B2B – means Business to Business. B2C – means Business to Consumer/Customer. Data Controller – means the person or entity which alone or jointly with others determines the purposes and means of the processing of personal data. Data Processor – means the person or entity which processes personal data on behalf of the controller. Data Protection Law – means the Data Protection Act 2018 and the General Data Protection Regulation ((EU) 2016/679) and any successor laws, regulations and secondary legislation, as amended or updated from time to time, in the UK. DVS2025.co.uk – details of the Group can be found at www.dvs2025.co.uk/about. Our Platform – means either the DVS2025 platform accessible from our website. Sensitive Information – this is also known as Special Category Data and includes information revealing, or about a person’s racial or ethnic origin, political opinions or trade union membership, religious or philosophical beliefs, health, sex life or sexual orientation, or genetic data and biometric data for the purpose of uniquely identifying a natural person. Information about criminal convictions is often included in this definition.

Data Processor and Data Controllers

In respect to our B2B customers, we are a data processor. The companies who have contracted with us to provide the goods and services will be the data controller. Where our services are provided through a reseller, the companies who have contracted with the reseller for us to provide the goods and services will be the data controller. We will not usually engage directly with the driver of the vehicle; information is provided to us (usually through Our Platform) by the Insurer, telematics service providers lease company, the reseller, or the Fleet Manager. In respect of our B2C customers, we will be the Data Controller for the information we collect at the time of purchase. Once you have purchased a device from us you are responsible for how you use, store, and publish the recordings taken on the device; we are not a data processor for our B2C customers. Where a third-party data controller is involved in the provision of goods and services to you, we recommend that you also review their privacy policy as this will tell you how they will process your information. Depending upon the types of services you have decided to receive from us (or your company/insurer has elected to provide to you), other companies may also be considered a data controller in respect of those ancillary services. More information about third parties can be found in your data controller’s privacy policy or the ‘Who do we share the information we collect about you with?’ section below. We are registered with the ICO, registration number [00019837585]

Data Protection Officer

We have appointed a Data Protection Officer to oversee our handling of personal information. Our Data Protection Officer can be reached at dataprotection@dvs2025.co.uk. Please click on the relevant section below for detailed information regarding how we process your information.

Who do we collect information about?

B2C – Previous, current and prospective customers. B2B – Previous, current and prospective customers, Drivers who are authorised to drive the vehicle equipped with the telematics/CCTV device, Fleet Managers, Business Partners (Insurers, and other telematics companies), Resellers & Users of our Platform.

When do we collect information about you?

B2C – When you register to use our website and/or our Platform, subscribe to our services, search for a product, place an order on our website for our products or services, participate in discussion boards or other social media functions on our website, leave any query or correspondence on our website or enter a competition when you contact us to make a complaint, a promotion or survey or when you report a problem with our website, our Platform or any other activity undertaken by DVS2025. B2B – At the time a product is connected to the Platform (for example driver details will be added to the customer’s account on our platform by the data controller) when a new driver is allocated to a vehicle and is added to the Platform, when the vehicle ignition is on although some devices also capture information for a period of time after the ignition is switched off, when our business partners or customers contact us (by phone, email, through our website or otherwise) to update their driver’s details, when a business partner contacts us to make a complaint, a promotion, or survey, or when you report a problem with our website, platform or any other activity undertaken by DVS2025.

What information do we collect about you?

The personal information that we collect will depend on your relationship with us. We will collect different information depending upon whether this is a B2C or B2Brelationship. In a B2B contract, the type of information will also depend upon the type of service selected and the type of devices installed in the vehicles. The data controller is responsible for ensuring they have a valid legal ground for the processing that they ask us to carry out on their behalf.

Personal Information:

