Tramm Mobile Privacy Notice

Last Updated

The Tramm Mobile Privacy Notice was last updated on the 24th July, 2023.

Abbreviations & Definitions

Introduction

The purpose of this privacy notice is to detail the particulars of how personal information is processed and collected by the Tramm Mobile application, in line with OPSI System’s Privacy Policy.

The privacy notice describes the personal information collected by the application, the purpose of the information being collected, how it is processed, the parties who may have access to the data and the users rights in relation to their personal information.

This notice ensure that personal data is processed in line with regulatory requirements, industry-wide best practices. The Protection of Personal Information Act (POPI Act or POPIA) and the General Data Protection Regulation (GDPR) are the primary pieces of legislation that governs how OPSI collects and processes personal data.

Scope

• This privacy notice applies to OPSI, the users of its applications – including but not limited to Tramm, Tramm Mobile, FleetVision, TOMS, OPSI Service, PLATO, FLO, Master Router, ZENO, ZENO Mobile and Planforge - its subsidiaries, affiliates and business employees (i.e. employees, directors, senior managers, executives, temporary staff members, agents, consultants, seconded, home-based, casual and agency staff, volunteers and interns), OPSI service providers and OPSI business associates and partners. 
• This notice is intended to assist users in understanding the purpose for information that is collected by Tramm Mobile and its relationship with OPSI’s other applications and third-parties.

Description of Tramm Mobile

Tramm Mobile is an accompanying app to the Tramm transport management system (TMS) used by OPSI clients. Tramm is a system used by OPSI clients to plan the transportation of their goods and/or services to customers. Tramm will generate an optimised plan for the delivery of these goods and services into delivery routes, which can subsequently be tracked within Tramm and FleetVision. FleetVision is a system used by OPSI clients in-house specifically for the purpose of tracking and reporting on the real-time delivery activity of users.

Tramm Mobile’s users receive delivery routes that have been planned in Tramm to execute. Tramm Mobile subsequently collects activities of the user both passively and actively through the user’s direct use of the app’s various features. This is sent back to Tramm and fleetVision for management during and post delivery.

Data Processing

Tramm Mobile collects and processes the following information for the purpose specified:

• Device ID: Used to identify the device on which a user has accepted the terms and conditions when first launching the app; identification of application logs generated by Tramm Mobile. 
• Name: As part of the setup process, the user may enter their name. Used for display purposes within the app.
• Precise and approximate location: Provide a real-world geographic location of the user in order to update the delivery progress within Tramm and FleetVision; to generate ETAs for recipients of deliveries within Tramm; to update Tramm and FleetVision when a user enters a specified location for delivery; to generate alerts within the FleetVision application when the user meets specific criteria related to location, such as but not limited to entering a no-go area defined in FleetVision and exceeding a speed limit set within FleetVision; to provide navigation for the user to the delivery locations using Google Map and the users current location.
• Photographs: Photographs that are manually captured by the user, which may contain personal information.
• Data captured as part of configurable workflow items: Specific tasks that can be set up for a user of Tramm Mobile to perform when executing a delivery route - within the Tramm TMS system, which can be configured to capture the personal information of third-parties or the user by users of the Tramm TMS system. This may include photos, documents and signatures.
• Application logs: Logs containing diagnostic information generated by Tramm Mobile during use and configuration, and crash logs when the app crashes.

The above data is stored on the user’s mobile device by Tramm Mobile. In addition, Tramm Mobile will send specific data to Tramm, OPSI Service and FleetVision for the following purposes:

