Privacy statement

Privacy Policy

PRIVACY NOTICE

Last updated: 01-08-2021

1. Identity and Domicile

LeasePlan México, S.A. de C.V. (the “Data Controller”) in compliance with the Federal Law on Protection of Personal Data Held by Private Parties (the “Law”), provides this privacy notice (the “Privacy Notice”), which aims the protection of your personal data, through a legitimate, controlled and informed treatment of the same, in order to ensure your privacy.

For purposes of this Privacy Notice, the Data Controller appoints as domicile the one located in Boulevard Manuel Ávila Camacho number 138-7, Colonia Lomas de Chapultepec, México, Distrito Federal, C.P. 11000.

1. Personal Data subject to Processing and its Purpose

In light of the above, we inform you that your personal data will be treated as confidential and used, if any, for the following purposes:

To contact you;
Provide the services that you hired with the Data Controller;
If applicable, for recording our telephone calls to improve our services and to support you in a personal way;
Keep your personal data in our servers to use it in our different platforms, among others, our web page and mobile app, to improve our services, and in any other platform which may be develop by us to improve our services, as the “Operational Contact Management” (OCM) and “Telematics”; which allows collecting vehicles’ data almost in real time for developing comprehensive information regarding to such vehicles.
If applicable, for locating you to provide “Telematics” services, in accordance with the acknowledgement letter related to such services and which you already signed, and with the Master Agreement for Operational Leasing and Fleet Management Services which the Data Controller has already signed with your employer.
If applicable, for locating you in real time, in case of crash or vehicle’s theft in accordance with the acknowledgement letter related to such services and which you already signed, and with the Master Agreement for Operational Leasing and Fleet Management Services which the Data Controller has already signed with your employer.
If applicable and as an exception, to locate you in real time, in case of crash or vehicle’s theft in accordance with the acknowledgement letter related to such services and which you already signed, and with the Master Agreement for Operational Leasing and Fleet Management Services which the Data Controller has already signed with your employer.
If applicable, to let you know electronically the privacy policy related with “Telematics” services which may be applicable, if your employer ask such services to Data Controller.
To monitor and follow up our services, among others, your car selection, its maintenance, the management of daily matters related which its use, its returned and, if applicable, its purchase.
Inform you about the changes made in any of the hired services.
Evaluate the quality of the services provided.
Inform you about any change made in this Privacy Notice.
Send you information related to the provision of our services.

For the purpose mentioned above, we require to obtain the following personal and sensible data from you (the “Personal Data”):

1.
Identification data such as complete name, address, home or office phone number, mobile phone, marital status, electronic signature, the Federal Taxpayer Registry (RFC, for its acronym in Spanish), Social Security Number (NSS, for its acronym in Spanish), Unique Population Registry Key (CURP, for its acronym in Spanish), place and date of birth, and age and, if applicable, your location in real time to provide “Telematics” services.
2.
Professional data such as occupation, area or department, address, phone and mail, extracurricular activities, employment references, personal references, academic and performance records, etc.

Asset data such as real state and movable assets, credit history, income and expenditure, bank accounts, insurance, personal references, etc. Also the plate number of the leased car, its serial number, its color, and, if applicable, its location to send you to the nearest agency or deposit to receive the support of this suppliers. Personal and family health data with all due guarantees of security and confidentiality, accessible only for professional and legally authorized persons.

- Means to request Personal Data

Personal Data are collected by mail, telephone communication with the Data Controller authorized persons and / or the voluntary provision of information, and Personal Data through dialog windows at the website https://www.leaseplan.com/es-mx/ (the “Website”), and/or any other mechanism established at the Website. Also such Personal Data may be collected by using the platform http://leaseplan.octotelematics.com/mx, named “Telematics”, in accordance with the acknowledgement letter related to such services and which you already signed, and with the Master Agreement for Operational Leasing and Fleet Management Services which the Data Controller has already signed with your employer.

The Data Controller can use mechanisms to monitor the Internet Protocol addresses (IP for is initials). However, the IP address in no case will be used to identify the owners, except when it is suspected that the performance of a fraudulent activity is occurring or likely to occur.

