DriveScape Privacy Policy

If you are an Uber affiliated driver participating in DriveScape 360 Pilot, please refer to this Privacy Policy

DriveScape Privacy Policy
Uber Drivers

Cambridge Mobile Telematics, Inc. (CMT) takes your privacy seriously. This policy explains how we collect, use, store and process your Personal Data as a data controller when you use our DriveScape dashcam device, mobile app, and backend web-based services (DriveScape Service).

This Privacy Policy together with our Mobile App License Agreement, and any other documents referred to, sets out the basis on which CMT collects Personal Data from users, or which users provide, when using the DriveScape Service. This Policy Only Applies to the Processing or Collection of Personal Data with the DriveScape Service.

Summary

The DriveScape dashcam has been developed for the ride-share industry.

The following table summarizes how and when your data is collected and under what conditions it is shared with others.

Telematics data (such as location, acceleration, deceleration, and speed) are collected while the car is on a trip and delivered to the CMT backend for storage and analysis.

  • Telematics data is used to identify crashes and other driving safety events such as hard braking.

Video and Audio Data is recorded and stored on DriveScape and delivered to the CMT backend for storage and analysis based on the chart below.

Personal time means not driving on the Uber platform. CMT does not share any telematics data or video and audio data with Uber during personal time. To ensure such sharing does not occur, Uber provides CMT with platform usage timestamp data.

Only if the Dashcam is Powered On
Activation Collected Data Types Method of collection Shared with Operational During Personal time
Determined by Driver Video and audio recordings and data

Telematics Data 		Standalone bookmark button, or video request from the DriveScape app CMT, and Driver Yes
Determined by Driver Video and audio recordings and data

Telematics Data 		An incident report using the Uber app CMT, Driver, and Uber. No
Automated Video and audio data

Telematics Data 		for time periods of crashes or potential crashes (as detected using telematics data collected from CMT or Uber through its mobile app) CMT, Driver, and Uber. No
Operational Usage Road and Cabin snapshots Taken each minute of driving (are used to find relevant time periods and other similar purposes). CMT, and Driver. Yes, if the driver chooses to enable it.
Safety Research Video and Audio recordings and data

Telematics Data 		Video and Audio data selected to be used for driving safety research performed by CMT CMT, and Uber (only receives the analysis of the research). No
Retention on DriveScape Device: Video and Audio data is stored for up to 30 days.

Retention at CMT:
  • Video and Audio - 1 year (See Section 5 below for more details and exceptions), and
  • Telematics Data - as long as reasonably necessary to fulfill the purposes for which it was provided or collected, and to improve our technology and services, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements or if required to fulfill our legal obligations. See Section 5 below for more details and exceptions.
  • Use and Retention at Uber: any usage of recordings and data is solely governed by the Uber Privacy Policy.
Other Data Sources: CMT may source data (such as weather) to aid in the analysis.

Details

1. Scope

This Policy Only Applies to the Processing or Collection of Personal Data

Personal Data means any information about an individual from which that individual can be identified.

Role as Controller

This Privacy Policy describes our role as a ‘controller’ of Personal Data (the party that decides the purpose and means of the processing of Personal Data).

For the purposes of US data protection laws and any applicable national implementing laws, regulations and secondary legislation relating to the processing of personal data, the controller is Cambridge Mobile Telematics, Inc. of 314 Main Street, Suite 1200, Cambridge, MA 02142.

2. Data Collection

A. Personal Data We Collect Directly from You

The Personal Data we collect directly from you may include:

  • Video and Audio Data: (see Summary Table)
  • Telematics Data: (see Summary Table)
  • Road and Cabin Snapshots: (see Summary Table)
  • Location Data: we also use GPS technology to determine your current location and while driving.
  • Aggregated Data: we also collect, use and share statistical or demographic data for any purpose. This Aggregated Data could be derived from your personal data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature.

