Updated January 4, 2023
Privacy Policy
Fleeti places the utmost importance and care on protecting the privacy of personal data, as well as complying with legal provisions in this area.
Purpose of this Charter
Fleeti implements Personal Data Processing, for which it is responsible.
Through this Personal Data Protection Charter, Fleeti wishes to inform all Data Subjects of:
The characteristics of the Data Processing collected and processed under its responsibility;
The commitments it makes to respect Personal Data and allow its Clients to exercise the rights conferred on them by the Regulations, where applicable.
As part of its contractual relationship with the Data Subjects, Fleeti undertakes to comply with the regulations in force applicable to the Processing of Personal Data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (hereinafter the "GDPR"), as well as Law No. 78-17 of 6 January 1978 in its latest version in force. Terms beginning with a capital letter in this article have the meaning given to them by the applicable regulations on the protection of Personal Data.
Who are the Recipients of the Personal Data collected?
The collection of Personal Data is intended for Fleeti as the Data Controller, which guarantees its confidentiality, as well as for three partners: OVH, Azure, and Navixy.
Fleeti informs the Data Subject that Personal Data may be used by Fleeti staff or that of the group's entities. These Recipients are subject to strict confidentiality and security obligations and will have access to Personal Data within the limits of the determined Purposes.
Data security
Fleeti is committed to protecting your personal data against any loss, destruction, alteration, unauthorized access or disclosure. We implement appropriate technical and organizational measures with regard to the nature of the data and the risks involved in the processing. These measures are aimed at preserving the security and confidentiality of your personal data and, in particular, to prevent it from being distorted, damaged, or accessed by third parties.
These measures may include practices such as limited access to data by authorized service personnel, contractual guarantees in the event of recourse to an external service provider, regular reviews of our privacy practices and policies, physical and/or logical security measures (secure access, authentication process, backup copies, software, antivirus, firewalls, etc.).
Is a transfer of Personal Data planned? If so, under what contractual conditions and to which countries?
The Data Subject is informed that, unless otherwise required by law, Fleeti may, in the course of its mission, use third parties who may be located outside of France (but within the European Economic Area), who may be other entities of the group and/or service providers acting on its behalf, who provide administrative services, IT infrastructure (including, where applicable, "cloud" type service providers), as well as services that support its activity. These third parties, for whom it remains responsible, are subject to strict confidentiality and security obligations in accordance withArticle 28andArticle 29of the GDPR.
Fleeti does not transfer your data outside the European Economic Area
(EEA). Otherwise, contractual mechanisms and binding legal processes will be put in place to legally transfer personal data beyond the borders of the EEA area and secure these data flows.
What access is possible to the Personal Data collected?
The person concerned by the Data Processing implemented by Fleeti, in application ofArticle 18of the GDPR, has the following rights:
A right of access, that is to say, to obtain confirmation that the Data is or is not being processed and, when it is, access to said Data, as well as various information including the purposes of the Processing, the category of Data, the recipient(s) of the Data, etc.
A right to modify, as soon as possible, Data that is inaccurate, incomplete, outdated or ambiguous, or the collection and Processing of which is prohibited;
A right to object to the Processing or transfer of Data, unless there are legitimate and compelling reasons that override the interests of the Data Subjects;
A right to erasure of Data that can be requested in the cases defined by law (Article 17 GDPR);
A right to restriction of Data Processing concerning the Data Subject for the following reasons:
For a duration allowing the Data Controller to verify the accuracy of the personal data, when the data subject disputes it;
The Processing is unlawful and the Data Subject objects to their erasure and demands the restriction of their use instead;
The Data Controller no longer needs the Personal Data for the purposes of the Processing, but they are still necessary for the data subject to establish, exercise or defend legal claims;
During the verification of whether the legitimate grounds pursued by the Data Controller override those of the data subject when the latter has objected to the Processing.
The Data Subject can exercise these rights by sending a letter or email directly to Fleeti at the following address: 97 ALL THEODORE MONOD 64210 BIDART and/or an email to the following address: dpo@fleeti.co
The Data Subject also has the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), in particular on its website
www.cnil.fr
