Privacy Policy

Privacy Policy

Protecting Your Personal Information

Section 1 – Introduction.

Protecting consumer privacy is important to Tomer Solutions Ltd. (“Tomer”, “we”, “us”, or “our”). This Privacy Policy explains how Tomer collects, uses and discloses information about you. This Privacy Policy applies to information we collect when you use our websites, desktop/mobile applications, and other products and services (collectively, the “Services” or “Applications”) or when you otherwise interact with us whether in electronic, paper or verbal format.

For the avoidance of doubt, this Privacy Policy does not apply to data collected by our clients who use our Services to track their employees’ time and schedule. If data is collected and processed by our client or its website, the client controls such data. Please contact the owner or operator of the applicable website directly for information about its privacy policies and how it processes personal data.

Tomer is based in Jamaica and the information we collect is governed by Jamaican laws. By accessing or using the Services or otherwise providing information to us, you consent to the processing and transfer of information in and to Jamaica and other countries. We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in some cases, we may provide you with additional notice (such as by adding a statement to our websites or by sending you a notification). You should review the Privacy Policy whenever you access the Services to stay informed about our information practices and the ways you can help protect your privacy.​

Tomer values and respects the privacy of individuals and as a result we have updated our Privacy Policy to align with applicable data protection legislation (including the European General Data Protection Regulation (Regulation (EU) 2016/679) and the Privacy Act 2001 (Cth)) and any other legislation in force which applies relating to either or both privacy or the handling of personal data (the “Data Protection Legislation”).

This Privacy Policy aims to clearly outline our policies and procedures for collecting, using, storing and disclosing personal data of individuals. All of the different forms of data, content, and information described in this Privacy Policy are collectively referred to as “personal data”.

Tomer’s service offering involves providing organizations and individuals within those organizations with access to and use of the Services through their devices (any device used to access the Applications, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device (each a “Device”)). By using the Services, you agree to Tomer’s collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with such collection, use and disclosure of your personal information, please do not use the Services.

This Privacy Policy explains what we do with your personal data when:​

  • Your organization signs up for the Services and you access the Applications using a business account via our website (www.tomersolutions.com), (www.tomersolutions.com)subdomain (*.tomersolutions.com), through applications on Devices, through an application program interface, or through third-parties (collectively, the “Application Users”);
  • You leave your organization and cease to access the Applications using a business account attached to your organization (“Former Application User”);
  • You visit our website (www.tomersolutions.com) and subdomain (app.tomertransport.com) (the “Website”) while browsing the internet (collectively, the “Website Users”); and
  • You call or receive a call from our customer service team or sales team for any purpose (“Phone User”).

If you are an Application User, our primary purpose for using your personal data is to provide the Services to your organization. When we use your personal data to allow you to access and use the Applications, we do so on the instructions of your organization and on behalf of your organization. This makes us a “data processor” for the purposes of the Data Protection Legislation. However, there may be certain circumstances under which we use your personal data for purposes that are not on behalf of your organization or in accordance with instructions of your organization, for example, where we need to use it for our own purposes. Under these circumstances, we are a “data controller” for the purposes of the Data Protection Legislation. Please see Section 4 for more information.

If you are a Former Application User, we may retain your personal data to maintain a limited version of your business account profile and for our own purposes, for example, where we wish to offer you Services which we think you may be interested in. This makes us a “data controller” for the purposes of the Data Protection Legislation. Please see Section 4 for more information.

If you are a Website User, we use your information for our own purposes. This makes us a “data controller” for the purposes of the Data Protection Legislation. Please see Section 4 for more information.

​If you are a Phone User, we may record your call for our own purposes. This makes us a “data controller” for the purposes of the Data Protection Legislation. Please see Section 4 for more information.

Section 2: What kind of information do we collect?

(a) Application Users: We need to use personal data about you in the course of providing the Services to your organization and for ancillary purposes set out in this Privacy Policy. Depending on the relevant circumstances and requirements, we may collect some or all of the personal data listed below to help us with this:​

  • Name
  • Phone number
  • Credit card details or other billing information
  • Email address
  • Home and business physical addresses
  • Photos for profile and Facial Recognition use
  • Social networking information (if we are provided with access)
  • Any further personal data contained in any files that you upload, download, or create (“Files”) within the Applications
  • Log data from your Device, its software, and your activity using the Applications including the Device’s Internet Protocol (“IP”) address, browser type, locale preferences, geo-location information, identification numbers associated with your Device, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files (as defined below), and other interactions with the Applications.

