Targa Telematics S.p.A (henceforth Targa Telematics) are constantly working to ensure that any user data we process is handled with the utmost security, integrity and confidentiality. We strive to process your data lawfully, correctly and transparently.
Targa Telematics are considered a Data Processor pursuant to GDPR article 4, paragraph 8, as we process personal data on behalf of our customers and at their behest. Targa Telematics are considered a Joint Data Controller, pursuant to GDPR article 4, paragraph 7 and article 26, in any instance in which (at the customer’s behest), Targa Telematics are involved in determining the purpose for or, more often, the manner in which, the personal data is processed.
Personal data shall only be processed lawfully, meaning either the data subject’s explicit consent must be sought (directly or through the principle joint data controller) or that it is being processed for the purpose of pursuing the principle data controller’s legitimate interests, provided that those interests do not compromise the rights and freedoms of the data subject.
The place where the data processing takes place is physically located within the European Union.
GDPR: The General Data Protection Regulation (GDPR) is European Parliament and Council Regulation 2016/679 which protects natural persons when their personal data is processed as well as the free movement of their personal data.
Tele-transmission and/or remote sensing device: in this context, a device that collects data concerning an object, person or animal (usually ones that require monitoring) and that transmit such data to our platform (see definition below), where they are processed in order to provide services pursuant to a contract entered into with Targa Telematics.
Locator: a tele-transmission device. The data it collects and transmits, especially regards its position and the time.
Platform: system for receiving and processing the data collected, which is also the interface that gives users partial or full access, depending on their profile permissions, to Targa Telematics’ services.
App: an application used to log in to access data on the platform. It is optimised for mobile devices such as smartphones and tablets.
Web interface (at times also referred to as Portal for access to the platform from the internet/browsers): a web site that grants access to the services available on Targa Telematics’ platform. Access is granted by inserting log in details into the appropriate browser page.
Customer/Client: a subject that has purchased one or more Targa Telematics service for the purpose of managing one or more objects belonging to them or to third parties. Such a subject is considered the principle data controller for the data collected. A customer/client may have, depending on their contract, one or more users.
User: individual platform user, who accesses the platform using their name and password.
Activity: any action/operation that takes place within the platform and, as such, refers/relates exclusively to the platform, including access or potential access to personal data. Targa Telematics put in place protection systems for the purpose of (a) ensuring that only activities that fall under the services Targa Telematics provide may be carried out by users authorised to access them, (b) blocking any activities for which Targa Telematics services do not provide or (c) blocking users without permission from accessing them.
Administrator Users: (for Client’s who may have more than one user) users with specific privileges/permissions allowing them to create other users under that client’s account and allow such users partial access to data within their remit or to see the personal data of other users included under the same client.
Credit/bank card token: code with which the payment systems link a credit card to a single recipient of payments from the card owner. This allows those who require a payment to charge the card owner without ever knowing or storing the number and security code for that card. Users may withdraw a token linked to that recipient at any time without having to change their credit/bank card. Any purchases made from other recipients remain secure.
These form an integral part of the GDPR’s definitions, specifically regarding: personal data and data subjects (art. 4 paragraph 1), processing (art. 4, paragraph 2), profiling (art. 4 paragraph 4), pseudonymisation (art. 4 paragraph 5), filing system (henceforth also referred to as database, art. 4 paragraph 6), data controller (art. 4 paragraph 7) and joint data controller (art. 26), data processor (art. 4 paragraph 8), Data Protection Officer (Section 5), third parties (art. 4 paragraph 10), data subject’s consent (art. 4 paragraph 11).
Targa Telematics receive or collect data when Users or Organisations install tele-transmission devices onto objects whether mobile or not (persons, animals) and not while the User or Organisation is using such objects but once they have been deactivated, whether temporarily or permanently. In addition, Targa Telematics receive or collect data when Users access the services that Targa Telematics make available online using applications. Targa Telematics collect such data in order to make available, improve, better understand, personalise, support and (only with the data subject’s explicit consent) market our services.
The type of data Targa Telematics receive and collect depends on the service activated.
Data that Users provide
- Data regarding User accounts. Users may provide, if they agree, their name and surname, email address, mobile telephone number, electronic ID data (e.g. an ID badge) and other data, depending upon the Service activated and as agreed with the joint data controller.
- User messages. Targa Telematics may collect emails Users send to support services for the sole purpose of responding to Users’ request and eventually creating reports on the types of issues that arose, including suggestions to improve the services. The emails sent to (or received by) the addresses of the @targatelematics.com email domain are stored in mail servers managed only by companies that have adhered to the GDPR at least in the services they distribute within the European Union. Anyone who has received one or more messages not addressed to them by mistake from one of these email addresses is asked to delete them and not forward them to any third party.
- Payments. Customers provide data that allows Targa Telematics to manage payments for the service being offered and all related tax obligations, including where a customer is a natural person. Italian State tax regulations apply to this data, meaning it shall be stored, once the service has been accepted, in accordance with the prevalent regulation. Targa Telematics may also collect contact names, email addresses, mobile and landline numbers for the administrative purpose of facilitating the performance of these practices. For some services, Targa Telematics may activate, with the customer’s agreement, forms of online payment that require the storage of a credit card token (see Definitions). Solely upon the explicit request of the data controller for the data (for which Targa Telematics are a joint controller) shall Targa Telematics transmit third party data to financial companies and entities for invoicing.
