Arity Privacy Statement
Effective date: November 29, 2018
At Arity, we take data privacy seriously. We believe in transparency, and are upfront about our privacy practices, including how we treat your personal information. This Privacy Statement is provided on behalf of all Arity companies. Arity (sometimes “we” or “us”) collects personal and non-personal data on Arity.com and through your use of our products and services, directly or in conjunction with our business clients. We design our products and services with privacy and data protection as key principles, and have created this Privacy Statement to describe and explain our data collection practices and your data protection rights. While this Privacy Statement was designed to address data privacy requirements from across the globe, some parts of this Privacy Statement may apply to certain countries only. We urge all visitors to our site to read this Privacy Statement in its entirety.
- About Arity
- Personal data we collect about you
- How we use the information we collect
- Additional uses of data for US users only
- How we share information we collect
- How we secure information we collect
- How we retain information we collect
- Information collected on children
- Specific information related to users in California
- How we transfer information we collect internationally
- Specific information related to users in Switzerland, the European Union and EEA
- Contact us
- Changes to this Privacy Statement
Arity is a global technology company focused on making transportation smarter, safer, and more useful for everyone. It transforms large amounts of data into actionable insights to help better predict risk and make smarter decisions in real time. Arity provides services directly to consumers and through its business clients (such as mobile application providers and insurance companies) to capture and understand driving behavior.
We work with many different companies to provide you with a variety of products and services. We refer to these companies as business clients. Business clients may include your mobile application providers, insurance companies, telecommunications providers, wireless service providers, emergency personnel, towing companies, vehicle manufacturers, distributors and dealers, rewards platform administrators, equipment and software manufacturers, licensors, content providers, and any other person or entity that provides any product, service, equipment, content, features or facilities in connection with these products and services.
Personal Data We Collect About You
We collect personal data about your driving behavior and patterns, technical information about the devices you use, and information about your vehicle and its operation. This information is collected directly from you or through our business clients, depending on the product or service in which you are participating. In certain circumstances, we also gather other contact and demographic information directly from you or through our business clients during the registration process for the product or service.
“Personal data” or “personal information” means any information relating to a person that directly or indirectly allows us to identify such person.
Information that you share with Arity: Arity may collect information that you provide directly to Arity, such as:
- Your name, email, home address, telephone number, or date of birth
- Information you have shared with Arity during customer surveys or interviews
- Other information provided when you register for a service or product directly with Arity or through a business client
Information automatically collected from your devices: When you engage with Arity directly or through an Arity business client, Arity may collect information from your device, such as:
- Geolocation and geospatial data: such as the latitude, longitude, and altitude of your vehicle; your direction of travel; and the time the information was recorded. If you are using a mobile phone application provided by us and disable the GPS functionality on your mobile device, then location information may not be collected and your service may be impacted.
- Other mobile device information: such as IP address, unique device identifier, browser type, mobile service provider, time zone, zip code, area code, and other operating system data available to the mobile application.
- Mobile application analytics information and other information about how you use the application: such as how often you use the application, referral URL and exit page, clickstream data, the events that occur within the application, aggregated usage, performance data, and the application marketplace from where you downloaded the application.
- Trip information: such as trip start and end time, miles, acceleration, deceleration, braking behavior, cornering, speed, and trip routing.
- Vehicle-related information: such as your vehicle identification number, diagnostic information, odometer, oil life remaining, tire pressure, information about collisions involving your vehicle, and location information, such as GPS, Wi-Fi access points, or cell towers.
Information provided by third parties, as applicable based on the business client services you use: In providing services to you and our business clients, information may be provided to Arity by our business clients, such as:
- Information you provide during the registration of a product or service, such as your name, email, home address, telephone number, date of birth, and other registration information.
- If the product or service in which you are participating is related to a United States insurance or shared mobility product, we may also receive the following information:
- Insurance policyholder demographic information and policy information
- Insurance claims data
- Motor Vehicle Records (Driver’s License information, violations, convictions, and license status) and other consumer reporting data, including credit score.
