Data processing terms

This personal data processing agreement (“Agreement”) contains personal data processing terms between Mapon and any company, organization, institution or any legal person (“Client”) that uses Mapon vehicle fleet management services (“Service”) to monitor and process personal data of their employees or other individuals within their Mapon account while using the Service.

The processor of personal data is the Mapon group entity to which the Client has a contractual relationship or whose Services the Client uses. See our contacts in the Contact information section.

1. Subject of the Agreement

1.1. Client as the data controller instructs Mapon to process personal data in order to provide Service to the Client pursuant to the Service agreement concluded between the Client and Mapon. In respect of personal data obtained from the Client or Mapon system during the provision of Services, Client acts as data controller and Mapon as data processor.

1.2. For the avoidance of doubt, this Agreement contains complete and final instructions of the Client to Mapon in relation to processing of personal data of Client’s data subjects, and therefore constitutes a binding data processing agreement in accordance with the applicable data protection laws and regulations.

1.3. When Mapon processes personal data on behalf of the Client as data controller, any enquiry, request, objection or complaint that a data subject (for example, an employee of the Client) may have in connection with the processing of personal data regarding the Service should be addressed to and resolved by the Client.

2. Purposes of processing

2.1. Mapon processes personal data in order to provide the Service, improve it, solve any Service related issues the Client may have and ensure that the Client receives the best customer experience possible.

2.2. Mapon collects and processes personal data for the following, but not limited, purposes:

  • to register Client for the use of the Service, to verify identity and create a Mapon account;
  • to send Client invoices and process payments for the Service;
  • to personalize Client’s use of the Service when the account settings are set up;
  • to analyze Client’s preference or use of the Service;
  • to communicate with Client or data subject to inform about Mapon Service and provide any Service related support, answer questions and process requests;
  • to improve Service or to develop new features;
  • to analyze and measure how Mapon Service is used. For example, Mapon analyzes data about the usage of the Service to optimize product design, to generate reports and create statistics;
  • to deliver personalized ads, promotions and offers;
  • to protect legal interests of Mapon, its users and other third parties and for legal reasons such as, e.g. enforcing our Terms & Conditions, agreements or policies, complying with any applicable law and assisting law enforcement authorities.
3. Types of personal data and data subject categories
3.1. Mapon collects, generates and receives information in a variety of ways when the Client uses the Service or places an order. Some of this information constitutes personal data.
3.2. Data subject categories include Client’s employees, representatives and other data subjects that will be registered under Client’s account.
3.3. Client ensures that it has acquired all necessary consents and/or relies on other appropriate legal grounds for the processing of personal data of data subjects. Client confirms that data subjects have been informed about the fact that their personal data is transferred to Mapon as a processor and other third parties (sub-processors) used by Mapon for the provision of Service.
3.4. When setting up an account with Mapon or placing an order, the Client provides Mapon with the following information, containing personal data:

3.4.1. name/ company name;

3.4.2. e-mail address;

3.4.3. payment information;

3.4.4. phone number;

3.4.5. shipping/billing address;

3.4.6. any other information provided to Mapon for this purpose.

3.5. Some information may be processed while the Client or data subject (for example, Client’s employee) uses the Service. Depending on the scope and configuration of Mapon Service, this information may also contain personal data:

3.5.1. vehicle data (for example, make, type and brand of the vehicle, mileage, technical information, etc.);

3.5.2. driver’s data (location, routes, driving habits, speed, direction, etc.);

3.5.3. digital tachograph and driver’s data and activities (for example, driver’s license number, name, time spent on breaks, start, stop and end time of driving, driving duration, tachograph calibration, tachograph manufacturer, information on tachograph control, absence calendar, etc.);

3.5.4. data subject’s web browser data (for example, IP address, browser type, version, etc.);

3.5.5. other data, which Mapon can receive during the use of the Service and which, in connection with other information may contain personal data (for example, temperature data, fuel sensor data, etc.).

3.6. Upon using or configuring Mapon account settings, the Client may provide some information that may contain personal data:

3.6.1. Client’s employee’s (driver’s) data (for example, name, e-mail address, phone number, birth date, the used vehicle fleet and used vehicle, driver’s license number, digital tachograph card number and other data, which has been provided);

3.6.2. vehicle fleet data, according to the use and configuration of Mapon Service;

3.6.3. communication history with the Client and data subject;

3.6.4. other information, which the Client may provide to Mapon and which, in connection with other information may contain personal data (for example, vehicle fleet control sheets, location, time zone, photo etc.).

3.7. The Client can choose to integrate third-party services in relation to certain aspects of Mapon Service. A third-party service is a software that integrates with the Service and the Client can enable or disable such integration for Mapon account. Once enabled, the relevant third-party service provider may share or receive certain information (including importing or exporting). The Client should check the privacy settings of these third-party services to understand what data may be disclosed to Mapon.
4. Duration of processing and retention period

4.1. Mapon will process the aforementioned data for as long as Mapon provides the Service to the Client and the Client has an active Mapon account. However, personal data can be deleted at any time upon Client’s request.

4.2. Unless the applicable law requires, Mapon has no obligation to store Client’s personal data after the termination of contract with the Client. After terminating the contract, Mapon may continue to store some personal data, limited to the minimum amount required, for Mapon to comply with legal obligations, to ensure reliable back-up systems, resolve dispute between the Client and Mapon, if any, prevent fraud and abuse, enforce Mapon agreements, and/or to pursue legitimate interests of Mapon or third parties.

