Privacy policy

Last updated: March 9, 2022

Cardata Consultants Inc. (“Cardata,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy sets out how Cardata collects, uses, discloses and otherwise manages your Personal Information (as defined below). This Privacy Policy applies to the privacy practices of Cardata, including with respect to the Cardata Mobile mobile application (our “App”), the website https://www.cardata.co (the “Website”), and anywhere else it is posted (collectively, the “Services”). 

WHAT IS PERSONAL INFORMATION?

“Personal Information,” as used in this policy, is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you, such as your name, residential address and e-mail address and includes information about your mileage and reimbursement amounts.Personal Information does not include aggregate or deidentified information or other non-personally identifiable information. Aggregate information is information that we collect about a group or category of products, services, or users that cannot be linked back to any particular individual(s) . We may use and disclose aggregate information, deidentified information and other non-personally identifiable information, for various purposes.We may receive Personal Information from your employer and other third parties, provided that such parties confirm to us that they have obtained your consent to the disclosure of your Personal Information to us for the purposes contemplated in this Privacy Policy.

COLLECTION AND USE OF PERSONAL INFORMATION

Cardata collects and uses your Personal Information as described below, including to provide you with the products and services you or your employer have requested from us, which may include electronic funds payment. 

We collect Personal Information that you or your employer provide directly to us, including your name, contact information, payment information, and information about your vehicle (including your vehicle insurance). We use this information to provide the Services to you.

We, and our third-party partners, use tracking technologies to automatically collect usage and device information, such as:

  • Information about your device and its software, such as your IP address, browser type, Internet service provider, device type/model/manufacturer, operating system, date and time stamp, and a unique ID that allows us to uniquely identify your browser or your account (including, for example, a persistent device identifier or an Ad ID), and other such information. We may also work with third-party partners to employ technologies, including the application of statistical modeling tools, which permit us to recognize and contact you across multiple devices.
  • When you access our Website from a mobile device, we may collect unique identification numbers associated with your device or our mobile application (including, for example, a UDID, Unique ID for Advertisers (“IDFA”), or Google AdID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number, and depending on your mobile device settings, your geographical location data, including GPS coordinates (e.g., latitude and/or longitude) or similar information regarding the location of your mobile device, or we may be able to approximate a device’s location by analyzing other information, like an IP address.  
  • Information about the way you access and use our services, for example, the website from which you came and the website to which you are going when you leave our services, the pages you visit, the links you click, whether you open emails or click the links contained in emails, whether you access the services from multiple devices, and other actions you take on the Website.

We use the data collected through tracking technologies to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the Site; (b) provide custom, personalized content and information, including targeted content and advertising; (c) identify you across multiple devices; (d) provide and monitor the effectiveness of our services; (e) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our Site; (f) diagnose or fix technology problems; and (g) otherwise to plan for and enhance our services.

When you use our App, we will collect your Personal Information to provide vehicle reimbursement services. Using your Cardata account credentials, you will be able to log into the App and complete a setup process. Throughout the setup process, the App will display screens and information on enabling location collection and optimizing your device for automatic drive tracking. The App runs in the background to detect your driving based on movement and location information, and collects this information on a user-set schedule. The App will routinely check your schedule to ensure tracking is correctly set to “off” or “on”.

As you use the App, we collect data related to driven mileage and route logs. This data may include:

  • device and operating system information;
  • location;
  • speed;
  • altitude;
  • movement type;
  • battery level; and
  • Bluetooth connectivity.

The App uses your data to automatically detect when you are or are not driving. Precise location information will be collected if you opt in by both accepting your mobile device’s operating system requirements and enabling tracking through the App’s “Enable Tracking” button.

If you do not want us to collect your Personal Information through the App, please delete the App from your mobile device.

Disclosure of Personal Information

We may disclose your Personal Information as set out below or as otherwise required or permitted by law.

