MOTUS PRIVACY NOTICE
Last Revised: February 26, 2021
This Privacy Notice explains how Motus, LLC and its commonly-owned companies (“Motus” or “we”) collects, uses, shares, and handles information about individuals, including users (“Users”) of the Motus website(s), mobile app, and other services (collectively, “Motus Services”). For example and without limitation, Users include mobile workers who use the Motus app to track mileage for reimbursement from their employers, individuals who administer relocation services on behalf of employers, and employees or contractors of companies that use the Motus Services to manage their employees’ mobile devices. All references in this policy to “our website(s)”, refer to the website(s) owned by Motus at www.motus.com, www.runzheimer.com, and co-branded sites with Motus Clients.
We value your privacy and want to be accountable and fair to you as well as transparent with you in the way that we collect and use your personal information. We also want you to know your rights in relation to your information.
Motus collects Users’ information on behalf of Users’ employers, relocation management companies, or other companies that engage the services of Users (collectively, “Motus Clients”). Users may be direct employees or independent contractors of Motus Clients. Users also may be direct employees or independent contractors of Motus Clients’ Permitted Affiliates, as defined in the Motus Master Services Agreement.
If you are based in the European Union (“EU”) or the United Kingdom (“UK”), Motus is a data controller in respect of your personal information for certain of its processing activities, and is responsible for your data in respect of these activities. For other processing activities, Motus acts as a data processor on behalf of Motus Clients. Where Motus acts as a data processor on behalf of a Motus Client, the Motus Client will be the data controller responsible for your data. Likewise, if you are a California resident, in many cases Motus serves as the service provider for a Motus Client for the purposes of the California Consumer Privacy Act, as described below.
Please ensure that you have read and understood this Privacy Notice. Where you interact with us or use this website(s), we assume that you have done so. As Motus evolves, we may update this Privacy Notice to reflect changes in the manner in which we deal with personal information, whether to comply with then applicable regulations and self-regulatory standards or otherwise. The Privacy Notice posted here will always be current. We encourage you to review this statement regularly. If we make a material change to the Privacy Notice, we will notify you via e-mail at your most recent e-mail address on record and post a notice of the change on our website(s).
This Privacy Notice does not limit collection, use, sharing, or handling by Motus of aggregated, de-identified, or anonymized information, provided that the information cannot be associated with an individual.
If you have any questions or concerns about this Privacy Notice, e-mail Motus at [email protected]
INFORMATION WE COLLECT
Motus collects User information from Users and Clients in order to administer and provide Motus Services to Motus Clients and Users and for the other purposes identified in this Privacy Notice. The precise User information collected varies by Motus Services, and includes:
To deliver some services, such as mileage capture/reimbursement, Motus will collect precise location information related to a User’s location and route. Motus will only collect precise location information if a User affirmatively opts in to such collection via both the mobile device operating system settings and the settings on the Motus Service.
For instance, in order for a User to allow the Motus app to collect precise location information on the User’s iPhone, the User must take two steps. First, the User must allow Motus to access location information via the iPhone’s Privacy settings. Second, the User must enable location collection via the settings on the Motus app.
Users may choose to enable a Motus Service to automatically collect geolocation information during specific timeframes each day. Users also could manually start and stop precise geolocation data collection via the “Start” and “Stop” buttons, or similar options, on the Motus Service. Please note that the exact settings for precise location information collection vary by mobile operating system. If a User opts to enable a Motus Service to automatically collect geolocation information, that geolocation information will only be deleted when the User chooses to delete the associated trip and/or mileage submission in the relevant Motus Service, or as otherwise specified in this Privacy Notice.
Mobile device management data
To deliver mobile device management services, we may collect asset information from Motus Clients’ mobile device management tools. Asset information includes but is not limited to the make, model, and operating systems of devices and unique identifiers such as IMEI/MEID, ESN, and serial number.
Motus Services are not directed to children under the age of 16. Motus does not knowingly collect or store personal information about children under the age of 16.
If you are a child and we learn that we have inadvertently obtained personal information from you from our website(s)s, or from any other source, then we will delete that information as soon as possible. Please contact us at [email protected] if you are aware that we may have inadvertently collected personal information from a child.
Changes to your information
If a User would like to review or request changes to his or her information that is collected through a Motus Service (subject to certain exceptions prescribed by law), the User may email [email protected]
SOURCES OF INFORMATION
You may provide us with your personal information voluntarily by using the forms provided on the Motus Services, on our website(s), or by contacting us by phone, email or other means. This includes, for example, where you provide your personal information to us in order to receive products, information or services from us.
If you are a User, your employer (a Motus Client) may provide us with your personal information so that we can provide the Motus Services to them.
