skills white.png

PRIVACY COMMITMENT AND POLICY

Our Commitment to Global Data Privacy Compliance

 

Last updated: March 16, 2021

  

SKILLS Driving is committed to complying with all applicable privacy laws across the
globe. This commitment is vital to our continued success and reflects our desire to
conduct business in accordance with the highest legal and ethical standards. This
Privacy Policy describes our policies and procedures on the collection, use and
disclosure of your information and tells you about your privacy rights and how the law
protects you.

 

The privacy of our website visitors is very important to us, and we are committed to
safeguarding it. By using our website, you agree to the collection and use of information
in accordance with this Privacy Policy.


SKILLS Driving's Privacy Principles


Purpose for Personal Information Collection
Our Global Data Privacy and Information Security Principles define how SKILLS Driving
collects, uses, discloses and protects personally identifiable information. We will only
collect, use and disclose the information that we need in order to adhere to our service
level agreement with your employer to provide the following services:

  • Driver Safety Training;

  • Motor Vehicle Record (MVR) Reporting services (if applicable); and

  • Driver risk profiles (if applicable).

Obtaining Consent
We will only collect, use, disclose and retain your Personal Information after obtaining
your consent through our website or through your employer, except where otherwise
permitted or required by law. If the purpose for which it was collected changes, we will
obtain additional consent from you prior to using, disclosing and retaining Personal
Information that was previously obtained. You may choose not to provide us with any of
your Personal Information; however, if you make this choice we may not be able to
provide you with the product, service or information intended for you.


Withdrawal of Consent
Subject to reasonable notice, you may withdraw your consent at any time, unless the
Personal Information is necessary for us to fulfill our legal requirements and similar
obligations. If you withdraw your consent, we will inform you of the implications of such
withdrawal. To withdraw consent, simply contact us in writing and advise us of what
Personal Information you no longer wish us to use.

 

Identifying Information
With your consent, we may collect several different categories of information from you.

 

What data do we collect?
The type of information we usually collect and maintain may include your:

  • Employee ID

  • Name

  • E-mail Address

  • Company Group

  • Language Preference

  • Geographical Location

  • Browser Type and Version

  • Website Navigation Paths

  • IP Address

 

If your employer uses our platform to retrieve Motor Vehicle Record (MVR) Checks, we
may also collect and maintain your:

  • Driver's License Number and State

  • Date of Birth

 

Some of our users may purchase training modules by making a credit card payment
through our website. In this situation, we will request payment information from you on
our secure order form. To buy from us, you must provide your name and financial
information, including credit card number and expiration date. We use this information
for billing purposes and for processing your orders and dispose of the information once
the transaction is completed. Our application uses "cookies." A cookie is a piece of data
stored on a site visitor's hard drive to help us improve your access to our site and
identify repeat visitors to our site. Cookies can also enable us to track and target the
interests of our users to enhance the experience on our site. Usage of a cookie is in no
way linked to any personally identifiable information on our site.

 

How do we collect it?
We may collect Personal Information from you through our website or from your
Employer or their agents.


Where do we keep it?
We store all client data on hardware physically separated from the application with no
direct Internet connectivity, and located in a separate, secure environment accessible
only to authorized personnel. Our data centers are geographically redundant and
located across the Greater Toronto Area in Ontario, Canada. Additionally, all PII for
Russian citizens currently in Russia are also processed primarily and retained in a data
center located in the Russian Federation, in compliance with the Russian data
protection law.


Disclosure of Information
We will only use and disclose your Personal Information to fulfill the purposes for which
it was collected and in accordance with this privacy policy. Any exception will be with
your prior consent, or as may be permitted or required by law. In addition, we will keep
your information only for as long as it is needed to fulfill the purposes for which it was
collected, or as required by law, whichever is shorter.

 

To whom is information disclosed or shared?
Your information may be disclosed to, or shared with the following entities:

  • Specially designated employees of your Employer ("Fleet Administrators"), who
    need access in order to fulfill their job functions. To find out who your
    designated Fleet Administrator is, you may send an email
    to info@skillsdriving.com.

  • Our payment processor, if you purchase training modules by making a credit
    card payment through our website.

