PRIVACY POLICY
Bridgestone Europe NV/SA, a company incorporated under Belgian law, having its registered offices at Kleine Kloosterstraat 10, 1932 Zaventem, Belgium and with company number 0441192820 (“Bridgestone”) has developed this application to provide small and medium fleet owners (“Customer”) with the ability to track and report the operational health of vehicles in their fleets (the “App”). The core concept requires, but is not limited to vehicle checks and the associated reporting across the fleet.
Customer can register its directors, employees and drivers as users of the App (individually a “User” or collectively “Users”), and complete business and driver accounts. Customers can manage their fleet assets within the App, adding and editing vehicle data to service the checklists for the drivers. Additional account settings and data can be added that is needed for fleet communication and notifications (the “Functionalities”).
This Privacy Policy describes how the User’s personal data are collected, used and shared through the App.
In order to receive the Functionalities provided by the App, the Customer, as Data Controller, entrusts Bridgestone, as Data Processor, with the processing of the Users’ Personal Data.
The processing of Personal Data by the Processor on behalf of the Controller shall take place:
a) within the framework of the Terms and Conditions of Use, and
b) on documented instructions received from the Controller, and
c) as described in this Privacy Policy.
1. How and why do we collect Personal Data?
a) Personal Data that we process on behalf of the Data Controller
The Data Controller has given the Users access to the App on the basis of the Users’ professional relationship with the Data Controller on whose behalf they are using the App in the performance of their contractual duties.
The purpose of providing the requested Personal Data is for the Users to create or reconfigure their account, receive access to the use of the App, and receive e-mail alerts and notifications concerning the condition and required service of the tyres and the vehicles.
• The User is required to provide following Personal Data: first name, surname and professional e-mail address. The purpose of collecting these personal data is to give Users access to the App.
• Driver-Users register in the App vehicle condition measurements and tyre condition measurements in connection with the vehicles they are driving. The purpose of the processing of these Personal Data is to analyze the recorded data and send alerts and notifications to the Customers and Users in regard to preventative and emergency assistance and service to vehicles and tyres, and to provide Customer with vehicle and tyre management reporting.
Bridgestone shall not use these Personal Data for other purposes than instructed by the Data Controller, subject to Section 1.b) of this Privacy Policy. If the Data Controller changes the purpose of the processing, the User shall be notified thereof.
b) Personal Data that Bridgestone may process on its own behalf
i) Bridgestone may request, on its own behalf and on behalf of its subsidiaries located in the European Union and Switzerland, the User’s explicit consent for the following processing:
• The User’s first name, surname and professional e-mail address, for the purpose of providing or have provided information, products, services and promotions of Bridgestone or third parties, that may be of interest to the User.
In case Bridgestone rely on the User’s consent to process his Personal Data for these purposes, the User will have the right to withdraw his consent at any time by using the opt-out option contained in every marketing mailing, or by contacting Bridgestone in accordance with Section 8 below. The User’s refusal to give consent to Bridgestone for the processing of his Personal Data for Bridgestone’s own purposes, shall not affect the processing of Personal Data for the purpose of provided access to the App as set forth in section 1.b) of this Privacy Policy.
ii) As the User navigates within the App, in order to secure its own legitimate interest, Bridgestone also may automatically track, collect and store the IP-address of the User’s hardware when connected to the internet, make and type of the User’s hardware device, the domain name from which you access the internet, the operating system and browser the device uses, the date and time when logging on the App, or other data that the User allows the App to access on the device through permissions granted by the User on his device. Bridgestone processes these data for the purpose of securing its infrastructure, providing, maintaining, improving the functionalities of the App, including providing additional features and content, responding to the User’s questions and requests, sending the User technical notices, updates, security alerts and support, and administrative messages, monitoring and analyzing trends, usage and activities in connection with the App, detecting, investigating and/or preventing fraudulent, unauthorized or illegal activity.
iii) This App uses cookies – small text files that are placed on your device to help the App provide a better user experience. In general, cookies are used to retain user preferences and store certain information for future log-ins, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this App. The most effective way to do this is to disable cookies in your browser. Please check Bridgestone’s Cookies Policy for more guidance.
3. What do we do with the Personal Data?
All Personal Data Bridgestone collectsvfrom the User is stored within a secured infrastructure under Bridgestone’s management, with support of external suppliers as described in section 5 of this Policy.
