Privacy Policy
PRIVACY POLICY
Table of Contents
Dear user,
Your data, your trust and your satisfaction are very important to us. Therefore, please read the following pri-vacy policy carefully!
Scope of This Privacy Policy and Products Covered
This privacy policy applies to the products and services operated and controlled by Assured Technologies SAS, including the following business-to-business (B2B) solutions:
GO-Trak: a vehicle tracking and movement management solution provided via a web platform and an Android mobile application.
GO-Move: a vehicle movement and logistics solution provided via a web platform and mobile applications for Android and iOS.
GO-Plan: a planning and optimisation solution provided via a web platform.
The products are offered exclusively to business customers. Access is provided by the relevant customer or-ganisation to its authorised users, such as employees or operators. Individual consumer use is not supported.
The products are offered globally. All products are operated, maintained, and controlled by Assured Technol-ogies SAS, including in cases where white-label versions of the products are provided to customers. In relation to the operation, security, and technical management of the products and services, Assured Technologies SAS acts as data controller. Customer organisations act as data controllers for the personal data they choose to process within the products for their own operational purposes
The products operate as logically separate systems. GO-Trak may be offered as an add-on to, or integrated with, GO-Plan at the request of the customer organisation. Where such integration is enabled, data generated by GO-Trak may be made available within GO-Plan solely to provide the contracted functionality. No data is shared between products unless explicitly configured by the customer organisation.
This privacy policy applies to the use of the above products, including their web platforms, mobile applica-tions, backend systems, and related services.
1. General information
1.1. We care about your privacy
Thank you for your interest in our offer. When using our products and services, including our web platforms and mobile applications, you can rely on us to handle the personal data entrusted to us responsibly and not to pass it on to third parties without authorization. The protection of your personal data is of particular im-portance to us.
The following privacy policy is intended to inform you about the nature, scope and purpose of the processing of personal data within our online offer and the associated products and services, including our web platforms and mobile applications and functions (hereinafter collectively referred to as the “online offer”). With regard to the terms used in our privacy policy, such as “processing” or “controller”, we refer to the definitions in the General Data Protection Regulation (see Art. 4 GDPR). Furthermore, we would of course like to inform you about the rights to which you are entitled, the so-called rights of data subjects. The processing activities de-scribed in this privacy policy relate to the use of our products and services, including our web-based platforms and mobile applications. Certain processing activities apply specifically to mobile applications and are de-scribed in more detail in later sections of this policy.
In principle, the use of our products and services, including our web platforms and mobile applications, is pos-sible without any indication of personal data. However, we would like to point out that the processing of per-sonal data may be necessary if you wish to make use of certain services via our products and services, includ-ing our web platforms and mobile applications.
As the data controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data that may be processed via this products and services, including our web platforms and mobile applications. Nevertheless, internet-based data transmissions can generally have security gaps, i.e. absolute protection cannot be guaranteed even by us. For this reason, you are free to transmit any necessary personal data to us by alternative means, such as by telephone.
1.2. Address of responsibility
The person responsible for data processing within the meaning of the GDPR is:
Assured Technologies SAS
865 Av. de Bruxelles
83500 La Seyne-sur-Mer
France
E-mail: info@assuredtechnologies.com
Website: www.assuredtechnologies.com
Contact person for data protection at Assured Technologies SAS:
If you have any questions about the protection of your personal data at Assured Technologies SAS, please contact: datasecurity@assuredtechnologies.com
1.3. Relevant legal basis
The processing of personal data, e.g. of the name, address, e-mail address or telephone number of a data subject, is carried out by us exclusively in accordance with the requirements of the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to us in France.
According to the provisions of Art. 13 GDPR, we provide you with the legal basis for our data processing be-low: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the fulfilment of our contractual service obligations as well as for answering inquiries is Art. 6 (1) (b) GDPR, the legal basis for processing to comply with our legal obligations is Art. 6 (1) (c) GDPR, and the legal basis for processing for the purposes of safeguarding our legitimate interests is Art. 6 (1) (f) GDPR. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR is the legal basis.
1.4. Deletion and blocking of data
We adhere to the principles of data avoidance and data economy. The personal data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its in-tended purpose and the deletion does not conflict with any statutory retention obligations. Unless the data is erased because it is necessary for other purposes permitted by law, its processing will be restricted. This means that the data will be blocked and will not be processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons. According to the legal requirements in France, the obligation to keep records is between 2 (civil and commercial documents) and 6 years for tax matters and up to 10 years for accounting documents. Specific retention and deletion criteria for data processed through our products and mobile applications are described in the section ‘Retention of Product and Application Data’.