Data that is collected automatically
- Data regarding usage and access.Targa Telematics’ platform collects information regarding User activity within the services it offers, such as use, diagnostics and performance. This includes information on User activity (including how our services are used, settings, interaction with others through our services, time accessed, frequency of use and the duration of such activities and interactions), log files and reports regarding diagnostics, anomalous service crashes, web sites and performance. It also includes data on the moment at which a User registers for our services, the functions they use, when they last used our services (“last access”) and when they last updated their personal data.
- Data from connection devices placed on objects.Targa Telematics collect specific data relating to: the position and time of each object upon which a remote sensing device has been installed and is connected to a telecommunications network; the personal identification device that allows that object to be used (where required); and any other data that the installed device may transmit as applicable to the service purchased. This data is transmitted through secure Access Point Names (APNs), from which point it travels across the Internet in encrypted format, according to suitable safety protocols.
- Third-party service providers. We work with third-party service providers to make services available and provide support within them. For example, we collaborate with companies to provide a 24/7 telephone support system to the end customer; we work with companies that allow us to support our platforms in a way that provides continuity of service and guarantees that your data is protected.
We work with third-party providers to install our devices (for example, approved providers for installing locators on client vehicles) to whom we provide the data necessary for contacting the owner/manager of the object upon which the device is to be installed. That data is generally: the person’s name, surname, phone and/or mobile phone number and/or email address so that the provider may contact them.
These companies apply the same policies that we ourselves have adopted in order to guarantee the protection of your data.
How Targa Telematics use data
Targa Telematics use the information available to us (subject to user preferences) for the following purposes and in the following ways:
- Targa Telematics’ Services.Targa Telematics use the data available to us to make available and provide our services, to provide Customer Assistance and to improve our services by resolving problems with and personalising them. Targa Telematics understand how people are using our services and we analyse the data to evaluate and improve them, to develop and check new services and functions and to identify and resolve issues. The data is also used to provide a response when a User contacts Targa Telematics.
- Protection and security.Targa Telematics verify accounts and activities and promote security and protection within and outside of our services. For example, we investigate suspicious activity to ensure the services are being used in compliance with the law.
- No third-party advertising banners.We do not permit third-party advertising banners on our applications. We have no intention of doing so but, should that ever happen, we will update the present Policy.
Data shared between Targa Telematics and Users and/or Clients
It is only when Targa Telematics enter into ad hoc contracts that we might integrate our services thus sharing with customers information relating to their ERP and/or CRM (or database). Except in specific circumstances and upon explicit request, Targa Telematics do not access such data but may send it to the aforementioned ERP and/or CRM.
- Account information.It is possible to create special Administrator Users on the platform, granting them specific permissions to the data held in other user accounts under one client. This data could include name and surname, telephone/mobile number, email address. Data is never shared between clients. Each of a client’s “Administrator” users is responsible for applying data protection regulations (and any other legal provision or modification) to any third-party personal data that it processes using our platform.
Sale or transfer of the business or changes to its controlling shareholder structure
Applying the General Data Protection Regulation (GDPR) to Users within Europe
Lawful bases for processing data
Targa Telematics collect, use and process the data available to us as described above and:
- Where necessary for us to meet our contractual terms and the terms under which we provide the service;
- With the User’s consent, which may be withdrawn at any time;
- Where necessary for us to comply with the law or in any case with requests from the Authorities
- On the basis of legitimate interests (also those of third parties), which include the importance we assign to providing an innovative, relevant, secure and profitable service for our customers. This excludes any instance in which those interests, whether subjective or not, are overridden by the personal freedoms that require data protection.
How data subjects can exercise their rights
Pursuant to the GDPR, data subjects have rights of access, rectification, portability and erasure as regards their personal data, as well as the right to restrict or object to certain types of data processing. Data subjects can access or transfer their data simply by sending an email to email@example.com. Such a request shall be met as soon as technically possible or in any case within 90 days of the request being received. In accordance with the permissions granted to each user account, should a data subject become aware that their data is incorrect they may:
- Correct such data directly through the platform;
- Send an email to firstname.lastname@example.org, explaining their request and providing evidence that they own the data.
Data subjects may object to the processing of their data in the event that it is being processed on the basis of a joint data controller’s legitimate interests. In such an instance, we shall immediately cease processing their personal data unless the processing has a valid legitimate basis or is a legal requirement (art. 6, paragraph 1, letters a) and e)).
Managing and erasing User data
We store data as long as is necessary for providing our services or until an account is deleted, whichever is sooner. This is decided case by case and varies on the basis of elements such as the nature of the data, the reason for which it has been collected and processed and legal or pertinent operational requirements to retain information.
If the User wishes to manage, change, limit or erase their data, they may do so in the ways described above.