  • Third Parties: We may request your consent to disclose your Personal Information (such as your name and email address) to third-parties, such as banks. If you consent to this disclosure, these third parties may use your Personal Information to improve their services, let you know about products and services that may be of interest to you by email or other means, or for any other purposes in accordance with their privacy policies. We are not responsible for the manner in which these third parties treat your Personal Information. If you wish to withdraw your consent to such sharing, you can email us at privacy@cardataconsultants.com
  • Service Provider Arrangements: We may disclose your Personal Information to third parties who provide services on our behalf. For example, we may use service providers to host our website, send email and text message communications (in accordance with applicable anti-spam laws), or process payments on our behalf.  Our service providers are given the information they need to perform their designated functions, and we do not authorize them to use or disclose your Personal Information for their own marketing or other purposes. For additional information about the way in which our service providers treat your Personal Information, contact us as set out below.
  • Sale of Business: We may transfer any information we have about you as an asset in connection with a proposed or completed merger, acquisition, debt financing, or sale (including transfers made as part of insolvency, receivership, or bankruptcy proceedings) involving all or part of Cardata or as part of a corporate reorganization or other change in corporate control.
  • Legal and Compliance: Cardata and our Canadian and US service providers may disclose your Personal Information in response to a search warrant or other legally valid inquiry or order, or to an organization in the case of a breach of an agreement or contravention of law, or as otherwise required or permitted by applicable Canadian, US or other law. We may also disclose Personal Information where necessary for the establishment, exercise or defense of legal claims, to detect, prevent or suppress fraud, and to investigate or prevent actual or suspected loss or harm to persons or property.

Data Transfers

Some of the persons to whom we may provide your Personal Information may be located in jurisdictions outside of Canada, including the United States. As a result, your Personal Information will be used, stored and/or accessed outside of Canada including in the United States and possibly other jurisdictions.  Please note that when your Personal Information is located outside of Canada, it will be subject to the laws of the country in which it is situated and these jurisdictions may not have an equivalent level of data protection laws as those in Canada.

Cookies and Tracking Technologies 

In addition to information you submit to us, we may collect certain information using automated tools such as cookies, web beacons, and web server logs as described below. The types of information we collect automatically may include IP addresses, device identifiers, browser characteristics, length of visits, and pages viewed. We may use this information to, for example, associate different devices that you use in connection with the Services.

As contemplated below, we may combine certain automatically collected information with other information we obtain about you, which may include data we obtain from third parties.

Data Analytics: We or our service providers (such as Google Analytics) collect the IP (Internet protocol) addresses and device identifiers of all users of the Services as well as other usage information such as page requests, browser type, operating system and average time spent using our Services. We use this information to help us understand your use of the Services, to monitor and improve the Services, and to tailor our Services for you and other users. For further information about how Google may use data it collects through the Website you may click here, or click here to learn more about opting out of Google Analytics data collection.

Your web browser may have settings that allow you to transmit a “Do Not Track” signal when you visit various websites or use online services. Like many websites, our Website is not designed to respond to “Do Not Track” signals received from browsers. To learn more about “Do Not Track” signals, you may wish to visit http://www.allaboutdnt.com/.

Cookies: When you visit our Website, we may use cookies. A cookie is a tiny element of data that is sent to your browser and may then be stored on your device. Cookies let us know who you are and provide us and our service providers with information that we use to personalize our Services in accordance with your preferences. You may set your browser to notify you when you receive a cookie or to not accept certain cookies. However, if you decide not to accept cookies, you may not be able to take advantage of all of the features of our Services.

Tracer Tags & Web Beacons: We may also use a technology called "tracer tags" or "Web Beacons" on our Services. For example, we may use this technology in order to help us understand which pages you visit on our Website or which of our emails you view or interact with. This information helps us optimize and tailor our Services to you.

Targeted Advertising: Third parties (such as ad networks) may use cookies and other technologies to collect information about your use of our Website and other websites (such as web pages you visit and your response to ads) in order to deliver ads that are more relevant to you, both on and off our Website. You can opt-out of this form of targeted advertising from all or some of the companies listed on the Digital Advertising Alliance of Canada’s opt-out tool, available at: www.youradchoices.ca/choices.

