Gatekeeper Systems Inc. Privacy Policy

PRIVACY POLICY

Effective as of 5/1/2025

I. Introduction

Gatekeeper Systems Inc., together with its subsidiaries (“we,” “us” or “our”), is a leading provider of intelligent video and data solutions designed to provide a safer transportation environment for children, passengers, and public safety personnel on multiple transportation modes. Our video and data solutions and our Platform-as-a-Service (PaaS) business model are enabling the transformation of transportation systems into intelligent transit and Smart Cities.

We know that you care how your personal information is collected and used. Your data privacy rights are important to us and this Privacy Policy (the “Privacy Policy” or “Policy”) is designed to inform you about our privacy policies and practices.

In Gatekeeper Systems Inc., we place the highest regard on the data privacy and security of our customers’ personal information. We value your privacy rights and have implemented a data privacy program that preserves the confidentiality, integrity, and availability of the personal information we process.

II. Scope of the Policy

The Policy applies to the personal information we process when you visit any Gatekeeper Systems Inc. websites (“Site” or “Sites”), when you use any Gatekeeper Systems Inc. Software Applications, systems and tools (“Applications”) or when you engage with us through any of our marketing activities, including any social media posts we create, and emails that we send (“Marketing”).

This Policy covers the disclosures that are required by the California Consumer Privacy Act as amended (CCPA),  the Florida Digital Bill of Rights, the Colorado Privacy Act of 2021 and other US state privacy laws,  Canada’s Personal Information Protection and Electronic Documents Act, Alberta and British Columbia’s Personal Information Protection Act (PIPA), Quebec’s Law 25 (Private Sector Act) (“Data Privacy Laws”) governing our processing of personal and sensitive personal information.

This Policy sets out how we collect, use, store, share, dispose, and protect your personal information as a Data Controller and a Data Processor.  We are a “Data Controller” under Data Privacy Laws when we process personal information relating to our Clients, potential Clients, business partners, our suppliers or service providers.  This is the case when you use our website.

We are a “Data Processor” under Data Privacy Laws when we use our technology to process personal information on behalf of our Clients and relating to our Clients’ consumers, drivers, passengers (including children and public safety personnel), and employees in the performance of our Services. When we process personal information in this capacity it will be set out in a written contract with our Clients, the Data Controller, and such Data Controller’s Privacy Policy would apply as opposed to this Privacy Policy.

We use some terms in this Privacy Policy that are unique to our business or our Services:

• “Personal Information or Personal Data” refers to information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
• “Sensitive Personal Information” varies depending on the applicable Data Privacy Laws. Generally, this includes information that could harm an individual if disclosed, this requires a higher level of security and protection and is subject to additional restrictions and regulations. It includes health, financial, biometric data, genetic data and other identifying information.
• “Processing” means any operations performed on personal information, including: collecting, storing, retrieving, consulting, analyzing, disclosing or sharing with someone else, erasing, or destroying personal data.
• “Client” refers to the companies and businesses who we contract with and avails of our Applications or Services.
• “Consumer” refers to the drivers, passengers (including children and public safety personnel) and employees of our Clients whose personal information we may handle on behalf of or upon the instructions of our Clients as part of or as needed by the Services we provide.
• “User” refers to individuals who are given access to the Applications we offer our Clients. They may be the Client’s drivers, representative, staff, employee or personnel.

III. Personal Information We Collect

We collect personal information from the categories of sources outlined below:

A. Directly From You

You may provide us with information through interactions such as customer service inquiries via email, phone, social media accounts, Site’s ‘Contact Us’ page, or through the use of our Applications:

• Personal identifiers: Name, phone number, email address, physical address, demographic information, time zone, user preferences, audio and video footages, cookies, and IP address, User ID and password,
• Company information: Company name, position, and company address.
• Device Data: Usage Data, Device Status collected automatically when using our Sites or Applications

B. From our Site

We utilize tools such as Google Analytics and Google Display Network Impression Reporting to analyze how visitors use our Site. For more information, see Google’s explanation at “How Google uses information from sites or apps that use our services.” We collect the following information from our Site:

• Device type and browser: Specifics about the device, operating system and browser you are using.
• Location data: Geographical location derived from the IP address.
• Interaction data: Sate and time of your visit, page you were visiting before you accessed our Site, pages viewed, links clicked and interactions on the site.
• IP addresses: These could be linked to your personal information.

Please check your browser if you want to learn what information your browser sends or how to change your settings. Although the information provided by your browser does not identify you personally, this data can be combined with other data to personally identify you.

C. From Our Clients

• We may collect the following personal information from our Clients as needed for us to perform our Services for them:
• Personal identifiers: Name, address, phone number, email address, company name, company phone number, company address, company phone number and any other information required of the Service.

IV. Our Purpose and Basis for Processing

Our use of your personal information under certain circumstances may be based on your consent, may be necessary to fulfill our contractual commitments to you or our Clients, or are necessary to serve our legitimate interests as provided below.

We only process personal information reasonably necessary to provide our Services and to carry out our operations, we use your personal information to:

• Serve You: We use your information to provide services you’ve requested, manage our Client account, send transaction details and documents, and support your needs efficiently. This includes responding to inquiries, addressing concerns, and fulfilling contractual obligations.
• Improve Our Services: We analyze usage patterns and feedback to enhance our Site, Applications and Services. This includes improving Site and Application navigation based on visitors’ activities and conducting system diagnostics to ensure functionality.
• Ensure Security: Your information helps us prevent fraud, detect security risks, and maintain the safety and quality of our services. This also includes activities necessary to upgrade or troubleshoot our systems and processes.
• Personalize Interactions and for Marketing: To communicate with you regarding services, activities, programs, promotions, services, products or other offers in which you have indicated an interest or to which you’ve subscribed and to contact you with information that may be of interest to you, send promotional messages and special offers including information on products, services available, contests or promotions, or business and industry information.
• Fulfill Legal Obligations: We process information to fulfill our legal responsibilities, conduct audits, enforce our agreements, and protect our lawful rights in legal proceedings. This includes complying with regulatory requirements and managing records.

