Overview
Last Updated: March 22, 2023
We know your privacy is important to you, and we want you to know it is important to us too. This Privacy Notice explains our practices when it comes to your use of our products and services. Our company website has a separate Privacy Notice and Cookie Policy which you can find on axitech.co/privacy-and-legal/website-privacy-and-cookie-policy/.
We encourage you to take the time to review this Privacy Notice carefully, to understand what information we collect, why we collect it, and what we do with it. At Axitech we strive to be transparent, a key data protection principle, which facilitates you to exercise your individuals’ rights and gives you greater control.
In this Privacy Notice, we cover the following key topics:
- Who we are
- What information we collect
- Why we collect your information and how we use it
- Who we share your information with and why
- How we protect your information
- How long we store your information
- How do we use cookies?
- How to contact us
- Other Important Information
- What are your data subject rights in the UK and Europe?
- UK and Europe and our “lawful basis” for using your data
- Your Rights as a California Resident
- Your rights as a Virginia Resident
Who we are
Axitech Group Ltd and its corporate affiliates is a global provider of crash management products and services. We aim to comply with all national, federal, state and local laws, as well as regulatory and contractual obligations, concerning security, privacy and data protection in order to minimise the risk of accidental or unauthorised access or disclosure of customer information.
This Privacy Notice applies to our customers, prospective customers and our customers’ customers (both direct and indirect) across the UK, EEA and the US. Some sections are country, region or state specific. For example, if you are a California resident, please see the Your Rights as a California Resident section to learn about your rights under the CCPA and CPRA.
If you do not agree with this Privacy Notice, do not access or use our products and services or interact with any other aspect of our business.
In this Privacy Notice, Axitech (“we”, “us” and “our”) is used to refer to companies which form part of Axitech Group Ltd, and is used in connection with the provision by Axitech, and/or our business partners and service providers, of crash management products and services (collectively “Services”), which comprise of:
- Obtaining data relating to a motor collision, or other similar event, in order to provide a digitally managed post-collision experience
- Summoning emergency services, vehicle towing, and other immediately required crash management products and services
- Supplying on-going services including, but not limited to, vehicle hire, repairs and/or total loss, and insurance claims fulfilment, as appropriate
The nature and extent of the Services may change from time to time.
We are committed to protecting the privacy of individuals who interact with us, such as our website visitors, customers, business partners and web application end-users (“you” and “your”). This Privacy Notice explains the different ways in which Axitech collects, uses and shares personal information when:
- You visit, interact with, or use any of our applications (where linked to this Privacy Notice)
- You use Axitech products and services (including mobile and web apps) that have been deployed by one of our business customers, such as your vehicle provider
- You speak to one of our representatives on the telephone
In connection with the provision of specific services, Axitech may provide additional “just-in-time” disclosures or additional information about our data collection, use and sharing practices. These notices may supplement this Privacy Notice or clarify Axitech’s privacy practices in the circumstances described or may provide you with additional choices about how Axitech processes your information.
What information we collect
“Personal information” is information that identifies an individual or relates to an identifiable individual. Axitech and our business partners and service providers collect personal information and other information from various sources which generally fall into the following categories:
- Information you provide to us through your interactions with us and your use of our Services
- Information we automatically collect from you in connection with your use of online Axitech Services
- Information from third-party sources and affiliated companies
The information we collect may include:
- Personal Information (name, email address, phone number etc)
- Motor vehicle insurance information
- Vehicle Registration Number(s)
- Vehicle Identification Number(s), VINs
- Vehicle diagnostic data
- Collision location
- Surveys/Satisfaction scores
We may combine information from these different sources for the purposes set forth in this Privacy Notice.
How do we collect information?
We will collect personal information when you voluntarily provide it to us (including to our service providers, our customers or other parties who collect it on our behalf). For example, we collect personal information when you have a collision, and utilise our products and services. This will be preceded by you signing an agreement with our customers for them to provide us with your personal information.
This information is then processed by us to supply you with our Services. You then directly provide us with the information we collect. We collect information and process information when you:
- Voluntarily use our Services
- Use or view our web application via your browser’s cookies
- If you are a witness to a collision and your details have been collected by an end-user of our Services
- Speak to one of our representatives over the telephone
Axitech may also receive information indirectly from the following business partners and service providers that you use, including, but not limited to:
- Vehicle tow providers
- Vehicle hire providers
- Vehicle repair providers (e.g., body shops)
This information may include information regarding the services they have provided you.
