Data lake anonymization
Data anonymization, often referred to as 'data sanitization', is a process aimed at protecting user privacy. Personally identifiable information in data sets is encrypted or removed to ensure anonymity.
The data we keep in ABAX comprises location data.
Data lake replenishment is performed from backups and then anonymized using scripts (when established and verified). The data lake is only accessible by the data science team, and the data is used for analytical purposes such as improving algorithms on the tracking units.
The data lake consists of the following information:
- Maximum speed
- When the trip started and stopped
- When a trip was registered with our servers
- Trip type (business or private)
- A numeric ID for the driver (no link to privacy data). Used to provide the following information:
- Company identity
- Account type: user account or admin account
- Active account
- Language setting for the account
- Date of last login
- Date of last logout
- Which interface/product is linked to the account
- Whether the Show welcome page flag is set to true or false
- Whether the Force password reset flag is set to true or false
- Fiscal domicile
- Whether the customer account has any trips
- Whether the customer account has an active driver
- Whether the customer account has left the company
- Whether the contact info is updated
- Date when the account was last modified
- Trip settings
- A numeric ID identifying the tracking unit
- A numeric ID identifying the main office
- A numeric ID identifying the vehicle
No personal information such as names, phone numbers and email addresses are transferred to the data lake.
Positions are anonymized in such a way that it is not possible to identify the address the individual behind a data point or the exact location of the original datapoint. Trip start and trip stop locations will be grouped together with those for other tracking units in such a way that no location is started or stopped by one single tracking unit and no single start or stop location can be tracked back to an identifiable individual.
In more technical terms
Trips are anonymized by geohashing the start and stop locations. Geohashing converts a position (latitude and longitude pairs) into a hash code that identifies a rectangle in a grid overlaying the world map. The grid size depends on the length of the geohash (see https://en.wikipedia.org/wiki/Geohash).
The anonymization process is iterative, and starts with a high value geohash (small rectangles). The geohash value starts with 12 (area size of 7 square cm) and goes down to 1 (area size of 25 009 930 square kilometres). If only one SIM card has a location inside a rectangle with the value of 12, then the geohash value is reduced by one and the process is repeated until other SIM cards have a position with the same geohash or until the geohash value is 4, at which point the area size represented is 762 square kilometres (ref. Figure 1).
Anonymization is also used when location data is sold to or shared with third-party users, in which cases a similar approach is used to anonymize the data.
Figure 1 – Geohashing, green squares as the new position (replaces the red positions within the square)
Data processor agreement
The documentation for all our markets is available here: https://www.abax.com/terms-and-conditions
Subprocessors in ABAX
GDPR set out two alternative forms of authorization that must be obtained from the data controller before the processor may engage a subprocessor:
- Prior specific authorization to use a subprocessor. This alternative is appropriate when tasks/services the data processor provides to the data controller are specific in nature, i.e. that the subprocessor is engaged to provide specific services to one or a small group of customers. This is typically the case where the solution provided by the data processor must be customised to the needs of the data controller.
- General authorization to use a subprocessor. This alternative is appropriate where the services provided by the data processor to the data controller are the same, or essentially the same, for a large number of customers. In these cases, the data processor must keep the data controller informed about the use of subprocessors and of any changes to the subprocessors used prior to engaging a new subprocessor. The data controller always has the right to object to the use of certain subprocessors.
ABAX uses the general authorization option for customers using our services. ABAX is continually developing and improving its services. New or improved functionality may require the use of new subprocessors. If ABAX had to obtain written approval from all its customers, this would make new developments impossible.
An updated overview of the subprocessors we use is available at https://www.abax.com/terms-and-conditions
How is privacy handled in your service?
Proactivity and Prevention
Privacy by design approaches the issues of privacy risks in a proactive manner. The issues must be prevented before they occur, and steps should be taken to mitigate the potential risks even before they become apparent. Poor security and privacy practices must also be recognized and improved early, before they do any harm.
