drive and earn
That simple.
PRIVACY POLICY
The Cryptomiles application is maintained and operated by DriveOn Telemática LTDA.
We collect and use some personal data belonging to those who use our application. In doing so, we act as the controller of this data and are subject to the provisions of Federal Law n. 13,709/2018 (General Personal Data Protection Law - LGPD).
We take care of the protection of your personal data and, therefore, we provide this privacy policy, which contains important information about:
- Who should use our app - What data we collect and what we do with it; - Your rights in relation to your personal data; and - How to contact us.
1. Who should use our app
Our app should only be used by people over eighteen years of age. Therefore, children and adolescents should not use it.
2. Data we collect and reasons for collection
Our application collects and uses some personal data from our users, in accordance with the provisions of this section.
1. Personal data expressly provided by the user
We collect the following personal data that our users expressly provide to us when using our application:
Name; CPF; Telephone; Email; Geolocation data Driver behavior telemetry data (acceleration, braking, speed, stop, curve, odometer); Vehicle health data (fault codes, battery, oil, engine temperature, fuel)
The collection of this data takes place at the following times:
2/5
Application login; As long as the application is online.
The data provided by our users is collected for the following purposes:
Data is collected to generate user identification on the platform and to generate the user's risk behavior score while in the vehicle.
2. Personal data obtained in other ways
We collect the following personal data from our users:
The data that the user will be sharing without the need to expressly inform is telemetry data (geolocation, driving behavior data)
The collection of this data takes place at the following times:
Data is collected by the application installed on the cell phone and is sent through the device's chip data plan to the DriveOn platform. The user will be able to monitor the data through the application.
This data is collected for the following purposes:
Generate risk behavior score of users
3. Sensitive data
Sensitive data from our users will not be collected, thus understood those defined in arts. 11 and following of the Personal Data Protection Act. Thus, there will be no collection of data on racial or ethnic origin, religious conviction, political opinion, union affiliation or organization of a religious, philosophical or political nature, data referring to health or sexual life, genetic or biometric data, when linked to a natural person.
4. Collection of data not expressly provided for
Eventually, other types of data not expressly provided for in this Privacy Policy may be collected, provided that they are provided with the user's consent, or that the collection is permitted based on another legal basis provided for by law.
In any case, the data collection and the processing activities arising from it will be informed to the users of the application.
3. Sharing of personal data with third parties
We do not share your personal data with third parties. Despite this, it is possible that we do so to comply with a legal or regulatory determination, or even to comply with an order issued by a public authority.
3/5
4. How long will your personal data be stored
The personal data collected by the application is stored and used for a period of time that corresponds to what is necessary to achieve the purposes listed in this document and that considers the rights of its holders, the rights of the application controller and the applicable legal or regulatory provisions.
Once the storage periods for personal data have expired, they are removed from our databases or anonymized, except in cases where there is the possibility or the need for storage by virtue of a legal or regulatory provision.
5. Legal bases for the processing of personal data
Each personal data processing operation needs to have a legal basis, that is, a legal basis, which is nothing more than a justification that authorizes it, provided for in the General Law for the Protection of Personal Data.
All Our personal data processing activities have a legal basis that justifies them, among those permitted by law. More information about the legal bases we use for specific personal data processing operations can be obtained from our contact channels, informed at the end of this Policy.
6. User rights
The application user has the following rights, conferred by the Personal Data Protection Law:
- confirmation of the existence of treatment; - access to data; - correction of incomplete, inaccurate or outdated data; - anonymization, blocking or deletion of data that is unnecessary, excessive or treated in violation of the provisions of the law; - portability of data to another service or product provider, upon express request, in accordance with the regulations of the national authority, observing commercial and industrial secrets; - deletion of personal data processed with the consent of the holder, except in cases provided for by law; - information on public and private entities with which the controller shared data; - information about the possibility of not giving consent and about the consequences of the refusal; - revocation of consent.
It is important to highlight that, under the terms of the LGPD, there is no right to delete processed data based on legal bases other than consent, unless
4/5
that the data is unnecessary, excessive or treated in violation of the provisions of the law.
1. How the holder can exercise his rights
To ensure that the user who intends to exercise their rights is, in fact, the holder of the personal data object of the request, we may request documents or other information that may help in their correct identification, in order to safeguard our rights and the rights of third parties. This will only be done, however, if absolutely necessary, and the applicant will be provided with all related information.
7. Security measures in the processing of personal data
We employ technical and organizational measures capable of protecting personal data from unauthorized access and situations of destruction, loss, misplacement or alteration of such data.
The measures we use take into account the nature of the data, the context and purpose of the treatment, the risks that an eventual violation would generate for the rights and freedoms of the user, and the standards currently used in the market by companies similar to ours.
Among the security measures adopted by us, we highlight the following:
storage will be in a private cloud (at AWS or Oracle) as per the contract, whose access is restricted and the data is end-to-end encrypted, only our capture software has the key to break the protocol. Making the data safe and confidential.
Even if you do everything in your power to avoid security incidents, it is possible that a problem occurs exclusively motivated by a third party - as in the case of hacker or cracker attacks or, even, in case of exclusive fault of the user, which occurs, for example, when he himself transfers his data to a third party. Thus, although we are, in general, responsible for the personal data we process, we are exempt from responsibility in the event of an exceptional situation such as these, over which we have no control.
In any case, in the event of any type of security incident that could generate risk or significant damage to any of our users, we will notify those affected and the National Data Protection Authority about the incident, in accordance with the provisions of the General Protection Law. of Data.
8. Complaint to a control authority
Without prejudice to any other administrative or judicial remedy, holders of personal data who feel, in any way, aggrieved, may file a complaint with the National Data Protection Authority.
5/5
9. Changes to this policy
This version of this Privacy Policy was last updated on: 06/02/2021.
We reserve the right to modify these rules at any time, especially to adapt them to any changes made to our application, either by making new features available, or by deleting or modifying existing ones.
Whenever there is a change, our users will be notified about the change.
10. How to contact us
To clarify any doubts about this Privacy Policy or about the personal data we process, please contact our Personal Data Protection Officer, through any of the channels mentioned below:
E-mail: marcio.pessoa@driveonauto.com
Phone: +55 44 99999 1234