Privacy Policy

Last updated: September 1, 2024.

About us

Protectus d.o.o., Mednarodni prehod 6, Vrtojba, 5290 Šempeter pri Gorici, Slovenia is the data controller with respect to personal information collected through the Services (as defined below) and is the responsible entity for the collection, processing and use of the Personal Data. If you want to exercise any of your rights in relation to our processing of your Personal Information, Protectus d.o.o. shall be the responsible party. You can contact us at privacy@carlock.co.

Our primary goals in using your data and information are to create your account, provide Services to you, improve our Services, contact you, conduct marketing and research, and create anonymous statistical reports for internal use.

Please note that the scope of this Privacy Policy is limited to information and data collected or received through your use of the Service.

If you do not agree to these terms, please do not use the Service.

For general information and privacy questions please feel free to contact us at privacy@carlock.co.

We offer services to our users, through our:

• Website carlock.com (the “Website”);
• Website my.carlock.com (the “Web app”);
• Website location.carlock.com (the “Location sharing web app”);
• Website billing.carlock.com (the “Billing web app”);
• Website support.carlock.com (the “Support Center”);
• CarLock mobile application (the “CarLock app”);
• Social media pages;
• Other associated services that we provide both online and offline.

The services listed above are collectively referred to as the “Services”. This policy only applies to us. If you link to another website from our website, you should also remember to read and understand that website’s privacy policy. We do not control third-party websites and are not responsible for any use of your personal data that is made by third-party websites.

How we collect and use your information

In this Privacy Policy, the term "Personal Information" means any information relating to an identified or identifiable natural person; an identifiable person can be identified, directly or indirectly, in particular by reference to a name, an identification number, or, in certain circumstances, location information, an IP address or the unique identifier allocated to each CarLock device. Specifically, we collect, process, and use the following information from you, which may include Personal Information:

Placing an Order

Contact information

When you place an order on our website, you’ll need to provide an email address, a first and last name, a shipping and billing address, and any other information you voluntarily give to us.

Additionally, for shipping (hardware) to most parts of the world, we will require you to provide a contact phone number used for delivery purposes. This is a requirement from many delivery companies that we work with.

The contact information will be used to complete and fulfill the order. Your related personal information will be retained according to the Slovenian tax and accounting legislation (10 years for issued invoices).

Information Provided by You About Others

When providing the personal information of another person, we rely upon you to obtain the consent necessary for us to process their personal information.

For sending CarLock as a gift, the processing of the gift recipient's personal information you provide on the webpage (in the cart and during the checkout process) will be consistent with the description for processing Contact Information from the previous chapter and any other references to the Contact Information throughout our Privacy policy.

Information About You Provided by Others

If you received CarLock as a gift directly from our webpage, someone else has provided your personal information to us to make it possible to send the package directly to you. The processing of your personal information will be (and was) strictly limited to the minimum required processing that we needed to do to ship the package to you and will be retained based on the requirements of our Slovenian legislation. Your personal information was shared with our shipping providers and external fulfillment partners acting as data processors for us and in no way for their use. No additional processing will be done on your personal information.

Payment Information

To complete your order on our website, you’ll need to provide payment information, such as your credit card, PayPal account, Apple Pay, or Google Pay. This information is needed to process your order and is not stored on our servers, but servers of the listed 3rd party payment providers.

List of the available 3rd party payment providers that are available for use on our webpage with links to pages explaining their privacy policies:

• Stripe
• PayPal

Order Fulfillment for Hardware

All orders are fulfilled by our external warehousing and fulfillment partner Amazon and their network of delivery partners.

We will share your shipping address with any of the warehousing and fulfillment partners for the purpose of delivering the items you have ordered to your address.

Registration for the use of our Services

You can register for the use of our Services by manually creating a CarLock account or by using an existing third-party account, such as Apple, or Google to create one.

When creating a CarLock account, you need to provide a display name, a valid email address, and a password. You can choose whether or not your display name includes your first and/or last name.

When using an existing third-party account, we obtain your profile information (name) and your email address from this account. The information we get from third-party providers often depends on your settings or their privacy policies, so be sure to check what those are.

We do not identify you personally to other users or make your account information available to any third parties in any way that could identify you without your prior consent.

