GDPR Compliance Statement

GDPR compliance statement for tracer.co.il website and Tracer Technologies Ltd. telematics platform. Information about personal data processing and user rights
Last updated: 03 Jun 2026
Version: 1.2

GDPR Compliance Statement – tracer.co.il

This page explains how Tracer Technologies Ltd. ("Tracer", "we") processes personal data in accordance with the GDPR (EU 2016/679) when you visit or interact with tracer.co.il and the telematics platform.

Roles & Responsibilities

  • Data Controller – Website Leads: Tracer controls contact forms and marketing data collected on the Site.
  • Data Processor – Fleet Services: For telemetry data of business customers, Tracer acts as a processor on behalf of the customer (the controller), subject to a Data Processing Agreement (DPA) under Art. 28, including sub-processing obligations and assistance to the controller in fulfilling data subject rights.

Legal Bases for Processing

Data CategoryLegal Basis (Art. 6)
Contact / Lead FormsLegitimate Interest (Art. 6(1)(f))
Marketing EmailsExplicit Consent (a) – opt-out anytime
Analytics CookiesConsent via Cookie Banner
Legal / Accounting RecordsLegal Obligation (c)

International Data Transfers

Telemetry data is stored and processed on secure cloud servers located in the European Economic Area (EEA), with redundancy and backup within the EEA. No telematics data is transferred outside the EEA. Accounting, billing, and contact data are stored in secure facilities in Israel, a country recognised by the European Union as providing an adequate level of protection (Adequacy Decision 2011/61/EU). Encryption is applied in transit and at rest.

Your GDPR Rights

  • Right of Access (Art. 15)
  • Right to Rectification (Art. 16)
  • Right to Erasure ("Right to be Forgotten") (Art. 17)
  • Right to Restrict Processing (Art. 18)
  • Data Portability (Art. 20)
  • Right to Object / Profiling (Art. 21-22)

To exercise any right, email [email protected]; we will reply within 30 calendar days.

With respect to telematics data, for which Tracer acts as a processor, your rights are exercised in relation to the customer (the controller) to which the vehicle is assigned; Tracer assists the controller in fulfilling them (Art. 28(3)(e)). Tracer's learning systems operate on aggregated and anonymous data only and do not make automated decisions producing legal or similarly significant effects on a person without human involvement (Art. 22).

Security Measures (Art. 32)

TLS 1.2+, AES-256 at rest, role-based access control; the system infrastructure supports two-factor authentication (MFA); daily encrypted backups, and periodic penetration tests, in accordance with Art. 32.

Data Protection Officer (DPO)

We have appointed a Data Protection Officer. For related inquiries, you may write to [email protected].

Personal Data Breach Notification

In our role as processor, we will notify the controller of a security incident without undue delay and in any case within 48 hours, enabling the controller to meet its 72-hour reporting obligation to the supervisory authority (Art. 33-34).

EU Representative

Where Tracer's processing falls within the territorial scope of the GDPR (Art. 3(2)), Tracer will appoint an EU representative as required under Art. 27. In any event, you may contact us directly at the email above and we will handle your inquiry.

Lodging a Complaint

If you are an EEA resident and believe your data is processed in breach of the GDPR, you may lodge a complaint with your local Supervisory Authority or with the Israeli Privacy Protection Authority.


Last updated: 03 Jun 2026 · Version: 1.2