Privacy Policy

1 | Scope

All-Connects offers solutions to digitally map the use of vehicles, teams and materials on a professional platform. To do this, we may need to collect your personal data to provide you with the best protection and most up-to-date security. Your trust is not something we take for granted. Therefore, we have developed a Privacy Policy that covers how we collect, use, disclose, transfer and store your personal data.

This Privacy Policy was last updated on 12/04/2023.

This " Privacy Policy " applies to the products and services of All-Connects nv, including the following applications: CHECKIN@WORK APP, AGR APP, AGR-GPS mestvoerders, PRESTAMOB APP, FLEET.driver, FLEET.manager, FLEET.tracker, LIVE.connects, CHECK.connects, www.all-connects.be (and subdomain gpstracking.all-connects.be). Please note that this Privacy Policy applies to all applications listed here, although not all sections are relevant to each application; please read the details carefully to understand the specific data processing practices and procedures applicable to each application.

If you live in the European Economic Area, the controller of your personal data is: All-Connects nv, Satenrozen 3 - 2550 Kontich, Belgium.

This Privacy Policy describes how we treat and protect your personal data and what choices you have regarding the collection, processing and access of personal data and how to update, correct and delete it. Additional information about our personal data practices may be provided in product settings, contractual terms or notices provided prior to or at the time of data collection.

This Privacy Policy is intended for you if you are a user of our products and services.

2 | Personal data we process


We may collect or ask you to provide certain information when you visit and use our websites, products and services. The sources from which we collect Personal Data are:

- Data collected directly from you or your device relating to an identified or identifiable natural person ("Data Subject"). This data may include direct identifiers such as name, address, email address, phone number, and online or indirect identifiers such as login account name, login password, marketing preferences, social media account, payment card number or IP address;

- If we link other data related to you to your Personal Data, we will treat that linked data as Personal Data; and we may also collect Personal Data from trusted third-party sources such as distributors, resellers, app stores and contact centers. We may also hire third-party vendors in areas such as marketing, survey, analytics or software vendors to help us collect Personal Data.

We organize the Personal Data we process into these basic categories: Billing Data, Account Data, and Product Data.

Billing Data includes your name, email address, masked credit card number, license information, and in certain circumstances, your billing address and your phone number. In most cases, you purchase our products and services from a trusted third-party service provider, reseller or app store. In those circumstances, your billing information is processed by the relevant third party and we receive only a subset of it to maintain appropriate business records.

Account Details include information necessary to set up and customize an account, such as your email address, username, and information associated with our services, such as license codes. Some of our products or some of their features require an account. Personal Data refers to any information relating to an identified or identifiable natural person ("Personal Data").

The account is the uniquely secure access point . You have the ability to provide additional information on your account, such as personal texts, your date of birth, gender, text message number, username of desms'er, or website name and address, your physical location, and you can also select an avatar or personal image.

Any information you provide here is visible to other users (including your total number of messages, and messages per day, the date and time of your registration, your local time, and the date and time of your last activity). Product data covers two subcategories:

- Device data includes information about the operating system; hardware; location/country of device; error logs; browser; network; applications running on the device, including the All-Connects products; and- Service data includes information about the use of the All-Connects product and events related to your use of our product, such as malware samples and detections, information about website URLs, usage statistics (activation, crashes, scans, errors), IP address.

3 | Why we process your personal data

We use your Personal Data for the following purposes and on the following grounds:

Based on the fulfillment of our contract with you or based on entering into a contract with you at your request, to:
- process the purchase of the products or services from us, our partners or the web stores of our trusted third parties; provide for the download, activation and operation of the product or service;
- keep our products or services up-to-date, secure and error-free;
- verify your identity and eligibility for paid products or services when you contact us for support or access to our services;
- process your purchase transactions;
- keep you informed of the status of your orders and licenses;
- manage your subscriptions and user accounts; and
- provide you with technical and customer support. Based on your consent to:
- subscribe you to a newsletter or the All-Connects forum;
- enable the placement of personalized advertisements in support of certain free products.