1. Transfers and Purpose

Likewise, we inform you that the Personal Data will not be transferred to third parties and the treatment will be limited to the Data Controller’s internal use, unless such transfer is made to holdings, subsidiaries or affiliates of the Data Controller, all of which share the same processes and internal policies as the Data Controller. If the Personal Data are transferred to any other entity, we warrant that such entity shall assume the obligations referred in this Data Privacy Notice. If this entity has access to the Personal Data, its use shall be limited strictly to the terns of this statement. Understanding that the Responsible warrants that, in any case, such entity will be subjected to a Non Disclosure Agreement duly signed by both parties.

1. Means to access, ratify, cancel and/or oppose the processing of Personal Data

You may at any time request the Data Controller the access, rectification, cancellation or opposition to the processing of your Personal Data. If you desire to modify your Personal Data, you should send a request to the Data Controller’s privacy officer (the “Privacy Officer”) throughout the following email address privacyofficer@leaseplan.com.mx, specifying your name, address, the purpose of your request, and attaching identification documentation that demonstrates your identity as the owner of the Personal Data, or in its case, the legal representation of the owner.

The Privacy Officer will acknowledge receipt of your request the same day it has been received. An analysis will be conducted in accordance with the Law, its Regulations and the Guidelines for the Privacy Notice, and the Privacy Officer will respond to your request no later than twenty working days after the day on which it was received, issuing a response in either an affirmative or negative way, duly grounded. The response will be send to the email address that you used to file such request.

1. Means to limit the use or disclosure of your Personal Data

If you want to stop receiving promotional messages, or otherwise, limit or terminate the use and disclosure that the Data Controller gives to the Personal Data please contact the Privacy Office by sending an email to privacyofficer@leaseplan.com.mx or by calling (55) 52 46 12 60, ext. 1159, from 9:00 AM to 6:00 PM, specifying your name, address, the purpose of your request, and attaching identification documentation that demonstrates your identity as the owner of the Personal Data, or in its case, the legal representation of the owner.

- Revoke to the Treatment Consent

Please note that from the moment you enter the Website of the Data Controller or to any Website controlled by itself and provide your Personal Data, you accept the terms and conditions of this Privacy Notice. If you want to revoke the consent to the processing of Personal Data, you should inform the Data Controller by sending an email to privacyofficer@leaseplan.com.mx, specifying your name, address, the purpose of your request, and attaching identification documentation that demonstrates your identity as the owner of the Personal Data, or in its case, the legal representation of the owner.

- The use of cookies

The Data Controller recognizes that the Website uses cookies in connection with certain characteristics and functions. Cookies are specific types of information that a website transfers to the hard drive of a computer, storing them in the browser in order to maintain registration of the activity. Cookies can be used to facilitate the use of a website, saving passwords and preferences while you navigate on the Internet.

The Website does not use cookies to collect or store personal identification data from your computer that was not originally sent as part of the cookie. If you do not agree with the implementation of cookies, you can deactivate this function in your browser.

For your information and convenience, we offer some links to other websites such as FEXT page, and www.leaseplan.com, http://www.wildeganzen.nl/home/, http://www.net4kids.org and http://leaseplan.octotelematics.com/mx. These sites may have their own privacy notices, which we recommend checking if you visit any linked page. We are not responsible for the content of linked sites or any use of the sites.

1. Personal Data Department

The Data Controller, through the Privacy Officer, will implement all physical, technical and administrative security provisions necessary for the protection and confidentiality of the Personal Data

To know more about your Personal Data protection, please contact the Privacy Officer through the following email address: privacyofficer@leaseplan.com.mx

Amendments to this Notice.

The Data Controller reserves all the right to modify at any time the content of this Notice. Any amendment to this Notice will be available through the Data Controller webpage. Once the Privacy Notice is published on the website it will enter into force automatically.

The last update date of this Notice is: August 10, 2016.

Privacy Policy Telematics Services

LeasePlan is committed to protect the privacy of the collected and processed personal information. Compliant privacy and data security practices have therefore become integral components of LeasePlan’s Telematics Services, corporate governance, accountability and risk management. We therefore only process such personal information as is necessary for the provision of the relevant Telematics Services.