How We Use Information We Collect
To provide services to you and our business clients: Arity’s business clients provide a variety of products and services to their customers and use Arity’s technologies to help process driving data relevant to those products and services. This may include placing your location on a map in a mobile application or capturing driving trip information. Arity uses the information provided by you and our business clients in conjunction with the information we collect from your device to assist in providing a variety of products and services to you.
We may also use personal information to send you service-related communications, but we will not send you promotional emails without your consent. If you no longer wish to receive promotional e-mails from us, please see the “Contact Us” section for ways to contact us.
To enhance our services: Arity may use your information for product development, model development, and statistical analysis to improve our products and services and to refine our risk modeling and analytics. We may also use the information provided by you to investigate, respond to, and resolve issues or complaints. This may include addressing bugs within a product or service. For use of personal data for model development and analytics, we make every reasonable effort to use anonymized or de-identified information where possible and have implemented best practices to limit the use of personal data for analytic purposes. For example, whenever possible we disassociate your contact information from your driving pattern information.
For fraud and misuse prevention: We may use your information to prevent and deter fraud or misuse of our and our business client’s products and services and as required by law.
Additional Uses of Data for US Users Only
For those users of Arity products and services in the United States only, we may process personal data for the following additional purposes:
- If you have purchased an insurance product offered by an Arity business client that provides rewards or discounts, then your information may also be used by that business client to calculate any discounts or rewards provided under the product or service. Our insurance company business clients may also use your information to update their pricing and underwriting models in accordance with their privacy policies.
- We may use your information to market products to you in such a way that does not disclose your personal data to unaffiliated third parties without your prior consent.
- We perform various profiling activities using personal data. Profiling is using personal data to make predictions about people, or to categorize them into particular groups. For example, we may use driving behavior data to produce a driving score which may predict the level of driver riskiness.
To provide services to you or our business clients: Examples include:
- Providing functionality in a mobile application, such as providing you with navigation services or information on how to improve the safety of your driving
- Diagnosing your vehicle’s trouble codes
- Providing you with towing and repair options
- Contacting emergency personnel
- Coordinating with rewards platform administrators
- Providing you offers for products and services that may interest you based on your location with your consent.
With our corporate-affiliate companies: We may share your personal information and the other information we collect with all of our corporate-affiliate companies.
As required by law: We may disclose information to third parties due to legal process, and all information collected may be deemed discoverable by third parties and used in accident investigations and litigation. We may be legally required to provide the information to third parties and their legal counsel. We may also share personal information under exigent circumstances, to protect our rights, property, or legal interests, including to enforce our and our business client’s end user agreements, or as part of a merger, acquisition, divestiture, or other corporate reorganization.
Other than the business clients providing the services you have requested as described above and as otherwise described in this section, we do not share your personal information with unaffiliated third parties without aggregating, anonymizing and/or de-identifying it first, unless we obtain your prior consent.
If we combine personal information with the other information we collect, the combined information will be treated as personal information for as long as it remains combined.
Note that third parties we share information with may use the information they receive in accordance with their own privacy policies. Arity is not responsible for and does not control the policies or practices of third parties. Therefore, please familiarize yourself with the privacy policies of those entities for more information on how they may use and share your information.
How we share anonymized data: For all personal information that can reasonably be aggregated and/or anonymized, Arity will take steps to do so before sharing with unaffiliated third parties. This means that Arity will take steps to alter that personal information such that it cannot reasonably be used to identify you or relate the information back to you. We will also contractually require the recipients to not attempt to re-identify the data.
For any personal information that cannot be completely aggregated and/or anonymized, Arity will de-identify the information before sharing it. This means the information will no longer reference or be linked directly to you by your name, account number, address, or unique vehicle or device identifier. Additionally, before sharing such de-identified information with unaffiliated third parties, Arity contractually requires that they will not take any steps to identify you or relate your de-identified personal information back to you and strictly limits the purposes for which they can use the de-identified information.
We may share aggregated and/or anonymized or de-identified information with unaffiliated third parties so that they may provide a product or service, develop new products and services, perform data analysis, store or process information for us, or otherwise help us operate our business.