  • Our MVR data provider, if your employer orders a Motor Vehicle Record for you.

  • Our Channel Partners, if your Employer is a customer of theirs who resell our
    solution and services to your Employer.

 

All third party relationships are required to implement appropriate technical, physical,
and administrative safeguards for Personal Information. SKILLS Driving will never share
your information with any third party for marketing purposes.

 

Who has access to it and how is it used?
SKILLS Driving employees who require specific access to your information in order to
fulfill customer service requests from you or your Employer will have access to your
information. We may share your personal information with Service Providers to monitor
and analyze the use of our Service, or to contact You. For Business transfers: We may
share or transfer Your personal information in connection with, or during negotiations of,
any merger, sale of Company assets, financing, or acquisition of all or a portion of our
business to another company. With Business partners: We may share Your information
with Our business partners to offer You certain products, services or promotions.

 

We may also use your personal information for any of the following:

  • administering our website and business;

  • personalizing our website for you;

  • supplying services purchased through our website;

  • sending statements, invoices, and payment reminders to you, and collecting
    payments from you;

  • sending you non-marketing commercial communications;

  • sending you email notifications that you have specifically requested;

  • sending you an email newsletter, if you have requested it (you can inform us at
    any time if you no longer require the newsletter);

  • sending you marketing communications relating to our business or businesses
    that we think may be of interest to you, by post or, where you have specifically
    agreed to this, by email (you can inform us at any time if you no longer require
    marketing communications);

  • dealing with inquiries and complaints made by or about you relating to our
    website;

  • keeping our website secure and preventing fraud

 

Lawfully Limiting Personal Information
We will limit the collection of your Personal Information to only those details that are
necessary for the purposes identified. Your Personal Information will only be used or
disclosed for the purpose for which it was collected, unless you have otherwise
consented, or when it is required or permitted by law. We will only retain your Personal
Information for the period of time required to fulfill the purposes for which it was
collected.


Accuracy of Information
We will keep Personal Information we collect as accurate, complete and up-to-date as
necessary to fulfill the purposes for which it was collected.

 

Data Protection
We have taken strong measures to ensure the security and confidentiality of your
Personal Information. It is also important that you take all necessary precautions as well
to help keep your Personal Information safe and secure at all times.

 

Cookies
Our website uses cookies. A cookie is a file containing an identifier (a string of letters
and numbers) that is sent by a web server to a web browser and is stored by the
browser. The identifier is then sent back to the server each time the browser requests a
page from the server. Cookies may be either ‘persistent’ cookies or ‘session’ cookies; a
persistent cookie will be stored by a web browser and will remain valid until its set
expiration date, unless deleted by the user before the expiration date; a session cookie,
on the other hand, will expire at the end of the user session, when the web browser is
closed. Cookies do not typically contain any information that personally identifies a user,
but personal information that we store about you may be linked to the information stored
in and obtained from cookies. We may use both session and persistent cookies on our
website. The names of the cookies that we may use on our website and the purposes
for which they are used are set out below:

  • We may use Google Analytics, Google Tag Manager, MailChimp, the LinkedIn
    Insight Tag and Adwords on our website to recognize a computer when a user
    visits the website/to track users as they navigate the website/to improve the
    website’s usability/to analyze the use of the website/to administer the website/to
    personalize the website for users/to target advertisements which may be of
    particular interest to specific users/describe purpose(s):

    • Most browsers allow you to refuse to accept cookies through their
      settings. Blocking all cookies will have a negative impact upon the
      usability of many websites. If you block cookies, you may not be able to
      use all the features on our website.

    • You can delete cookies already stored on your computer. Deleting cookies
      will have a negative impact on the usability of many websites.

 

Data Security
SKILLS Driving takes the following measures to ensure the safeguarding of your
Personal Information within the application itself.


Application Architecture
Our application utilizes separate and distinct Production, Database, Staging and
Development environments. These environments communicate with restricted access
control. Console access to the development server is limited to developers and root
access is limited to system administrators. Login credentials are required to read and/or
modify source code. Physical access to servers is limited only to authorized employees.
Client data is not available for application development unless it has been appropriately
sanitized.