Please read this Privacy Policy carefully so that you understand how we collect and use your personal data being generated by the Device and disclosed via the Telematics Platform.

1. Scope of this Privacy Policy This Privacy Policy applies to all information collected and processed in the context of the provision of Telematics Services to your employer (the “Client”) and you as driver (the “Driver”) of your company vehicle (the “Vehicle”).

LeasePlan México, S.A. de C.V. will be responsible of protect your personal data (the “Responsible”), in accordance with applicable law.

Responsible address: Boulevard Manuel Ávila Camacho número 138, piso 5, Colonia Lomas de Chapultepec, México, Distrito Federal, C.P 11000.

Responsibilities of Client: Insofar as your employer has access to your personal information in the Telematics Platform, your employer is the data controller responsible for the processing and use thereof. This Privacy Policy does not apply to the processing and use of your personal data by your employer.

2. Who has access to my personal information? Below you can find descriptions of the various Telematics Services packs that LeasePlan offers to its Clients. For each of the packs we explain which data is collected, when and for what purposes, how long such data is retained and which authorized individuals within LeasePlan, its third party service providers (see below), and your employer have access to your data.

2.1. Access by authorized individuals in specific roles only The access rights to the Telematics Platform have been configured in such a manner that only individuals in specific roles within LeasePlan, Client and the Device Supplier, have access to information in the Telematics Platform, each role to the extent required for the performance of the Telematics Services.

The individuals in the following roles have access to your information:

Within your employer: the global and relevant regional/local fleet managers and the regional/local fleet operators;
Within LeasePlan: the responsible international and local account/fleet supervisors; the responsible country insurance claims handler and relevant IT and operational staff;
Within providers of services under the Secure Pack: relevant staff within such 3rd party service providers.
Within your employer the responsible global fleet manager will have the administration rights to provide access to the responsible regional/local fleet managers and regional/local fleet operators.

2.2. Access in principle to aggregated data only

Note that access by the responsible individuals to information in the Telematics Platform is, unless explicitly stated otherwise, as much as possible on an aggregated basis only.

Data can be aggregated on a vehicle level basis, or on a fleet level basis.

Aggregated information on a vehicle basis: e.g. the statistics of your Vehicle (like how many trips, average duration of trips, trips by different road types or mileage, etc.) is available to the responsible fleet managers of the Client. The responsible person can therefore not see the specifics of your trip (like start and end times and destination).

Aggregated information on a fleet level basis: in this case the responsible persons can access information only in respect of the combined Vehicles of the fleet. This means that individual Vehicles and Drivers cannot be identified by the responsible persons on the basis of such aggregate information.

2.3 Exceptions for access to individual data Access to your individual information is only provided to the extent required for providing the relevant Telematics Service:

To your vehicle maintenance calendar: for scheduling and preventive maintenance and other Vehicle service actions: [4.1.3] In case of a crash: [4.1.2] In case of theft

2.4 Privacy setting for private use If you are permitted to use your vehicle for personal use outside of working hours, the responsible fleet manager of Client will configure standard business hours on the Telematics Platform, all other hours will automatically be treated as private hours. When in ‘private mode’, only aggregated data on fleet level (data which cannot be related back to the Vehicle or the Driver) is accessible to LeasePlan and the Client; only you will be able to access your individual Vehicle data).

You may tune your private hours via the App or on the Telematics Platform at http://leaseplan.octotelematics.com/mx. The ‘private hours” set by the Drivers cannot be overridden by the Client or by LeasePlan. The ‘private mode’ will only be overridden for specific services in case of an event (crash) or theft. Please see [4.1.2] for more information.

3. Sources of the collected data

Depending on the Telematics Services provided, different data sets are collected and processed (see [4]). However, in any event LeasePlan will, as part of the Basic Pack, collect and use the following types of data from the following sources:

- Your Vehicle leasing details as registered by LeasePlan (or provided by your employer in case of Client Owned Vehicles): vehicle ownership information, your first & last name, your address, your email address & telephone number, the license plate number and the Basic Vehicle Details (BVD) e.g., Vehicle Identification Number (VIN), make, model, colour, initial mileage, engine displacement, fuel type, etc.

