GPS Service Privacy Policy

Related documents

GPS SERVICE PRIVACY POLICY

This policy governs the processing of personal data in connection with the GPS service, web platform and mobile application of Locator BG Ltd., company registration number 201448898, with registered office and management address at 5 Petko Karavelov Blvd., Ivan Vazov district, 1421 Sofia, Bulgaria. For privacy-related questions you can contact us at info@locatorbg.com.

1. Role of Locator BG

When the client uses the service to monitor its own vehicles, assets, routes, drivers, employees or other related objects and individuals, the client determines the purposes and legal basis of the processing. In such cases:

  • the client acts as controller;
  • Locator BG acts as processor.

Locator BG processes GPS data only on the client’s instructions, unless applicable law requires otherwise.

Locator BG may also act as a controller for certain categories of data when this is necessary for contract management, invoicing, account administration, security, technical support, diagnostics and compliance with legal obligations.

2. Who this policy covers
  • individual clients;
  • representatives and contact persons of corporate clients;
  • platform and mobile application users;
  • drivers, employees and other individuals whose data may be processed in the system at the client’s choice and instruction.
3. Categories of data processed by the platform
  • account and administrative data — name, company, email, phone number, role, user identifier, access and session data;
  • vehicle and device data — registration number, internal identifiers, GPS device / tracker, technical identifiers and device status;
  • location and movement data — GPS coordinates, routes, stops, addresses, speed, mileage, movement time, trip history and derived indicators;
  • driver / employee / user data — where the client chooses to connect a name, phone number, email or another identifier with a particular driver, user or vehicle;
  • support, security and technical-event data — login and access logs, system events, errors, incidents and support correspondence;
  • additional module and integration data — where such modules are requested by the client and are necessary for the relevant functionality.
4. Purposes of processing

Client purposes as controller: fleet management, logistics, asset protection, reporting, transport organisation and other lawful purposes determined by the client.

Locator BG purposes as processor:

  • receiving and storing device data;
  • providing the platform’s standard functionality;
  • calculating trips, routes, stops, addresses, mileage, speed and other derived indicators;
  • visualising data, reports and statements;
  • providing access to the platform and application;
  • support, diagnostics and technical operability;
  • executing the client’s instructions.

Locator BG purposes as controller: contractual relations, invoicing, accounting, security, abuse prevention, accounts, logs and legal obligations.

5. Legal bases

Where Locator BG acts as processor, the legal basis for the main processing is determined by the client as controller.

Where Locator BG acts as controller, the processing is based, as applicable, on:

  • performance of a contract — for contractual relations, accounts, access and provision of the service;
  • legal obligation — for accounting, invoicing and other mandatory records;
  • legitimate interest — for security, abuse prevention, technical logs and diagnostics, where applicable.
6. Lawful use of the service by the client

The client is responsible for using the service in compliance with applicable law, including personal data protection law. The client should:

  • have an appropriate legal basis for the processing;
  • inform the relevant individuals where required;
  • use the service lawfully and proportionately;
  • not use the service for unlawful covert surveillance.

Where the client requests an integration or the sharing of data with an external platform, the client is responsible for having an appropriate legal basis for that sharing as well.

7. Categories of recipients
  • hosting and technical infrastructure providers;
  • support and technical service providers;
  • other subcontractors and service providers where necessary for maintaining and delivering the service;
  • external platforms and integrations upon the client’s explicit request or instruction;
  • professional advisers where necessary;
  • competent public authorities and institutions where disclosure is required by law.

Whenever we use external providers, we assign only the processing necessary for the relevant service and require appropriate safeguards for personal data.

8. International transfers

At present the service is organised so that service data are processed in Bulgaria. If in the future a transfer of personal data outside the European Union or the European Economic Area becomes necessary, the safeguards and transfer mechanisms required by law will be applied.

9. Retention periods
  • GPS and operational data within the service: up to 2 years back during the term of the contract;
  • after contract termination: active GPS and operational data are deleted within 30 days;
  • backup copies: may be retained for up to 1 additional month after that;
  • support correspondence and tickets: up to 12 months;
  • login, security and technical-event logs: up to 6 months;
  • contractual, accounting and invoicing data: for the periods required by applicable law.

The stated post-termination deletion periods apply to GPS and operational service data and do not exclude the retention of contractual, accounting or other data that must be retained under law.

10. Data subject requests

Where we receive a direct request relating to GPS data processed on behalf of a client, we may direct the individual to the relevant client as controller and provide technical assistance to the client where necessary.

Where the request relates to data processed for our own purposes, we will handle it under the generally applicable rules.

Requests relating to personal data may be submitted to info@locatorbg.com. In certain cases we may ask for additional information needed to verify identity.

11. Access, export and support

Part of the information and reports may be available for direct access or export by the client through the platform. In other cases assistance from our side may be required.

12. Automated decision-making

Locator BG does not perform automated decision-making with legal or similarly significant effects on individuals.

13. Security

We apply appropriate technical and organisational measures for data protection, including restricted access, event and action logging, organisational and technical safeguards, and control over maintenance and authorised access.

14. Mobile application and phone location

The mobile application may use the phone’s location for visualisation purposes, but that location is not sent to Locator BG unless such functionality is expressly introduced and separately disclosed later.

15. Children

The service is not intended for children and we do not knowingly collect personal data from children.

16. Changes to this policy

We may amend this policy when legal requirements, technologies, service functionality or processing practices change. Changes become effective upon publication on the website. This page will always show the date of the last update.