Otonomo Technologies Ltd. and its subsidiaries (“Otonomo”, “we”, “us” or “our”) put great efforts into making sure that your personal information is secured and used properly. Otonomo owns and operates a cloud-based marketplace for car-generated data (the “Service”).
This policy explains our privacy practices for processing personal information on the Service and Otonomo’s website (the “Site”). We process your personal information on the Site subject to the terms of this policy. Please contact our Privacy Officer at: [email protected] for any further information.
We provide a marketplace for vehicle-generated data
Otonomo is dedicated to enabling the onset of a connected vehicle ecosystem, with a platform that powers the first connected vehicle data marketplace that is facilitated to easily and compliantly share and integrate vehicle data.
The personally identifiable information that we receive
We receive and process vehicle-generated data
Otonomo receives personally identifiable information from Otonomo marketplace partners, such as vehicle-data aggregators, car manufacturers and data telematics service providers, to provide the Service and for additional specific purposes, as described in this policy.
We do not receive identifiers, such as your name, your car’s license plate number, any government issued IDs, telephone numbers and addresses, without receiving appropriate assurances that you have explicitly consented to provide such details.
We will receive vehicle-generated data such as car make, car model, geo-coding country and city, longitudes and latitudes of the vehicle location, RPM, battery voltage, fuel level, vertical and longitudinal acceleration and altitude.
We will not receive, or process vehicle-generated personally identifiable information related to you, without receiving sufficient assurances from our data providers, that you have been provided with clear and appropriate notices and that you explicitly consented to provide such details.
You are not required by law to provide personally identifiable information to the Service.
The personally identifiable information that we collect
We automatically log ‘traffic/session’ information and additional activity information on our Site.
Like most other websites, we use “cookies” (see our Cookies and Similar Tracking Technologies Policy for further information), and we obtain information when your browser accesses our website.
Examples of the information we collect and analyze include the Internet Protocol (IP) address used to connect your access device to the Internet; login; e-mail address; password; access device and connection information such as browser type, version, and time zone setting and browser plug-in types and versions.
When you use our Site, we may collect information about your activity, for example your log-in and log-out time, the duration of sessions, the content uploaded and downloaded, viewed web-pages or specific content on web-pages, activity measures and geo-location.
The personally identifiable information that you provide
When you register to our blog, use the “Contact Us” form or engage with us through other channels where you can leave your details, we will ask for your contact and other relevant details.
You may also share information through links to social media websites.
The Site also includes links to third-party social media websites such as Facebook®, Twitter® and LinkedIn®.
These features and scripts will collect your IP address, the website pages (URLs) that you are visiting on the Site and will set cookies to enable the social media features to function properly.
Social media features and widgets are either hosted by the applicable third-party social media website or hosted directly on the Site.
Your interactions with these social media features and widgets, as well as your interactions with the social media websites themselves, are governed by the privacy policies of the applicable social media websites.
We are not responsible for any use, misuse or unlawful use of the personally identifiable information that you choose to submit in social media and other third-party sites.
When you use the “Contact Us” form, will ask you to provide your details, as presented to you in the form. When you contact us, or when we contact you, we will receive and process any personally identifiable information that you provide us.
We will display personal testimonials of satisfied customers on the Site in addition to other endorsements. Only with your consent, we will choose to post your testimonial along with your name.
If you wish to update or delete your testimonial, you can contact us at: [email protected]
What do we do with personally identifiable information?
We use personally identifiable information to provide our Service and develop it, to maintain the Site and Service, make them better and protect us and the Service and Site from misuse and law violations
We use personally identifiable information that we collect and receive to provide the Service for various and diverse use-cases, such as:
- insights and knowledge about the use of vehicles, traffic flow management, urban planning, parking management, automated road tolls, road infrastructure maintenance and improvement, car-design improvements;
- data feedback for car research and development optimization, usage-based insurance, vehicle monitoring and theft protection, collision warning, real-time weather and hazard notifications;
- automatic emergency calls, data for first responders and healthcare providers, driving skills improvement and education, real-time location-based promotion, on-demand energy services, usage insights, electrical vehicle infrastructure insights;
- in-vehicle offering and targeted advertising, data analytics for store location and opening hours optimization, predictive maintenance services, reducing breakdown risks and downtime, roadside assistance and certified mechanics, vehicle performance status;
- fleet management, driver safety and operations efficiency, performance data from actual users.