How We Secure Information We Collect
We safeguard your information: We use a variety of physical, technical, and administrative security measures that help to safeguard your information from loss, misuse, unauthorized access, disclosure, alteration, destruction or theft, including the use of encryption and other technology safeguards. It is important to keep in mind, however, that no security measures are absolutely effective. We also require third parties to protect your information in accordance with our strict information security policies that align with generally-accepted information security standards.
When required by the General Data Protection Act (“GDPR”), we ensure that we have data protection agreements in place with any service providers that we engage, in accordance with the GDPR.
We review our internal security policies and guidelines periodically to review new technology, methods, risks of processing the data, and the nature of the data being protected. We limit access to our databases containing personal data to authorized persons having a justified need to access such information.
All personal data you provide to us is stored on secure servers provided by us or our third-party service providers. Unfortunately, the transmission of information via the internet is not completely secure. Although we will use all reasonable measures to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site, therefore, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent any unauthorized access.
How We Retain Information We Collect
We store personal information for as long as necessary for us, our corporate affiliates, and our business clients to provide products and services to you and others, to comply with legal obligations, or to administer any product or service. Because of the nature of developing and refining statistical models, we store information that is automatically collected from your devices until it is no longer needed to provide products or services to you and to develop and refine our models. We review our data retention policies periodically and comply with local legal requirements. Your personal information is stored on servers and retained by or on behalf of us.
Information Collected on Children
We do not intentionally gather personal data about children, as defined by local law, except with parental consent. If we become aware that we have collected personal data from a child without parental consent as required by local law, we will make reasonable efforts to delete such data from our records.
Specific Information Related to Users in California
California Residents: California law permits its residents to request and receive information about a business’ disclosure of certain categories of personal information to other companies for their use in direct marketing. If you are a California resident and user of our website, products, or services, you can request a copy of this information from Arity. See the “Contact Us” section for ways to contact us. Please include your name and email address in email requests, and your name and postal address in mail requests.
How We Transfer Information We Collect Internationally
Personal data collected by Arity may be stored or processed in the United States or in any other country where Arity or its corporate affiliates or third-party service providers maintain facilities. European Union (EU) data subjects who provide personal data to Arity acknowledge that their personal data shall be processed and transferred to the United States and around the world based on the data subject’s consent or for Arity’s legitimate interests in providing and supporting the services. Arity may execute agreements with third parties for the transfer of personal data outside of the EU using European Commission-approved Standard Contract Clauses and/or employ additional appropriate safeguards.
EU-U.S. and Swiss-U.S. Privacy Shield
- Arity adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.
- Principle 7, the Accountability for Onward Transfer Principle, means that Arity remains potentially liable if a third party processing your personal data processes that personal data in a way which is inconsistent with the Privacy Shield Principles (unless Arity can prove that it is not responsible for the event giving rise to the damage).
- Within the United States, for the purposes of enforcing compliance with the Privacy Shield, Arity 875, LLC is subject to the investigatory and enforcement authority of the US Federal Trade Commission (FTC).
Standard contractual clauses: For transfers of personal data outside of the European Economic Area (“EEA”) to a non-US jurisdiction, we execute standard contractual clauses that have been approved by the European Commission in respect of transfers of your personal data to Arity in the United States. Under the General Data Protection Regulation (“GDPR”), Arity acts as data controller in respect of such transfers. Arity also ensures that it uses corresponding standard contractual clauses with any vendor that it engages in connection with the processing of any of your personal data outside of the EU and U.S. or Swiss and the U.S.
Accountability for Onward Transfer: Where Arity transfers personal data from EU and/or Swiss individuals to a third party, we will do so consistent with the notice provided to you and any consent provided (if applicable), and contractually require the third party to process the personal data for limited and specified purposes consistent with the lawful basis for processing; and provide us notice of any concerns in its ability to comply with these promises. We will also contractually require the third party to stop processing personal data or take other reasonable and appropriate steps to in the event it cannot meet its data protection obligations. Arity remains liable under the Privacy Shield Principles where any third-party service provider processes personal data subject to its Privacy Shield certification in a manner inconsistent with the Principles, except where Arity is otherwise not responsible for the event giving rise to the damage.
