MOTUS PRIVACY NOTICE
Last Revised: February 26, 2021
This Privacy Notice explains how Motus, LLC and its commonly-owned companies (“Motus” or “we”) collects, uses, shares, and handles information about individuals, including users (“Users”) of the Motus website(s), mobile app, and other services (collectively, “Motus Services”). For example and without limitation, Users include mobile workers who use the Motus app to track mileage for reimbursement from their employers, individuals who administer relocation services on behalf of employers, and employees or contractors of companies that use the Motus Services to manage their employees’ mobile devices. All references in this policy to “our website(s)”, refer to the website(s) owned by Motus at www.motus.com, www.runzheimer.com, and co-branded sites with Motus Clients.
We value your privacy and want to be accountable and fair to you as well as transparent with you in the way that we collect and use your personal information. We also want you to know your rights in relation to your information.
Motus collects Users’ information on behalf of Users’ employers, relocation management companies, or other companies that engage the services of Users (collectively, “Motus Clients”). Users may be direct employees or independent contractors of Motus Clients. Users also may be direct employees or independent contractors of Motus Clients’ Permitted Affiliates, as defined in the Motus Master Services Agreement.
If you are based in the European Union (“EU”) or the United Kingdom (“UK”), Motus is a data controller in respect of your personal information for certain of its processing activities, and is responsible for your data in respect of these activities. For other processing activities, Motus acts as a data processor on behalf of Motus Clients. Where Motus acts as a data processor on behalf of a Motus Client, the Motus Client will be the data controller responsible for your data. Likewise, if you are a California resident, in many cases Motus serves as the service provider for a Motus Client for the purposes of the California Consumer Privacy Act, as described below.
Please ensure that you have read and understood this Privacy Notice. Where you interact with us or use this website(s), we assume that you have done so. As Motus evolves, we may update this Privacy Notice to reflect changes in the manner in which we deal with personal information, whether to comply with then applicable regulations and self-regulatory standards or otherwise. The Privacy Notice posted here will always be current. We encourage you to review this statement regularly. If we make a material change to the Privacy Notice, we will notify you via e-mail at your most recent e-mail address on record and post a notice of the change on our website(s).
This Privacy Notice does not limit collection, use, sharing, or handling by Motus of aggregated, de-identified, or anonymized information, provided that the information cannot be associated with an individual.
If you have any questions or concerns about this Privacy Notice, e-mail Motus at firstname.lastname@example.org.
INFORMATION WE COLLECT
Motus collects User information from Users and Clients in order to administer and provide Motus Services to Motus Clients and Users and for the other purposes identified in this Privacy Notice. The precise User information collected varies by Motus Services, and includes:
- Email address
- Telephone number
- Home and office address
- Employer name
- Vehicle and car insurance information
- Bank account data
- Website log and user agent data such as Internet Protocol (“IP”) address, browser type, metadata, and the date and time that you accessed Motus Services
- Mobile device type and operating system information
- Precise location information (described below)
- Mileage feeds
- Miles driven
- Progress on driver safety training/evaluation
- Simple web page actions
- Data included on vehicle insurance forms that Motus collects, which may include: vehicle information, vehicle serial number, insurance policy number, marital status, gender, date of birth.
- If your employer participates in the Motus Card program, fueling location and details about purchases made using the Motus Card.
- If your employer participates in the Motus Card program, data may be provided to our business partners so that a User can register for the Motus Card program. This data may include social security number, birthdate, employment-related information, and details about purchases made using the Motus Card.
- If your employer has so requested and you have completed the consent web form, Motor Vehicle Records (“MVRs”). Note that when obtaining these records, Motus only collects MVRs, not credit checks, criminal reports, or personal interviews.
- If your employer participates in the Motus Device program with Motus or its affiliate Vision Wireless, we may collect information from you, your employer, or the telecommunications service carriers, including billing and usage details, asset information, employment-related information, and call detail records.
- Any other information that Users or Clients choose to communicate to Motus (such as sending information to Motus via e-mail, app, or a Web form).
To deliver some services, such as mileage capture/reimbursement, Motus will collect precise location information related to a User’s location and route. Motus will only collect precise location information if a User affirmatively opts in to such collection via both the mobile device operating system settings and the settings on the Motus Service.