• Data sent to Tramm will be processed in the following manner:
• Storage of geographic location. This is displayed as a set of latitudinal and longitudinal co-ordinates within certain areas of Tramm; this will also update the vehicle’s current location within Tramm for display of the vehicle’s location.
• Storage of the Device ID. This is presented as a log within Tramm, and is tied to the acceptance of the terms and conditions.
• Storage of photographs. Photographs are stored to be displayed to authenticated users of Tramm when reviewing activity on a delivery route. This is dependent on the workflow implemented by the client.
• Storage of signatures (optional). Signature are stored to be displayed to authenticated users of Tramm when reviewing activity on a delivery route. This is dependent on the workflow implemented by the client.
• Storage of activity on workflow items that have been captured by the user, which includes the task type and information captured on the task. This information is displayed to authenticated users of Tramm when reviewing activity on a route.
• Data sent to OPSI Service will be processed in the following manner:
• Storage of geographic location. OPSI Service will perform analysis of the GPS co-ordinates in relation to other geographic information contained within FleetVision and Tramm – such as no-go areas, or customer sites with a geofence – to determine whether a user has arrived at particular locations.
• Data sent to FleetVision is used for the following purposes:
• Storage of geographic location. FleetVision retains a history of a user’s geographic location with the date/time the location was recorded on a timeline for the delivery route. This is used for displaying a route that has been performed on a map to authenticated users, for matching of user’s locations to delivery locations, for displaying the vehicle’s current location, for recreating a route given the stops that have occurred up to that point using the user’s current location.

Data Retention

Data that is collected by Tramm Mobile is retained on the device until successfully sent, at which point it will be deleted after a period of 30 days.

In FleetVision, information received by Tramm Mobile in relation to the delivery route and individual deliveries is a configurable variable by the client. The retention of GPS information is configurable for each fleetVision instance, but with no upper limit on retention.

In Tramm, all information received from Tramm Mobile may be retained indefinitely, depending on clients’ specific data retention, backup and deletion policies.

Location of Data

Tramm Mobile data is stored locally on the mobile device. Tramm Mobile data sent to OPSI Systems applications and services may be stored in multiple geographic locations and jurisdictions, depending on where the servers that Tramm, fleetVision and OPSI Service have been deployed. The location of data stored by Tramm, fleetVision and OPSI Service is negotiated with OPSI’s clients on a per client basis.

This data may be hosted and managed by OPSI Systems on behalf of our clients, or directly hosted by our clients themselves.

Third-Parties

OPSI Systems sends specific data to third-parties to offer the services in our applications. These third-parties process user’s data. The third-parties OPSI Systems works with directly or indirectly are:

• Client: OPSI System clients have deployed Tramm and Tramm Mobile at minimum, or with fleetVision additionally, for the express purposes described in section 5 and section 6. 
• Here Technologies: OPSI Systems utilises Here Technologies mapping services for the display of maps within Tramm and fleetVision, and utilise Here Maps routing capabilities when reoptimizing delivery routes based on the users current location as provided by Tramm Mobile.
• Navigation apps: Tramm Mobile will call the default navigation application installed on your device and provide your location for the purpose of routing you to a destination from your current position.
• Facebook: If FleetVision has been deployed with its WhatsApp module, which allows clients to communicate directly with their customers via WhatsApp in FleetVision, related information from Tramm Mobile may be stored in such circumstances.
• 360Dialog: 360Dialog is used to access the WhatsApp Business API for the purpose of providing WhatsApp functionality in FleetVision.

Data Minimisation

• The personal information that OPSI collects and processes is limited to that which is specifically required by the app to deliver on its functionality.
• Personal information must only be processed when necessary for the performance of duties and tasks and not for any other purposes.
• Accessing of personal information where there is no authorisation to do so, or where there is no reason to access, may result in disciplinary action and in certain circumstances, may constitute a criminal offence.

OPSI clients may, through configurable options, create workflows for Tramm Mobile users that collect any information. This is done on a per client basis – OPSI Systems is unable to limit what information may be requested as part of these workflows.

Special Personal Information

OPSI, in line with the requirements of POPIA, GDPR and other legal requirements, restricts the collection of special personal information to only that which is absolutely necessary under legal obligations and with explicit consent of the individual through contractual agreements with clients. This is defined in our terms and conditions for use of the app.

Special Information includes the following:

• Religious or philosophical beliefs 
• Race or ethnic origin 
• Trade union membership 
• Political persuasion 
• Health and sex life 
• Criminal records
• Biometric information

By default, Tramm Mobile collects none of the above information. OPSI clients may, through configurable options, create workflows for Tramm Mobile users that collect any information. This is done on a per client basis – OPSI Systems is unable to limit what information may be requested as part of these workflows.

Data of Children

OPSI does not wilfully or knowingly collect or process the data of children, in line with the requirements of POPIA.

