1. Vinli Incorporated is a Data Processor
Vinli Inc. provides vehicle and driver performance data analysis services. We are committed to managing such data in a manner that is consistent with all data protection regulation that applies to us and this statement details our approach. We will manage your data in accordance with this privacy notice.
- We are a Processor of personal data; Vinli is a processor of personal data that is obtained as subject matter of the Service that we deliver. If you would like more information on the processing of this data, or to exercise your rights, please contact the Controller.
- We are also a Controller of personal data; we are a Controller of personal data obtained for the purpose of the administration of our business and the management of customer relationships. If you would like to contact Vinli's data protection representative or the Vinli EU Data Protection Officer's office (registered in Ireland) regarding this notice or to exercise your rights in relation to personal data that we Control, please email us at firstname.lastname@example.org or contact us by mail at 1905 McMillan Ave., Dallas, Texas 75206, United States of America.
If you are under 18 please read this statement with the assistance of a parent or guardian
2. Key Definitions
- “Our” or “we” or “Vinli” refers to Vinli, Inc. or its wholly owned subsidiary Vinli Limited.
- “You”, “Your” or “Subject” refers to the individual person whose personal data is the subject of the data.
- “Personal Data” is information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as; a name, an identification number, location data, an online identifier, or one of more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.
- “Services” or “Vinli Services” refers to the vehicle telemetry and driving behavior data analysis service provided by us to our customers.
- A “Data Subject” is an identified or identifiable natural person
- A “Controller” is the natural or legal person or body which alone or jointly determines the purpose and means of the processing of personal data.
- A “Processor” is an organization or person that processes data on behalf of a Controller
3. Purpose and Lawful Basis
Where Vinli processes your personal data as either a Processor or as a Controller, as described in Section 1, we are obliged to inform you of the purposes for which we use your data and the legal basis for processing.
The purposes for our processing of your personal data may overlap and some purposes for processing may have multiple legal bases. The following chart lists examples of the categories of data that we may process as either a Controller or a Processor, but is not intended to be exhaustive and is subject to change:
4. Where we are Processor of your personal data
You should contact the Controller of your personal data in relation to the use of your data or to exercise your rights as a Data Subject as Vinli may not act on behalf of these requests without the express permission of the Controller.
5. Where we are Controller of your personal data
5.1. Where you have provided consent
Where we are processing data based on your consent you may withdraw that consent at any time.
5.2. Who we share Personal Data with
We take all reasonable measures to protect your personal information while it is in our possession, however, it may be transferred to others where there is a legitimate and lawful reason. This section lists the categories and types of organisations that we may transfer personal data to:
5.2.1. Third party partners
Application developers, providers of analytical tools, development or authentication tool providers
5.2.2. Business support and regulatory organizations
Operational systems, payroll providers, banks, advisors, auditors, regulators
5.3. Information relating to children and vulnerable persons
The processing of personal data relating to children receives special attention under Data Protection Regulation and we shall treat this information with particular care. The age of digital consent is 16 in the EU and some states have elected to reduce this to 13. Information obtained about children shall comply with the requirement for parental consent and shall receive additional consideration while planning an operational process.
5.4. Special (Sensitive) Data
We recognize special categories of data, specifically personal data revealing racial or ethnic origin, political opinion, religious of philosophical beliefs, trades union membership, genetic or biometric data, or a subject’s health or sexual life. The processing of these categories of information shall typically require consent. We may also process Special data where there is a legal/regulatory obligation, there is a legitimate interest or where it is in the public interest.
Health data may be processed for the processing of an insurance or mortgage product. Such processing will not normally require your consent.
5.5. Confidentiality & Security
Vinli have implemented generally accepted standards of technology and operational security to protect personal data from alteration, unauthorized disclosure, or destruction, and from use for unauthorized purposes. Furthermore, we have taken measures to ensure that contracts with all third parties that provide technical and processing services include terms that specify appropriate technical and organizational security measures to prevent accidental, unauthorized, or unlawful disclosure or processing of personal data.
5.6. Your Rights
Data Subjects have the right to:
- Be informed if we have personal data relating to a Data Subject, the categories of data and the purpose of processing
- Where data was not provided by you, we will identify the source of that data together with data categories
- Be informed if a failure to provide the personal data will have any direct and material personal consequences
- Access your personal data. Where the format is not reasonably understood, this shall be delivered in an intelligible format
- Have inaccurate, incomplete, or out-of-date personal data that we hold about you corrected, or deleted
- Withdraw consent for your personal data to be processed - where that data was obtained from you on the basis of consent
- Make a submission on any automated decisions making processes or profiling of you.
- Transfer your data to another Controller
- Have your personal data excluded from certain categories of processing
- Lodge a complaint - You may make a complaint in the EU to the Irish Data Protection Commissioners office at http://dataprotection.ie, the UK Information Commissioner's Office here or, the Swiss Data Protection and Information Commissioner here
- There are some limitations to these rights.
- You can contact us to exercise these rights by e-mail at email@example.com. We will ask for additional information to verify your identity prior to acting upon such requests.
5.7. Reporting of Data Breaches
Where a data breach occurs that poses a high risk to you, we will also inform you. All breaches will be managed in compliance with the state law that applies to us.
Please note that the Vinli Services may contain links to other internet sites that are not operated or controlled by Vinli. We cannot control and are not responsible for the privacy practices or the content of such websites.
