Onfleet Privacy Notice
Effective Date: June 22, 2018
Onfleet, Inc. (“Onfleet”) understands and respects our users’ need for privacy. This Privacy Notice (“Notice”) describes the types of information we collect, the purposes for which it is used, and the choices you have with respect to its use.
Onfleet is a logistics management software and route optimization platform for businesses offering last-mile delivery. You can access the Onfleet service (“Service” or “Services”) via our website dashboard, smartphone applications, SMS messaging feature on mobile devices, APIs, and through third-parties. For more information about our Services, check out our “Features” section on our website.
Who You Are
This Notice applies to users of the Onfleet Service, paying Onfleet clients (“Clients”), and Onfleet website visitors (including our homepage at onfleet.com, and our blog, order, reseller, and support pages). This Notice also applies to our Clients’ customers. We encourage you to read this Notice in full to understand our privacy practices before using our Services.
Information We Receive From You
We collect the following information through your use of our Services, and otherwise with your consent. In some cases, we receive information directly from you, such as when you sign up for a dispatcher or administrative Onfleet account, we collect your name, email address, and phone number. In other cases, we receive information about you from our Clients when they use our Services, such as your name and phone number when you are added as a driver by an administrator or dispatcher. The types of information that we collect include:
To learn about your information collection choices and to opt-out of data collection, see the “Your Choices” section below.
- Information about you and your Onfleet account – Name, email address, postal address, phone number, company name, credit card payment information, customer and delivery information (such as scheduling information and delivery destination), and in some cases, your photograph. You provide this information to us directly during the account registration process.
- Vehicle information of drivers – Transportation method, vehicle year, make, model, color, and license plate number. You provide this information to us directly when using our Services.
- Driver behavioral information – We collect information about how you drive your vehicle. This includes time, location, bearing, speed, and accuracy. We collect this information automatically when you use our Services.
- Geolocation information – Driver location is collected from their device's native location service, which combines GPS, cell-tower, Wi-Fi, and other sensor data to accurately pinpoint a driver's latitude and longitude while the driver is "on-duty." We do not access, collect, or store location information from a driver's mobile device when they are off-duty or offline. We may collect other information such as application crash reports or application usage analytics for drivers who are not online for the express purpose of providing and improving our Services. For example, if you engage the chat function as a driver while off-duty, we may collect and use application usage analytics for support purposes to understand the driver journey. We may remotely log in to the application, with your permission, to resolve an issue if our application crashes.
- Device information – IP address, device type, operating system, manufacturer, model and version number, and unique device identifiers such as your device ID, but not IMEI. We collect this information automatically when you use our Services.
- Browser and usage information – Operating System (OS) running on your device, Internet Protocol (IP) address, access times, browser type, and language, and the website you visited before our Sites. We also collect usage details, such as time, frequency, and use pattern. In some cases, we analyze information on specific end users such as the amount of time spent on the platform. In other cases, we look at data in the aggregate. We use this information to optimize our Services. We collect this information automatically when you use our Services.
Information We Receive from Other Sources
- Clients of our Services – Clients of our Services may provide information about you when they submit content through our Services. For example, you may be mentioned in a troubleshooting ticket opened by someone else. We also receive your email address from other users when they provide it to invite you to our Services. Similarly, a dispatcher may provide your contact information when they designate you as a driver on their company’s account.
- Client customers – We may receive personal data about you from one of our Client’s customers. We will only use this information for the purpose of providing our Services. For example, a recipient of a delivery may provide personal information about you when submitting a support ticket.
- Other partners – We receive information from partners to help us find potential customers and enhance our Services with useful information. For example, information provided by our partners allows us to provide route optimization services, such as when we receive mapping and location information or spatial data analytics from Esri, Google Maps, or Mapbox.
How We Use, Share, and Disclose Information
We use collected information to:
We share information about you and your vehicle(s) with third parties only in the manner described below:
- Communicate with you – We may contact you to respond to your inquiries, requests, and/or send important notices either via email, SMS, push notifications, and in-app notifications. This includes, for example, sending confirmations, invoices, technical notices, routing updates, security alerts, administrative messages, and providing you with updates about our Services and new features. See “Your Choices” below to learn how to manage your communication preferences.
