Whether you operate in the United States or Europe, Samsara has you covered. We support compliance with GDPR and CCPA requirements, among others.
European Union: Samsara supports compliance with the GDPR. The EU General Data Protection Regulation (GDPR), effective 25 May 2018, is a regulation that strengthens data protection for all individuals in the European Union (EU). The GDPR places requirements on the way organisations and companies must collect, store, and process personal data. It also addresses the movement of such personal data outside the EU, and stipulates the controls and safeguards which must be in place to do so.
As a complete telematics solution, Samsara products must sometimes collect, store, and use an array of personal data, including video footage. When designing and improving our products and features, Samsara has carefully considered data protection in order to help ensure personal data is processed in accordance with its legal requirements. Data is therefore processed in a transparent way and is retained only as is necessary, with appropriate safeguards in place to secure and protect it.
Under the GDPR, Samsara will serve as the data processor in our customer relationships in order to process personal data provided by the customer. Under our agreements, customers will always have the power and control over their data. Within our products, Samsara also provides certain functionality to help customers with their compliance with applicable legal requirements.
Samsara has always believed in the importance of securely and thoughtfully handling customer data and will continue to protect customer data in accordance with all applicable legal requirements, including the GDPR.
For more information about how Samsara supports compliance with the GDPR in your region, please contact your representative for access to our privacy white papers for the United Kingdom and Ireland, Netherlands, Germany, France and Spain. If you do not have a representative, please contact firstname.lastname@example.org or reach out through our website.
When we process personal information provided by our customers, Samsara acts as a “service provider” (as defined under the CCPA). In that capacity, we only process and transfer the personal information of our customers and our customers’ end-users for the purpose of performing our rights and obligations under our existing contract(s) with our customers and for no other commercial purpose.
Samsara’s products are designed to help customers balance their business needs against privacy needs. Our hardware and software products include customizable control measures, features and tools to protect customer data.
Samsara’s commitment to privacy is reflected in our products’ features and your ability to customize many of our products to fit your specific needs and country-specific regulations. For example, Samsara dashcams enable strong privacy controls for customers to utilize, including:
Limited data captured and uploaded: Only ‘harsh event’ video (20 seconds before/after) and video specifically requested by a customer is stored on the cloud / available in the dashboard;
Limited data retention: a maximum of only 24 to 40 hours of recorded footage is available on any dashcam, with customizable data-retention features for footage sent to the cloud (default is 6 months);
Restricted data access: Customers can set permissions so videos may be viewed only on a need-to-know basis (for example,a customer may restrict viewing permissions to safety managers);
Strong security: Samsara uses industry standard standards and protocols to protect data in transit (including TLS 1.2 and 256 AES encryption) and at rest (including FIPS 140-2 compliant encryption standards);
Physical lens caps: to cover either inward-facing lens only or inward- and outward-facing lenses.
EU data center: EU-customers’ data is all stored in Ireland using Amazon AWS, which is rated as the leader in cloud security by research firm Forrester.
We have materials to help support customers in their use of our products in order to stay compliant with local laws. Please reach out to your representative for more information and we would be happy to provide them to you. If you are not in contact with a representative, please fill out a form or contact email@example.com and we will connect you with the right person.
Samsara is committed to transparency around how we hold and use personal data. Company-wide policies, contractual terms and other safeguards emphasize our responsibility to protect customer data and to stay compliant with the law.
DPA: Under the GDPR, Samsara will serve as the data processor for our customers, who in turn act as the data controller.
To learn more about how Samsara processes customer data as part of this controller-to-processor relationship and our customer contracts, please see our DPA here.
Privacy Shield: To comply with EU data protection legislation on international data transfer mechanisms, we self-certify under the EU-US Privacy Shield and the Swiss-US Privacy Shield as set by the U.S. Department of Commerce. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union, UK and Switzerland to the United States.
DPIA: The GDPR requires organisations to undertake a data protection impact assessment (DPIA) where using new technologies is likely to result in a high risk to individuals. Samsara can provide supporting materials to help demonstrate your compliance with carrying out such DPIAs where you believe they are required before using our products.
Marketing Communications: Samsara collects personal data for marketing purposes only pursuant to GDPR and other applicable local laws. Marketing communications are easily opted out of at any time via this page or through the unsubscribe feature on our emails.
Protecting our customers’ privacy and respecting confidential information is fundamental to our core values. Samsara products are built from the ground up with security and privacy in mind. As part of our commitment to privacy and security, we’ve adopted the highest standards and also conduct regular audits pursuant to the Service Organization Controls (SOC 2) reporting process to ensure our customers’ data is safe and available.