Privacy Policy

Last Updated: June 22, 2021
This is the privacy policy of Sygic a. s., with its registered seat at TwinCity, C, Mlynské Nivy 16, 821 08 Bratislava, Slovakia, company ID No. (IČO): 35 892 030 and affiliated companies belonging to Sygic Group (collectively, “Sygic”, “we”, “us”, “our”, or “we”). This privacy policy provides an overview about how we process personal data about users of our mobile applications, software, websites or generally our products and services we provide to you including anciallary services that we provide together with our business partners and which may be available through our mobile applications (the “Services”).

## Our privacy commitment
We take privacy very seriously. Being an EU-based company, we must comply with the EU general data protection regulation (the “GDPR“) when processing the personal data. We provide our Services either directly to natural person end-users or to our business clients in which case we process personal data about their employees or users. We regard all natural person users of our Services data subjects according to the GDPR.

## Contact us
If you have any questions concerning how we process your personal data, you can contact us at privacy@sygic.com or by post using our registered seat address above. All privacy enquiries sent to us are received and reviewed by our data protection officer ('DPO') appointed to serve as a contact point for you and supervisory authorities.

## Why do we process your personal data?
Generally, we need to process your personal data in order to:

  • provide the Services;
  • meet our legal or contractual obligations;
  • pursue our legitimate software developer interests.

In particular, we process your personal data for the following purposes:

Provision of the Services
Performance of contract pursuant to the Art. 6(1)(b) of the GDPR and legitimate interest pursuant to the Art. 6(1)(f) of the GDPR

Development, improvement & testing
Legitimate interest pursuant to the Art. 6(1)(f) of the GDPR

Direct marketing communications (newsletter & push notifications)
Consent pursuant to the Art. 6(1)(a) of the GDPR or similar products or services pursuant par. 62(3) of Slovak Electronic Communications Act (legitimate interest pursuant Art. 6(1)(f) GDPR)

Marketing analytics
Legitimate interest pursuant to the Art. 6(1)(f) of the GDPR

Statistics
Article 89 of the GDPR

Maintaining social media profiles
Legitimate interest pursuant to the Art. 6(1)(f) of the GDPR

Consumer contests
Performance of contract pursuant to the Art. 6(1)(b) of the GDPR

Billing, Tax & Accounting
Compliance with legal obligations pursuant to the Art. 6(1)(c) of the GDPR

Security of personal data
Compliance with legal obligation the Art. 6(1)(c) of the GDPR

Handling user requests
Compliance with legal obligation the Art. 6(1)(c) of the GDPR

Legal enforcement (establishment, exercise or defense of legal claims)
Legitimate interest pursuant to the Art. 6(1)(f) of the GDPR

Whistleblowing
Compliance with legal obligation the Art. 6(1)(c) of the GDPR

Archiving purposes and administration of the registries
Compliance with legal obligation the Art. 6(1)(c) of the GDPR and the regime of privileged purposes according to Art. 89 GDPR

## What do these purposes mean?

Provision of the Services

Every time you download any application from Sygic whether through Google Play, iTunes, Sygic E-Shop, or other stores, you agree to and conclude with us the End-User-Licence-Agreement which represents a contract concluded between us (the"EULA"). According to EULA, we are obliged to provide you with the Services which correspond to the specific functionality of the particular application and your in-product purchases. Any processing which is necessary to perform our obligations from the EULA as explained above is regarded a separate purpose of processing and is not subject to a separate data subject consent. For example, this includes:
• Ensuring the basic functionality and additional functionality of the application (add-ons, features);
• User registration and administration of the user accounts (user login);
• Customer pre-contractual relationship management;
• Handling orders and purchases via app or e-shop;
• Recommendations for better user experience;
• Customer support; or
• Communication of service information to user.

Provision of the Services covers all the below listed applications while the EULA might be concluded with you by different affiliated companies belonging to Sygic Group, as shown below. For avoidance of doubts, Sygic entity acting shown next to your application is “Sygic” according to this privacy policy to you.

Application Basic functionality description Sygic entity, data controller, Service provider

Road Lords (Android) Free truck GPS navigation with offline maps of 48 countries including Europe, Russia and Turkey. It is designed to choose the best route for your truck, caravan, bus, van or other type of large vehicles. It also covers live traffic information from roads, such as incidents, as well as informs truck drivers about police controls, speed cameras and much more. Sygic, a.s. (Slovakia)

Provision of the Services may also include the so-called Anciallary Services that we provide in cooperation with our business partners and which you can order through our applications (see more info in point 8 of the EULA).

