Privacy Policy

FleetRisk Advisors Data Privacy Policy

Please read this statement completely prior to using this site. By using this site, you signify your assent to these terms of use. If you are at all unhappy or disagree with any of the notices contained, please contact us prior to use for clarification.

General

This site is owned and operated by FleetRisk Advisors Inc., a Delaware corporation limited liability entity and their affiliates (collectively, 'FLEETRISK'). It is the policy of FLEETRISK and its global subsidiaries and affiliates to respect personal data, including sensitive personal data, that is collected or maintained by or on behalf of FLEETRISK for the benefit of the FLEETRISK customers for whom FLEETRISK is an authorized service provider and FLEETRISK employees. Many FLEETRISK affiliates are themselves corporate entities within the EU and subject to the EU data protection directives. Other FLEETRISK affiliates are outside the EU but within the European Economic Area ('EEA') and are either part of the US/EU Safe Harbor or enter into individual conformed data transfer agreements in accordance with EU Data Protection directives. The Safe Harbor certification assures EU companies, individuals and EU regulators that FLEETRISK has implemented the necessary measures to secure and protect personal data FLEETRISK receives from the EEA.

EU Data Protectection Directive; United States / European Union Safe Harbor

In furtherance of its commitment to protect personal data, FLEETRISK has certified compliance with the United States/European Union Safe Harbor Agreement (www.export.gov/safeharbor/) regarding personal data collected in the EU that may be transferred to the United States. FLEETRISK privacy policy complies with the Safe Harbor privacy principles of the Safe Harbor framework. The Safe Harbor certification assures EU companies and regulators that FLEETRISK has implemented the necessary measures to secure and protect data it receives from the EU. FLEETRISK policies and procedures for handling customer information and personal data have been created with the understanding that Internet and other information technologies are still evolving and that Internet and information technology business methods are continuing to evolve to meet the needs and opportunities of those technologies. As a result, FLEETRISK policies and procedures are subject to change without notification.

Notice to Individuals

By means of delivery of a definitive consent and acceptance by an individual, FLEETRISK or the FLEETRISK customer notifies the individual as to the identity of the data controller, the purposes for which FLEETRISK collects, processes and maintains the data and any further information as may be required by the circumstances under which the data is being collected or processed including the types of personal data FLEETRISK collects, the recipients or categories of recipients of the data, the proposed transfer of such data to third countries, the types of third parties to which FLEETRISK or the FLEETRISK customer may disclose such data and the right of access to the data. Notice to such individual is provided in clear conspicuous language at the time of consenting to participation into the service programs, employment or at the time of collection, or as soon as practicable thereafter and before FLEETRISK uses or discloses the information for a purpose other than that for which it was originally collected.

Choice of Individuals to Provide Personal Data

FLEETRISK only uses the personal data of individuals who have provided their consent to collect and use such data either directly to FLEETRISK or to their employer or other entity which in turn has authorized FLEETRISK to collect and use such data. Individuals can opt out of providing such data by not providing or withdrawing their consent. For sensitive personal data, affirmative or explicit (opt in) choice is given such individuals if the information is to be disclosed to a third party not contemplated in the consent or used for a purpose other than its original purpose that is not otherwise contemplated in the consent or has not been subsequently authorized.

Purposes for which FLEETRISK Collects and Uses Personal Data

In the course of servicing FLEETRISK customers directly and servicing the employees, consultants, agents and representatives, strategic partners and their representative affiliates of such FLEETRISK customers indirectly, FLEETRISK acquires, collects, analyzes, maintains, utilizes, discloses and transfers customer and individual communications and other information that individuals may regard as private or sensitive. Some of this information - such as the individual's name or employer's identification designation and/or employer provided e-mail address - is provided to FLEETRISK by its customers in order to establish services. Other information - such as the aggregate results of a customer's 'Risk Assessment' and the 'risk assessment' of an individual related to such FLEETRISK customer- is created and maintained by FLEETRISK and communicated to our customers in the normal course of providing services and is also used for research, statistical archival and other analytical purposes. 

How is Personal Information Used?

FLEETRISK uses personal data to provide risk assessment and data analysis services to its customers or to employ and manage the employment of its employees. FLEETRISK will only acquire, collect, maintain, utilize, disclose or transfer individual sensitive personal information at the express instruction/permission of the FLEETRISK customer to provide fleet management services to such customer or employee and to undertake research and dissemination of worker performance developments and trends or as required by law or regulation, as is necessary for FLEETRISK's compliance with its legal obligations or as reasonably required by a governmental authority. Under no circumstances will any personal information be used by FLEETRISK for promotion or marketing to individuals related to such FLEETRISK customers without their consent.