3. Use of Personal Data

We have set out below, in table format, a description of all the ways we plan to use your Personal Data.

Purpose/Activity Type of data
Process, store, and provide to Uber and Driver based on the chart above. Video and Audio recordings and data

Telematics Data

Road and Cabin snapshots
To administer and protect our business and the DriveScape Service (including troubleshooting, data analysis, testing, system maintenance, support, updates, reporting and hosting of data) Video and Audio recordings and data

Telematics Data

Road and Cabin snapshots
To use data analytics to improve the DriveScape Service Video and Audio recordings and data

Telematics Data

Road and Cabin snapshots

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to obtain an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

4. Disclosure and Sharing with third parties

CMT does not sell your Personal Data.

We may share your Personal Data with third parties for the purposes set out in the table above. Below is a summary of the types of third parties used:

A. Service Providers

Our contracted service providers, who provide services such as IT and system administration, help desk, CRM, and cloud-hosting.

B. Our Affiliates

With affiliates within our corporate group, to the extent such sharing of data is necessary to fulfill a request you have submitted online or for customer support, marketing, technical operations, and account management purposes.

C. Professional Advisers

In individual instances, we may share your Personal Data with professional advisers acting as service providers, processors, or joint controllers – including lawyers, bankers, auditors, and insurers based in countries in which we operate.

D. Change in Ownership

To a successor, if we engage in a merger, reorganization, or other corporate change, or sell a business unit, or a significant portion of our business. By applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.

E. Legal Requirements

We may be required by law or legal process to disclose your Personal Data, to enforce our legal agreements, or to protect our rights, property, safety, our customers, or others, and we will try to take steps to limit any such disclosure. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

5. Retention

After the expiry of the applicable retention periods, your Personal Data will be deleted. except if there is a dispute, crash, driving incident, or legal compliance reason for retaining it for a longer period of time. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.

In addition, we may retain your Personal Data for a longer period in the event of a complaint, if we reasonably believe there is a prospect of litigation in respect of our relationship with you, to comply with law enforcement requests, maintain security, prevent fraud and abuse, resolve disputes, enforce our legal agreements, or fulfill your request to “unsubscribe” from further messages from us.

We will retain some anonymized information after your account has been closed and we may use this for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

6. Your Rights Relating to Your Personal Data

A. Your Rights

You have the right under certain US based data protection law, free of charge to request:

  • Access your Personal Data held by us;
  • Rectification or deletion of your Personal Data;
  • A restriction on our processing of your Personal Data;
  • A transfer of your Personal Data (data portability) in a structured, machine readable and commonly used format;
  • Object to the processing of your Personal Data;
  • Withdraw your consent to us processing your Personal Data, at any time.

To exercise any of the above rights, please contact us by email at privacy@cmtelematics.com, or by phone at 800-941-7177. We will respond to such queries within 30 days and deal with requests we receive from you, in accordance with the provisions of Data Protection Law. Occasionally it could take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights), for example your email address and telephone number used to register with us. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

B. Data Security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.

7. Data Protection Officer

CMT has a data protection officer (DPO) who can be contacted as follows: dpo@cmtelematics.com.

8. Complaints

Our intention is to meet the highest standards when collecting and using Personal Data. For this reason, we take the complaints we receive very seriously. We encourage users to notify us if they think that our collection or use of Personal Data is unfair, misleading, or inappropriate. If you have any complaints about our use of your Personal Data, please contact our DPO or contact your local data protection supervisory authority.

9. Other Terms

A. Industry Standard Security

While we use industry-standard security measures to protect against the loss, misuse, and alteration of the Personal Data under our control, there is no guarantee that it cannot be compromised. We have aligned our Information Security Management System with the ISO 27001 Standard and SOC2 Type II Framework and are audited against these standards and frameworks on an annual basis.

B. No Contractual Rights

This Privacy Policy is not a contract and does not create any contractual rights or obligations.