We consider the subsequent implementation of the procedures agreed with the insurance company as our legitimate interest. In particular, the provision of personal data of insured and co-insured persons to Union Insurance in connection with the handling of complaints, claims, submissions, claims reports, the giving of opinions, invoicing documents or the subsequent storage of insurance documents. Union poisťovňa, a.s. is an independent controller which in the event of acceding to the insurance, processes your personal data for the purpose of performing insurance activities and exercising the rights and obligations arising from the insurance in accordance with its information obligations.

Development, improvement & testing

As a software developer we need to be able to continuously develop, improve, maintain and test our software products which we regard our own legitimate interest. This typically includes:
• Removal of bugs and other software faults or errors;
• Development of new application updates, versions or functionalities (features);
• General analysis of application;
• Analysis of user trends within the application including general user profiling based on that;
• Accuracy analysis (location, speed, direction or other values);
• Customer polls focused on improvement of the Services;
• Customer feedback on design and user experience;
• Testing on the production copies of partially anonymized data.

Direct marketing communications (newsletter & push notifications)

We do not send-out direct marketing communication to everyone. If you receive a direct marketing message from us it’s either because you have previously granted us a specific direct marketing consent or because we have obtained your email within the process of providing you with our Services and the message relates to a similar product or service. Irrespective of that, you can always opt-out from receiving any further direct marketing communication and/or object to processing of your personal data for direct marketing purposes as explained below.

Marketing analytics

We regard our marketing analytics a distinct purpose of processing personal data from sending out direct marketing communications. Some of the below activities might not necessarily involve processing of personal data. However, we would like to be transparent about the processing activities we undertake (with data generally) and would like to give our users full control over marketing related processing of personal data, as explained here. All of the below activities do correspond with our legitimate interest of better understanding our customers, customer trends and expectations when providing or offering our Services. For example, marketing analytics may include:
• General analysis of user behavior for better marketing strategies, decision or more personalized targeted advertising;
• Targeted advertising of Sygic products or services for example via Facebook App Install ads, Google AdWords, PayPerClick and similar tools;
• Performance analysis of different marketing campaigns (e.g. Exponea, Google Analytics);
• Cross-device linking (pairing of data about different devices of the same user);
• User segmentation for more personalized direct marketing communication (if conditions for direct marketing communications are met).

Statistics

We keep various anonymous or aggregated statistics based on which one cannot identify an individual. For example, we might keep statistics about how many users are using our applications or what is the average usage time of our applications. Although these statistics are made by conversion or analysis of real personal data, the statistic findings or results are not personal data.

Maintaining social media profiles

We maintain several business profiles on social media platforms where you can interact or communicate with us. By doing so, we are pursuing our legitimate interest: increasing company/brand awareness in online environment. We might process your personal data via our social media profiles when you write to us, comment, like or share our posts. Your provision of personal data via social media to us is voluntary. Please read relevant privacy policies to better understand processing of your personal data by providers of social media. We only have a typical admin control over the personal data processed by us via our own company profiles. We assume that by using these social media platforms, you understand that your personal data might be processed for other purposes and that your personal data might by transferred to other third countries and third parties by providers of social media platforms. You can currently find us on Facebook, Linkedin, Twitter, Instagram, Pinterest, Youtube, Stack Overflow, Github, Tumblr, Dribble, Behance and Vimeo.

Consumer contests

We might organize customer contests, price giveaways or similar promotional activities for example via our social media profiles. When we do so, we typically put forwards terms & conditions or statute which you need to accept before joining the contest. By doing so, you conclude a contract with us meaning we do not need your consent for participation and related processing of your personal data. However, we would always ask your consent should the circumstances require so.

Billing, Tax & Accounting

When you purchase any paid add-on, feature or application from us, we must process your personal data in line with the applicable billing, tax and accounting legislation. Invoices and invoicing documentation might include your personal data. However, we are obliged to process, keep and store such data for statutory periods in order to be compliant with local law. Specific provisions of billing, tax and accounting legislation might vary across different jurisdictions.

