Assetbots LLC (“we” or “us”) owns and operates https://www.assetbots.com (“Site”) and the Assetbots mobile applications (“Assetbots Apps”) on which we provide mobile business asset tracking services. The Site and Assetbots Apps are together the “Services”.
For the purposes of this Policy, “Users” means:
- “Owner” means the individual who initially sets up the Service (each an “Owner”);
- “Administrators” means the individuals who operate the technical features available through the Services;
- “Users” means the individuals who are employed or affiliated with a company or organization that uses the Services for professional purposes (“Company”).
Owner and Administrators are together “Administrative Users.”
1. INFORMATION WE COLLECT
We collect the following types of information:
We don’t ask the Company to share Personal Data of its Users as part of the Company’s Data. We don’t request any Personal Data from any other User other than the Owner. The information that is part of the Company’s Data is only intended to allow the Company to use the Services in an efficient manner and to internally identify which User is currently assigned to each registered asset.
The Services can be used without any Company Data by using only asset information to track assets.
We, as a Processor of the Company’s Data, are not responsible and have no available methods to validate if the Company’s Data is accurate and represents or not a natural person.
Finally, when Administrative Users log on to their accounts, we will record their geo-location, IP address and/or unique mobile device identifier and may tie it to their specific account.
We do not knowingly collect Personal Data through the sign-up form on our Site from anyone under age 16. If you are under 16, please do not leave your contact information on our Site. If you are a parent or guardian of a child under 16 years old and you learn that your child has left Personal Data on our Site, please contact us at [email protected].
In addition, if a User provides us feedback or contacts us (for support, for example), we will collect the data included in the communication.
When an Administrative User uses the Services, we may automatically record certain information from them including IP address or other device address or ID, web browser and/or device type, the actions performed on the Service, and the dates and times of the access or use of the Service. We also collect information regarding the Administrative User interaction with email messages, such as whether they open, click on, or forward a message. This information is gathered from Administrative Users only. We do not collect usage information or email tracking information from Users.
The Services are intended to allow Companies to create, track, and maintain an inventory of assets, including information regarding Users, business assets and property, insurance policies, contracts, and warranties related to the Company. For this reason, getting information about assets tracked by our Services is one of the main reasons why a Company hires our Services.
Asset Information consists of information about assets, from which Assetbots is not able to identify an individual.
Please see HOW WE USE AND SHARE USAGE INFORMATION AND ASSET INFORMATION for more information.
We take measures to protect the technical information collected by our use of Google Analytics. The data collected will only be used on a need-to-know basis to resolve technical issues, administer the Site and identify visitor preferences; but in this case, the data will be in non-identifiable form. We do not use any of this information to identify Visitors or Users.
You may opt out from the collection of navigation information about your visit to the Site by Google Analytics by using the Google Analytics opt-out feature.
2. HOW WE USE PERSONAL DATA
We use the Personal Data we collect as described above.
- To customize and analyze the Service.
- To enhance your experience of Services.
- To verify your eligibility for the Services.
- To contact you regarding your account.
- To prevent, detect and fight fraud or other illegal or unauthorized activities.
- Address ongoing or alleged fraud on or though the Services and our related products and services;
- Analyze data to better understand and design countermeasures against fraud;
- Retain data related to fraudulent activities to prevent recurrence.
- To ensure legal compliance.
- Comply with legal requirements;
- Assist law enforcement;
- Enforce or exercise our rights.
- Legitimate interests: We may use your information where we have legitimate interests to do so. For example, we analyze our users’ behavior to improve the Services, to prevent and detect fraud and misuse, and to market new products and services that we think will interest you;
- Consent: From time to time, we may ask for your consent to use your information. You may withdraw your consent at any time by contacting us at [email protected].
You may stop receiving promotional emails from us by clicking the unsubscribe link at the bottom of the promotional email. Communication related to important changes on Services are not considered promotional email.
3. HOW WE SHARE PERSONAL DATA
We will not sell, rent, or share Personal Data or Company’s Data with third parties except in the following ways:
- Applicable law may require us and our service providers to disclose your information if: (i) reasonably necessary to comply with a legal process, such as a court order, subpoena or search warrant, government investigation or other legal requirements; or (ii) necessary for the prevention or detection of crime (subject in each case to applicable law).
- We may also share information: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
- We may transfer your information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.
- We may ask for your consent to share your information with third parties. When we do, we will make clear why we want to share the information.
4. HOW WE USE AND SHARE USAGE INFORMATION AND ASSET INFORMATION
We use the Usage Information and Asset Information for the following purposes: (i) to monitor the effectiveness of our Service; (ii) to monitor aggregate metrics such as use and demographic patterns; and (iii) to diagnose or fix technology problems reported by our Users or our employees; (iv) to provide usage trends reports (“Trends”) to support recommendation and statistics to our Users. In those cases, the information will be de-identified, and will only be based on general information combined through our algorithms with Usage Information and Asset Information.