- Provide customer support – We use your personal and Onfleet usage information to resolve support issues that may arise through your use of our Services. Onfleet employees are prohibited from viewing the content of data you import into your Onfleet account, except when necessary to resolve your support issues. Access is limited to the data required to resolve your support issues.
- Deliver and improve our Services – We use your information to deliver and analyze how you use our Services, develop new products and services, and improve functionality, quality, and user experience. For example, we track geolocation, driver behavior, and other information to facilitate route optimization and other features. This includes using aggregated, anonymized data to improve our Services. For more information see “Browser and usage information” in the “Information We Receive From You” section above.
- Advertise – Onfleet App does not contain or allow in-app targeted advertising at this time. We also do not use push notifications or in-app notifications to display advertisements to our users.
- Store data – We store data on servers hosted by Amazon Web Services (“AWS”). We use appropriate technical, administrative, and physical measures to secure your data during storage.
We use the following sub-processors to operate our Services. This list was last updated on June 22, 2018.
- Marketing and advertising – We do not sell information about you to advertisers or other third parties. We do not currently share your information with third parties for marketing purposes, but if that changes we will obtain your consent first.
- Other users – If you register or access our Services through an Onfleet Client, certain information about you including your name, contact info, photograph, content and past use of your account may become accessible to that Client and other individuals with whom the Client shares access. If you are a Client managing a particular group of users within our Services, we may share your contact information with current or past users, for the purpose of facilitating Services-related requests.
- Mergers and acquisitions – If your personal information is transferred to a party unaffiliated with Onfleet as part of merger, acquisition, or sale of all or a portion of our assets, we will provide you with notice prior to transferring your personal information to the new entity. Notice will be provided directly through our Services.
- Legal purposes – We disclose your information when we believe that disclosure is (1) reasonably necessary to comply with any applicable law, regulation, subpoena, legal process, or enforceable governmental request; (2) necessary to enforce the provisions of the Notice; (3) required to enforce our Terms of Service, including investigation of potential violations; or (4) necessary to protect against harm to the rights, property, or safety of Onfleet, our users, or the public as required or permitted by law.
- External processing and Subprocessors – We provide your information to other third parties to help us with our business activities, products, and services. These companies are authorized to use your information only as necessary to provide these services or perform them on our behalf.
|Third-Party Service or Vendor||Type of Service||Location||Website|
|Amazon Web Services||Cloud storage||USA||https://aws.amazon.com/|
|Microsoft Azure||Cloud storage||USA||https://www.microsoft.com/|
|mLab (MongoDB)||Platform host||USA||https://mlab.com/|
|Zendesk||Support ticketing system||USA||https://www.zendesk.com/|
Legal Bases for Processing (for EEA users)
If you are an individual from the European Economic Area (“EEA”), we collect and process your personal data only where we have legal basis for doing so under applicable EU laws. The legal basis depends on the Services you use and how you use them. This means we collect and use your personal data only:
If you have any questions about the legal basis for processing, please refer to the “Your Rights” section below or contact us at the address listed in the “Contact Us” section.
- To fulfill our contractual obligations to you;
- To operate our business, including to improve and develop our services, for fraud prevention purposes, improve user experience, or other legitimate interest; and/or
- As otherwise in compliance with law.
“Do-Not-Track” and Targeted Ads
We do not respond to web browser “Do-Not-Track” signals. We do not serve targeted advertisements in our Services at this time. However, you may see targeted ads from us on other websites based on your browsing history or other online activities.
Where appropriate or legally required, we will describe how we use personal information, so you can make choices about how your data is used. You can notify us of your preferences during the information collection process and change your selection at any time by contacting us directly.
- Geolocation – We collect your geographic location when you use our Services. You can restrict our access to and collection of your location information by disabling location-sharing on your device, located in your Onfleet account settings or in your device (e.g., mobile phone) settings.
- Marketing emails – You can choose to stop receiving marketing emails by following the unsubscribe instructions included in these emails, or by using the email address listed in the “Contact Us” section below. If you opt out of receiving marketing emails, we may still send you non-promotional emails, such as emails about your Onfleet account.
- Push notifications – You can opt-out of receiving push notifications through your device settings. Please note that opting-out of receiving push notifications may impact how our Services function.