7. International Transfer - For Personal Data Processed in the EU, UK or Switzerland
7.1. All data provided to Vinli may be transferred to, stored or processed in the United States.
7.2. Where we are a Processor of your data (the Vinli Services)
You need to refer to the Controller of your personal data for advice on the international transfer of personal data. In general, personal data that is internationally transferred to us from a Controller is subject to EU Standard Contractual Clauses SCCs.
7.3. Where we are a Controller of your data (customer agreements, web traffic, marketing)
Where your data is transferred outside of the EEA (European Economic Area) or outside of your jurisdiction by us, we shall rely upon a formal Adequacy ruling relating to the receiving country, an agreement with the Data Subject, or EU Standard Contractual Clauses SCCs as a legal basis for transfer. Data transferred internationally within the Vinli organization is transferred subject to SCCs.
You can find a copy of the EU SCCs at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
7.4. Where we rely on the Data Privacy Framework Program
Vinli complies with the EU-US, the UK Extension to the EU-U.S. DPF and the Swiss-US Data Privacy Frameworks (“DPF”) as set forth by the US Department of Commerce regarding the collection, use and retention of Personal Information in the United States from European Union member countries, the United Kingdom and Switzerland, respectively (“European Personal Information”). Learn more about the DPF program here, where you can also review our certification.
If you have an inquiry regarding our privacy practices in relation to our DPF certification, we encourage you to contact us at firstname.lastname@example.org. If we are unable to resolve your complaint, you may file a complaint free of charge with your local data protection authority, and we will work with them to resolve your complaint. In certain circumstances, the DPF provides the right to invoke binding arbitration to resolve complaints not resolved by other means.
Vinli is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). Please note that we may be required to disclose European Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
7.5. Service Providers and Sub-Processors
In the event that a service provider to Vinli is international in nature, or sub processes with entities that are not within the EU, we will take steps to ensure that any further processing that may expose such data to international transfer is subject to the protections provided by the EU or UK GDPR.
8. California Shine the Light Law
California Civil Code Section 1798.83 permits you to request and obtain from us once a year, free of charge, a list of the third parties to whom we disclosed your personal information as defined under that statute, for direct marketing purposes in the preceding calendar year and the categories of that kind of personal information that was disclosed to them. If you are a California resident and you wish to make such a request you may by contacting us. Our contact details are provided at the top of his document.
9. Commitment to Children’s Privacy
9.1. Vinli Does Not Seek To Collect Data From Children
Vinli takes children’s privacy seriously and we do not seek to collect individually identifiable information about children. We aim to never store the personal data of children under 13, and acknowledge that the digital age of consent in the EU is 16, with some states legislating for 13. If Vinli learns that a child under the age of 13 has submitted personally identifiable information through the websites, products or the Developer Portal, or personal data of children has been obtained without proper consent and in contravention of these measures, Vinli will take all reasonable measures to delete such information from its databases and to not use such information for any purpose.
9.2. California Minors
If you are a California resident who is under 18 and a user of our websites, products or Developer Portal, this section applies to you. We may provide users the functionality of posting information through our websites, products or Developer Portal. If and to the extent CA Bus. & Prof. § 22581 applies, you may request and obtain removal of content or information posted by you (as an account holder) subject to the exceptions provided in this “California Minors” section. If you can accomplish removal on your own by following the instructions within the websites, products or Developer Portal, then follow those instructions. If that does not work, contact us by using the contact information provided at the top of this document specifying the information or content and each place where it is located in enough detail so that we reasonably can find it and meet your request in the ordinary course of our business. CA Bus. & Prof. § 22581 provides exceptions to your ability to request and obtain removal of content or information posted by you within the websites, products or Developer Portal. Those exceptions in CA Bus. & Prof. § 22581 are: (1) federal or state laws requiring us or a third party to maintain the content or information; (2) the content or information is not covered by the law (e.g., someone other than you posted it or your posting is stored, republished, or reposted by a third party); (3) we turned your content or information into anonymized data (such as, aggregated data or the like) and thereby disabling the ability to identify your content and information among other users’ content or information; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the content or information. If any one of the above exceptions applies, we are not required to remove your content or information from the Aps. REMOVAL OF YOUR POSTED CONTENT OR INFORMATION FROM THE WEBSITES AND DEVELOPER PORTAL DO NOT ENSURE COMPLETE OR COMPREHENSIVE REMOVAL OF THAT CONTENT OR INFORMATION. The law does not require us to actually eliminate the information posted by you; the law is satisfied if we keep it but render it invisible to other users and the public. Also, some information will already be beyond our control (e.g., a user or other third party might have already copied it). Law enforcement may obtain the content or information pursuant to certain court orders.
10. Data Retention
We retain personal data that you submit to us only for as long as is necessary and for the purposes for which it was obtained, or as required by law. We have detailed retention periods for which personal data shall be retained for particular purposes below, but note that where we act as a Data Processor, data retention periods are controlled by the Controller. Vinli reserves the right to delete personal data prior to the conclusion of the retention period or where such retention is not absolutely necessary.
This notice may be updated to comply with precedent that has been established or to provide further clarification. The most up to date version will be published online, or you can request a copy from us at any time. We advise you to use a current version of this document when considering your rights.