Information from your use of our Services

CarLock ID and name

When you activate CarLock using the CarLock app, CarLock’s unique identifier (or CarLock ID) will be associated with your account. If you choose to name your CarLock, this information will also be associated with your account.

Account ID

Account ID may allow for multiple users.

User ID

User ID may allow for multiple vehicles.

Monitored object ID

Monitored object ID is linked to individual CarLock device.

Location Information

CarLock GPS tracker is a small navigation device equipped with a GPS receiver that determines the position of the monitored object (vehicle or any other object) it is installed into. The position of the monitored object is determined with the help of reference points - the satellites that send information to the ground. The tracking device uses those reference points to calculate the location and transmits it to the server. This makes it possible to display the location of the monitored object on the map, which any authorized person can view.

GPS tracking systems generally include the following crucial components: a tracking unit, a server that receives tracking information from the tracking unit, and a user interface that enables displaying the location of the monitored object.

To do that, it’s necessary to collect data about your location. We use the term “Location Information” to refer to the combined location data of your tracking unit, server, and device with the CarLock app.

While the tracker is installed in your vehicle, it periodically transmits the Location Information. This allows us to show you the location of the tracking unit on the map. We periodically collect and update location information when the CarLock GPS tracker is installed in the monitored object. When the object moves the location is collected every 7 to 30 seconds depending on the chosen subscription plan. The location is also collected when the object changes direction for more than 40 degrees or when the speed changes for more than 20 km/h.

If you use a computer, phone, or other device in relation to the Services, we use the IP address of that computer or device to determine an approximate location (only to the country level). We do this to provide you with a better, more personal experience. Your Location Information is never shared with others unless you choose to share it yourself by sharing the location link. The location link automatically expires after 30 minutes to 24 hours upon your discretionary selection of such time of expiry.

Usage Information

These days, whenever you use a website, mobile application, or other internet service, there’s certain information that almost always gets created and recorded automatically. The same is true when you use our Services. We track how, and how often you use our Services. We also collect certain information that your mobile device sends when you use them for Services. This includes information such as your device’s model, operating system type and version, and the dates and times of your requests. We use this information to provide you with optimal Services and customer support and to collect anonymous statistics that help us understand our user base.

We do analytics on an aggregate basis and not on a personal basis.

Activity Recognition (Physical Activity and Health Data)

CarLock IOS app uses activity recognition (physical activity recognition) features on your phone to help detect when you are no longer driving.

Information collected through CarLock’s Support Services

We provide support services via live chat on our website, email request submissions, and direct email. We collect Personal Information you may have to provide to our customer care team in the process. This includes, but is not limited to: your name, email address, and mailing address. In the absence of such data, we cannot provide you with Support Services. We may use and process your Personal Information, including Location information, to handle your support request and provide you with the best support possible, including quality assurance control.

As described in greater detail below, we may share this information (including Personal Information) with our affiliates and with third-party partners (as defined below) and use it in ways consistent with this Privacy Policy.

Will it Work on the Webpage

We collect your email address when you fill out the “Will it work” form on our website. We collect this information only for the purpose of providing you with information on whether the designated car model works with CarLock.

Purposes and legal basis of data processing

We process your personal data in accordance with the GDPR and any national legislation (hereinafter: “Data Protection Regulation”). In compliance with such Data Protection Regulations, we will only process your personal data if at least one of the following legal bases applies, as detailed in the section below regarding our specific data processing activities:

• The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 (1) b) GDPR)
• The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Art. 6 (1) a) GDPR)
• Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data (Art. 6 (1) f) GDPR). We process your personal data in order to pursue our legitimate interests or the legitimate interests of a third party, where those legitimate interests override any of your rights and the data processing activities are necessary to satisfy such legitimate interests. In such cases, we have carried out a legitimate interest assessment where those legitimate interests, impacts, and guarantees have been analyzed. Those cases are the following:
  • Improving our processes and service levels relating to the provision of Services based on our legitimate interest in improving our internal processes and services offered to customers and improving the customer experience.
  • Direct marketing for our products and partnership offers, based on our legitimate interest to inform customers about updates to existing products, the launch of new products as well as products which are offered together with partners and promotions, including market and opinion analysis. For this purpose, we use customer segmentation. In individual cases, the processing may constitute profiling.
  • Enforcement of claims and defense within legal disputes, based on our legitimate interest of exercising its right of defense before courts/competent authorities.
  • To ensure IT security, based on our legitimate interest to ensure the security of the IT infrastructure used to provide its services and products.
  • Fraud prevention is based on our legitimate interest not to contract or provide services to any potential customer related to fraud.
  • To conduct and produce anonymized statistical research and reports, based on our legitimate interest to conduct research and analysis regarding the use customers make of the products and features provided by us.
  • Product analysis which may include the analysis of your user behavior in relation to certain products and promotional offers, based on our legitimate interest in developing, testing, and optimizing products and services. If possible, the data is anonymized in the first step, i.e. personal data is no longer processed afterward. In individual cases, the processing may constitute profiling.
  • Processing is necessary for compliance with a legal obligation to which the controller is subject (Art. 6 (1) c) GDPR)