- Mobile application information – You can stop Onfleet from collecting information through the Onfleet App by uninstalling the mobile app. You can use the standard uninstall processes available on your mobile device or via the mobile application marketplace or network. You can also contact us to deactivate your account using the email address listed in the “Contact Us” section below.
You have certain rights in connection with the personal information we obtain about you. To update your preferences, correct your information, limit the communications you receive from us, or submit a request to exercise your rights, please contact us as specified in the “Contact Us” section.
As required by law, you have the right to:
- Request access to certain personal information we maintain about you;
- Request that we update, correct, amend, erase or restrict certain personal information; and
- Exercise your right to data portability.
Where our Services are administered for you by a Client, you may need to first contact the Client to assist with your requests. For all other requests, you can contact us as provided in the “Contact Us” section below to request assistance.
In some circumstances you can withdraw consent you previously provided to us or object to the processing of your personal information, and we will apply your preferences moving forward.
To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information. We may also decline your access request, but in the event we do, we will provide an explanation for our decision. Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.
Privacy Shield Certification
Onfleet has certified compliance with the Department of Commerce to participate in the EU-U.S. Privacy Shield Framework (“Privacy Shield”) by adopting and implementing the Privacy Shield Principles (“Principles”). Onfleet adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for personal data submitted by our customers in participating European countries through our Services. We may also process personal data our customers submit relating to individuals in the EU via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses. If there is any conflict between the terms in this section and the Principles, the Principles shall govern. For more information about the Privacy Shield, visit http://www.privacyshield.gov.
- Third Parties - We use a limited number of third party providers to assist us in providing our Services. These providers perform technical operations such as database monitoring, data storage and hosting services, and customer support software tools. These third parties may access, process or store personal data when providing these services, based on our instructions only. If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.
- U.S. Federal Trade Commission Enforcement – Onfleet is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
- Complaints – In compliance with the Privacy Shield Principles, Onfleet commits to resolve complaints about our collection or use of your personal information.
- EU individuals with inquiries or complaints regarding our Privacy Shield certification should first contact Onfleet at firstname.lastname@example.org.
- Onfleet has committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact Kathleen Pierz, Practice Development Manager, Global Privacy Shield and Safe Harbor Coordinator at email@example.com or visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim for more information or to file a complaint. The binding arbitration services of JAMS are provided at no cost to you.
- Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
Our Services are not directed to children under the age of 13, and we do not knowingly collect information from children under the age of 13.
How Long We Retain Information
How long we keep information we collect about you depends on the type of information, as described below. We will either delete or anonymize your information or, if this is not possible (for example, the information is stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
- Account information – We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate our Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for the improvement and development of our Services, we take steps to eliminate information that directly identifies you. If our Services are made available to you through our Clients, we retain your information as long as required by the Client. For more information, see " Information We Receive from Other Sources" above.
- Marketing information – If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using your Onfleet account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date the information was created.
We use reasonable and appropriate physical, technical, and administrative safeguards to protect your information from unauthorized use, access, loss, misuse, alteration, or destruction. We also require that third party service providers acting on our behalf or with whom we share your information also provide appropriate security measures in accordance with industry standards. Notwithstanding our security safeguards, it is impossible to guarantee absolute security in all situations. If you have any questions about security of our Services, please contact us using the email address listed in the “Contact Us” section below.
Changes to this Privacy Notice
We periodically update this Notice to describe new features, products, or services, and how those changes affect our use of your information. If we make material changes to this Notice, we will provide notification through our services and/or notify you directly. We encourage you to review this Notice for updates each time you use our Services.
Third Party Services, Applications, and Websites
Certain third party services, websites, or applications you use, or navigate to from our Services may have separate user terms and privacy policies that are independent of this Notice. This includes, for example, websites owned and operated by our customers or partners. We are not responsible for the privacy practices of these third party services or applications. We recommend carefully reviewing the user terms and privacy statement of each third party service, website, and/or application prior to use.
If you have questions about this Notice or our information handling practices, please contact us at firstname.lastname@example.org or write to us at Onfleet, Inc., 929 Market St., Suite 500, San Francisco, CA 94103.