For instance, in order for a User to allow the Motus app to collect precise location information on the User’s iPhone, the User must take two steps. First, the User must allow Motus to access location information via the iPhone’s Privacy settings. Second, the User must enable location collection via the settings on the Motus app.
Users may choose to enable a Motus Service to automatically collect geolocation information during specific timeframes each day. Users also could manually start and stop precise geolocation data collection via the “Start” and “Stop” buttons, or similar options, on the Motus Service. Please note that the exact settings for precise location information collection vary by mobile operating system. If a User opts to enable a Motus Service to automatically collect geolocation information, that geolocation information will only be deleted when the User chooses to delete the associated trip and/or mileage submission in the relevant Motus Service, or as otherwise specified in this Privacy Notice.
Mobile device management data
To deliver mobile device management services, we may collect asset information from Motus Clients’ mobile device management tools. Asset information includes but is not limited to the make, model, and operating systems of devices and unique identifiers such as IMEI/MEID, ESN, and serial number.
Motus Services are not directed to children under the age of 16. Motus does not knowingly collect or store personal information about children under the age of 16.
If you are a child and we learn that we have inadvertently obtained personal information from you from our website(s)s, or from any other source, then we will delete that information as soon as possible. Please contact us at email@example.com if you are aware that we may have inadvertently collected personal information from a child.
Changes to your information
If a User would like to review or request changes to his or her information that is collected through a Motus Service (subject to certain exceptions prescribed by law), the User may email firstname.lastname@example.org.
SOURCES OF INFORMATION
You may provide us with your personal information voluntarily by using the forms provided on the Motus Services, on our website(s), or by contacting us by phone, email or other means. This includes, for example, where you provide your personal information to us in order to receive products, information or services from us.
If you are a User, your employer (a Motus Client) may provide us with your personal information so that we can provide the Motus Services to them.
We also collect your personal information automatically through your use of the Motus Services and our website(s).
We may also receive information about you from third parties such as marketing agencies, market research companies, our suppliers, group companies, public website(s) and public agencies, which we refer to as “third party sources” or “suppliers”. If you are a supplier, you may also give us personal information about you when you are offering or providing services to us.
HOW WE USE THE INFORMATION
We use the User information that we collect to administer and provide our services to Motus Clients and Users.
We may use User information as a data processor on behalf of Motus Clients for the following purposes:
- Maintaining, providing, repairing, personalizing, understanding, and improving Motus Services, including but not limited to mileage reimbursement, fleet management, mileage tracking, billing, insurance processing, business intelligence, telecommunications service management, and relocation, compensation, and travel management services;
- For the purpose for which the information was submitted;
- Processing transactions with Motus Clients and Users, such as billing and processing account information;
- Responding to inquiries from Motus Clients and Users in relation to the Motus Services;
- Complying with IRS (CRA in Canada) and employer mileage reimbursement guidelines;
- Assisting Motus Clients to comply with their legal obligations; and
- For any other purpose to which you consent at the time that your information is collected.
We may also use User information and information about Motus Clients for our own benefit, as a data controller, for the following purposes:
- Maintaining, providing, repairing, personalizing, understanding, and improving Motus Services, including but not limited to mileage reimbursement, fleet management, mileage tracking, billing, insurance processing, telecommunications service management, and business intelligence;
- Communicating with Users and Motus Clients about Motus Services and affiliated third party services, via methods such as e-mail notifications, including sending Users and Motus Clients marketing communications for business development purposes;
- Protecting the rights of Motus and others;
- Responding to and following up on leads and inquiries from Motus Clients and Users;
- Complying with legal obligations of Motus; and
- For any other purpose to which you consent at the time that your information is collected.
For visitors to our website(s) we will collect, use and store your personal information as a data controller for the following reasons:
- to allow you to access and use our website(s);
- to receive and respond to inquiries from you through the website(s) about our services;
- for improvement and maintenance of our website(s) and to provide technical support for our website(s);
- to ensure the security of our website(s);
- to recognize you when you return to our website(s), to store information about your preferences, and to allow us to customise the website(s) according to your individual interests; and
- to evaluate your visit to the website(s) and prepare reports or compile statistics to understand the type of people who use our website(s), how they use our website(s) and to make our website(s) more intuitive. Such details will be anonymised as far as reasonably practicable and we will not seek to identify you from the information collected.