This requires a commitment to consistently enforce privacy standards that are required by the GDPR. This is covered by the requirement to conduct data protection impact assessments before commencing with processing operations. The responsibilities of data controllers and processors are also clearly listed and must be followed. This requires a thorough commitment for proper implementation.
Privacy as the Default
The principle of privacy by default mandates that the users’ data must be protected without requiring their input. Individuals should not have to do anything in order to ensure their data is safe – it should be safe by default.
This is covered in Articles 25 and 32 of the GDPR, while DPOs are tasked with ensuring these rules are adhered to. The GDPR also prominently includes the three basic elements of privacy as the default, including:
Purpose specification – individuals must be notified what their data will be used for
Collection limitation – collection of personal data must be lawful and transparent
Data minimisation – as little data as possible should be collected, and only for immediate processing purposes.
Privacy Embedded into the Design
During the creation of technologies that will be used by companies and online services, due care must be taken to design them in such a way that privacy protection remains an integral part of the system.
Even before the systems reach the end-users, all good privacy protection measures must already be in place. Functionality for users should be unaffected by these privacy protection measures, and systems should be made in such a way that potential misconfigurations or errors do not degrade privacy. Again, this principle is mostly covered in Articles 25 and 32, along with several Recitals.
Full Functionality – Positive-Sum
The aim of privacy by design is to create a win-win situation for all stakeholders. The idea is that these privacy protection measures will create benefits both for the companies and for the users. Instead of a zero-sum situation, where users can only benefit at the companies’ expense and vice versa, these privacy by design measures aim to create positive net effects without making these trade-offs.
Security and privacy of data must be ensured from the point of collection to the eventual destruction of data. At every point of the data lifecycle, it must be continuously protected and accounted for.
The GDPR is notably very prescriptive in this regard. Its many provisions on data collection, storage and destruction fully capture the spirit of this rule. The aim is to ensure there are no gaps in data security, as security is considered an essential counterpart to privacy.
Thus, the GDPR requires the use of several methods for ensuring accountability (such as record-keeping) and security (anonymization, access controls etc.).
Visibility and Transparency
The key to accountability (and GDPR compliance) is transparency. All stakeholders, partners and coprocessors must be vetted, audited and open to external verification. Without transparency and visibility, there is no real way to ascertain whether the privacy by design principles have been implemented properly.
Respect for Privacy
The best way to achieve great result in implementing privacy by design features is to create products with end-users in mind. They should be designed to meet the users’ needs and include simple possibilities for them to control and oversee how their data is processed.
How do you secure privacy when introducing new features?
Even before we decide to implement a new feature or product we evaluate the privacy aspect thoroughly. We seek help from our DPO and from legal advisors (law firms) when in doubt. In addition our software testers pay extra attention to the privacy aspect, and all potential risks are closed before a feature are launched to the market.
Leave your GDPR hassle with us. Due to GDPR regulations, your employees now have the right to request what personal data you hold about them and the ‘right to be forgotten’. Some of your employees will probably ask you about this. Do you have time to handle all your employees requests, or do you want us to handle it for you? With the Privacy Assistant, we will handle most of the privacy dialogue with your employees, so you can focus on running a profitable business.
The Privacy Assistant will:
- Ensure your company is using ABAX products and services in a way that keeps you GDPR compliant
- Handle employee requests, so you can focus on running your business
- Inform your employees in an easy and compliant way with customized documents specific to your business
Information security is a top priority in ABAX. Here are the answers to some of the most common questions our customers ask about information security on our website, abax.com.
Where does ABAX store its customers' data?
Customer data is our most valuable asset, so our storage solutions must be secure and reliable. We use a combination of our own data centres and public cloud vendors. Our primary data centre is in Sweden. You can find a list of our public cloud vendors in our regularly updated list of data sub processors available at https://www.abax.com/terms-and-conditions
How does ABAX encrypt our data when stored?
