We at Vilog Ltd. ("ViLOG", "we", "us", "our") operate a service using a mobile app and a cloud service for logistics intelligence and various business insights, which allows optimizing business processes and logistics (the "Service") for companies (the "Customer").
We respect data privacy. This Privacy Policy (the "Policy") describes the ways that the Customer, using the Service, handles personal data of its agents, employees, or contractors ("Users").
The Policy outlines how the Service collects, receives, uses, stores, shares, transfers, and processes personal data on our Service on behalf of the Customer in connection with our Service.
It also describes the rights and options available to Users concerning their personal data.
Please note that this Policy covers the Service's privacy practices in general matters.
The Customer may have an additional privacy notice explaining its own specific privacy practices related to its Users' personal data (the "Customer's Notice").
Users should also read and agree with the Customer's Notice. If the Customer's Notice conflicts with this Policy, then the Customer's Notice will apply.
| The Customer is the data controller that determines the purposes and means of the data processing on the Service. | For the purposes of this Policy, Customers are entities that execute agreements with us to use our Service to optimize their logistics services. The Customer uses our Service to process Users' personal information, such as physical location or employees' work-related activities. We have no direct relationship with Users and therefore do not obtain directly from them the personal information which we process on behalf of the Customer as a result of our agreement with the Customer. We impose contractual requirements on our Customers that require adherence to privacy requirements. |
| We are the data processor on behalf of the Customer. | We process personal information from Users under the direction of the Customer. We have no direct control or ownership of the personal data we process on behalf of the Customer. The Customer determines the purposes and means of processing its Users' data and is responsible for complying with any regulations or laws requiring notice, disclosure, and obtaining consent concerning the collection, share, and use of all their processing purposes. The ultimate nature, scope, and use of information that we collect from Users of devices or mobile applications are subject to the Privacy Notices of our Customers and not us., 9] This Privacy Policy does not apply to any information or data collected by us as a controller for other purposes. We will use Users' data only for the purposes we agree with the Customer, except as listed below, or if the User gives us a separate explicit consent. |
| We process personal information you share with us on our Service about Users such as their physical location and movements in the workplace relating to your automotive logistics services. | When Users of the Customer engage with our mobile application on their mobile phone or terminal through our Service, we may process the following information: Service Registration. When Users register for our Service, we may process their names or other user identifiers and the identifiers of the devices they use. The type of information we may process during the registration process is determined by the Customer, and our Service does not force the Customer to process a particular type of identifier. Our application may require access to an 18 to 22-digit code that is printed on the back of Users phone's SIM, more commonly known as Integrated Circuit Card ID (ICCID) to enable auto-registration capability. Precise geolocation information. When Users use our Service, we process and analyze, in a specific area defined by the customer, information about Users' precise location and their movements, using GPS locations from their mobile device, Bluetooth Low Energy beacon scans with VILOG app, and accelerometer and magnetometer sensors data. |
| Users are not legally required to provide such personal information to us. | Users do not have a legal obligation to provide any of the above information. However, the data is necessary for the Customer to use our Service. Users can stop sharing location data with us at any time, either by directly opt-out using their device or application controls (if allowed by the Customer) or by contacting the Customer, per the Customer's Notice. |
| The Customer will use User data on our Service to identify the place of its assets and infer about its Users' location and movements to optimize and improve its logistics services. | We process Users' personal information to deliver our Service to the Customer. The Customer determines the purposes and means of the processing. The Customer may use our Service to optimize its assets and staff management for its various logistics Intelligence or other business purposes, as the case may be, in accordance with its processes and policies all as further described and under the Customer's Notice. The Customer may use the User registration information, the GPS signal, the Bluetooth Low Energy scans, and other device and assets sensors to identify the location of its Users and assets to optimize its service and to generate business insights such as Users' location relative to its assets, the frequency and duration of User proximity to an asset and their activities and performance to verify the quality or safety of its services. We process Users' information provided to the Customer as they direct us and in accordance with our agreement with the Customer, and we store it on our service providers' servers. Our agreement with the Customer prohibits us from using that information, except as, necessary to provide and improve the service, as permitted by this Privacy Policy, and as required by law. |
We will not sell or share Users' information with third-party recipients, except as listed below, or if the Users give the Customer or us their explicit consent.