(b) Former Application Users: We will retain the personal data listed below:

  • Name
  • Phone number
  • Credit card details or other billing information (if you were the primary account holder in relation to your business account)
  • Email address
  • Home and business physical addresses
  • Photos for profile and Facial Recognition use
  • Any further personal data contained in any files that you uploaded, downloaded, or created (“Files”) within the Applications
  • Log data from your Device, its software, and your activity when you used the Applications including the Device’s IP address, browser type, locale preferences, geo-Location Information, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the Applications.

(c) Website Users: We collect a limited amount of personal data from our Website Users which we use to help us improve your experience when using our Website and to help us manage the Services we provide. This includes log data such as your Device’s IP address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information and other interactions with the Website. If you contact us via the website (including via any chat widget), we will collect any information that you provide to us, for example your name and contact details.

(d) Phone Users: We may record phone calls for quality and training purposes. During the course of the phone call we will collect limited categories of personal data including name, phone number, and email address to assist us in confirming the identity of the caller.

Section 3: How do we collect your personal data?

(a) Application Users: We collect your personal data in three primary ways:

  • Personal data that you provide to us;
  • Personal data that we receive from your organization and other sources; and/or
  • Personal data that we collect automatically.

(b) Personal data you give to us:

  • Where you provide personal data to us when you use the Applications;
  • Where you contact us via the Applications; and/or
  • Where you upload, download, or create Files within the Applications.

(c) Personal data we receive from your organization and other sources:

  • Where we receive personal data about you from your organization; and/or
  • Where we receive personal data (for example, your email address) through other Application Users, if they have invited you to their Tomer account

(d) Personal data that we collect automatically:

  • When you use the Applications, where we automatically record personal data in the form of log data from your Device, its software, and your activity using the Applications; and/or
  • Where we collect your personal data automatically via cookies, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see Section 11.

(e) Former Application Users: We will have collected your personal data during the period that you were an Application User in the manner described above.

(f) Website Users: When you visit our Website there is certain personal data in the form of log data that we may automatically collect, whether or not you use the Applications. We also collect some limited personal data automatically via cookies, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see Section 11.

(g) Phone Users: As set out in Section 2 above, we collect a limited amount of personal data from a Phone User. We may record phone calls for quality and training purposes.
The Applications may contain links to other sites. Tomer is not responsible for the privacy practices or the content of such websites.

Section 4: How do we use your personal data?

(a) Application Users: Our primary purpose for using your personal data is to provide the Services to your organization. When we use your personal data to allow you to access and use the Applications, we do so on the instructions of your organization and on the behalf of your organization. This makes us a “data processor” for the purposes of the Data Protection Legislation. Activities that we may carry out on this basis include:

  • Allowing you to access and use the Applications;
  • Providing you with assistance (including technical assistance) in relation to your use of the Applications;
  • Personalizing and optimizing your experience of the Applications and providing you with software updates; and
  • Ensuring compliance with the terms of our agreement with your organization.

There may be certain circumstances under which we use your personal data for purposes that are not on behalf of your organization or in accordance with instructions of your organization. Under these circumstances, we are a “data controller” for the purposes of the Data Protection Legislation. Activities that we may carry out on this basis include:

  • Making announcements to you regarding our products and service offerings (see Section 5 below);
  • Providing you with any service offering outside of the Applications directly;
  • Ensuring compliance with our own obligations under applicable law and regulations;
  • Using your personal data to help us to establish, exercise or defend legal claims; and
  • Analyzing log data/user statistics with the aim of improving the Applications for all Application Users.

We may use your personal data for these purposes if we have a legal basis for doing so. If you would like to know more about what this means, please see Section 12. If you are not happy about this, in certain circumstances you have the right to object and can find out more about how and when to do this in Section 9.

(b) Former Application Users: If we retain your personal data once you have left your organization and cease to use your Tomer Account for our own purposes, we are a “data controller” for the purposes of the Data Protection Legislation. Activities that we may carry out on this basis include:​

  • Making announcements to you regarding our products and service offerings (see Section 5 below);
  • Providing you with any service offering outside of the Applications directly;
  • Ensuring compliance with our own obligations under applicable law and regulations; and
  • Using your personal data to help us to establish, exercise or defend legal claims.

​We may use your personal data for these purposes if we have a legal basis for doing so. If you would like to know more about what this means, please see Section 12. If you are not happy about this, in certain circumstances you have the right to object and can find out more about how and when to do this in Section 9.

(c) Website Users: We use your personal data to help us improve your experience of using our Website. This makes us a “data controller” for the purposes of the Data Protection Legislation.

(d) Phone Users: We use your personal data to help assist with questions about the Applications. This makes us a “data controller” for the purposes of the Data Protection Legislation.

