Personal data processing

This personal data processing agreement (“Agreement”) contains personal data processing terms between Tachogram (AS “Mapon”, registration number 40003800531), (“Tachogram”) and any company, organization, institution or any legal person (“Client”) that uses Tachogram digital tachograph service (“Service”) to monitor and process personal data of their employees or other individuals within their Tachogram account while using the Service.

By accessing or using this website or any of our Services, you agree to the terms set out in this Privacy Policy, Cookie Policy, Terms of Service, and other terms and policies published on our website. If you do not agree to this Privacy Policy, you must leave this website and discontinue all use of any of our Services.

1. Subject of the Agreement

1.1. Client as the data controller instructs Tachogram to process personal data in order to provide Service to the Client pursuant to the Service agreement concluded between the Client and Tachogram. In respect of personal data obtained from the Client or Tachogram system during the provision of Services, Client acts as data controller and Tachogram as data processor. .

1.2. For the avoidance of doubt, this Agreement contains complete and final instructions of the Client to Tachogram in relation to processing of personal data of Client’s data subjects, and therefore constitutes a binding data processing agreement in accordance with the applicable data protection laws and regulations.

1.3. For the avoidance of doubt, this Agreement contains complete and final instructions of the Client to Tachogram in relation to processing of personal data of Client’s data subjects, and therefore constitutes a binding data processing agreement in accordance with the applicable data protection laws and regulations.

2. Purposes of processing

2.1. Tachogram will process your personal data in order to provide you with the Service, improve it, solve any Service related issues you may have and ensure that you receive the best customer experience possible.

2.2. Tachogram collects and processes your personal data for the following purposes:

- to register you for the use of the Service, verify your identity and create your Tachogram account;

- to send you invoices and process payments for the Service;

- to personalize your use of the Service when you set up your account settings;

- to analyze your preference or use of the Service;

- to communicate with you and inform you about Tachogram Service and provide you any Service related support, answer your questions and process your requests;

- to improve Service or to develop new features within the Service;

- to analyze and measure how our Service is used. For example, we analyze data about your usage of the Service to optimize product design, to generate reports and create statistics;

- to deliver personalized ads, promotions and offers to you;

- to protect legal interests of Tachogram, its users and other third parties and for legal reasons such as, e.g. enforcing our Terms & Conditions, agreements or policies, complying with any applicable law and assisting law enforcement authorities.

3. Types of personal data and data subject categories

3.1. Tachogram collects, generates and receives information in a variety of ways when the Client uses the Service or places an order. Some of this information constitutes personal data.

3.2. Data subject categories include Client’s employees, representatives and other data subjects that will be registered under Client’s account.

3.3. Client ensures that it has acquired all necessary consents and/or relies on other appropriate legal grounds for the processing of personal data of data subjects. Client confirms that data subjects have been informed about the fact that their personal data is transferred to Tachogram as a processor and other third parties (sub-processors) used by Tachogram for the provision of Service.

3.4. When setting up an account with Tachogram or placing an order, the Client provides Tachogram with the following information, containing personal data:

3.4.1. name/ company name;

3.4.2. e-mail address;

3.4.3. payment information;

3.4.4. phone number;

3.4.5. shipping/billing address;

3.4.6. any other information provided to Tachogram for this purpose.

3.5. Some information may be processed while the Client or data subject (for example, Client’s employee) uses the Service. Depending on the scope and configuration of Tachogram Service, this information may also contain personal data:

3.5.1. data subject’s device and browser (such as IP address, browser type, software version etc.);

3.5.2. Digital tachograph and driver's activities (time spent on breaks, start, stop and end time of driving, driving duration, tachograph calibration, tachograph manufacturer, absence calendar, information about colleagues, option to use calculation tool of costs, etc.);

3.5.3. vehicle data (such as name and type of vehicle, mileage, technical information, etc.)

3.5.4. digital tachograph card (such as card issuing authority, information about controls, etc.).

3.6. Upon using or configuring Tachogram account settings, the Client may provide some information, which in connection with other information may contain personal data (for example, location, time zone, photo etc.).

3.7. The Client can choose to integrate third-party services in relation to certain aspects of Tachogram Service. A third-party service is a software that integrates with the Service and the Client can enable or disable such integration for Tachogram account. Once enabled, the relevant third-party service provider may share or receive certain information (including importing or exporting). The Client should check the privacy settings of these third-party services to understand what data may be disclosed to Tachogram.

4. Duration of processing and retention period

4.1. Tachogram will process the aforementioned data for as long as Tachogram provides the Service to the Client and the Client has an active Tachogram account. However, personal data can be deleted at any time upon Client’s request.

4.2. Unless the applicable law requires, Tachogram has no obligation to store Client’s personal data after the termination of contract with the Client. After terminating the contract, Tachogram may continue to store some personal data, limited to the minimum amount required for Tachogram to comply with legal obligations, to ensure reliable back-up systems, resolve dispute between the Client and Tachogram, if any, prevent fraud and abuse, enforce Tachogram agreements, and/or to pursue legitimate interests of Tachogram or third parties.