| We share the Users' personal information with the Customer. | We share Users' personal data we process and various insights about the Users we infer from it on our Service on behalf of the Customer with the Customer. |
| We share Users' personal information with our service providers to help us operate our Service and provide service to the Customer. | We will share Users' personal information with our service providers, such as Splunk for logs processing, Google Cloud Platform for push notifications, and AWS for data storage and hosting services. Our service providers are authorized to use Users' information only as necessary to provide their specific relevant services to us and not for their purposes. They are required to maintain the confidentiality of Users' data. In all cases where we share Users' information with such providers, we explicitly request the provider to acknowledge and adhere to our privacy and the Customer data handling policies and Notice. |
| We will share Users' information with competent authorities or other parties if a User violated the law or abused our agreement or our Service with the Customer. | We will share Users' personal information if a User has violated this Privacy Policy, or any other agreement the Customer has with us, abused the Service, or violated any applicable law. We will share Users' information with competent authorities and third parties such as legal counsels and advisors to handle the violation or breach. |
| We will share Users' information if we are legally required. | We will share Users' personal information if we are required to disclose it by a judicial, governmental, or regulatory authority. |
| We will share Users' information with a third party in the event of a change in our structure. | We may assign the agreement with the Customer in the event of a corporate merger or sale of assets related to the performance of the Service to the acquiring or merging third party. In such an event, we may share personal information provided by the Customer upon notice to the Customer, provided that the assignee assumes ViLOGs stead for all rights, obligations, performance, and liability under the Service agreement and this Privacy Policy. |
| We will share the User's information in case of an emergency concerning the User. | We will share the User's information if we need to act immediately to protect the User's personal safety. |
| We transfer Users' information internationally in accordance with the applicable data protection law. | We will transfer information internationally in accordance with applicable data protection laws. We may store and process information in the EU and other countries such as the United States. We may also process information using cloud services. The laws in those other countries may provide a lower degree of data protection than the laws of your own country. You agree to the transfer Users' information to such other countries for the purpose of the processing as described in this Policy, including through cloud services. |
| We implement technical and organizational measures to secure Users' personal information. | We implement appropriate safeguards to reduce the risks of damage, loss of information, and unauthorized access or use of the information we collect and maintain. Users' data is always encrypted during transit and rest. However, these measures do not guarantee absolute information security. Therefore, although we take reasonable precautions and make an appropriate effort to secure Users' information, you cannot expect that the Service will be immune to information security risks. |
| Details of the Users' data retention periods are explained in the Customer's Notice. | The storage periods for Users' data and the criteria we use to determine them are specified by the Customer. Data collected during the Customer's use of the Service is retained in accordance with the provisions of the agreement with the Customer. Users' data is deleted upon Customer's written request or soon as reasonably possible following the termination of our Service to the Customer. We may keep de-identified information on our systems indefinitely to improve and develop our Service subject to User informed consent obtained by the Customer. |
| Users have certain rights subject to possible restrictions under the applicable law. | Users may have certain rights on their data to access, obtain a copy, update their data, opt-out or delete it subject to possible restrictions under the applicable law. Users may ask the Customer or us to receive a copy of their personal information stored on the Service or have the Customer or us update, correct, or delete their information. If Users wish to exercise any of these rights, they should contact the Customer through the channels listed on the Customer's Notice or write to us at privacy@vilog.io If we receive a User's request to exercise one or more of its rights, we will, first, redirect them to make their request directly to the Customer. The Customer is responsible for responding to any such request. We will reasonably assist the Customer responding to such data subject requests if we still hold User data. |
| Our Service is intended for 18 years of age and older. | We designed our Service to serve people above the age of 18. We do not knowingly collect information about Users below the age of 18. If we become aware that we collected information from a child under 18 years of age, we will do our best to delete it. If you are under the age of 18, you should not use our Service. |
| The Customer and us may change this Policy from time to time, and if we do, we'll post any changes on this page. | The Customer and us may change this Policy from time to time, and if we do, we'll post any changes on this page. If a User continues to use our Service after those changes are in effect, the User agrees to the new Policy. If the changes are significant, the Customer and us may provide a more prominent notice or get Users' consent, as required by law. |
| You can contact us at privacy@vilog.io | The best way to get in touch with us if Customers or Users have any questions, complaints, or suggestions, or to exercise the Users' options described above is to write to us at privacy@vilog.io. We will do our best to resolve the issue promptly. |
The table below summarizes which personal information (referenced in the table below as PI) we receive by reference to the statutory categories specified in the California Consumer Privacy Act (referenced herein as CCPA).
It then describes the practices we implemented during the 12 months preceding the effective date of this Privacy Policy.
