Last modified June 29, 2020
California consumers can view supplemental disclosures required under the California Consumer Privacy Act (CCPA) here.
Let us know if you have any questions by writing to email@example.com.
What information do we collect or process, and why? We collect and process different types of data and information for different purposes:
- From Marketing Prospects. If you visit our websites, sign up for a webinar or interact with our marketing and sales staff and express an interest in our products and services, we would like to know how to contact you and what your specific needs or interests are. We will ask you to provide some personal information, such as your name, job title, the company you represent, contact information including email address and phone number, and your communication preferences. We may also ask you for other information about your business and your interests in the Internet of Things in order to provide you with the most relevant information about us and our products and services. We may also collect log data as described below. We use this information principally to respond to your inquiries and, depending on the communication preferences you indicated, we may also send you information about new products or services, special offers or other information that we think you may find interesting. We may also contact you for customer service or market research purposes.
- From Aeris Customers. If you sign up for our products or services, you will be asked to provide information for setting up and maintaining your account, such as contact information of authorized account representatives. We may also ask you to go to a payment partner’s website to provide payment information. We do not retain any payment card information; please review the privacy notices at payment partner websites to understand what they collect. When we process payments, we will receive information from our payment partners about the transaction; this could include small amounts of personal data. To provide services to you and your devices, we also need to gather other information relevant to the products or services we’re being asked to provide, including information about devices and applications that use our services. We use this information principally to provide products and services and to manage our contractual relationship with you.
- For Support Purposes. If you open a support request [that is sent to us, either directly with us or through a company from which you purchase products or services – consider deleting this bracketed language if it refers to situations where you act as a processor/service provider], we collect contact information as described above and information about the issue you are experiencing, which could include information about the device or product you are using, the nature of the problem, and information about the circumstances in which the problem occurred, including location and time. We use this information to troubleshoot the problem and, if applicable, to notify you of the status of the incident.
- From Devices. When you interact with us at a website or through a mobile app, we log and store certain types of information (“log data”). We also collect data from customer devices (“device data”) in the course of providing connectivity or other services to our customers.
- Device Data. In order to provide our services to customers and their devices, we collect a great deal of information, including device IDs, time stamps, authentication records, location information, carrier service used, signal strength, the origin, destination, type and quantity of traffic passed and other operational data. If we reasonably determine that any device data could reveal information about a specific natural person, either due to the nature of the information or through associating information with such person’s account, we will protect it as we would any other personal data. We use the device data that we collect to provide and bill for services, to diagnose problems with devices or our services, to provide customer support, to maintain and improve our network operations, to help prevent fraud and otherwise to operate our business. See “Analytics and Data Aggregation” below for additional information about uses of log and device data.
- Application Data. When Aeris application services are used, we record what was used, the user and/or device using the service, and log and device data as described above. For example, when anyone uses a mobile application to access AerTrak or connected vehicle services, we will collect the identity of the user (and, if applicable, mobile device), the vehicle being tracked or managed, and the type of action (e.g., view device location, or perform a remote door unlock). We use application data to provide services to customers and their users.
- Contents of Device Traffic. The actual contents of any SMS, data or voice transmissions made by customer devices over the cellular network services provided by Aeris are not accessed, viewed or stored by Aeris. Transmissions made over cellular networks are made using standards-based security processes applicable to all cellular operators. Transmissions over other wireless networks are subject to the security processes put in place by the network operator or any encryption protocols arranged by the customer. If we enable emergency services or arrange call center services for a customer, we may be directed to record some calls made.
- Community Forum Data. We may sponsor a community forum or similar site to help customers and Aeris personnel communicate about issues of common interest. If you post to such a site, we may retain the content of posts as well as log data described above. You are encouraged to limit the amount of personal data you provide in your posts since they are publicly viewable.
- Data Relevant to Employment. If you apply for a position with any Aeris company, we and our third party service providers will collect information you provide in connection with your application, including contact data and other personal information such as education and employment history, together with information we create or request as we evaluate your candidacy including, if applicable, reference and background checks. If you join us, we will of course need to process other personal information relevant to your work with us and issue a separate privacy notice then [I can draft employee privacy notice(s), which need to address jurisdiction-specific requirements].
What is our policy regarding cookies? Like most companies that operate websites or that operate over the Internet, we use different kinds of “cookies” to collect information about your visits to the Aeris Sites or use of Internet-based services and applications. We use “persistent” cookies, small files stored on your hard drive, to make your future visits to Aeris websites more productive, such as by remembering some of your login information and your preferences. We also use “session-based” cookies that collect other log data as described above to help us analyze data about webpage traffic and to improve the Aeris websites. Session cookies are deleted when you close your browser window. You can block cookies completely or adjust how your browser handles cookies, although blocking cookies may make your use of some features of Aeris websites or web-based services less efficient. We may also use web beacons, pixels, tags or scripts in order to count visits, evaluate usage and effectiveness of campaigns and the like. We do not currently respond to “do not track signals” or similar mechanisms in web browsers.