You may choose whether to receive some Interest-based advertising by submitting opt-outs. Some of the advertisers and service providers that perform advertising-related services for us and third parties may participate in the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding Interest-based Advertising, visit http://www.aboutads.info/choices/, and http://www.aboutads.info/appchoices for information on the DAA’s opt-out program for mobile apps. Some of these companies may also be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, see http://www.networkadvertising.org/choices/. Please be aware that, even if you are able to opt out of certain kinds of Interest-based advertising, you may continue to receive other types of ads. Opting out only means that those selected members should no longer deliver certain Interest-based advertising to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). Also, if your browsers are configured to reject cookies when you visit these opt-out webpages, or you subsequently erase your cookies, use a different device or web browser or use a non-browser-based method of access (e.g., mobile app), your NAI/DAA browser- based opt-out may not, or may no longer, be effective. Cardata supports the ad industry’s Self-regulatory Principles for Online Behavioral Advertising (https://www.iab.com/wp-content/uploads/2015/05/ven-principles-07-01-09.pdf) and expects that ad networks Cardata directly engages to serve you Interest-based advertising will do so as well, though we cannot guaranty their compliance. Cardata is not responsible for effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.

Additional Information About our Website & App

Third Party Links: Our Service may contain links to other websites or apps that Cardata does not own or operate. Except as provided herein, we will not provide any of your Personal Information to these third parties without your consent. We provide links to third party websites or apps as a convenience to the user. These links are not intended as an endorsement of or referral to the linked website or apps. The linked website or apps have separate and independent privacy statements, notices and terms of use, which we recommend you read carefully. We do not have any control over such third-parties, and therefore we have no responsibility or liability for the manner in which they operate such linked website or apps.

Children’s Privacy: Our Website is not intended for, nor targeted to, children under 13, and we do not knowingly or intentionally collect information from children under 13. If you are under the age of 13, please do not use our Services or otherwise provide us with any Personal Information either directly or by other means. If a child under the age of 13 has provided Personal Information to us, we encourage the child’s parent or guardian to contact us to request that we remove the Personal Information from our systems. If we learn that we have received information directly from a child who is under the age of13, we will delete the information in accordance with applicable law.

Security of Personal Information

We maintain administrative, technical and physical safeguards designed to help protect Personal Information collected or received through our Website or App. 

Where we use service providers who might have access to your Personal Information in order to assist us in offering and administering our Website or App, we require them to have privacy and security standards that are comparable to ours. We use contracts and other measures with our service providers to maintain the confidentiality and security of your Personal Information and take reasonable steps to prevent it from being used for any other purpose.

Although we use reasonable efforts to safeguard information, transmission of information via the Internet and mobile platforms is not completely secure and we cannot guarantee the security of your information collected through our Website or App. Your online access to certain of your Personal Information may be protected with a password you select. We strongly recommend that you do not disclose your password to anyone and change your password on an appropriate frequency.

We have a Personal Information retention process designed to retain Personal Information for no longer than necessary for the purposes stated above or to otherwise meet legal requirements.

Access to your Personal Information

You have the right to access, update, and correct inaccuracies in your Personal Information in our custody and control, subject to certain exceptions prescribed by law. You may access, update and correct certain of your Personal Information through your account. You may request access, updating and corrections of inaccuracies in any other Personal Information in our custody or control by emailing or writing to us at the contact information set out below. We may request certain personal information for the purposes of verifying the identity of the individual seeking access to their Personal Information records.

REGION-SPECIFIC DISCLOSURES 

  • California: If you are a resident of the State of California in the United States, please click here for additional California-specific privacy disclosures.  
  • Nevada: Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident.  Note we do not sell your Personal Information within the meaning of Chapter 603A. However, if you would still like to submit such a request, please contact us at privacy@cardataconsultants.com

Changes to the Privacy Policy

This Privacy Policy may be updated periodically to reflect changes to our Personal Information practices. We will provide you with notice of these changes by posting the revised Privacy Policy on our Website and in our App. In some cases, we may also email you notice of such changes. Your continued use of this Service after such changes will be subject to the then-current policy. We strongly encourage you to please refer to this Privacy Policy often for the latest information about our Personal Information practices.

