Updated: July 20, 2022
Additional provisions applicable to the processing personal information of individuals based in the European Economic Area (“EEA”) and the United Kingdom (“UK”).
This Appendix B (“Appendix B”) applies to individuals based in the EEA and UK and outlines your rights and choices regarding the processing of your personal information under the General Data Protection Regulation (“GDPR”). This Appendix B controls to the extent it conflicts with any provision in the main body of the Notice. Capitalized terms not defined in Appendix B are defined in our Notice.
Onfleet acts as a Data Controller for personal information that we collect about you while using our Site or interacting with our Marketing Activities as described in the Privacy Notice.
We act as a Data Processor on behalf of our Customers for most of the personal information that we process through our Services. This means that Customers mainly control what personal information we collect and process through the Services and how we use it, and we only process the information in accordance with their instructions.
This Appendix B does not apply to any personal information that we process as a Data Processor, as we only process that information on behalf of our Customers and in accordance with our agreement with them. A Customer that has entered into an agreement to use our Services (e.g., an organization that uses our dashboard to connect dispatchers with drivers) controls its instance of the Service and any associated data. If your personal information is contained in Customer data and you have any questions about the specific settings and privacy practices the relevant Customer has made to share your personal information with us, please contact the relevant Customer or review its privacy notice.
We collect and process personal information about you only where we have a legal basis for doing so under applicable data protection laws. Our legal bases include processing personal information under:
When you use our Services and provide personal information to us, we use data hosting service providers in the U.S. to store information we have about you.
We also transfer personal information we have about you to third parties as described in the “How We Transfer Information” section above. These third parties may be located outside of the EEA. In circumstances that require us to transfer your information to third parties outside the EEA, we will only transfer such information where we have adequate measures in place to provide appropriate safeguards, such as standard contractual clauses produced by the EU Commission. For more information about data transfers and Onfleet’s obligations as a Data Processor, please see our Data Processing Addendum (“DPA”).
Although the data protection laws of various countries may differ from those in your own country, we take appropriate steps to ensure that your personal information is processed as described in this Notice and under the law.
You have certain rights related to the personal information we hold about you when you use our Services. Some of these rights only apply in certain circumstances, as set out below. We also describe how to exercise these rights in the “Exercising your Rights” section of this Appendix B.
Depending on the Services provided, Recipients and Authorized Users seeking to access, correct, amend, or delete personal information should contact the Customer (Data Controller) which has transferred such data to us for processing. If our Customer receives a data subject request and sends the request to us, we will respond to the Customer’s request within the agreed timeframe outlined in our Customer agreements. The Customer is responsible for responding to Recipient data subject requests as determined under the applicable local data protection law.
The GDPR provides data subjects with the following rights:
Please note that before we respond to requests for information, we will require that you verify your identity, or the identity of any data subject for whom you are requesting information. Our verification methods may include requesting that you log into your Onfleet account, confirm your contact information or email address, and/or provide documents for identity verification.
To exercise any of the rights above, please contact us as noted in the “Contact Us” section in this Appendix B. If you are a Recipient and in certain instances an Authorized User, contact the Customer acting as the Data Controller directly to fulfill any requests.
We will fulfill your request within 30 days of receipt. Please note that the above rights may be limited in the following situations:
If you have unresolved concerns, we encourage you to come to us in the first instance, but you are entitled to address any grievance directly to the relevant Supervisory Authority. If you are a Recipient and in certain instances an Authorized User, we encourage you to reach out to the relevant Customer first to address any complaints.
To submit questions about this Appendix B or to update or request changes to your personal information, please contact us at email@example.com or write to us:
703 Market Street, Floor 20
San Francisco, CA 94103