B2C – General Information such as name, email, phone number. Fleet Manager / Business Partner Contacts / Insurers – General Information such as name, business address, business email, phone number, Vehicle Registration Number (for fleet vehicles). Insurer policyholders – (Insurance customers only) the level of information collected is determined by the data controller or the customer and the type of device installed but can include: General Information such as policy number, policyholder name, policyholder address, policyholder email, policyholder phone number, policyholder’s Vehicle Registration Number, Vehicle tracking information (GPS) recording the location of the vehicle (live tracking and recording time and date), speed, incidents or accidents and mileage, date of birth, driving history and driving behaviour, policy details, photograph, video footage or CCTV audio recording (not all devices and is disabled by default unless the customer completes and submits the DVS2025 Audio Recording Disclaimer). B2B Drivers of Vehicles – the level of information collected is determined by the data controller and the type of device installed but can include: General Information such as name, residential address (on the basis the vehicle is stored at the drivers home address), business email, phone number, place of work, Vehicle Registration Number, vehicle tracking information (GPS) recording the location of the vehicle (live tracking and recording time and date), speed, incidents or accidents and mileage, date of birth, driving licence details, driving history and driving behaviour and could include on the basis the customer has deployed AD Kit (ADAS & DSM) incidents of driver distraction and fatigue, external photograph, video footage or CCTV in-vehicle photograph, video footage or CCTV Audio recording (not all devices). Both – We may collect information when you use our website and/or Platform including data that allows us to monitor your preferences and how you use our website/Platform. This helps us to organise our website/Platform content to improve your experience. The information we collect includes: details of transactions you carry out through our website/Platform, information that you provide by filling in forms on our website/Platform even if those forms are not submitted, technical information, including the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type, and version, time zone setting, browser plug-in types and versions, operating system and our Platform, information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. We may use cookies to collect information about how our website is used. Please see our Cookies Policy for more information about our use of cookies.

Special Category (sensitive) Personal Information and Criminal Personal Information:

B2C – We do not actively request details about sensitive personal information including criminal personal information. However, it may be recorded if it is provided by you as part of your engagement with us whether through phone, email, letter, or via a website, social media, or online chat. B2B – Information relating to your criminal history (including offences and alleged offences and any caution, court sentence or criminal conviction) but only motoring convictions other than as noted above, we do not actively request details about sensitive personal information. However, it may be recorded if it is provided by you (or a third party) as part of the service provision whether through phone, email, letter, or via a website, social media, or online chat.

How do we collect your information?

B2C – Directly from you or from someone else on your behalf by website, Platform, phone, email, SMS, online chat, paper documents. B2B – Fleet Managers / Insurers / Business Partner Contacts Directly from you or from someone else on your behalf by website, Platform, phone, email, SMS, online chat, paper documents. Drivers of Vehicles – from your Insurer, Fleet Manager, reseller or one of our business partners, from the device installed in the vehicle, from government agencies such as DVLA.

What are the purposes for which information about you is used?

We may process your information for a few different purposes. For each purpose, we must have a legal ground for such processing. When the information that we process is classed as a special category or sensitive personal information, we must have an additional legal ground for such processing. Whether you provide us with the information, or we collect information from You, or we are provided with information from other sources, we may use this information:

B2C

a) To complete the purchase of the device. Legal grounds: To carry out our obligations arising from the contract entered through which we provide our products or services to you. b) Communicating with you and resolving any complaints that you might have. Legal grounds: Our having an appropriate business need to use your information to manage and respond to complaints which does not overly prejudice you. c) Complying with our legal or regulatory obligations. Legal grounds: The use is necessary for us to comply with our legal obligations. d) Recover outstanding payments. Legal grounds: Our having an appropriate business need to use your information to recover debts which does not overly prejudice you. e) To improve our customer service. Legal grounds: Our having an appropriate business need to use your information in the improvement of our customer service which does not overly prejudice you. f) To measure the effectiveness of our advertising. Legal grounds: Our having an appropriate business need to use your information to ensure our advertising is effective which does not overly prejudice you. g) To provide data analysis to assist us with the pricing of our products and detect market trends. Legal grounds: Our having an appropriate business need to use your information which does not overly prejudice you. h) To personalise your repeat visits to our website/Platform and to improve our website/Platform, including as part of our efforts to keep our website/Platform safe and secure. Legal grounds: Our having an appropriate business need to use your information which does not overly prejudice you. i) To notify you about changes to our services or products. Legal grounds: Our having an appropriate business need to use your information to keep our customers up to date with changes to our products or services which does not overly prejudice you. j) To administer our websites/Platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. Legal grounds: Our having an appropriate business need to use your information to maintain our websites which does not overly prejudice you. k) To allow you to participate in interactive features of our services/ website/Platform. Legal grounds: Our having an appropriate business need to use your information to offer an interactive website for customers which does not overly prejudice you. l) To transfer within the DVS2025 Group or to third parties for the purpose of conducting internet analytics. Legal grounds: Our having an appropriate business need to use your information to maintain our websites and undertake website analytics which does not overly prejudice you. m) Providing improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers); technology may include voice analytics. Legal grounds: We have a legitimate business need to provide secure and quality services.

