Privacy Policy — AQUNAMA Tracker
Effective date: [Sept. 15, 2025]
This Privacy Policy explains how BIZ4EXIT s. r. o. (“AQUNAMA”, “we”, “us”, “our”) collects, uses, discloses, transfers, and protects personal data when you use the AQUNAMA Tracker mobile applications and web console (the “Services”). It also describes choices and rights available under applicable law, including the EU General Data Protection Regulation (GDPR).
Controller: BIZ4EXIT s. r. o., registered in the Slovak Republic
Registered address: Adamiho 24, 841 05 Bratislava, Slovakia
Company ID (IČO): 51302632
Contact for legal and GDPR matters: start@aqunama.com
Processor / Backend platform: For core telematics functionality (recording location, trips, routes, administration), AQUNAMA uses the MyCarTracks platform operated by Slash Idea s.r.o. (“Slash Idea”). Slash Idea acts as our data processor under a data-processing agreement. Certain privacy practices of Slash Idea relevant to your data are reflected throughout this Policy. mycartracks.com
If you access the Services under an organizational account, your organization may act as an independent controller for the data it manages within the Services.
1) Scope
This Policy applies to:
- Visitors to our websites and landing pages,
- Users of the AQUNAMA Tracker mobile apps (Android/iOS) and web console,
- Account owners and team members invited by an organization.
This Policy does not cover third-party websites, apps, or integrations that we do not control. Their policies govern their processing.
2) What we collect and how we use it
We process personal data from three primary sources: (1) information you provide, (2) information collected automatically, and (3) information from other sources. The subsections below align with the functionality of the MyCarTracks backend while reflecting AQUNAMA’s controller role.
2.1 Information you provide
Account and registration. Name, nickname, email, telephone, billing address, organization, and (where applicable) company identifiers for invoicing. Passwords are stored in encrypted form. We use this data to create and maintain accounts, authenticate users, invoice subscriptions, and provide support. Limited payment metadata may be processed by our payment providers; we do not store full card numbers.
App or website use / support. We use your contact details to respond to inquiries, send critical service notifications, and administer your account.
Optional addresses and profile details. You may add home/work addresses to enable convenience features.
Third-party applications. Where you enable third-party apps or integrations, information collected by AQUNAMA is subject to this Policy, while third-party collection is governed by their own privacy notices.
Promotions and requests for information. If you join a promotion or request information (directly or via partners), we process the submitted data to communicate about the promotion or provide product details, including lawful marketing unless you opt out.
Public forums. Content posted on public forums or social networks may be read and used by others; AQUNAMA cannot control third-party redistribution.
Recruitment. If you submit a job application, processing follows Slovak and EU legal requirements, including timely deletion of expired application data.
2.2 Information collected automatically
Location and route data. When you access telematics functionality, the backend records route information, including origin (which may be your then-current location), destination address, trip start time, route path, and certain vehicle metadata. These data power live tracking, trip logs, geofences, time-on-site, reports, and dispatch features.
Device and diagnostic data. We may collect device identifiers, OS version, app version, IP address, mobile device model, mobile network information, diagnostics, and crash logs. We may retain support correspondence to categorize and resolve issues.
2.3 Information from other sources
We may supplement data with information from partners and vendors (e.g., address updates from shippers, aggregated marketing and demographic insights) to improve services and operations in compliance with law.
3) Legal bases for processing
- Contract necessity (Art. 6(1)(b) GDPR): Provide and operate the Services, authenticate users, log trips/routes, generate reports, manage subscriptions.
- Legitimate interests (Art. 6(1)(f) GDPR): Ensure security, prevent abuse, perform analytics and product improvement, maintain service availability.
- Legal obligations (Art. 6(1)(c) GDPR): Tax, accounting, and compliance recordkeeping.
- Consent (Art. 6(1)(a) GDPR): Where required for marketing communications, analytics cookies, or background location/motion permissions not strictly necessary for service delivery.
4) When and with whom information is shared or disclosed
Processors / service providers. We use vetted providers for hosting, cloud infrastructure, telemetry, analytics, support, messaging, payments, and mapping. Slash Idea (MyCarTracks) is our primary processor for telematics functionality. We bind processors by data-processing agreements. mycartracks.com
Primary account holder / organization. The primary account holder (e.g., employer) administers team settings and is responsible for informing device users about tracking. Where employment law applies, employers must respect off-hours privacy; access to statistics covering non-working time may be restricted by law or policy.
Consent / transactions. We may disclose data to third parties with your consent, including to complete transactions or provide services on our behalf.
Legal process and rights protection. We may disclose data as required by law or to establish, exercise, or defend legal claims.
Business transfers. In a merger, acquisition, or asset transfer, data may be transferred subject to appropriate safeguards and advance notice where feasible.
5) International transfers
We and our processors may process data globally. Where transfers occur outside the EEA/UK, we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses and complementary measures, as applicable.