Also, we reserve the right to use the de-identified Usage Information and Asset Information to: (i) create, publish and sell any kind of public or private reports and other informational content; (ii) to assist such parties in understanding our Users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Services; or (iii) for any other business or marketing purposes decided by us.
5. HOW WE PROTECT YOUR INFORMATION
We take the security of your Personal Data and Company’s Data seriously and use appropriate technical, administrative, and physical measures designed to protect your Personal Data against unauthorized or unlawful processing and against accidental loss, destruction or damage. This includes, for example, encryption, firewalls, password protection and other access and authentication controls. We also limit access to Personal Data and Company’s Data to employees who reasonably need access to it to provide products or services to you, or to do their jobs. However, because no security system can be 100% effective, we cannot completely guarantee the security of any information we may have collected from or about you.
6. HOW LONG WE RETAIN PERSONAL AND COMPANY’S DATA
We retain Personal Data and Company’s Data based on the following criteria:
- Active Company’s Data: Company’s Data, including assets, users and other data currently in use and not deleted on your account. Active Company’s Data is retained for as long as your account is active or until it’s manually removed from your account by an Administrator.
- Active Company’s Data Backups: Assetbots performs full daily Backups for all Active Company’s Data and store such backups in a Recovery Datacenter for up to 7 days. After 7 days, the Backup is deleted. Based on this flow, any information manually removed from your account by an Administrator will still be retained as part of the Active Company’s Data Backup for up to 7 days.
- Administrative Users Logs: Assetbots logs relevant actions performed by Administrative Users when operating the features offered by the Services. Administrative Users Logs can be retained for up to 90 days from the day the logged action occurred. After 90 days the Administrator Log will be automatically deleted from production environment. Administrator Logs are part of the Active Company’s Data Backups described in section 6 “b” above and after the deletion from the production environment, Administrator Logs may be part of the Active Company’s Data Backups for up to 7 days.
- Support Logs: When you create a support ticket, depending on the complexity of the question or request, it may be necessary for engineers on Assetbots’ Technical Support team to prepare and implement special logs that will be used to support you. Those logs may include Company’s Data. Support Logs will be retained for up to 90 days.
- Support Ticket Attachments: When you create a support ticket, our Services give you the option to attach files to the ticket. Assetbots doesn’t expect to receive any sensitive or protected information from Support Ticket Attachments, including any Company’s Data. If you need to submit any proprietary information as an attachment of a Support Ticket, please share that with our Support Team before any submission so you can receive correct instructions. Support Ticket Attachments may be retained for up to 90 days and will not be part of any backup.
As an exception, we may retain Personal and Company’s Data for periods that are longer than the periods described on this Section 6 based on the following reasons:
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them);
- Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations).
7. YOUR CHOICES ABOUT YOUR INFORMATION
We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided through your use of the Services. If you wish to access or amend any other Personal Data we hold about you, you may contact us by opening a new support ticket or emailing us at [email protected]. At your request, we will have any reference to you deleted or blocked in our database.
You, as an Owner, may update, correct, or delete your Account information and preferences at any time by opening a new support ticket.
Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
You may decline to provide Personal Data, in which case we will not be able to establish an account to the Company you represent or provide our Services to your Company.
At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact us at [email protected].
You also have a right to lodge a complaint with data protection authorities.
Based on the permissions granted by the Owner, Administrative Users can at any time update, correct, or delete any information, including potential Personal Data, that is part of the Company’s Data registered, uploaded and stored into our Service.
We have no direct relationship with the Users created by the Company by the upload and storage of the Company’s Data, whose potential Personal Data it may process on behalf of a Company. An individual who seeks access, or who seeks to correct, amend, delete inaccurate data should direct his or her query to the Company or Administrative User they deal with directly.
If the Company requests us to remove the data, we will respond to its request within thirty (30) days. We will delete, amend or block access to any Personal Data and Company’s Data that we are storing only if we receive a written request to do so from the Owner who is responsible for such Account, unless we have a legal right to retain such Personal Data or Company’s Data. We reserve the right to retain a copy of such data for archiving purposes, or to defend our rights in litigation.
