Command Alkon Incorporated Product Privacy Documentation
Additional Languages:
Command Alkon products and platforms are sold all over the world and Command Alkon respects and complies with applicable privacy laws in the various jurisdictions in which its products and platforms are sold. All Command Alkon product platforms (whether on-premises, SaaS, or PaaS) should be used by customers only in compliance with applicable privacy laws. Because Command Alkon products are sold around the world, this means the local customer administrator(s) and/or user(s) should be familiar with their local privacy laws and comply with those requirements. While Command Alkon cannot give legal advice, Command Alkon is ready and willing to assist with this process to the extent we can. Any questions may be forwarded to privacy@commandalkon.com.
As part of their ordinary use, Command Alkon products provide data fields to be populated via a number of different avenues that may include manual entry, bulk upload, integration with other systems, etc. Some of these data fields involve Personal Data, defined as any data that can be used, alone or in conjunction with other data points, to identify a specific individual. Examples include, but are not limited to, names, e-mail addresses, telephone numbers, ID numbers, job titles, hire dates, usernames and passwords, signatures, geo-location data, etc. Personal Data is entered into Command Alkon platforms by and under the control of the customer (whether administrators or users). Customer personnel should therefore refrain from populating any particular data fields the collection of which may violate local privacy laws.
Command Alkon platforms are not intended to contain special categories of sensitive personal data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation. These special categories of sensitive personal data should never be entered into a Command Alkon product platform. Furthermore, Command Alkon products and platforms are not directed toward or intended to be used by children, so no personal data related to children should ever be entered into a Command Alkon product or platform.
Command Alkon platforms also sometimes contain open text boxes for use by a user. Open text boxes are not intended to be populated with personal or business sensitive/confidential information. Open text boxes should only be used for non-sensitive information.
Command Alkon does not “sell” Personal Data for purposes of the California Privacy Protection Act or California Privacy Rights Act.
For Command Alkon platforms that are installed on the customer’s premises (“on-prem”) and therefore under the complete control of the customer after installation, the customer is responsible for ensuring adequate security is enabled with regard to their premises (whether physical or cloud) and platform settings. Command Alkon will assist at installation with initial security settings associated with purchased platforms.
Command Alkon’s handling of Personal Data is fully described in the Command Alkon Global Privacy Notice available at https://commandalkon.com/privacy-policy/. Any questions or requests related to Personal Data may be forwarded to privacy@commandalkon.com.
Additional Information for Customers in the EEA/EU/UK:
Users of Command Alkon products in the EEA/EU/UK should be familiar with the privacy requirements of the General Data Protection Regulation and/or UK GDPR (hereinafter “GDPR”), where applicable.
- In line with Article 25(1) of the GDPR, and as emphasized by the European Data Protection Board, the controller (i.e., the customer of Command Alkon) shall implement appropriate technical and organizational measures which are designed to implement the data protection principles and to integrate the necessary safeguards into the processing in order to meet the requirements and protect the rights and freedoms of data subjects. Technical and organizational measures and necessary safeguards can be understood in a broad sense as any method or means that a controller may employ in the processing. Being appropriate means that the measures and necessary safeguards should be suited to achieve the intended purpose (i.e., they must implement the data protection principles effectively). A technical or organizational measure and safeguard can be anything from the use of advanced technical solutions to the basic training of personnel. Examples that may be suitable, depending on the context and risks associated with the processing in question, include also pseudonymization of personal data. Having said this, customers of Command Alkon should consider providing training to admins and users, in particular in relation to ticket sharing rules, user creation, and use of certain features that enable the tracking and/or evaluation of performance. The Command Alkon products support the pseudonymization of data subjects (e.g., drivers) and users of customer should be made aware of this feature as early as possible.
- Controllers need to consider the principles of the GDPR when implementing Command Alkon’s products and services. These principles include: transparency, lawfulness, fairness, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability.
- In terms of data storage limitation, the GDPR does not establish concrete rules on the maximum or minimum time Personal Data must or can be retained. However, customers from the EU and UK must consider the principles of the GDPR, which dictate that Personal Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed. The purpose of collection therefore dictates the maximum period Personal Data can be retained.
- The GDPR includes an obligation of a customer to delete Personal Data when no longer needed for the purpose for which it was collected and also the right of a data subject (e.g., employee or driver) to have their Personal Data deleted, subject to exceptions.
- Every retention concept must consider applicable laws and potential works council agreements that may govern a minimum/maximum period for data retention. Typically, laws establish minimum data retention rules where data is relevant for taxation or remuneration. Works council agreements may govern rules on retention and deletion as well and can only be assessed by a customer who is subject to a works council agreement.
- Most data fields in Command Alkon platforms are not mandatory. Mandatory data fields are indicated by an asterisk and are generally for log in and authentication purposes. Generic or non-specific data may be used in any data field that is not mandatory in place of Personal Data (e.g., “Driver 1” instead of “John Doe” – the driver’s real name).
- Customers should ensure that Personal Data that is shared across platforms (copied, streamed, etc.) is treated consistently and in accordance with applicable laws/requirements for deletion purposes.
Additional Information
As privacy laws around the globe are implemented and develop, many of the points listed above for customers of the EEA/EU/UK become applicable to customers outside of that specific region. Please check your local laws and regulations for applicability.