If a third party has provided your information to us for marketing purposes, we will use and store your personal information as a data controller to communicate with you about Motus Services and affiliated third party services, via methods such as e-mail notifications, including sending you marketing communications for business development purposes.
If Motus collects User information on behalf of a Motus Client, it may share any of that User information with that Motus Client. For example, if Jane Doe uses the Motus app to track her car’s mileage for her employer, ABC Company, Motus may share any information that the Motus app collects about Jane Doe with ABC Company.
Additionally, under the following circumstances, Motus may provide third parties with the information that it has collected from a User, provided that the sharing is conducted for one of the following purposes:
- To obtain services from Motus third-party service providers and affiliates. Examples of such third-party service providers include:
- providers of IT services and technical support, including data hosting providers and the use of IT analytics and development services;
- in connection with marketing activities that Motus undertakes as a data controller, marketing service providers;
- payment services providers, in order to facilitate driver reimbursement;
- providers of insurance quotes, and insurance processing services;
- providers of payment and savings solutions; and
- providers of motor vehicle record information and reports.
- To comply with legal requirements and respond to lawful court orders and other valid legal process;
- To protect the rights, property, or safety of Motus or others, or to assist in the investigation of fraud or any other unlawful activity;
- As part of a merger, partial or complete acquisition, bankruptcy, asset sale, financing, consolidation, restructuring, liquidation, or similar corporate transaction. In the event of a corporate transaction that would result in the transfer of User information, Motus would inform Users via their most recent e-mail address on record with Motus and a prominent notice on our website(s).
- To transfer any aggregate or anonymized information, provided that no individual could be identified by the information;
- Under any other circumstance to which the User consents after being notified.
We may share your personal information with our parent companies, subsidiaries, joint ventures, or companies under common control with us where it is in our legitimate interests to do so for internal administrative purposes (for example, for corporate strategy, compliance, auditing and monitoring, research and development and quality assurance).
We may also disclose and use anonymized, aggregated reporting and statistics about Users for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymized, aggregated reports or statistics will enable our Users to be personally identified.
Except as expressly detailed above, we will never share, sell or rent any of your personal information to any third party without so disclosing herein and, where necessary, obtaining your consent. If you have given your consent for us to use your personal information in a particular way, but later change your mind, you should contact us at email@example.com and we will stop doing so.
STORING YOUR PERSONAL INFORMATION
We keep your personal information for no longer than necessary for the business need for which the personal information is processed. The length of time for which we retain personal information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.
COOKIES, WEB BEACONS, AND DO-NOT-TRACK
For detailed information on the cookies we use and the purposes for which we use them, please refer to our Cookies Policy.
You can visit the AdRoll cookie opt-out page and Google Ads personalization page to opt-out of certain targeted advertising. You can also opt-out of targeted advertising by modifying your browser settings or by using a browser plug-in.
We take reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of personal information within our custody or control. These include security measures for and internal reviews of our data collection, storage, and processing practices and the use of Transport Layer Security (TLS) software to encrypt certain sensitive User information such as bank account data. We also implement physical security measures to guard against unauthorized access to systems where we store personal data.
We restrict access to User information to Motus employees, contractors, and agents who need to know that information in order to operate, develop, or improve our services. These individuals are bound by confidentiality obligations and may be subject to disciplinary measures, which may include termination and criminal prosecution, if they fail to meet these obligations.
Please note that while we take reasonable security measures to protect against unauthorized access, no safeguard can fully guarantee security of personal information.
Motus is headquartered in the United States and, regardless of where you use our Services or otherwise provide information to us, your information will usually be transferred to, maintained, and processed by Motus and our service providers in the United States or other jurisdictions in which we or they operate. Please note that privacy laws, regulations, and standards in the jurisdictions in which your information may be maintained and processed may not be equivalent to the laws in your country of residence and such information may be subject to lawful access by U.S. or other foreign courts, law enforcement, and governmental authorities.