Call Recordings
We may record calls you make to our customer contact centre to:
- Check for mistakes
- Train our staff
- Monitor for abuse
- Prevent, detect, investigate fraud
We do this in the interests of offering a good service to our customers and to protect against fraud.
If you object to this, you will need to end the call when you are told that calls may be recorded. Alternative methods of communication are available.
Sometimes, calls may not be recorded if:
- There’s a technical fault with the telephony system
- A call handler is using equipment which doesn’t not let calls be recorded
- You’ve been transferred to a different line
Call recordings are subject to the use and sharing of your information as outlined in this Privacy Notice.
Our business partners and service providers may also record calls. We recommend you review the privacy policies of the relevant partner/provider to find out more about their handling of call recordings.
Why we collect your information and how we use it
We use your information because it is necessary to perform our obligations in delivering our Services to our customers. This includes delivering crash management products and services, authenticating you when you log into our web app, providing customer support, and operating and maintaining our Services. We also need your information to communicate with you about the Services, including booking confirmations, responding to your requests, and sending you notices, updates, security alerts, administrative messages, and other communications necessary to usage of the Services.
How we use the information we collect depends on which of our Services you use, how you use them, and specific preferences you may have communicated to the options you have selected in our products and services, e.g., when selecting a tow, we will collect additional information to provide this service. These options will be clearly presented to you. We are a company providing crash management products and services and we only collect and use your information to provide these services
Who we share your information with and why
We take care to allow your personal information to be accessed only by those who really need access in order to perform their tasks and duties and to share with third parties who have a legitimate purpose for accessing it. We may share personal information about you with third parties in the following circumstances.
Service providers – Unless described in this Privacy Notice, we do not share, sell, rent, or trade any of your personal information with third parties for their own promotional purposes.
Business partners – We may provide your information to our partners, such as tow providers, body shops, to fulfil product and service requests, to effectively deliver unified support, and to provide customers and prospective customers with information about Axitech and its products and services. Sometimes these organisations will supply their services directly to you (typically repairers, vehicle hire, motor engineers).
Although Axitech regularly audits them to ensure they have the necessary data protection policies, procedures, and security measures in place before sharing any information with them. Please be aware that Axitech does not control our business partners’ use of such information. Our partners are responsible for managing their own use of the personal information collected in these circumstances, including providing information to you about how they use your personal information. We recommend you review the privacy policies of the relevant partner to find out more about their handling of your personal information.
Vital interests – We may disclose information where we believe it necessary in order to protect the vital interests of any person.
Compliance with laws or any competent law enforcement body, regulatory body, government agency, court or third party – We may disclose information where we believe disclosure is necessary or required (i) by law or regulation, in order to comply with legal process or government requests (including in response to public authorities to meet law enforcement requirements); or (ii) to exercise, establish or defend our legal rights.
For example, when Axitech processes your collision information, we may send your information to, and also use the resulting information from, insurance fraud agencies to prevent fraudulent insurance claims.
Business transfers – We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, dissolution, corporate reorganisation or similar event. We will inform any buyer that your information shall only be used in accordance with this Privacy Notice.
With your consent – We may disclose your personal information for any purpose with your consent. Axitech collects your information so that we can undertake services including, but not limited to:
- Helping you collect the correct information following a collision e.g., photos
- Supplying you with a tow vehicle
- Supplying you with a rental vehicle
- Supplying you with vehicle repair
- Having one of our representatives call you to aid you following a collision
- Helping you notify, manage and settle your insurance claim
If you agree, Axitech will share your information with our partner companies so they may supply these services.
If you are a witness
If you are a witness to a collision and your information has been collected by an end-user using one of our Services, we only store and process your information to contact you for a witness statement, which may be used in court at a later date.
Axitech will only store and process your information for this purpose and will not market Axitech or third-party products and services. Your information is stored and processed in line with the rest of this Privacy Notice (e.g., security and confidentiality, information retention etc.). This does not affect your data subject rights as outlined in this Privacy Notice.
