Security Policy

1. Security Policy Introduction

Maris Ltd. dba ATG Risk Solutions (“ATG Risk”) is designed and operated as a modern, secure software-as-a-service (SaaS) technology and data organization.  Executives promote, fund, and ensure security and privacy are priorities across all aspects of the service delivery.
Recognizing the sensitive nature of telematics, data creation, generation, collection, processing and reporting is classified for protection levels, and data is protected to its level of classification.  These classifications and protections align with global security standards for best practice security and privacy management. 
Aligned with international best-practice security methods, ATG Risk has published a full Security and Privacy Management Procedure (see 01-1000, available on request) to obtain global certifications for security and privacy controls, including ISO 27001:2013, NIST Cyber Security, and emerging ISO 27018 for software-as-a-service operations.  ATG Risk also examines global privacy requirements for consideration in the evolving platform.  United States privacy protection is a consumer protection, in other countries, privacy laws evolve from human rights protections and require specific measures for compliance.  As the ATG Risk service evolves, security and privacy considerations are designed, implemented, and managed based upon scalable and efficient data classification and these global best practices.

 

2. Personal Information Access Policy

ATG Risk is committed to protecting your nonpublic personal information (“NPPI” or "Personal  Information"). We avoid the use and disclosure of Personal Information when your business and fleet interact with us, including information you provide through our website www.atgrisk.com (“Web Site”). 
All Personal Information including company fleet driving data or related personal information is treated as proprietary and is not disclosed to any third party. The company does not knowingly collect or retain any information related to the personal use of company vehicles. All trips categorized as personal use are explicitly excluded from disclosure to ATG Risk by third party providers, such as Mobile Applications and Telematics Service Providers (“TSPs”). Except as disclosed in this agreement, ATG Risk does not share or use any non-public personally identifiable information (NPII).  Disclosure of such information complies with all state and federal statutes and regulations governing the disclosure of NPPI and will immediately notify the client of any breach or suspected breach of data security. 


What Data Do We Share? 

ATG Risk only shares vehicle data with insurance carriers, and the appointed agent or broker, under a specific Data Sharing Agreement signed by the Business Owner or Fleet Administrator identified as legally able to share such data. The Data Sharing Agreement is specific to a single insurance carrier, there is not a Data Sharing Agreement that allows for the generic sharing of vehicle driving data with multiple insurance carriers. 
Only company fleet vehicle driving data, for identified company vehicles, and not attributed to a named or identifiable individual is shared under the Data Sharing Agreement (“DSA”) with approved insurance carriers. A Data Sharing Agreement for the release of Driver specific data such as E-Logs (Hours of Service) or related on-duty personal information is specifically identified in the DSA. All such NPPI data is treated as proprietary and disclosed to the insurance carrier, and no other third party, with the specific consent of the Driver and the Business Owner. The company does not knowingly collect or retain any information related to the personal use of company vehicles. All trips categorized as personal use are explicitly excluded from disclosure to ATG Risk by third party providers, such as Mobile Applications and Telematics Service Providers (“TSPs”). 


Consent and Use of Information Gathered

By signing the EULA requesting ¬ATG Risk services you consent to the collection and use of data from your participating vehicles, and the sharing of the VIN numbers with your vehicle OEM or Insurance Company. No data beyond the VIN number is shared with an Insurance Company, or any third party, without the specific consent of a business owner, or his/her representative under a separate DSA for each insurance carrier.
For each of your participating vehicles, ATG Risk captures this information for your use and provides aggregated and anonymized data to help you improve risk management practices, reduce accidents, and index the risk associated by vehicle with your fleet operations. Specific Driving Data and Location Data can not be viewed by anyone without your specific consent, and is not generally visible through any of the tools provided in the ATG Risk portal.  ATG Risk only uses aggregated and/or anonymous Driving Data for analytical and research purposes in order to improve current services and develop new services. The nature of this aggregate and/or anonymous information will not enable us to trace it back to any other identifiable person. ATG Risk will not associate any aggregate or anonymous Driving Data and Location Data with any other Personal Information for any purpose outside of those described here. 


Information Gathering and Retention

The information gathered by ATG Risk varies by business and depends upon your usage, your Agency’s usage and your TSP. The gathering and retention of this information is done your privacy in mind. The types of Personal Information we retain and protect include: 

  1. Information collected when you contact us through our Web Site, by email, or by telephone, including your name, address, email address, phone number, company information and services of interest. 
  2. Information collected when you request ATG Risk services, including vehicle data (make, model, year, VIN) and account information. This information is only shared with your insurance carrier, Agent/Broker or any other third party with the specific consent provided in the DSA.
  3. The DSA covers information collected when driving (such as road type, weather conditions, speed, etc.), Location Data (such as Global Positioning System (GPS) data, vehicle location, etc.), and your usage of the tools made available to you by insurance company.
  4. Information collected from your vehicles is only retained in an identifiable format for as long as prescribed by the DSA.

Notification to Employees

If you enroll with ATG Risk services, you acknowledge that you are responsible for complying with any privacy laws in your jurisdiction, including any legal requirements to provide your employees or others with notice that you are able to monitor, and review, driving data for your participating vehicles. 


Cookie Policy

Cookies are sets of information that our web server assigns to you when you visit our Web Site. Cookies are used in a few areas of our site only for maintaining information between pages. They are not used for storing or tracking personal information from our customers. These cookies simply carry forward information that you submitted on one screen to the next screen, eliminating the need for redundant entry. These cookies do not gather any other personal information from you or your computer. You do have a choice whether or not to accept the cookie, however, if you reject the cookie or if cookies are disabled on your web browser, some parts of the Web Site will not operate. 


Sharing Information Gathered

The ATG Risk website is designed to give our customers, prospective customers, and visitors a confidential means of gathering information about our services and products, and for doing business with us over the Internet. Whether you contact us through our Site, by telephone, or by email, we will only collect information that you voluntarily provide in order for us to service your request. 
If you have provided Personal Information in order to obtain ATG Risk services, either directly or under the brand of your insurance carrier or Agency provider, or to ask us a question, we will not share that information with authorized third party without the necessary DSA to service your request. If you have provided us with information about your TSP or your Insurance Agent, we may share this information with your insurance carrier. We will, however, not share Driving Data or Location Data without your consent. 
We will only disclose Personal Information beyond the limits described above if we determine that disclosure is necessary as required by law, legal process, and/or requests by governmental authorities.  Such disclosure will also result in a simultaneous disclosure to the business that such an exceptional event has occurred.


Notification of Changes

This Privacy Security Policy may be modified from time to time. If we change our policy, we will post those changes on this Web Site www.atgrisk.com/securitypolicy . You may wish to visit this page periodically to review the most recent policy. 


Contact Information

Please contact us by email with any questions at support@atgrisk.com or by calling our Call Center from 8am to 6pm Central Time (206) 274-0024.