As a service provider and employer, Undagrid collects, processes, and stores data that may include personal information. This data is stored and processed in accordance with the principles of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
This document refers to all customers, potential customers, and previous customers who use(d) Undargrid’s products & services, as well as visitors of the company’s website and all individuals that are an employee, applicant, or contractor of the company.
Undagrid B.V. is a Dutch Limited Liability company listed on the Trade Register of the Dutch Chamber of Commerce under 60455861. We provide state-of-the-art solutions to manage dynamic business assets in numerous logistical processes. For this, we use and enrich sensor-generated data in an Internet-Of-Things environment. As Data Controller, we are ultimately responsible for the processing of your personal data.
The General Data Protection Regulation 2016 replaces the EU Data Protection Directive of 1995 and supersedes the laws of individual Member States that were developed in compliance with the Data Protection Directive 95/46/EC. Its purpose is to protect the “rights and freedoms” of natural persons (i.e. living individuals) and to ensure that personal data is only processed and stored with their knowledge, and, to the extent possible, with their consent.
Article 5 of the GDPR outlines the six principles that should be applied to any collection, storing, or processing of personal data:
Personal data must be processed lawfully, fairly, and transparently;
Personal data can only be collected for specified, explicit, and legitimate purposes.;
Personal data must be adequate, relevant, and limited to what is necessary for processing;
Personal data must be accurate and kept up to date;
Personal data must be kept in a form such that the data subject can be identified only as long as is necessary for processing;
Personal data must be processed in a manner that ensures its security.
When you use our products and services or are employed by the company, we collect data from you or about you. What data we exactly collect depends on what you use and how you use it. In general, there are 3 categories of data we collect:
Data you provide;
Data collected via sensors;
Metadata.
Data you provide
This is data entered by the customer when using our products and services, or data that you provide as part of your employment with the Company.
This data includes
information relating to your business: all contact details, invoicing details, business locations;
Information relating to users of our applications: name, email address, work addresses, phone number, username, and passwords;
Information pertaining to other individuals in your organization e.g. drivers’ names, home locations, and contact details;
Information relating to the fulfillment of the obligations of the employment agreement.
As the owner of this data, you are responsible for ensuring the accuracy of the data that you enter, and the timely update or deletion of data that is no longer necessary.
Data collected via sensors
Undagrid’s solutions utilize sensors to record location, usage, movement, and other status information regarding dynamic assets. These sensors will automatically collect data and transmit it to Undagrid’s systems platform where it is processed and stored. In some cases, this information could indirectly identify an individual and thus would be classed as personal information.
In some cases, Undagrid also processes and stores sensor collected data of third-party telematics or smart device solutions in order to fulfill its contractual obligations towards its customers.
Metadata
This refers to any data that may be collected or automatically generated while you use UG’s products or services. In many cases, metadata is collected inherent to you using a computing/mobile device or inherent to transmitting data over computer networks, such as the internet. This data includes user interface and other device usage events, IP addresses, unique device identifiers, cookies, and records of computer activity.
About UNO
UNO (SDK and API) is a technical solution that helps organizations utilize their BLE sensors. If you have installed an App with the UNO SDK inside on your smart device, the device collects data of BLE sensors that have been in its proximity and are of interest to the UNO client. Below we will briefly explain how UNO works.
The UNO SDK within the App recognizes BLE sensors via Bluetooth. Those BLE sensors use unique codes to identify themselves and they are able to share information via their payload e.g. temperature.
If the smart device is in proximity to a BLE sensor that is of interest to the UNO client, the unique identifier, the payload together with the location and state of the smart device get shared with the UNO cloud. This is all encrypted and anonymous.
Undagrid processes personal information in order to support its products and services, as well as customer management and financial administration purposes. It also processes personal data as part of its HR activities, marketing, campaigns, company website, and security and fraud prevention purposes.
For its core activities, it processes such data as a necessity for the performance of its contractual obligations. In other cases, this data is processed to pursue the Company’s legitimate commercial interests or to comply with legal obligations.
In principle, all personal data is stored within the European Economic Area (EEA). In the exceptional case cases where Personal Data is transferred or processed outside the EEA by UG or on UG’s behalf, the Company will use the Privacy Shield, the EU Model Clauses, or other acceptable legally binding instruments to protect your privacy and fundamental rights as much as possible.
For the storage and processing of your data, we use third-party data processors that provide sufficient guarantees in respect of their technical security and organizational measures. Such data processing services will be governed by an appropriate data processing contract between the company in its role as the data controller and the provider in its role as the data processor. The data processing contract will require the provider to maintain an Information Security Management system in alignment with ISO27001.
Your data may be transmitted to
Data processors that work on behalf of UG (see section above);
Parties that are involved in the execution or fulfillment of an agreement between you and UG.
In most cases, the data is stored only as long as is necessary to fulfill the purpose of the data collection or the purpose for which such data are further processed. However, some data (like for financial administration or HR purposes) are stored for the duration as described by Dutch Civil and Tax law (currently maximum of 7 years).
Undagrid applies a combination of technical and organizational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration,
unauthorized disclosure, or access. Such measures include appropriate encryption of data, two-step authentication processes, or private keys for getting access to UG’s systems landscape.
Cookies are small pieces of (text) information that are sent to your browser when you visit the website of UG and then stored on the hard disk or in the memory of your device. The cookies placed via UG’s website cannot damage your device or the files stored on it. Such cookies are solely used for running Google Analytics tools.
Under the European General Data Protection Regulation, you have a number of rights regarding your data and the processing thereof. These include access to your personal information and making any necessary changes to your account. Under certain conditions, you also have the right to object to UG processing your data or restrict the processing of such data. For a full description of your full rights, we refer to the GDPR legislative publication in the Official Journal of the European Union.
If you wish to exercise any of such rights regarding the processing of your personal data by UG, please contact us via email at gdpr@undagrid.com.
This Privacy Statement is subject to changes from time to time. We, therefore, advise you to regularly read the Privacy Statement for any such changes.
In case you have any further questions, remarks, or complaints regarding this Privacy Statement or the way in which UG uses your data, please contact us via e-mail at gdpr@undagrid.com. Furthermore, you always have the right to contact the competent national data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (www.autoriteitpersoonsgegevens.nl/en).