Security of personal data

We are obliged to adopt measures to ensure appropriate level of personal data security. Although these measures are not primarily directed for processing of personal data (which is rather a by-product of their purpose), processing of your personal data to some necessary extent might be needed in order for these measures to be implemented (for example encryption, pseudonymization, logging, backups, crash reporting, breach/incident reporting, security investigations and documentations, access control, harmful content detection, etc.).

Handling user requests

Every time we are legally required to handle your requests, we must necessarily process your personal data. For example, when you approach us with request based on your data subject rights stemming from GDPR, we must process your personal data in order to comply with GDPR requirements.

Legal enforcement (establishment, exercise or defense of legal claims)

From time to time, we might need to pursue a legal claim, ask for compensation or off-court settlement, keep evidence for potential dispute, manage legal contracts, request legal advice from external advisors, report illegal activity to law enforcement authorities or otherwise protect our legitimate legal interests (i.e. enforcing our legal rights). Although these activities do not automatically involve processing of personal data about our users (which happens very rarely), we would like to be transparent about such purpose of processing in case it does.

By virtue of this privacy policy, all of the above purposes are determined by us generally against all users of our Services , or any other persons concerned, from the moment of their collection despite the fact that the actual processing operation or purpose might not be relevant to every individual in every case. From this reason, we do not regard these as “other” purposes pursuant to Art. 6(4) of the GDPR which would require us to inform you about such purposes once they become relevant in future.

Whistleblowing

Pursuant to Slovak Act no. 54/2019 Coll. on the protection of whistleblowers of anti-social activities Sygic as an employer with more than 50 employees, has the obligation to appoint a responsible person, to adopt, resp. to update the internal regulation on the details of the verification of notifications, to examine each notification of anti-social activity and to keep appropriate records of notifications. As part of performance of these obligations, the personal data of notifiers, employees or other persons may be processed.

Archiving purposes and administration of the registries

Slovak Act no. 395/2002 Coll., on archives and registries in conjunction with Sygic's registry plan apply to the storage of personal data that we process about you. According to the registry plan, we are obliged to keep registry records during the storage periods specified therein.

## How do we collect your personal data?
Generally, we collect your personal data directly from you (source), for example when you decide to download our app, make a purchase, register your account, use an additional service, which may also include to get a service provided jointly with a business partner fill-out marketing consent form, contact us or otherwise use our Services. Provision of personal data to us by you might happen directly, for example by filling-out registration, order or consent form but might also happen indirectly for example by using our apps which need to collect data in order to operate and in order to provide you with the Services requested. For example, when using our navigation or localization apps, we must collect your precise location, speed and bearings. Provision of personal data by you is voluntary or presents either a requirement to enter into a contract or a contractual requirement (EULA). Certain processing of personal data might be required by law or required by us in order to pursue our own legitimate interests, as explained above. However, if you decide not to provide us your personal data in the first place, these additional statutory or legitimate interest provisions of data should not happen.

In certain cases, we may receive your personal data from another person - for example, from a user which, decided to include you as an insured person in the insurance when joining the insurance, or which reported to us an insurance event that happened to you. However, if you, as a user, do not provide Sygic as with the necessary personal data, you will not be able to access to insurance and thus obtain the appropriate insurance protection (i.e. the provision of personal data is necessary to access to insurance through us). If you do not provide Sygic with the necessary personal data in connection with the reporting of an insurance event and / or the filing of a complaint after accessing to insurance, we will not be able to manage report the insurance event behalf you and / or file a complaint to the insurance company and arrange its resolution.

Who are recipients of your personal data?

We take the confidentiality of your personal data very seriously and have policies in place to ensure that your data is only shared with authorized personnel of Sygic or a verified third party. Our employees might have access to your personal data on a strictly need-to-know basis typically governed and limited by function, role and department of the particular employee. We also use sub-contractors to support us in providing the Services who might process personal data for us. We ensure that selection of our sub-contractors and any processing of personal data by them is compliant with the GDPR. Categories of recipients of your personal data are:
• Affiliated Sygic companies (eg. Sygic Czech Republic, a.s.);
• Hosting or cloud services providers or related services to support the operation or operation of our applications and Services (e.g., Microsoft, Inc., Google, LLC, Apple, Inc., SWAN, Inc., OVH.CZ Ltd., Amazon Web Services, Inc., Zendesk, Inc., PayPal , Inc., Widgix LLC, Pipedrive Inc., Akamai Technologies GmbH, Stormware, sro);
• Marketing and analytics software service providers (e.g. Google LLC, Facebook Ireland, Ltd., Facebook Inc., Exponea s.r.o., AppsFlyer, Inc., Lucky Orange, LLC);;
• Social media platform operators (Facebook Inc., Facebook Ireland, Ltd., Youtube LLC, Twitter, Inc., Microsoft (LinkedIn), Pinterest, Stack Overflow, Github, Tumblr, Dribble, Behance, Vimeo);
• Business partners, but only if you have ordered through our application a product or service that we provide together with a business partner (eg Union poisťovňa, a.s.)
• Authorized personnel of the above, internal subcontractors as well as employees of the above recipients and suppliers

