Data Privacy and Protection
Explanatory Notes on Personal Data:
GDPR extends the definition of personal data to include digital identifiers such as IP addresses. Identifiers in telematics systems that correlate data and drivers, including information on location, speed or driving events, may thus be personal data.
This means that fleets need a lawful basis for processing it and they face extra responsibilities to guard it and to respond to driver enquiries and concerns.
Several options are available as the basis for processing, including driver consent; the performance of a contract; compliance with a legal obligation; to fulfill a task in the public interest or to pursue legitimate interests.
If the telematics data is being used for contractual reasons, such as to record driving time because the driver is paid by the hour, then the collection of the data ought to be covered by the contract of employment.
Similarly, fleet operators can reasonably claim ‘fraud prevention, security and safety’, as a motive to collect and process telematics data.
Controller / Processor status
Under Data Protection legislation, Humn.ai Ltd is registered with the UK Information Commissioner’s Office and operates as both a Data Processor and a Data Controller of your personal information, normally in conjunction with the Contracting Entity (normally your employer, the vehicle owner and/or the vehicle insurer)
The Contracting Entity will also be a Data Controller under Data Protection legislation. The Contracting Entity are responsible for defining the Purpose for processing your personal information and for ensuring a Lawful Basis for that processing. Humn.ai are responsible for determining what information to collect from the telematics or dashcam device in order to fulfil the stated purpose.
Typically, retention periods for data are defined by the Contracting Entity as part of the contractual agreement, to reflect the Contracting Entity’s legal and organisational requirements.
Enquiries relating to the Retention of data should be directed to the relevant person at the Contracting Entity in the first instance.
Humn.ai may retain data for a longer period where we deem it necessary to reflect our own legal and organisational requirements.
Generally, we do not have a direct contractual relationship with individual drivers; normally we have a contract with a 3rd party which is typically your employer, the insurer of the vehicle, the owner of your vehicle or the broker placing the vehicle insurance policy with the insurer (the Contracting Entity).
It is very important that you read this Privacy Notice in full so that you understand what information we collect from you and from the Telematics device fitted to your vehicle(s) and how we then process this information.
This Privacy Notice only covers the processing performed by Humn.ai and its sub-processors; it does not cover the processing performed by the Contracting Entity.
It is therefore important that you also read the Privacy Notice provided by the Contracting Entity to obtain a full picture of the processing being undertaken.
Phrases which start with capital letters (such as “Privacy Notice”) are defined in the Definitions section at the end of this notice.
Where you have any concerns about the information collected or how your information may be used, you should discuss in the first instance with the relevant individual within your organisation or service provider, for example where you are leasing a vehicle, the leasing company or financing firm.
Humn.ai and our partners will collect, process and will pass this information to the Contracting Entity under our Legitimate Interests in order to provide the Service.
The Contracting Entity will have their own, separate Lawful Basis for their initial collection and processing of personal data and the subsequent processing of the information provided by Humn.ai.
Enquiries relating to the Contracting Entity’s Lawful Purpose should be directed at the relevant individual within your organisation or service provider, for example where you are leasing a vehicle, the leasing company or financing firm.
What data do we collect when you are registered for our Services?
When you are registered for our Service, we will typically collect such information as may be required to set up and deliver the Service. This information may include such items as:
- 1 Contact Name
- 2 Company Name
- 3 Vehicle Registration(s)
- 4 Vehicle Identity Number(s)
- 5 Driver Names
Note that this information may be collected directly from the Data Subjects or may be provided to Humn.ai by the Contracting Entity.
What data do we collect from the telematics/dashcam device?
Once the telematics device has been installed and activated, it will record and analyse data relating to the vehicle to which it has been fitted. Depending on the specific unit fitted and the instructions from the Contracting Entity, the telematics device will collect driver behaviour related information such as:
Vehicle Data: Registration, VIN, make, model etc.
Journey Data: GPS location, time and date, direction, speed, acceleration/deceleration rates etc.
This includes Private Journey data which may be available as standard to the Contracting Entity; which may be made available under specific, agreed circumstances; or which may only be made available with the consent of the Data Subject. Please refer to the Contracting Entity to establish which is the correct scenario for your device
Dashcam Data: images captured by the dashcam device(s)
Diagnostic Data: vehicle fault codes, battery health status etc.
What data do we collect from your mobile device?
When you access our App (Rideshur) via a mobile device, we will process your device location and settings to enable the map display function within the App, to allow the Bluetooth features to operate and to help optimise performance.
Granting these permissions is necessary for the App to operate correctly.
This data is used locally by the App and is NOT transferred from the device.
Use of Mobile Device Data
When using our App (Rideshur), we process the location of your device for the purposes of enabling the feature to display your current location on a map. Any such data is NOT transferred from the device at any point; the data is not stored by Humn.ai and is never passed to 3rd parties.
Profiling – Driver Behaviour Scores
Humn.ai systems including Rideshur allow Driver Behaviour Scores to be calculated based on recorded telematics data and other publicly available data such as speed limits. The calculation of Driver Behaviour Scores is a form of profiling under Data Protection Legislation.
Driver Behaviour Scores are calculated using a combination of recorded telematics data, speed limit or similar data and System Thresholds that may be defined within our systems by the Contracting Entity. These thresholds typically relate to legal speed limits (speeding events), acceleration rates (harsh acceleration events), deceleration rates (harsh braking events) or other driving behaviours (such as harsh cornering).
Enquiries relating to Driver Scoring and how it is used should be directed to the Contracting Entity in the first instance.
We use your information only as set out in this Policy and will not sell, rent or pass your information on to others for marketing or other purposes without your express consent.
Humn.ai may however provide aggregate statistics about our customers, sales traffic patterns and related site information to reputable third-party vendors and relevant affiliate partners, but these statistics will include no personally identifying information.
Humn.ai will provide certain telematics and dashcam data to the Contracting Entity in order to provide the Services, as agreed in our contract with the Contracting Entity.
We may also release account, telematics and/or dashcam data where we believe in good faith that this release is reasonably necessary to comply with the law.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Your Rights - Controlling your personal information
Under data protection legislation, you have the right to:
- 1 Request access to the personal data we hold about you and details of any other party we share that data with;
- 2 Request a copy of the personal data that we hold about you;
- 3 Request that we correct your personal data when it is incorrect, out of date or incomplete;
- 4 Request that we stop using your personal data for direct marketing communications;
- 5 Request that we stop any consent-based processing of your personaldata after you withdraw that consent.
You have the right to request a copy of any information about you that Humn.ai holds at any time, and also to have that information corrected if it is inaccurate.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. We will then cease processing your data for that purpose.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
If we decide not to action your request we will explain to you the reasons for our refusal.
You may also request that some or all of your data is deleted; however, the Right to Erasure is not absolute and we may decide to retain the data if we have an overriding reason for doing so.
If we decide not to action your request we will explain to you the reasons for our refusal.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Making and Dealing with Requests
Any requests relating to this Service and the Personal data being processed will be handled jointly between Humn.ai and the Contracting Entity.
Requests relating to your personal data should be made to the Contracting Entity in the first instance – details of how to do that will be included in the relevant Privacy Notice provided by the Contracting Entity.
However, if you so wish, you are also able to make such as request directlyto Humn.ai via email at firstname.lastname@example.org or by writing to:
The Data Protection Officer
12 Hammersmith Grove
Contacting the Regulator
If you feel that your data has not been handled correctly or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.