5. Sharing your personal data with third parties

5.1. For Tachogram to be able to provide the Service, Tachogram works with third parties that provide Tachogram with different services needed in ordinary course of business. The categories of third-party recipients (sub-processors) of personal data include hosting and server co-location service providers, communication and content delivery networks, data and cyber security service providers, billing and payment processing service providers, fraud detection and prevention service providers, web analytics, email distribution and monitoring service providers, session recording service, advertising and marketing service providers, IT, legal and financial advisors, among others (“Third-Party Service Providers”).

5.2. Third-Party Service Providers only receive a minimum amount of personal data necessary for them to provide Tachogram the requested service. Tachogram shares personal data only with such Third-Party Service Providers that have undertaken to comply with the data protection obligations set out in this Agreement, provide sufficient guarantees and implement appropriate technical and organizational measures, and otherwise comply with applicable personal data protection laws. Tachogram remains responsible for the processing of personal data carried out by Third-Party Service Providers that Tachogram has engaged for respective data processing in accordance with applicable laws.

5.3. The Client provides general authorization to Tachogram to engage Third-Party Service Providers or sub-processors. The Client can request information about Third-Party Service Providers by contacting Tachogram. In case the Client has any legally grounded objections to the engagement of a Third-Party Service Provider, the Client and Tachogram try to find a solution for further data processing to a limited extent without the use of the particular sub-processor or, if such a solution cannot be found, agree on the termination of the Service in accordance with the terms of termination specified in the Service contract.

5.4. In certain situations, Tachogram might have a legal obligation to share Client’s information with third parties, if it is required by law or when the information is requested by public authorities.

5.5. Personal data processed by Tachogram may be transferred to Third-Party Service Providers that are located outside of European Union. In such cases Tachogram will only share personal data with such recipients that have undertaken to comply with the necessary data protection requirements and that are able to ensure an adequate level of protection or have provided adequate guarantees.

6. Tachogram obligations and assistance to the controller

6.1. Tachogram uses reasonable and appropriate organizational, technical, and administrative measures in accordance with applicable data protection laws in order to protect the confidentiality, integrity, and availability of personal data. Unfortunately, no data transmission or storage system is guaranteed to be 100% secure, therefore Tachogram encourages the Client to take care of the personal data in its possession that is processed online and set strong passwords for Tachogram account, limit access to computer and browser by signing off after finishing the session, and avoid providing Tachogram with any sensitive information whose disclosure could cause substantial harm to the data subject.

6.2. All of Tachogram’s authorized personnel involved in the processing of Client’s and third person’s personal data have committed themselves to confidentiality obligations and shall not access or otherwise process personal data without the Client’s authorization if it’s not for the purposes of providing the Service.

6.3. In the event of a personal data breach, Tachogram will notify the Client in accordance with the obligations set out in applicable laws and will provide reasonable assistance regarding the investigations of the personal data breach and the notification to the supervisory authority and data subjects regarding such personal data breach.

6.4. Taking into account the nature of the processing, Tachogram will assist the Client with provision of technical or organizational measures, insofar as possible, for the fulfilment of Client’s obligations as a data controller in relation to:

6.4.1. any requests from the Client’s data subjects in respect of access to or the rectification, erasure, restriction, portability, blocking or deletion of their personal data that Tachogram processes on behalf of the Client. In the event that a data subject sends such a request directly to Tachogram, Tachogram will promptly forward such request to the Client;

6.4.2. the investigation of personal data breach and the notification to the supervisory authority and Client’s data subjects regarding such personal data breach;

6.4.3. where appropriate, the preparation of data protection impact assessments and, where necessary, carrying out consultations with any supervisory authority. etc.)

7. Data processing audit

7.1. Upon Client’s request Tachogram agrees to provide sufficient information to demonstrate compliance with the obligations laid down in this Agreement and applicable data protection laws. This information should be provided to the extent that such information is within Tachogram’s control and Tachogram is not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party.

7.2. If the provided information, in Client’s reasonable judgment, is not sufficient to confirm Tachogram’s compliance with this Agreement, then Tachogram agrees to allow and contribute to data processing audit.

7.3. Such audit will be carried out by independent third party with good market reputation, which has experience and competence to carry out data processing audits and confirmed by both Tachogram and the Client.

7.4. Such audit will be carried out at the time agreed between the Client and Tachogram within 2 (two) months from the moment the Client has requested the audit in writing. The auditor will have to sign a confidentiality agreement which includes obligation not to disclose business information in its audit report which will also be provided to Tachogram. The audit will be carried out during normal working hours of Tachogram, without interfering with Tachogram’s business activities. The Client has the right to request the audit once every 2 years. All expenses regarding to the audit shall be borne by the Client.

8. Amendments to the Agreement

8.1. Tachogram may occasionally change this Agreement, for example, in cases new services or features are introduced. In case of amendments or any changes, Tachogram will inform the Client in due time by sending an electronic notification to the Client’s representative and indicating the nature and scope of the amendments. The amendments to this Agreement are applied from the moment, which is indicated in this section of the webpage.

8.2. By continuing to use Tachogram Service or otherwise providing personal data to Tachogram, after the amendments to this Agreement have been implemented, the Client agrees to the updated terms of the Agreement.

9. Governing law

9.1. This Agreement shall be governed by the laws of the Republic of Latvia, and any action or proceeding related to this Agreement (including those arising from non-contractual disputes or claims) will be brought in the courts of the Republic of Latvia.