C. Links to Third-Party Sites

Our services and website may contain links to other sites and services owned and controlled by others. These third-party websites have privacy policies, and you should review those policies.

D. Contact Us

For specific information, or to ask questions of our privacy team, please contact us at privacy@cmtelematics.com.

E. Revisions to this Policy

We may change this Privacy Policy at any time and changes will be posted on this page and, where appropriate, we will notify you through email. Please check back frequently to see any updates or changes to our Privacy Policy.

This Privacy Policy was last revised on March 22, 2024.

If you are an Uber affiliated driver participating in Phase 1 of the DriveScape Dashcam Pilot, please refer to this Privacy Policy

DriveScape Privacy Policy
  1. SCOPE

Cambridge Mobile Telematics, Inc. (CMT) takes your privacy seriously. This policy explains how we collect, use, and protect Personal Data submitted and collected by DriveScape dashcam device, mobile app and backend web-based services (DriveScape Service).

Personal Data means information that determines the identity of an individual.

By using the DriveScape Service you are accepting and consenting to the practices described in this Privacy Policy.

  1. DATA COLLECTION.

Interest in DriveScape Services. If you have an interest in obtaining information about our services; request customer support; contact us; register; sign up for an event, webinar or contest; or download content, we may require that you provide to us your contact information (name, title, company name, address, phone number, email address or driver name and password).

Purchases. If you make purchases via our website or register for a trial usage of any DriveScape Service, we may require that you provide to us your financial and billing information, such as billing name and address. CMT does not store any credit card information, as CMT utilizes a third-party for credit card billing.

Device Recording (Driving on the Uber Platform). When driving on the Uber platform, the Device continuously records internal cabin and external road footage and telematics data (for example, location, acceleration). Uber will not receive recordings or other data, except ‘at the direction of the Driver’ under (b) below.

  • The Device automatically writes over all recordings after 7 days, unless
    1. the recordings are transmitted to the CMT backend web storage,
      1. when directed by Driver, or
      2. when a triggered event occurs (events are further described in the DriveScape FAQ in the mobile app; events typically record the 30 seconds prior to the event being initiated and 30 seconds after),
      for viewing through the mobile app (Longer Storage), or
    2. the recordings and directly associated data (such as time and location) are transmitted ‘at the direction of the Driver’ to Uber through the DriveScape backend web service.
Note:
  • Any use of these recordings by Uber are solely governed by Driver’s contracts with Uber and the Uber Privacy Notice. Contact Uber if you have any questions related to that.
  • Recordings transmitted to CMT’s backend storage (i.e. Longer Storage) are retained by CMT for up to 1 year.

Device Recording (Not Driving on the Uber platform). When not driving on the Uber platform, Driver can control the recording settings manually through the mobile app.

  • The Device automatically writes over all recordings after 7 days, unless the recordings are transmitted to the CMT under (Longer Storage). So there is no confusion, no recordings will be transmitted to Uber when recordings occur when “Not Driving with Uber”.

    Note: Recordings under Longer Storage are retained by CMT for up to 1 year, unless you delete the file earlier.

DriveScape Backend Storage. The DriveScape backend web service stores:

  • Telematics data (location, acceleration, etc.).
  • Device video and audio recordings related to triggered events (which are further described in the DriveScape FAQ in the mobile app; events typically record the 30 seconds prior to the event being initiated and 30 seconds after).
  • The Device ID (Bluetooth MAC Address) of the Device connected to the user account that recorded the incident.
  • A snapshot captured at the time the incident is initiated.
  • The username of the person whose Device user account recorded the incident.

Log Files. If you use and interact with our DriveScape Services, we automatically collect information about your device and your usage of our services through log files and other technologies, some of which may qualify as Personal Data.

Interactions. If you interact with our websites or emails, we automatically collect information about your Device and your usage of our websites or emails (such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data). If you voluntarily submit certain information to our service, such as filling out a survey about your experience, we collect the information you have provided.

