Privacy Policy

This privacy policy (“Policy”) applies to those instances where, with respect to personal data collected from you, Geotab Inc. (together with its affiliates, collectively, “Geotab” or “we”, “our”) is the “controller” and does not apply where Geotab is a “processor” of personal data or to the privacy practices of any third party under any circumstances. This Policy applies to all Geotab entities except where a Geotab affiliate has published its own separate privacy policy.

As used in this Policy, the terms “controller” and “processor” have the definitions given to those terms in the EU General Data Protection Regulation and “personal data” means any information that relates to an identified or identifiable individual or as otherwise defined by an applicable data protection law or regulation. The concepts of “controller” and “processor” are analogous to the concepts of “business” and “service provider”, respectively, under the California Consumer Privacy Act and other applicable data protection laws that use similar terminology.

In the context of Geotab’s business activities and its products, Geotab is a “controller” where it determines the purpose(s) for which personal data is collected and the means for which it is used as outlined in this Policy. 

Geotab is a “processor” where it processes personal data on behalf of end customers of Geotab’s products and services. Accordingly, if you are looking for information about personal data collected from you in connection with Geotab’s products and services, please refer to the relevant controller’s privacy policy. The relevant controller may, for example, be your employer if they are an end user of Geotab products and services. In addition, please refer to Geotab’s Product Privacy Notice which outlines Geotab’s processing practices where it processes your personal data at the instruction of the applicable controller. 

Where required by law, we or, if applicable, our service provider, will obtain your consent before using your personal data for direct marketing purposes, whether express or implied. You have the right to opt-out of receiving direct marketing communications from Geotab at any time, and you can do so by clicking the "unsubscribe" link in any marketing email you receive from us, following the instructions provided in any other type of marketing communication you receive from us, or otherwise contacting us directly at marketing@geotab.com. Geotab sells its products in part through a network of authorized sales partners and we may share your personal data with these sales partners for direct marketing purposes. 

Geotab employs or may in the future employ data systems, software, hardware, applications, tools, or utilities that operate in whole or in part using artificial intelligence (collectively, “AI Systems”). These AI Systems may leverage advanced AI systems capable of generating content (which is new or novel), rather than simply analyzing or acting on existing data (i.e. “generative” AI). 

When you engage with an AI System, we may use your personal data as follows:

• Data Processing and Improvement: We may collect and process your personal data to enhance the performance, accuracy, and functionality of our AI Systems.
• User Interaction and Support: When you engage with our AI-powered chatbot, we may use your personal data to understand your inquiries and provide accurate, helpful responses. This may involve analyzing your interactions to improve user experience and support services.
• Anonymization and Aggregation: Personal data collected through your interactions with our AI Systems may be anonymized and aggregated for analytical purposes. This helps us understand usage patterns and improve our services without identifying individual users.
• Security and Fraud Prevention: We may use personal data processed by our AI Systems to detect and prevent security threats, fraudulent activities, and other malicious behavior.

Any personal data processed by an AI System is handled in accordance with our broader privacy practices, as outlined in this Policy. Geotab is broadly committed to responsible AI, being the development, deployment, supply and use of AI Systems in a way that upholds the principles of trustworthiness, accountability, and equity through the AI lifecycle and value chain. In particular:

• Data Privacy and Security: We prioritize the protection of your personal data. All personal data processed by our AI Systems are handled in accordance with applicable data protection laws and Geotab’s internal data governance policies as outlined in this Policy.
• Transparency and Accountability: We are transparent about how our AI Systems function and the types of data they process. Our AI development processes include rigorous testing and validation to ensure accuracy, fairness, and non-discrimination.
• Ethical AI Practices: Our commitment to ethical AI includes ongoing assessments to prevent bias and ensure that our AI systems operate fairly and impartially. We adhere to industry standards and best practices in AI ethics, continuously monitoring and updating our AI models to mitigate any potential risks.
• Continuous Improvement: We are dedicated to the continuous improvement of our AI Systems. This includes regular reviews, updates, and the incorporation of user feedback to enhance the performance and reliability of our AI technologies.

If you apply to an open position with Geotab, if we contact you for recruitment purposes, if you express interest in employment with us, if you attend a recruitment event or if you undergo an interview or assessment with us, Geotab will collect and process certain personal data about you as set out in the Geotab Candidate Privacy Notice.