If you are based in the UK or the EU, if we provide any personal information about you to any non- European Economic Area (“EEA”) or UK members of our group or suppliers, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Notice. These measures will include the following permitted in Articles 45 and 46 of the EU’s General Data Protection Regulation:
- in the case of US based entities, entering into European Commission approved standard contractual arrangements with them; or
- in the case of entities based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them.
YOUR CALIFORNIA PRIVACY RIGHTS
On January 1, 2020, the California Consumer Privacy Act (CCPA) went into effect. The law requires companies to notify California residents about how their data is collected, used, and shared, and in some cases gives them rights to access and delete that data. This section provides Motus’ disclosures as required by the CCPA. These disclosures supplement and incorporate the statements in the other portions of the Privacy Notice. This section applies to all visitors, users, and others who reside in the State of California.
Information We May Collect
Motus collects User information from Users and Clients in order to administer and provide Motus Services to Motus Clients and Users and for the other purposes identified in this Privacy Notice. We may collect the following categories of information, as defined in the CCPA. The examples listed are only illustrative of potential types of data within each category, and Motus does not necessarily collect that data about every individual.
Sources of California Personal Information
We obtain the above categories of personal information from the following categories of sources:
- Directly from you: For instance, you may provide us with information when signing up for an account
- Indirectly from you: For example, we may observe your interactions on our website(s)
- From third parties: For example, your employer may provide us with information related to the services that we provide
- From publicly available information
Use of California Personal Information
We may use any of the above categories of collected User information to provide services requested from Users or Clients, maintain and improve our services, communicate with Users and Clients about Motus Services and affiliated third-party services, market Motus Services, prevent potentially illegal activities, protect the rights and property of Motus and third parties, respond to inquiries of Motus Clients and Users, and for any other purpose to which the User has consented. Our use and disclosure of California Personal Information is more fully described above, in the section entitled “How We Use The Information”.
Sharing California Personal Information
We may disclose your personal information to your employer or to another third party, as more fully described in the section above entitled “Sharing Information”. The vast majority of data that Motus collects and discloses to its Clients is in its capacity as a service provider, as defined by CCPA. Accordingly, Motus does not “sell” CCPA-covered personal information.
In the past 12 months, Motus has disclosed the following categories of personal information for a business purpose:
- Categories of personal information described in Cal. Civ. Code 1798.80(e)
- Characteristics of protected classifications under California or federal law
- Commercial Information
- Internet or other electronic network activity information
- Geolocation data
- Professional or employment-related information
In the past 12 months Motus has disclosed personal information to the following categories of third parties:
- Clients (i.e., the Users’ employers)
- Service providers
Your rights under the CCPA
The vast majority of the personal information that Motus collects is related to employees, as part of a service that we provide via their employers. Most of the rights provided under the CCPA do not currently apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals. The CCPA also currently exempts personal information reflecting a written or verbal business-to-business communication from many of its requirements.
Moreover, Motus typically acts as a service provider to its Clients, which are typically employers. The Clients solely determine the purposes and means of processing Clients’ personal information. To the extent that Motus collects or processes CCPA-covered personal information in its capacity as a service provider, requests for access to CCPA-covered data and deletion must be directed to the Motus Client. For instance, if you want to access or delete mileage data collected via Motus, you must contact your employer, which will then work with Motus to process your request.
In the rare instance that the CCPA rights apply to the personal information and Motus does not collect or process data in its capacity as a service provider, you have the following rights:
Access to Personal Information Collected or Sold and Data Portability: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see “Exercising Your Rights” section), we will disclose to you:
- The categories of personal information we collected about you;
- The categories of sources for the personal information we collected about you;
- Our business or commercial purpose for collecting that personal information;
- The categories of third parties with whom we share that personal information;
- The specific pieces of personal information we collected about you (also called a data portability request);
- If we disclosed your personal information for a business purpose, a separate list disclosing disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion of Personal Information: You have the right to request deletion of personal information. If you wish to do so, please contact us at any method listed below. The right to deletion is subject to certain exceptions, such as if we need the personal information to provide Motus Services or comply with a legal obligation.