We use information collected through our Service for purposes described in this Privacy Policy or disclosed to you in connection with our Service. For example, we may use your information to:

• Operate and Improve our Service:
  • Fulfill your online orders and enable registration for the use of our Service;
  • Understand you and your preferences to enhance and customize your experience and enjoyment using our Service;
  • Respond to your comments and questions and provide support service;
  • Send you Service-related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
  • Any other processing necessary for the performance of a contract with you.
• Ensure physical, network, and information security and integrity:
  • This is necessary for our legitimate interest of ensuring that our IT systems and networks are secure and uncompromised, including, for example, backup and archiving, preventing malware, viruses, bugs, or other harmful code, preventing unauthorized access to our systems, and any form of attack on, or damage to, our IT systems and networks.
• Deliver marketing and promotional information:
  • Communicate with you about our offers, promotions, rewards, upcoming events, and other news about our Services and products only upon your explicit consent.
• For statistical and research purposes:
  • We will anonymize your data and use them for our legitimate interests of processing Personal Information for research purposes, including market research, better understanding of our respective customers, and tailoring our respective products and Services to their needs;
  • Sharing aggregated data with business partners.
• For purposes of tracking your Location Information:
  • We will store your location to operate our Services
  • We will store your historical Location Information and use it for improving and personalizing our Services only upon your explicit consent.
• For compliance and legal purposes:
  • Indicating possible criminal acts or threats to public security to a competent authority. This is necessary for our legitimate interest of promoting the success of our business, preventing crime, for compliance with a legal obligation to which we are subject;
  • In connection with any legal or potential legal dispute or proceedings. This is necessary for our legitimate interest of promoting and ensuring the success of our business, resolving disputes, and making such disclosures as are required by law or which we consider, acting reasonably, are required by law.
• For business or share sale purposes:
  • In connection with disclosure requests and in the case of a business or share sale or sale or purchase of a business and/or assets, whether actual or potential. This is necessary for our legitimate interests of selling and/or ensuring and promoting the success of our business.

How we may share your Personal Information with third parties

We may share your data (including Personal Data) with our affiliates also outside of the EU.

Some of our data processing activities can be carried out by a third party on our behalf (Data Processing Partners). Where the processing of personal data is carried out on our behalf, we conclude a separate contract with the processor in accordance with Art. 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR”).

Data Processing Partners are:

• IT Services and Infrastructure Providers
  • Microsoft Azure
  • Google Cloud
  • Zendesk
  • Amazon (AWS)
  • Google Workspace
  • Vonage
  • Plivo
  • Mailgun
  • Mailchimp
  • Stripe
  • PayPal
  • Avask
  • E-racuni
  • Sentry
• Order Fulfillment Services
  • Amazon
  • Shipica
  • DHL Express
• Analytics Providers
  • Chart Morgul
  • Mixpanel
• Third Party Advertising Providers
  • Google Ads
  • Facebook

This list may change from time to time. We may share information that can be used to personally identify your device (e.g. persistent identifiers such as IDFA, IDFV, advertising ID, and IP address) for the purposes of delivering our Services, displaying advertisements, conducting analysis and researching and measuring our Data Processing Partners’ advertising campaign performance. The privacy policies of Data Processing Partners may include additional terms and disclosures regarding their data collection and use practices and tracking technologies, and we encourage you to check those privacy policies to learn more about their data collection and use practices, the use of cookies, and other similar tracking technologies.