Data Security

The principle of security applies to how FLEETRISK stores, processes, maintains and protects customer information and information obtained from other individuals. FLEETRISK will take reasonable and appropriate steps to protect the confidentiality of its customers' and employees' personal information, account information and personal communications to the fullest extent possible and consistent with the law and the legitimate interests of FLEETRISK, its partners and its employees. To protect from the loss, misuse, unauthorized access, disclosure, alteration or destruction of information and to seek to ensure the integrity of the data that is collected from customers or obtained from individuals, FLEETRISK and its suppliers seek to have in place, maintain and from time to time as appropriate improve appropriate technological, physical, organisational and managerial procedures and undertake other reasonable precautions as FLEETRISK deems appropriate.

Disclosure of Personal Information and Communications and Retention

To the extent FLEETRISK wishes to transfer information received from the EU to a third party that is acting as an agent to FLEETRISK, it may do so if it first either ascertains that the third party subscribes to the EU privacy principles or is subject to EU directives or another adequacy finding or enters into a written agreement with such third party requiring that the third party provide at least the same level of privacy protection as is required by the relevant privacy principles. FLEETRISK will not otherwise disclose its customers' or employees' personal information or any personal information obtained from individuals unless FLEETRISK has reason to believe that disclosing such information is necessary to identify, make contact with, or bring legal action against someone who may be causing harm or interfering with the rights or property of FLEETRISK, FLEETRISK customers, or others, or where FLEETRISK has a good faith belief that the law requires such disclosure or otherwise as permitted by law or required by a governmental authority.

`
Data collected online or through other publically available data sources may also be combined or merged with information you provide to FLEETRISK by means other than through this site as part of FLEETRISK standard business operations.

FLEETRISK or its Affiliates may sell or buy other businesses or entities. In such transactions, personal information may be one of the transferred business assets. Also, in the event that FLEETRISK or substantially all of its assets are acquired, personal information may be one of the transferred assets. FLEETRISK may also transfer such information to its affiliates directly involved in the operation of the web site or any application.

FLEETRISK also will not, except for reasons stated below, otherwise disclose to third parties personal information or the contents of any electronic mail or other electronic communications that FLEETRISK stores or transmits for its customers or employees. The other circumstances under which FLEETRISK will disclose such personal information or electronic customer communications are when:

• It is necessary in order to provide services to the customer; It is necessary to comply with legal and other obligations to employees;
• It is reasonably required by a governmental authority;
• It is necessary to establish or defend legal rights or otherwise in connection with legal or regulatory proceedings;
• It is necessary to protect the legitimate interests of FLEETRISK and its customers or employees;
• It is required to cooperate with interception orders, warrants, or other legal process that FLEETRISK determines in its sole discretion to be valid and enforceable; 
• It is necessary to provide to a law enforcement agency when the contents are inadvertently obtained by FLEETRISK and appear to pertain to the commission of a crime;
• For certain research purposes to seek to improve driver safety and other aspects of worker performance;
• When necessary to avert a serious threat to your health or safety; and/or to the health and safety of another individual or the public.

FLEETRISK will report to its direct customers or employees any use or disclosure of the individual's sensitive personal information ('ISPI') not provided for under these policies of which it becomes aware in accordance with applicable national, federal, state and local law. FLEETRISK will destroy, or arrange for the destruction of records within its custody or control containing ISPI which is no longer to be retained by FLEETRISK or the FLEETRISK customer to make such ISPI unreadable, undecipherable or non-reconstructable through generally available means. Other personal information will be retained for as long as is needed by FLEETRISK for the purposes for which it was obtained or as permitted by law.

Data Integrity

Consistent with these privacy principles, personal information must be relevant for the purposes for which it is to be used. FLEETRISK seeks not to process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, FLEETRISK takes reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current and that that decisions will not be based upon erroneously or inappropriate information. The data integrity principle minimizes the risk that personal information would be misused or abused because as FLEETRISK is collecting only relevant information, there is less opportunity to misuse and abuse personal information.