It refers to what we described above in the general section of this Privacy Policy:
| Category of PI | Specific pieces of PI collected | Sources of PI collected |
|---|---|---|
| (A) Identifiers | Unique User identifier, Name | From Users' mobile or terminal devices. |
| (G) Physical location or movements | A medical diagnosis of eye disease (Note: This text seems potentially misplaced or incorrect based on context, but is present in the source text) | From Users' mobile or terminal devices. |
| (I) Current or past job history or performance evaluations | Users' movements and location in the workplace during work time. | Inferred by the Service. |
| (K) Inferences drawn from other personal information. | Users' work performance evaluation. | Inferred by the Service |
We collect precise geolocation data from Users' mobile devices which may be considered sensitive personal information under various regulations.
Personal information does not include de-identified or aggregated consumer information.
The table below summarizes how we use the personal information (referenced in the table below as PI) we receive by reference to the statutory categories specified in the CCPA.
It refers to what we described above in the general section of this Privacy Policy:
| Category of (PI) | Business or commercial purpose for collecting and selling personal information. |
|---|---|
| (A) Identifiers | To provide our Service to the Customer. |
| (G) Physical location or movements | To provide our Service to the Customer. To improve and enhance our Service. |
| (I) Current or past job history or performance evaluations | To provide our Service to the Customer. |
| (K) Inferences drawn from other personal information. | To provide our Service to the Customer. To improve and enhance our Service. |
Our hosting provider AWS and service providers such as Splunk and Google may have access to all categories of personal information for our business purposes (referenced in the table above as PI). We do not share or sell Users' information with third parties. In the preceding twelve (12) months we have not sold any personal information.
| If the User is a resident of California, they have certain rights subject to possible restrictions under the law to know, request deletion, opt-out of the sale of personal information, and protect against discrimination. | If Users are a resident of California, they have the following rights: Right to Know. Users have the right to know subject to a verifiable request the categories of personal information the Customer shares with us and we process about them; The categories of sources from which the personal information is collected; Our business or commercial purpose for collecting personal information; The categories of third parties with whom we share personal information if any, and the specific pieces of personal information the Customer shares with us and we process about its Users. Right to Request Deletion. Users have the right to request the deletion of their personal information from the Customer and direct the Customer to ask any of its service providers to delete their personal information from their records on receipt of a verifiable request from the User and subject to certain exceptions set out below. Please note that we may not delete Users' personal information if it is reasonably anticipated within the context of our ongoing business relationship with the Customer, or otherwise perform a contract between Customer and its Users; Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided Customer or us have obtained User's informed consent; Enable solely internal uses that are reasonably aligned with Users' expectations based on the Customer relationship with the User; Comply with an existing legal obligation; or Otherwise use Users' personal information, internally, in a lawful manner that is compatible with the context in which Users' provided the information. Right to Opt-Out. We do not share or sell Users' information with third parties for monetary consideration. Users can exercise their right to opt-out from our processing of their precise geolocation information, on behalf of the Customer, by contacting the Customer as described below. Right to Non-Discrimination. Users have the right to not be discriminated against by us because they exercised any of their rights under the CCPA. If Users would like to exercise any of their CCPA rights as described above, Users should contact the Customer through the channels listed on the Customer's Notice or write to us at privacy@vilog.io |
| Users have the right to designate an authorized agent to submit a request on their behalf. | Users may designate an authorized agent to make a request under the CCPA on their behalf. To do so, Users need to provide the authorized agent with written permission to do so and the agent will need to submit to the Customer proof that they have been authorized by the User. The Customer will also require that the User verify their own identity, as explained below. |
| Verification of Requests | The Customer may ask the User for additional information to confirm their identity and for security purposes before disclosing personal information or deleting information. For Password Protected Accounts. The Customer shall verify User identity through their service records. The Customer shall also require a User to re-authenticate before disclosing or deleting User information. For Non-Accountholders. The Customer will verify the User's identity by using two or three points of the information verification process, or together with a signed declaration under penalty of perjury that the User is the consumer whose personal information is the subject of the request depending on the type of information User require. |
| Timing Format and Fees | We endeavor to support the Customer in responding to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform the Customer of the reason and extension period in writing. We will deliver our written response by email. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. For information portability requests, we will select a format to provide personal information that is readily useable and should allow the Customer to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform the Customer why we made that decision and provide the Customer with a cost estimate before completing a request. |
Last Updated: March 09, 2022