Privacy Policy – Tracktor

Last updated: September 29, 2025

Tracktor is committed to protecting the privacy and personal data of its users (customers, suppliers, and partners).
This policy explains what data we collect, why, how we use it, and what your rights are.

1. Data Controller

The data controller is:
Tracktor SAS – 6 rue Saint Sabin, 75011
Contact: idir.asa@tracktor.fr

2. Data Collected

We collect and process different categories of data, depending on your role (Customer or Supplier):

• Identification Data: first name, last name, email address, phone number, company, role.

• Connection Data: identifiers, encrypted passwords, access logs, OAuth2 tokens.

• Order and Billing Data: booking histories, rented items, reported incidents, invoices and payments.

• Data Related to Sites and Equipment: condition reports, associated documents (VGP, certificates, purchase orders), possible geolocation of equipment.

• Shared Files and Documents: photos, notes, certificates, estimates, invoices.

• Technical Data: application logs, IP addresses, type of device and browser.

3. Purposes of Processing

Your data is processed for:

• Providing access to and the proper functioning of Tracktor applications (Web Client, Mobile Client, Web Supplier).

• Managing the lifecycle of orders (creation, execution, return, billing).

• Ensuring the traceability of operations (condition reports, incidents, validations).

• Facilitating communication between customers and suppliers.

• Complying with our legal obligations (billing, accounting, security).

• Improving our services (usage statistics, user feedback).

4. Legal Basis

Processing is based on:

• The execution of the SaaS service contract (access to applications, management of orders).

• Compliance with legal obligations (billing, document retention).

• Legitimate interest (continuous improvement, fraud prevention).

• Consent (notifications, marketing communications).

5. Data Sharing

Your data may be shared with:

• Suppliers and partners related to your orders (for the provision and billing of equipment).

• Technical subcontractors (cloud hosting, support, maintenance).

• Legal or tax authorities, in the event of a legal obligation.

We never sell your personal data.

6. Hosting and Security

• Data is hosted in the European Union [to specify if Cloud provider → e.g. AWS, GCP, OVH].

• Access is secured by authentication (OAuth2), logging, and permission controls.

• Passwords are encrypted, and exchanges are encrypted via HTTPS/TLS.

7. Retention Period

• Account data: retained as long as the user has active access.

• Order and billing data: up to 10 years (legal accounting obligation).

• Technical logs: up to 12 months maximum.

• Shared documents (certificates, vouchers, invoices): according to legal and contractual requirements.

8. Your Rights (GDPR)

In accordance with the GDPR, you have the following rights:

• Right to access, rectify, and delete.

• Right to limit or object to processing.

• Right to data portability.

• Right to withdraw your consent at any time.

To exercise your rights: contact us at [GDPR email]. You can also file a complaint with the CNIL.

9. Cookies and Tracking

Our applications use cookies and similar technologies for:

• Authenticating user sessions.

• Measuring usage and improving the experience.

• Managing preferences and languages.

You can manage your preferences from your browser.

10. Changes

We may update this policy. Any changes will be communicated via our applications or by email.