We further use personally identifiable information to enable the Service’s tools and features, including for automated processes and profiling, to study and analyze the functionality of the Site and Service, to provide support, to measure the Site and Service activity, to maintain the Service, to make it better, and to continue developing the Service.
If you provide Us your email address, we will use it to contact you when necessary, to provide information and notices about the Site and Service. We will include commercial and marketing information about our Service.
If necessary, we will use personally identifiable information for the following purposes:
- to enforce our terms, policies and legal agreements;
- to comply with court orders and warrants, and assist law enforcement agencies;
- to collect debts, prevent fraud, misappropriation, infringements, identity thefts, and any other misuse of the Service;
- to prevent cyber security attacks and any other unlawful or unauthorized use of your personal information and the Service;
- to take any action in any legal dispute and proceeding;
- for additional purposes that we believe in good faith to be within your reasonable expectation.
Sharing personally identifiable information with others
We will share personally identifiable information with our marketplace partners, we will use service providers, for example, to send email messages.
We will transfer personally identifiable information as needed when we change our corporate structure, and we will share personally identifiable information with our affiliate entities.
We will share your personally identifiable information only subject to the terms of this policy, or subject to your prior consent.
We will share your personally identifiable information with our marketplace partners (such as smart cities, automotive suppliers, insurance companies, safety and emergency service providers’ etc.).
We use service providers and will share personally identifiable information with them, including: analytics, data hosting, back-up, business intelligence services, customer relations, cyber security, mailing and other relevant services, to help us maintain, operate and improve the Site and Service and to fulfill the purposes of processing personally identifiable information, under applicable law and this policy.
We will also share personally identifiable information with companies or organizations connected, or affiliated with us, such as subsidiaries, sister-companies and parent companies, with the express provision that their use of your personally identifiable information will comply with this policy.
We will report and share user personally identifiable information, if we believe that we are required to do so by law. We will need to disclose personally identifiable information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Additionally, a merger, acquisition or any other structural change will require us to transfer your personally identifiable information to another entity, provided that the receiving entity will comply with this policy.
Aggregated and analytical information
Aggregated data is not identifiable. We use it for legitimate business purposes and we also use standard analytical tools.
We use standard analytics tools. The privacy practices of these tools are subject to their own privacy policies and they will use their own cookies to provide their services (for further information about cookies, please see the ‘Cookies’ section in this policy).
We use the standard analytics tools of Google Analytics and we will use additional or other analytics tools, from time to time. The privacy practices of these tools are subject to their own privacy policies.
You can also read How Google uses data when you use Google partners’ sites or apps at: www.google.com/policies/privacy/partners/We use anonymized, statistical and aggregated information and will share it with our partners and other third parties for legitimate business purposes.
The use of such data has no effect on your privacy, because we take considerable precautions to make sure that the data cannot be associated specifically to you.
We will share your personally identifiable information only subject to the terms of this policy, or subject to your prior explicit consent.
You may opt-out of our mailing lists and terminate your use of the Site.
You can request Otonomo to stop collecting and using any personally identifiable information about you.
Our Service does not respond to Do Not Track (DNT) signals.
At any time, you can unsubscribe from our mailing lists or newsletters, by sending an opt-out request to: [email protected].
At any time, you can stop using the Site.
At any time, you can exercise your following opt-out options:
- object to the transfer of your personally identifiable information to a third party, other than to third parties who help us perform tasks as explained above under “Sharing Identifiable Information with Others“, or,
- object to the use of your personally identifiable information for a purpose that is materially different from the purposes for which we originally collected such information, under this policy, or from the purposes that authorized at a later stage.
