Roadpost Privacy Policy
At Roadpost, your privacy is of great importance to us. Roadpost is committed to the protection of the personal information of all customers, prospects, website visitors and other individuals whose personal information is entrusted to Roadpost, such as emergency contacts.
Policy Contents:
- Accountability for Your Privacy
- Personal Information and How We Collect It
- Using Your Information
- Our Website Practices
- Sharing Your Information
- Keeping Your Information Safe
- Accessing Your Personal Information
- How Long We Keep Your Information
- GDPR Compliance at Roadpost
- Our Privacy Complaint and Breach Management Process
- External Links and Social Media
- Changes to this Policy
- Getting in Touch
Accountability for Your Privacy
Roadpost takes full responsibility for the management and confidentiality of personal information. Personal information is collected, used, shared and stored in accordance with the privacy laws in which Roadpost operates, such as the Personal Information Protection and Electronic Documents Act, S.C. 2000, c.5 in Canada, and the EU General Data Protection Regulation 2016/679 (“GDPR”). Roadpost respects the privacy best practice principles contained in the Canadian Standards Association Model Code for the Protection of Personal Information, CAN/CSA-Q830-96, the OECD Privacy Principles and the Generally Accepted Privacy Principals recognized globally.
Roadpost has appointed a Privacy Officer who oversees information-handling practices and Roadpost’s privacy management program. The Privacy Officer’s duties include:
- Developing and, on a regular basis, reviewing the implementation of internal procedures to protect personal information;
- Ensuring all staff are trained on privacy best practices and are aware of the importance of safeguarding any personal information that they are privy to;
- Ensuring that all inquiries and complaints relating to privacy are appropriately handled; and
- Ensuring all third parties to whom Roadpost provides access to personal information commit to protecting such information.
Personal Information and How We Collect It
‘Personal information’ is any factual or subjective information, recorded or not, about an identifiable individual. This includes your name, contact information, payment card information credit scores, text messages, GPS coordinates, and any identifiable on-line activity. It also includes information found on Roadpost invoices such as dates and times of a call and termination numbers. Product or service usage information, or information relating to a dispute or claim would also be considered personal information. Personal information does not include aggregate information that cannot be linked to a specific individual.
Personal information is collected by Roadpost with your knowledge and consent in several ways, such as through account creation, product registration/support, as well as when records are provided by third parties. For example, with your authorization, Roadpost may obtain a credit report on you to assess creditworthiness. We identify when information may be provided optionally and when it is necessary in order to service you. Your consent can be withdrawn at any time, subject to legal or contractual restrictions, by providing us with written notice. Upon receipt of a notice to withdraw consent, we will inform you of the consequences of withdrawing your consent, which may include the inability to remain a Roadpost customer.
Note however that there may be instances where the law permits the collection, use or disclosure of your personal information without your consent, for example for debt collection, fraud investigations, and where necessary to protect our legal interests or the safety of others.
Using Your Information
We collect and use personal information for the following specific purposes:
- To establish and maintain a business relationship with you, including to provide you with the products and services you purchase;
- To verify your identity or contact you;
- To process your application for an account, determine eligibility and suitability for certain products and services, and to provide on-going service;
- To assess your needs and enhance Roadpost’s products and services;
- To inform you about Roadpost initiatives or products/services that may be of interest to you, and to provide you with important updates regarding your products/services;
- For data analytics and to compile aggregate statistics for internal reporting purposes;
- To assess and manage risk, including detecting and preventing fraud or error; and
- To meet auditing, legal and regulatory processes and requirements.
Our Website Practices
When you visit Roadpost’s websites, we automatically receive and record information in our server logs from your browser or mobile platform, including the date and time of your visit, your IP address, unique device identifier, browser type and other device information (such as your operating system version and mobile network provider). By setting cookies, Roadpost is able to enhance a user’s on-line experience (e.g. once you are logged in to your account, you are able to move between webpages without having to re-enter your credentials). You can disable cookies through your website browser, but this may affect your user experience.