The law and protection
Targa Telematics may collect, use, store and share User information as long as we have reason to believe that it is reasonably necessary for: (a) complying with legal proceedings or government or Public Authority requests, in line with the law or any applicable regulations; (b) applying our Terms and/or other applicable conditions or policies, including for the purpose of investigating a potential breach; (c) identifying, investigating, preventing and handling fraud and other illegal activities or technical issues or security breaches; (d) protecting the rights, property and safety of Users, Targa Telematics or third parties, including preventing any incident that could cause physical damage or death.
Targa Telematics will be appointing a “Data Protection Officer” (DPO) and shall issue their contact details accordingly.
Targa Telematics S.p.A.
via E. Reginato, 87
I – 31100 Treviso (TV)
You also have the right to file a claim with the Italian Data Protection Authority (l’Autorità Garante per la Privacy Italiana) or with the relevant local authority.
How Targa Telematics process data
Pursuant to European Law, companies must provide a legal basis for processing data. User rights vary depending on the legal basis in use, as explained below. Regardless of the legal basis applied, Users always and in any case possess the right to request access to, rectify and erase their data pursuant the (GDPR). To exercise this right, please see the section of the present Policy, “How users can exercise their rights”.
For all those legally able to enter into a legally enforceable contract, we process the data necessary for the performance of such a contract (also referred to as “Terms”). The “Contract Terms and/or Conditions” and their relevant Appendices set forth the contractual services for which data processing is necessary. In order to provide our contractual services, we require data principally for the following purposes:
- To provide, improve, personalise and support our services, as explained above;
- To guarantee protection and security;
- To communicate with Users. For example, regarding alerts raised concerning the service.
Below you will find other legal bases that we may apply to certain cases for processing User data.
- To collect and use data that the User consents to us receiving through the settings on an active device (principally access to their GPS location and any vehicle parameter data, if the object with a remote sensor is indeed a vehicle) or other parameters specific to the object that reveal how it is functioning. This enables us to offer our functions and services when the settings are activated.
When we process data that Users consensually provide, Users have the right to withdraw their consent at any time and to transfer the data provided to third parties, pursuant to the GDPR. To exercise your rights, you can access the device settings, the app settings or in any case email email@example.com.
Targa Telematics only enter into contracts with subjects who have reached the age of majority (18 years of age in most EU countries). However, in the event that we unknowingly collect the data of a minor, it is our legitimate interest to carry out all of the operations described in “Our Services”;
This data processing is based on the following legitimate interests:
- Protecting our platform and network, verifying accounts and activities, fighting dangerous behaviour, investigating suspicious activity or breaches of our Terms.
- Providing precise, reliable reports to companies and to other partners in order to guarantee accurate pricing and statistics for the services offered and to demonstrate the value using our services has for our Partners;
- In the interest of companies and other partners, using them to understand their clients and improve their own activities, verifying our pricing models, assessing the efficiency and supply of our services and understanding how people interact using our services.
The purposes for such data processing include:
- providing evaluations, statistics (without ever referencing any specific data subject) and other services for which we process data as a data controller.
We take various factors into consideration when evaluating an objection, including: reasonable User expectations; advantages and risk to Users, Targa Telematics, other Users or third-parties; and any other means available for achieving the same purpose that would be less invasive and do not require undue action. User objections shall be accepted and we shall cease to process their data unless the continuation of the data processing has a basis of legitimate motives or is legally necessary.
Complying with a legal obligation, means:
Protecting our vital interests or those of others, means:
- The vital interests upon which we base data processing, including the protection of the lives or physical wellbeing of users or others. These are our bases for fighting illegal activity and promoting protection and security, for example in instances where we must investigate alerts to dangerous behaviour or where someone requires help.
Activities pursued in the public interest, are:
Cookies are small text files. Websites ask browsers to save cookies on computers or mobile devices.
- identify each User session until they disconnect, without attributing it to the device they used to connect, their name or any of the data being read, collected or processed.
- understand how Targa Telematics’ services are being used and personalise them. This is particularly important for studying the functions most used across the world and to improve and optimise user experience.
How to control your cookies
You can simply follow the instructions your browser or device provides (usually found under “Settings” or “Preferences”) to change your cookies settings. Please note that if you choose to deactivate cookies in your browser or device, some of our services may not function fully or correctly.
Data protection and copies
Our Users’ personal data is saved in databases using encryption algorithms that meet the highest levels of protection available on the market. Access to data from the platform is only permitted through https sites with verified certificates from the largest providers in the browser market.
Users are prohibited from directly accessing database information and maintenance and assistance operators may only do so in an encrypted process unless they are accessing it locally.
Data sent from our devices is sent only through dedicated APNs and the servers are encrypted as data is transmitted through them.
The servers are protected by top-of-the-range network protection systems and are regularly updated.
Access is recorded, as are the services used that monitor non-authorised activities and security (or data) breaches.
Data becomes redundant. When this happens, data subjects may exercise their right to erasure. Their personal data shall be erased, including from backups and logs, within a maximum of 180 days, unless the specific contractual agreements state otherwise.