VisionTrack Limited

Privacy Policy: How we use your information

VisionTrack (“we, us, our”) is a trading name of VisionTrack Limited and is committed to protecting your privacy. We take great care to ensure your information is kept safe and secure.

This policy explains how we will collect, store, use and share your personal information. We collect information in a number of ways including when you use our website, receive data from a third party, or use our services.

About Us

We are VisionTrack Ltd and we are part of the Markerstudy Group of companies.

Contact Address:

2 Chapman Way
High Brooms Industrial Estate
Tunbridge Wells
Kent
TN2 3EF
Tel: 01246 225 745
Email: info@visiontrack.com

VisionTrack is a multi-award-winning video telematics and CCTV device provider that has won industry awards in the past two years. VisionTrack is the video technology enabler of choice for leading telematics providers.

We work mainly with business partners (B2B) such as insurance companies, telematics providers, lease companies, fleet operators and resellers. We also sell hardware to consumers (B2C), although we do not offer contracted monitoring services to B2C customers.

Explanation of Terms

Data Controller – means the person or entity which alone or jointly with others
determines the purposes and means of the processing of personal data.
Data Processor – means the person or entity which processes personal data on behalf
of the controller.
Data Protection Law – means the Data Protection Act 2018 and the General Data
Protection Regulation ((EU) 2016/679) and any successor laws, regulations and
secondary legislation, as amended or updated from time to time, in the UK.
Markerstudy Group – details of the Markerstudy Group can be found at
www.markerstudygroup.com/about .
Our Platform – means either the VisionTrack platform and Automise.AI platform,
accessible from our website.
Sensitive Information – this is also known as Special Category Data and includes
information revealing, or about a person’s racial or ethnic origin, political opinions
or trade union membership, religious or philosophical beliefs, health, sex life or sexual
orientation, or genetic data and biometric data for the purpose of uniquely identifying
a natural person. Information about criminal convictions is often included in this
definition.
Data Processor and Data Controllers

In respect to our B2B customers, we are a data processor. The companies who have contracted with us to provide the goods and services will be the data controller. Where our services are provided through a reseller, the companies who have contracted with the reseller for us to provide the goods and services will be the data controller.

We will not usually engage directly with the driver of the vehicle; information is provided to us (usually through Our Platform) by the Insurer, telematics service providers, lease company, the reseller, or the Fleet Manager.

In respect of our B2C customers, we will be the Data Controller for the information we collect at the time of purchase. Once you have purchased a device from us you are responsible for how you use, store, and publish the recordings taken on the device; we are not a data processor for our B2C customers.

Where a third-party data controller is involved in the provision of goods and services to you, we recommend that you also review their privacy policy as this will tell you how they will process your information.

Depending upon the types of services you have decided to receive from us (or your company/insurer has elected to provide to you), other companies may also be considered a data controller in respect of those ancillary services.

More information about third parties can be found in your data controller’s privacy policy or the “Who do we share the information we collect about you with?” section below.

We are registered with the ICO, registration number [ZA168519].

Data Protection Officer

We have appointed a Data Protection Officer to oversee our handling of personal information. Our Data Protection Officer can be reached at dataprotection@visiontrack.com.

Please click on the relevant section below for detailed information regarding how we process your information.

Who do we collect information about?

B2C: Previous, current and prospective customers.

B2B: Previous, current and prospective customers, drivers authorised to drive vehicles equipped with telematics/CCTV devices, fleet managers, business partners (insurers and other telematics companies), resellers and users of our platform.

When do we collect information about you?

B2C: When you register to use our website or platform, subscribe to services, search for products, place orders, participate in discussions or social features, submit queries, enter competitions, make complaints, participate in promotions or surveys, or report issues with our services.

B2B: When a product is connected to the platform, when driver details are added, when a new driver is assigned, when the vehicle ignition is active (and shortly after), or when partners contact us to update driver information via phone, email, or website.

When a business partner contacts us to make a complaint, a promotion, or survey, or when you report a problem with our website, platform, or any other activity undertaken by VisionTrack.

What information do we collect about you?

The personal information that we collect will depend on your relationship with us. We will collect different information depending upon whether this is a B2C or B2B relationship.

In a B2B contract, the type of information will also depend upon the type of service selected and the type of devices installed in the vehicles. The data controller is responsible for ensuring they have a valid legal ground for the processing that they ask us to carry out on their behalf.

Personal Information

B2C: General information such as name, email, and phone number.

Fleet Manager / Business Partner Contacts / Insurers: General information such as name, business address, business email, phone number, and vehicle registration number (for fleet vehicles).

Insurer Policyholders: The level of information collected is determined by the data controller or the customer and the type of device installed, but may include:

B2B Drivers of Vehicles: The information collected depends on the data controller and device type, but may include:


Distraction and fatigue, external photographs, video footage, or in-vehicle CCTV (including audio where applicable, not all devices).

Information collected via website and platform

We may collect information when you use our website and/or platform, including data that allows us to monitor your preferences and how you use our services. This helps us improve your experience.

The information we collect may include:

We may use cookies to collect information about how our website is used. Please see our Cookies Policy for more details.