Information and data gathered solely by Tomer through the Applications will never be sold, traded or shared with third-parties for any reason other than for assisting Tomer in its analysis, research, promotional needs, and responses to compliments and complaints.

Section 5: Marketing.

If you are an Application User or a Former Application User, we may wish to use your personal data in order to let you know about, and invite you to participate in, our products and service offerings. We need your consent for some aspects of these activities which are not covered by our legitimate interests (in particular, the delivery of direct marketing to you through digital channels) and, depending on the situation, we’ll ask for this via an opt-in or soft opt-in (which we explain further below).

Soft opt-in consent is a specific type of consent which applies where you have previously engaged with us (for example by signing up to the Applications or requesting more information about our service offerings), and we are marketing service offerings similar to those you have previously engaged with us above. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt out. For other types of e-marketing, we are required to obtain your explicit consent.

We will not, as a matter of course, seek your consent when sending marketing materials to a corporate email address. If you are not happy about this, you have the right to opt out of receiving marketing materials from us and can find out more about how to do so in Section 9. If you want to know more about how we obtain consent, please see Section 12. If you are not happy about our approach to marketing, you have the right to withdraw your consent at any time and can find out more about how to do so in Section 9.

Section 6: Information Sharing and Disclosure.

Where appropriate and in accordance with applicable laws and requirements (and where we use your personal data as a data processor on behalf of and under the instructions of your organization in accordance with our obligations under our agreement with your organization), we may share your personal data in the following ways:​

  • Your Use: We will display your personal data on your profile page and this may be accessed by other persons to whom you are connected within your organization depending on their access level.
  • Service Providers, Business Partners and Third Parties: We may use certain trusted third party companies and individuals to help us provide, analyze, and improve the Applications (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improving the features of the Applications). These third parties may have access to your personal data only for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy.
  • Other Service Providers, Business Partners and Third Parties: We may share your personal data with our agents or third-party service providers (including professional advisers and telecommunication service providers) which require your personal data to provide their services to Tomer. Such agents and third-party service providers will not be permitted to use your personal data for any other purpose.
  • Third-Party Applications: We may share your information with a third-party application with your consent, for example, when you choose to access Tomer through such an application. We are not responsible for what those parties do with your information, so you should make sure you trust the application and that it has a privacy policy acceptable to you before allowing this feature to be employed.
  • Compliance with Laws and Law Enforcement Requests: We may disclose to parties outside Tomer files stored in the Applications and personal data about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; or (b) to protect Tomer’s intellectual property rights. If we provide your Files to a law enforcement agency as set forth above, we will remove Tomert’s encryption from the files before providing them to law enforcement.
  • Business Transfers: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction, but we will notify you and/or your organization (for example, via email and/or a prominent notice on our website) of any change in control or use of your personal data or Files, or if either become subject to a different privacy policy.
  • Non-private or Non-Personal data: We may disclose your non-private, aggregated, or otherwise non-personal data, such as usage statistics of the Applications.

Section 7: How do we safeguard your personal data?

We are committed to taking all reasonable and appropriate steps to protect the personal data that we hold from misuse, loss, destruction or unauthorized access. We do this by having in place a range of appropriate technical and organizational measures. These include measures to deal with any suspected data breach. If you enter payment details onto our payment pages, we encrypt the transmission of that information using secure socket layer technology (SSL) which is PCI DSS compliant.

However, the safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services and Applications, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Services and Applications like message boards. The information you share in public areas may be viewed by any Website User or Application User.

Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although Tomer does its best to protect your personal data, we cannot guarantee the security of your personal information transmitted through our Services or Applications. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures we provide.

Section 8: How long do we keep your personal data?

​We will not keep your personal data for longer than we are permitted to do so under our agreement with your organization or as is necessary for the purposes for which we have collected it unless we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements.

When we are no longer permitted under our agreement with your organization or it is otherwise no longer necessary to retain your personal data, we will delete the personal data that we hold about you from our systems. While we will endeavour to permanently erase your personal data once it reaches the end of its retention period, some of your personal data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.

Section 9: How can you access, amend, or take back the personal data?

​Tomer recognizes that Customer Data may include the Personal Data of Authorized Users based in the European Union to which the Data Protection Legislation applies. The obligations under Section 9 shall only apply to the parties where the Data Protection Legislation is engaged in respect of Tomer’s processing of Personal Data of Authorized Users in the European Union.

