LOTR Privacy Policy

Last Updated on 23rd March 2023

This Locus LOTR App privacy policy (“Privacy Policy” or “Policy”) sets out Mara Labs, Inc. (hereafter, “Company”, “Locus”, “we”, “us”, or “our”) practices in relation to personal data that is collected on, through, or in relation to the Locus On The Road mobile application (“LOTR App”), an application developed and offered by MARA Labs, Inc.

At Locus, we are committed to protecting your personal data and respecting your privacy. This Policy explains how we process and treat your personal data when you download the LOTR App and explains the rights that are available to you.

By downloading the LOTR App, you confirm that you have read and accept the terms of this Policy.

  1. Background And Key Information

    1. About Us:

      The Services are made available and provided by the Locus group. If you have any questions on this Policy, question on how we process or handle your personal data, or otherwise reach out to us with your grievances, feedback, and comments, please reach out to us at privacy@locus.sh or dpo@locus.sh

    2. How this Policy applies:

      We process personal data of users of the LOTR App strictly on behalf of our customers’ instructions. In this Policy, our customers are referred to as “Customers”. We will be considered data processors of our Customers. To understand how your personal data is treated by the Customer on whose behalf we process your data, please review their respective privacy notice.

      References to “you”, “yours”, and “users” across this Policy are to our Customers’ personnel who are users of the LOTR App.

      Notwithstanding our processing of data on behalf of Customers as described above, certain jurisdictions require you to consent to the processing of your data, or otherwise require you to accept these terms of this Policy. In this regard and subject to the data protection laws that apply to you, by using the LOTR App and the services provided on or through the LOTR App, you agree and consent to the collection, use, storage, disclosure, and sharing of your information as described and collected by us in accordance with this Policy. Please contact us if you have questions on our practices in your country or region.

    3. Review and Updates:

      We regularly review and update our Privacy Policy and we request you to regularly review this Policy. It is also important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

  2. Your account

    1. Access and update your information

      Our Services and related documentation give you the ability to access and update certain information about you from within the Service. You can update your profile information and modify content that contains information about you via the LOTR App.

    2. Deactivate your account

      If you no longer wish to use our Services, your administrator may be able to deactivate your Services account. Please be aware that deactivating your account does not delete your information; your information remains visible to other Service users based on your past participation within the Services. For more information on how to delete your information, see clause 7 below.

  3. Data That We Collect

    1. We collect different types of data, some of which are personally identifiable. We do this to operate the LOTR App effectively and to provide users with a smooth and functional experience. We have grouped the data collected as follows:

      1. User Data or Identity Data, such as your name, username, or similar identifier.

      2. Contact Data, such as your email address and telephone numbers.

      3. Location Data, which includes the state and country you reside in, your real-time information as determined through data such as GPS, app settings, and device permissions.

      4. Demographic Data, which includes your zip/pin code, gender, and age.

      5. Technical Data, which includes your device model, IMEI, device make, hardware serial number, operating systems and versions, battery status, Device RAM, location setting, Wi-Fi connection status, data connection status, unique device identifiers, mobile service provider, and mobile service provider signal.

      6. Commercial, Transactional, and Service-related Data, which would include use of services and requests made through the LOTR App such as origin and destination addresses, details of the users that are allocated tasks, location of the user, the user’s habits such as the speed at which they drive and the directions that they take, scanned pictures of electronic proof of delivery, and data relating to the means and modes of payment.

      7. Usage Data, which includes how the LOTR App is being used, for how long it is used, and when it is used.

    2. We also collect, use, and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data under law as it does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.

    3. We do not knowingly collect or process personal data of children.

    4. We do not collect any data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic or biometric data, or any information about criminal convictions and offences.

    5. What happens if I refuse to provide my personal data?

      Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you or the Customer (for example, to provide you or the Customer with goods or services).

  4. How Do We Collect Data

    We use different methods to collect data from and about you including through:

    1. Direct Interactions: We collect data directly from you if and when you provide it to us.

    2. Information through Customers: We may receive information about you from or through our Customers.

    3. Automatic technologies or interactions: As you use, interact with, and navigate the LOTR APP, we will automatically collect Technical Data about your device and usage patterns. We collect this data by using server logs and third party tools, which include tools like Pendo and Firebase.

    4. GPS Location tracking: Your mobile phones and the trucks that you may use for deliveries are equipped with GPS, which has a receiver that helps us track your location based on your distance from the relevant GPS satellite.

    5. Mobile network-based tracking: This involves the use of wireless signals to triangulate your position between cell towers.

    6. Available or public WiFi connections: We can collect anonymised information through WiFi connections, including the name of your internet hotspot, its unique ID, and the location of your device when it was last spotted by the hotspot.

    7. Third parties or publicly available sources:: We integrate with various third-party location providers to obtain data, including but not limited to Google and Skyhook. We also identify and collect data from publicly available sources.

  5. How Do We Use Your Personal Data?

    1. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data where we need to perform the contract we are about to enter into or have entered into with you or a Customer, where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, or where we need to comply with a legal obligation. We use your personal data for the following purposes:

      1. To understand our users (what they do and how they use our services), improve the features of the LOTR App, and process and complete transactions.