1.5. Disclosure of personal data
We will only pass on your personal data to third parties for processing within the scope of the intended pur-pose. Our employees and suppliers/partners are obliged by us to maintain confidentiality and secrecy and to maintain data secrecy by law.
1.6. SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, our site uses SSL or TLS encryp-tion. You can recognize an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
1.7. Mobile Applications – General Privacy Information
This privacy policy applies to all products and services provided by Assured Technologies SAS. The following information applies generally to the use of Assured Technologies SAS mobile applications.
Our mobile applications are business-to-business tools provided to customer organisations. Access is granted by the customer organisation to authorised users, such as employees, drivers, or operators.
Depending on the product and configuration, mobile applications may process personal data to deliver core operational functionality. Mobile applications are not used for consumer profiling, advertising, or marketing purposes.”
2. Data collection, types of data processed, categories of data subjects, purposes of processing
2.1. Location and Movement Data
Certain products and mobile application features process precise location and movement data to support operational use cases such as vehicle tracking, logistics coordination, movement documentation, mileage calculation, and reporting.
Where such functionality is enabled by the customer organisation, location data may be collected during ac-tive use of a mobile application and, where required to ensure uninterrupted operation, while the application is running in the background or when the device is not actively in use.
This processing is necessary to deliver the contracted service and cannot be disabled without impacting core functionality. Location data is not used for advertising, marketing, or consumer profiling.
2.2. Product-Specific Data Processing Overview
The categories of personal data processed, the purposes of processing, and the technical means of collection vary depending on the product used. The following subsections describe product-specific data processing activities for GO-Trak, GO-Move, and GO-Plan.
2.2.1. GO-Trak – Data Collection and Purpose of Processing
GO-Trak may process personal data to enable vehicle tracking, movement management, and operational reporting for customers operating in the car rental, fleet management, and vehicle logistics sectors.
The following categories of personal data may be processed:
• Location data collected from mobile devices
• Vehicle movement and journey data
• Usage and interaction data generated through the web platform and mobile application
• Technical and diagnostic data necessary for system operation and security
Location data is processed to track vehicle movements between locations, calculate mileage and distance travelled, analyse operational driving events, generate movement and compliance reports, and ensure service accuracy and accountability for customer organisations.
Location data may be collected while the mobile application is in active use (foreground). Where configured and authorised by the customer organisation, location data may also be collected while the application is running in the background to ensure uninterrupted tracking during vehicle movements and handovers.
The collection of location data is essential to the primary purpose of the GO-Trak application and the service cannot operate correctly without it.
Access to GO-Trak data is restricted to authorised users within the customer organisation and to Assured Technologies SAS personnel where required for system operation, support, and security.
2.2.2. GO-Move – Data Collection and Purpose of Processing
GO-Move may process personal data to support vehicle movement coordination, logistics workflows, and operational visibility for customer organisations.
The following categories of personal data may be processed:
• Movement and assignment data
• User-provided operational data
• Usage data generated through web and mobile applications
• Technical and diagnostic data required to ensure application functionality and security
GO-Move data is processed to plan, manage, and document vehicle movements, support logistics coordina-tion, and provide operational reporting in accordance with customer requirements and contractual agree-ments.
GO-Move is provided via a web platform and mobile applications for Android and iOS. Data processing is lim-ited to what is necessary to deliver the contracted functionality.
2.2.3. GO-Plan – Data Collection and Purpose of Processing
GO-Plan may process personal data to enable planning, optimisation, and operational oversight functions for customer organisations.
The following categories of personal data may be processed:
• Planning and scheduling data
• Configuration and account-related data
• Usage data generated through the web platform
• Technical data necessary for system operation and security
GO-Plan is provided via a web-based platform. Data is processed to support planning activities, optimise op-erational workflows, and provide reporting and decision-support tools for customers.
2.3. Hosting
We use hosting services to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security and technical maintenance services that we use for the purpose of operating this products and services, including our web platforms and mobile applications. In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, us-age data, meta and communication data of customers, interested parties and visitors to this online offer in order to pursue our legitimate interests in the efficient and secure provision of this offer in accordance with Art. 6 (1) (f) and Art. 28 GDPR. The hosting services described above are used to support the operation of GO-Trak, GO-Move, and GO-Plan, including the processing and storage of data generated through their web plat-forms and mobile applications.