Protocols and Encryptions
Data transmission between the system and the administrative users [and any other
users transmitting Personally Identifiable Information] is done over a secure TLS
connection. Strong cryptography and encryption techniques are used such as 256-bit
(minimum 128-bit) Advanced Encryption Standard. SKILLS Driving utilizes the Secure
FTP data transfer protocol, along with optional PGP for all file transfers.

 

Security Appliances
Security software and devices (firewalls, monitoring & logging, etc.) are used to detect
and prevent unauthorized access. Firewall rules are set to deny traffic with http/https as
the only default open ports. Firewalls are configured in a hardened state, and formal
change control processes are in place for all firewall configuration changes.

 

User Authentication
Access credentials at rest are stored in a database server that is behind a router and is
only accessible from SKILLS application server. The transmission of access credentials
between the system and all users occurs over a secure TLS connection. Strong
cryptography and encryption techniques are used - 256-bit TLS (minimum 128-bit)
Advanced Encryption Standard.

 

Password Policies
Each user will be required to change their initial system generated password at time of
first login. All passwords must contain at least eight characters, and contain numeric,
uppercase and lowercase English alphabetic characters. The password should not
contain the user's account name (case-insensitive). Software that controls password
changes ensures that all passwords conform to security standards. All passwords are
set to expire in 90 days. A system is in place that allows password resets. User
credentials are stored in a database housed offline with no direct connectivity to the
public Internet. Passwords are encrypted when stored at rest in the database and are
never communicated via email, with the exception of system-generated passwords.

 

Employee Departure
SKILLS Driving employees are required to leave behind all information stored on
laptops or other portable devices or media, files, records, work papers, etc. prior to their
departure. Employees are required to surrender all keys, IDs, access codes and badges
which permit access to the premises or to Personal Information. Employee's remote
electronic access is disabled, including his/her voicemail access and email access. All
passwords are disabled immediately.

 

Fault Tolerance and Disaster Recovery
SKILLS Driving takes the following measures to ensure your data is accessible by you
at all times.


Fault Tolerance
Our Data Center Network Infrastructure is both redundant and fault tolerant. All routers,
switches, and firewall devices are redundant with failover. The high performance
network infrastructure provides high availability with multiple connections to all major
Internet backbones.

 

Disaster Recovery
A formal, documented, executive management approved disaster recovery plan is in
place. In the event of a disaster at the primary data center, traffic is re-routed to the
recovery data center where data is being continuously replicated at block level. Our
recovery targets include a 15-minute RPO (Recovery Point Objective) and a 2-hour
RTO (Recovery Time Objective).

 

Data Retention and Disposal
We will only retain your Personal Information for the period of time required to fulfill the
purposes for which it was collected, or as required by law. We may store your data in
magnetic media (hard disks, tapes) in our secure data center locations with appropriate
safeguards. We will erase your data from the magnetic media, prior to disposal via
secure means in a confidential manner.

 

Processing Individual Access Requests
Upon written request, you may access and verify your Personal Information and find out
to whom we have disclosed it. At the time of your request, we will need specific
information from you to verify your identity, before we can provide you with the Personal
Information we hold. In addition, you must provide sufficient information in your request
to allow us to identify the information you are seeking.

 

If you are a registered user, you can review the Driver Training Information that we have
at any time by logging in to your account on the SKILLS Driving website and navigating
to the "My Activities Homepage" page.

 

Updating Personal Information
If your Personal Information changes, or if you no longer wish to use our service, you
may contact your company's designated Fleet Administrators, who can correct, update
or remove any personal data through our Application's Administrative Suite.

 

Communicating Breach Notification
We will notify your employer in any event of privacy breach in accordance with the
severity mentioned in our service level agreement.

 

Third Party Privacy Audits
SKILLS Driving conducts regular third party data security audits of its applications and
infrastructure using leading information security service organizations. To date, no
significant violations have been identified and the architecture has been categorized as
being very secure and resilient against attack.

 

Complaint Response and Resolution
If you have questions or concerns regarding your privacy or Personal Information, we
will take appropriate amending measures to resolve the situation if required, and inform
you about the process.