The data stored in our data centre is stored on self-encrypting hard drives so that you as our customer can rest assured that your data is safe with us.
How does ABAX encrypt data in transit to its customers?
When you use our products, either via your web browser or via our apps, all communication is encrypted with industry-standard TLS encryption. Your browser's address bar will display a padlock symbol showing that your connection is encrypted.
What kind of security standards does ABAX comply with?
We comply with information security management system standard ISO 27001. This standard includes a range of controls to ensure that all processing is carried out securely and in a way that does not put our customers' data at risk.
Which vendors does ABAX use to transfer data?
Our hardware communicates through the mobile network using Telenor and its global network of partners. Multiple internet service providers (ISPs) facilitate communication between our customers and our systems via fully redundant solutions. ABAX’s infrastructure is connected to internet highways at several core internet exchange points.
How does ABAX ensure security on its servers?
To ensure that our servers stay secure, we always set up our infrastructure based on industry standards and best practices. All infrastructure is kept up to date with the latest security patches released by our vendors.
What kind of backup routines does ABAX have for its customers' data?
We make regular backups of all our valuable customer data and store them at a secure off-site location. For you as our customer, this means that we can recover your data and minimize any data loss in the event of a disaster.
How does ABAX secure customer data in its networks?
To ensure that we keep our servers safe, we use network segmentation, meaning that we divide our network into smaller segments. This protects our infrastructure from cyber-attacks.
How does ABAX ensure access control to its servers and systems?
We use a widely used method of access control called the principle of least privilege (POLP). What this means in practice is that we limit access to the accounts in our systems, granting them only the minimum access needed to perform specific tasks. To ensure that we adhere to the POLP principles, we perform regular audits on all accounts and their access rights as part of our ISO 27001 compliance procedures.
Onboarding the service: Get it right from the start
Set a valid purpose for the service
When you start using the ABAX service, you must remember to implement it correctly to make sure you comply with privacy regulations. This means that your company must have a valid lawful basis for processing data, pursuant to the General Data Protection Regulation (GDPR), Article 6 (a)–(f), which reads:
Processing shall be lawful only if and to the extent that at least one of the following applies:
(a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
(b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
(c) Processing is necessary for compliance with a legal obligation to which the controller is subject.
(d) Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
(e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
(f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Within the different ABAX domains some suggested purposes can be relevant and used for our customers.
SUGGESTED PURPOSES FOR THE ABAX TRIPLOG SERVICE
Documentation for the tax authorities
ABAX Triplog is implemented to document the business use of vehicles in accordance with regulations issued by the tax authorities. For commercial vehicles, there will be ongoing documentation on all completed trips. Routines will be established to ensure compliance with current regulations.
Separate private and business trips for tax purposes
ABAX Triplog is used to separate private trips from business trips for tax purposes. Trip classification is performed by the driver, administrator and/or automatically by the system.
ABAX Triplog data can be used to help resolve customer queries and complaints. This should only be completed following a specific customer query, and only to resolve that particular query.
ABAX Triplog can be used to locate an employee if the employer has lost contact and suspects that an accident has occurred.
ABAX Triplog data can be used as a basis for billing customers for driving (time and mileage).
Incorrect time sheets
ABAX Triplog can be used if there is concrete suspicion that a time sheet is incorrect. The employee in question shall have the opportunity to be present during the check, and shall also be offered assistance from an employee representative or other party.
Service follow up
ABAX Triplog data can be used to follow up vehicle service intervals. Service notifications can be issued by email or text message from the system.
ABAX Fleet Management tracks the current location of your vehicles. This can be used to direct the vehicle located closest to a job.
ABAX Fleet Management can show all trips driven on a specific day in the map. This can be used to optimise driving routes.
Reduce environmental impact
ABAX Driving Behaviour can score drivers on their driving behaviour. Higher driving scores reduces the environmental impact.