2.4. Collection of access data
Every time our products and services, including our web platforms and mobile applications is accessed by a data subject or by an automated system, our products and services, including our web platforms and mobile applications collects a series of general data and information in order to pursue our legitimate interests in accordance with Art. 6 (1) (f) GDPR. This general data and information is stored in the log files of the server. The data includes (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the referrer URL, (4) the date and time of access to the products and services, including our web platforms and mobile applications, (5) the IP address, (6) the Internet service provider of the accessing system, (7) protocols, status code and data volume; (8) the directory protection user, and (9) other similar data and information used to avert security in the event of attacks on our IT systems. In addition to access data col-lected via our web platforms, technical log data may be generated by our mobile applications, such as diag-nostic information, error reports, and performance data. This data is processed solely for the purposes of ensuring system stability, security, and functionality.
IP addresses are stored anonymously. To do this, the last three digits are removed. IPv6 addresses are also anonymized. Information about the directory protection user used is anonymized after one day. Error logs, which log erroneous page views, are deleted after seven days. In addition to the error messages, these in-clude the accessing IP address and, depending on the error, the products and services, including our web plat-forms and mobile applications accessed. Access via FTP is logged anonymously and stored for 60 days. The mail logs for sending e-mails from the web environment are anonymized after one day and then kept for 7 days. In the case of anonymization, all data about the sender/recipient etc. is removed. Only the data at the time of sending and the information on how the e-mail was processed are preserved (queue ID or not sent). Mail logs for sending via our mail servers will be deleted after four weeks. The longer retention period is nec-essary to ensure the functionality of the mail services and to combat spam. It is not possible to determine the storage period individually.
Data whose further storage is necessary for evidentiary purposes is excluded from deletion until an incident has been clarified.
When using this general data and information, no conclusions are drawn about the data subject. This infor-mation is required in order to (1) deliver the content of our products and services, including our web platforms and mobile applications correctly, (2) optimize the content of our products and services, including our web platforms and mobile applications and the advertising for it, (3) ensure the long-term functionality of our IT systems and the technology of our products and services, including our web platforms and mobile applica-tions, (4) enable us to respond to contact requests and communicate with users, and (5) to provide law en-forcement authorities with the information necessary for criminal prosecution in the event of an attack. Pro-vide. This anonymously collected data and information is therefore evaluated by us statistically and with the aim of increasing data protection and data security in order to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
2.5. Data processing for the performance of services
We also process our customers’ data as part of our contractual services, which include, among other things, conceptual and strategic consulting, preparation of analyses, training, etc. In addition to consulting or support services, personal data is processed to provide the core functionality of our products GO-Trak, GO-Move, and GO-Plan, including tracking, planning, reporting, and operational analysis in accordance with customer con-tracts
In doing so, we process inventory data, contact data, content data, contract data, payment data, usage and metadata. As a matter of principle, we do not process special categories of personal data. The circle of data subjects includes customers, interested parties and their customers, users, products and services, including our web platforms and mobile applications visitors, employees and third parties. The purpose of the pro-cessing is the provision of contractual services, billing and customer service on the basis of Art. 6 (1) (b) GDPR. We process data that is necessary for the establishment and fulfilment of the contractual services and only disclose the data to third parties if this is necessary in the context of order fulfilment. When processing the data provided to us in this context, we act in accordance with the instructions of the client as well as the legal requirements for order processing in accordance with Art. 28 GDPR. The data will not be processed for any purposes other than those specified in the order. The data will be deleted after the expiry of the statutory warranty or comparable obligations, whereby the necessity of storage will be reviewed every 3 years. If there are statutory retention obligations, the data will be blocked accordingly.
2.6. Data processing in the context of the company’s organization
In the context of the organisation of the company, internal administrative tasks, financial accounting and the fulfilment of legal obligations, we generally process the same data that we process in the context of the pro-vision of our contractual services in accordance with Art. 6 (1) (c) and (f) GDPR. Affected are customers, pro-spects, business partners and products and services, including our web platforms and mobile applications visi-tors. The purpose of the processing is administration, financial accounting, organization, archiving, mainte-nance of business activities, performance of our tasks and provision of contractually owed services. In doing so, we disclose data to the tax authorities, tax consultants, auditors, fee offices and payment service provid-ers. In addition, we store information on suppliers, event organisers and other business partners on the basis of our business interests. This company-related data is usually used. stored permanently.