Specific Information Related to Users in Switzerland, the European Union, and EEA
Our legal basis for processing: For personal data that we process in connection with any products or services we offer to you or our business clients, we will generally process that personal data (i) on the basis of consent, (ii) in order to take steps at your request, or (iii) for our legitimate interests in providing our services to you or otherwise in supporting the business needs.
Your Access and Choices: You may have the following rights in relation to your personal data:
- Rectify any inaccurate personal data that we hold about you
- Have your personal data erased under certain circumstances
- Have the processing of your personal data restricted where you dispute its accuracy, if you think its processing is unlawful, if you otherwise object to its processing, or when we no longer need your personal data and you need it in relation to a legal claim
- Have access to your personal data, and the right to receive copies of your personal data in a structured, commonly used and machine-readable format and transfer those copies to another data controller, under certain circumstances
- Complain to your national data protection regulator if you feel that any of your personal information is not being processed in accordance with the GDPR
Data used in profiling: We use your personal data to assist in our internal driving risk model development. We may profile your personal data only for the purposes of developing a driving risk score as part of developing and validating driving risk predictive models for our own analytics purposes. To develop our profiles and risk scores, we gather information about your driving behaviors, such as speed, change in speed, and other aspects of how, how much, where and when you drive to predict driving risk. These behaviors may also be combined with other demographic or geographic information about driving risk for certain locations, which incorporate relative risks.
We also take steps to restrict all personal data that is not necessary to the aggregated risk modeling analytics, and so while your driving behavior data and risk score incorporates your GPS location data, it will not be directly connected to your name, contact information, or vehicle information unless we have obtained your explicit consent to do so in advance.
In addition, we do not do any of the following without obtaining your explicit consent to do so in advance:
- Use personal data or profiling to make automated decisions that have legal or similarly significant effects on individuals
- Use any insights, model output, or data scores that are created as a result of profiling and risk scoring for any purpose other than internal analytics or risk modeling.
- Use your profile or risk score to advertise to you or share profiles or risk scores with third parties, unless we are required to disclose this information pursuant to lawful legal process.
Your profile or risk score will in no way impact the availability or your use of our products or services. As a reminder, you can see your driving risk score by reaching out to Arity using one of the methods in the “Contact Us” section.
Your right to withdraw consent: If you withdraw your consent, we will stop processing the relevant personal data except to the extent we have other grounds for processing under applicable laws. We will respond to your request within a reasonable timeframe. You may withdraw your consent at any time; however, Arity will not be able to provide or continue to provide products or services to you.
There may be cases where restrictions on the amount of data that can be disclosed to data subjects under applicable law (for example, if that would necessarily involve disclosing data about another person). Arity is permitted to withhold some types of personal data in certain circumstances, subject to applicable local law requirements. If there is a dispute, please contact us using the information in the “Contact Us” section. In addition, data subjects have the right to lodge a complaint with a supervisory authority. The name and contact details of the supervisory authorities in the European Union can be found at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
Recourse, Enforcement and Liability
Arity’s participation in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission. Arity commits to address inquiries, requests to exercise your rights under applicable law, or resolve complaints about our collection or use of your personal information. In compliance with the Privacy Shield Principles, after you have contacted us at the email below, if we are unable to resolve your concerns, Arity has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Further, under certain circumstances, data subjects may also be able to involve binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission. Arity may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
For questions about the collection of personal data by Arity, or to exercise the right to access, correct, update, or delete such data or object, for legitimate purposes, to the processing of personal data, as provided under applicable law, please contact us using the information below:
When sending inquiries to us, we may need additional information such as the business client you have engaged for which we collected data to better assist you.
Attn: Data Protection Officer
222 W Merchandise Mart Plaza, Suite 875
Chicago, IL 60654
United States of America
Attn: Data Protection Representative
10 Mays Meadow
Belfast, Country Antrim, BT1 3PH
To request that you no longer receive promotional e-mails from Arity, please email us at email@example.com.
Changes to this Privacy Statement
We may modify our Privacy Statement from time to time. Please see the revised date at the top of this page to see when this Privacy Statement was last revised.