We cannot guarantee that the Data Processing Partners will adhere to the contractual obligations or acceptable business practices. We strive to protect the information provided to our Data Processing Partners. We have no direct control over their use of the collected information. Therefore, you acknowledge that we are not liable for any third-party privacy breach and that our liability for Data Processing Partners is limited to the amount we are able to receive as indemnification from Data Processing Partners.

We may also release your information as permitted by law, such as to comply with a subpoena, or when we believe that release is appropriate to comply with the law; investigate fraud, respond to a government request, enforce or apply our rights; or protect the rights, property, or safety of us or our users, or others. This includes exchanging information with other companies and organizations for fraud protection.

Cookies and similar technologies

We and our analytics service providers use technologies such as cookies, scripts, advertising IDs, and tags to identify a user's device and to remember things about your visit. For details please consult our Cookie Policy.

Your rights in relation to your data

You have the following rights in relation to your personal information, which you can exercise by writing to the following address privacy@carlock.co:

• To request access to your personal information and information related to our use and processing of your personal information;
• To request the correction or deletion of your personal information;
• To request that we restrict our use of your personal information if technically viable;
• To receive personal information that you have provided to us in a structured, commonly used, and machine-readable format (e.g. an Excel spreadsheet) and the right to have that personal information transferred to another data controller (including a third-party data controller);
• To object to the processing of your personal information for certain purposes (for further information, see the section below entitled “Your right to object to the processing of your personal information for certain purposes”);
• To withdraw your consent to our use of your personal information at any time where we rely on your consent to use or process that personal information. If you withdraw your consent, this will not affect the lawfulness of our use and processing of your personal information on the basis of your consent before the point in time when you withdraw your consent.

You also have the right to lodge a complaint with a supervisory authority, which, for the purposes of Slovenia, is the Information Commissioner, the contact details of which are available here: https://www.ip-rs.si.

For further information about your rights in relation to your personal information, including certain limitations, which apply to some of those rights please see Articles 12 to 23 of the General Data Protection Regulation (GDPR), which is available here: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf.

We will respond to your access request within a reasonable timeframe.

We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.

Your right to object to the processing of your data for certain purposes

You have the following rights in relation to your personal information, which you may exercise in the same way as you may exercise the rights in the preceding section (Your rights in relation to your personal information):

• To object to us using or processing your personal information where we use or process it in order to carry out a task in the public interest, where we do so in the exercise of official authority or for our legitimate interests, including “profiling” (i.e. predicting your behavior based on your personal information) based on any of these purposes;
• To object to us processing your personal information for direct marketing purposes (including any automated evaluation we make about you or any of your characteristics as a person, to the extent that it is related to such direct marketing).

You may also exercise your right to object to us using or processing your personal information for direct marketing purposes by:

• Clicking the unsubscribe link contained at the bottom of any marketing email we send to you and following the instructions, which appear in your browser following your clicking on that link; or
• Sending an email to privacy@carlock.co asking that we stop sending you marketing communications.

Whenever you object to direct marketing from us by a different communication method to that of the marketing communications you have received from us, you must provide us with your name and sufficient information to enable us to identify you in relation to the communications you have received.

Security safeguards

We take appropriate technical and organizational measures to secure your personal information and to protect it against unauthorized or unlawful use or processing as well as against the accidental loss or destruction of, or damage to, your personal information, including:

• Only sharing and providing access to your personal information to the minimum extent necessary and subject to confidentiality restrictions;
• Training our employees about the importance of confidentiality and maintaining the privacy and security of your information;
• Committing to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities;
• Updating and testing our security technology on an ongoing basis;
• Using secure server providers to store your personal information;
• Requiring proof of identity from any individual who requests access to personal information.

Although we make good faith efforts to store the information collected on the Service in a secure operating environment that is not available to the public, we cannot guarantee the absolute security of that information during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party "hackers" from illegally obtaining access to this information. We do not warrant or represent that your information will be protected against, loss, misuse, or alteration by third parties. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.

Data retention

We retain your information:

• For as long as you have not deleted your account or until expiry of your subscription. When the trial or subscription expires, we keep your data for one year and 30 days. We notify you by email 30 days before your data is scheduled for deletion. After the data has been deleted from the database it is still available in the recoverable backup for 14 days.
• For any legal obligation to continue to process your information, such as any record-keeping and tax obligations imposed by applicable law, or whether we have any legal basis to continue to process your personal information, such as your consent;
• To retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

As indicated above we will store your information for no longer than necessary. When information is no longer needed, we shall delete it using reasonable measures to protect the information from unauthorized access or use.