How we protect your information
Axitech maintains (and requires its service providers and business partners to maintain) appropriate organisational and technical measures designed to protect the security and confidentiality of any personal information we process.
For example, Axitech is ISO 27001 certified, a global internationally recognised standard for information security (see the Trust page) employing such security controls as physical access controls, Internet firewalls, vulnerability scans, network monitoring etc
Axitech staff or representatives who may have access to personal information are required to keep that information confidential. However, no security procedures or protocols are ever guaranteed to be 100% secure and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, anti-virus and anti-spyware software, and similar technologies to protect yourself online.
How long we store your information
We will retain personal information we collect from you where we have a justifiable business need to do so and/or for as long as is needed to fulfil the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, legal, accounting, or other purposes). You can request deletion of your personal information at any time (see “What are your data protection rights?”) and we will consider your request in accordance with applicable laws.
Axitech will keep your personal identifiable information, information directly inputted into our web application by you and information collected from our partners in line with our data retention policy of 3 years and your information will always be held securely during that time. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our Services. You cannot be identified from anonymized information retained or used for these purposes.
The only exceptions to the period mentioned above are where:
- The law requires us to hold your personal information for a longer period or delete it sooner
- Where you have raised a legal claim, complaint or concern regarding a product or service offered by us, in which case we will retain your information for a period of 6 years following the date of that complaint or query; or
- You exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see “What are your data protection rights?”)
Marketing
Axitech will not send you information about our other products and services that we think you might like, nor will we offer those of our partner companies.
Information we process on behalf of our customers
While using our Services, Axitech customers and their end-users may submit or upload information to Axitech’s Services for processing or storage. This customer content is processed by Axitech on behalf of the customer, and our privacy practices will be governed by the contract we have in place with our customers, and this Privacy Notice will not apply to any personal information contained in such customer content.
In accordance with the terms of such contract, Axitech will process customer content for the purposes of providing the relevant Axitech Services and in accordance with our customer’s instructions. If you have any questions or concerns about how such information is handled, you should contact the person or entity who has contracted with Axitech to use Axitech Services to process or store this information (e.g., your vehicle manufacturer).
We will provide assistance to our customers to address any concerns you may have in accordance with the terms of our contract with them.
Where we store your information and international transfers
Personal information held by Axitech is stored on and processed on computers situated in the UK, the EEA, the US, and in other jurisdictions. Axitech prides itself on storing and processing your information in the country where it originated and the jurisdiction it falls under, for example, we use UK data centres for UK customers, EU data centres for EU customers and US data centres for our US customers.
But there may be times when your personal information, including personal information collected in the UK, EEA or US, may be transferred, stored, and processed by us and our service providers, partners and affiliates in other countries whose data protection laws may be different to the laws of your country.
Some of these countries are not deemed ‘adequate’ by the European Commission/UK and US governments. We will protect your personal information in accordance with this Privacy Notice wherever it is processed and will take appropriate contractual or other steps to protect the relevant personal information in accordance with applicable laws.
These steps include implementing the European Commission’s Standard Contractual Clauses, approved by the European Commission and rely on the European Commission’s adequacy decisions about certain countries, as applicable, for data transfers from the EEA to the US and other countries. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our service providers, partners and affiliates.
Accordingly, by using our Services, you authorise the transfer of your information to the US, and to other locations where we and/or our service providers operate, and to its (and their) storage and use as specified in this Privacy Policy and any applicable terms of service or other agreement between you and Axitech. In some cases, Axitech may seek specific consent for the use or transfer of your information overseas at the time of collection. If you do not consent, we may be unable to provide you with the services you requested. The US and other countries where we operate may not have protections for personal information equivalent to those in your home country.
Details of where your information may be processed in countries other than its origin are available on our subprocessors page here. If you have questions or complaints about Axitech’s privacy practices, we’d like to help resolve your issue so please contact us at [email protected] or write to us via post to: Axitech Group Ltd, 1 Park Row, Leeds LS1 5AB
What are cookies?
Cookies are text files placed on your computer or mobile device to collect standard internet log information and visitor behaviour information. When you use products and services e.g., web applications, we may collect information from you automatically through cookies or similar technology.
For further information about cookies, visit https://www.allaboutcookies.org/
How do we use cookies?
