI and automated technologies integrated with the Services is subject to the same security measures as other Personal Information. No method of transmission over the Internet or method of electronic storage is completely secure, however, and we cannot guarantee absolute security. If you have reason to believe that your information is no longer secure, please contact us at [email protected].

You have control over your Personal Information. Below are the rights you have and steps you can take to exercise them. Please note that your rights may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information for which we or your employer are permitted by law or have compelling legitimate interests to keep, and it may take time for us to investigate your request. GPS Insight will endeavor to fulfill all privacy requests in a timely manner, but in each instance in accordance with the timeline required under applicable law. If we deny or are unable to fulfill your request, we will inform you in a timely manner and provide an explanation. If permitted by law, we may also charge a reasonable fee to provide information, but not to make a correction, and we will advise you of any fees that may apply before beginning to process your request. The rights described below may vary depending on your jurisdiction. In all cases, you may submit a request by contacting us at [email protected].

7.1 RIGHT TO ACCESS

You have a right to request a copy of the Personal Information that GPS Insight holds. To request this information a copy of your Personal Information, please email your request to [email protected].

7.2. RIGHT TO DELETE

You have a right to request the deletion of the Personal Information that GPS Insight holds. To request deletion of your Personal Information, please email your request to [email protected].

7.3 RIGHT TO CORRECTION

You have a right to request updating or correcting of Personal Information that GPS Insight holds. To request updating or correcting of your Personal Information, please email your request to [email protected].

7.4 RIGHT TO DATA PORTABILITY

Where applicable under law, you have a right to receive your Personal Information in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller where technically feasible. To request data portability, please email your request to [email protected].

7.5 RIGHT TO OPT OUT OF SALE/SHARING

Under applicable laws such as the CCPA, you have a right to opt out of the “sale” or “sharing” of your Personal Information. GPS Insight does not sell your Personal Information. If our data practices change, we will provide you with a clear opt-out mechanism. To submit an opt-out request, please email [email protected].

7.6. RIGHT TO LIMIT USE

Where applicable under law, you may have a right to limit our use of your sensitive Personal Information to only what is necessary to provide the Services. To exercise this right, please email your request to [email protected].

7.7. RIGHT TO NON-DISCRIMINATION

GPS Insight will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, or provide a different quality of service because you exercised your rights.

7.8. RIGHT TO APPEAL

If we deny or are unable to fulfill your privacy request, you have the right to appeal our decision. To submit an appeal, please contact us at [email protected] with details of the original request and the basis for your appeal. We will respond to your appeal in accordance with applicable law.

7.9 RIGHT TO REQUEST INFORMATION ABOUT DISCLOSURE

You may request information about our use of your Personal Information and any disclosure of that information to persons outside our organization. To request this information, please email your request to [email protected].

7.10. AUTHORIZED AGENTS

You may designate an authorized agent to make a request on your behalf. To do so, you must provide the agent with written permission to act on your behalf, and we may require you to verify your identity directly with us before we process the agent’s request.

7.11. VERIFICATION

To protect your information and the integrity of our records, we may need to verify your identity before processing your request. Verification may include confirming your email address, phone number, or other identifying information. If we cannot verify your identity, we may request additional information or decline to fulfill the request.

7.12. AUTOMATED DECISION MAKING

Where applicable under law, you may have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects on you. If you believe that an automated decision has produced a significant effect on you in connection with the services, you may contact us at [email protected] to request human review or additional information about the decision-making process.

7.13. DATA PROTECTION AUTHORITY

Subject to applicable law, if you are a citizen or resident of the European Economic Area or the United Kingdom, you have a right to lodge a complaint with your local data protection authority. You may also contact Ireland’s Data Protection Commission, details of which are set out below:

Data Protection Commission:

21 Fitzwilliam Square South

Dublin 2 D02 RD28 Ireland

Telephone: +353 (0)1 765 0100

Web: https://www.dataprotection.ie/en/contact/how-contact-us

8. UPDATES TO THIS POLICY 

We may occasionally update this Policy. If we make significant changes, we will notify you of the changes through the application portal or through other means, such as email. By continuing to use our Services after such updates, you consent to our updates to this Policy, to the extent permitted under applicable law. We encourage you to periodically review this Policy for the latest information with respect to our privacy practices. A copy of this Privacy Policy is provided to any customer upon request.

If you have any comments or questions regarding our Privacy Policy, or about a request for access to your own Personal Information, please contact us at 866-925-4746, by email at [email protected], or by physical mail at GPS Insight, Inc., 7201 E. Henkel Way, Suite 400, Scottsdale, AZ 85255, USA (Attn: Privacy). Our business hours for telephone contact are 9:00 AM to 5:00 PM Mountain Time, Monday through Friday.

9. QUESTIONS, CONCERNS, AND COMPLAINTS

If you are not satisfied with the response you receive to a privacy inquiry, you have the right to contact the applicable supervisory authority. For users in the United States, you may contact the Federal Trade Commission. For users in Canada, you may contact the Office of the Privacy Commissioner of Canada or the applicable provincial privacy commissioner. For users in the EEA or UK, please see the Data Protection Authority section above.