PRIVACY POLICY

Elaborated on: 23.08.2023.

1. GENERAL PROVISIONS

   
   

   1. SIA ALLOCKATE, registration number 40203490214, legal address: Brivibas street 117-6, Riga, LV-1001, Republic of Latvia (“Company”, “we”), is the controller of personal data of Individuals and has appointed a responsible employee info@allockate.com .

   2. Our Privacy Policy provides detailed information on how we collect, use, store, and transfer your personal data. It covers the types of data we collect, purposes of processing, legal basis, storage duration, data recipients, our obligations, your rights, and how to exercise them.

   3. The Privacy Policy is regularly updated to reflect necessary changes. Please visit the App or Website for the latest version. We will notify you of significant changes and publish the updated version on the App and Website.

      
      

2. DEFINITIONS

   Unexplained terms capitalized within this Privacy Policy shall be interpreted in accordance with the definitions provided in the Terms of Services.

   1. Company: The developer of the contactless trailer sharing platform that serves as a connection between customers and partners for trailer rentals;

   2. App: The mobile app specifically designed and customized for smartphones and/or other mobile devices. It is used to perform actions such as reserving, unlocking, locking, and other functions related to trailer usage as provided in the software;

   3. Website: An official Company’s website www.allockate.com designed exclusively for Partners, offering functionalities for registration and the submission of trailer-related details. Additionally, it serves as a platform to showcase supplementary performances or information;

   4. Account: A digital account belonging to the User in the App or Partner on the Website.

   5. Individuals: Also referred to as Users and Partners in Terms of Services ("You," "your",

      “their”), who are providing their personal data to utilize the Company's services;

   6. IP Address: Also known as Internet Protocol Address serves as identifier, enabling devices to communicate and exchange data over networks like the internet;

   7. Terms of Services: The Terms of Service for the Company's contactless trailer sharing platform, which can be accessed on the App and Website;

   8. Third-party service providers: External entities working with the Company to perform specific tasks or provide specialized services. Such as, Smart-ID, Dokobit and Stripe.

   9. EEA: European Economic Area, encompassing the member states of the European Union, as well as Liechtenstein, Iceland, and Norway.

3. LEGAL BASIS FOR PERSONAL DATA PROCESSING

   
   

   1. We may process your personal data according to the following legal basis:

      1. Consent: We will process your personal data if you have explicitly provided your consent for one or more specific purposes. Your consent will be obtained before any processing takes place, and you have the right to withdraw your consent at any time ( GDPR Article 6 (1) (a) );

      2. Conclusion and performance of an Agreement: We may need to process your personal data when it is necessary for the conclusion and performance of an agreement between Individuals and the Company. This includes fulfilling our agreement obligations and any necessary steps taken prior to entering a Agreement (GDPR Article 6 (1) (b) );

      3. Legitimate Interests: In certain situations, we may process your personal data based on our legitimate interests, provided that such processing is not overridden by your rights and interests. This may include pursuing legitimate business interests, such as improving our services, protecting our rights, or conducting necessary internal administrative tasks. (GDPR Article 6 (1) (f)).

   2. We ensure that your personal data is processed in accordance with applicable data protection laws and regulations. We only process the personal data that is necessary and relevant for the specified purposes. Additionally, we implement appropriate security measures to protect your personal data from unauthorized access, loss, or alteration.

   3. If you have any questions or concerns regarding the processing of your personal data, please feel free to contact us, via email: info@allockate.com for further information and clarification.

      
      

4. PERSONAL DATA WE COLLECT

   
   

   1. To provide our services, we collect certain personal data from individuals. The types of personal data we collect and purposes for processing may include:

      1. Name and Surname: We collect the full name of individuals to properly address and identify them;

      2. Email Address: We collect email addresses to communicate with individuals, provide important updates, and deliver relevant information related to our services;

      3. Personal Identification Number or date of birth: We may collect personal identification number or date of birth, if no personal identification number is available. This helps us in verifying identity and complying with legal requirements;

      4. Phone number: We collect phone numbers for the purpose of registering on the website www.allockate.com. This helps us in verifying identity and complying with legal requirements;

      5. Declared place of residence: We may collect the declared residence of Partners who are individuals for the purpose of defending the Company's legal interests.

   2. GPS location: In certain cases, we may collect precise GPS location to locate Trailer. This helps us provide location-based services or personalize your experience based on your geographic location.

   3. We only collect the necessary personal data that is relevant and essential to fulfil the purposes for which it is collected.

