Privacy Policy – Tracer Website and Telematics Services
Introduction
Tracer Technologies Ltd. (hereinafter: "Tracer", "the Company", "we") respects your privacy and is committed to operating in accordance with the Privacy Protection Law, התשמ״א-1981, the Privacy Protection Regulations (Information Security), התשע״ז-2017, the law amendments that came into effect in August 2025, and, where applicable, European GDPR principles.
This policy applies to tracer.co.il website and telematics services (driver applications, GPS devices, API interfaces, and control panels) and constitutes an integral part of the customer agreement terms.
Database Management: Personal data you provide through tracer.co.il forms is managed in a database registered in the Database Registry (#700072553) and operated in accordance with the Privacy Protection Law, התשמ״א-1981. Telematics data is stored and processed in a dedicated telematics cloud, as detailed below.
1. Key Definitions
| Term | Definition |
|---|---|
| Personal Information | Any information relating to an identified or identifiable person (name, email, phone, assigned vehicle, etc.). |
| Telematics Data | Location data (GPS), speed, driving events, diagnostics (DTC), vehicle identifier (VIN), mileage, sensor data. |
| Raw Data | Original data as received from the device before processing or filtering. |
| Cookies | Small text files stored in the browser for operation, statistics, and marketing. |
2. Types of Information We Collect
| Category | Examples | Collection Source |
|---|---|---|
| Identification Details | Full name, email address, phone number | Website forms, app registration |
| Business Information | Company name, fleet size, role, inquiry nature | Lead forms / agreements |
| Telematics Data | Coordinates, speed, driving events, VIN, mileage | GPS device, driver app |
| Technical Information | IP address, browser type, operating system, Device ID | Cookies, SDK |
| Behavioral Information | Pages viewed, clicks, visit duration, remarketing audiences | Google Analytics, Meta Pixel, TikTok Pixel, Taboola, Outbrain |
There is no legal obligation to provide personal information, but without certain information, some services may not be available.
3. Information Usage Purposes
- Operation and Maintenance – Navigation, fleet management, route documentation, mileage calculations, and billing.
- Safety and Compliance – Driving behavior reports, accident investigation, regulatory compliance.
- Service and Support – Response to inquiries, troubleshooting, user experience improvement.
- Development and Improvement – Analytics, A/B testing, and machine learning, performed on aggregated and anonymous data. Machine-learning systems do not make automated decisions producing legal or similarly significant effects on a person without human involvement.
- Legitimate Marketing – Remarketing, upgrade offers, and complementary products (Opt-out available).
- Legal Compliance – Record management, reporting to authorities, fraud and money laundering prevention.
4. Legal Basis for Processing
- Contract Performance – Service operation for customers.
- Legitimate Interest – Security, service improvement, customer retention.
- Consent – Cookie placement, mobile permissions, marketing communications.
- Legal Obligation – Log retention, data disclosure under court orders.
5. Cookies and Tracking Technologies
The website operates essential, statistical, and marketing cookies. A cookie management banner is displayed on first entry. Essential cookies operate by default for the website's operation; statistics and marketing cookies (including Google Analytics, Meta Pixel, TikTok Pixel, Taboola, and Outbrain) are activated only after your active and informed consent, in accordance with the law and the guidance of the Privacy Protection Authority. You may change or withdraw your consent at any time in your browser settings or in the website's cookie management panel. These third-party tools (Google, Meta, TikTok, Taboola, and Outbrain) also operate subject to their own privacy policies, which we recommend reviewing.
6. Information Sharing
| Recipients | Processing Purpose | Protection Measures |
|---|---|---|
| Employer/Fleet Owner | Reports, billing | Customer obligated to inform drivers and act legally |
| Dedicated and Secure Telematics Cloud | Real-time GPS data storage and processing | Personal data is owned by the customer, who is the database owner; Tracer acts as a processor on its behalf. The infrastructure provider has limited maintenance access only (NDA, ISO 27001) |
| Analytics and Advertising Services | Statistics and marketing | Google Analytics, Meta Pixel, TikTok Pixel, Taboola, Outbrain - Cookie identifiers only |
| Insurance Companies/Partners | Risk assessment, value-added offers | Subject to consent/agreement |
| Authorized Authorities | Court orders, legal investigations | Minimal required information only |
| Third-party / Research & Development Partners | Use and sharing of aggregated and anonymous data only (Aggregated/Anonymous Data) | The data undergoes irreversible anonymisation, with no possibility of identifying an individual or a vehicle; any sharing is subject to a confidentiality agreement. |
| Business Acquirer or Successor | Merger, acquisition, or assignment of the Company's operations | The acquirer or successor will assume the obligations under this policy and the law; notice will be provided to customers as required. |
7. International Data Transfer
Telematics data is stored and processed on secure cloud servers in the European Economic Area (EEA) for processing, redundancy, and encrypted backup; accounting, billing, and CRM information is stored in secure facilities in Israel, a country that holds an EU Adequacy decision. The transfer of data outside Israel is carried out in accordance with the Privacy Protection Regulations (Transfer of Information to Databases Abroad), התשס״א-2001.
8. Information Security
- Encryption in transit (TLS 1.2+) and at rest (AES-256).
- WAF, anti-DDoS, and 24/7 monitoring.
- Role-based access control (RBAC); the system infrastructure supports two-factor authentication (MFA).
- Daily secure backups, DR recovery.
- Periodic penetration testing and vulnerability reporting.
- Telematics data is stored in a dedicated telematics cloud at Tier III in Europe with full encryption; maintenance access is limited to authorized infrastructure staff and Tracer engineers.
9. Data Retention
| Data Type | Customer Availability | Server Storage |
|---|---|---|
| Raw GPS & Events | Up to the last 400 days, during the engagement period | During the engagement period, the last 400 days of data are retained; earlier data is deleted or disconnected from personal identity on an ongoing basis. Upon termination of the engagement or disconnection of the service, the data will be deleted or disconnected from personal identity within 3 months, or earlier at the customer's request. |
| Reports, summaries, invoices | As long as account is active | Deleted upon closure/deletion request |
| System and security logs | - | 12-24 months |
| Leads and website forms | - | Up to 5 years or deletion request |
10. Customer Liability
The customer commits to inform drivers, passengers, and any person in the vehicle about the existence and purpose of tracking. Illegal use will be considered a breach of agreement and the customer will compensate Tracer for any claim or damage.
11. Data Subject Rights
- Right of access and copy receipt.
- Right of correction of incorrect data.
- Right of deletion / processing limitation (subject to law and billing needs).
- Right to object to marketing at any time.
For privacy matters and the exercise of rights, you may contact Tracer's Data Protection Officer at [email protected]; for general support: [email protected] - Response within 14 days.
12. Policy Updates
Tracer may update this policy from time to time to reflect technological, business, legal, or regulatory changes. An updated version will be published on this page with a new update date. In the event of a material change to the scope of data collection or to the purposes of use, a prominent notice will be published on the website, and where required by law, we will request your consent again. We recommend reviewing this policy from time to time.