Geotab collects, stores and uses personal data about its employees and former employees in accordance with the Geotab HR Data Acceptable Use Policy. In addition to the HR Data Acceptable Use Policy, employees may receive additional privacy notices depending on their jurisdiction of residence in accordance with applicable data protection laws. 

Geotab’s legal basis for processing the personal data it collects and/or receives from you depends on the context in which it is provided: 

• Consent: In certain instances, Geotab collects and processes personal data based on your explicit consent obtained at the time the personal data is provided to us.
• Performance of a Contract: Geotab may collect and process personal data when it is necessary for the performance of a contract to which you are a party.
• Legal Obligation: Geotab may process personal data when required to do so in order to comply with a legal obligation, including statutory requirements and lawful requests by public authorities.
• Legitimate Interests: Geotab may process personal data based on its legitimate interests, provided that these interests are not overridden by your legally applicable rights and freedoms. Our legitimate interests include marketing, fraud prevention, and ensuring the security of our systems and services.

Geotab and its service providers may also collect information using cookies, web beacons, tags, scripts and other information gathering technologies for a variety of reasons, including counting visits to the Geotab website and helping Geotab understand usage and the effectiveness of various campaigns and promotions. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies, however if you disable or refuse cookies please note that some parts of the Geotab site may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy.

For more information on how we use cookies, and how you can opt-out of the use of certain cookies, see our Cookie Policy.

Geotab, or its authorized service providers and/or sub-processors, may anonymize or de-identify your personal data to ensure that it no longer qualifies as personal data. Once anonymized or de-identified, your data will be used strictly for statistical, research, or operational purposes. Anonymization and de-identification processes are performed in such a way that the data can no longer be used to identify you directly or indirectly. Once your personal data has been anonymized or de-identified, it cannot be reversed, and it will no longer be subject to the same privacy protections under applicable laws.

For the avoidance of doubt, this Policy does not apply to the collection, use or processing of your personal data by third parties. For example, the Geotab website and marketing communications sent by Geotab may contain links to other websites that are operated by third parties. This Policy does not apply to those websites and Geotab recommends that you review the privacy policies and statements of any third-party websites to properly understand their information practices. 

In addition, if you acquire, subscribe to, or download an application advertised on Geotab Marketplace, please refer to the privacy documentation and practices of the applicable Marketplace Partner. By using any Geotab Marketplace application, you acknowledge that your personal data may be  processed and/or stored outside of the MyGeotab application and the Geotab environment by a third party.

Geotab may engage third-party service providers to process personal data on its behalf ("Subprocessors"). Subprocessors are selected based on their ability to provide the necessary safeguards and security measures to protect personal data in compliance with applicable data protection laws. Before engaging any Subprocessor, Geotab conducts a thorough assessment to ensure they comply with applicable privacy laws. We maintain an updated list of Subprocessors and their functions, which is available upon request. Geotab ensures that any Subprocessor it engages only processes personal data in line with Geotab’s documented instructions and implements appropriate technical and organizational measures to ensure the security of personal data.

Geotab may disclose the personal data that we collect or you provide as described in this Policy in the circumstances described below:

• to Geotab’s contractors, service providers, business partners and other third parties we use to support our business and who are bound by contractual obligations to keep personal data confidential and use it only for specified purposes and in accordance with our instructions;
• to governmental or regulatory authorities in response to subpoenas, court orders, or or other legal processes;
• to enforce our legal rights and defend against legal claims;
• in connection with your use of the Geotab Community forum, to the extent you choose to share your personal data in a post or comment, all of which may be collected or used by others with access to Geotab Community or used; 
• to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Geotab's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by Geotab is among the assets transferred;
• to Geotab affiliates for use as outlined in this Policy and to otherwise facilitate Geotab’s global operations; and
• to otherwise fulfill the purpose for which you provided the personal data and otherwise with your consent. 

Geotab primarily stores personal data on servers located in North America, Europe and Asia, but may also utilize servers located in other regions from time to time for load balancing and other purposes. Accordingly, your personal data may be transferred to a country where the data protection laws do not provide a level of protection equivalent to the laws in your jurisdiction. However, when Geotab transfers your personal data, we do so in compliance with applicable data protection laws by ensuring your personal data is afforded an adequate level of protection using the following means, where appropriate: 

• where possible, transferring personal data to countries that the European Commission has deemed to provide an adequate level of data protection;
• in cases where personal data is transferred to countries without an adequacy decision, we use standard contractual clauses approved by the European Commission to ensure that your personal data is afforded a level of protection comparable to that provided within the EU;
• implementing appropriate physical, technical and organizational security measures to protect personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing; and
• taking other measures to provide an adequate level of data protection in accordance with applicable law.