      
      

5. SOURCES FROM WHICH WE OBTAIN SPECIFIC DATA

   
   

   1. We use the Smart ID as an authorization method, which involves collecting specific identification data. This includes your full name, surname, Latvian Republic Personal Identification Number (for individuals within Latvia), and identification data for foreigners if Smart ID is used in these countries. These details are obtained securely through the Smart ID system and are used to verify your identity and authenticate your access to our services. For more information about Smart ID and its features, please visit the following link: https://www.smart-id.com/

   2. We utilize Dokobit as a reliable gateway to identify and authenticate individuals who have Smart ID. For more information about Dokobit and its features, please visit the following link: https://www.dokobit.com/compliance/privacy-policy

   3. For payment processing purposes, we integrate with Stripe, a trusted payment service provider. When you make a payment, we receive data from Stripe, which include the Individuals name, surname, and a unique payer ID. This information helps us process payments and track transaction details. For more information about Stripe and its features, please visit the following link: https://stripe.com/en-lv/privacy

      
      

6. THE RETENTION OF YOUR DATA

   
   

   1. Your personal data is stored on servers located in Latvia. We will retain your personal information only for as long as it is necessary to provide our services to you. Once your data is no longer required for its intended purpose, we will promptly delete them from our systems, unless they should be retained longer as described below in this Privacy Policy.

   2. Please note that in certain cases, we may be legally or regulatory obligated to retain certain data, even if it is no longer necessary for the provision of our services. We will ensure that any data retention follows applicable laws and regulations governing the storage and processing of personal data.

   3. We have established specific retention periods for different categories of personal data based on the purpose for which the data was collected and any legal or regulatory requirements. Our retention periods are as follows:

      1. We do not keep personal data linked to incomplete registrations or unused App accounts or Website accounts. However, as a Company, we have access to browser-related records

         containing IP addresses. This data is stored for 7 days and is then securely and irreversibly erased.

      2. Once you start using our App or Website, we will retain your personal data for as long as you continue using the App or the Website and your consent is valid. This allows us to provide ongoing support, ensure the proper functioning of our services, and maintain accurate records of your App or Website usage. We may retain your data even after you stop using the App or Website for a certain period to ensure evidence in case of any disputes with you (legitimate interests). The length of such a period will cover the limitation period specified by applicable laws, which may be up to 10 years.

   4. If a person decides to withdraw their consent for receiving marketing emails, we will promptly delete their data associated with such communication. This means that their email address and any related information will be securely removed from our marketing lists, ensuring that no further marketing emails will be sent to them. We prioritise the privacy and control of Individuals data and will fully honour their withdrawal of consent for marketing communications.

      
      

7. YOUR RIGHTS

   
   

   1. As per this Privacy Policy and applicable law within the EU/EEA, you have the following rights:

      1. Access Your Personal Data: You have the right to request access, update, or deletion of the information we hold about you. If possible, you can directly access, update, or request the deletion of your Personal Data through your account settings. If you require assistance with these actions, please contact us. This also allows you to obtain a copy of the Personal Data we have about you.

      2. Correct Your Personal Data: If the Personal Data we have about you is incomplete or inaccurate, you have the right to request its correction or correct them yourself in the App or Website settings.

      3. Object to Processing: You have the right to object to the processing of your Personal Data when we rely on legitimate interest as the legal basis for processing, and there is something specific about your situation that leads you to object to the processing. You also have the right to object to the processing of your Personal Data for direct marketing purposes.

      4. Erase Your Personal Data: If there is no valid reason for us to continue processing your Personal Data, you can request us to delete or remove it.

      5. Transfer Your Personal Data: Upon your request, we will provide your Personal Data in a structured, commonly used, machine-readable format to you or a third party of your choice. Please note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform an Agreement with you.

      6. Withdraw Your Consent: You have the right to withdraw your consent for us to use your Personal Data. However, please note that withdrawing consent may restrict your access to certain specific functionalities of the Service.

      7. We do not engage in any form of automated decision-making or profiling.

   2. To exercise your rights of access, rectification, erasure, and objection, please contact us. Kindly note that we may ask you to verify your identity before responding to such requests. We will make our best efforts to respond to your requests as promptly as possible.

   3. Additionally, if you are in the EEA, you have the right to lodge a complaint with the Data Protection Authority regarding our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EU/EEA.

   4. We maintain the right to decline fulfilling your request under the following circumstances:

      1. If the request is not formulated in a clear and comprehensible manner, making it difficult for us to understand the specific information or action you are seeking;

      2. If we are unable to verify your identity, which is necessary to ensure the security and confidentiality of personal data;

      3. If we have already provided a response to a previous request of the same nature, as we aim to avoid duplicative efforts and ensure efficient handling of inquiries;

      4. If the requested information is disproportionately large or exceeds a reasonable volume, making it impractical or burdensome to provide within the given circumstances;

      5. If the request lacks justification or relevance to our company, meaning it does not align with our data processing activities or there is insufficient explanation as to why the request should be fulfilled;

      6. If there are legal provisions that restrict or prohibit us from providing the requested information, or if we have a legal obligation to retain specific data about you, preventing us from fulfilling the request.