Axitech strives to use the minimum number of cookies possible ensuring our products and services function (a.k.a strictly necessary) and in a range of ways to improve your experience whilst using our web applications, including
- Keep you signed in
- Understanding how you use our web application
- Ensuring when re-using our web application, you start at the same place you exited
We will always present you with the options to accept the different cookies we use. For example, when using one of our web applications.
What types of cookies do we use?
There are several different types of cookies, we use the minimum/necessary cookies to provide our Services through our web applications:
- Persistent– Login cookies. These are used for authentication purposes, to log you back into the web application after you have logged out. We also use these to allow us to make parts of the web application inaccessible, based on the user’s log-in status.
Our website also uses cookies, details about which can be found in our cookie policy on the axitech.co website.
How to manage cookies?
You can set your browser not to accept cookies, however, some of our products and services e.g., web application features will not function as a result. The website https://www.allaboutcookies.org/ tells you how to remove cookies from your browser or you can find details for your specific browser:
Google Chrome
https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
Microsoft Internet Explorer
https://support.microsoft.com/en-nz/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari
https://support.apple.com/en-nz/guide/safari/manage-cookies-and-website-data-sfri11471/mac
How to contact us
If you have any questions or concerns regarding our Privacy Notice, do not hesitate to contact us at
Email: [email protected]
By Post: Axitech Group Ltd, 1 Park Row, Leeds, LS1 5AB
How to contact the appropriate UK authorities
Should you wish to report a complaint or if you feel that Axitech has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office:
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Fax: 01625 524510
Our Services may contain links to other third party sites or services. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these services or websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
Other Important Information
Children – Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from such individuals. If you become aware that a child has provided us with personal information, please contact us at [email protected] If we become aware that a child under the age of 16 has provided us with personal information, we will take steps to delete such information.
Automated Decision-making – We do not employ solely automated decision-making, as a matter of course, that results in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you. Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review. If you are to be subject to automated decision making, we will make it clear at the time and you have the right to contest the decision, to express your point of view, and to require a human review of the decision.
Some of our business partners and service providers may use automated decision-making. It will be in their privacy policies if they do.
You can ask any of our business partners or service providers who use automated decision-making to give you the reason behind their decision (or we can ask for you).
Changes to this Privacy Notice
Axitech will review and update this Privacy Notice periodically in response to changing legal, technical and business development at a minimum of every 12 months. When we update this Privacy Notice we will note the date of its most recent revision above. If we make material changes to this Privacy Notice, we will take appropriate measures to inform you in a manner that is consistent with the significance of the changes we make and is in accordance with applicable law. We encourage you to review this Privacy Notice frequently to be informed of how Axitech is protecting your information.
What are your data subject rights in the UK and Europe?
Axitech would like to make sure you are fully aware of all your data protection rights. Every user or witness is entitled to the following:
The right to Correct or Update Your Information – If you would like to correct or update personal information that you have provided to us, please send an email to [email protected] and request that we update your details.
The right not to provide consent or to withdraw consent – We may seek to rely on your consent in order to process certain personal information. Where we do so, you have the right not to provide your consent or to withdraw your consent at any time for the use of our products and services. This does not affect the lawfulness of the processing based on consent before its withdrawal.
The right to access – You have the right to request Axitech for copies of your personal data.
The right to rectification – You have the right to request that Axitech correct any information you believe is inaccurate. You also have the right to request Axitech to complete information you believe is incomplete.
The right to erasure – You have the right to request that Axitech erase all your personal data. Also known as the right to be forgotten.
The right to restrict processing – You have the right to request that Axitech restrict the processing of your personal data.
The right to object to processing – You have the right to object to Axitech’s processing of your personal data.
The right to data portability – You have the right to request Axitech transfer the data we have collected to another organisation or directly to you.
The right to lodge a complaint to your local Data Protection Authority – You have the right to lodge a complaint with your national Data Protection Authority or equivalent regulatory body. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us.
Additional Rights for the EEA, UK and Certain Other Territories: If you reside in certain territories (such as the European Economic Area or the UK), you may have the right to exercise certain privacy rights available to you under applicable laws. We will process your request in accordance with applicable data protection laws. We may need to retain certain information for record-keeping purposes and/or to complete transactions that you began prior to requesting any deletion.
