support@bizztrack.eu
Flag en
English
Flag fr
Français
Flag nl
Nederlands
Flag de
Deutsch
Flag pt
Português
Logo Bizztrack
GDPR Policy

/

GDPR Policy

Geolocation Data Retention and Access Policy

Version 1.0 - applicable from 01/06/2026

1. Purpose of the policy

This policy defines the rules applied by BizzTrack International Sàrl, a company established in Luxembourg, concerning the collection, retention, access and deletion of geolocation data processed via its fleet tracking and vehicle management platform.

It aims to ensure compliance of these processing operations with Regulation (EU) 2016/679 (GDPR) and the guidelines of national data protection authorities:

  • the CNPD (Luxembourg)
  • the APD (Belgium)
  • the CNIL (France)

2. Roles and responsibilities

  • The client (user company) acts as data controller, within the meaning of Article 4.7 of the GDPR. They determine the purposes and means of processing geolocation data.
  • BizzTrack International Sàrl acts as data processor (Article 28 of the GDPR), processing data on behalf of the client and according to their documented instructions.

Each party undertakes to comply with their respective obligations regarding data protection.

3. Nature of processed data

The data collected and processed includes in particular:

  • GPS coordinates of vehicles
  • technical identifiers of installed devices
  • temporal data (date, time, duration, speed, stops)
  • indirect identification of a driver via the assigned vehicle

This data may constitute personal data when it allows for direct or indirect identification of an employee.

4. Processing purposes

Geolocation data is processed exclusively for the following purposes:

  • fleet management and logistics optimization
  • vehicle and personnel safety
  • tracking of working time and professional mileage
  • billing or service control
  • production of activity or attendance reports
  • evidence in case of dispute, accident or theft

No use for permanent staff monitoring is authorized.

5. Retention period for nominative data

In accordance with the GDPR minimization principle (art. 5 §1 e), the following periods apply:

Data type Maximum nominative access period Measures applied after expiration
Raw geolocation data 2 months Automatic deletion or pseudonymization
Nominative data used for evidentiary purposes (disputes, claims) Up to 12 months Restricted archiving, access on written request
Derived data (hourly reports, activity sheets, aggregated statistics) Up to 2 years Secure archiving

6. Standard client access

By default, clients have online access to 2 months of nominative history per vehicle.

This access corresponds to the period considered proportionate by European authorities (CNPD, CNIL, APD).

7. Exceptional access to historical data

A client may exceptionally request the return of data beyond 2 months, under the following conditions:

  • The request must be justified in writing (dispute, claim, administrative control, etc.).
  • The request is archived and tracked in BizzTrack International's internal GDPR register.
  • The data is temporarily restored and transmitted in secure format (PDF report or CSV export).
  • No extended availability is provided in the online interface.

This data is provided on an exceptional basis, under the client's responsibility, who must ensure that its use complies with applicable legislation (Labor Code, GDPR, social law).

8. Permanent extension of history duration

Some clients may request extended access (up to 6 or 12 months) for legitimate operational reasons.

This extension is subject to conditions:

  1. A written justification is provided by the client
  2. An amendment to the subcontracting agreement specifies the extended duration, purpose and purging procedures
  3. Extended access is reserved for authorized persons
  4. Employees must be informed by the employer of this exceptional retention period

Important: Case of France

French legislation (CNIL, deliberation no. 2015-165) does not authorize permanent nominative access beyond 2 months, except for evidentiary use limited to 1 year.
Any request for nominative access exceeding 2 months in France will therefore be refused, except for written legal or judicial justification.

9. Retention and anonymization

The data is:

  • Nominative during the authorized access period (2 months)
  • Pseudonymized beyond that (replacement of license plates and identifiers by a technical code)
  • Permanently anonymized at the end of the maximum retention period (removal of any link to a vehicle or person)

Anonymized data may be retained for statistical, technical or research purposes, outside the scope of the GDPR.

10. Security measures

BizzTrack International implements:

  • Secure hosting within the European Union
  • Restricted and authenticated access
  • Encryption of data flows and backups
  • An automatic purging and anonymization system beyond defined deadlines

11. Client obligations (data controller)

The client undertakes to:

  • Inform their employees of the purpose, duration and scope of the system
  • Collect necessary consents where applicable
  • Limit internal access to authorized persons only
  • Comply with maximum periods provided by their country's legislation

12. Traceability and audits

BizzTrack International keeps track of:

  • Exceptional access requests (>2 months)
  • Reports provided to the client

This information may be presented to the CNPD, CNIL or APD in case of inspection.

13. Contact and DPO / GDPR Referent

Any question regarding this policy or the exercise of GDPR rights can be addressed to:

14. Revisions

This policy may be updated at any time to take into account:

  • The evolution of internal practices
  • Recommendations from supervisory authorities
  • The evolution of regulations in the concerned countries (Luxembourg, Belgium, France)

The current version is and will always remain accessible via the BizzTrack International website (accessible via the footer). BizzTrack International undertakes to communicate in a timely manner to its clients any changes in the policy for managing their data.