We also collect your personal information automatically through your use of the Motus Services and our website(s).
We may also receive information about you from third parties such as marketing agencies, market research companies, our suppliers, group companies, public website(s) and public agencies, which we refer to as “third party sources” or “suppliers”. If you are a supplier, you may also give us personal information about you when you are offering or providing services to us.
HOW WE USE THE INFORMATION
We use the User information that we collect to administer and provide our services to Motus Clients and Users.
We may use User information as a data processor on behalf of Motus Clients for the following purposes:
We may also use User information and information about Motus Clients for our own benefit, as a data controller, for the following purposes:
For visitors to our website(s) we will collect, use and store your personal information as a data controller for the following reasons:
If a third party has provided your information to us for marketing purposes, we will use and store your personal information as a data controller to communicate with you about Motus Services and affiliated third party services, via methods such as e-mail notifications, including sending you marketing communications for business development purposes.
If Motus collects User information on behalf of a Motus Client, it may share any of that User information with that Motus Client. For example, if Jane Doe uses the Motus app to track her car’s mileage for her employer, ABC Company, Motus may share any information that the Motus app collects about Jane Doe with ABC Company.
Additionally, under the following circumstances, Motus may provide third parties with the information that it has collected from a User, provided that the sharing is conducted for one of the following purposes:
We may share your personal information with our parent companies, subsidiaries, joint ventures, or companies under common control with us where it is in our legitimate interests to do so for internal administrative purposes (for example, for corporate strategy, compliance, auditing and monitoring, research and development and quality assurance).
We may also disclose and use anonymized, aggregated reporting and statistics about Users for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymized, aggregated reports or statistics will enable our Users to be personally identified.
Except as expressly detailed above, we will never share, sell or rent any of your personal information to any third party without so disclosing herein and, where necessary, obtaining your consent. If you have given your consent for us to use your personal information in a particular way, but later change your mind, you should contact us at [email protected] and we will stop doing so.
STORING YOUR PERSONAL INFORMATION
We keep your personal information for no longer than necessary for the business need for which the personal information is processed. The length of time for which we retain personal information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.
COOKIES, WEB BEACONS, AND DO-NOT-TRACK
For detailed information on the cookies we use and the purposes for which we use them, please refer to our Cookies Policy.
You can visit the AdRoll cookie opt-out page and Google Ads personalization page to opt-out of certain targeted advertising. You can also opt-out of targeted advertising by modifying your browser settings or by using a browser plug-in.
We take reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of personal information within our custody or control. These include security measures for and internal reviews of our data collection, storage, and processing practices and the use of Transport Layer Security (TLS) software to encrypt certain sensitive User information such as bank account data. We also implement physical security measures to guard against unauthorized access to systems where we store personal data.
We restrict access to User information to Motus employees, contractors, and agents who need to know that information in order to operate, develop, or improve our services. These individuals are bound by confidentiality obligations and may be subject to disciplinary measures, which may include termination and criminal prosecution, if they fail to meet these obligations.
Please note that while we take reasonable security measures to protect against unauthorized access, no safeguard can fully guarantee security of personal information.
Motus is headquartered in the United States and, regardless of where you use our Services or otherwise provide information to us, your information will usually be transferred to, maintained, and processed by Motus and our service providers in the United States or other jurisdictions in which we or they operate. Please note that privacy laws, regulations, and standards in the jurisdictions in which your information may be maintained and processed may not be equivalent to the laws in your country of residence and such information may be subject to lawful access by U.S. or other foreign courts, law enforcement, and governmental authorities.
If you are based in the UK or the EU, if we provide any personal information about you to any non- European Economic Area (“EEA”) or UK members of our group or suppliers, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Notice. These measures will include the following permitted in Articles 45 and 46 of the EU’s General Data Protection Regulation:
YOUR CALIFORNIA PRIVACY RIGHTS
On January 1, 2020, the California Consumer Privacy Act (CCPA) went into effect. The law requires companies to notify California residents about how their data is collected, used, and shared, and in some cases gives them rights to access and delete that data. This section provides Motus’ disclosures as required by the CCPA. These disclosures supplement and incorporate the statements in the other portions of the Privacy Notice. This section applies to all visitors, users, and others who reside in the State of California.
Information We May Collect
Motus collects User information from Users and Clients in order to administer and provide Motus Services to Motus Clients and Users and for the other purposes identified in this Privacy Notice. We may collect the following categories of information, as defined in the CCPA. The examples listed are only illustrative of potential types of data within each category, and Motus does not necessarily collect that data about every individual.
