Last Revised: Jan 2024
We recognize the importance of protecting personally identifiable information (“Personal Information” or “PII”) collected about you and other visitors (collectively, “Users”) to our website and mobile application (the “Services”) while delivering the mileage tracking and reimbursement you enjoy. If you need assistance with deleting your account, please reach out to [email protected]
This Policy is drafted to comply with the California Consumer Privacy Act (“CCPA”) (as amended by the California Privacy Rights Act (“CPRA”)). In addition, this Policy is applicable to data subjects within the European Economic Area and the United Kingdom (collectively, the “EEA”). Therefore, this Policy is drafted to comply with the EU General Data Protection Regulation (EU) 2016/679 and the U.K. GDPR (collectively, the “GDPR”). Users of the Service are under no statutory or contractual obligation, or other obligation to provide PII to us. For the purposes of compliance with the GDPR, we are the data controller of information we collect from data subjects through the Services. For the purposes of this Policy, “data subject” means an identified or identifiable natural person located in the EEA.
This Policy applies to the Services, which includes the Kliks mobile application, the website located at www.kliks.io its subdomains, and all of the websites and internet properties owned or operated by us, regardless of the medium by which the Services are accessed by Users (e.g., via a web or mobile browser).
The information collected during your use of the Services includes the following:
(a) Submitted Information. As part of using the Services, you may submit certain information to us. For example, when you register for an account on the Services we will collect information from you, including Personal Information such as your first and last name, phone number, a photo that you upload, and an email address. “Personal Information” means information such as a name or email address that we can directly associate with a specific person or entity without additional information. To the extent you decline to share certain information with us, we may not be able to provide some or all of the features and functionalities found on the Services.
The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
- Phone numbers
- Email address
- Contact Preferences
- Home address
- Contact or authentication data
- Vehicle insurance policy
- Vehicle information
- Website user agent data
- Information collected via cookies
- Mobile device type and operating system
- Precise location information (described below)
- Mileage feeds
- Distance driven (in miles or kilometers).
(b) Automatically Collected Information. When you use the Services, we gather certain non-personally identifiable information from you, and this information can be associated with your user account. This includes usage information, such as information on when, how often, and for how long you use the Online Service, as well as server log data such as a computer’s IP address, browser type, or the webpage you were visiting before you came to the Online Service.
(c) Location data & Location-Based Information: To provide features such as mileage capture/reimbursement, Kliks uses information related to your location and route. Kliks collects location information only if you opt in to this feature. For optimal mileage tracking, we request that you enable features to automatically collect geolocation information during specific times each day, and/or you can manually start and stop geolocation data collection on the app. Geolocation information is deleted when you delete the associated trip, mileage submission, receipt, or other ways as specified in this Privacy Notice. We will receive information regarding your precise location (using the GPS antenna within your device) when the App is running on your device. We also receive information from the compass on your mobile device, including course, velocity, and altitude. YOu may choose to disable these services at any time, we cannot guarantee that mileage will be tracked correctly based on this selection.
(d) Tracking and Cookies. The Services may use both web beacons and cookies to collect information. “Beacons” (also often referred to as “pixels”) are tiny graphics on a web page designed to track when a page is viewed. “Cookies” are small text files containing a string of alphanumeric characters that are downloaded by your web browser or mobile device when you visit a website. We may use both session cookies and persistent cookies when you access and use the Services. Cookies may be used, for example, to remember your user account information and your preferences, to customize the interface of the Services for you, and to assist us in measuring and analyzing Service traffic. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Services. Persistent cookies can be removed. Please review your browser’s documentation to learn the best way to modify your cookie settings. Like many websites, the Services does not currently respond to “do not track” browser headers. However, you can take steps to limit tracking by erasing cookies from your computer’s hard drive and by setting your browser to block all cookies or warn you before a cookie is stored.
(g) Transactional Data. No credit /debit card and bank login credentials are stored by Kliks. We collect account balances and transaction history. All banking and monetary actions are completed using a 3rd party system
Use of Information
We internally use the information we collect as follows:
(a) Maintaining, providing, enhancing, personalizing, and improving Kliks Services, including but not limited to mileage reimbursement, fleet management, mileage tracking, billing, insurance processing, and business intelligence services;
(b) Provider Data. With your authorization, we may access your email account or a Provider account to pull information about your history with that Provider. For example, this may include the number of miles driven or the amount of payment received from the Provider per task. We use this information to analyze the data and provide you with information about your engagement with the Provider.
