Quality and security

The Arkub Group endeavors to always make our customers happy by keeping our promises and delivering products and services that meet customer expectations. At the same time, we take the requirements other stakeholders make regarding environment, work environment, safety and profitability into consideration.

Integrity Policy

We understand that our customers’ employees value their integrity when using IoT services. Therefore, it is very important to us that our customers and users can trust that the personal data that TelliQ processes is sufficiently and correctly protected and managed in accordance with the new European General Data Protection Regulations (GDPR) and that their integrity rights are upheld.
We will do our best to be transparent with the personal data processing we do on behalf of our customers and to provide tools and information that enable us to comply with GDPR as smoothly as possible.

Personal Data Processing

Built-in Integrity

When developing and updating IoT services and functions, TelliQ constantly strives to only process the personal data and information that is necessary. This means that we do not collect more information than necessary, we remove information when it is no longer needed and that we only use information for the original purpose. We do this by analyzing whether personal data is processed, minimizing this data if possible and ensuring that only authorized people have access to the data.

In TelliQ’s IoT system, personal data is only available to users with the appropriate authorization. For example, drivers can normally only access their own trips. Should these trips be private, other users will not have access to them.

Personal Data Assistant Agreement

TelliQ has the role of personal data assistant for customers (personal data officers) who use IoT services. When you become our customer, we enter into a personal data assistant agreement that allows us to process personal data on our customer’s behalf and ensures that we do so correctly.

Click here to see an example of one of our standard personal data assistant agreements.

Processed personal data and purposes

We process the following personal data for our IoT system users and drivers: name, e-mail, password (encrypted), private positioning and addresses, phone number and IP address. In some cases, we process serial numbers from RFID tags (such as key cards) and license plate numbers of private vehicles (company-owned vehicles are not classified as personal data). The data is used to gain access to and to use the IoT service. In electronic mileage logbooks it is used to meet the Swedish Tax Agency’s requirements regarding drivers per trip. Private trips, and in some cases, vehicles are also processed, but the data is only accessible to the driver or authorized users.

Contact details and unit data are used for proactive and reactive customer relationship management in automatic troubleshooting, taking corrective measures, and for information on system updates and support.

TelliQ AB is the personal data controller for any processing that is needed to send newsletters containing news, product offerings and customer surveys. Name, title, e-mail and phone number are processed.

How personal data is processed

When collecting and setting up new users with logins to the IoT system, an e-mail address is set by one of the company’s administrators or by TelliQ Customer Center. After this, an activation link is sent out and the person in question is requested to specify additional information and set a password. Here, the individual can either consent or object to the processing of their data.

We will not ask drivers who do not have access to the IoT system for their consent, nor will we store such consent. Instead, this must be done by the customer (personal data controller) via the agreement, weighing of interests or consent. For drivers without a login, the connection between the driver and trip is processed in the mileage logbook and in analysis reports.

Authorized TelliQ CRM staff will also use personal data to register tickets, contacts and requested troubleshooting or when deviations have been detected through proactive CRM work. The data is available in a support tool in which TelliQ staff enter and log all changes.

Contact details of agreement signatories, IoT service commissioners and package recipients are also processed in internal and external systems for invoicing, administration and shipping. This data is collected by the sales department and stored in the CRM system.

E-mailings regarding operational information, news, product offerings and customer surveys are managed outside the IoT system by recipient sub-processors. The recipient has previously given processing consent via other sources.

IP addresses are logged when visiting TelliQ AB’s website or IoT system to enable investigations should any hacking attempts be made as well as to analyze web activity. No search will be performed on IP addresses to obtain a link between users and IP addresses.

License plate numbers are used for identification and will be used by sub-processors to supplement the vehicle card with model and fuel consumption data.

Screening procedures

Personal data will be screened from IoT systems in the following manner:

User data (name, e-mail, phone number) is stored while the individual is a customer and will only be removed when the customer relationship is terminated or the customer requests it.
Mileage logbooks (start/stop address, stretch, meter reading, type and purpose) are saved for the duration of the customer relationship and will only be removed upon termination or request.
This also applies to mileage logbooks for cars that have been sold or replaced.
Vehicle positioning is available for three months.
IP addresses from web logins are also removed after three months.
Back up data is stored for a maximum of 4 months and is then removed.