6) Security and retention
We implement technical and organizational measures proportionate to risk, including access controls, encryption in transit (e.g., TLS/SSL), logging, and monitoring. No system is perfectly secure; we will take reasonable steps to notify you of significant breaches as required by law. Data are retained for as long as necessary to provide the Services, comply with obligations, resolve disputes, and enforce agreements; thereafter data are deleted or irreversibly anonymized.
7) Your choices and rights
Access and update. You may access or update certain profile data via the account settings.
Deactivate or delete. You may request account deactivation or deletion. Deactivation does not itself delete historical data; deletion requests are honored subject to legal retention requirements.
Restriction and objection. In certain cases you may request that we restrict or stop processing where we lack appropriate grounds, or withdraw consent for processing that relies on consent.
Portability. We can provide an electronic copy of basic account information in a portable format where technically feasible.
Marketing opt-out. You may opt out of promotional communications via unsubscribe links, account settings, or by contacting us. Transactional communications will continue.
Cookies and DNT. You can control cookies via browser settings; essential cookies may be required for core functionality. At this time, services do not respond to “Do Not Track” signals due to lack of a standard.
Supervisory authority. You may lodge a complaint with your local authority. In Slovakia: Úrad na ochranu osobných údajov SR, Hraničná 12, 820 07 Bratislava 27, www.dataprotection.gov.sk.
Requests may be limited where fulfilling them would infringe others’ rights or contravene legal obligations. When services are administered by your organization, please contact your administrator first.
8) Mobile app permissions
Android (illustrative listing):
- ACCESS_FINE_LOCATION: Required to obtain precise GPS location for tracking and routing.
- READ_PHONE_STATE: Determines connectivity status; device identifiers may be compared transiently for filtering or anti-abuse; identifiers are not stored in the app.
- GET_ACCOUNTS: Used to connect to the account present on the device for authentication; contacts content is not accessed.
- WRITE_EXTERNAL_STORAGE: Used to cache data and create backups of recorded tracks on-device; no media libraries are read.
iOS (illustrative listing):
- Location (Always / When In Use): Required to create tracks, show your position on maps, and enable background tracking.
- Motion & Fitness: Used for motion detection to improve trip detection.
Exact permissions and their on-screen disclosures are presented in the app stores and device prompts.
9) Notice to end users (organizational accounts)
If your access is provisioned by an organization (e.g., your employer), that organization administers the Service and may control account-level settings (e.g., team membership, vehicle assignment, certain data retention parameters) consistent with applicable law and internal policies. Some administrative capabilities are listed in the backend provider’s notice to end users.
10) Children’s privacy
The Services are not directed to persons under 18 years of age, and we do not knowingly collect personal data from them without verifiable parental or legal guardian consent. If a child uses a device associated with an account holder, data related to that use are treated as the account holder’s data.
11) Third-party software and services
Our backend provider integrates certain third-party services. The following links summarize their privacy terms (subject to change by the respective providers):
- Legal Agreements for PayPalTM Services
https://www.paypal.com/sk/webapps/mpp/ua/privacy-full - Cloud provider Privacy Statement
https://www.digitalocean.com/legal/privacy-policy/ - Google Privacy Policy
https://policies.google.com/privacy - Bootstrap – GitHub Inc. Privacy Policy
https://help.github.com/articles/github-privacy-statement/ - OpenStreetMap Foundation Privacy Policy
http://wiki.openstreetmap.org/wiki/Privacy_Policy - MapQuest, Inc.Terms of Use
https://www.verizon.com/about/privacy/mapquest - HERE maps
https://legal.here.com/en-gb/privacy - All other marks mentioned may be trademarks or registered trademarks of their respective owners.
These references are provided for transparency and reflect integrations disclosed by the backend provider. mycartracks.com
12) Cookies and similar technologies (web)
Our websites may use strictly necessary cookies for security and core functions and, where lawful, analytics or performance cookies. You can manage preferences via your browser. Some features may not function without essential cookies. Web beacons (tracking pixels) may also be used.
13) Governing law
For the controller AQUNAMA (BIZ4EXIT s. r. o.), this Policy and any disputes arising from it are governed by the laws of the Slovak Republic and applicable EU law, without prejudice to mandatory consumer protection rules in your country of residence. Note that Slash Idea’s own website terms identify a different governing law for disputes with Slash Idea; that does not alter AQUNAMA’s controller obligations to you.
14) Changes to this Policy
We may update this Policy from time to time. Material changes will be communicated via the website, the app, dashboard notices, or email prior to the effective date where required. The “Effective date” at the top indicates the latest version.
15) Contact
- Controller: BIZ4EXIT s. r. o., Adamiho 24, 841 05 Bratislava, Slovakia, IČO 51302632, start@aqunama.com
- Backend provider: Slash Idea s.r.o., Mochovská 38, 934 05 Levice, Slovak Republic, contact@mycartracks.com (for issues specific to the MyCarTracks platform).