(c) Provision of Services. We may use collected information for the purposes for which you provided the information including, for example, to create and maintain an account for you or to respond to a question that you e-mail to us. We also use the collected information as necessary to provide the features and functionality of the Services to you and as reasonably necessary for our business operations.
(d) Updates and Troubleshooting. We may also use the collected information to contact you regarding updates or modifications to the Services or to help troubleshoot problems, provide you with required notices in connection with disputes between you and another user or alert you to changes in our policies or agreements that may affect your use of the Services.
(e) Personalized Content. We may use the collected information to personalize the content that you and others see based on personal characteristics or preferences.
(ef) Analytics and Improvements. We may also analyze collected information relating to your use of the Services in order to help us improve the Services and develop and improve other products and services.
(g) Combination. We may combine personal information collected through the Services with other information that we or third parties collect about you in other contexts—such as our communications with you via email, SMS text, or phone, or your customer service records.
Disclosure of Information
We share and disclose the information we collect about you as follows:
(a) Clients/Customers. If Kliks collects User information on behalf of a Kliks Client, it may share any of that User information with that Kliks Client.
(b) Third-party Service Providers. We use contractors and third-party service providers to assist us in making the Services available. Such third-party contractors or service providers may obtain access to the information you provide, including personally identifiable information. They are required to protect this information in a manner that is consistent with this Policy by, for example, not using the information for any purpose other than to carry out the Services they are performing for us.
(c) Advertising. We may provide advertisers and other third parties with aggregated, non-personally identifiable information about our user base and its interests and usage patterns. We may also partner with third-party advertising companies in order to serve advertising regarding our products and services to users elsewhere on the web after they visit our website. This is a common practice called “retargeting.” For more information on such practices and the ability to opt out, you may visit https://www.aboutads.info.
(d) Aggregated Data. We may make aggregated, anonymous data relating to activity on this Service available to third parties. By way of example only, this may include the provision or publication of reports regarding the average income of contractors of a given Provider during some time period.
(d) Business Arrangements. We may disclose non-personally identifiable information to third-party partners in furtherance of our business arrangements with them, including without limitation to jointly offer a product or service to you or create interoperability between our products and services and the products and services of such partners.
(e) Transfer as Corporate Asset. In the event of a merger, sale of capital stock or assets, reorganization, consolidation, or similar transaction involving the Company, the information we possess, including personally identifiable information, shall be transferred as a corporate asset to the acquiring entity.
(f) Legal Requirement. We will use and disclose information where we, in good faith, believe that the law or legal process (such as a court order, search warrant, or subpoena) requires us to do so or in other circumstances where we believe it is necessary to protect the rights or property of Company, our users and/or third parties.
(g) Affiliates. We may disclose this information to our affiliates for use as described in this Policy.
Except as expressly detailed above, we will never share, sell, or rent any of your personal information to any third party without so disclosing herein and, where necessary, obtaining your consent. If you have given your consent for us to use your personal information in a particular way, but later change your mind, you can contact us at [email protected] to withdraw your consent.
Effective Date; Changes
When we make any changes to our practices under this Policy, we will change the Effective Date. We will treat your continued use of the Services following such change as your acceptance of the changes. However, we will seek your affirmative consent prior to applying any material change to this Policy on how we use or disclose personally identifiable information to information we collected or received prior to the date of the change.
Viewing, Amending and Deleting Information
You can log into your account and view or amend your account information at any time. To delete all data associated with your account, please email us at [email protected]. Please note that while changes to your profile information are reflected promptly in active user databases, our servers may retain previously provided information. Yon can also request account and information deletion within the Account Management section of the web portal.
Customer Data After Deletion: Termination or deletion of your Account by either party may result in the forfeiture and destruction of all information and data, including User Account Data, associated with your Account. We reserve the right (including after termination) to access, read and disclose any information, including without limitation Account Data, as we reasonably believe is necessary to (a) satisfy any applicable law, regulation, legal process or request; (b) enforce these Terms of Service, including investigation of potential violations hereof; (c) security or technical issues; (d) respond to user support requests or (e) protect the rights, property or safety of us, our users and the public unless otherwise specified.
The personally identifiable information we collect about you is stored in limited-access servers. We will maintain reasonable safeguards to protect the security of these servers and your personally identifiable information. However, no security measures are 100% effective and we cannot guarantee the security of your personally identifiable information. We expressly disclaim any representation or warranty, whether express or implied, with respect to ensuring, guaranteeing or otherwise offering any definitive promise of security in connection with your personal information or usage information.
The security of your personal information is important to us. When you enter sensitive information, such as a credit card number or financial information, on our forms, we encrypt the transmission of that information using secure socket layer technology (SSL).