The usage data we collect when you visit Roadpost’s website helps us analyze and improve the performance of our digital services. Roadpost uses Google Analytics for web statistical analysis. We make no effort to personally identify you based on your visit to our site. If you wish, you may opt out of being tracked by Google Analytics by disabling or refusing the cookies; by disabling JavaScript within your browser; or by using the Google Analytics Opt-Out Browser Add-On.
Roadpost also uses third party advertising partners to provide on-line visitors with relevant ads across the Internet. You may also opt out of interest based advertising by visiting the opt-out tool made available by the Digital Advertising Alliance of Canada at https://youradchoices.ca/choices/
For a complete list of cookies used on our website, click here.
Sharing Your Information
Roadpost takes all reasonable steps to protect the interest of individuals when disclosing personal information. We do not disclose personal information for purposes other than those for which it was collected, unless you have provided consent to do so or we are required/permitted by law to disclose the information.
We may also share your personal information with business partners, affiliates and service providers who assist us in delivering satellite communications and SOS emergency services to you; credit agencies; IT service providers; professionals such as financial auditors and marketing partners. We take reasonable steps to ensure that any such third parties who we entrust with your personal information are reputable, and have safeguards in place to protect this information. In working with bbusiness partners, affiliates and service providers, your personal information may be transferred to a foreign jurisdiction to be processed or stored. Such information may be provided to law enforcement or national security authorities of that jurisdiction upon request, in order to comply with foreign laws.
Keeping Your Information Safe
Roadpost has implemented critical physical, organizational and technical measures to guard against unauthorized or unlawful access to the personal information we manage and store. We have also taken steps to avoid accidental loss or destruction of, or damage to, your personal information. While no system is completely secure, the measures implemented by Roadpost significantly reduce the likelihood of a data security breach.
Here are some examples of the security controls we have in place:
- Secure office premises;
- Locked filing cabinets and a secure shredding practice for paper records;
- The use of encryption, such as secure portals for document transfers and tokenization for payment card information;
- Robust authentication processes, including complex passwords for access to electronic records;
- Limited access to personal information by employees who need the information to perform their work-related duties; and
- The use of data centers with effective physical and logical data security controls.
In addition, we recommend that you do your part in protecting yourself from unauthorized access to your personal information. For example, ensure your account login credentials are not shared with anyone. Roadpost is not liable for any unauthorized access to your personal information that is beyond our reasonable control.
Let us know right away if your contact information changes or you find any errors in your account statements or invoices. If you have reason to believe that the security of your account has been compromised, you must immediately notify Roadpost of the problem in order for us to resolve the issue in a timely manner.
Accessing Your Information
We make every effort to ensure that the personal information we hold is accurate, complete and up-to-date for the purposes for which we collect it. You can make a written request for access to your personal information at any time if it is for information that you are unable to access yourself through your account. You will need to provide as much information as you can to help us process your request and locate the information you require.
If you need assistance in preparing your request, please contact us and we would be pleased to help you. Upon your request, Roadpost will also inform you of how your personal information has been or is being used, and who your personal information has been shared with. We may charge a fee to cover any expenses related to responding to your access request.
Roadpost responds to access requests within 30 days, unless an extension of time is required. However, there may be contexts where access is refused or only partial information is provided, for example, in the context of an on-going investigation or where another individual’s personal information or identity must be protected.
How Long We Keep Your Information
Roadpost retains personal information for as long as necessary to fulfill legal or business purposes. Once your information is no longer required by Roadpost to meet business, legal or regulatory requirements, it is securely destroyed, erased or made anonymous. Keep in mind however that information may be retained for a lengthier period of time due to an on-going investigation or legal proceeding, and that residual information may remain in back-ups for a period of time after its destruction date.