Access

FLEETRISK customers and their individual employees or drivers are not only concerned about what data is being collected by FLEETRISK, they are also concerned that this information is correct and timely. Providing access to the data that FLEETRISK has been provided or collected about an individual allows that person to check the stored information and ensure that it is up-to-date and correct, and that FLEETRISK and the FLEETRISK customer is doing what it says it is doing about collecting and retaining data. Accordingly, FLEETRISK seeks to require that the FLEETRISK customers provide to the individuals whose personal information has been provided to FLEETRISK with access to such personal information so as to be able to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated or the integrity of FLEETRISK research efforts would be jeopardized. Expense and burden are important factors and shall be taken into account but they are not controlling in determining whether providing access is reasonable. The sensitivity of the data is also important in considering whether access should be provided.

Enforcement

Effective privacy protection must include verification mechanisms for assuring compliance with these privacy principles, recourse to dispute resolution procedures for individuals to whom the data relate when they are materially affected by non-compliance with these privacy principles, and consequences for FLEETRISK, the FLEETRISK customer and the individual when these privacy principles are not followed. FLEETRISK has implemented self assessment procedures for verifying that the attestations and assertions FLEETRISK has made about its privacy practices are true and that privacy practices have been implemented as presented with appropriate follow up procedures. FLEETRISK has put in place a readily available and affordable independent dispute resolution system that will investigate and resolve individual complaints and disputes and damages awarded where the applicable law or private sector initiatives so provide. This dispute resolution system is also designed to remedy problems arising out of a failure by FLEETRISK, the FLEETRISK customer or a disputing individual to comply with these privacy principles that is sufficiently rigorous to ensure compliance. FLEETRISK agree to cooperate with the EU data protection authorities regarding any dispute concerning personal data. Please contact the Data Privacy Officer at the address below with any queries or concerns on data privacy issues.

Verification

Under the self-assessment approach to verification, FLEETRISK periodically assesses whether its published privacy policy is accurate, comprehensive, prominently displayed, completely implemented, accessible and conforms to the EU and other applicable privacy principles. FLEETRISK self assessments also are designed to indicate that appropriate employee training is in place and that internal procedures for periodically conducting objective reviews of compliance are in place. A statement verifying the self-assessment is prepared and executed by a FLEETRISK corporate officer or other authorized representative at least once a year. In addition, from time to time, FLEETRISK at its sole discretion may permit one or more third parties to conduct an independent audit of FLEETRISK privacy policies.

Independent Dispute Resolution System; Remedies

FLEETRISK customers and their related individuals are encouraged to raise any concerns they may have with FLEETRISK before proceeding to independent recourse mechanisms. FLEETRISK provides for any controversy or claim arising out of or relating to its privacy policy to be resolved by arbitration in the City of Wilmington, Delaware, before and in accordance with the Commercial Arbitration Rules of the American Arbitration Association. The procedures provide for standard complaint forms to facilitate the complaint resolution process and that the arbitrators are directed in the formulation of any remedy to recommend to FLEETRISK as to means and mechanisms by which the effects of noncompliance with its privacy policies are reversed or corrected, in so far as feasible, and that future processing by FLEETRISK will be in conformity with its privacy policies and the EU privacy principles and, where appropriate, that processing of the personal data of the individual who has brought the complaint will be in compliance with such policies and principles.

How Does FLEETRISK Protect the Privacy of Children?

FLEETRISK does not knowingly collect or use any personal information from children (FLEETRISK defines 'children' as minors younger than 13) on FLEETRISK web sites. FLEETRISK does not knowingly allow children to order our products, communicate with us, or use any of our online services. If you are a parent and become aware that your child has provided FLEETRISK with information, please contact FLEETRISK using any of the methods specified below and FLEETRISK will work with you to address this issue.

Your State Privacy Rights

Applicable state or local law may provide additional privacy rights.

Changes to this Privacy Statement

This privacy statement may be amended from time to time consistent with the requirements of the Safe Harbor and otherwise to reflect technological advancements, legal and regulatory changes and good business practices. When FLEETRISK does update the privacy statement, FLEETRISK will also revise the effective date paragraph to provide a 'last updated' date.

Comments

FLEETRISK welcomes your comments regarding this privacy statement. If you believe FLEETRISK has not adhered to this statement, please contact us at the addresses below. FLEETRISK will use commercially reasonable efforts to promptly determine and remedy the problem. You can find out more information about the U.S. Department of Commerce Safe Harbor Program at www.export.gov/safeharbor/.

UK, Europe, Africa and The Middle East

FleetRisk Advisors, Inc.
4500 Mansell Road, Alpharetta GA., 30022, USA

Asia, Pacific, North & South America, Canada and The Caribbean

FleetRisk Advisors, Inc.
4500 Mansell Road, Alpharetta GA., 30022, USA

Effective Date

This statement is effective as of May [11], 2009.