The above rights are not all absolute and whether you can use one of these rights may depend on the way we obtained your information or the legal basis on which we use your personal information.
More information about how and when you can exercise these rights is available from https://ico.org.uk/your-data-matters/.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us:
Email: [email protected]
Address: Axitech Group Ltd, 1 Park Row, Leeds, LS1 5AB
Certain Axitech Services – Certain Axitech Services may be used by our customers to collect personal information about you. In such cases, we are processing such personal information purely on behalf of our customers and any individuals who seek to exercise their rights should first direct their query to our customer (the data controller). See “Information we process on behalf of our customers”.
You can exercise the rights listed above at any time by contacting us and if you feel that your request or concern has not been satisfactorily resolved, or our response is not provided within a reasonable time, you may approach your local data protection authority (links here for residents of the EEA or Australia). The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal information, as well as deal with any complaints that you have about our processing of your personal information.
UK and Europe and our “lawful basis” for using your data
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it and the purposes for which it is used.
However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some very rare cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time, or upon request, what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact Us” heading below.
Your Rights as a California Resident
We are providing this California specific privacy notice to supplement the information and disclosures already contained in our Privacy Notice. This section applies only to California consumers. It describes how we collect, use, and share California consumers’ (“you”, “your”) personal information in our role as a business, and the rights applicable to such residents. For purposes of this section “personal information” has the meaning given in the California Privacy Rights Act (CPRA).
Overview of CCPA and CPRA
The California Consumer Privacy Act (CCPA) is a data privacy law that provides California consumers with a number of privacy protections, including right to access, delete, and opt-out of the “sale” of their personal information. Starting January 1, 2020, businesses that collect California residents’ personal information and meet certain thresholds (e.g., revenue, volume of data processing) will need to comply with these obligations, and the California Privacy Rights Act (CPRA).
The California Privacy Rights Act (CPRA) is a data privacy law that amends and expands upon the CCPA. The law took effect on January 1, 2023.The CPRA provides consumers with expanded privacy rights, including the right to request that the business correct inaccuracies in their personal information and, in certain circumstances, to direct a business to limit its use of sensitive personal information. Additionally, a consumer’s opt out rights may extend to third-party behavioural advertising. That is as of January 1, 2023, the CPRA’s amendments to the CCPA are in effect, and businesses are required to comply with all express statutory requirements. Businesses are also required to comply with those CCPA regulations currently in effect.
To learn more about your California privacy rights, please click here
Axitech does not sell your personal information or your end-users’ personal information. We process your personal information only in order to provide our services and we do not retain, use, or disclose your personal information outside of the scope of the agreement we have with you.
How We Collect, Use, and Share Personal Information of California Residents
When you use our products and services, we collect certain data regarding such use. This data includes “Personal Information” that is defined under the CCPA as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device as detailed in the table below.
The chart below outlines the categories of Personal Information (which are defined by the CCPA, not us) that we have collected and/or disclosed for a business purpose in the preceding twelve months. The examples of Personal Information provided for each category are taken from the CCPA and are included to help you understand what the categories mean.
| Category | Examples of Personal Information | We Collect | We Disclose | We Sell |
| A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s licence number, passport number, or other similar identifiers. | Yes | Yes | No |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s licence or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | Yes | Yes | No |
| C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | No | N/A | N/A |
| D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | No | N/A | N/A |
| E. Biometric information. | Genetic, physiological, behavioural, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | No | N/A | N/A |
| F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | No | N/A | N/A |
| G. Geolocation data. | Physical location or movements. | No | N/A | N/A |
| H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | No | N/A | N/A |
| I. Professional or employment-related information. | Current or past job history or performance evaluations. | No | N/A | N/A |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | No | N/A | N/A |
| K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes. | Yes | Yes | No |
| L. Sensitive Personal Information | The CPRA defines “sensitive personal information” as personal information that reveals (a) consumer’s Social Security or other state identification number; (b) a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (c) consumer’s geolocation; (d) consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; (e) the contents of a consumer’s mail, email, or text messages, unless the business is the intended recipient of the communication; and (f) consumer’s genetic data. | Yes | Yes | No |
We have collected the following statutory categories of personal information in the past twelve (12) months from general sources including you, your use of our Services, your devices, our business partners, our clients, and our service providers. More specific information about Personal Information we collect is laid out in this Privacy Notice:
- [A] Identifiers, such as your name, e-mail address, and phone number. We collect this information directly from you or from third party sources.