In the past, we have also collected voluntary marketing consents behalf of third parties (partners) within our applications. The list of these third parties has been removed from this privacy policy, as we terminated the consent-based projects as of December 31, 2020, and the contracts with these partners were terminated.

## What countries do we transfer your personal data to?
By default, we seek not to transfer your personal data outside the EU and/or European Economic Area where not necessary. However, some of our sub-contractors or the above-mentioned recipients of personal data might be based or their servers might be located in the United States of America (U.S.) or in other country regarded as third party not ensuring adequate level of protection. Any transfer of personal data outside the European Economic Area is done by us only under strict compliance with the GDPR. We ensure the third-party recipients concluded EU model Standard Contractual Clauses (SCC) with us or follow equivalent safeguards in place.

How long we store your personal data?

We must not and we do not want to store your personal data for longer than necessary for the given purpose of processing. Due to this legal requirement but also due to technical and financial aspects of data storage we actively delete data where no longer necessary. In general, storage periods of the following purposes are linked to active usage of our apps and the actual data on our product servers at the given time:
• Provision of the Services
• Development, improvement & testing
• Marketing analytics
• Statistics
• Security of personal data

This means (in general) that if you stop using our app, we stop processing your personal data for the above purposes of processing. If you uninstall our app, we delete personal data collected by the app. However, depending on the circumstances we delete some data sooner or later than that, for example:
• Data used for application improvement after 3 months
• Security and system logs are deleted after 1 year
• Back-ups for security purposes are deleted after 3 years

Some of our users might have a life-time license for our apps. In that case, we must store credentials of the license holder for a period equivalent to “life-time” period which is 90 years from license purchase. If you request us to erase your personal data including your license credentials we can do so, but you will loose the life-time license as well (i.e. you will no longer be in the list of license holders). Please note that if you then decide to use our apps again in the future, you might not be able to rely on your license unless you prove to us that you had the license before. We therefore suggest you keep evidence of our communication about the license credentials erasure.

As regards the opportunity to access the insurance of the Union insurance company through our applications, we process the data obtained from the forms only for a period of 5 years from the termination of the insurance.

As regards the purpose of direct marketing communications (newsletter & push notifications), the storage period generally lasts until you revoke your consent (opt-out) or object against direct marketing.

As regards Billing, Tax & Accounting purposes the retention period are governed by local law and depending on the type of information or document in which billing personal data might be included the storage period is 10 years.

It stems from the nature of social media profiles that we do not actively delete the history of our profiles, but you are free do so or request us to do so at any time. We delete old private messages via social media once every 3 years.

In general, storage periods for consumer contests is the duration of the contest.

As regards handling user requests and legal enforcement, we might keep your personal data if we believe it might be necessary for us in court, criminal or administrative proceedings in the future. General limitation period under Slovak law is 3 years.

We process personal data within whistleblowing until the complaint is processed, at least 3 years from its submission according to par. 11 of Act no. 54/2019 Coll.

The storage periods are set out in the company's registration plan represent retention periods in relation to the archival purposes and administration of the registry. By default, these storage periods are 2-10 years from the creation of the registry record, for some HR documents 50 years or 70 years from birth.

What rights do you have?

You have right to object to any processing that is based on legitimate interest including to profiling based on such legitimate interest pursuant to the Article 21 GDPR. We rely on legitimate interest for purposes of Development, improvement & testing, Marketing analytics, Maintaining social media profiles and Legal enforcement.

Nevertheless, you have the right to object effectively at any time to the processing of personal data for direct marketing purposes, including profiling.

You also have a right to object to any direct marketing processing of your personal data including profiling.