No Discrimination: You will not be subject to discrimination for exercising any of your privacy rights.
Exercising Your Rights: To exercise any applicable access, data portability, and deletion rights, please submit a verifiable consumer request by: sending an email to firstname.lastname@example.org, calling toll-free +1 (888) 801-6714, or sending mail to Motus, LLC, Two Financial Center, 60 South Street, Boston, MA 02111.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
- Your name
- Additional information depending upon the type of request and the sensitivity of the information.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We use good faith efforts to respond to a verifiable consumer request within forty-five (45) days after its receipt. If we need more time (up to 90 days), we will inform you of the reason and the needed extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
You may designate an authorized agent to make a request under the CCPA on your behalf.
The California Shine the Light Law, Cal. Civ. Code Section 1798.83, requires companies to disclose certain information about information shared with third parties that is used for the third parties’ direct marketing purposes. These disclosure requirements only apply if Motus were to share personal information with third parties for the third parties to market their own services and products directly to consumers. If you are a California resident, you may request information about the disclosure of your personal information to third parties for the third parties’ direct marketing purposes by emailing email@example.com, calling +1 (888) 801-6714, or sending mail to Motus, LLC, Two Financial Center, 60 South Street, Boston, MA 02111.
YOUR RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION (“GDPR”)
Legal basis for use of your personal information
If you are based in the EU or the UK and we are processing your personal information as a data controller, then we require an appropriate legal basis to do so. The legal basis will depend on the reason or reasons we collected and need to use your information. Under EU and UK data protection laws, in almost all cases the legal basis will be as follows:
- our use of your personal information is necessary for complying with our legal obligations; or
- you have consented to us using your information for a particular purpose; or
- use of your personal information is necessary for our legitimate interests or the legitimate interests of others, for example, to:
- operate and ensure the security of the Motus Services and our website(s);
- run, grow and develop our business (as well as the businesses of our group companies);
- carry out marketing, market research and business development; and
- for internal group administrative purposes.
If we rely on our (or another person’s) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person’s) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information. You can ask us for information on this balancing test by using the contact details below.
Your rights under GDPR
If you are based in the UK or the EU, you have certain rights in relation to your personal information that we process on our own behalf as a data controller. As explained above, the vast majority of the personal data that Motus collects and processes relates to employees of Motus Clients, in the performance of services that we provide to Motus Clients as a data processor. If we process your personal data in connection with a service that we provide to your employer, your employer is responsible for complying with your rights under the GDPR in relation to that processing, and you should direct any queries or requests to exercise your rights in relation to that data to them. However, if you would like further information in relation to your rights under the GDPR or would like to exercise any of them in relation to the data that we process about you as a data controller, please contact us via email at firstname.lastname@example.org at any time. You have the following rights where we process your data as a data controller:
- Right of access.You have a right of access to any personal information we hold about you. You can ask us for a copy of your personal information; confirmation as to whether your personal information is being used by us; details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the United Kingdom or the EEA.
- Right to update your information.You have a right to request an update to any of your personal information which is out of date or incorrect.
- Right to delete your information.You have a right to ask us to delete any personal information which we are holding about you in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details below.
- We will pass your request on to other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are, using the contact details below.
- Right to withdraw consent. If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us using the contact details below and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide you with the service to which you have consented.
- Right to restrict use of your information: You have a right to ask us to restrict the way that we process your personal information in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details below.
- We will pass your request on to other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are using the contact details below.
- Right to stop marketing: You have a right to ask us to stop using your personal information for direct marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.
- Right to data portability: You have a right to ask us to provide your personal information to a third party provider of services.
- This right only applies where we use your personal information on the basis of your consent or performance of a contract, and where our use of your information is carried out by automated means.
- Right to object. You have a right to ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our or another person’s legitimate interest.
We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period under applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.
If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.
If you are in the UK or the EU, in accordance with Article 77 of the General Data Protection Regulation, you may also make a complaint to the data protection regulator in the country where you usually live or work, or where an alleged infringement of the EU’s General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.
If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact us at email@example.com or write to us at:
Two Financial Center
60 South Street, Boston, MA 02111
You also may call us, toll-free, at +1 (888) 801-6714.