We do not knowingly collect information from children and the Services are not directed at children under 18. If you are a parent and believe your child has used the Services and provided personally identifiable information to us through the Services, please write or email us at the address provided below and we will work to delete that Service account and any such personally identifiable information.
Kliks is headquartered in the United States and, regardless of where you use our Services or otherwise provide information to us, your information will usually be transferred to, maintained, and processed by Kliks and our service providers in the United States or other jurisdictions in which we or they operate. Please note that privacy laws, regulations, and standards in the jurisdictions in which your information may be maintained and processed may not be equivalent to the laws in your country of residence and such information may be subject to lawful access by U.S. or other foreign courts, law enforcement, and governmental authorities.
If you are based in the UK or the EU, if we provide any personal information about you to any non-European Economic Area (“EEA”) or UK members of our group or suppliers, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Notice. These measures will include the following permitted in Articles 45 and 46 of the EU’s General Data Protection Regulation:
in the case of US-based entities, entering into European Commission-approved standard contractual arrangements with them; or
in the case of entities based in other countries outside the EEA, entering into European Commission-approved standard contractual arrangements with them.
YOUR CALIFORNIA PRIVACY RIGHTS
On January 1, 2020, the California Consumer Privacy Act (CCPA) went into effect. The law requires companies to notify California residents about how their data is collected, used, and shared, and in some cases gives them rights to access and delete that data. This section provides Kliks’ disclosures as required by the CCPA. These disclosures supplement and incorporate the statements in the other portions of the Privacy Notice. This section applies to all visitors, users, and others who reside in the State of California.
Information We May Collect
Kliks collects User information from Users and Clients in order to administer and provide Kliks Services to Kliks Clients and Users and for the other purposes identified in this Privacy Notice. We may collect the following categories of information, as defined in the CCPA. The examples listed are only illustrative of potential types of data within each category, and Kliks does not necessarily collect that data about every individual.
Sources of California Personal Information
We obtain the above categories of personal information from the following categories of sources:
Directly from you: For instance, you may provide us with information when signing up for an account
Indirectly from you: For example, we may observe your interactions on our website(s)
From third parties: For example, your employer may provide us with information related to the services that we provide
From publicly available information
Use of California Personal Information
We may use any of the above categories of collected User information to provide services requested from Users or Clients, maintain and improve our services, communicate with Users and Clients about Kliks Services and affiliated third-party services, market Kliks Services, prevent potentially illegal activities, protect the rights and property of Kliks and third parties, respond to inquiries of Kliks Clients and Users, and for any other purpose to which the User has consented. Our use and disclosure of California Personal Information is more fully described above, in the section entitled “How We Use The Information”.
Sharing California Personal Information
We may disclose your personal information to your employer or to another third party, as more fully described in the section above entitled “Sharing Information”. The vast majority of data that Kliks collects and discloses to its Clients is in its capacity as a service provider, as defined by CCPA. Accordingly, Kliks does not “sell” CCPA-covered personal information.
In the past 12 months, Kliks has disclosed the following categories of personal information for a business purpose:
Categories of personal information described in Cal. Civ. Code 1798.80(e)
Characteristics of protected classifications under California or federal law
Internet or other electronic network activity information
Professional or employment-related information
In the past 12 months, Kliks has disclosed personal information to the following categories of third parties:
Clients (i.e., the Users’ employers)
Your rights under the CCPA
The vast majority of the personal information that Kliks collects is related to employees, as part of a service that we provide via their employers. Most of the rights provided under the CCPA do not currently apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals. The CCPA also currently exempts personal information reflecting written or verbal business-to-business communication from many of its requirements.
Moreover, Kliks typically acts as a service provider to its Clients, which are typically employers. The Clients solely determine the purposes and means of processing Clients’ personal information. To the extent that Kliks collects or processes CCPA-covered personal information in its capacity as a service provider, requests for access to CCPA-covered data and deletion must be directed to the Kliks Client. For instance, if you want to access or delete mileage data collected via Kliks, you must contact your employer, who will then work with Kliks to process your request.
In the rare instance that the CCPA rights apply to personal information and Kliks does not collect or process data in its capacity as a service provider, you have the following rights:
Access to Personal Information Collected or Sold and Data Portability: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see “Exercising Your Rights” section), we will disclose to you:
The categories of personal information we collected about you;
The categories of sources for the personal information we collected about you;
Our business or commercial purpose for collecting that personal information;
The categories of third parties with whom we share that personal information;
The specific pieces of personal information we collected about you (also called a data portability request);
If we disclosed your personal information for a business purpose, a separate list disclosing disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion of Personal Information: You have the right to request deletion of personal information. If you wish to do so, please contact us at any method listed below. The right to deletion is subject to certain exceptions, such as if we need the personal information to provide Kliks Services or comply with a legal obligation.