  1. USE OF TRACKING TECHNOLOGIES AND COOKIES.

We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons, pixels, and similar technologies to automatically collect information that may contain Personal Data as you navigate our websites, our services, or interact with emails we have sent to you.

Automatically When you Visit our Sites. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider and/or mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites.

  • This information is used to analyze overall trends, help us provide and improve our websites, offer a tailored experience for website users, and secure and maintain our websites.

Cookies. We use technologies such as cookies, to gather information about the use of our websites and how people interact with our emails.

  • When you visit our websites, we, or an authorized third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer browsing preferences, and improve and customize your browsing experience. For further information about our use of cookies please see our Cookie Policy.

Notices on behavioral advertising and opt-out for website visitors.

  • We or one of our authorized partners may place or read cookies on your device when you visit our websites for the purpose of serving targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”). To learn more about targeted advertising and advertising networks please visit the opt-out pages of the Network Advertising Initiative at https://optout.networkadvertising.org/?c=1, and the Digital Advertising Alliance at https://optout.aboutads.info/?c=2&lang=EN
  • To manage the use of targeting and advertising cookies on this website, click the Cookie Preferences link in the footer of the page or consult your individual browser settings for cookies. To learn how to manage privacy and storage settings for Flash cookies, click here. Various browsers may also offer their own management tools for removing HTML5 local storage.

Do Not Track.

  • While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform. Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our websites.
  1. DATA USE.

Websites and Services. We process your Personal Data to perform under our agreement with you for the use of the DriveScape Services and to fulfill our contractual obligations.

Driver Contact and Driver Support. If you request support, or if you contact us by other means including via a phone call or webform, we process your Personal Data to perform our agreement.

  • Certain members of CMT staff may access the audio and video recordings captured by the Device only when reasonably necessary to investigate technical support problems.
  • Access to system components and sensitive information is restricted to only the staff of CMT whose job requires such access.
  • Access rights for privileged Driver IDs are restricted to least privileges necessary to perform job responsibilities.

Uber. The DriveScape Service is designed for use with the Uber platform. Recordings and associated data captured by the DriveScape Service may be shared with Uber, if you request that it be shared with Uber.

Payments. If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you. We currently use Stripe.com to provide this service.

  • We process your Personal Data by tracking use of our websites and services, creating aggregated non-personal data, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies to the extent it is necessary to comply with our contractual obligations, our legal obligations and for our legitimate business interests in promoting the safety and security of the services, systems and applications and in protecting our rights and the rights of others; With our contracted service providers, who provide services such as IT and system administration, hosting, help desk, CRM, marketing automation, including: AWS (if you need more specific information, please contact privacy@cmtelematics.com ).

Marketing Communications. We will process your Personal Data or device and usage data to conduct market research – send you marketing information, product recommendations and other non-transactional communications about us and partners, including information about our products, promotions or events, where you are our customer or you have expressed an interest in our goods or services, or where you have consented to this (if required by law).

Managing Events, Contests or Promotions. If you register for an event, contest or promotion, we process your Personal Data to perform our contract, which includes sending related communications to you.

Legal Obligations. We process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or is necessary for our legitimate business interests.

  1. DISCLOSURE AND SHARING.

Service Providers. With our contracted service providers, who provide services such as IT and system administration, hosting, help desk, CRM, marketing automation, including AWS (if you need more specific information, please contact privacy@cmtelematics.com).

Our Affiliates. With affiliates within our corporate group, to the extent such sharing of data is necessary to fulfill a request you have submitted via our websites or for customer support, marketing, technical operations and account management purposes of fulfilling our contractual obligations to you.

Professional Advisers. In individual instances, we may share your Personal Data with professional advisers acting as service providers.

Change in Ownership. To a successor, if we are involved in a merger, reorganization, or other corporate change, or sell a business unit, or a significant portion of our business. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.