- Provided by you: you may provide certain data through the App or the Telematics Platform (e.g., when you indicate whether trips are business or private for your log book);

Collected from the Device installed in the car: This depends on the chosen Telematics Service packs (see [4]), but in any event includes as part of the Basic Pack:

- Data from the vehicle, such as day and time, start and end of trip events, trip duration, geo-location (longitudinal/lateral), road type (urban, motorway, other), number of crash events, number of idling events, idle time, overall time parked and overall time running.

- Data regarding the current status of the vehicle/device: such as ignition status (whether engine is on or off), cellular network status (whether you have GPRS/GSM-connectivity), maintenance status (whether maintenance monitoring is activated or not);

- In the event of a crash or theft only: specifics of the crash and the theft (see [4]).

- Derived data: This also depends on the chosen pack (see [4]). Derived data is calculated data based on an algorithm in the Telematics Platform and obtained as follows:

1.
The data collected from the Device listed above is enriched with generic data such as road type and the BVD;

Based on this combined data, the algorithm calculates additional data categories (derived data) such as: speed, maximum allowed speed based on road-type (RdH: Is this calculated? For sure this is set by law.), approximate trip distance, (the result of the start and stop mileage), average fuel consumption, various average gaseous emissions and in case of an event: impact speed and last driven maximum speed.

- Your log-in data to the Telematics Platform and/or the Telematics App: This is automatically generated by the Telematics Platform.

- Generated by the Platform Supplier: voucher number (the individual request from the LeasePlan to its Platform supplier for the activation of each Device) and device ID number (IMEI).

4 Privacy information per Telematics Services

4.1 Telematics basic

4.1.1 Fleet Optimisation

1.
What does this Telematics Service entail?

For Drivers: this service gives Drivers insight in the usage of the Vehicle, such as number of trips made, duration and distance, road type driven, which gives indications for which Vehicle, what fuel type is suitable as well as whether a hybrid or electric vehicle is an option.
For Clients: the responsible fleet manager/operator(s) will obtain access to aggregated reports on a fleet level on the characteristics of trips taken by the fleet, such as average duration of trips, average distance of trips, average number of trips in certain time periods and road type driven.
For LeasePlan: the responsible fleet supervisors will obtain access to the aggregated reports on a fleet level.

This data enables your employer to evaluate the usage of the company fleet.

1.
What data is processed for this purpose? For this purpose the Device and the Telematics Platform generate the following data: day and time, trip distance, overall time parked, overall time running, number of crash events, harsh braking events, harsh acceleration events, quick change of direction events, fast cornering events and driving score, total time running, total time parked and fuel consumption, all in connection to the vehicle license plate number,

Data items that are collected but now shown: voucher number, trip start & stop mileage, mileage at contract begin, vehicle make & model, engine displacement, fuel type, acceleration / deceleration (latitudinal and longitudinal), acceleration/deceleration threshold, direction change threshold, cornering threshold.

1.
Who has access to this data?

Drivers: will be able to access their Vehicle Usage Statistics, a Monthly Report and Vehicle Trip Analysis belonging to their company Vehicle.
Clients: The responsible fleet manager/operator(s) of the Client will have access to aggregated utilization data on a fleet level, which allows reporting on certain time slots (e.g. morning shift, lunch, afternoon shift).
LeasePlan: the responsible fleet supervisors will obtain access to the aggregated utilization data on a fleet level.

See also below under [7] (To whom else may we need to disclose personal information?).

1.
How long is your data retained? Individual Vehicle data is retained for the duration of the contract with the Client, or such earlier moment in time that employment or the leasing arrangement of the Driver is terminated, after which all individual data will be aggregated in such a manner that the Vehicle and the Driver can no longer be identified.

4.1.2 Crash Reconstruction

1.
What does this Telematics Service entail? In the event of a crash the Device records certain information regarding the crash such that the crash may be reconstructed, such as the location of the Vehicle, and some operating parameters (e.g. speed, driving direction, frontal and lateral acceleration).

The Device provides a record of data collected during 3 intervals: a maximum of 60 seconds before the crash climax, 6 seconds during the crash climax, and 15 seconds after the crash climax. After the data has been sent by the Device to the Telematics Platform.