We analyse the data available to us on business transactions, contracts, enquiries, etc. and to operate our company economically and to be able to recognise market trends and customer wishes. On the basis of Art. 6 Art. 1 lit. f GDPR, we process inventory data, communication data, contract data, payment data, usage data, metadata. Data subjects are customers, interested parties, business partners, visitors and users of the online offer. The analyses are not disclosed externally, except in the case of anonymous analyses with aggregated values.
2.7. Contact
When contacting us (via contact form, e-mail, telephone, etc.), the user’s details will be processed for the purpose of processing the contact request and its processing in accordance with Art. 6 (1) (b) GDPR. The in-formation provided by users may be stored in a CRM system or a comparable request organization. The data entered will not be passed on without the consent of the person concerned. We delete the requests and data immediately if we are asked to delete them or if the data subject revokes their consent to storage or if the purpose for storing them no longer applies, i.e. if they are no longer required. We review the need for reten-tion every 2 years. In all other respects, the general statutory retention obligations apply.
2.8. Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third par-ties), transmit it to them or otherwise grant them access to the data, this is done exclusively on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the fulfilment of a contract in accordance with Art. 6 (1) (b) GDPR), You have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called “order processing agreement”, this is done on the basis of Art. 28 GDPR.
2.9. Transfer of data to third countries
However, if we process data in a third country (outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or the disclosure or transfer of data to third parties, this will only take place if it is necessary to fulfil our contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special re-quirements of Art. 44 et seq. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection equivalent to that of the EU or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”). Due to the global availability of our products, personal data processed through GO-Trak, GO-Move, and GO-Plan may be accessed or processed outside the European Union or Euro-pean Economic Area in accordance with the safeguards described above.
3. Mobile Application Permissions and Device Access
Our mobile applications request access to certain device functions and permissions where this is necessary to provide the contracted functionality of our products. Permissions are requested through operating system permission prompts and are limited to what is required for operation, security, and reliability.
Depending on the product and configuration, permissions may include access to location services, network connectivity, and system functions required for application stability. Permissions can be managed through the operating system settings of the device, subject to organisational policies defined by the customer organisa-tion.
Where required by specific product features, mobile applications may request access to precise location data and background location data. Such permissions are requested solely to enable core operational functionality and cannot be disabled without limiting or preventing the intended use of the service
3.1. Background Location Data Processing
Certain mobile application features provided by Assured Technologies SAS require the processing of precise location data in the background to ensure reliable and uninterrupted service delivery.
Where applicable, location data may be collected while the application is running in the background, including when the application is not actively used or visible on the device screen, for example during vehicle move-ments or operational workflows that require continuous tracking or documentation.
Background location data is processed exclusively for operational purposes defined by the customer organisa-tion and is not used for advertising, marketing, or sold to third parties. Users are informed about background location processing through in-app notices and operating system permission prompts.
4. Retention of Product and Application Data
Personal data processed through GO-Trak, GO-Move, and GO-Plan is retained only for as long as necessary to fulfil contractual obligations with customer organisations, ensure the proper operation and security of the products, and comply with applicable legal requirements.
Retention periods may vary depending on the product, the type of data, and customer configuration. As a general rule, product and application data is deleted, anonymised, or returned to the customer upon termina-tion of the contractual relationship, unless statutory retention obligations or legitimate legal interests require continued storage.
Requests for access, correction, or deletion of personal data processed through the products and mobile ap-plications are typically handled through the customer organisation that controls access to the service. Where Assured Technologies SAS acts as data controller, data subject requests may also be submitted directly using the contact details provided in this policy
5. Rights of data subjects
The GDPR provides for a number of data subject rights, which we would like to inform and enlighten you about below.
5.1. Right to confirmation
You have the right to request an explanation as to whether personal data about you is being processed. To exercise this right, please contact our above-mentioned data protection email address.
Right of access
Furthermore, you have the right to receive information free of charge about the personal data stored about you as well as further information and a copy of the data in accordance with Art. 15 GDPR. You also have the right to obtain access to the following information:
1. the purposes of processing
2. the categories of personal data that are processed
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
4. if possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria used to determine this period
5. the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing or a right to object to such processing
6. the existence of a right to lodge a complaint with a supervisory authority
7. if the personal data is not collected from you as a data subject: any available information about the origin of the data
8. the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the scope and intended effects of such processing for the data subject
You also have the right to know whether your personal data has been transferred to a third country or to an international organisation. If this is the case, you have the right to obtain information about the appropriate safeguards in connection with the transfer. If you wish to make use of this right to information, please con-tact our above-mentioned data protection officer.
