1. Introduction
Fleetiqo is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR and what rights you have regarding your personal data.
This GDPR Compliance page applies to all users in the European Union (EU), European Economic Area (EEA), Switzerland, and the United Kingdom.
2. Data Controller
Fleetiqo is the data controller responsible for your personal data.
Contact Information:
- Email: dpo@fleetiqo.com
- Data Protection Officer: dpo@fleetiqo.com
- Website: https://fleetiqo.com
3. Your Rights Under GDPR
Under GDPR, you have the following rights regarding your personal data:
3.1 Right to Access (Article 15)
You have the right to obtain:
- Confirmation that we process your personal data
- A copy of your personal data
- Information about how we process your data
How to exercise: Email privacy@fleetiqo.com with subject "GDPR Access Request"
Response time: Within 30 days
3.2 Right to Rectification (Article 16)
You have the right to:
- Correct inaccurate personal data
- Complete incomplete personal data
How to exercise: Update your information in account settings or email privacy@fleetiqo.com
Response time: Within 30 days
3.3 Right to Erasure / Right to be Forgotten (Article 17)
You have the right to request deletion of your personal data when:
- The data is no longer necessary for the purposes collected
- You withdraw consent and there is no other legal basis
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
- The data must be erased for compliance with legal obligations
How to exercise: Use the "Delete Account" feature in your profile settings or email privacy@fleetiqo.com
Response time: Within 30 days
3.4 Right to Restrict Processing (Article 18)
You have the right to restrict processing of your personal data when:
- You contest the accuracy of the data
- Processing is unlawful but you don't want erasure
- We no longer need the data but you need it for legal claims
- You have objected to processing pending verification
How to exercise: Email privacy@fleetiqo.com with subject "GDPR Restriction Request"
Response time: Within 30 days
3.5 Right to Data Portability (Article 20)
You have the right to:
- Receive your personal data in a structured, commonly used, machine-readable format
- Transmit your data to another controller
How to exercise: Use the "Export Data" feature in your account settings or email privacy@fleetiqo.com
Response time: Within 30 days
3.6 Right to Object (Article 21)
You have the right to object to:
- Processing based on legitimate interests
- Direct marketing (including profiling)
- Processing for scientific or historical research
How to exercise: Email privacy@fleetiqo.com with subject "GDPR Objection"
Response time: Within 30 days
3.7 Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
Note: We do not currently use automated decision-making or profiling that produces legal effects.
3.8 Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
How to exercise: Update your preferences in account settings or email privacy@fleetiqo.com
4. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR Article 6:
4.1 Contractual Necessity (Article 6(1)(b))
Processing is necessary to perform our contract with you (providing the Service):
- Account creation and management
- Service delivery
- Payment processing
- Customer support
4.2 Legitimate Interests (Article 6(1)(f))
Processing is necessary for our legitimate interests:
- Improving the Service
- Ensuring security and preventing fraud
- Analyzing usage patterns
- Internal administration
4.3 Consent (Article 6(1)(a))
You have given explicit consent for:
- Marketing communications
- Location tracking (when using location features)
- Optional data collection
- Cookies (non-essential)
4.4 Legal Obligation (Article 6(1)(c))
Processing is necessary to comply with legal obligations:
- Tax and accounting requirements
- Responding to legal requests
- Regulatory compliance
5. Data We Collect
We collect and process the following categories of personal data:
5.1 Identity Data
- Name
- Email address
- Phone number
- Company name (optional)
5.2 Vehicle and Fleet Data
- Vehicle information (make, model, year, VIN)
- Maintenance records
- Expense records
- Rental information
- Documents and photos
5.3 Financial Data
- Payment card information (processed by Stripe - we don't store full card numbers)
- Billing address
- Transaction history
5.4 Technical Data
- IP address
- Device information
- Browser type and version
- Usage data
- Cookies
5.5 Location Data
- Approximate location (from IP address)
- GPS location (only when you use location features and grant permission)
6. How We Use Your Data
We use your personal data for the following purposes:
- Provide and maintain the Service
- Process your transactions
- Send service-related notifications
- Provide customer support
- Improve and develop the Service
- Ensure security and prevent fraud
- Comply with legal obligations
- Send marketing communications (with consent)
7. Data Retention
We retain your personal data only for as long as necessary:
7.1 Active Accounts
While your account is active, we retain all your data to provide the Service.