The data is not maintained in the Device as the Device automatically overwrites data when the maximum storage capacity of 1 MB is reached.

The system subsequently triggers:

A Crash Summary Report to the responsible persons within Client and LeasePlan, and
A Crash Reconstruction Report to the person responsible for (insurance) claim handling.

1.
What data is processed for this purpose? The following information is collected by the Device or generated by the Telematics Platform and is also included in the Crash Recording Report:

Voucher number, Device type, Device ID (IMEI), contract number, driver name, driver telephone, vehicle license plate number, vehicle make and model;
Crash event, ignition status (on or off) at the time of crash, vehicle direction, location of crash, date and time of crash, speed at the time of crash, peak acceleration / deceleration during crash, number of impacts during the crash, force and direction per impact;
During the 60 seconds before and the 15 seconds after the crash climax: vehicle geolocation (longitude / latitude), speed and ignition status (on / off) every 10 seconds;
During the crash climax (4 seconds before impact and 2 seconds after): acceleration or deceleration (lateral and longitudinal) and force on the vehicle, at least every 100th of a second.
Data items that are collected but now shown: g-force (acceleration / deceleration) for crash event threshold.

The Crash Summary Report contains the following information: crash ID number (internal to the platform supplier), vehicle license plate number, vehicle make & model, date & time of crash, peak acceleration during crash (g-force).

1.
Who has access to this data? The responsible persons within LeasePlan and Client have access to the Crash Summary Report in the Telematics Platform. Only the person responsible for (insurance) claim handling within LeasePlan (or Client, if Client has not tasked LeasePlan with claim handling) has access to the Crash Recording Report.

LeasePlan (or Client, if Client has not tasked LeasePlan with claim handling) may also share the Crash Reconstruction Report with third parties (insurance companies, professional experts (such as lawyers, medical experts, investigators etc.) and judicial authorities for the purpose of (insurance) (claim) resolution and enforcement.

See also below under [7] (To whom else may we need to disclose personal information?).

1.
How long is this data retained? If case of a crash, the individual data may be retained for as long as necessary to handle potential claims in respect thereof in line with applicable statutes of limitation, or so much longer as LeasePlan is required by law to maintain these records, e.g. due to certain requirements.

4.1.3 Maintenance (vehicle calendar & alert)

1.
What does this Telematics Service entail? This Telematics Service facilitates provision of information and notifications in the Telematics Platform to Clients and to Drivers (on an individual vehicle level) concerning upcoming required preventive maintenance and other Vehicle service actions based on mileage or duration. For example, Drivers receive timely notifications about when at what mileage (and in the future also: where) repair or maintenance appointments for their Vehicles are scheduled and when (and in the future also: where) the vehicle can be picked up or delivered. The Telematics Services will enable Clients to optimise their fleet performance by having pro-active maintenance rather than have maintenance performed when defects have already occurred, which saves both cost and time. This service further enables the Client to optimise maintenance scheduling and to improve uptime of Vehicles by providing more accurate maintenance planning and scheduling.
2.
What data is processed for this purpose? The following information is processed for the purpose of maintenance: day, maintenance status (enabled or disabled), maintenance thresholds, maintenance event, voucher number, vehicle license plate number, vehicle make & model. Data items that are collected but now shown: current vehicle mileage.
3.
Who has access to this data? The individual information pertaining to Vehicle maintenance is made available to authorized individuals within LeasePlan and the Client. To the extent required, LeasePlan will share individual information with the third parties performing maintenance on/repair of the Vehicles (such as vehicle repair shops and garages).

See also below under [7] (To whom else may we need to disclose personal information?).

d. How long is your data retained? Individual Vehicle data is retained for the duration of the contract with the Client, or such earlier moment in time that employment or the leasing arrangement of Driver is terminated, after which all individual data will be aggregated in such a manner that the Vehicle and the Driver can no longer be identified.

4.1.4 Via the App: anchor management for Drivers Available via the App for Drivers only: Drivers can indicate the location of their Vehicle in the App when the engine is switched off. This enables Drivers to locate their parked Vehicle. Drivers further will receive an alert if their vehicle is moved while anchored (which may be an indication of theft or the Vehicle being towed away).

