Privacy Policy - VMS

Last Updated: December 2024

Why do we process your Data?

We process your Data only for the following purposes:

• Creating and managing your account;
• Authenticating your identity using OTP (One-Time Password) via SMS;
• Providing vehicle management and fleet operations features;
• Managing vehicle status, trips, and driver assignments;
• Processing Pre-LR (Pre-Lorry Receipt) and LR (Lorry Receipt) documents;
• Managing punchlist creation, completion, and signatures;
• Tracking location data for vehicle tracking, trip verification, and route optimization;
• Capturing and storing images for vehicle documentation and punchlist items;
• Sending push notifications about vehicle status updates, trip assignments, and punchlist reminders through Firebase Cloud Messaging;
• Managing VAR (Vehicle At Receipt) status transitions;
• Enabling offline functionality and data synchronization;
• Compiling statistics and analytics for fleet management and service improvement;
• Responding to your contact requests and inquiries;
• Hosting your Data;
• Improving our services and the features of the App;
• Ensuring the security of the App;
• Guaranteeing the exercise of your rights and the defense of our rights.

When your Data is processed with your consent, you can withdraw it at any time. In other cases, they are necessary (i) for providing our services and responding to your requests; (ii) to comply with a legal obligation to which we are subject; (iii) to ensure the security and proper functioning of the App according to our legitimate interests. To stop receiving our communications, you can adjust your notification preferences in the app settings or contact us directly.

What categories of Data do we process?

We only process Data strictly necessary for the above-mentioned purposes. We only process Data that you have provided to us when creating your account, when using the App, and when contacting us directly:

Personal Information

• Identity: Name, employee ID, job title, role (as assigned by your organization)
• Contact Details: Mobile phone number, email address
• Login Data: Authentication tokens, OTP verification codes
• Profile Information: Profile picture, plant information, organizational details, preferences

Vehicle and Fleet Data

• Vehicle Information: Vehicle numbers, vehicle types, vehicle status (Approved, Pending, Maintenance, Rejected, In Bound, At Gate, Inspection, Available)
• Vehicle Analytics: Total vehicles, approved vehicles, pending vehicles, maintenance vehicles, rejected vehicles
• Vehicle Status Updates: Status change history, status transition timestamps, notes associated with status changes
• Fleet Management Data: Fleet size, vehicle assignments, vehicle locations

Trip Data

• Trip Information: Trip assignments, trip status (Active, Completed, Cancelled), trip duration
• Trip Analytics: Trip statistics, trip performance metrics, average trip duration
• Trip Details: Origin and destination locations, trip routes, trip timestamps

Pre-LR and LR Data

• Pre-LR Documents: Pre-Lorry Receipt information, vehicle details, LR numbers
• LR Documents: Lorry Receipt creation and management data
• Document Metadata: Creation dates, approval status, associated vehicle information

Punchlist Data

• Punchlist Information: Punchlist creation, punchlist items, punchlist status (Pending, In-Progress, Completed)
• Punchlist Answers: Responses to punchlist questions, comments, completion status
• Punchlist Signatures: Digital signatures for completed punchlists
• Punchlist Images: Images associated with punchlist items

VAR (Vehicle At Receipt) Data

• VAR Status: Vehicle status at receipt locations
• Status Transitions: Status change history (In Bound to At Gate, At Gate to Inspection, etc.)
• Verification Data: Vehicle verification information at receipt points

Driver Data

• Driver Information: Driver details, driver assignments to vehicles and trips
• Driver History: Driver assignment history, driver performance data

Location Data

• GPS Coordinates: Location data collected for vehicle tracking and trip verification
• Location Timestamps: Time and date of location capture
• Geocoding Data: Address information derived from coordinates
• Route Data: Travel routes, distance calculations, route optimization data

Media Data

• Images: Photos captured for vehicle documentation, punchlist items, and status verification using device camera
• Image Metadata: Timestamp, location data associated with images

Dashboard and Analytics Data

• Analytics Metrics: Vehicle analytics, trip analytics, action analytics
• Performance Data: Dashboard statistics, real-time metrics, trend indicators
• Action Data: Total actions, pending actions, completed actions, overdue actions

Device and Technical Data

• Device Information: Device type, operating system, unique device identifiers
• Usage Data: App features used, time spent, navigation paths
• Log Data: IP address, access times, error logs
• SMS Data: OTP messages for authentication purposes only (automatically read via SMS autofill)

Please update your Data as soon as needed.

