Privacy Notice

Last updated March 15, 2024

1. Vinli Incorporated is a Data Processor

Vinli Inc. provides vehicle and driver performance data analysis services. We are committed to managing such data in a manner that is consistent with all data protection regulation that applies to us and this statement details our approach. We will manage your data in accordance with this privacy notice.

  • We are a Processor of personal data; Vinli is a processor of personal data that is obtained as subject matter of the Service that we deliver. If you would like more information on the processing of this data, or to exercise your rights, please contact the Controller.
  • We are also a Controller of personal data; we are a Controller of personal data obtained for the purpose of the administration of our business and the management of customer relationships. If you would like to contact Vinli's data protection representative or the Vinli EU Data Protection Officer's office (registered in Ireland) regarding this notice or to exercise your rights in relation to personal data that we Control, please email us at customerservice@vin.li or contact us by mail at 1905 McMillan Ave., Dallas, Texas 75206, United States of America.

If you are under 18 please read this statement with the assistance of a parent or guardian

2. Key Definitions

  • “Our” or “we” or “Vinli” refers to Vinli, Inc. or its wholly owned subsidiary Vinli Limited.
  • “You”, “Your” or “Subject” refers to the individual person whose personal data is the subject of the data.
  • “Personal Data” is information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as; a name, an identification number, location data, an online identifier, or one of more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.
  • “Services” or “Vinli Services” refers to the vehicle telemetry and driving behavior data analysis service provided by us to our customers.
  • A “Data Subject” is an identified or identifiable natural person
  • A “Controller” is the natural or legal person or body which alone or jointly determines the purpose and means of the processing of personal data.
  • A “Processor” is an organization or person that processes data on behalf of a Controller

3. Purpose and Lawful Basis

Where Vinli processes your personal data as either a Processor or as a Controller, as described in Section 1, we are obliged to inform you of the purposes for which we use your data and the legal basis for processing.

The purposes for our processing of your personal data may overlap and some purposes for processing may have multiple legal bases. The following chart lists examples of the categories of data that we may process as either a Controller or a Processor, but is not intended to be exhaustive and is subject to change:

4. Where we are Processor of your personal data

You should contact the Controller of your personal data in relation to the use of your data or to exercise your rights as a Data Subject as Vinli may not act on behalf of these requests without the express permission of the Controller.

5. Where we are Controller of your personal data

5.1. Where you have provided consent

Where we are processing data based on your consent you may withdraw that consent at any time.

5.2. Who we share Personal Data with

We take all reasonable measures to protect your personal information while it is in our possession, however, it may be transferred to others where there is a legitimate and lawful reason. This section lists the categories and types of organisations that we may transfer personal data to:

5.2.1. Third party partners

Application developers, providers of analytical tools, development or authentication tool providers

5.2.2. Business support and regulatory organizations

Operational systems, payroll providers, banks, advisors, auditors, regulators

5.3. Information relating to children and vulnerable persons

The processing of personal data relating to children receives special attention under Data Protection Regulation and we shall treat this information with particular care. The age of digital consent is 16 in the EU and some states have elected to reduce this to 13. Information obtained about children shall comply with the requirement for parental consent and shall receive additional consideration while planning an operational process.

5.4. Special (Sensitive) Data

We recognize special categories of data, specifically personal data revealing racial or ethnic origin, political opinion, religious of philosophical beliefs, trades union membership, genetic or biometric data, or a subject’s health or sexual life. The processing of these categories of information shall typically require consent. We may also process Special data where there is a legal/regulatory obligation, there is a legitimate interest or where it is in the public interest.

Health data may be processed for the processing of an insurance or mortgage product. Such processing will not normally require your consent.

You have the right to decline to provide us with your Special Data. However, in certain instances, if you refuse to provide us with your Special Data, we may not be able to provide our services to you.

5.5. Confidentiality & Security

Vinli have implemented generally accepted standards of technology and operational security to protect personal data from alteration, unauthorized disclosure, or destruction, and from use for unauthorized purposes. Furthermore, we have taken measures to ensure that contracts with all third parties that provide technical and processing services include terms that specify appropriate technical and organizational security measures to prevent accidental, unauthorized, or unlawful disclosure or processing of personal data.