At any time following your opt-out request, we can remove or de-identify your personally identifiable information altogether and request that you stop using the Site.
Following the termination or expiration of the Service, we will stop collecting any personally identifiable information from or about you. However, we will store and continue using or making available your personally identifiable information according to our data retention section in this policy.
Web browsers offer a “Do Not Track” (“DNT”) signal. A DNT signal is a HTTP header field indicating your preference for tracking your activities on a service or through cross-site user tracking.
Our Service does not respond to Do Not Track (DNT) signals.
You can exercise your choice by contacting us at: [email protected]. Note in most cases, we do not maintain direct identifiers such as your name, license plate number, government issued IDs and telephone numbers.
We will need to ask you to provide us necessary details to authenticate your identity and to identify data related to you on our systems.
Specific Provisions for California Residents
This section of our policy applies to you, if you are a California resident.
We have collected the following categories of personally identifiable information from consumers within the last twelve (12) months:
- Identifiers and Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). These include Internet Protocol (IP) addresses, email addresses, access device and connection information such as browser type, version, and time zone setting and browser plug-in types and versions.
- Internet or other electronic network activity information, including, but not limited to log-in and log-out time, the duration of sessions, the content uploaded and downloaded, viewed web-pages or specific content on web-pages, activity measures.
- Vehicle information.
- Geolocation data.
- Inferences drawn from any of information identified above to create a profile about consumers.
Our Categories of Sources for Personally Identifiable Information
We obtain the categories of personally identifiable information listed above from the following categories of sources:
- Users of our website.
- Otonomo’s marketplace partners such as vehicle-data aggregators, car manufacturers and data telematics service providers.
Our Use and Disclosure Practices
We use the personally identifiable information that we collect or receive for the business purposes as described above under the section titled “What Do we Do with Personally Identifiable Information?” of this policy.
We disclose personally identifiable information to third parties for business purposes as described above under the section titled “Sharing Personally Identifiable Information with Others” in this policy.
In the preceding twelve (12) months, we have disclosed the following categories of personally identifiable information for business purposes:
- Identifiers .
- Internet or other electronic network activity information.
- Inferences drawn from any of information identified above.
Personally Identifiable Information that We Sell
In the preceding twelve (12) months, we have sold the following categories of personally identifiable information for business purposes:
- Identifiers .
- Internet or other electronic network activity information.
- Vehicle information.
- Geolocation data.
- Inferences drawn from of the information identified above.
Your Rights as a California Resident
You are entitled to the following specific rights under the California Consumer Privacy Act in relation to your personally identifiable information:
A. Access to Specific Information and Data Portability Rights
You have the right to request that we will disclose certain information to you about our collection and use of your personally identifiable information over the past 12 months. After verifying your request, we will disclose to you:
- The categories of personally identifiable information that we collected about you;
- The categories of sources for the personally identifiable information that we collected about you;
- Our business or commercial purpose for collecting personally identifiable information related to you;
- The categories of third parties with whom we share personally identifiable information related to you;
- The specific pieces of personally identifiable information that we have collected about you;
- If we sold or disclosed personally identifiable information related to you for a business purpose, we will provide you with two separate lists which will identify the personally identifiable information categories that each category of recipient purchased or obtained.
B. Deletion Rights
You have the right to request that we delete personally identifiable information related to you that we collected from you. After verifying your request, we will delete (and direct our marketplace partners and service providers to delete) the personally identifiable information that you have requested to delete from our records, unless an exception applies.
C. The Right to Opt Out
You have the right to opt out of the sale of personally identifiable information related to you.
For a period of 12 months following the execution of your request to opt out, we will not ask your permission to sell personally identifiable information related to you.
Exercising Your Rights
To exercise the access, data portability, and deletion rights described above, please submit your request to us by visiting Otonomo’s Driver Privacy Rights Portal at: https://otonomo.io/driver-privacy-portal/where you can chose which right you wish to exercise.