You have various rights in relation to the personal data that we hold about you. To get in touch about these rights, please contact us or your organization. If you are an Application User and you wish to make a request in relation to our use of your personal data for the purposes of providing the Services to your organization (and in respect of which we are a data processor), please contact your organization in the first instance to handle your request. If you contact us, we will refer your request to your organization. If you are an Application User and you wish to make a request in relation to our use of your personal data which is unconnected to your organization or you are a Former Application User or a Website User, please contact us and we will handle your request. The Data Protection Legislation gives you the following rights in relation to your personal data:​

  • Right to object: this right enables you to object to us processing your personal data
  • Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, sharing your information with a third party application), you may withdraw this consent at any time and we will cease to carry out that particular activity that you previously consented to unless we consider that there is an alternative legal basis to justify our continued processing of your personal data for this purpose, in which case we will inform you of this condition.
  • Data Subject Access Requests (DSAR): You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. You may also request a copy of the information we hold about you by emailing us at [email protected].
  • Right to erasure: You have the right to request that we “erase” your personal data in certain circumstances. We will try to delete your personal data quickly upon request and if desired make it available to you. While we will endeavour to permanently erase or return your personal data upon request, some of your personal data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this personal data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again. We may retain and use your personal data if we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements. If you are an Application User connected with an organization, we will not delete or edit your personal data without the approval of your organization.
  • Right to restrict processing: You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
  • Right to rectification: You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you, including by means of providing a supplementary statement. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties to whom we have disclosed the inaccurate or incomplete personal data. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
  • Right of data portability: If you wish, you have the right to request that we transfer your personal data to another third party. To allow you to do so, we will provide you with your personal data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the personal data for you. This right of data portability only applies to certain types of personal data.
  • Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

Section 10: How do we store and transfer your personal data?

Tomer is a Jamaica-based company that operates globally. The information we collect about you, as described in this Privacy Policy, may be accessed, processed, stored in or transferred to countries that may not have the same data protection laws as the country in which you reside, such as the United States of America, India and the Philippines. We assess the circumstances involving all cross-border data transfers and have suitable safeguards in place to require that your Personal Information will remain protected in accordance with this Privacy Policy. If you are based within the EU we will only process and/or transfer data outside of the European Economic Area or EEA (i.e., the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with Data Protection Legislation and the means of transfer provides adequate safeguards in relation to your personal data.

Section 11: Cookies.

We also use “cookies” to collect information and improve our Services. A cookie is a small data file that we transfer to your Device. We may use “persistent cookies” to save your registration ID and login password for future logins to the Service. We may use “session ID cookies” to enable certain features of the Service, to better understand how you interact with the Service and to monitor aggregate usage and web traffic routing on the Service. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of the Application.

Online Tracking: We may use internal and external analytic and product platforms to better understand usage patterns on our website so that we can improve the design and usability of our products. Some web browsers may transmit “do-no-track” signals to websites with which the browser communicates. Our website does not currently respond to these “do-not-track” signals.

Section 12: Legal basis for us processing your personal data.

Where we process your personal data as a data processor on behalf of and under the instructions of your organization, your organization is responsible for ensuring that there is a legal basis for us processing your personal data on their behalf.

Where we process your personal data as a data controller, we need to ensure that there is a legal basis to justify our processing of your personal data. There are a number of different ways that we are lawfully able to process your personal data. We have set these out below.

Where processing your personal data is necessary for us to carry out our obligations arising from any contracts entered into between you and us:​

  • We process certain personal data where it “is necessary for the performance of a contract to which you are a party.”
  • If you enter into a contract with us in relation to any service offerings outside of the Applications, we may process certain personal data about you in order to perform our obligations under this Privacy Policy.

Where processing your personal data is within our legitimate interests:​

  • We can process certain personal data where it “is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
  • We may process your personal data for the purposes of our legitimate interests to enforce the terms of our website and to analyze log data/user statistics to improve the Applications for all Authorized Users.

Where you give us your consent to process your personal data:​

  • In certain circumstances, we will seek to obtain your opt-in consent before we undertake certain processing activities with your personal data.
  • We will obtain your opt-in consent prior to sharing your personal data with third party applications and carrying out certain marketing activities.
  • As and when we introduce these particular processing activities, we will provide you with more information so that you can decide whether you want to opt-in.
  • You have the right to withdraw your consent to these activities. You can do so at any time, and details of how to do so can be found above at Section 9.

We do not think that any of the above activities prejudice you in any way. However, you do have the right to object to us processing your personal data in certain circumstances. If you would like to know more about these circumstances and how to object to our processing activities, please see Section 9.

Section 13: Who is responsible for processing your personal data.

If you would like further information about how we handle your personal data, if you have any concerns regarding this Privacy Policy or if you wish to exercise your legal rights, please contact [email protected]. Please outline to us your concerns and our legal team or Tomer representative will be in touch to discuss the matter.

Section 14: Copyright Ownership.

Tomer retains full copyright ownership, rights and protection in all materials contained in the Applications.