Contact Us

Please contact our Privacy Officer at privacy@cardataconsultants.com if you have any questions or comments about this Privacy Policy, including our use of service providers outside of Canada, if you wish to access, update, and/or correct inaccuracies in your Personal Information or you otherwise have a question or complaint about the manner in which we or our service providers treat your Personal Information.

ADDITIONAL CALIFORNIA PRIVACY DISCLOSURES

Last Updated: March 8, 2022

Scope of Disclosures

These Additional California Privacy Disclosures (the “CA Disclosures”) supplement the information contained in our Privacy Policy and apply solely to individual residents of the State of California ("consumers" or "you"). These CA Disclosures describe how we collect, use, disclose, and otherwise process Personal Information of individual residents of the State of California, either online or offline, within the scope of the California Consumer Privacy Act of 2018 (CCPA).  Unless otherwise expressly stated, all terms in these CA Disclosures have the same meaning as defined in our Privacy Policy or as otherwise defined the CCPA.  

Personal Information Disclosures

When we use the term “Personal Information” in these CA Disclosures, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

For the purposes of these Disclosures, Personal Information does not include:

  • Publicly available information from government records.
  • Deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to you.
  • Information excluded from the CCPA's scope, such as:
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
  • Information relating to our job applicants, employees, contractors and other personnel.

Collection and Use of Personal Information

We collect various categories of Personal Information in connection with our Services. Please review the Privacy Policy to learn more about the Personal Information we collect.

In the last 12 months, we have collected the following categories of Personal Information:

Category of Personal Information Collected

Collected

Categories of Sources

Identifiers, such as your name, address, phone number, email address, date of birth or other similar identifiers.

  • Directly from you or your employer
  • Our business partners and affiliates
  • Third parties you direct to share information with us
  • Social networks
  • Data sellers

California Customer Records (Cal. Civ. Code § 1798.80(e))

  • Directly from you or your employer
  • Our business partners and affiliates
  • Third parties you direct to share information with us
  • Social networks
  • Data sellers

Protected Classification Characteristics

Commercial Information

  • Directly from you or your employer

Biometric Information

Internet/Network Information

  • Your browser or device

Geolocation Data

  • Your browser or device

Sensory Information

Profession/Employment Information

  • Directly from you or your employer
  • Third parties you direct to share information with us

Non-Public Education Information (20 U.S.C. § 1232g, 34 C.F.R. Part 99)

Other Personal Information

  • Directly from you or your employer
  • Your device

Inferences

  • Your browser or device
  • Information generated or derived from your online browsing and usage activity

Purposes for Collecting Personal Information

We collect Personal Information from and about you for a variety of purposes. To learn more about the types of Personal Information we collect, the sources from which we collect or receive Personal Information, and the purposes for which we use this information, please refer to the privacy policy.

Sales of Personal Information

We do not sell Personal Information and will not sell Personal Information unless we provide proper notice to consumers and, in the case of Personal Information collected prior to that notice, we obtain explicit consent for the sale of Personal Information relating to those individuals we previously interacted with.  

Recipients of Personal Information

As described in our Privacy Policy, we share Personal Information with third parties for business purposes or we may sell your Personal Information to third parties, subject to your right to opt out of those sales (see The Right to Opt-Out of Personal Information Sales below).