B2B

a) To implement the service. Legal grounds: Our having an appropriate business need to use your information to provide the contracted services. b) To provide and manage your contracted services. Additional legal ground for sensitive personal information: If collected, because the data controller has an appropriate legal ground for processing sensitive personal information. c) Communicating with you and resolving any complaints that you might have. Legal grounds: Our having an appropriate business need to use your information to manage and respond to complaints which does not overly prejudice you. d) To transfer to our business partners for the purpose of providing them with the services required under the contract. Legal grounds: Our providing the contracted services. Additional legal ground for sensitive personal information: If collected, because the data controller has an appropriate legal ground for processing sensitive personal information. e) Complying with our legal or regulatory obligations. Legal grounds: The use is necessary for us to comply with our legal obligations. f) To improve our customer service. Legal grounds: Our having an appropriate business need to use your information in the improvement of our customer service which does not overly prejudice you. g) To measure the effectiveness of our advertising. Legal grounds: Our having an appropriate business need to use your information to ensure our advertising is effective which does not overly prejudice you. h) To provide data analysis in order to assist us with the pricing of our products and detect market trends. Legal grounds: Our having an appropriate business need to use your information which does not overly prejudice you. i) To personalise your repeat visits to our website/Platform and to improve our website/Platform, including as part of our efforts to keep our website/Platform safe and secure. Legal grounds: Our having an appropriate business need to use your information which does not overly prejudice you. j) To notify you about changes to our services or products. Legal grounds: Our having an appropriate business need to use your information to keep our customers up to date with changes to our products or services which does not overly prejudice you. k) To administer our websites/Platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. Legal grounds: Our having an appropriate business need to use your information to maintain our websites/Platform which does not overly prejudice you. l) To allow you to participate in interactive features of our services/website/Platform. Legal grounds: Our having an appropriate business need to use your information to offer an interactive website/Platform for customers which does not overly prejudice you. m) To transfer within the DVS2025 Group or to third parties for the purpose of conducting internet analytics. Legal grounds: Our having an appropriate business need to use your information to maintain our websites/Platform and undertake website analytics which does not overly prejudice you. n) Providing improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers); technology may include voice analytics. Legal grounds: We have a legitimate business need to provide secure and quality services.

Who do we share the information we collect about you with?

Sharing within our DVS2025 Group (B2C and B2B)

We may share your information within the DVS2025 Group for the following reasons:

•  To administer our websites/Platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
• To improve our website/Platform, including as part of our efforts to keep our website safe and secure.
• To allow invoicing and to recover any outstanding payments.
• For legal, data protection, financial reporting and regulatory purposes.

Sharing with third parties (B2C)

We do not share your information with third parties. At the time of purchase, you will provide a third party with your payment card details and or your PayPal account details but we do receive these.

Sharing with third parties (B2B)

We may also share your information with selected third parties, in order to offer services to you or to perform any necessary functions on our behalf. This may include:

• Our business partners or Reseller Partners, such as your insurer, your employer (or their contracted fleet management company) or a third-party telematics company to whom we provide devices and/or monitoring and reporting services. Access can be via our Platform or in some cases API.

Other third parties our business partner has asked us to engage with: • Finance Providers • Credit reference agencies • Debt Collectors • Survey companies • Data analytics advisors • Query search engine operators • Product Installation contractors • Mapping companies • Product distribution companies • Resellers Disclosure of your personal information to a third party outside of the DVS2025 Group will only be made where the third party has agreed to keep your information strictly confidential and shall only be used for the specific purpose for which we provide it to them.

We may also share your information with:

• Search engine operators who can assist us in the improvement of our website/platform. • Prospective buyers, if we sell any business or assets. • Regulators and other authorised bodies, whenever we are required to do so by law. • We believe that such disclosure is necessary to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest.

What is our approach to sending information overseas?

We do not send your data outside of the UK or the EEA.

How long do we keep personal information for?