To exercise your right to opt out of the sale of personally identifiable information related to you, please submit your request to us by clicking the Do Not Sell My Personal Information button at Otonomo’s website.
Only you or a person authorized to act on your behalf, may make a request related to personally identifiable information. You may also make a request on behalf of your minor child.
A request for access can be made by you only twice within a 12-months period.
We cannot respond to your request or provide you with the requested personally identifiable information if we cannot verify your identity or authority to make the request and confirm the personally identifiable information that relates to you. We will only use the personally identifiable information provided in your request to verify your identity or authority to make the request.
Any disclosures that we provide will only cover the 12-months period preceding receipt of your request.
The response we provide will also explain the reasons for our inability to comply with your request, if applicable.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for such decision and provide you with a cost estimate before processing further your request.
Accessing Your Personal Information
At any time, you can request access to your personally identifiable information and you can ask us to delete your personally identifiable information from the systems of the Site and Service.
If you find that your personally identifiable information is not accurate, complete or up-to-date, please provide us the necessary information to correct it.
At any time, you can contact us at: [email protected] and request access to the personally identifiable information that we keep about you. We will need to ask you to provide us certain credentials to make sure that you are who you claim to be and to the extent required under the applicable law, will make good-faith efforts to locate your personally identifiable information that you request to access.
If you are eligible for the right of access under applicable law you can obtain confirmation from us of whether we are processing personally identifiable information about you, and receive a copy of that data, so that you could –
- verify its accuracy and the lawfulness of its processing;
- request the correction, amendment or deletion of your personally identifiable information if it is inaccurate or if you believe that the processing of your personally identifiable information is in violation of applicable law.
We will use judgement and due care to redact from the data which we will make available to you, personally identifiable information related to others.
We can delete your personally identifiable information, by removing any identifying information and transforming personally identifiable data that relates to you into anonymized data.
Your EU data subject rights
You can exercise your EU data subject rights.
Our processing of your personal data is based on following lawful grounds:
- All processing of your personal data which are not based on the lawful grounds indicated below, are based on your consent.
- We process your account and payment details to perform the contract with you, or with the entity that you represent.
- We will process your personal data to comply with a legal obligation and to protect your and others’ vital interests.
- We will further rely on our legitimate interests, which we believe are not overridden by your fundamental rights and freedoms, for the following purposes:
- Communications with you, including direct marketing where you are our Service partner or a user of our Service partner, or where you make contact with us through the Site or through other digital assets.
- Cyber security.
- Support, customer relations and Service and Site operations.
- Enhancements and improvements of user experience with the Service and Site.
- Fraud detection and misuse of the Service and Site.
In addition to the right to access, amend and delete certain information, as described in the “Accessing Your Personally Identifiable Information” chapter, if we process personally identifiable information related to you when you are in the EU, you can:
- CONTACT US IF YOU WANT TO WITHDRAW YOUR CONSENT TO THE PROCESSING OF YOUR PERSONAL INFORMATION. EXERCISING THIS RIGHT WILL NOT AFFECT THE LAWFULNESS OF PROCESSING BASED ON CONSENT BEFORE ITS WITHDRAWAL.
- Request to delete or restrict access to your personal data. We will review your request and use our judgment, pursuant to the provisions of the applicable law, to reach a decision about your request.
- If you exercise one (or more) of the above-mentioned rights, in accordance with the provisions of applicable law, you can request to be informed that third-parties that hold your personal data, in accordance with this policy, will act accordingly.
- You can ask to transfer your personal data in accordance with your right to data portability.
- You can object to the processing of your personal data for direct marketing purposes. Additional information about this right is available under the “Choice” section in this policy.
- You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you.
- You have a right to lodge a complaint with a data protection supervisory authority of your habitual residence, place of work or of an alleged infringement of the GDPR.
A summary and further details about your rights under EU data protection laws, is available on the EU Commission’s website at: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.
When you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will further ask you questions to understand the nature and scope of your request.