- [B] Personal information. Customer records information; such as insurance policy number.
- [G] Geolocation data, such as location of collision. We collect this information from your device.
- [K] Information collected in connection with your use of our Services, including communications usage information and the communications content processed through the services.
- Sensitive Personal Information, geolocation data such as location of collision.
- Other personal information, in instances when you interact with us online, by phone or e-mail in the context of receiving support from our customer service teams.
As also explained in our Privacy Notice, we share your Personal Information with the following categories of CCPA third parties:
- Affiliates.
- Vendors and service providers, including for data analytics.
- Third parties integrated into our Services.
- Third parties as required by law and similar disclosures.
- Third parties in connection with a merger, sale, or asset transfer.
- Other third parties for whom we have obtained your permission to disclose your Personal Information.
Use of Personal Information of California Residents
The CCPA defines various business and commercial purposes for collecting, using, and disclosing Personal Information. While we collect, use, and disclose Personal Information pursuant in the section of this Privacy Notice entitled “Why we collect your information and how we use it”. The categories of third parties to whom we “disclose” this information for a business purpose are described in the section of this Privacy Notice entitled “Who we share your information with and why” we wanted to clarify out that this includes Personal Information in accordance with the specific CCPA business and commercial purposes below:
- Auditing related to a current interaction with you and concurrent transactions, including, but not limited to auditing compliance with this specification and other standards.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- Debugging to identify and repair errors that impair existing intended functionality.
- Short-term, transient use.
- Contracting with service providers to perform services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
- Undertaking internal research for technological development and demonstration.
- Undertaking activities to verify or maintain the quality or safety of our Services, and to improve, upgrade, or enhance our Services.
- Otherwise enabling or effecting, directly or indirectly, a commercial transaction.
- Commercial purposes, as defined under the CCPA.
- For other purposes for which we provide specific notice at the time the information is collected.
Your Rights as a California Resident
You have certain rights as a consumer regarding the personal information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.
- Right to Delete Personal Information. Subject to certain exceptions, you have the option to delete Personal Information about you that we have collected from you. You may submit a verifiable request to delete your information and at our direction, we shall delete and shall notify our own service providers or contractors to delete personal information about you that has been collected, used, processed, or retained by the service provider or the contractor.
- Right to Correct Inaccurate Personal Information. We provide editable options within our Services for you to update your personal information e.g., within web applications. But we also recognise you have the right to request correction of inaccurate personal information. You may submit a verifiable request to correct inaccurate personal information and we shall use commercially reasonable efforts to correct the inaccurate personal information.
- Right to Know What Personal Information is Being Collected. You have the right to request that we disclose the personal information we collect about you. That is, we must disclose the following
(1) The categories of personal information it has collected about that consumer.
(2) The categories of sources from which the personal information is collected.
(3) The business or commercial purpose for collecting, selling, or sharing personal information.
(4) The categories of third parties to whom the business discloses personal information.
(5) The specific pieces of personal information it has collected about that consumer.
You may submit a verifiable request for this information about you during the past twelve months.
- Right to Know What Personal Information is Sold or Shared and to Whom. We do not sell your personal information but may share your personal information to provide some of Services (see Section Who we share your information with and why. As we may share your personal information, or disclose your personal information for a business purpose (to provide our Services) we shall disclose to you, upon the submission of a verifiable request the following:
(1) The category or categories of your personal information we have shared, or if we have not shared your personal information, we shall disclose that fact.
(2) The category or categories of your personal information we have disclosed for a business purpose, or if we have not disclosed your personal information for a business purpose, we shall disclose that fact.
We also ensure that any third parties e.g., Business Partners (see Section Who we share your information with and why) shall not sell or share personal information about a you that has been sold to, or shared with, the third party by a business unless the you have received explicit notice and have been provided an opportunity to exercise the right to opt-out.
- Right to Opt Out of Sale or Sharing of Personal Information. We do not sell your personal information but may share your personal information to provide some of our Services (see Section Who we share your information with and why). You have the right, at any time, to direct us not to share your personal information. This right may be referred to as the right to opt-out of sale or sharing. On receipt of your submission to exercise this right we will stop sharing your personal information, unless you subsequently provide consent, for sharing of your personal information.