5.6. Your Rights

Data Subjects have the right to:

  1. Be informed if we have personal data relating to a Data Subject, the categories of data and the purpose of processing
  2. Where data was not provided by you, we will identify the source of that data together with data categories
  3. Be informed if a failure to provide the personal data will have any direct and material personal consequences
  4. Access your personal data. Where the format is not reasonably understood, this shall be delivered in an intelligible format
  5. Have inaccurate, incomplete, or out-of-date personal data that we hold about you corrected, or deleted
  6. Withdraw consent for your personal data to be processed - where that data was obtained from you on the basis of consent
  7. Make a submission on any automated decisions making processes or profiling of you.
  8. Transfer your data to another Controller
  9. Have your personal data excluded from certain categories of processing
  10. Limit our use of Special Data
  11. Lodge a complaint - You may make a complaint in the EU to the Irish Data Protection Commissioners office at http://dataprotection.ie, the UK Information Commissioner's Office at https://ico.org.uk/make-a-complaint/, or the Swiss Data Protection and Information Commissioner at https://www.edoeb.admin.ch/edoeb/de/home.html

Please note:

  • There are some limitations to these rights.
  • You can contact us to exercise these rights by e-mail at customerservice@vin.li. We will ask for additional information to verify your identity prior to acting upon such requests.

5.7. Reporting of Data Breaches

Where a data breach occurs that poses a high risk to you, we will also inform you. All breaches will be managed in compliance with the state law that applies to us.

6. Cookies

We use Cookies on our website. Cookies are small text files which are placed on your hard drives to provide a more intuitive website experience. You can opt out of the use of certain categories of cookies on the cookie notice tool that is always visible while you use the Vinli website. This may reduce some of the functionality of the site. Most browsers permit users to opt-out of receiving them if the user would prefer. Cookies can also be deleted by you from your browser at any time.

Please note that the Vinli Services may contain links to other internet sites that are not operated or controlled by Vinli. We cannot control and are not responsible for the privacy practices or the content of such websites.

7. International Transfer - For Personal Data Processed in the EU, UK or Switzerland

7.1. All data provided to Vinli may be transferred to, stored or processed in the United States.

7.2. Where we are a Processor of your data (the Vinli Services)

You need to refer to the Controller of your personal data for advice on the international transfer of personal data. In general, personal data that is internationally transferred to us from a Controller is subject to EU Standard Contractual Clauses SCCs.

7.3. Where we are a Controller of your data (customer agreements, web traffic, marketing)

Where your data is transferred outside of the EEA (European Economic Area) or outside of your jurisdiction by us, we shall rely upon a formal Adequacy ruling relating to the receiving country, an agreement with the Data Subject, or EU Standard Contractual Clauses SCCs as a legal basis for transfer. Data transferred internationally within the Vinli organization is transferred subject to SCCs.

You can find a copy of the EU SCCs at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

7.4. Where we rely on the Data Privacy Framework Program

Vinli complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Vinli has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles ("EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Vinli has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

7.4.1. Data Categories, Purposes, and Sharing

This Statement applies to personal data that we receive in reliance on the DPF. This may include data we receive on behalf of our customers in connection with their use of our products and services, as well as other categories of information disclosed in our Privacy Policy, available https://www.vin.li/privacy (“Privacy Policy”). We may process personal data to perform our services or for the other purposes described in our Privacy Policy. To provide our services, we may share this personal data with the customer who originally provided the data and with other third parties consistent with the instructions of our customers. We may also share personal data with the other categories of third parties described in our Privacy Policy, for the purposes described therein.

In the event of an onward transfer of personal data, Vinli may be liable if these third parties process data inconsistent with our obligations under the DPF, and we are responsible for the event giving rise to the damage.

Please note that we may also be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

7.4.2. Your Rights

You have the right to access, correct, and/or delete your personal data in accordance with the DPF, our Privacy Policy, and applicable law. You may submit a request to exercise your rights using the contact information provided below.

7.4.3. Inquiries or Complaints

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Vinli commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Data Privacy Frameworks. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. DPF should first contact Vinli at customerservice@vin.li.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Vinli commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. DPF to BBB National Programs, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit www.bbbprograms.org/dpf-complaints for more information or to file a complaint. The Data Privacy Framework Services of BBB National Programs are provided at no cost to you.