Anonymous and Aggregated. We use DriveScape Service data to look at trends, such as how often people drive distracted, which cities/states have the highest prevalence of speeding, or how the average length or distance of trips change around holidays, etc. There is no PII involved – everything is not only anonymized, but that data like name, address, age, gender, etc., isn’t even accessible. CMT may use anonymized data for improving CMT models.

  • We may also share anonymous and aggregated usage data in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our services. Such anonymous and aggregated usage data does not contain any Personal Data.

Legal Requirements. We may be required by law to disclose your Personal Data, or in order to enforce or legal agreements, or to protect our rights, property, safety, our customers or others, and we will try to take steps to limit any such disclosure.

  1. YOUR RIGHTS IF YOU ARE A “CONSUMER” UNDER THE LAWS OF THE STATE OF CALIFORNIA

If you are a “Consumer” and any Personal Data that we collect falls under the definition of “personal information” as that term is defined under the California Consumer Privacy Act (CCPA), the following applies:

  • You can ask us what personal data we hold about you, the source of the information, the use of your personal information, and you can ask us to access it, to have a copy of it, and to erase it, under certain circumstances (a “personal information request”) that was collected about you during the 12 months before your personal information request.
  • You can ask us if the information was disclosed to third parties, the categories of personal information disclosed to third parties and the categories of third parties to whom such information was disclosed.
  • To exercise your rights regarding your personal information by email, mail, or phone, please use the contact information provided at the bottom of this policy. When you make a personal information request, we will need to collect information from you so that we can verify your identity, and we will respond to all legitimate requests within 45 days.
  • We will retain your personal information in accordance with our then current data retention policy, unless you otherwise request that it be deleted sooner, in accordance with this Privacy Policy.
  • On-device video storage retention limits are described above under the Section heading ‘Device Recording (Driving with Uber)’ and ‘Device Recording (Not Driving with Uber).

You have the right not to be discriminated against because of exercising any of your rights under the CCPA.

We do not sell your Personal Data to any third parties.

  1. OTHER TERMS.

Automated Decision Making. To conduct business and to provide services to our customers utilizing the DriveScape Service, CMT may utilize algorithms defined as automated decisions.

Industry Standard Security. While we use industry standard security measures to protect against the loss, misuse, and alteration of the Personal Data under our control, there is no guarantee that it cannot be compromised. We have aligned our Information Security Management System with ISO 27001 standards and are audited against the framework on an annual basis.

Retention. CMT saves telematics data to the backend web service. Video and audio recordings may be saved to CMT’s backend web service on AWS. Video and audio recordings stored on the Device are automatically deleted after 7 days, except as provided above under 'Device Recording (Driving with Uber)’ and ‘Device Recording (Not Driving with Uber).

No Children. We do not intentionally gather Personal Data about visitors who are under the age of 16.

No Contractual Rights. This Privacy Policy is not a contract and does not create any contractual rights or obligations.

Privacy Concerns. To exercise your rights regarding your Personal Data or if you have questions regarding this Privacy Policy or our privacy practices, please email us at: privacy@cmtelematics.com

Links to Third Party Sites. Our services and website may contain links to other sites and services, which are owned and controlled by others. These third-party websites have their own policies regarding privacy, and you should review those policies.

Revisions to this Policy. We may change this policy at any time and changes will be posted on this page and where appropriate notified to you through emails or by updating this policy online. Please check back frequently to see any updates or changes to our Privacy Policy.

This Privacy Policy was Last Revised on November 2, 2021

If you are an Uber affiliated driver participating in Phase 2 of the DriveScape Dashcam Pilot, please refer to this Privacy Policy

DriveScape Privacy Policy

Cambridge Mobile Telematics, Inc. (CMT) takes your privacy seriously. This policy explains how we collect, use, store and process your Personal Data as a data controller when you use our DriveScape dashcam device, mobile app, and backend web-based services (DriveScape Service).