Prior to any processing required for this purpose, we will always seek your consent and provide you with the necessary information through our Consent Policy or otherwise as applicable. Based on legal obligations, we will process your Personal Data when necessary for compliance with a legal requirement relating to tax, accounting, anti-money laundering regulations, the rule of law or any other obligation to which we are subject.

Based on our legitimate interest, we will use your Personal Data for:
- communications about potential security, privacy and performance enhancements and products that complement or enhance the products purchased from us and to optimize the content and delivery of such communications;
- product development and research and the implementation of product features, enhancements, and updates;
- evaluation and enhancement of third-party analytics to improve the performance and quality of our products,services and websites and understanding usage trends and analysis of user purchases, conversions and campaigns;
- enabling interoperability within our applications; security of our systems and applications;
- effective performance of our business by ensuring that the internal administrative and commercial processes necessary for this purpose (e.g. finance, controlling, business intelligence, legal affairs and compliance, information security, etc.); and
- establishing, exercising or defending our legal rights. We have balanced the interests for the above processing activities. You have the right, based on our specific situation, to object to those processing activities. For more information, see the "Your Privacy Rights" section.

4 | Balancing legitimate interests

Before invoking our legitimate interests, we have weighed them against your interests and again made sure that they are convincing enough and do not cause unwarranted harm. With respect to the purposes below, we find it necessary to explain in detail what our interests are.

Systems, Apps and Network Security
We process Personal Data for the purpose of securing networks and information. In accordance with EU data protection legislation, organizations have a recognized legitimate interest in collecting and processing Personal Data to the extent strictly necessary and proportionate to ensure network and information security. This primarily covers the ability of a network or of an information system to resist incidents, attacks, or unlawful or malicious actions that may compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data, or the security of related services offered by, or accessed through, those networks and systems.

As an organization in its own right and as a provider of cybersecurity technologies and services, including hosted and managed cybersecurity technology services, it is necessary for the functionality of our systems, products and services and for our legitimate interests and those of our users, to collect and process Personal Data to the extent strictly necessary and proportionate to ensure the security of our own and our users' networks, devices and information systems. This includes the development of threat intelligence tools aimed at continuously maintaining and improving the ability of networks and systems to withstand unlawful or malicious actions and other harmful events ("cyber threats").

The Personal Data we process for said purposes includes, without limitation, network traffic data related to cyber threats such as:
- email addresses of senders (e.g. of sources of SPAM);
- email addresses of recipients (e.g., of victims of targeted email cyberattacks, including phishing);
- email addresses of reply-to-mail (as configured by cybercriminals sending malicious emails);
- file names and execution paths (e.g. of malicious or otherwise malicious executable files attached to emails);
- URLs and associated page names (e.g., of web pages that transmit malicious or otherwise malicious content or otherwise post it); and/or
- IP addresses (e.g. of web servers and connected devices involved in the generation, distribution, transmission, hosting, caching or other forms of storage of cyber-threats such as malicious or otherwise harmful content).

Depending on the context in which such data is collected, it may include Personal Data about you or other data subjects. In such cases, however, we only process the affected data to the extent strictly necessary and proportionate for the purpose of detecting, blocking, reporting (by removing personally identifiable elements) and mitigating cyber-threats of interest to you, and to secure your network, device and systems.

When processing Personal Data in this context, we do not seek to identify data subjects.

‍In-productand email notices
We have a legitimate interest in notifying our users about potential security, privacy and performance enhancements and products that complement or improve purchased products, as well as communicating our closing days. If you are our customer, we feel we have a responsibility to inform you about improvements in security and features and about potential problems with your device and software beyond our product installed, and to provide you with effective solutions relevant to these problems, including solutions developed by us. We thus have a legitimate interest in optimizing the content and delivery of this type of messaging to you so that you are likely to find it relevant, but at the same time not intrusive.

Development of new products
We have a legitimate interest in using the necessary Personal Data to develop new products offfeatures so that we can provide you with state-of-the-art security, privacy and high-performance products.