**4.1.5 Eco Driving **

1.
What does this Telematics Service entail? This Telematics Service provides information on average fuel consumption & gaseous emissions in a certain pre-determined period to Clients (on aggregate level) and to Drivers (on individual level). This enables Drivers to benchmark their fuel use and environmental impact against the company fleet by means of a scoring index.

Clients have access to (i) various data pertaining to the CO2 and other gaseous emissions of its vehicle fleet, and (ii) measures proposed by LeasePlan to reduce the fleets’ fuel use and environmental impact. Client can then decide on company’s fleet/vehicle policies, and set targets in order to achieve a lasting reduction of fuel, and CO2 emissions, e.g., by providing eco-driving style training to its Drivers or promoting more climate neutral vehicles.

b. What data is processed for this purpose? For this purpose the Devices collect the following Data: vehicle license plate number (visible to Driver only), vehicle make & model, driver name (visible to Driver only), vehicle engine mileage, engine displacement (in cm3), vehicle fuel type and fuel consumption. Data items that are collected but now shown: voucher number, trip start and stop mileage, trip distance, current mileage, speed, road type, idling event and idle time.

c. Who has access to this data? Authorized individuals within LeasePlan and Client will have access to Eco Behaviour & Fuel Efficiency Data on an aggregate fleet level, meaning that they will not be able to access data on an individual Driver level. Drivers will be able to access data belonging to their own Vehicle. See also below under section [7] (To whom else may we need to disclose personal information?).

1.
How long is your data retained? Individual Vehicle data is retained for the duration of the contract with the Client, or such earlier moment in time that employment or the leasing arrangement of Driver is terminated, after which all individual data will be aggregated in such a manner that the Vehicle and the Driver can no longer be identified.

4.1.6 Driving Insight

1.
What does this Telematics Service entail? This Telematics Service provides a scoring index based on factors such as acceleration, braking, revving, cornering and sudden change of direction, above pre-defined thresholds to the Client (on an aggregate fleet level) and to Drivers (on an individual level). This enables Drivers to benchmark and monitor their own driving behaviour by means of a scoring index. The information enables Clients to gain insight in the collective driving score of their Drivers (on a non-identifiable level), in order to assess whether to initiate safety communication and providing coaching opportunities to their Drivers (for example, sending regular email with tips & tricks regarding driving safety or providing courses and workshops to improve safety and limit risky driving behaviour), in order to increase safety levels of its Drivers and decrease the fleet’s crash rate. (RdH: Why not emphasize that this type of data is not used for penalising (other wording) drivers?)

b. What data is processed for this purpose? For this purpose the Devices collect the following Data: vehicle license plate number, speeding events, number of crash events, harsh braking events, harsh acceleration events, quick change of direction events, fast cornering events and driving score, voucher number, day and time, trip start mileage, speed, speed thresholds, road type, g-force for crash event threshold, acceleration & deceleration, acceleration & deceleration thresholds, quick direction change threshold and fast cornering threshold.

c. Who has access to this data? Authorized individuals within LeasePlan and the Client will have access to the driving scoring index on an aggregate fleet level, meaning that they will not be able to access Data on an individual Driver level.

Drivers will be able to access Data belonging to their own Vehicle. See also below under [7] (To whom else may we need to disclose personal information?).

4.2 Telematics Plus4.2.1 Vehicle Logbook

a. What does this Telematics Service entail? This Telematics Service enables Drivers to keep an electronic logbook recording of the mileage driven for each trip made with the vehicle, as well as geo-location / time-stamp for the start and end of each trip, with the possibility of separating personal and business trips. Note that in some countries it is mandatory by law for Drivers to separate private and business usage of company leasing Vehicles. The logbook may be used by Drivers as a basis for the annual tax declaration. Reports can be downloaded by Drivers into a PDF file or exported into a CSV file.

b. What data is processed for this purpose? For this purpose the Devices collect the following Data: day and time, vehicle license plate number, vehicle make & model, trip start and stop mileage, trip distance, trip duration, mileage at start telematics services (initial mileage), current mileage, privacy status (business mode or private mode), reason of trip and geolocation (longitude and latitude).