For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at privacy@carlock.co.

Our policy regarding children

We do not knowingly collect or solicit personal information from or direct or target interest-based advertising to anyone under the age as prescribed by relevant local regulations or knowingly allow such persons to use our Services. If you are under such an age limit, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under such limit may provide any Personal Information. If we learn that we have collected personal information from a child under the limit, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under the limit, please contact us at privacy@carlock.co.

International transfer

We may transfer information that we collect about you to affiliated entities, or to Data Processing Partners across borders and from your country or jurisdiction to other countries or jurisdictions around the world. Please note that these countries and jurisdictions may not have the same data protection laws as your own jurisdiction, and we take steps to ensure adequate safeguards are in place to enable the transfer of information to the U.S. and the use and disclosure of information about you, including personal information, as described in this Privacy Policy.

When we transfer your personal information outside the European Economic Area, the country to which it is transferred will either be subject to an adequacy decision by the European Commission or if not (or if we transfer your personal information to an international organization), we will ensure that the transfer takes place on the basis of one or more of the following safeguards:

• Data protection policies adhered to by the data controller and other companies and entities within our corporate group from time to time, which comply with applicable laws, known as “binding corporate rules” or “BCRs”;
• Standard data protection clauses adopted by the European Commission or adopted by the Information Commissioner and approved by the European Commission in accordance with relevant law;
• A code or codes of conduct produced by an association or other body approved by the Information Commissioner;
• An approved certification mechanism; or
• Where authorized by the Information Commissioner, contractual clauses between the data controller or processor and the data controller, processor, or recipient of the personal information in the third country or international organization.

Data protection officer

We have appointed a data protection officer.

You can get in touch with our DPO at dpo@carlock.co.

Regional Specific Provisions

Where we are subject to certain privacy requirements in the United States, the following also applies:

U.S. Children’s Privacy. We do not knowingly collect the personal data of children under the age of 13. If you are a parent or guardian and believe we have collected information about a child, please contact us as described in this Privacy Policy. We will take steps to delete the information as soon as possible. Given that our websites and online services are not directed to users under 16 years of age and in accordance with the disclosure requirements of the CCPA, we do not sell the personal data of any minors under 16 years of age. Where we are subject to certain privacy requirements in the United States in the State of California, the following also applies:

Do Not Track. Your browser may allow you to set a “Do not track” preference. Unless otherwise stated, our sites do not honor “Do not track” requests. However, you may elect not to accept cookies by changing the designated settings on your web browser or, where available, by referring to our Cookie Statement. Cookies are small text files placed on your computer while visiting certain sites on the Internet used to identify your computer. If you do not accept cookies, you may not be able to use certain functions and features of our site.

This site does not allow third parties to gather information about you over time and across sites.

You have the right:

• to request from us access to your personal data that we collect, use, or disclose about you;
• to request us to delete personal data about you;
• to opt out of the use or disclosure of your sensitive personal information;
• to non-discriminatory treatment for exercising any of your data protection rights;
• if you request access to your personal data, for such information to be portable, if possible, in a readily usable format that allows you to transmit this information to another recipient without hindrance

In accordance with the disclosure requirements under the California Consumer Privacy Act (“CCPA”), we do not and will not sell your personal data or otherwise permit the use of your information for any kind of cross-context behavioral advertising. In accordance with the verification process set forth in the CCPA, we will require a more stringent verification process for deletion requests, or for personal data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your personal data. If we must request additional information from you outside of the information that is already maintained by us, we will only use it to verify your identity so you can exercise your data protection rights or for security and fraud-prevention purposes.In addition to contacting privacy@carlock.co, you may also exercise your rights as follows:

• You can also designate an authorized agent to submit requests to exercise your data protection rights to us. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.

Changes to this Privacy Policy

We will occasionally update this Privacy Policy as necessary to protect our users, furnish current information, and respond to legal and technical changes. If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on our Website prior to the change becoming effective. We encourage you to periodically review our Website for the latest information on our privacy practices.

If you have any questions or concerns about our data privacy practices, or if you have any requests for resolving issues with your personal information, please contact us at privacy@carlock.co. Customer support is available in the English language.