5. Sharing personal data with third parties
5.1. For Mapon to be able to provide the Service, Mapon works with third parties that provide Mapon with different services needed in ordinary course of business. The categories of third-party recipients (sub-processors) of personal data include hosting and server co-location service providers, communication and content delivery networks, data and cyber security service providers, billing and payment processing service providers, fraud detection and prevention service providers, web analytics, email distribution and monitoring service providers, session recording service, advertising and marketing service providers, IT, legal and financial advisors, among others (“Third-Party Service Providers”).
5.2. Third-Party Service Providers only receive a minimum amount of personal data necessary for them to provide Mapon the requested service. Mapon shares personal data only with such Third-Party Service Providers that have undertaken to comply with the data protection obligations set out in this Agreement, provide sufficient guarantees and implement appropriate technical and organizational measures, and otherwise comply with applicable personal data protection laws. Mapon remains responsible for the processing of personal data carried out by Third-Party Service Providers that Mapon has engaged for respective data processing in accordance with applicable laws.
5.3. The Client provides general authorization to Mapon to engage Third-Party Service Providers or sub-processors. The Client can access information about Mapon Third-Party Service Providers in his Mapon account, where it is possible to subscribe to notifications for changes in Mapon sub-processor list, as well as information on Client’s right to object to such changes. In case the Client objects to the engagement of a new sub-processor, the Client and Mapon will find a solution for further data processing to a limited extent without the use of the particular sub-processor or, if such a solution cannot be found, agree on the termination of the Service in accordance with the terms of termination specified in the Service contract.
5.4. In certain situations, Mapon might have a legal obligation to share Client’s information with third parties, if it is required by law or when the information is requested by public authorities.
5.5. Personal data processed by Mapon may be transferred to Third-Party Service Providers that are located outside of European Union. In such cases Mapon will only share personal data with such recipients that have undertaken to comply with the necessary data protection requirements and that are able to ensure an adequate level of protection or have provided adequate guarantees.
6. Mapon obligations and assistance to the controller
6.1. Mapon uses reasonable and appropriate organizational, technical, and administrative measures in accordance with applicable data protection laws in order to protect the confidentiality, integrity, and availability of personal data. Unfortunately, no data transmission or storage system is guaranteed to be 100% secure, therefore Mapon encourages the Client to take care of the personal data in its possession that is processed online and set strong passwords for Mapon account, limit access to computer and browser by signing off after finishing the session, and avoid providing Mapon with any sensitive information whose disclosure could cause substantial harm to the data subject.
6.2. All of Mapon’s authorized personnel involved in the processing of Client’s and third person’s personal data have committed themselves to confidentiality obligations and shall not access or otherwise process personal data without the Client’s authorization if it’s not for the purposes of providing the Service.
6.3. In the event of a personal data breach, Mapon will notify the Client in accordance with the obligations set out in applicable laws and will provide reasonable assistance regarding the investigations of the personal data breach and the notification to the supervisory authority and data subjects regarding such personal data breach.
6.4. Taking into account the nature of the processing, Mapon will assist the Client with provision of technical or organizational measures, insofar as possible, for the fulfilment of Client’s obligations as a data controller in relation to:

6.4.1. any requests from the Client’s data subjects in respect of access to or the rectification, erasure, restriction, portability, blocking or deletion of their personal data that Mapon processes on behalf of the Client. In the event that a data subject sends such a request directly to Mapon, Mapon will promptly forward such request to the Client;

6.4.2. the investigation of personal data breach and the notification to the supervisory authority and Client’s data subjects regarding such personal data breach;

6.4.3. where appropriate, the preparation of data protection impact assessments and, where necessary, carrying out consultations with any supervisory authority.

7. Data processing audit

7.1. Upon Client’s request Mapon agrees to provide sufficient information to demonstrate compliance with the obligations laid down in this Agreement and applicable data protection laws. This information should be provided to the extent that such information is within Mapon’s control and Mapon is not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party.

7.2. If the provided information, in Client’s reasonable judgment, is not sufficient to confirm Mapon’s compliance with this Agreement, then Mapon agrees to allow and contribute to data processing audit.

7.3. Such audit will be carried out by independent third party with good market reputation, which has experience and competence to carry out data processing audits and confirmed by both Mapon and the Client.

7.4. Such audit will be carried out at the time agreed between the Client and Mapon within 2 (two) months from the moment the Client has requested the audit in writing. The auditor will have to sign a confidentiality agreement which includes obligation not to disclose business information in its audit report which will also be provided to Mapon. The audit will be carried out during normal working hours of Mapon, without interfering with Mapon’s business activities. The Client has the right to request the audit once every 2 years. All expenses regarding to the audit shall be borne by the Client.

8. Amendments to the Agreement

8.1. Mapon may occasionally change this Agreement, for example, in cases new services or features are introduced. In case of amendments or any changes, Mapon will inform the Client in due time by sending an electronic notification to the Client’s representative and indicating the nature and scope of the amendments. The amendments to this Agreement are applied from the moment, which is indicated in this section of the webpage.

8.2. By continuing to use Mapon Service or otherwise providing personal data to Mapon, after the amendments to this Agreement have been implemented, the Client agrees to the updated terms of the Agreement.

9. Governing law

9.1. This Agreement shall be governed by the laws of the Republic of Latvia, and any action or proceeding related to this Agreement (including those arising from non-contractual disputes or claims) will be brought in the courts of the Republic of Latvia.

10. Contact information

If you have any questions about personal data processing or these Data Processing Terms, please contact us by using the contact details below:

Mapon Latvia

Address: Ojara Vaciesa 6B, Riga, LV-1004, Latvia

Mapon Spain

Address: Carrer d'Àlaba, 56B - 2nd floor 08005, Barcelona, Spain

Mapon Finland

Address: Äyritie 8 E, 01510, Vantaa, Finland

Mapon Estonia

Address: Peterburi 90F, 41-1, 11415, Tallinn, Estonia

These Data Processing Terms are effective as of 11 May 2020.