Special Category (Sensitive) Personal Information and Criminal Data

B2C: We do not actively request sensitive personal information or criminal data. However, this information may be recorded if voluntarily provided through communication channels such as phone, email, website forms, social media, or online chat.

B2B: We may process information relating to criminal history (such as motoring offences, cautions, convictions), but only where relevant. Aside from this, we do not actively request sensitive personal data. However, it may be recorded if provided by you or a third party as part of service delivery via phone, email, forms, or digital platforms.

How do we collect your information?

B2C: We collect data directly from you or someone acting on your behalf via:


How do we collect your information? (continued)

B2B – Fleet Managers / Insurers / Business Partner Contacts: Information is collected directly from you or from someone acting on your behalf via:

Drivers of Vehicles: Information may be obtained from your insurer, fleet manager, reseller, or other business partners. This may also come from:

What are the purposes for which information about you is used?

We may process your information for a number of different purposes. For each purpose, we must have a valid legal basis. Where the information is classified as special category (sensitive) personal data, an additional legal basis is required.

Whether you provide information directly, we collect it automatically, or receive it from other sources, we may use it for the following purposes:

B2C

  1. To complete the purchase of a device.
    Legal basis: Performance of a contract (to fulfil obligations relating to the provision of products/services).
  2. Communicating with you and resolving complaints.
    Legal basis: Legitimate interests (managing and responding to customer queries without adversely affecting your rights).
  3. Complying with legal or regulatory obligations.
    Legal basis: Legal obligation.
  4. Recovering outstanding payments.
    Legal basis: Legitimate interests (debt recovery without undue impact on you).
  5. Improving customer service.
    Legal basis: Legitimate interests (enhancing support and service quality).
  6. Measuring advertising effectiveness.
    Legal basis: Legitimate interests (ensuring marketing is effective and relevant).

g) To provide data analysis in order to assist us with the pricing of our products and detect market trends. Legal grounds: Our having an appropriate business need to use your information which does not overly prejudice you.

h) To personalise your repeat visits to our website/Platform and to improve our website/Platform, including as part of our efforts to keep our website/Platform safe and secure. Legal grounds: Our having an appropriate business need to use your information which does not overly prejudice you.

i) To notify you about changes to our services or products. Legal grounds: Our having an appropriate business need to use your information to keep our customers up to date with changes to our products or services which does not overly prejudice you.

j) To administer our websites/Platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. Legal grounds: Our having an appropriate business need to use your information to maintain our websites which does not overly prejudice you.

k) To allow you to participate in interactive features of our services/website/Platform. Legal grounds: Our having an appropriate business need to use your information to offer an interactive website for customers which does not overly prejudice you.

l) To transfer within the Markerstudy Group or to third parties for the purpose of conducting internet analytics. Legal grounds: Our having an appropriate business need to use your information to maintain our websites and undertake website analytics which does not overly prejudice you.

m) Providing improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers); technology may include voice analytics. Legal grounds: We have a legitimate business need to provide secure and quality services.

a) To implement the service. Legal grounds: Our having an appropriate business need to use your information to provide the contracted services.

b) To provide and manage your contracted services.

Sensitive personal information: If collected, because the data controller has an appropriate legal grounds for processing sensitive personal information.

    m) To transfer within the Markerstudy Group or to third parties for the purpose of conducting internet analytics.
  • Legal grounds: Our having an appropriate business need to use your information to maintain our websites/Platform and undertake website analytics which does not overly prejudice you.
  • n) Providing improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers); technology may include voice analytics. Legal grounds: We have a legitimate business need to provide secure and quality services.

Who do we share the information we collect about you with?

Sharing within our Markerstudy Group (B2C and B2B)

We may share your information within the Markerstudy Group for the following
reasons:
● To administer our websites/Platform and for internal operations, including
troubleshooting, data analysis, testing, research, statistical and survey purposes.
● To improve our website/Platform, including as part of our efforts to keep our website
safe and secure.
● To allow invoicing and to recover any outstanding payments.
● For legal, data protection, financial reporting and regulatory purposes.
Sharing with third parties (B2C)

We do not share your information with third parties. At the time of purchase you will provide a third party with your payment card details and or your PayPal account details but we do receive these.

Sharing with third parties (B2B)
We may also share your information with selected third parties, in order to offer
services to you or to perform any necessary functions on our behalf. This may include:

● Our business partners or Reseller Partners, such as your insurer, your employer (or their contracted fleet management company) or a third party telematics company to whom we provide devices and/or monitoring and reporting services. Access can be via our Platform or in some cases API.

Other third parties our business partner has asked us to engage with:
● Finance Providers
● Credit reference agencies
● Debt Collectors
● Survey companies
● Data analytics advisors
● Query search engine operators
● Product Installation contractors
● Mapping companies
● Product distribution companies
● Resellers
Disclosure of your personal information to a third party outside of the Markerstudy

Group will only be made where the third party has agreed to keep your information strictly confidential and shall only be used for the specific purpose for which we provide it to them.