Third-partyanalytics (user purchases, user interactions)
We have a legitimate interest in using necessary Personal Data for third-party analytics to understand user conversions, purchases and campaign performance across various distribution channels, and in user downloads, activations and communications with our products, as these analytics help us maintain functionality, effectiveness, security and reliability of our products and business operations.

5 | How we process your personal data

We do our best to disconnect or remove all direct identifiers from the Personal Data we use:

- For free versions, this disconnection or removal of identifiers begins when the products and services are first activated. For paid users, we store billing information in a separate database and minimize its use for things other than handling payments and our own financial housekeeping.
- For both paid and free versions, we continually verify that all direct identifiers have been minimized, minimized, disconnected and removed during normal performance of the products and services.

6 | No automated decision making, including profiling

We do not make decisions using algorithms or profiling that significantly affect you.

7 | How we disclose your personal data

As described below, we will only disclose your Personal Data within our group, to our partners, to service providers processing data on our behalf and to governmental authorities, as required by applicable law. Processing will only be undertaken for the purposes described in this Privacy Policy and the relevant sections of the Product Policy. Where we disclose your Personal Data, we require that the recipients of such data comply with appropriate privacy and confidentiality requirements and security standards.

8 | Payment Processors

If you choose to pay for our services, we will use the services of a third party payment processor to receive your payment. These third parties are duly regulated and authorised to process your payment information and are prohibited from using your Personal Data for any purpose other than providing these services on our behalf. However, they are independent processors of your data with their own responsibility. Your billing information is processed by the payment processor from whom you purchased the product. Your data will be processed in accordance with the privacy policy of the processor concerned.

9 | Service providers

We may use contractors and service providers to process your Personal Data for the purposes described in this Privacy Policy. We contractually require service providers to keep the data secure and confidential. Such service providers include, in particular, contact centres, professional consultants (including for the defence or exercise of our rights) and marketing/survey/analysis/software providers. Sometimes these service providers, for example our distributors, resellers and app store partners, will be independent controllers of your data and their terms and conditions. The Terms of Use ("EULA") and Privacy Statements will apply to such relationships.

10 | Cookie providers

Our websites use cookies to personalise your experience on our websites, tell us which parts of our websites are being visited, help us measure the effectiveness of campaigns, and give us insights into user interactions and the user base as a whole so we can improve our communications and products. If you use our websites, you will be asked to authorise the collection and use of data by cookies under the terms of this Cookie Policy.

11 | Suppliers of analysis tools

We use analytical tools, including those provided by third parties, which enable us, among other things, to identify potential performance or security issues with our products, improve their stability and function, and understand how you use our products and websites so that we can optimise and improve your user experience and evaluate and improve our campaigns. We use service and device data for analysis. Although we generally use our own analytical tools, we sometimes need to work with other parties who have developed and provided us with their own tools and expertise. We list these partners, their tools and their privacy policies below.

12 | Government agencies

In certain cases, it may be necessary to disclose your Personal Data to public authorities or as otherwise required by applicable law. No Personal Information will be disclosed to any public authority except in response to:
- a subpoena, arrest warrant or other process issued by a court or other public authority having competent jurisdiction;
- a legal process having the same effect as a court order to disclose data, such that if we refused to provide such data, it would be in violation of local law, and the company or its officers, directors or employees could be held liable for failing to comply with such legal process;
- when such disclosure is necessary for us to enforce our legal rights under applicable law; or
- a request for data for the purpose of identifying and/or preventing credit card fraud.

13 | How we protect your personal data

We maintain administrative, technical and physical measures for the protection of your Personal Data.

14 | Administrative precautions

Access to our users' Personal Data is limited to authorised personnel who are required to have such access based on their job descriptions, for example, employees who provide technical support to end users or who maintain user accounts. In the case of external contractors processing Personal Data on our behalf, similar requirements are imposed. These third parties are contractually bound by confidentiality clauses, even when they leave. If an individual employee no longer requires access, that person's login details are revoked.