To whom are your Data disclosed?

Data is only transmitted to our subcontractors (hosting, providers for securing online payments, provider for using the App's features), to other users of the App for data you have made public or to connect you, at your request, and to third parties' integrations.

Firebase Services

We use Firebase services provided by Google to support core app functionality:

• Firebase Core: For app initialization and core services
• Firebase Cloud Messaging: To send push notifications about vehicle status updates, trip assignments, punchlist reminders, and important alerts

Firebase may process device information, app usage data, and notification tokens. Data processed by Firebase is subject to Google's Privacy Policy. Please refer to Google Privacy Policy for more information.

Location Services

We use geolocation services (Geolocator, Geocoding) to provide location-based features. Location data is used solely for vehicle tracking, trip verification, route optimization, and fleet management within the App.

Cloud Storage and Hosting

Your data, including images, vehicle information, trip data, and punchlist information, may be stored on cloud hosting providers (including Amazon Web Services and Google Cloud Platform) to ensure data availability and backup. All data is encrypted in transit and at rest.

Local Storage

The App uses local storage (SharedPreferences and SQFLite database) on your device to enable offline functionality. This data includes vehicle information, trip data, punchlist items, and other fleet-related information. This data remains on your device and is synchronized with our servers when connectivity is available.

We do not share personally identifiable information with third parties, except as necessary for these services to function on our behalf.

Your Data may be transferred outside the European Union to authorized providers. To learn more about the appropriate safeguards in place, you can contact us using the contact information provided below. Note that your Data may be transmitted to legally authorized third parties upon specific request, in certain cases provided by law: judicial authority, administrative authority, etc. Your Data may also be disclosed to third parties if necessary to protect and/or defend our rights, to enforce these provisions.

How long do we keep your Data?

Your Data is only kept for the duration of our business relationship and operations for you, i.e., 3 years from the last contact with you.

• Account Data: Retained while your account is active and for 3 years after account deactivation
• Vehicle and Trip Data: Retained for 7 years for legal and accounting requirements
• Pre-LR and LR Documents: Retained for 7 years for legal compliance and record-keeping
• Punchlist Data: Retained for 7 years for legal compliance and audit purposes
• Location Data: Retained for 90 days unless required for ongoing trips, vehicle tracking, or legal purposes
• Image Data: Retained for the duration of the associated vehicle, trip, or punchlist, and for 7 years for legal compliance
• Log Data: Retained for 30-90 days for security and troubleshooting purposes
• OTP Data: Not retained after successful authentication

We also keep your Data for security purposes for a period of 6 months.

Furthermore, in accordance with current legislation, Data necessary for the defense of our rights is kept for a period of 5 years after the end of the relationship.

However, it is possible that Data will be kept longer if a longer retention period is allowed or required under legal, contractual, tax, or social obligations.

Location Data

Location Data Usage

• Track vehicle locations and movements
• Verify vehicle locations at receipt points (VAR)
• Verify trip completion at specified locations
• Calculate travel time and distances for trips
• Optimize route planning and scheduling
• Generate location-based reports and analytics
• Associate location data with captured images for vehicle documentation
• Monitor vehicle status transitions (In Bound, At Gate, Inspection, etc.)