GDPR Compliance at Roadpost
Under the GDPR a Data Controller determines the purposes and means of the processing of Personal Data. Roadpost remains the Controller of all Personal Data provided to us by our customers. Thus, we take accountability for the use and security of such data when sending confirmations, administering accounts, processing payments and generally servicing our customers directly or through one of our business partners, associates or service providers. Under the GDPR, a Data Processor processes Personal Data on behalf of the Controller. Every Roadpost Data Processor is bound by a Data Processing Agreement.
Roadpost’s legal grounds for processing Personal Data include the provision of consent, contractual commitments as outlined in Roadpost’s Terms & Conditions, and Roadpost’s legitimate interest in providing effective global satellite communication services.
EU data subjects permanently residing in the European Union may have supplementary statutory rights with respect to their Personal Data as outlined in the GDPR. This includes the right to access their Personal data, have it deleted, have it corrected, or object to/restrict processing of such data. If you would like to make such a request, please e-mail privacy@roadpost.com. Roadpost has developed an EU Data Subject Rights Procedure to ensure your request is responded to in a timely manner. In the context of a request for erasure, Roadpost will scramble or pseudonymize the data subject’s information to make it anonymous.
Roadpost has required our service providers who we entrust with Roadpost user data to commit to the continued protection of such data as a Data Processor. If at any time in the future we plan to share Personal Data with additional third parties to deliver Roadpost services, we will ensure that they too maintain a high standard of care for such data.
Roadpost operates through its Canadian and U.S. establishments. Canada was the first country outside of Europe deemed adequate by the EU Commission in 2001, under the EU Data Protection Directive 95/46/EC (the GDPR’s predecessor). An adequacy finding allows the flow of data from the EU to Canada as a trusted country in data protection. In addition, Roadpost uses data hosting providers who have made GDPR commitments of their own. Where data is stored in the U.S. by Roadpost or its service providers, these entities comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the processing of personal data transferred from the EU to the United States. To learn more about the Privacy Shield program or the Privacy Shield Principles, please visit www.privacyshield.gov.
Our Privacy Complaint and Breach Management Process
Roadpost takes privacy complaints very seriously and has a procedure in place for escalating and managing any privacy related concerns to ensure that they are responded to in a timely and effective manner. Roadpost’s Privacy Officer oversees the containment, investigation and corrective actions for all privacy breach situations.
As required by law, privacy breaches may be reported by Roadpost or its business partners to the regulators of the relevant countries in which affected individuals reside.
External Links and Social Media
We may offer links from our website to the sites of third parties, such as affiliated organizations, that may be of interest to you. Roadpost makes no representations as to such third parties’ privacy practices and we recommend that you review their privacy policies before providing your personal information to any such third parties.
Roadpost’s use of social media serves as an extension of our presence on the Internet and help us build a positive brand image as well as provide useful information to the public. Social media account(s), such as Roadpost’s Facebook and Twitter accounts, are not hosted on Roadpost’s servers. Users who choose to interact with Roadpost via social media should read the terms of service and privacy policies of these services/platforms.
Changes to this Policy
We may change this Privacy Policy from time to time in order to better reflect our current personal information handling practices. Thus, we encourage you to review this document frequently! The “Last Updated” date at the top of this Privacy Policy indicates when changes to this policy were published and are thus in force. Your continued use of Roadpost products and services following the posting of any changes to this Privacy Policy means you accept such changes.
Getting in Touch
Any inquires, concerns or complaints regarding privacy should be directed to Roadpost’s Privacy Officer at:
Privacy Officer
Roadpost Inc.
7A Taymall Avenue
Toronto, ON
M8Z 3Y8
Canada
Customer Care: 1(888) 290-1616
privacy@roadpost.com
Your concerns will receive prompt attention. Our Privacy Office can also provide you with more detailed information about Roadpost’s policies and practices. Keep in mind however that e-mail or text messaging are not secure forms of communication, so never send confidential personal information to us this way. Thank you for continued trust in Roadpost.
LAST UPDATED: July, 2019