ABAX Driving Behaviour can be used to mentor your drivers to drive more safely and more efficiently.
Improve driving standards
ABAX Driving Behaviour can be used to mentor your drivers to drive more safely and more efficiently and thereby reduce the number of incidents.
Reduce fleet-related costs
ABAX Driving Behaviour can help optimize driving performance to reduce fuel and servicing costs.
SUGGESTED PURPOSES FOR THE ABAX EQUIPMENT CONTROL
Track and trace
ABAX Equipment Control can be used to locate and recover lost equipment.
ABAX Equipment Control can be used to locate specific equipment for a specific job.
ABAX Equipment Control can log the usage of self-powered equipment. This data can be used to reduce over-use.
Invoicing of actual use
ABAX Equipment Control can log the usage of self-powered equipment. This data can be used by the owner to invoice the customer based on actual use.
Invoicing per use in an area
ABAX Equipment Control can log the usage of self-powered equipment in a specific area. This data can be used by the owner to invoice the customer based on hours in a project.
ABAX Equipment Control data can be used to follow up on equipment services. Service notifications can be issued by email or text message from the system.
Important to remember
When implementing a new service that has control measures, the authorities recommend that the company involve the employees at an early stage in the process. (Typically a trustee would be a great fit for this involvement.)
The company administration should arrange a meeting with the trustee and/or other relevant staff in the company to discuss the different control measures a service like ABAX will track.
In addition, the company must state the purpose of the control measure, the possible consequences a measure can have (e.g. how the technology works, and what data is measured and reported to the administrator) and for how long the control measure will last (normally a contract period).
The information can be given orally or in writing to the employees. In some cases the company may hold an information meeting to ensure that all employees are informed and to receive input from the employees.
It is up to our customers to specify a purpose for processing that best fits their business. The suggested purposes are only suggestions; our customers may specify other purposes that better fit their requirements. According to the Working Environmental Act it is recommended that the employees are involved when implementing the ABAX services for a smooth onboarding for the entire company.
Each purpose must comply with a lawful basis stated in GDPR (Article 6 (a)–(f)). What is important to remember? The following key things should be relevant for our customers when implementing the purpose(s) and legal basis for processing data.
- You must have a valid lawful basis in order to process personal data.
- There are six available lawful bases for processing. No single basis is ’better’ or more important than the others. Which basis is most appropriate to use will depend on your purpose and relation.
- Most lawful bases require that processing is ‘necessary’ for a specific purpose. If you can reasonably achieve the same purpose without the processing, you have no lawful basis.
- You must determine your lawful basis before you begin processing, and you should document it. We have an interactive tool to help you.
- Make sure you get it right first time – you should not specify a different lawful basis at a later date without good reason. In particular, you cannot usually swap from consent to a different basis.
- Your privacy notice should include your lawful basis for processing as well as the purpose(s) for processing data.
- If your purpose changes, you may be able to continue processing under the original lawful basis if the new purpose is compatible with your initial purpose (unless your original lawful basis was consent).
- If you are processing a special category of data, you need to identify both a lawful basis for general processing and an additional condition for processing this type of data.
- If you are processing criminal conviction data or data about offences, you need to identify both a lawful basis for general processing and an additional condition for processing this type of data.
Can I use the data in the system to do whatever I want?
When implementing the ABAX service, you must specify exactly what you want to use the data for. You cannot use the data and information you have available in any way other than for the specified purpose.
If you change the purpose or specify an additional one, you must hold another meeting with the trustee/relevant employee and ensure that all employees are informed accordingly. Of course, the new purpose must be valid and have a clear connection to the legal basis in GDPR.
The company must communicate the purpose that describe exactly what personal data shall be used for, not what it can be used for. In other words, the purpose must be specified and communicated, and should not be too broad or vague. The specified purpose determines what the personal data will be used for. Using personal data for purposes other than that specified constitutes a violation of the privacy regulations.