Bridgestone shall not collect Personal Data that are not relevant for the purposes as set out above or otherwise notified to the User when Bridgestone seeks consent for the processing of his personal data when required by law, and shall not retain the data longer than necessary for those purposes or, as the case may be, for the period as determined in an agreement or by law.
This means that Bridgestone processes Personal Data:
• until the Customer has discontinued the use of the App or Bridgestone has revoked the Customer’s rights to use the Apps;
• until the User’s account has been inactivated by the Data Controller;
• for the purposes that require the User’s consent, until the User withdraws his consent, and Bridgestone has no legitimate interest for further processing the User’s Personal Data;
• in case Bridgestone processes the User’s Personal Data in order to secure its legitimate interest, until the expiration of the legitimate interest.
In general, Bridgestone will delete the Personal Data collected from the User if it is no longer necessary to achieve the purposes for which they were originally collected. However, Bridgestone may be required to store the Personal Data for a longer period due to requirements by law.
4. The confidentiality and security of the User’s Personal Data
Bridgestone takes data security very seriously. Bridgestone applies an appropriate level of security and has therefore implemented reasonable physical, electronic, and administrative procedures to safeguard the collected information from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. Bridgestone’s information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. Access to the User’s personal data is granted only to those personnel, service providers or Bridgestone affiliates with a business need-to-know or who require it in order to perform their duties.
Among other things, Bridgestone optimizes the security of the User’s Personal Data by:
• using encryption where appropriate;
• using password protection;
• requesting contractual guaranties from third party providers and sub-processors
• limiting the access to Personal Data according to the need-to-know principle (e.g., only employees who need the User’s Personal Data for the purposes as described above shall receive permission to access them); and
• by taking all reasonable precautionary measures to ensure that employees who have access to the User’s Personal Data will be knowledgeable about data protection requirements and will process the User’s Personal Data exclusively in accordance with this Privacy Policy and Bridgestone’s obligations under applicable privacy laws.
In the event of a data breach containing Personal Data within Bridgestone‘s organization, all applicable data breach notification requirements will be met.
5. To whom do we disclose the Personal data?
Bridgestone will disclose Personal Data only for the purposes and to those third parties as described below. Bridgestone will take appropriate steps to ensure that Personal Data are processed, secured, and transferred according to applicable law.
a) Within Bridgestone Group in Europe
Bridgestone is part of a global organization (the “Bridgestone Group”), consisting of several companies in Europe and abroad. The Personal Data may be transferred to one or more Bridgestone Group affiliated companies located in or outside Europe as needed for data processing and storage, providing Users with access to our services, providing customer support, making decisions about service improvements, content development and for other Purposes as described in this Policy.
The above will be strictly connected with :
• any kind of service that is rendered by one Bridgestone company to another (under relevant processing agreement) or
• the fact that more than one Bridgestone entity decides on how the User’s Personal Data are used (under relevant joint controllership agreement) or
• the fact that another Bridgestone entity becomes a separate controller of the User’s Personal Data for a given purpose (e.g. subject to the User’s explicit consent).
b) External service providers
Where necessary, Bridgestone will commission other companies and individuals to perform certain tasks contributing to services on Bridgestone’s behalf within the framework of data processing agreements. Bridgestone may, for example, provide the User’s Personal Data to agents, contractors or partners for data storage services or to send the User information that he requested. This information shall not be used by them for any other purposes than herin described, in particular not for their own or third party purposes. Bridgestone’s external service providers are contractually bound to respect the confidentiality of the Users Personal Data.
c) Business transfers
In connection with any reorganization, restructuring, merger or sale, or other transfer of Bridgeston’s business assets (collectively "Business Transfer"), Bridgestone will transfer information, including personal information, in a reasonable scale and as necessary for the Business Transfer, and provided that the receiving party agrees to respect the User’s Personal Data in a manner that is consistent with applicable data protection laws. Bridgestone will continue to ensure the confidentiality of any Personal Data and give affected Users notice before Personal Data become subject to a different privacy policy.
d) Public bodies
Bridgestone will only disclose User’s Personal Data to public bodies where this is required by law. Bridgestone will for example respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside the User’s country of residence.
e) On other legal grounds
Further, Bridgestone may disclose the User’s Personal Data in order to protect its legitimate interests or if it is required or permitted by law or if the user gives explicit consent for such transfer of the User’s Personal Data.
f) International transfers of Personal data
Under specific circumstances, it will also be necessary for Bridgestone to transfer the User’s Personal Data to countries outside the European Union/European Economic Area (EEA) (“Third Countries"). Transfers to Third Countries may refer to all processing activities described in this Privacy Policy. This Privacy Policy shall apply also if Bridgestone transfers Personal Data to third countries, in which a different level of data protection applies than in the User’s country of residence.