      2. To carry out our obligations arising from the relationship between us and our Customers, and/or to provide you with relevant information and services.

      3. To manage our relationship with you which will include notifying you about changes to this Policy, or asking you to leave a review or take a survey.

      4. To administer and protect our business and the LOTR App (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data).

      5. To use data analytics to enhance security and make improvements to the LOTR App, our products and services, customer relationships, and your experiences.

      6. To enforce our legal terms and policies.

      7. apply for job openings; or

      8. To comply with applicable legal requirements, such as government regulations and industry standards, contracts, and law enforcement requests.

    2. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

    3. Please contact us if you have questions on our practices in your country or region.

  6. Disclosures Of Your Personal Data

    1. DISCLOSURES OF YOUR PERSONAL DATA:

      1. Internal third parties, that include Locus subsidiaries and affiliates for the provision of IT and system administration services.

      2. We love hearing from our users, including through public forums such as Locus blogs, social media, and certain features on our network. When you communicate with us through those channels, your communications may be viewable by the public.

      3. With Customers and owners of Locus accounts that you may use. If you use a profile associated with another party, we may share your information with the owner of that profile.

      4. With third parties. Locus may provide information to its vendors, consultants, marketing partners, research firms, and other service providers or business partners. This include:

        • Payment processors and facilitators.
        • Background checks providers.
        • Cloud storage providers.
        • Marketing partners and marketing platform providers.
        • Data analytics providers.
        • Research partners, including those performing surveys or research projects in partnership with Locus or on Locus’s behalf.
        • Vendors that assist Locus to enhance the safety and security of its apps.
        • Consultants, lawyers, accountants, and other professional service providers.
        • Fleet partners.
        • Insurance and financing partners.
        • Vehicle solution vendors or third party vehicle suppliers.
      5. Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the manner set out in this Policy.

    2. With your consent, or otherwise as may be permissible by law, Locus may share your information other than as described in this Policy. We will do this in accordance with applicable law.

    3. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

  7. Manage information that we collect about you

    1. We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to reactivate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for the purposes of improvement and development of our Services, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.

    2. LOTR application provides you with the option to view and edit your personal information like name, phone number, photo, etc.

    3. ​It is your right to request, subject to certain limitations under applicable law and contractual obligations with respect to maintenance and storage of such information, that your personal information be erased from our possession. You may also have other privacy rights under applicable laws. To exercise your rights, you can reach out to dpo@locus.sh.

    4. ​If you ask us to delete your personal information, we will let you know how the deletion affects your use of the site or products and services. There may be exceptions to this right for specific legal reasons which, if applicable, we will set out for you in response to your request.

  8. Cross-Border Transfers of Personal Data

    The personal data that we process may be transferred to countries other than where you are based. For example, we transfer your personal data to the United States and the EEA, where our servers are located. Where applicable law permits such transfer, we rely on consent to transfer such data. If you are based in the EU, we rely on standard data protection clauses that are approved by the European Commission for the transfer of personal data outside the European Economic Area or in accordance with our Customers’ instructions.

  9. Data Security

    1. We have put in place appropriate security measures that include, but are not limited to, testing for OWASP mobile top 10 vulnerabilities, including root/jailbreak detection and SSL pinning in iOS and Android platforms, to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

    2. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  10. Data Retention

    1. Locus requires user profile information in order to provide its services, and retains such information for as long you maintain your LOTR/Locus account.

    2. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, or reporting requirements within the jurisdictions in which it operates. For example, if Locus shuts down a user's account because of unsafe behaviour or security incidents, Locus may retain certain information about that account to prevent that user from opening a new Locus account in the future.

    3. In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for analytics or statistical purposes, in which case we may use this information indefinitely without further notice to you.

  11. Choice and Transparency

    Locus provides means for you to see and control the information that Locus collects, including through:

    1. device permissions
    2. request via employer

    You may also request that Locus provide you with explanation, copies, or correction of your data by reaching out to your employer.

  12. Updates To This Policy

    We may occasionally update this Policy. If we make changes to this Policy, we will notify you of the changes through the LOTR apps or through other means, such as email. To the extent permitted under applicable law, by using our services after such notice, you consent to our updates to this Policy.

    We encourage you to periodically review this policy for the latest information on our privacy practices. We will also make prior versions of our privacy policies available for review.

  13. Roles and Responsibilities

  14. Roles Responsibilities
    Policy Owner
    1. Overall accountability of the Policy
    2. Accountable for Creation, Modification, authorizations, publishing, communication, withdrawal, disposal of the Policy
    3. Accountable for effective enforcement and compliance of the policy across the organization.
    4. Accountable for Adequacy, Effectiveness and Continual improvement of the policy
    Users
    1. Access and use only authorized information systems and Services
    2. Access and use the Locus information systems as per the policies and controls established in Locus.
    Privacy owners
    1. Apply and maintain necessary and adequate controls for protection of the Information Assets in alignment with the Policies and controls mandated by PIMS.
    2. Establish and manage effective access management mechanisms for all information systems and services in alignment with the Policies and procedures.
  15. Exception

    Currently there are no exceptions that are established within Locus for this Policy.

    Any exception to this policy should be authorized by the Locus Management or CISO/DPO or any person specifically designated and authorized by the Management.