Privacy policy

Drivata is committed to safety and exemplarity in data protection.

We designed the entire Drivata platform to protect and secure its users privacy before, during, and after the company’s driving diagnostic organization.

We invest to ensure that driving data from vehicles and participants is collected, analyzed and shared in accordance with the GDPR standards on security and personal data protection.

The main objectives of the GDPR are to make the control of individuals on their personal data and increase the protection of this data, as well as to make the actors responsible for its treatment.

Drivata applies the following rules:

1. Drivers can use a pseudonym throughout the diagnosis period and choose not to fill in their personal profile.
2. Vehicle geolocation data is only used to determine driving scores.
3. These data are not accessible in detail by the diagnostic sponsors nor provided by Drivata to third parties.
4. The details of the data collected during a diagnosis are erased upon request.
5. We regularly invest in securing our technical infrastructure and applications and especially in training our employees in terms of protecting the data of our users and preventing hacking.

We understand that access to personal data is a very important topic and we are committed to maintaining a high level of security and protection.

Thomas Engler
CEO Drivata
thomas@drivata.com

Nature of data collected

As part of the use of the different versions of the Drivata website, the diagnostic administration account and the Drivata smartphone applications,
Drivata SAS may collect the following categories of data about its users:

Aggregation of data

Aggregation with non-personal data
We may publish, disclose and use aggregated information (information about all our Users or specific groups or categories of Users that we combine so that an individual User can no longer be identified or mentioned, and the information non-personal for the purpose of driving analysis during the duration of a driving challenge and the determination of scores of each participant.

This aggregated information is also used to analyze and compare specific industries and markets for learning, promotional and commercial purposes.

Aggregation with personal data available on the user’s social accounts
If you connect to an account of another service for cross-mailing, that service may provide us with your profile information, login information, and any other information you have authorized for disclosure. We may aggregate information about all our other Users, groups, accounts, personal data available on the User.

Cookies on the versions of the website and the admin challenge account

Shelf life of cookies.
In accordance with the recommendations of the CNIL, the maximum duration of storage of cookies is 13 months maximum after their first deposit in the User’s terminal, as well as the duration of the validity of the User’s consent to the use of cookies. these cookies. The lifespan of cookies is not extended at each visit. The User’s consent must therefore be renewed at the end of this period.

Purpose cookies
Cookies may be used for statistical purposes, in particular to optimize the services rendered to the User, from the processing of information concerning the frequency of access, the personalization of the pages as well as the operations carried out and the information consulted.
You are informed that the Publisher may place cookies on your device. The cookie records information about the navigation on the service (the pages you have visited, the date and time of the consultation …) that we can read during your subsequent visits.

Retention of technical data

The technical data are kept for the period strictly necessary for the accomplishment of the purposes mentioned above.

Deletion of data after deletion of the account.

Deletion of data after deletion of the account.
The purging data are set up in order to provide for their effective deletion as long as the storage or archiving period necessary for the accomplishment of the analysis or imposed purposes is reached. In accordance with the law n ° 78-17 of January 6th, 1978 relating to the protection of private life.

Deletion of data after 3 years of inactivity.
For security reasons, if you have not authenticated yourself on the Site for a period of three years, you will receive an e-mail inviting you to log in as soon as possible, otherwise your data will be deleted from our databases.

Deleting the account on the smartphone app

The user has the option to delete the application from his smartphone at any time by pressing the application icon and then clicking on the “X”.
By doing this all the information entered by the user in the application is deleted without any possible backup.
Deleting an application during the duration of a driving challenge automatically disqualifies its user.

Deleting the account on demand

The user has the possibility to delete his Account at any time, by simple request to RGPD@drivata.com

Deletion of the account in case of violation of the Terms

In case of violation of one or more provisions of the GTU or any other document incorporated herein by reference, Drivata reserves the right to terminate or restrict without prior notice and in its sole discretion, your use and access to services , to your account and to all Sites and Applications.

Indications of a security breach detected by Drivata

We undertake to implement all appropriate technical and organizational measures to ensure a level of security adapted to the risks of accidental, unauthorized or unlawful access, disclosure, alteration, loss or destruction of personal data about you. In the event that we become aware of illegal access to personal data about you stored on our servers or those of our service providers, or unauthorized access resulting in the realization of the risks identified above, we commit ourselves at :

1. You notify the incident as soon as possible by email or by notifications on the application;
2. Examine the causes of the incident and inform you;
3. Take the necessary measures within the limits of reasonable in order to lessen the negative effects and prejudices that may result from this incident;

In any case, the commitments defined in the above point relating to the notification in the event of a security breach can not be assimilated to any acknowledgment of fault or responsibility for the occurrence of the incident in question.

Modification of the GTU and the privacy policy

We commit ourselves to inform you in the event of substantial modification of the present UGC, and not to lower the level of confidentiality of your data in a substantial way without informing you and obtaining your consent.