If we need to delete your personal data following your request, it will take some time until we completely delete residual copies of your personal data from our active servers and from our backup systems.
We do periodical assessments of our data processing and privacy practices to make sure that we comply with this policy, to update the policy when we believe that we need to and to verify that we display the policy properly and in an accessible manner.
If you have any concerns about the way we process your personally identifiable information, you are welcome to contact our privacy officer at: [email protected], or to write to us to:
Otonomo Ltd., 16, Abba Even St., Herzlyia, Israel 4672534.
We will look into your inquiry and make good-faith efforts to resolve any existing or potential dispute with you.
We retain personally identifiable information as needed, to provide the service and for legitimate and lawful purposes.
We retain different types of personally identifiable information for different periods, depending on the purposes for processing the information, our legitimate business purposes as well as pursuant to legal requirements under the applicable law.
We retain personally identifiable information as part of our Service data as needed to perform our business activities.
We keep information about payment transactions for up to 7 years due to tax related requirements, for accounts settling, record keeping, archiving and legal matters.
We maintain contact details, to help us stay in contact with you.
We will make efforts to guarantee that personally identifiable information is kept for no longer than is necessary for the purposes for which the personally identifiable information is processed.
In any case, as long as we use your personally identifiable information to provide our Service, we will keep the information about you, unless the law requires us to delete it, or if we decide to remove it at our discretion, according to the terms of this policy.
If we retain your personally identifiable information for any legitimate business purpose other than to provide the Service, we will make efforts to limit the access to the personally identifiable information and keep the retention time to a minimum.
We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable
Transfer of data outside your territory
We will store and process information in various sites throughout the globe, including in sites operated and maintained by cloud-based service providers.
We will store and process information in the United States, on our cloud-based services’ sites. From time to time, we will make operational decisions which will have an impact on the sites in which we maintain personally identifiable information. We make sure that our data hosting service providers provide us with adequate confidentiality and security commitments.
If you are a resident in a jurisdiction where transfer of your personally identifiable information to another jurisdiction requires your consent, then you provide us your express and unambiguous consent to such transfer. You can contact our privacy officer at: [email protected] for further information about data transfer.
To the extent required under EU data protection laws, transfer of personal data to our US hosting service providers is governed by our hosting services’ EU-US Privacy Shield certification. Transfer of personal data to Israel is made in accordance with the EU Commission decision 2011/61/EU of January 31, 2011, on the adequate protection of personally identifiable information by the State of Israel with regard to automated processing of personally identifiable information.
Our recipients of the Service information may be established in various territories.
To the extent necessary under EU privacy laws and regulations, we will implement additional data onward transfer instruments, such as the Controller to Controller standard contractual clauses
If any data transfer measure is terminated, revoked or invalidated, or at our discretion, we will use alternative lawful measures to transfer personal data, to the extent required under EU data protection laws.
We implement systems, applications and procedures to secure your personally identifiable information, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information.
We and our hosting services implement systems, applications and procedures to secure your personal information, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information.
These measures provide sound industry standard security. However, although we make efforts to protect your privacy, we cannot guarantee that the Service will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
Marketplace privacy commitments
Our marketplace partners are committed to your privacy and security.
Please read the Otonomo Marketplace Privacy and Security Statement at: https://Otonomo.io/privacy-security-statement. Where applicable, the Marketplace Privacy and Security Statement, or substantially similar terms become part of Otonomo’s commercial agreements with Marketplace partners.
We will update our policy from time to time after giving proper notice.
From time to time, we may update this policy by publishing a notice on the Site or by sending you a notice. If the updates have minor, if any, consequences, they will take effect 7 days after we post a notice on the Site. Substantial changes will be effective 30 days after we initially posted or sent the notice.
Until the new policy takes effect, if it materially reduces the protection of your privacy right under the then-existing policy, you can choose not to accept it and terminate your use of the Site. Continuing to use the Site after the new policy takes effect means that you agree to the new policy.
Note that if we need to adapt the policy to new legal requirements, the new policy will become effective immediately or as required by law.