5.2. Right to rectification
Pursuant to Art. 16 GDPR, you have the right to request the completion or correction of the data concerning you. Furthermore, you have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data. If you would like to make use of this right of rectification, please contact our above-mentioned data protection officer.
5.3. Right to erasure (right to be forgotten)
In accordance with Art. 17 GDPR, you also have the right to demand that data concerning you be erased with-out undue delay or, alternatively, in accordance with Art. 18 GDPR, to request a restriction of the processing of the data, provided that one of the following reasons applies and insofar as the processing is not necessary:
• The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
• The data subject withdraws his or her consent on which the processing was based pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
• The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
• The personal data has been unlawfully processed.
• The erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
• The personal data was collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.
If one of the above reasons applies and you would like to have personal data stored by us deleted, please contact our data protection officer.
5.4. Right to restriction of processing
You also have the right to obtain from us the restriction of processing if one of the following conditions ap-plies:
• the accuracy of the personal data is disputed by you, for a period enabling us to verify the accuracy of the personal data
• the processing is unlawful, but you oppose the erasure of the personal data and request the re-striction of the use of the personal data instead;
• we no longer need the personal data for the purposes of the processing, but you need it for the es-tablishment, exercise or defence of legal claims
• You have objected to the processing pursuant to Art. 21 (1) GDPR, but it is not yet clear whether our legitimate grounds outweigh yours
If one of the above conditions is met and you would like to request the restriction of personal data stored by us, please contact our above-mentioned data protection officer.
5.5. Right to data portability
Furthermore, you have the right to receive the personal data concerning you that you have provided to us fromus in a structured, commonly used and machine-readable format. In addition, you have the right to re-quest the transfer of this data by us to another controller, provided that the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out by automated means, and where the processing is not necessary for the perfor-mance of a task carried out in the public interest or in the exercise of official authority vested in us and pro-vided that it does not adversely affect the rights and freedoms of other persons. To assert the right to data portability, please contact our above-mentioned data protection officer.
5.6. Right to object
Finally, you have the right to object at any time to the processing of your personal data that is carried out on the basis of Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.
In the event of your objection, we will no longer process personal data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims. If we process personal data for direct marketing purposes, you have the right to object to the processing of your personal data for the purpose of such marketing at any time. This also applies to profiling insofar as it is related to such direct marketing. In addition, you have the right to ob-ject to the processing of your personal data carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest. To exercise your right to object, please contact our data protection officer directly.
5.7. Automated individual decision-making, including profiling
We do not make decisions based solely on automated processing, including profiling, which produce legal effects concerning you or which similarly significantly affect you.
5.8. Right to withdraw consent under data protection law
You also have the right to withdraw your consent to the processing of personal data at any time. To exercise this right to withdraw consent, please contact our above-mentioned data protection officer.
5.9. Right to lodge a complaint with a supervisory authority
Furthermore, in accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. The supervisory authority is the CNIL (Commission Nationale de l’Informatique et des Libertés). Contact Details can be found here: https://www.cnil.fr/fr/particulier
6. Cookies
Our products and services, including the web platforms provided as part of GO-Trak, GO-Move, and GO-Plan, do not use cookies.
Cookies are used only on our public website landing page for limited and technically necessary purposes, such as ensuring basic functionality and improving the user experience. Where cookies are used on the website landing page, this is done in accordance with applicable legal requirements, and users are informed through appropriate notices.
No cookies are used within our mobile applications.
7. Use of web analysis tool
Google Analytics is used exclusively on our public website landing page to analyse website usage and improve the performance and content of the website.
Google Analytics is not used within GO-Trak, GO-Move, or GO-Plan, nor within their associated web platforms or mobile applications. Data collected through Google Analytics is not used for advertising purposes and is not combined with product or application data.
Where Google Analytics is used, it is implemented in accordance with applicable data protection requirements and configured with appropriate safeguards.
8. Cloud Services
Assured Technologies SAS uses a multi-cloud architecture to ensure secure, reliable, and GDPR-compliant processing of personal data processed through its products GO-Trak, GO-Move, and GO-Plan. Each product is hosted on the cloud platform most appropriate to its technical, operational, and security requirements. Un-less otherwise contractually agreed with the customer organisation, all production environments, backups, and system logs are hosted within the European Union or the European Economic Area (EU/EEA).