7.2 Deleted Accounts
When you delete your account:
- Personal data is deleted within 30 days
- Some data may be retained for legal or security purposes (up to 7 years)
- Backup copies may persist for up to 90 days
- Anonymized data may be retained indefinitely for analytics
7.3 Specific Retention Periods
- Financial records: 7 years (legal requirement)
- Support tickets: 3 years
- Marketing consent: Until withdrawn
- Cookies: As specified in cookie policy
8. Data Sharing and Transfers
8.1 Third-Party Service Providers
We share data with service providers who process data on our behalf:
- Payment Processing: Stripe (USA)
- Cloud Hosting: AWS, Google Cloud (USA)
- Email Services: SendGrid (USA)
- Analytics: Google Analytics (USA)
All service providers are contractually obligated to protect your data and comply with GDPR.
8.2 International Data Transfers
Your data may be transferred to and processed in countries outside the EEA, including the United States.
Safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Additional security measures
8.3 Legal Disclosures
We may disclose your data when required by law or to:
- Comply with legal obligations
- Respond to court orders or legal processes
- Protect our rights and safety
- Investigate fraud or security issues
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
9.1 Technical Measures
- Encryption in transit (TLS/SSL)
- Encryption at rest (AES-256)
- Secure servers and firewalls
- Access controls and authentication
- Regular security audits
9.2 Organizational Measures
- Employee training on data protection
- Confidentiality agreements
- Data protection impact assessments
- Incident response procedures
9.3 Data Breach Notification
In the event of a personal data breach, we will:
- Notify the relevant supervisory authority within 72 hours
- Notify affected individuals without undue delay if high risk
- Document the breach and our response
- Take measures to mitigate the breach
10. Cookies and Tracking
We use cookies and similar tracking technologies. You can manage cookies through:
- Our cookie consent banner
- Your browser settings
- Account settings
For more information, see our Privacy Policy.
11. Children's Data
We do not knowingly collect or process personal data from individuals under 18 years of age. If we discover such data, we will delete it immediately.
12. How to Exercise Your Rights
To exercise any of your GDPR rights:
12.1 Contact Methods
- Email: privacy@fleetiqo.com
- Data Protection Officer: dpo@fleetiqo.com
- In-App: Use account settings or "Delete Account" feature
12.2 Verification
We may need to verify your identity before processing your request to ensure data security.
12.3 Response Time
We will respond to your request within 30 days. If we need more time, we will inform you and explain why.
12.4 No Fee
Exercising your rights is free of charge, unless your request is manifestly unfounded or excessive.
13. Supervisory Authority
You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data protection rights have been violated.
13.1 Find Your Supervisory Authority
You can find your supervisory authority at:
https://edpb.europa.eu/about-edpb/board/members_en
13.2 Contact Before Complaint
We encourage you to contact us first at privacy@fleetiqo.com so we can try to resolve your concern.
14. Data Protection Officer
Our Data Protection Officer is responsible for overseeing our data protection strategy and GDPR compliance.
Contact:
- Email: dpo@fleetiqo.com
- Subject Line: GDPR Inquiry
15. Changes to This Page
We may update this GDPR Compliance page from time to time. We will notify you of material changes by:
- Posting the updated page on our website
- Sending an email notification
- Displaying a notice in the Service
The "Last Updated" date at the top indicates when this page was last revised.
17. Contact Us
For questions about GDPR compliance or to exercise your rights:
- Email: privacy@fleetiqo.com
- Data Protection Officer: dpo@fleetiqo.com
- Support: support@fleetiqo.com
- Website: https://fleetiqo.com
We will respond to your inquiry within 30 days.