We may also share your information with:
● Search engine operators who can assist us in the improvement of our
website/platform.
● Prospective buyers, in the event that we sell any business or assets.
● Regulators and other authorised bodies, whenever we are required to do so by law.

● We believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest.

What is our approach to sending information overseas?

As part of providing our services, we may transfer personal data outside of the UK, for example if it is necessary to share data with other companies in our Group who are based outside the UK or if we use third party suppliers who are located in countries outside the UK. Whenever we do transfer any personal data about you overseas we will ensure that your personal data is kept securely, is only used for the purposes set out in this Privacy Policy and is afforded equivalent protection as it would be if it were processed in the UK. We do this through various mechanisms, for example making sure that approved contractual clauses are in place with third parties.

How long do we keep personal information for?

We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our contractual, legal and regulatory obligations.

We have implemented a Document Retention Policy which specifies how long various types of information should be retained. The Policy is reviewed on a regular basis to ensure that it aligns to current legal and regulatory requirements. The retention periods vary depending upon the circumstances of an individual matter but in general our retention periods for customer facing documentation can be set out as follows:

Purchase Information (B2C) – 3 years
Service records (B2B) – 7 years from the end of the service contract
Complaints – 3 years from the complaint being resolved

If you would like further information regarding the periods for which your personal information will be stored, please see the contact details outlined in the “How to Contact Us” section below.

Automated decision making

We do not use automated decision making.

What marketing activities do we carry out?

We do not actively market our products & services directly to consumers.

Your rights

Under data protection law you have certain rights in relation to the personal information that we hold about you. You may exercise these rights at any time by contacting us using the details set out in the “How to Contact Us” section of this Privacy Policy.

Please note:
● B2C – In some cases, we may not be able to comply with your request (e.g., we
might not be able to delete your data) for reasons such as our own obligations to
comply with contractual, legal or regulatory requirements. However, we will always
respond to any request you make and if we can’t comply with your request, we will tell
you why.

● B2B – As a data processor we manage the data we hold on behalf of your data controller and act only in accordance with their instructions. Accordingly, you should raise your request with your data controller.

The right to access your personal information

You have the right to access a copy of the personal information we hold about you and certain details of how we use it. There will not usually be a charge for dealing with these requests.

The right to rectification

We take reasonable steps to ensure that the personal information we hold about you is accurate and up to date. However, if you do not believe this is the case, you can ask us to update or amend it.

The right to erasure

In certain circumstances, you may ask us to erase your personal information.

The right to restriction of processing

In certain circumstances, you are entitled to ask us to stop using your personal information.

The right to object to marketing

You can ask us to stop sending you marketing messages at any time.

The right not to be subject to automated decision-making (including
profiling)

We do not use automated decision-making.

The right to withdraw consent
For certain uses of your personal information, we will ask for your consent.

Where we do this, you have the right to withdraw your consent to further use of your personal information.

The right to lodge a complaint with the ICO

You have a right to complain to the Information Commissioner’s Office (ICO) if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations.

More information can be found on the ICO’s website at: www.ico.org.uk/concerns .

Making a complaint will not affect any other legal rights or remedies that you have.

How we protect your information
We want you to have confidence in how we use and hold your data. We know that to
achieve this we must preserve the security and confidentiality of your personal
information. We have therefore developed a range of organisational, procedural, and
technical security measures designed to protect your personal information from
unauthorized use or disclosure.
Examples of some of these measures include:
● User and privileged account management including appropriate policies for
password complexity, length and history.
● Auditing of system users and administrators.
● Regular backup schedules and disaster recovery environment for key systems and
services.
● Secure file transfer methods are used to encrypt data.
● Usage of data loss prevention tools within the Group.
● Data breach detection: Security tools in place to detect unusual or abnormal activity.
● Data breach investigation: Audit and logging tools used to investigate any potential
or reported breaches.

● Data breach response: A plan that pulls together our compliance, data protection, legal and IT security teams to ensure rapid assessment and mitigation of data breaches.

Changes to our Privacy Policy

We keep our Privacy Policy under review and it is updated periodically. For example, those changes may be due to government regulation, new technologies, or other developments in data protection laws or privacy generally. You should check our website periodically to view the most up-to-date Privacy Policy.

This Privacy Policy was last updated on 28th May 2020

How to Contact Us
Please contact us if you have any questions about our Privacy Policy or to exercise any
of your rights:
Data Protection Officer,
45 Westerham Road,
Sevenoaks,
Kent,
TN13 2QB.
Or by email to dataprotection@visiontrack.com

Where you have made the request by electronic means, the information will be provided to you by electronic means where possible.

Contractual conflicts with this Privacy Policy

Our website may contain links to other websites. This Privacy Policy only applies to our own website so when you link to other websites you should read their own privacy policies. If this policy conflicts with any written contract that we have with you then the written contract shall take precedence.

Complaints
If you have a complaint about how we use your information then please contact us at:
Data Protection Officer,
45 Westerham Road,
Sevenoaks,
Kent,
TN13 2QB.
If you have a complaint about the way in which your data has been processed, you

can contact the ICO at: www.ico.org.uk/concerns .