We disclose your personal Information to the following categories of third parties:

  • Our service providers: We engage a number of third-party service providers that perform business or operational services for us or on our behalf, such as website hosting, infrastructure provisioning, IT services, customer service, email delivery services, marketing and advertising services, and other similar services, subject to contractual terms restricting the collection, use and disclosure of your Personal Information for any other commercial purpose.  
  • Third parties at your request. We share your Personal Information with third parties with your consent or at your direction.
  • Cardata’s Customers. We may share Personal Information with Cardata customers who have engaged us to provide services, subject to those businesses obtaining your consent where they are required by law to do so.
  • Businesses as needed to provide Services. We may share Personal Information with third parties you engage with through our Service, or as needed to fulfil your request or transaction, including, for example, order fulfilment, payment processing, or delivery or shipping services.
  • Security providers. We may share your Personal Information with third-party security providers, for example, to detect, prevent, or otherwise address actual or suspected fraud, harassment, security or technical issues, violations of any law, rule or regulation;
  • Analytics providers. We work with third party analytics providers to better understand the demographics of our users and visitors, and to personalize, enhance and improve our Service;
  • Law enforcement and third parties pursuant to legal request. From time to time, we may disclose Personal Information as reasonably necessary to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
  • Third parties in the context of a corporate transaction. We may disclose Personal Information as reasonably necessary to evaluate, negotiate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about consumers is among the assets transferred or is otherwise relevant to the evaluation, negotiation or conduct of the transaction.

Your California Privacy Rights

As a California resident, you may be able to exercise the following rights in relation to the Personal Information about you that we have collected (subject to certain limitations at law):

The Right to Know

You have the right to request any or all of the following information relating to your Personal Information we have collected and disclosed in the last 12 months, upon verification of your identity:

  • The specific pieces of Personal Information we have collected about you;
  • The categories of Personal Information we have collected about you;
  • The categories of sources of the Personal Information;
  • The categories of Personal Information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
  • The categories of Personal Information we have sold and the categories of third parties to whom the information was sold; and
  • The business or commercial purposes for collecting or selling the Personal Information.

The Right to Request Deletion

You have the right to request the deletion of Personal Information we have collected from you, subject to certain exceptions.

The Right to Opt Out of Personal Information Sales

You have the right to direct us not to sell Personal Information we have collected about you to third parties now or in the future.

If you are under the age of 16, you have the right to opt in, or to have a parent or guardian opt in on your behalf, to such sales.

The Right to Non-Discrimination

You have the right not to receive discriminatory treatment for exercising these rights.

However, please note that if the exercise of these rights limits our ability to process Personal Information (such as in the case of a deletion request), we may no longer be able to provide you our products and services or engage with you in the same manner.

How to Exercise Your California Consumer Rights

To Exercise Your Right to Know or Right to Deletion

To exercise your Right to Know and/or your Right to Deletion, please submit a request by:

We will need to verify your identity before processing your request, which may require us to request additional Personal Information from you, including but not limited to, email, mailing address, and date of birth. We will only use Personal Information provided in connection with a Consumer Rights Request to review and comply with the request.

In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.

Authorized Agents

In certain circumstances, you are permitted to use an authorized agent (as that term is defined by the CCPA) to submit requests on your behalf through the designated methods set forth in these Disclosures where we can verify the authorized agent’s authority to act on your behalf by:

  • For requests to know or delete Personal Information:
  • receiving a power of attorney valid under the laws of California from you or your authorized agent; or
  • receiving sufficient evidence from the authorized agent to show that you have provided the agent a signed permission to submit the request; and 
  • verified your own identity directly with us pursuant to the instructions set forth in these CA Disclosures; and
  • directly confirmed with us that you provided the authorized agent permission to submit the request on your behalf.

For requests to opt-out of Personal Information “sales”: receiving a signed permission demonstrating your authorized agent has been authorized by you to act on your behalf. 

Financial Incentives

We do not offer financial incentives or price or service differences to consumers in exchange for the retention or sale of a consumer’s Personal Information:

Updates to These CA Disclosures

We will update these CA Disclosures from time to time. When we make changes to these CA Disclosures, we will change the "Last Updated" date at the beginning of these Disclosures. All changes shall be effective from the date of publication unless otherwise provided in the notification.

Contact Us

If you have any questions or requests in connection with these CA Disclosures or other privacy-related matters, please send an email to privacy@cardataconsultants.com.