PRIVACY POLICY – SENTRAGO
(Pursuant to Article 13 of Regulation (EU) 2016/679 – GDPR)
1. Data Controller
The data controller is GeM Trading LTD, with registered office at Tower Business Centre, 2nd Floor, Triq it-Torri, Swatar, Birkirkara, BKR 4013, Malta, VAT no. MT29564827. Email: support@sentrago.com
2. Data Protection Officer (DPO)
The Controller has appointed a Data Protection Officer (DPO) pursuant to Article 37 of Regulation (EU) 2016/679. DPO contact details: privacy@sentrago.com
3. Purposes and Legal Basis of Processing
| Purpose | Legal Basis | Retention Period |
|---|---|---|
| User registration and creation of the SentraGo account | Performance of a contract (Art. 6(1)(b) GDPR) | Up to 10 years after termination of the contract |
| Provision of GPS location services and display of positions | Performance of a contract (Art. 6(1)(b) GDPR) | 12 months from recording of the location data |
| Administrative management, accounting and invoicing | Legal obligation (Art. 6(1)(c) GDPR) | 10 years |
| Sending of service and informational communications | Legitimate interest (Art. 6(1)(f) GDPR) | Until withdrawal or objection |
| Sending of promotional communications and newsletters | Consent (Art. 6(1)(a) GDPR) | Until withdrawal of consent |
4. Categories of Data Processed
Identification and contact data; access data (IP, logs); contractual and billing data; device data (serial number, IMEI, ICCID); GPS location data (coordinates, speed, routes, timestamps); payment data (Stripe); technical data (server logs).
5. Methods of Processing
Data is processed electronically, using appropriate technical and organisational measures and in compliance with the principles of lawfulness, fairness, transparency and data minimisation.
6. Nature of Providing Data
Providing data is mandatory in order to use the SentraGo service. Providing data for marketing and newsletter purposes is optional.
7. Recipients or Categories of Recipients
Authorised staff of GeM Trading LTD, IT and hosting providers, maintenance providers, consultants, Stripe Inc. for payment processing, and competent authorities where required. Such entities act as processors pursuant to Article 28 GDPR, where applicable.
8. Transfer of Data to Third Countries
Primary storage takes place within the EU. Any transfers outside the EU will take place in compliance with Articles 44–49 GDPR and with appropriate safeguards in place.
9. Data Retention
Location data: 12 months. Administrative/contractual data: 10 years. Marketing data: until consent is withdrawn. After expiry of the relevant periods, data will be deleted or anonymised.
10. Data Subject Rights
Data subjects have the right of access, rectification, erasure, restriction of processing, objection, and data portability (Articles 15–22 GDPR). Requests can be sent to privacy@sentrago.com and will normally be answered within 30 days.
11. Right to Object
Data subjects may object at any time, on grounds relating to their particular situation, to the processing of their personal data (Art. 21 GDPR). In the case of direct marketing, the right to object may be exercised at any time and free of charge.
12. Right to Lodge a Complaint
Data subjects have the right to lodge a complaint with a competent supervisory authority, in particular the IDPC Malta or the authority of their Member State of residence.
13. Automated Decision-Making
No decisions are taken based solely on automated processing, including profiling, that produce legal effects concerning the data subject or similarly significantly affect them.
14. Updates to this Privacy Policy
The most recent version of this Privacy Policy is available at sentrago.com/privacy. Any material changes may be communicated to users by email.
15. Contact
GeM Trading LTD – privacy@sentrago.com – Tower Business Centre, 2nd Floor, Triq it-Torri, Swatar, Birkirkara, BKR 4013, Malta