Data items that are collected but now shown: voucher number, ignition status (on or off), start of trip event, end of trip event.

Users can choose a time period to search the trips. A detailed report of the trips during that time period is displayed on the Telematics Platform and can be edited by Users. Certain Data fields (e.g., private/business mode, remarks) are available for editing, while other fields (e.g., mileage) are fixed. The following information can be added by the Driver manually via the Telematics Portal or the App: nature of each trip (business, private, and home-office travel), reason of the trip, routing information and start and end address.

The Driver may tag an upcoming trip or a period as private via the Telematics Portal or the Telematics App. In ‘private mode’ a trip in the logbook does not reveal details about locations as well as exact times, but just reports the distance which was travelled and the day. In ‘business mode’, the logbook shows start/end times and locations as well as the nature/reason for the trip which has to be entered by the Driver. Changing a private trip to business mode requires the driver to enter the start and end locations as well as the start and end times.

c. Who has access to this data? Other than the Driver, the Client and LeasePlan will not have access to data in the vehicle logbook. Drivers will be able to access data belonging to their own Vehicle.

See also below under [7] (To whom else may we need to disclose personal information?).

5. Will my personal data be used by LeasePlan for other purposes? Your personal data will only be used for the purposes of delivering the Telematics Services and in order to ensure that the Telematics Platform and the Telematics Services operate correctly and efficiently. We further may analyse aggregated data to enhance and improve our fleet management services.

LeasePlan will not sell your data to third parties or use your data for other commercial purposes.

6. How long will my personal information be retained by LeasePlan? Individual data relating to Drivers and Vehicles will be retained for the duration of the contract with the Client, or such earlier moment in time as employment or the leasing arrangement of Driver with Client is terminated.

Except in case of theft or a crash (see below) all individual data is aggregated upon:

Termination of employment of the Driver;
Termination of the contract between LeasePlan and Client.

In case of theft of a Vehicle or a crash, the individual data may be retained (also after contract termination) for as long necessary to identify and recover the Vehicle.

Geolocation Data are in principle deleted or anonymized after a maximum period of 24 hours from the time of the receipt.

7. To whom else may we need to disclose personal information? Other than as set out in this Privacy Policy, we will provide your data to supervisory agencies, fiscal authorities and investigative agencies, but only if we are required to do so by law.

8. Is my personal information transferred to another country? The Telematics Services are controlled and operated by LeasePlan from the Netherlands and, as noted above under section 0, hosted on servers by Octo in Italy. Both Italy and the Netherlands provide an adequate level of data protection, as provided by applicable European data protection laws. LeasePlan and the Client have undertaken adequate safeguards to ensure the confidentiality and security of all collected data.

9. How is my personal information secured? The Telematics Platform is hosted on behalf of LeasePlan by the third party service provider Octo Telematics. Octo Telematics has implemented all technical and organizational security measures required by applicable data protection law in order to protect your personal data collected in the context of the Pilot, and is ISO: 27001:2005 compliant. An important security measure is that the data in transit is encrypted. In particular:

Various state-of-the-art security techniques are used, such as secure servers, firewalls, anti-virus and anti–malware protections, and encryption in transit and at rest.
LeasePlan monitors and reviews our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to our premises and IT systems.
Access to data is restricted to individuals in specific roles within LeasePlan (and its service providers) and Client, each role to the extent required for the performance of the Telematics Services, and who are subject to strict contractual confidentiality obligations. If any of these individuals, fails to meet these obligations, he/she may be subject to appropriate disciplinary measures or even termination of their employment/contract.
All service providers of LeasePlan have been contractually obligated to provide the level of data protection that matches LeasePlan’s security measures. We regularly audit these service providers for compliance with their contractual obligations and have adequate procedures in place to tackle any suspected or established noncompliance. See here for our Security Standards.

10. What rights do I have in connection with my personal information? If you would like to review, correct, update, suppress, or delete any of your personal data in accordance with the stablished to LeasePlan privacy notice.

11. Will my personal data be used by LeasePlan for other purposes? Your personal data will only be used for the purposes of delivering the Telematics Services in accordance with LeasePlan privacy notice.