Command Alkon has prepared some documents on specific privacy-related topics which you may find helpful for your compliance efforts, such as a data processing agreement (“DPA”), transfer risk assessment (“TRA”), and GDPR products assessments for certain products. These documents are available upon request. Please reach out to your Command Alkon contact to obtain them.
Personal Data Fields by Command Alkon Product Platform
Product | Type | Personal Data Fields |
Apex | On-prem | Names, e-mail addresses, telephone numbers, titles, driver’s license numbers, geo-location, usernames, passwords |
Automatic Bin Fill System | On-prem | Names, e-mail addresses, usernames, passwords |
betonMIX | SaaS | Names, usernames, passwords, e-mail addresses, telephone numbers, job title, addresses, driver’s license numbers, expiration date, employee number, CPF numbers |
betonTEC | SaaS | Names, job title, e-mail addresses, signatures, usernames, passwords, CPF numbers |
BuildIt | SaaS | Names, e-mail addresses, telephone numbers, usernames, passwords |
CEC, CE2, and CE2-Prefa | On-prem | Names, e-mail addresses, PABX ID, telephone numbers, driver’s license type and expiration date, signatures, usernames, passwords |
Command Cloud | SaaS | Names, telephone numbers, e-mail addresses signatures, IP addresses, employee ID numbers, driver performance information, addresses, photos, geo-location, union local number (in U.S.) |
COMMANDbatch/EZCal | On-prem | Names, e-mail addresses, addresses, telephone numbers, IP addresses, usernames, passwords |
COMMANDfleet | On-prem | Names, e-mail addresses, employee ID, geo-location, usernames, passwords |
COMMANDoptimize | On-prem | Names, addresses, seniority, geo-location, job title, driver efficiency rating, employee ID number, qualifications, driver attributes, usernames, passwords |
COMMANDperformance | On-prem | Names, addresses, telephone numbers, employee ID, e-mail addresses, usernames, passwords |
COMMANDqc | On-prem | Names, addresses, usernames, passwords, telephone numbers, job title, signatures, certifications |
COMMANDseries | On-prem | Names, addresses, telephone numbers, e-mail addresses, job title, usernames, passwords, employee number, seniority |
COMMANDtrack | On-prem | Names, addresses, telephone numbers, usernames, passwords, employee number, seniority, geo-location, title, driver attributes |
conactive Laboratorium | On-prem | Names, usernames, passwords |
conactive Management | On-prem | Names, e-mail addresses, telephone numbers, sex, title, account numbers, usernames, passwords |
conactive Process Controls | On-prem | Names, IP addresses, usernames, passwords |
Connective Management Optimzer | On-prem | Names |
HaulIt | SaaS | Names, addresses, telephone numbers, e-mail addresses, job title, employee number, ethnic origin (in U.S. only), hire date, pay rate, termination date, alcohol/drug test results, driver’s license number, driver classifications, medical card, certifications, social security numbers, usernames, passwords |
Insights | SaaS | Names, employee number (it also allows for driver scoring and reporting) |
Integra | On-prem | Names, telephone numbers, addresses, e-mail addresses, driver’s license numbers, IVR PIN numbers (for call-in to check messages), credit card numbers and expiration dates (encrypted), union local number (in U.S. only) |
Integrated Trucking | SaaS | Names, addresses, e-mail addresses, CDL numbers, telephone numbers, job title, geo-location, signatures, usernames, passwords, IP addresses, photos, driver performance |
Libra Asphalt Batch and Loadout | On-prem | Names, telephone numbers, e-mail addresses, driver’s license number, driver ID, weighmaster license number, weighmaster ID, usernames, passwords |
Libra Asphalt Drum | On-prem | Names, usernames, passwords |
MOBILEjobsite | SaaS | Names, addresses, usernames, passwords, e-mail addresses, telephone numbers, geo-location (by truck number) |
MOBILEsales | SaaS | Names, addresses, telephone numbers, e-mail addresses, title, date of hire, supervisor, usernames, passwords |
MOBILEticket | SaaS | Names, addresses, usernames, passwords, e-mail addresses, signatures, driver rating |
Plant Watcher | On-prem | Names, e-mail addresses, usernames, passwords |
ScheduleCom | On-prem | Names, telephone numbers, e-mail security questions and answers, job description, title, hire date, seniority, payroll ID, dispatch ID, usernames, passwords |
Spectrum | On-prem | Names, telephone numbers, IP addresses, usernames, passwords |
supplyCONNECT | SaaS | Names, e-mail addresses, usernames, passwords |
SupplyIt | SaaS | Names, telephone numbers, addresses, signatures, employee ID number, usernames, passwords |
TFleet/TView | SaaS | Names, driver ID, employee ID, driver PIN, e-mail addresses, driver’s license numbers, usernames, passwords, voice recordings (optional), text messaging, geo-location, drive safe scores, telephone numbers, driver log in for truck |
TicketPro | SaaS | Names, telephone numbers, e-mail addresses, geo-location, usernames, passwords |
TrackIt/TrackIt 3P | SaaS | Names, telephone numbers, e-mail addresses, signatures, IP addresses, usernames, passwords, hire date, employee number, driver performance information, title or employee type, hours worked, addresses, message history, geo-location, driver’s license information, HOS logs (in U.S. only) |
For all other questions, contact Command Alkon at privacy@commandalkon.com.