Information of children will only be collected in line with the criteria set in Chapter 3, Part C, Section 35 of POPIA, which includes:

• carried out with the prior consent of a competent person;
• necessary for the establishment, exercise or defence of a right or obligation in law;
• necessary to comply with an obligation of international public law;
• for historical, statistical or research purposes to the extent that—
• the purpose serves a public interest and the processing is necessary for the purpose concerned; or
• it appears to be impossible or would involve a disproportionate effort to ask for consent,
• and sufficient guarantees are provided for to ensure that the processing does not adversely affect the individual privacy of the child to a disproportionate extent; or

• of personal information which has deliberately been made public by the child with the consent of a competent person.

Transferal of Data

OPSI Systems adheres to the legal requirements set out by POPIA and GDPR in relation to the transferal of data.

Roles and responsibilities

Assigning roles and responsibilities are necessary to give effect to the requirements of this Notice. These roles are described below.

Information Officer

The OPSI Information Officer (IO) is accountable for ensuring that OPSI and its employees comply with the requirements set out in this notice. 

• The IO is responsible for:
• Overseeing all dispensations, waivers and breaches to this process. 
• Facilitating the review(s) as set out in the policies or standards.
• Ensuring this policy is effectively implemented within their business.
• Communicating with data subjects
• Working with the regulator in relation to investigations, audits and compliance of POPIA
• The IO may delegate their responsibility (but not accountability) for implementation of this policy to an appropriate OPSI executive.

Board of Directors

• The OPSI Board of Directors is ultimately accountable for ensuring that OPSI and its employees comply with the requirements set out in this privacy notice; and
• In addition, the board must ensure that OPSI complies with all applicable laws, regulations and supervisory requirements.

Employees

All employees within OPSI are responsible for complying with this privacy notice.

Lawfulness, Fairness and Transparency

When collecting and processing personal information for any specific purpose, OPSI must always have a lawful basis for doing so. Processing personal information is lawful when at least one of the following circumstances is present: 

• the data subject has given their consent for one or more specific purposes; 
• the processing is necessary for the performance of a contract to which the data subject is a party;
• to comply with OPSI legal obligations; 
• to protect the vital interests of the data subject or another person; or 
• to pursue OPSI’s legitimate interests where those interests are not outweighed by the interests and rights of the person. 

OPSI should document the above lawful reasons relied upon when processing personal information for each specific purpose.

Consent as a lawful basis for processing

Consent may not always be the only basis for being able to process data. This will depend on the specified circumstance or scenario. A person’s consent must be: 

• specific;
• informed (explained in plain and accessible language); 
• unambiguous; 
• separate and unbundled from any other terms and conditions provided to the data subject; 
• uncoerced;
• freely and genuinely given.

Accuracy

• Personal information that OPSI collects and processes must be: 
• accurate and, where required and kept up-to-date where applicable; and 
• corrected and/or deleted, without delay, where an error has been discovered. 
• Where appropriate, any inaccurate or expired records should be deleted or destroyed.

Persons’ Rights

• Chapter 3(5) of POPIA and Chapter 3 of GDPR provides people with a number of rights in relation to their information. These rights include: 
• the right to withdraw consent unconditionally; 
• the right to be informed about how OPSI collects and processes personal information; 
• the right to, on request, receive a copy of the personal information that OPSI holds; 
• the right to have, on request, inaccurate personal data corrected or incomplete information completed; 
• the right to ask OPSI to delete or destroy personal data if the personal data is no longer necessary in relation to the purposes for which it was collected, consent has been withdrawn (where applicable), a person has objected to the processing, the processing was unlawful, the personal information has to be deleted to comply with a legal obligation and/or the personal information was collected from a person under the age of 13 and they have reached the age of 13; 
• the right to restrict processing if there is a reasonable belief that the personal data is inaccurate;
• the right to receive or ask OPSI to transfer personal information to a third party; 
• The right to be notified of a personal data breach; and 
• The right to make a complaint to the Data Protection Authority (GDPR), the Information Regulator of South Africa (POPIA) or another appropriate supervisory authority.

If you wish to exercise any of the above rights or receive more information, please contact our Data Protection Officer (“DPO”) using the details provided below:

• Email: legal@opsi.co.za