Sources of California Personal Information
We obtain the above categories of personal information from the following categories of sources:
Use of California Personal Information
We may use any of the above categories of collected User information to provide services requested from Users or Clients, maintain and improve our services, communicate with Users and Clients about Motus Services and affiliated third-party services, market Motus Services, prevent potentially illegal activities, protect the rights and property of Motus and third parties, respond to inquiries of Motus Clients and Users, and for any other purpose to which the User has consented. Our use and disclosure of California Personal Information is more fully described above, in the section entitled “How We Use The Information”.
Sharing California Personal Information
We may disclose your personal information to your employer or to another third party, as more fully described in the section above entitled “Sharing Information”. The vast majority of data that Motus collects and discloses to its Clients is in its capacity as a service provider, as defined by CCPA. Accordingly, Motus does not “sell” CCPA-covered personal information.
In the past 12 months, Motus has disclosed the following categories of personal information for a business purpose:
In the past 12 months Motus has disclosed personal information to the following categories of third parties:
Your rights under the CCPA
The vast majority of the personal information that Motus collects is related to employees, as part of a service that we provide via their employers. Most of the rights provided under the CCPA do not currently apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals. The CCPA also currently exempts personal information reflecting a written or verbal business-to-business communication from many of its requirements.
Moreover, Motus typically acts as a service provider to its Clients, which are typically employers. The Clients solely determine the purposes and means of processing Clients’ personal information. To the extent that Motus collects or processes CCPA-covered personal information in its capacity as a service provider, requests for access to CCPA-covered data and deletion must be directed to the Motus Client. For instance, if you want to access or delete mileage data collected via Motus, you must contact your employer, which will then work with Motus to process your request.
In the rare instance that the CCPA rights apply to the personal information and Motus does not collect or process data in its capacity as a service provider, you have the following rights:
Access to Personal Information Collected or Sold and Data Portability: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see “Exercising Your Rights” section), we will disclose to you:
Deletion of Personal Information: You have the right to request deletion of personal information. If you wish to do so, please contact us at any method listed below. The right to deletion is subject to certain exceptions, such as if we need the personal information to provide Motus Services or comply with a legal obligation.
No Discrimination: You will not be subject to discrimination for exercising any of your privacy rights.
Exercising Your Rights: To exercise any applicable access, data portability, and deletion rights, please submit a verifiable consumer request by: sending an email to [email protected], calling toll-free +1 (888) 801-6714, or sending mail to Motus, LLC, Two Financial Center, 60 South Street, Boston, MA 02111.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We use good faith efforts to respond to a verifiable consumer request within forty-five (45) days after its receipt. If we need more time (up to 90 days), we will inform you of the reason and the needed extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
You may designate an authorized agent to make a request under the CCPA on your behalf.
The California Shine the Light Law, Cal. Civ. Code Section 1798.83, requires companies to disclose certain information about information shared with third parties that is used for the third parties’ direct marketing purposes. These disclosure requirements only apply if Motus were to share personal information with third parties for the third parties to market their own services and products directly to consumers. If you are a California resident, you may request information about the disclosure of your personal information to third parties for the third parties’ direct marketing purposes by emailing [email protected], calling +1 (888) 801-6714, or sending mail to Motus, LLC, Two Financial Center, 60 South Street, Boston, MA 02111.
YOUR RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION (“GDPR”)
Legal basis for use of your personal information
If you are based in the EU or the UK and we are processing your personal information as a data controller, then we require an appropriate legal basis to do so. The legal basis will depend on the reason or reasons we collected and need to use your information. Under EU and UK data protection laws, in almost all cases the legal basis will be as follows:
If we rely on our (or another person’s) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person’s) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information. You can ask us for information on this balancing test by using the contact details below.
Your rights under GDPR
If you are based in the UK or the EU, you have certain rights in relation to your personal information that we process on our own behalf as a data controller. As explained above, the vast majority of the personal data that Motus collects and processes relates to employees of Motus Clients, in the performance of services that we provide to Motus Clients as a data processor. If we process your personal data in connection with a service that we provide to your employer, your employer is responsible for complying with your rights under the GDPR in relation to that processing, and you should direct any queries or requests to exercise your rights in relation to that data to them. However, if you would like further information in relation to your rights under the GDPR or would like to exercise any of them in relation to the data that we process about you as a data controller, please contact us via email at [email protected] at any time. You have the following rights where we process your data as a data controller:
We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period under applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.
If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.
If you are in the UK or the EU, in accordance with Article 77 of the General Data Protection Regulation, you may also make a complaint to the data protection regulator in the country where you usually live or work, or where an alleged infringement of the EU’s General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.
If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact us at [email protected] or write to us at:
Two Financial Center
60 South Street, Boston, MA 02111
You also may call us, toll-free, at +1 (888) 801-6714.