Any transfers of Personal Data into countries other than those for whom an adequacy decision regarding the level of data protection was made by the European Commission, as listed on http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm, occur on the basis of contractual agreements using standard contractual clauses adopted by the European Commission or other appropriate safeguards in accordance with the applicable law.
6. User rights with regard to Personal Data
Users have specific legal rights relating to their Personal Data collected. This applies to all processing activities stipulated in this Privacy Policy. Bridgestone will respect the User’s fundamental rights and will deal with the User’s concerns adequately.
The following list contains information on the User’s legal rights which arise from applicable data protection laws:
• Right to rectification: Users may obtain rectification of their Personal Data. Bridgestone makes reasonable efforts to keep Personal Data in its possession or control which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us.
• Right to restriction: Users may obtain restriction of processing of their Personal Data, if
o the User contests the accuracy of his Personal Data for the period needed to verify the accuracy;
o the processing is unlawful and the User requests the restriction of processing rather than erasure of his Personal Data;
o the User’s Personal Data are no longer needed but the User requires them for the establishment, exercise or defense of legal claims, or if
o the User objects to the processing while verifying whether the data controller’s legitimate grounds override his.
• Right to access: the User may ask information regarding his Personal Data that are processed, including information as to which categories of Personal Data that are processed, what they are being used for, where they are collected from if not from User directly, and to whom they have been disclosed, if applicable.
• Right to erasure: The User may obtain erasure of his Personal Data, where
o the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
o The User has a right to object further processing of his Personal Data (see below);
o the Personal Data have been unlawfully processed; unless the processing is necessary;
o for compliance with a legal obligation which requires processing;
o in particular for statutory data retention requirements;
o for the establishment, exercise or defense of legal claims.
• Right to object: the User may object – at any time – to the processing of his Personal Data due to his particular situation, provided that the processing is not based on his consent but on our legitimate interests or those of a third party. In this event Personal Data shall no longer be processed, unless we can demonstrate compelling legitimate grounds and an overriding interest for the processing or for the establishment, exercise or defense of legal claims. If the User objects to the processing, he should specify whether he wishes the erasure of his Personal Data or the restriction of its processing.
• Users may lodge a complaint with the data protection supervisory authority in the country they live in or where the alleged infringement occurred.
User’s request will be handled within 30 days. However, the period may be extended due to specific reasons relating to the specific legal right or the complexity of his request. In certain situations it may not be possible to give User access to all or some of the Personal Data due to statutory provisions. If the User’s request for access is denied, he will be advised of the reason for the refusal. In some cases, it may not be possible to clearly identify the User on the basis of his personal data due to the identifiers which he provides in his request. In such cases, where a User cannot be identified as a data subject, it may not be possible to comply with the User’s request to execute his legal rights as described in this section, unless the User provides additional information enabling his identification.
In order to exercise his legal rights in relation to the processing of Personal Data by Customer pursuant to Section 1.a) of this Privacy Policy, Users must notify the data protection responsible person at the Customer.
In order to exercise his legal rights in relation to the processing of Personal Data by Bridgestone on its own behalf pursuant to Section 1.b) of this Privacy Policy, Users must notify us by email to [email protected].
If the User believes that the processing of his Personal Data infringes his statutory rights, he has the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of his habitual residence, place of work or place of the alleged infringement.
7. Changes to this Policy
Bridgestone reserves the right, at its discretion, to modify its privacy practices and update and make changes to this Policy at any time. For this reason, Bridgestone encourage the user to refer to this Privacy Policy on an ongoing basis. This Privacy Policy is current as of the "last revised” date which appears at the top of this page. We will treat personal data in a manner consistent with the Privacy Policy under which they were collected, unless we have your consent to treat them differently.
Bridgestone will also keep prior versions of this Privacy Policy in an archive for your review.
8. Contact Information
Please direct questions regarding the processing of Personal Data pursuant to section 1.a) of this Privacy Policy to the Customer.
Please direct questions regarding the processing of personal data for Bridgestone’s own purposes pursuant to section 1.b) of this Privacy Policy solely to Bridgestone [email protected].
Please read this Privacy Policy in conjunction with the Terms and Conditions of Use of this App, and any other policy developed by us from time to time and notified on the App.
Policy last revised on: April 16, 2018