No Discrimination: You will not be subject to discrimination for exercising any of your privacy rights.
Exercising Your Rights: To exercise any applicable access, data portability, and deletion rights, please submit a verifiable consumer request by: sending an email to [email protected]
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
- Your name
- Additional information depends upon the type of request and the sensitivity of the information.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We use good faith efforts to respond to a verifiable consumer request within forty-five (45) days after its receipt. If we need more time (up to 90 days), we will inform you of the reason and the needed extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
You may designate an authorized agent to make a request under the CCPA on your behalf.
The California Shine the Light Law, Cal. Civ. Code Section 1798.83, requires companies to disclose certain information about information shared with third parties that is used for the third parties’ direct marketing purposes. These disclosure requirements only apply if Kliks were to share personal information with third parties for the third parties to market their own services and products directly to consumers. If you are a California resident, you may request information about the disclosure of your personal information to third parties for the third parties’ direct marketing purposes by emailing [email protected], calling +1 (888) 801-6714, or sending mail to Kliks, LLC, 1 Beacon Street, Floor 15, Boston, MA 02108.
Your rights under the EU General Data Protection Regulation (“EU GDPR”) AND UK General Data Protection Regulation (“UKGDPR”)
If you are based in the UK or the EU, you have certain rights in relation to your personal information that we process on our own behalf as a data controller. As explained above, the vast majority of the personal data that Kliks collects and processes relates to employees of Kliks Clients, in the performance of services that we provide to Kliks Clients as a data processor. If we process your personal data in connection with a service that we provide to your employer, your employer is responsible for complying with your rights under the EU GDPR and/or UK GDPR (as applicable) in relation to that processing, and you should direct any queries or requests to exercise your rights in relation to that data to them. However, if you would like further information in relation to your rights under the EU GDPR and/or UK GDPR (as applicable) or would like to exercise any of them in relation to the data that we process about you as a data controller, please contact us via email at [email protected] at any time. You have the following rights when we process your data as a data controller:
Right of access. You have a right of access to any personal information we hold about you. You can ask us for a copy of your personal information; confirmation as to whether your personal information is being used by us; details about how and why it is being used; and details of the safeguards that are in place if we transfer your information outside of the United Kingdom or the EEA.
Right to update your information. You have a right to request an update to any of your personal information that is out of date or incorrect.
Right to delete your information. You have a right to ask us to delete any personal information that we are holding about you in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details below.
We will pass your request on to other recipients of your personal information unless that is impossible or involves a disproportionate effort. You can ask us who the recipients are, using the contact details below.
Right to withdraw consent. If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us using the contact details below and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide you with the service to which you have consented.
Right to restrict use of your information: You have a right to ask us to restrict the way that we process your personal information in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details below.
We will pass your request on to other recipients of your personal information unless that is impossible or involves a disproportionate effort. You can ask us who the recipients are using the contact details below.
Right to stop marketing. You have a right to ask us to stop using your personal information for direct marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.
Right to data portability. You have a right to ask us to provide your personal information to a third-party provider of services.
This right only applies where we use your personal information on the basis of your consent or performance of a contract, and where our use of your information is carried out by automated means.
Right to object. You have a right to ask us to consider any valid objections that you have to our use of your personal information where we process your personal information on the basis of our or another person’s legitimate interest.
We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period under applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example, if we need to keep using the information to comply with our own legal obligations or to establish, exercise, or defend legal claims.
If an exception applies, we will tell you this when responding to your request. We may request you provide us with the information necessary to confirm your identity before responding to any request you make.
If you are in the UK or the EU, in accordance with Article 77 of the EU GDPR and/or UK GDPR (as applicable), you may also make a complaint to the data protection regulator in the country where you usually live or work, or where an alleged infringement of the EU GDPR and/or UK GDPR (as applicable) has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.
Subject to limited exceptions under applicable law, you have the right to access, update, and correct inaccuracies in your personal information or withdraw your consent to our collection, use, and disclosure of your personal information. You may request access, updating, and corrections of inaccuracies in your personal information in our custody or control or withdraw your consent by emailing us at the contact information below. We may require certain personal information for the purpose of verifying the identity of the individual making the request.
If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact us at [email protected]