This Privacy Policy together with our Mobile App License Agreement, and any other documents referred to, sets out the basis on which CMT collects Personal Data from users, or which users provide, when using the DriveScape Service. This Policy Only Applies to the Processing or Collection of Personal Data with the DriveScape Service.

Summary

The DriveScape dashcam has been developed for the ride-share industry.

The following table summarizes how and when your data is collected and under what conditions it is shared with others.

Telematics data (such as location, acceleration, deceleration, and speed) are collected while the car is on a trip and delivered to the CMT backend for storage and analysis. Telematics data is used to identify crashes and other driving safety events such as hard braking. Video and Audio Data is recorded and stored on DriveScape and delivered to the CMT backend for storage and analysis based on the chart below. Personal time means not driving on the Uber platform. Uber provides this information to CMT.
Only if the Dashcam is Powered On
Activation Collected Data Types Method of collection Shared with Operational During Personal time
Determined by Driver Video and audio recordings and data

Telematics Data 		Standalone bookmark button, or video request from the DriveScape app CMT, and Driver No, unless the driver chooses to enable it.
Determined by Driver Video and audio recordings and data

Telematics Data 		An incident report using the Uber app CMT, Driver, and Uber. No
Automated Video and audio data

Telematics Data 		for time periods of hard braking, crashes or potential crashes (as detected using telematics data collected from CMT or Uber through its mobile app) CMT, Driver, and Uber. No
Operational Usage Road and Cabin snapshots Taken each minute of driving (are used to find relevant time periods and other similar purposes). CMT, Driver, and Uber. Yes, if the driver chooses to enable it.
Safety Research Video and Audio recordings and data

Telematics Data 		Video and Audio data selected to be used for driving safety research performed by CMT CMT, and Uber (only receives the analysis of the research). No
Retention on DriveScape Device: Video and Audio data is stored for up to 30 days.

Retention at CMT:
  • Video and Audio - 1 year (See Section 5 below for more details and exceptions), and
  • Telematics Data - as long as reasonably necessary to fulfill the purposes for which it was provided or collected, and to improve our technology and services, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements or if required to fulfill our legal obligations. See Section 5 below for more details and exceptions.
  • Use and Retention at Uber: any usage of recordings and data is solely governed by the Uber Privacy Policy.
Other Data Sources: CMT may source data (such as weather) to aid in the analysis.

Details

1. Scope

This Policy Only Applies to the Processing or Collection of Personal Data

Personal Data means any information about an individual from which that individual can be identified.

Role as Controller

This Privacy Policy describes our role as a ‘controller’ of Personal Data (the party that decides the purpose and means of the processing of Personal Data).

For the purposes of US data protection laws and any applicable national implementing laws, regulations and secondary legislation relating to the processing of personal data, the controller is Cambridge Mobile Telematics, Inc. of 314 Main Street, Suite 1200, Cambridge, MA 02142.

2. Data Collection

A. Personal Data We Collect Directly from You

The Personal Data we collect directly from you may include:

  • Video and Audio Data: (see Summary Table)
  • Telematics Data: (see Summary Table)
  • Road and Cabin Snapshots (see Summary Table)
  • Location Data: we also use GPS technology to determine your current location and while driving.
  • Aggregated Data: we also collect, use and share statistical or demographic data for any purpose. This Aggregated Data could be derived from your personal data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature.

3. Use of Personal Data

We have set out below, in table format, a description of all the ways we plan to use your Personal Data.

Purpose/Activity Type of data
Process, store, and provide to Uber and Driver based on the chart above. Video and Audio recordings and data

Telematics Data

Road and Cabin snapshots
To administer and protect our business and the DriveScape Service (including troubleshooting, data analysis, testing, system maintenance, support, updates, reporting and hosting of data) Video and Audio recordings and data

Telematics Data

Road and Cabin snapshots
To use data analytics to improve the DriveScape Service Video and Audio recordings and data

Telematics Data

Road and Cabin snapshots

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to obtain an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

4. Disclosure and Sharing with third parties

CMT does not sell your Personal Data.