Data protection impact assessments (DPIA)
The Data Inspectorate states: An assessment of privacy consequences (Data Protection Impact Assessment - DPIA) shall ensure that the privacy of those registered in the solution is safeguarded. This is a duty under the new privacy regulations. Article 35 defines when it is required to make a DPIA, what it should contain and who should implement it.
For our customers who introduce ABAX in their company, they must consider whether an assessment of privacy consequences should be completed. Some examples that require a DPIA include:
- The processing of location data in conjunction with at least one other criterion
- A systematic compilation of the data subject's location and traffic data from telecom operators or the processing of personal data about the subscriber's use of the telecommunications network or the telecom operator's services. (Highly personal information and systematic monitoring.)
- The processing of location data in combination with an employee group.
If unsure, the Data Inspectorate defines on its website which processing activities always require a DPIA.
Guidance on how to perform a DPIA can be found here.
GDPR in our Technology
Termination and deletion
Termination that results in deletion applies to data belonging to customers who terminate their contract and who have not purchased Data Storage. Data Storage is a product the customer can buy and by purchasing this storage we guaranty that we keep the customers data in a safe storage after termination of the contract. Deletion of data can be triggered to apply all data within the customer contract or triggered by a single user/driver within the customer. When a single user/driver request deletion, only the data linked to this specific user/driver will be deleted. The deletion for a single user is triggered through “Privacy Assistant” (ref. figure 2). The user specifies what kind of data to delete by filling out a form (companies can create a template form to ease up the process for the users). When a customer contract is terminated, all data linked to all their users/drivers will be deleted.
As an extra quality check, we create a “wash list” containing all customers to delete. This list goes through a confirmation check where we remove customers from the list that for some reason should not be deleted (renewal of contract etc).
When we receive a deletion request, data should be deleted within 30 days. This applies for both customer deletion and single user deletion.
When deletion starts, we use a specific service that issues commands to all our services in different domains. The commands will trigger deletion of data that can be linked to a person (privacy data) in all domains for the current customer or user.
Before deletion, we extract possibly valuable data points and run these through our data lake. Through our data lake routines, we anonymize the data so that it cannot be traced back to any customer or user. The plan in the future is to automize the data lake when we receive the data from the tracking units. Anonymized data is kept for analytical purposes even if a deletion is requested (ref. Anonymization).
Figure 2 - Termination Deletion Process
How we process personal data
We are dependent on trust from our customers. That is why your privacy is important to us and your personal data is safe with us. This includes everything that can be connected to you as a person, for instance address, contact information, GPS-positions and other personal data.
Collection of personal data
ABAX processes personal data mainly through agreements and contracts made with our customers, customer service, customer care, customer administration, marketing and invoicing.
In the main, ABAX collects personal data from you directly. Sometimes we gather information from other sources, both public and private institutions. Additionally, GPS-positions are automatically collected through usage of our products. These GPS-positions are seen as personal data.
ABAX is a data controller for information we collect about you. We will inform you when we collect data unless the collection is decided by law, notification is impossible or difficult, or you already are aware.
If ABAX receives your data generated as a list in connection to marketing activities, you will have the right to unsubscribe. In cases where ABAX collects personal data on behalf of our customers, and act as a data processor on behalf of our customers, our customers have the responsibility for the information you receive. We will, in these cases, also be able to give you the information directly, but this will be upon request from our customers.
ABAX will record phone calls for security and training purposes.
Customer Satisfaction Indicators
When you contact ABAX, we will on occasion ask you about your customer service experience. This feedback is used to give customers better products, services, measure the effect of improvements and look at customer satisfaction and customer behaviour over time.
If you do not want to share this kind of data, simply avoid conducting any survey you receive.
Newsletter and marketing
You can receive marketing material, information and notifications from ABAX. This can be communicated through email, our webpage or other appropriate channels. This information is divided in three different categories:
- Information and news, normally as a newsletter using email
- Campaigns and invitations
- System notifications about your services
You can subscribe or unsubscribe at any time.