Geotab will retain your personal data for as long as needed to fulfill the purposes for which the personal data was provided or collected. Geotab will delete or anonymize your personal data when we no longer have a legitimate interest in retaining it or otherwise in compliance with applicable data protection laws. If it is no longer reasonably possible to delete your personal data because, for example, it has been archived, Geotab will securely store the personal data and isolate it from further processing until deletion or anonymization is possible.

Geotab has established appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Under applicable data protection laws, you have certain rights regarding your personal data. Your rights and how you can exercise them are outlined below. Geotab is committed to respecting and facilitating these rights.

• Right to Access (Know): You have the right to request access to the personal data we hold about you. This includes information on how your data is being used, the purposes of the processing, and with whom it has been shared.
• Right to Rectification: If you believe that any personal data we hold about you is incorrect or incomplete, you have the right to request its correction or completion. 
• Right to Erasure (Right to Be Forgotten): You have the right to request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or if you withdraw your consent (where applicable).
• Right to Restrict Processing: You can request that we restrict the processing of your personal data under certain conditions, such as when you contest the accuracy of the data, or object to the processing (pending verification of our legitimate grounds).
• Right to Data Portability: You have the right to request the transfer of your personal data to another data controller in a structured, commonly used, and machine-readable format, where technically feasible and when processing is based on your consent or the performance of a contract.
• Right to Object: You have the right to object to the processing of your personal data where such processing is based on our legitimate interests or for direct marketing purposes. We will cease processing your data upon your objection, unless we have compelling legitimate grounds to continue.
• Right to Withdraw Consent: Where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
• Rights Related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into or performing a contract, based on your explicit consent, or otherwise authorized by law.
• Right to Lodge a Complaint: If you believe that we have infringed your data protection rights, you have the right to lodge a complaint with a supervisory authority. In the EU, this is the data protection authority in the country where you reside, work, or where the alleged infringement took place. In North America, you can contact the relevant data protection authority or privacy commissioner.

To exercise any of your rights please contact us using our Data Subject Request Form. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We aim to respond to all legitimate requests within one month. However, it may take us longer if your request is complex or if you have made multiple requests. In this case, we will notify you and keep you updated.

Data protection laws in certain jurisdictions require Geotab to make additional disclosures. You can find these additional disclosures in the Geotab Supplementary Privacy Disclosure Document. 

Geotab does not sell your personal information for monetary compensation. However, the California Consumer Privacy Act of 2018 as amended by The California Privacy Rights Act of 2020 (collectively, “California Privacy Laws”) broadly defines "sale" to include other types of data sharing, such as sharing personal information with third parties in exchange for valuable consideration (for example, the use of third-party advertising cookies). For more information, please refer to our Cookie Policy. You can submit an opt-out request by using our Data Subject Request Form. Once we receive your opt-out request, we will process it as soon as possible, but no later than 15 days from the date we receive the request. If you are an authorized agent submitting an opt-out request on behalf of a California resident, please include proof of your authorization to act on behalf of that resident. We may request additional information to verify your identity and authorization.

We do not sell the personal information of minors under 16 years of age without affirmative authorization. Geotab does not collect, and therefore does not use, disclose, sell or share, any “sensitive personal information” as defined by California Privacy Laws.

Our products, services and website are not directed toward minors under the age of 16. If you are under the age of 16, do not submit any personal data to Geotab. If you have reason to believe that Geotab may have been sent the personal data of a minor under the age of 16, contact us at legal@geotab.com and we will use reasonable efforts to delete such information. If we otherwise learn that we have collected personal data of a minor under 16 we will take steps to delete such information from our records as soon as possible.

If Geotab makes any changes to this Policy, we will post an updated policy on our website. You should periodically review this page for any updates. The updated Policy will become effective as of the date stated in the Policy.

If you have questions about this Policy or about Geotab’s privacy practices, you can contact us by email at legal@geotab.com or at:

Geotab Inc.

Attn: Chief Privacy Officer

2440 Winston Park Dr.

Oakville, Ontario, Canada L6H 7V2