We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and to comply with our contractual, legal and regulatory obligations. We have implemented a Document Retention Policy which specifies how long various types of information should be retained. The Policy is reviewed on a regular basis to ensure that it aligns to current legal and regulatory requirements. The retention periods vary depending upon the circumstances of an individual matter but in general our retention periods for customer facing documentation can be set out as follows: • Purchase Information (B2C) – 3 years • Service records (B2B) – 7 years from the end of the service contract • Complaints – 3 years from the complaint being resolved If you would like further information regarding the periods for which your personal information will be stored, please see the contact details outlined in the “How to Contact Us” section below.

Automated decision making

We do not use automated decision making.

What marketing activities do we carry out?

Where our legitimate interest means it is reasonable or justifiable for us to do so (known as legitimate interest) we may contact you about products or services we feel may be of interest to you. When we engage with you (by phone, email or website), we will give you the opportunity to choose the method of communication (e.g. mail, telephone or SMS) or to not to receive such communications in future. Should you wish to change your marketing preferences you can contact us at dataprotection@DVS2025.co.uk.

Your rights

Under data protection law you have certain rights in relation to the personal information that we hold about you. You may exercise these rights at any time by contacting us using the details set out in the “How to Contact Us “section of this Privacy Policy.

Please note:

B2C – In some cases, we may not be able to comply with your request (e.g., we might not be able to delete your data) for reasons such as our own obligations to comply with contractual, legal or regulatory requirements. However, we will always respond to any request you make and if we can’t comply with your request, we will tell you why. B2B – As a data processor we manage the data we hold on behalf of your data controller and act only in accordance with their instructions. Accordingly, you should raise your request with your data controller.

The right to access your personal information

You have the right to access a copy of the personal information we hold about you and certain details of how we use it. There will not usually be a charge for dealing with these requests.

The right to rectification

We take reasonable steps to ensure that the personal information we hold about you is accurate and up to date. However, if you do not believe this is the case, you can ask us to update or amend it.

The right to erasure

In certain circumstances, you may ask us to erase your personal information.

The right to restriction of processing

In certain circumstances, you are entitled to ask us to stop using your personal information.

The right to object to marketing

You can ask us to stop sending you marketing messages at any time.

The right not to be subject to automated decision-making (including profiling)

We do not use automated decision-making.

The right to withdraw consent

For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information.

The right to lodge a complaint with the ICO

You have a right to complain to the Information Commissioner’s Office (ICO) if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations. More information can be found on the ICO’s website at: www.ico.org.uk/concerns. Making a complaint will not affect any other legal rights or remedies that you have.

How we protect your information

We want you to have confidence in how we use and hold your data. We know that to achieve this we must preserve the security and confidentiality of your personal information. We have therefore developed a range of organisational, procedural, and technical security measures designed to protect your personal information from unauthorized use or disclosure. Examples of some of these measures include: • User and privileged account management including appropriate policies for password complexity, length and history. • Auditing of system users and administrators. • Regular backup schedules and disaster recovery environment for key systems and services. • Secure file transfer methods are used to encrypt data. • Usage of data loss prevention tools within the Group. • Data breach detection: Security tools in place to detect unusual or abnormal activity. • Data breach investigation: Audit and logging tools used to investigate any potential or reported breaches. • Data breach response: A plan that pulls together our compliance, data protection, legal and IT security teams to ensure rapid assessment and mitigation of data breaches.

Changes to our Privacy Policy

We keep our Privacy Policy under review, and it is updated periodically. For example, those changes may be due to government regulation, new technologies, or other developments in data protection laws or privacy generally. You should check our website periodically to view the most up- to-date Privacy Policy. This Privacy Policy was last updated on 28th April 2024

How to Contact Us

Please contact us if you have any questions about our Privacy Policy or to exercise any of your rights: Data Protection Officer, 2 Burnham Road, Chelmsford, Essex, CM1 6LZ. Or by email to dataprotection@dvs2025.co.uk. Where you have made the request by electronic means, the information will be provided to you by electronic means where possible.

Contractual conflicts with this Privacy Policy

Our website may contain links to other websites. This Privacy Policy only applies to our own website so when you link to other websites you should read their own privacy policies. If this policy conflicts with any written contract that we have with you then the written contract shall take precedence.

Complaints

If you have a complaint about how we use your information, then please contact us at: Data Protection Officer, 2 Burnham Road, Chelmsford, Essex, CM1 6LZ. If you have a complaint about the way in which your data has been processed, you can contact the ICO at: www.ico.org.uk/concerns.