If we process your personal data, you have so-called data subject rights under the Article 15 to 22 of the GDPR:
• Right to request access to your personal data according to Article 15 of the GDPR;
• Right to rectification according to Article 16 of the GDPR;
• Right to erasure of personal data according to Article of the 17 GDPR;
• Right to restriction of processing according to Article 18 GDPR;
• Right to be notified in connection with a rectification, erasure or restriction pursuant to Article 19 GDPR
• Right to data portability according to Article 20 GDPR;
• Right to object against the processing including profiling based on legitimate or public interest according to Article 21 of the GDPR;
• Right to object against processing for direct marketing purposes including profiling according to Article 21 of the GDPR;
• Right to not be subject to the automated individual decision making according to the Article 22 of the GDPR.

However, these are not absolute rights and they only exist if the relevant conditions are met. For example, right for erasure does not apply in case when such personal data is required for compliance with legal obligation (Billing, Tax & Accounting) or for the establishment, exercise or defence of legal claims (Legal enforcement). Please contact us at privacy@sygic.com if you have a general query about your data subject rights.

You have a right to lodge a complaint related to personal data to the relevant data protection supervisory authority. Please note that our lead data protection authority is the Office for Protection of Personal Data of the Slovak Republic and the "complaint" must be submitted in accordance with par. 100 of Slovak Act no. 18/2018 Coll, on the protection of personal data (proposal to initiate proceedings).

If you are not sure about whether we process your personal data, you can request our confirmation by reference to the right of access under the Art. 15(1) of the GDPR. If we do process your personal data you can request the following information:
• the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
• the right to lodge a complaint with a supervisory authority;
• where the personal data are not collected from the data subject, any available information as to their source;
• the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Please note, that if you use our apps, most of the above information is already included in this privacy policy. You have also right to request copy of your personal data pursuant to the Art. 15(3) of the GDPR. You have right to request some of your personal data in a structured, commonly used and machine-readable format provided that the conditions for data portability under Art. 20 of the GDPR are met. These conditions might be met where the legal basis for processing is your consent or performance of contract (provision of the Services, newsletters and consumer contest) or arranging the opportunity of ordering the products of our business partners through our applications where you provide the personal data to us.

When we process your personal data based on your consent, you can always revoke your consent at any time. You can always use our general contact details for revoking consent or objecting to processing. In case of email newsletters, you will find opt-out button at the bottom of every direct marketing email.

If you feel that we are processing incorrect personal data about you given the purpose and circumstances and you cannot change such personal data via functionality of the app, account or website, you can request rectification of incorrect or incomplete personal data using the below supplementary statement (all information is voluntary) and/or our general contact details:

Supplementary statement for rectification of personal data
Your name and surname:
Account email:
Type of Sygic service used: Please indicate what application, website or service your request relates to
Nature of your rectification: Please explain whether you would like to request correction of incorrect or completion of incomplete personal data
Context of your rectification request: Please explain us why you believe we are processing incorrect or incomplete data
Rectification: Please express the correction or completion of the particular personal data you are requesting
This supplementary statement for rectification can be send to Sygic at privacy@sygic.com

When enforcing your data subject rights, please be as explicit and detailed as possible. Otherwise, we might respond with request to clarify a generic, vague or too general requests which in turn delays getting the information you request.

Cookies

When processing your personal data, operating our websites or generally providing or supporting our Services we may use cookies and similar technologies. Specifically, we use these technologies for Direct marketing communications (newsletter & push notifications) and Marketing analytics. You have a control about the use of cookies via setting of your internet browser, where you can disable cookies at any time.

## Changes to this privacy policy
We may change this privacy policy from time to time by posting the most current privacy policy and its effective date on our website. In case we change this privacy policy substantially, we may bring such changes to your attention by explicit notice in our apps, on our websites or by email. However, as you can see below, we do not change our privacy terms often, only when absolutely necessary.

Previous versions of the privacy policy:
• Version valid from 18 May 2018 (adjustment due to GDPR application);
• Version valid from 17 July 2020 (adjustment mainly due to the abolishment of the US-EU Privacy Shield + prelink to the list of partners).

Napíšte nám

Formulár sa úspešne odoslal. Ďakujeme.

Je nám to ľúto, ale vyskytol sa neočakávaný problém. Skúste znova.

Táto stránka je zabezpečená s reCAPTCHA a platia pre ňu Zásady ochrany osobných údajov a Zmluvné podmienky spoločnosti Google.