         
         

8. SAFEGUARDS FOR DATA PROTECTION

   
   

   1. We prioritise the protection and security of your data and have implemented various safeguards to ensure its confidentiality, integrity, and availability. These safeguards are designed to protect your data from unauthorised access, loss, alteration, or disclosure. Below we have described some of the measures we have in place.

   2. We employ robust technical measures to safeguard your data. This includes utilising encryption techniques to protect data during transmission and storage. We implement firewalls, secure network configurations, and intrusion detection systems to prevent unauthorised access. Regular security audits and vulnerability assessments are conducted to identify and address potential vulnerabilities.

   3. We have implemented strict policies, procedures, and access controls to ensure that only authorised personnel have access to your data. Our employees undergo regular training on data protection practices and are bound by confidentiality obligations.

   4. We adhere to the principle of data minimization, ensuring that we only collect, process, and retain the minimum amount of personal data necessary to fulfil the intended purpose. We regularly review our data retention practices ensuring that data is not kept for longer than necessary.

   5. When engaging third-party service providers, we ensure that they meet stringent data protection standards. We carefully select and assess our partners to ensure they have appropriate security measures in place to protect your data.

   6. In the event of transferring data outside of your jurisdiction, we take measures to ensure that appropriate safeguards are in place. This may include utilising data transfer agreements, standard agreement clauses, or relying on recognized data protection mechanisms.

   7. We diligently comply with applicable data protection laws and regulations. We stay updated on legal requirements and adapt our practices accordingly to ensure ongoing compliance.

      
      

9. TRANSFER OF YOUR DATA

   
   

   1. We may transfer your personal data to third parties or service providers as described below, both within and outside of Latvia, if we choose to use the services of such third parties for the purposes of providing our services to you. These transfers may occur when it is necessary to fulfil our agreement obligations or when we have a legitimate interest in doing so.

   2. Although we cooperate with such trusted third-party providers as Smart ID, Dokobit and Stripe, we do not transfer any of your data to them. These trusted partners receive your data directly from you and handle the data in accordance with their own privacy policies and industry best practices to maintain the confidentiality and security of the information shared. Individuals can learn more about it following the links specified in chapters 4.2., 4.3., 4.4. of this Privacy Policy.

   3. When transferring personal data outside of Latvia, we will ensure that appropriate safeguards are in place to protect the privacy and security of your personal information. This may include implementing data transfer agreements or relying on recognized data protection mechanisms such as standard contractual clauses or binding corporate rules.

   4. In the event of damages caused by you or your actions, we may transfer your personal data to our partner involved in the dispute resolution process. This transfer is necessary to facilitate the assessment and resolution of the dispute, including requesting compensation for the damages incurred. The partner will handle your personal data in accordance with applicable privacy laws and regulations.

   5. We will only transfer your personal data to countries or organisations that provide an adequate level of data protection, or we will obtain your explicit consent before such transfers occur. We strive to ensure that your personal data is handled and protected in accordance with applicable data protection laws.

   6. Please note that in exceptional circumstances, we may be required to disclose your personal data to comply with legal obligations or respond to lawful requests from public authorities.

      
      

10. COOKIES AND OTHER TECHNOLOGIES

    
    

    1. Our App and Website may utilise cookies and similar technologies to enhance your browsing experience and provide personalised services. By using our App or Website, you consent to the use of these technologies as described in this statement.

    2. Cookies are small text files that are placed on your device when you visit our App or Website. They help us analyse Individuals behaviour, remember their preferences, and provide a more customised experience. We use both session cookies (which are erased when you close the App or Website) and persistent cookies (which remain on your device for a set period) to improve functionality and understand how Individuals interact with our App and Website.

       
       

       Essential cookies – these cookies ensure the proper functioning of the website by providing its core features. The App and Website won't function correctly without these cookies.
       Cookie	Domain	Type	Description	Duration
       allockate_session	allockate.com	HTTP Cookie	This cookie is necessary for the login function on the website.	session
       XSRF-TOKEN	allockate.com	HTTP Cookie	Ensures your browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and Individuals.	session
       cookie_consent	allockate.com	HTTP Cookie	Stores the Individuals cookie consent state for the current domain.	1 year

       
       

11. CONTACTING US

    
    

    1. If you have any concerns about how we use your personal data, you can lodge a complaint with us by contacting us via email: info@allockate.com .

    2. If you believe that we have processed your data inappropriately, you have the right to file a complaint with the data protection supervisory authority regarding the processing of your personal data by our organisation. The relevant authority: Data State Inspectorate, address: Elijas iela 17, Riga, LV-1050. Contacting via e-mail: pasts@dvi.gov.lv or by phone: 67223131

    3. We take all complaints seriously and will cooperate fully with the supervisory authority to resolve any issues related to the processing of your personal data.