15 | Physical precautions

Access to user information in our database via the Internet requires an encrypted VPN, with the exception of e-mail which requires user authentication. Otherwise, access is limited to our physical location. Physical removal of Personal Data from our premises is prohibited. Outside contractors processing Personal Data on our behalf agree to take reasonable physical precautions.

16 | Proportionality

We strive to collect no more Personal Data than necessary for the purpose for which we collect it. This in turn helps to reduce the overall risk of harm if data loss or security breach occurs: the less data we collect, the lower the overall risk.

17 | How we store your personal data

We will keep your Personal Data on our systems for the following periods:

- For billing data, as long as we have a legal obligation or for our legitimate interests in establishing legal rights;
- For account data, as long as you maintain your account;
- For product data, only as long as necessary for a particular product or service. We use periodic deletion periods, which means that we delete regularly collected data in the given periods, starting with the collection of that respective data. The periodic deletion periods for product data do not exceed six years.

Please note that when you delete our product, the processing for service purposes, in product messages, external analyses and third party advertisements, if applicable, depending on the installed product, will stop. After deletion, we will continue to process your product data for up to six years for statistical purposes, but using appropriate measures, including pseudonymisation.

18 | Storage of your personal data

The data that we collect from you may be stored, applying risk-appropriate technical and organisational security measures, both internally and on third-party servers located in Belgium, Switzerland, Finland, Lithuania, and wherever else we or our trusted service providers and partners operate. In all cases, we follow generally accepted standards and security measures to protect the personal data provided to us, both during transmission and when we receive it.

19 | Your privacy rights

You have the following rights in relation to the processing of your Personal Data:

Right to information - Right to receive information about the processing of your Personal Data, prior to and during the processing, upon request.

Right to access - In addition to information about the processing of your Personal Data, you have the right to receive a copy of your Personal Data being processed.

Right to rectification - We must process accurate Personal Data; if you discover something inaccurate, you have the right to request rectification of the inaccurate Personal Data.

Right to erasure ("right to be forgotten") - You have the right to erase your Personal Data, but only in specific cases as provided by law, for example, if there is no legally recognized legal basis for further processing of your Personal Data (incl. protection of the legitimate interests and rights of All-Connects nv).

Right to data portability - The right to receive Personal Data that you have provided and that is processed on the basis of consent or when necessary for the conclusion and performance of a contract, in machine-readable format. This right applies exclusively to Personal Data processed by automated means.

Right to object - Applies to cases of processing carried out in the context of a legitimate interest. You have the right to object to such processing based on your specific situation and we are obliged to review the processing to ensure compliance with all legally binding rules and applicable regulations. In the case of direct marketing, we will stop processing Personal Data for such purposes after the objection.

Right to withdraw your consent - In the case of processing based on your consent, as specified in our Consent Policy , you may withdraw your consent at any time
by using the same method (if technically possible) that you used to provide it to us (the exact method will be described in detail with each consent you provide). The withdrawal of consent does not affect the lawfulness of processing based on your consent before you withdrew.

Right to restrict processing - You have the right to restrict the processing of your Personal Data if: you dispute the accuracy of your Personal Data for a period of time that allows us to verify the accuracy of your Personal Data; the processing is unlawful and you oppose the erasure of the Personal Data and instead request that we restrict its use; we no longer need the Personal Data for the purposes of the processing, but they are required by you to establish, exercise or defend legal claims, or you have objected to the processing of your Personal Data, and it is verified that our legitimate reasons take precedence over your interests.

‍Rightto contact supervisory authority, court - You may file a complaint with the supervisory authority - Data Protection Authority - Home Page | Data Protection Authority or your local authority or a relevant court.
Whether the data subjects' rights listed above are met depends on the category of Personal Data and the processing activity. In all cases, we strive to comply with your request. We will process your request within one month of receiving a request from you regarding any of your rights regarding your Personal Data. Should we be overwhelmed with requests or in the case of particularly complicated requests, the time limit may be extended to a maximum of a further two months. If we do not meet these deadlines, we would of course prefer that you contact us to resolve the situation informally.