Personal data will be screened from other systems in the following manner:

Contact information (name, title, e-mail and phone number) used for sending news, product offers and customer surveys are removed upon request or in the case that consent is withheld. Contact information of recipients who have not opened a dispatch in 6 months will also be removed.

Removal is started immediately upon request and completed within 180 days.

Revoking consent, making changes, requesting information or deleting personal data

Due to TelliQ being the personal data assistant, and that the service in some cases contains invoicing, tax and accounting information, requests for changes to data or for an extract or deletion of personal data must come from the personal data controller.

In the case that a user revokes or withholds consent for processing in IoT systems, the service will be blocked and the customer’s administrator (personal data controller) will be alerted. The user or administrator must then contact the personal data controller (normally the employer) who will forward the request to the TelliQ Customer Center. The Customer Center will ensure that the person requesting an extract or deletion is authorized to do so. Changes can either be made in the IoT system or by request of the personal data controller.

TelliQ AB is the personal data controller for the processing needed to send newsletters containing news, product offerings and customer surveys. When a registered individual withholds their consent for processing their personal data, their personal data is deleted and no longer included in the processing.

Consent can be revoked via a link in the dispatch or by contacting the TelliQ Customer Center. You can also contact the TelliQ Customer Center to request a change, extract or deletion of personal data.

Protective measures and data security

We actively work with information security and use the latest technology for firewalls, virus protection and monitoring in order to ensure data security. Through systematic improvement work, we constantly develop and update our data security to ensure an adequate level of security. Please read our information security policy. We also have an ongoing project for the roll out of LIS and certification according to ISO27001 to further improve our data security and to identify protective measures.

TelliQ has an Emergency Group for monitoring operations. It is only the members of this group that have direct access to lists of personal data in the production system and in back ups.

TelliQ does not use sub-processors nor process information in any country that does not meet the current transfer terms according to the data protection legislation or that does not correspond to the Personal Data Assistant Agreement. TelliQ has entered into agreements with all partners and sub-processors who process personal data. All data in IoT systems is stored on AWS (Amazon Web Services) servers, which are commissioned to host production systems and are ISO27001 certified.

Commissioned sub-processors

TelliQ uses sub-processors to assist in providing IoT services at a high level of availability and quality. Sub-processors are used for hosting cloud services and order and invoicing services, for sending e-mail dispatches and customer surveys, for e-mail management and documentation storage and for vehicle information retrieval.

All sub-processors meet the requirements specified in the Personal Data Assistant Agreement.

Contact the TelliQ Customer Center to request a current list of sub-processors.

The list was most recently updated on: May 11, 2018.

Managing personal data incidents

A personal data incident is defined as an event that leads to inadvertent destruction, loss, change, divulging or unauthorized access to the personal data processed by TelliQ.

In the case of a personal data incident, the following steps are taken:

  • Investigation of the incident
  • Take suitable measures to reduce the effect of the incident and to prevent that the incident is repeated
  • A report is sent to the Personal Data Controller containing
  • A description of the nature of the personal data incident
  • The categories, and approximate number, of registered individuals who are affected
  • The categories, and approximate number, of personal data entries that are affected
  • Describe the probable consequences of the personal data incident
  • Describe the measures that the Personal Data Assistant has taken to rectify
  • the personal data incident
  • Contact information to the individual who can provide more information and answer questions

It is the liability of the personal data controller to report the personal data incident to the Swedish Data Inspection Authority within 72 hours in the case that the incident causes the rights of the individual to be at risk. In other cases, there is no reporting obligation.

Contact us

You can contact TelliQ AB’s Data Protection Officer for questions regarding the processing of personal data as well as to learn more about our data protection efforts.

Sebastian Widerlöv, sebastian@telliq.com, +46 (0)589-89826

To request changes and extracts and deletion of personal data, contact the TelliQ Customer Center.

kundcenter@telliq.com, +46 (0)589-12360