SMS and OTP Data

We use SMS autofill functionality solely for the purpose of automatically reading OTP (One-Time Password) messages sent to your device during the login process. We do not:

• Read, store, or access any other SMS messages
• Share OTP information with third parties
• Use SMS data for marketing or advertising purposes
• Retain OTP data after successful authentication

Camera and Image Data

The App requests camera permission to capture images for vehicle documentation, punchlist items, and status verification. Images captured through the App:

• Are associated with specific vehicles, trips, punchlist items, and status updates
• May include location metadata if location services are enabled
• Are stored securely on our servers and synchronized to your device for offline access
• Can be deleted by you or your organization administrator

We do not access your device's photo gallery without your explicit permission. You can control camera permissions through your device settings.

Offline Functionality and Data Synchronization

The App provides offline functionality using local storage on your device. When you use the App offline:

• Data is stored locally on your device using SQFLite database and SharedPreferences
• Vehicle information, trip data, punchlist items, and other fleet-related data are cached locally
• Changes made offline (vehicle status updates, trip information, punchlist completion) are queued and synchronized when connectivity is restored
• Background synchronization is performed using WorkManager to ensure data consistency
• Local data remains on your device and is encrypted

Push Notifications

We use Firebase Cloud Messaging to send push notifications about:

• Vehicle status updates and transitions
• New trip assignments
• Trip updates and status changes
• Punchlist reminders and completion notifications
• Pre-LR and LR document updates
• Important alerts and announcements
• Dashboard analytics updates

You can manage notification preferences within the app settings. Notification tokens are stored securely and are not shared with third parties except Firebase/Google for the purpose of delivering notifications.

Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit using SSL/TLS protocols
• Secure Storage: Personal data is stored in encrypted databases
• Access Controls: Strict access controls and authentication mechanisms, including role-based access
• Regular Audits: Periodic security audits and vulnerability assessments
• Incident Response: Procedures for detecting and responding to security breaches
• Local Data Protection: Local storage on devices is encrypted and protected
• JWT Authentication: Secure token-based authentication for API access

What rights do you have?

In accordance with applicable data protection regulations (especially articles 15 to 22 of the GDPR), you have the following rights regarding the processing of your Data, within legal limits:

• Right of access: Obtain information about your Data and a copy of your Data
• Right to information: Obtain information about the processing conditions (recipients, purposes, data categories, etc.)
• Right of rectification: Correct or update your Data when it is inaccurate or incomplete
• Right to object: Object to the processing for reasons related to your particular situation, or withdraw your consent for processing based on this legal basis
• Right to limitation: Request not to process all or part of the Data temporarily, without requesting deletion
• Right to erasure: Request the deletion of your Data
• Right to portability: Obtain your Data in a structured, machine-readable format and easily transmit it to a third party
• Right to define specific directives: For the processing of your Data after death

You can exercise your rights via the contact address (below), and proof of identity may be requested if there is any doubt about your identity. Any abusive or unfounded request under laws and regulations may be rejected.

When you exercise your rights, we commit to responding to you as soon as possible and, in any case, within the legal deadlines (typically within one month).

Managing Your Data in the App

• You can update your profile information directly in the App
• You can manage notification preferences in the app settings
• You can control location and camera permissions through your device settings
• You can request data deletion through the app's support section or by contacting us directly

Children's Privacy

Our application is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete such information.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. We ensure that appropriate safeguards are in place for such transfers in accordance with applicable data protection laws. By using our application, you consent to such transfers where necessary for the provision of our services.

Third-Party Links

Our application may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy in the application
• Updating the "Last Updated" date
• Sending a notification through the app or email
• Requiring acceptance of the new policy upon login if significant changes are made

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (Note: We do not sell personal information)
• Right to deletion of personal information
• Right to non-discrimination for exercising your rights

How to contact us?

You can contact us by email or through the in-app support section for any questions about the processing of your Data:

• Email: softwareassurance.IT@gmail.com
• Support: Through the in-app support section
• Data Protection Officer: softwareassurance.IT@gmail.com