If your complaint involves human resources data transferred to the United States from the European Union, the United Kingdom, or Switzerland in the context of an employment relationship with Vinli, please review the Inquiries or Complaints section of our employee Privacy Notice. Complaints related to human resources data should not be addressed to the BBB National Programs.

If your DPF complaint cannot be resolved through the above channels, in certain circumstances, the DPF provides the right to invoke binding arbitration to resolve complaints not resolved by other means. Please see this DPF webpage for more information: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.

Additionally, the Federal Trade Commission has jurisdiction over Vinli’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

7.5. Service Providers and Sub-Processors

In the event that a service provider to Vinli is international in nature, or sub processes with entities that are not within the EU, we will take steps to ensure that any further processing that may expose such data to international transfer is subject to the protections provided by the EU or UK GDPR.

8. California Shine the Light Law

California Civil Code Section 1798.83 permits you to request and obtain from us once a year, free of charge, a list of the third parties to whom we disclosed your personal information as defined under that statute, for direct marketing purposes in the preceding calendar year and the categories of that kind of personal information that was disclosed to them. If you are a California resident and you wish to make such a request you may by contacting us. Our contact details are provided at the top of his document.

9. Commitment to Children’s Privacy

9.1. Vinli Does Not Seek To Collect Data From Children

Vinli takes children’s privacy seriously and we do not seek to collect individually identifiable information about children. We aim to never store the personal data of children under 13, and acknowledge that the digital age of consent in the EU is 16, with some states legislating for 13. If Vinli learns that a child under the age of 13 has submitted personally identifiable information through the websites, products or the Developer Portal, or personal data of children has been obtained without proper consent and in contravention of these measures, Vinli will take all reasonable measures to delete such information from its databases and to not use such information for any purpose.

9.2. California Minors

If you are a California resident who is under 18 and a user of our websites, products or Developer Portal, this section applies to you. We may provide users the functionality of posting information through our websites, products or Developer Portal. If and to the extent CA Bus. & Prof. § 22581 applies, you may request and obtain removal of content or information posted by you (as an account holder) subject to the exceptions provided in this “California Minors” section. If you can accomplish removal on your own by following the instructions within the websites, products or Developer Portal, then follow those instructions. If that does not work, contact us by using the contact information provided at the top of this document specifying the information or content and each place where it is located in enough detail so that we reasonably can find it and meet your request in the ordinary course of our business. CA Bus. & Prof. § 22581 provides exceptions to your ability to request and obtain removal of content or information posted by you within the websites, products or Developer Portal. Those exceptions in CA Bus. & Prof. § 22581 are: (1) federal or state laws requiring us or a third party to maintain the content or information; (2) the content or information is not covered by the law (e.g., someone other than you posted it or your posting is stored, republished, or reposted by a third party); (3) we turned your content or information into anonymized data (such as, aggregated data or the like) and thereby disabling the ability to identify your content and information among other users’ content or information; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the content or information. If any one of the above exceptions applies, we are not required to remove your content or information from the Aps. REMOVAL OF YOUR POSTED CONTENT OR INFORMATION FROM THE WEBSITES AND DEVELOPER PORTAL DO NOT ENSURE COMPLETE OR COMPREHENSIVE REMOVAL OF THAT CONTENT OR INFORMATION. The law does not require us to actually eliminate the information posted by you; the law is satisfied if we keep it but render it invisible to other users and the public. Also, some information will already be beyond our control (e.g., a user or other third party might have already copied it). Law enforcement may obtain the content or information pursuant to certain court orders.

10. Data Retention

We retain personal data that you submit to us only for as long as is necessary and for the purposes for which it was obtained, or as required by law. We have detailed retention periods for which personal data shall be retained for particular purposes below, but note that where we act as a Data Processor, data retention periods are controlled by the Controller. Vinli reserves the right to delete personal data prior to the conclusion of the retention period or where such retention is not absolutely necessary.

11. Updates

This notice may be updated to comply with precedent that has been established or to provide further clarification. The most up to date version will be published online, or you can request a copy from us at any time. We advise you to use a current version of this document when considering your rights.

Last updated: March 15, 2024