- Right to Limit Use and Disclosure of Sensitive Personal Information. Axitech recognises that we collect your geolocation data in certain circumstances e.g., in the event of a crash
You have the right, at any time, to direct us to limit its use of your sensitive personal information to that use which is necessary to perform such services reasonably expected by you who requests those services or to perform the services. Often as our sensitive information is geolocation data is used to provide our Services e.g., Tow, exercising this right will hinder our ability to provide our Services, but you still have the Right to Limit Use and Disclosure of Sensitive Personal Information. On receipt of your submission to exercise this right we do not to use or disclose your sensitive personal information, unless you subsequently provide consent for the use or disclosure of your sensitive personal information for additional purposes.
- Right of No Retaliation Following Opt Out or Exercise of Other Rights. We do not discriminate against you because you exercised any of your consumer’s rights, including, but not limited to, by:
(a) Denying goods or services to the consumer.
(b) Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
(c) Providing a different level or quality of goods or services to the consumer.
(d) Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.
Axitech does not sell personal information to third parties. “California’s “Shine the Light” law, requires certain businesses to respond to requests from California consumers asking about the businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. Axitech does not disclose personal information to third parties for marketing purposes, only to provide services (see section “Who we share information with and why”).
How to Exercise your Rights as a California Resident
Please email us at [email protected] or use our online “exercise your rights submission form” if you would like to exercise your rights pursuant to CPRA or learn more about your rights or our privacy practices.
We will disclose and deliver the required information to you free of charge, correct inaccurate personal information, or delete your personal information, based on the consumer’s request, within 45 days of receiving a verifiable consumer request from you. We shall promptly take steps to determine whether the request is a verifiable request, but this does not extend our duty to disclose and deliver the information, to correct inaccurate personal information, or to delete personal information within 45 days of receipt of the request.
The time period to provide the required information, to correct inaccurate personal information, or to delete personal information may be extended once by an additional 45 days when reasonably necessary, provided you are provided notice of the extension within the first 45-day period. The disclosure of the required information is made in writing and delivered through your account with Axitecht, if you have an account and this is feasible, or by mail or electronically at your discretion if the consumer does not maintain an account with the business, in a readily usable format.
We may require authentication from you, that is reasonable in light of the nature of the personal information requested, but we will not require you to create an account with Axitech in order to make a verifiable consumer request provided that if you have an account, we may require you to use that account to submit a verifiable consumer request.
The disclosure of the required information shall cover the 12-month period preceding the business’ receipt of the verifiable request.
You may request that we disclose the required information beyond the 12-month period, and we will be required to provide that information unless doing so proves impossible or would involve a disproportionate effort. Your right to request required information beyond the 12-month period, and our obligation to provide that information, shall only apply to personal information collected on or after January 1, 2022.
Your rights as a Virginia Resident
This section supplements this Privacy Notice and applies to the personal data of Virginia residents in order to comply with the Virginia Consumer Data Protection Act (“VCDPA”), effective January 1, 2023. This notice applies to natural persons who are residents of Virginia acting only in an individual or household context. It does not apply to natural persons acting in a commercial or employment context.
Categories of Personal Data We Collect of Virginia Residents
The VCDPA requires us to give you information about the categories of personal data we process, our purpose for processing it, the categories of third parties with whom we share personal data, and the categories of personal data we share with such third parties. This table sets out our relevant practices. Our collection, processing and disclosure of personal data depends on your relationship with us and your interaction with the Services.
