The EU General Data Protection Regulation (GDPR), effective 25 May 2018, is a regulation that strengthens data protection for all individuals in the European Union (EU). The GDPR places requirements on the way organisations and companies must collect, store, and process personal data. It also addresses the movement of such personal data outside the EU, and stipulates the controls and safeguards which must be in place to do so.
As a complete telematics solution, Samsara products must sometimes collect, store, and use an array of personal data, including video footage. When designing and improving our products and features, Samsara has carefully considered data protection in order to help ensure personal data is processed in accordance with its legal requirements. Data is therefore processed in a transparent way and is retained only as is necessary, with appropriate safeguards in place to secure and protect it.
Under the GDPR, Samsara will serve as the data processor in our customer relationships in order to process personal data provided by the customer. Under our agreements, customers will always have the power and control over their data. Within our products, Samsara also provides certain functionality to help customers with their compliance with applicable legal requirements.
Samsara has always believed in the importance of securely and thoughtfully handling customer data and will continue to protect customer data in accordance with all applicable legal requirements, including the GDPR.
For more information about how Samsara supports compliance with the GDPR in your region, please contact your representative for access to our privacy white papers for the United Kingdom and Ireland, Netherlands, Germany, France and Spain. If you do not have a representative, please contact firstname.lastname@example.org or reach out through our website.
Samsara’s products are designed to help customers balance their business needs against privacy needs. Our hardware and software products include customizable control measures, features and tools to protect customer data.
Samsara’s commitment to privacy is reflected in our products’ features and your ability to customize many of our products to fit your specific needs and country-specific regulations. For example, Samsara dashcams enable strong privacy controls for customers to utilize, including:
Limited data captured and uploaded: Only ‘harsh event’ video (10 seconds before/after) and video specifically requested by a customer is stored on the cloud / available in the dashboard;
Limited data retention: only 40 to 60 hours of recorded footage is available on any dashcam by default, with customizable data-retention features for footage sent to the cloud (default in EU is 6 months);
Restricted data access: Customers can set permissions so videos may be viewed only on a need-to-know basis (for example, a customer may restrict viewing permissions to safety managers);
Strong security: Samsara uses industry standard standards and protocols to protect data in transit (including TLS 1.2 and 256 AES encryption) and at rest (including FIPS 140-2 compliant encryption standards);
Physical lens caps: to cover either inward-facing lens only or inward- and outward-facing lenses.
EU data center: EU-customers’ data is stored in Ireland using Amazon AWS, which is rated as the leader in cloud security by research firm Forrester.
We have materials to help support customers in their use of our products in order to stay compliant with local laws. Please reach out to your representative for more information and we would be happy to provide them to you. If you are not in contact with a representative, please fill out a form or contact email@example.com and we will connect you with the right person.
Samsara is committed to transparency around how we hold and use personal data. Company-wide policies, contractual terms and other safeguards emphasize our responsibility to protect customer data and to stay compliant with the law.
DPA: Under the GDPR, Samsara will serve as the data processor for our customers, who in turn act as the data controller.
To learn more about how Samsara processes customer data as part of this controller-to-processor relationship and our customer contracts, please see our DPA here.
Data Transfers: To comply with EU data protection legislation on international data transfer mechanisms, we self-certify under the EU-US Privacy Shield and the Swiss-US Privacy Shield as set by the U.S. Department of Commerce. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union, UK, and Switzerland to the United States. To the extent these frameworks are deemed invalid or no longer apply to Samsara, we agree to abide by and process your data in accordance with the European Commission approved Standard Contractual Clauses we include within our Data Protection Addendum to provide adequate protection for such personal data transfers.
DPIA: The GDPR requires organisations to undertake a data protection impact assessment (DPIA) where using new technologies is likely to result in a high risk to individuals. Samsara can provide supporting materials to help demonstrate your compliance with carrying out such DPIAs where you believe they are required before using our products.
Marketing Communications: Samsara collects personal data for marketing purposes only pursuant to GDPR and other applicable local laws. Marketing communications are easily opted out of at any time via this page or through the unsubscribe feature on our emails.
Protecting our customers’ privacy and respecting confidential information is fundamental to our core values. Samsara products are built from the ground up with security and privacy in mind. As part of our commitment to privacy and security, we’ve adopted the highest standards and also conduct regular audits pursuant to the Service Organization Controls (SOC 2) reporting process to ensure our customers’ data is safe and available.