We may share your Personal Data with third parties for the purposes set out in the table above. Below is a summary of the types of third parties used:

A. Service Providers

Our contracted service providers, who provide services such as IT and system administration, help desk, CRM, and cloud-hosting.

B. Our Affiliates

With affiliates within our corporate group, to the extent such sharing of data is necessary to fulfill a request you have submitted online or for customer support, marketing, technical operations, and account management purposes.

C. Professional Advisers

In individual instances, we may share your Personal Data with professional advisers acting as service providers, processors, or joint controllers – including lawyers, bankers, auditors, and insurers based in countries in which we operate.

D. Change in Ownership

To a successor, if we engage in a merger, reorganization, or other corporate change, or sell a business unit, or a significant portion of our business. By applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.

E. Legal Requirements

We may be required by law or legal process to disclose your Personal Data, to enforce our legal agreements, or to protect our rights, property, safety, our customers, or others, and we will try to take steps to limit any such disclosure. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

5. Retention

After the expiry of the applicable retention periods, your Personal Data will be deleted. except if there is a dispute, crash, driving incident, or legal compliance reason for retaining it for a longer period of time. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.

In addition, we may retain your Personal Data for a longer period in the event of a complaint, if we reasonably believe there is a prospect of litigation in respect of our relationship with you, to comply with law enforcement requests, maintain security, prevent fraud and abuse, resolve disputes, enforce our legal agreements, or fulfill your request to “unsubscribe” from further messages from us.

We will retain some anonymized information after your account has been closed and we may use this for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

6. Your Rights Relating to Your Personal Data

A. Your Rights

You have the right under certain US based data protection law, free of charge to request:

  • Access your Personal Data held by us;
  • Rectification or deletion of your Personal Data;
  • A restriction on our processing of your Personal Data;
  • A transfer of your Personal Data (data portability) in a structured, machine readable and commonly used format;
  • Object to the processing of your Personal Data;
  • Withdraw your consent to us processing your Personal Data, at any time.

To exercise any of the above rights, please contact us by email at privacy@cmtelematics.com, or by phone at 800-941-7177. We will respond to such queries within 30 days and deal with requests we receive from you, in accordance with the provisions of Data Protection Law. Occasionally it could take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights), for example your email address and telephone number used to register with us. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

B. Data Security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.

7. Data Protection Officer

CMT has a data protection officer (DPO) who can be contacted as follows: dpo@cmtelematics.com.

8. Complaints

Our intention is to meet the highest standards when collecting and using Personal Data. For this reason, we take the complaints we receive very seriously. We encourage users to notify us if they think that our collection or use of Personal Data is unfair, misleading, or inappropriate. If you have any complaints about our use of your Personal Data, please contact our DPO or contact your local data protection supervisory authority.

9. Other Terms

A. Industry Standard Security

While we use industry-standard security measures to protect against the loss, misuse, and alteration of the Personal Data under our control, there is no guarantee that it cannot be compromised. We have aligned our Information Security Management System with the ISO 27001 Standard and SOC2 Type II Framework and are audited against these standards and frameworks on an annual basis.

B. No Contractual Rights

This Privacy Policy is not a contract and does not create any contractual rights or obligations.

C. Links to Third-Party Sites

Our services and website may contain links to other sites and services owned and controlled by others. These third-party websites have privacy policies, and you should review those policies.

D. Contact Us

For specific information, or to ask questions of our privacy team, please contact us at privacy@cmtelematics.com.

E. Revisions to this Policy

We may change this Privacy Policy at any time and changes will be posted on this page and, where appropriate, we will notify you through email. Please check back frequently to see any updates or changes to our Privacy Policy.

This Privacy Policy was last revised on November 15, 2023