What do we do with the information we gather? In addition to uses described above, we use the information we collect for the following reasons:
- We use contact and registration information and log data about your visits to Aeris websites or use of Internet services for several purposes, including customizing your interaction with the Aeris websites according to your customer status and your interests. If you have consented to receive marketing communications about our products and services, we may periodically send promotional emails about new products, special offers or other information that we think you may find interesting using the email address that you have provided. From time to time, we may also use your information to contact you for market research purposes.
- Operating, maintaining and improving our products and services. We use all of the information we collect to operate our business, provide products and services to you and our other customers and to develop, maintain and improve our products and services.
- Analytics and Data Aggregation. We analyze log and device data as described above to understand how our services are operating, to decide how to maintain and improve those services, and to determine if there is information about patterns, correlations and trends that may be useful to us or to our customers or partners. If we move information outside of a secure account environment or our secure servers, such as to do analytics, we do so in a form that is intended not to permit personally identifiable information to be viewed, extracted or reconstructed (called, for convenience, “de-identified information”). We may also aggregate data in a form that does not permit identification of specific individuals. In addition to our internal use, we may share de-identified or aggregated information with third parties who use it for such purposes as industry analysis and demographic profiling. We may also sell products or services that are based on results of this data. We take reasonable steps to prevent re-identification of any de-identified data, including prohibiting our personnel or service providers from re-identifying data.
How do we protect your personal data and where do we store it?
- We use industry-standard measures to safeguard all data [Pls consider listing a few concrete examples instead of broad general statements, which will be cited against you in a security incident situation], and have a continuous process in place to test the effectiveness of these measures and to review the threat landscape and new tools available. You have a role to play in security as well, and we ask that you use prudent measures to protect against unauthorized access to your account information, including logging out of your account when finished, not sharing your login information and taking other customary security precautions appropriate for the situation. The type of organizational or technical measures we use to secure our systems and data may differ depending on the sensitivity of the data and our assessment of how accidental or unauthorized disclosure or use of the data could threaten the rights and freedoms of natural persons. If we become aware that the security of any of the personal information that we store or that is stored by our third party service providers has been compromised, we will comply with all applicable laws, including promptly notifying you if required by law.
- We are aware that there are people who may pose as legitimate businesses and try to trick you into disclosing personal information that can be used to steal your identity. We will not request your account login or password, your credit card information or any sensitive data that could be used to steal your identity, such as national identifying numbers, or gain access to your account in an unsolicited or non-secure email or telephone call. If you believe that someone representing themselves as being associated with Aeris has requested this information in a contact that you did not request or initiate, please contact us immediately at firstname.lastname@example.org so that we may verify the identity of the person contacting you and the validity of the request.
With whom does Aeris share personal data?
- Service Providers. We store information with or allow access to your information to affiliated and unaffiliated service providers that support our business, including with website maintenance, database and cloud, customer support, payment processing, or other services. Our contracts with these third party providers only allow use of your information to provide these services and require that they not disclose it unless required in certain situations, like those described in the following paragraph. We review the security policies and practices of our third party service providers as appropriate as part of our own efforts to maintain the security of your information.
- Law Enforcement, Court Orders and Protection of Our Rights. We may disclose any of your information to government officials as necessary to comply with applicable laws and orders. If we receive a request to disclose any such information, we may do so if we believe in our reasonable discretion that such request is lawful and that disclosure is reasonably necessary to comply. We may also disclose your personal data to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims.
- Other Disclosures. We may also disclose your information if we believe it is necessary in order to protect our property rights or rights of a third party, to protect the safety of any person or of the public or to prevent any activity that we believe is harmful, illegal or unethical. For example, we may need to use personal data in order to enforce our terms of service with customers and our workplace rules, or to engage in other business or corporate transactions. We will put in place appropriate security measures, such as non-disclosure agreements, whenever possible. Also, we may share your information in the context of mergers, acquisitions, divestitures and sales of all or some of our assets, as permitted by applicable law.
How long do we keep personal data? To reduce the risk that harm could be caused by a data breach, we and our third party processors will keep personal data in our active operating systems only during the time that it is required for providing services to you or a customer. When it is no longer needed for that purpose, we may delete it, or we may de-identify it and move it to another database for use in analytics. We may also keep copies in highly secure backup archives that are isolated from active production systems until deletion is appropriate. If you exercise a right to see all personal data collected within a certain period, such as in the prior 12 months as permitted under the CCPA, it is possible that we will already have deleted, and no longer have, some of that data.]
Concerns. If you have any concerns about the privacy practices of any Aeris group company, including an objection to, or a desire to restrict, our processing of your personal data, please contact us at email@example.com, describe your concern, and we will try to resolve the issues. If you are a customer or end user of an Aeris customer, we will refer you to that customer to address your concerns.