When requests we receive are clearly unfounded or excessive, particularly due to their repetitive nature, we may:
(a) charge a reasonable fee, given the administrative costs of providing the information or communication or taking the requested action; or
(b) refuse to process the request.

We do not retain, acquire or process any additional information, either now or in the future, for the free versions solely to identify users of our free products and services. This is simply not necessary for the free versions of our products provided to you and your function. This means that when you use a free version of our products and services, you may contact us regarding your Personal Data. Please note that in accordance with our privacy by design, privacy by default (built-in privacy and standardized privacy) and minimization practices, we may not be able to identify you in connection with your Product Data about your specific free products and services. If such a situation arises, please visit your Product Settings and explore your options.

20 | Your product choices

You can make certain choices about how your data is used by us by adjusting the privacy settings of the relevant product. Please check your Product Settings to set your privacy preferences.

21 | Contacting us

To exercise your rights, or if you have other questions or complaints about our use of your Personal Data and its privacy, please write to our Data Protection Officer using the most convenient channel below:

We are registered as All-Connects nv and our registered office is Satenrozen 3, 2550 Kontich, Belgium. You can always reach us by e-mail at privacy@all-connects.be. Please type 'PRIVACY REQUEST' in the message line of your e-mail. If you prefer to send a letter by post, you can do so to All-Connects nv, Satenrozen 3 - 2550 Kontich, Belgium. Be sure to write 'Attention: PRIVACY' in the address line, so that we know immediately that your correspondence should be sent to the Data Protection Officer as a matter of priority.

22 | Data Processing Officer

As required by the AVG, we have a Data Protection Officer (DPO) to oversee our compliance with the AVG, provide advice where requested and cooperate with supervisory authorities. You can contact our Data Protection Officer at privacy@all-connects.be.

23 | Changes to this Privacy Policy

We reserve the right to revise or amend this Privacy Policy. In addition, we may update this Privacy Policy to reflect changes to our data practices. If we make any material changes, we will notify you by email (sent to the email address specified in your account) or by means of a notice on this website before the change becomes effective. We encourage you to periodically review this page for the latest information on our privacy practices.

24 | Consent policy

This Consent Policy applies to the products and services of All-Connects nv and its affiliated companies (collectively "we", "us" or "our").If you live in the European Economic Area, the controller of your personal data is: All-Connects nv with registered office at the address: Satenrozen 3 - 2550 Kontich, Belgium.

25 | How to give and withdraw consent

You can give us consent by:

- checking a consent box when visiting a Web site;
- choosing privacy preference settings on the panel;
- choosing technical settings for online services (such as settings in a Web browser); logging on to our software platform
- making another statement or showing other behavior that clearly indicates your acceptance that yourpersonal data is being processed. You may revise and withdraw your consent. Depending on the specific case, you can withdraw your consent by:
- using the "Unsubscribe" link in your email;
- adjusting the privacy preference settings on the panel;
- choosing technical settings for online services (such as settings in a web browser);
- sending an email requesting withdrawal to our contact points indicated in the Privacy Policy ; or
- by following other specific instructions described when you request consent. If you withdraw your consent, we will stop processing.

26 | Newsletter subscription

If you have subscribed or provided us with your email address for these purposes, we will send you commercial communications through this channel in the form of newsletters, blog posts or a Refer a Friend feature. Please note that if you do not want to be on our marketing mailing list, you can unsubscribe at any time by using the "Unsubscribe" link provided in all commercial communications that we send you.

27 | Use of location data

Within our FLEET.driver application it is possible to set individual settings regarding data protection. Please note that on your desktop computer | laptop | tablet | smartphone other applications may also be active, or network connections may be established that collect, transmit or store information about you or your location. Our FLEET.driver application expressly has no influence on this and refers to the respective device manufacturers and cell phone providers.