8. CROSS-BORDER DATA TRANSFERS
Sharing of information sometimes involves cross-border data transfers to or from the United States of America and other jurisdictions. For example, when the Services are available to users in the European Economic Area (“EEA”), Personal Data is transferred to the United States. We use the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and standard contractual clauses approved by the European Commission to validate transfers of EEA residents’ personal information from the EEA to other countries. Standard contractual clauses are commitments between companies transferring personal information of EEA residents to protect the privacy and security of the transferred personal information. Please see Section 9 for information about our participation in the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
9. OUR PARTICIPATION IN THE DATA PRIVACY FRAMEWORK
To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
With respect to EU, UK, or Swiss Personal Data received or transferred pursuant to the Data Privacy Frameworks, Assetbots is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Definitions. In this section, the following terms have the following meanings:
- “EU Personal Data” means any information relating to a EU User that identifies or can be used to identify that EU User, either separately or in combination with other readily available data that is received by Assetbots in the U.S. from the EEA, UK or Switzerland in connection with the Services, including information provided offline, including Sensitive Personal Data.
- “Sensitive Personal Data” means EU Personal Data regarding an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data that uniquely identifies an individual, physical or mental health, or sexual life or orientation.
- “EU User” means a User who resides in the EEA, UK or Switzerland.
Data Privacy Framework Principles. Assetbots commits to processing EU Personal Data in accordance with the DPF Principles as follows:
Prior to collecting EU Personal Data, Assetbots notifies EU Users about the categories of EU Personal Data that Assetbots collects and the purposes for collection and use of their EU Personal Data. Assetbots will only process EU Personal Data in ways that are compatible with the purpose for which Assetbots collected it or for purposes later authorized.
Please see the YOUR CHOICES ABOUT YOUR INFORMATION section above for more information about how to exercise your choices.
- Accountability for Onward Transfer
Assetbots shares EU Personal Data collected through the Services as described above.
If Assetbots transfers Personal Data to a third party, Assetbots takes reasonable and appropriate steps to ensure that each third-party transferee processes Personal Data transferred in a manner consistent with Assetbots’ obligations under the DPF Principles. Assetbots will ensure that each transfer is consistent with any notice provided to EU Users and any consent they have given. Assetbots requires a written contract with any third party receiving EU Personal Data that ensures that the third party (i) processes the Personal Data for limited and specified purposes consistent with any consent provided by EU Users, (ii) provides at least the same level of protection as is required by the DPF Principles, (iii) notifies Assetbots if it cannot comply with the DPF; and (iv) ceases processing EU Personal Data or takes other reasonable and appropriate steps to remediate.
As noted above, under certain circumstances, Assetbots may be required to disclose EU Personal Data in response to valid requests by public authorities, including for national security or law enforcement requirements.
Assetbots remains liable under the DPF Principles if an agent processes EU Personal Data in a manner inconsistent with the Principles unless Assetbots is not responsible for the event giving rise to the damage.
Assetbots takes appropriate measures to protect EU Personal Data from loss, misuse and unauthorized access, disclosure, alteration, unavailability and destruction. In determining these measures, Assetbots takes into account the risks involved in the processing and the nature of the EU Personal Data.
- Data Integrity and Purpose Limitation
Assetbots takes reasonable steps to ensure that such EU Personal Data is reliable for its intended use, accurate, complete and current. Assetbots adheres to the DPF Principles for as long as it retains EU Personal Data in identifiable form. Assetbots takes reasonable and appropriate measures to comply with the requirement under the DPF to retain EU Personal Data in identifiable form only for as long as it serves a purpose of processing.
Assetbots limits the collection of EU Personal Data to information that is relevant for processing. Assetbots does not process EU Personal Data in a way that is incompatible with the purpose for which it was collected or subsequently authorized by an EU User.
An EU User has the right to access their EU Personal Data and to correct, amend, limit use of or delete the EU Personal Data if the Personal Data is inaccurate or processed in violation of the DPF Principles. Assetbots is not required to grant the rights to access, correct, amend and delete EU Personal Data if the burden or expense of providing access, correction, amendment or deletion is disproportionate to the risks to the EU User’s privacy or if the rights of persons other than the EU User are or could be violated.
Please see the YOUR CHOICES ABOUT YOUR INFORMATION section above for more information about how to exercise your choices.
- Recourse, Enforcement, and Liability
In compliance with the DPF Principles, Assetbots commits to resolve complaints about your privacy and our collection or use of your Personal Data transferred to the United States pursuant to the DPF. European Union, UK, and Swiss individuals with Data Privacy Framework inquiries or complaints should first contact Assetbots at [email protected].
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Assetbots commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Data Privacy Framework Annex 1 at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
Assetbots commits to periodically review and verify its compliance with the Data Privacy Framework Principles and to remedy any issues arising out of failure to comply with the DPF Principles. Assetbots acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Data Privacy Framework participants.
10. YOUR CALIFORNIA PRIVACY RIGHTS
If you are a California resident, you can request a notice disclosing the categories of Personal Data about you that we have shared with third parties for their direct marketing purposes during the preceding calendar year. At this time, Assetbots does not share Personal Data with third parties for their direct marketing purposes.
11. CHILDREN UNDER 16