8.1. GO-Move – Google Cloud Platform (GCP)
GO-Move is hosted on Google Cloud Platform (GCP) in EU/EEA regions. All production data, backups, and system logs associated with GO-Move are stored and processed exclusively within the EU/EEA. Google Cloud Platform applies industry-standard technical and organisational security measures, including encryption of data in transit, controlled and auditable access mechanisms, continuous monitoring, and infrastructure de-signed to meet internationally recognised information security standards.
8.2. GO-Plan – Microsoft Azure
GO-Plan is hosted on Microsoft Azure cloud services within EU regions. The platform uses separate database instances to support redundancy and failover and operates on Microsoft Azure’s certified and secure infra-structure. Data residency for GO-Plan is maintained within the EU. Processing is carried out in accordance with strict access control, encryption, logging, and operational security requirements.
8.3. GO-Trak – Microsoft Azure
GO-Trak is hosted on Microsoft Azure cloud services within the EU. The hosting environment supports high availability, secure processing of mobile and web application data, and reliable update and deployment mech-anisms. Azure’s security framework, identity and access management controls, and EU-based hosting ensure that personal data processed through GO-Trak is handled in accordance with the GDPR and recognised indus-try best practices.
8.4. Security Measures
Across all cloud platforms, Assured Technologies SAS applies consistent technical and organisational safe-guards, including role-based access control, encrypted data transmission, detailed logging and audit trails, environment segregation, and least-privilege access principles. Access to cloud environments and customer data is restricted to authorised personnel and is granted only where necessary for system operation, mainte-nance, support, or security purposes.
8.5. Data Retention, Export, and Deletion
Personal data processed through GO-Trak, GO-Move, and GO-Plan is retained in accordance with contractual obligations, customer configuration, and applicable legal requirements. Customer organisations may request export or deletion of data at any time. Data is removed from hosting environments using secure deletion pro-cedures in accordance with the technical capabilities of the underlying cloud platform and applicable legal and contractual obligations.
8.6. GDPR and Sub-Processing
The cloud service providers used by Assured Technologies SAS act as authorised sub-processors under the company’s Data Processing Agreement (DPA). Sub-processing arrangements include contractual obligations relating to data residency, confidentiality, technical and organisational security measures, and incident re-sponse. Assured Technologies SAS remains responsible for ensuring that all sub-processing complies with ap-plicable data protection laws, including the GDPR.
9. Integration of third-party services and content; Linking
Where third-party services, APIs, or technical components are integrated into our products, such integration is limited to what is necessary to provide contracted functionality and is subject to appropriate data protection safeguards. In our online offering, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”).
The integration always presupposes that the third-party providers of this content process the IP address of the users, as without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the display of this content or functions. We make every effort to only use content whose respective providers only use the IP address to deliver the content. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical infor-mation on the browser and operating system, referring websites, time of visit and other information on the use of our online offering, as well as be combined with such information from other sources.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, the user’s data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.
• Types of data processed: Usage data (e.g. products and services, including our web platforms and mobile applicationss visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Data subjects: Users (e.g. products and services, including our web platforms and mobile applications visitors, users of online services).
• Purposes of processing: Provision of our online offer and user-friendliness, contractual services and service.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
10. Children’s Data and Age Restriction
GO-Trak, GO-Move, and GO-Plan are business-to-business solutions and are not intended for use by children. Access to the products is provided by customer organisations to their authorised users.
We do not knowingly collect or process personal data relating to children.
11. Your Consent
In the context of our mobile applications, consent and permissions are obtained through in-app notices and operating system permission prompts. The availability of certain features may depend on the permissions granted and on configurations defined by the customer organisation.
Personal data is processed on the legal bases described in this policy, including contractual necessity and legit-imate interests. Where consent is required, it is obtained through appropriate in-app notices or operating system permission prompts.
In the event that we change our privacy policy, we will post those changes on this page. You will always find information here about the data we collect, the way in which we use this data and the circumstances in which we may collect it. Please check this page from time to time to be aware of any changes and our current priva-cy policy.
We make every effort to store your personal data in such a way that it is not accessible to third parties by taking all technical and organizational measures. When communicating by email, complete data security can-not be guaranteed, so we recommend that you send confidential information by post. Our employees and the service providers commissioned by us are obliged by us to maintain confidentiality and to comply with the provisions of the BDSG and GDPR.