Extraction of personal data
In ABAX, we have a common register for all our customers available for all our consolidation companies. Its purpose is to give our customers the best possible service and provide information and proposals on products and services we offer. The register may contain the following data about you:
- Contact information
- Company of employment
- What consolidation company you belong to
- Contract details
- Historical data regarding your contact with ABAX
The Data Controller is the one who sets the purpose for how to process the personal data. In the ABAX-consolidation, the Data Controller is the ABAX company you have made an agreement with. For personal data collected based on complying agreements with our customers, the customer themselves (in most cases) will be the Data Controller.
When an ABAX customer is the Data Controller, ABAX acts as a Data Processor. For this purpose there has been made a Data Processor Agreement between the customer and ABAX. ABAX has also signed agreements with subcontractors on data processing. Our subcontractors cannot use this information for other purposes than defined by the Data Controller.
You have the right to get information on what personal data we process and how it is processed. Most of the information we have about you as our customer is available for you to view in your profile. Requests on extended access are completed by the Data Controller.
The employees of ABAX customers may have access to data that is not visible by the administrator (e.g. private trips in ABAX Triplog). However, if the administrator (Data Controller) is asked for copy of all data registered on the employee, this data may be visible to the administrator during this process.
To provide the best service, it is important that the information we have on you is correct and necessary to implement the agreements. You can request that we correct and erase information on you if the information is inconclusive or unnecessary. Requests are addressed to the Data Controller.
ABAX erases personal data when it is no longer required to fulfil the purpose it was collected for. This means, that as long as you have an agreement with us, we store necessary information on you. When a contract is terminated, erasure of data will be completed unless an agreement on further storage has been made. More information on erasure can be read in Terms & Conditions for our services. Claims to erase information are addressed to the Data Controller. If there are regulation that outline a minimum storage time, e.g. for accounting purposes, erasure will not be conducted until the minimum storage time has passed.
Cookies are small files storing information on how you are using a website. The information is stored in the browser you are using, hence with you / on your computer.
- Learn from your behaviour to improve the functionality, user experience and content
- Adjust content to make it relevant for you
- Provide you with relevant and customised marketing on other web pages you are visiting
You may experience adverts from us on other web pages, based on content and web pages you have visited. Cookies are used to collect information on what pages you are visiting on our web page and not identify you as a customer. The information we collect when using our web page can in some cases be combined with information from your previous customer relations.
How to avoid cookies
If you do not want to allow the storing of cookies on your computer, you can turn this feature off in your browser. Be aware that this may affect functionality on www.abax.com/uk and other web pages.
You can delete cookies by following the instructions for erasure of cookies in your browser.
If you want to allow cookies, but at the same time access what we actually store, you can install an addition to your browser: www.ghostery.com
Privacy on www.abax.com
Usage of analytics
On www.abax.com we register the following information on you:
- Your position by using IP-address, data on positioning and similar
- Your electronical traces, e.g. what web pages you are visiting and what products you are ordering
- Technical information on your web browser and operating system
Information on your behaviour on our web pages is used for the following purposes:
- Personal adjustment on the web page
- Customer Service
We are using Google Analytics for analysing the traffic on our web page and additional web pages we have. If you do not want Google Analytics to gather information about you, please visit this page: Google Analytics (https://tools.google.com/dlpage/gaoptout)
You can be contacted
If you are using a guide for a product on our web page, we may contact you with a sales purpose.
In ABAX, we are in some cases using personal profiles to adjust our offers to you. Personal profiles is an assembly of information we have received from you, e.g. name, address, other personal information you have stated, services you are using and information on traffic. When we use profiling for marketing, we inform you.
Data protection Officer
The ABAX Data Protection Officer is Christine Blomquist. If you have any enquiries regarding how we process personal data feel free to contact her at: firstname.lastname@example.org
For further information, see government legislation regarding processing personal data.