| Category | Processed? | Sources Collected From | Purpose for Processing | Categories of 3rd Parties & Other Entities To Whom We May Disclose |
| Identifiers, such as name, postal address, contact details, email address, IP address, online identifiers or personal preferences | Yes |
|
|
|
| Characteristics of Protected Classifications, such as race, sex, gender, sexual orientation, marital status, military or veteran status, nationality | No | N/A | N/A | N/A |
| Commercial Information, such as products or services purchased or obtained or considered, or other purchasing or consuming histories or tendencies | Yes |
|
|
|
| Internet or other electronic network activity information | Yes |
|
|
|
| Geolocation data, such as city, state or country | Yes |
|
|
|
| Audio, electronic, visual, thermal, olfactory or similar information | No | N/A | N/A | N/A |
| Professional or Employment related information, such as business contact details, job title or employer | No | N/A | N/A | N/A |
| Inferences drawn from this information, such as preferences or other consumer characteristics | Yes |
|
|
|
| Sensitive Personal Data, such precise geolocation data, person’s racial or ethnic origin or sexual orientation | Yes |
|
|
|
Purposes for Processing Personal Data of Virginia Residents
We process personal data to offer and administer our products and services. We use personal data for the purposes set out in the “Why we collect your data and how we use it” section of the Axitech Privacy Notice.
Sharing of Personal Data of Virginia Residents with Third Parties
We do not share personal data with third parties (other than service providers and business partners; see section “Who we share information with and why”) unless you direct us to do so, or where required by law.
We may share personal data with other parties as follows:
- Our affiliates, as needed to operate our business and provide services.
- Service providers or contractors, such as business partners, and other service providers who perform certain services on behalf of Axitech, in which case we enter a contract that describes the purpose of processing and requires the recipient to not use it for any purpose except performing the contract (see section “Who we share information with and why”).
Selling, Targeted Advertising, and Profiling of Virginia Residents
We do not sell personal data to third parties.
We do not process personal data for targeted advertising purposes (as defined under the VCDPA). You can view our cookie policy in this notice and our website cookie notice on our website.
We do not process personal data for the purpose of profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.
Your Rights as a Virginia Resident
As a Virginia resident, you may have certain rights in relation to your personal data.
Right to Confirm
You may have the right to confirm whether we process your personal data and to access such personal data.
Right to Delete
You may have the right to request that we delete your personal data that we have collected about you. Subject to certain exceptions, we must delete your personal data.
Right to Correct Inaccurate Personal Data
You may have the right to request that we correct inaccurate personal data about you, taking into account the nature of the personal data and the purposes of the processing of your personal data.
Right to Opt-Out of Processing of Personal Data for Targeted Advertising.
You may have the right to opt-out of the processing of your personal data for purposes of targeted advertising. Axitech DOES NOT process data for Targeting Advertising.
Right to Opt-Out of the Sale of Personal Data
You may have the right to opt-out of the sale of your personal data. Axitech DOES NOT sell personal data.
Right to Opt-Out of Profiling
You may have the right to opt-out of the processing of your personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. Axitech DOES NOT profile.
Right to Obtain a Copy of Your Personal Data
You may have the right to obtain a copy of your personal data that you previously provided to us.
Right to Non-Discrimination
You have the right to not be discriminated against by us for choosing to exercise your rights under the VCDPA.
Authenticating Requests of Virginia Residents
We only comply with requests when we can authenticate that you are a Virginia resident exercising your rights regarding your personal data.
We may need additional information from you to authenticate your request. We may need additional information from you to match the information we already have about you in order to authenticate your request. We will let you know via email if we need more information from you to authenticate your request. Please reply to our requests promptly.
We will communicate with you via email. We will use the email address you provided when submitting your request.
If we cannot authenticate your identity, we will let you know.
Responding To Requests of Virginia Residents
We aim to promptly authenticate and respond to your requests within 45 days of receipt but may require a total of 90 days to respond to your requests. If we require additional time beyond the initial 45 days and that time is reasonably necessary, we will let you know within the first 45 days.
If we determine that we cannot or will not take the action that you requested, we will let you know. We will inform you of our reasons for not taking action and any rights you may have to appeal the decision.
We will respond to your requests via email. We will contact you at the email address you provided when submitting your request(s).
Limitations for Virginia Residents
The VCDPA does not apply in full to all personal data we collect from Virginia residents. As set out in” above, the VCDPA is not fully applicable to some personal data collected from Virginia residents. Therefore, even if you are a Virginia resident and submit an authenticated request, we may not be required to comply with your request.
Information provided in response to a consumer request shall be provided free of charge, up to twice annually per consumer. If requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable fee to cover the administrative costs of complying with the request or decline to act on the request.
Please contact us if you wish to exercise your rights under VCDPA or wish to appeal Axitech’s decision with respect to a request to exercise your rights: Email: [email protected]