Automated Processing and Decision Making

Our technology uses automated processing to conduct common video analytical tasks such as object identification, motion detection, or scene segmentation.  Automated processing is not used for decision making or profiling, and it is never used as the sole basis for any reported information.

Cookies

We also use “cookies” as a method to gain dependable and consistent traffic data. A “cookie” is a small piece of data that is sent to your browser from a web server and stored on your computer’s hard drive. They help us recognize your device, improve your browsing experience, and analyze how our Services are used. Other tracking technologies, such as pixels and local storage, may also be used and function similarly to cookies.

When you interact with our Site, Applications, emails, or advertisements, we (and third parties) may automatically collect technical information from your browser or device using cookies, pixels, web beacons, local storage, JavaScript, APIs, and similar technologies.

We use these technologies to:

• Personalize your experience and remember your preferences
• Analyze website traffic and user behavior
• Improve the performance and security of our services
• Deliver and measure targeted advertisements
• Prevent fraud and ensure system security

Most browsers allow you to block or delete cookies through their settings. Refer to your browser’s help section for instructions:

Chrome: Google Support

Firefox: Mozilla Support

Safari: Apple Support

Edge: Microsoft Support

To disable certain analytics cookies, you can use the browser controls discussed above or, for some of our providers, you can use their individual opt-out mechanisms, such as the Google Analytics Opt-Out.

If you choose not to accept these cookies, your experience at our Site and Applications may be diminished and some features will not work as intended.

Interest-Based Advertising

We may hire other companies to place our banner ads on other websites. Those companies may perform tracking and reporting activities on the ads they serve for us, as well as user reaction. They would not collect any information other than IP addresses and behaviors associated with those IP addresses on our behalf, and we will not give any personal information to them.  Third-party advertising servers are subject to their own privacy policies.  Our service providers are bound by contract to keep your personal information confidential and use it only to perform services on our behalf.

Do-Not-Track Disclosure

“Do Not Track” (“DNT”) is the concept that has been promoted by regulatory authorities for the internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.

Currently, various web browsers (Chrome, Firefox, Safari, Internet Explorer, Microsoft Edge) offer a DNT option that sends a signal to websites visited by the browser user about the user’s DNT preference. We do not recognize or respond to browser initiated Do Not Track (DNT) signals as a DNT standard has not been adopted to this day.

Our third-party partners, such as web analytics companies and third-party ad networks, may collect information about you and your online activities over time and across our Services and our Site. These third parties may not change their tracking practices in response to DNT settings in your web browser and we do not obligate these parties to honor DNT settings.

V. Disclosure of Your Personal Information

We generally do not directly sell your Personal Information in the conventional sense (for money). Like many companies, however, we do disclose Personal Information for internal business purposes or operational purposes of our business (servicing, quality improvement, fraud detection, security, legal), and we use services that help deliver interest-based ads to you or analyze our website traffic. Making personal information (such as online identifiers or browsing activity) available to these companies may be considered a “sale” under certain Data Privacy Laws.

The below chart summarizes the categories of personal and sensitive personal information we collect, from where we collect it, how we use it, and with whom we have shared it in the  past twelve (12) months.

DATA SUBJECT	CATEGORIES OF DATA COLLECTED	EXAMPLE DATA ELEMENTS	PURPOSES OF SHARING	CATEGORIES OF THIRD PARTIES WE DISCLOSE TO
Client, Prospective Client Site Visitors	Identifiers       Company Information and  Commercial Information     Device or Internet Data	Name, phone number, email address, unique personal identifiers ( cookies, IP address)     Company name, position, and company address,  Transaction data, purchase history, and delivery details.       Browsing history, search history, information on a consumer’s interaction with a website or  application	Servicing Marketing Quality Improvement Legal	Our Service Providers
Consumers	Identifiers	Name, phone number, email address, Video footage, audio recordings	Servicing Quality Improvement Legal	Our Service Providers

 

We may share Personal Information with the following categories of recipients for the following business purposes:

1. Third-party Service Providers: Your Personal Information will only be shared with and processed by our affiliates and non-affiliated third-party service providers as permitted by law and for the purposes described in this Privacy Policy such as to provide us with services such as Site hosting, including information technology and telephony services, and related infrastructure, customer service, e-mail delivery, auditing, and other similar services.
2. Corporate Subsidiaries and Affiliates: We share the collected personal information as described in this notice with our subsidiaries and affiliated businesses within Gatekeeper Systems Inc., each of which use your personal information consistent with this Privacy Notice.  Those businesses may also use your personal information for each of their own purposes, including marketing purposes.
3. Business Partners.  Where permitted by law, with our third-party business partners, such as companies offering products or services of interest to you, advertising partners and other third parties for those third parties’ own commercial or marketing purposes, such as to serve targeted advertisements.
4. Business Transfers: When applicable, we may share your information in connection with a substantial corporate transaction, such as the sale of a Site or Application, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
5. With Your Consent or at Your Direction: We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction.
6. Other Legal Reasons: In addition, we may use or disclose your Personal Information as we deem necessary or appropriate: (1) under applicable law; (2) to respond to requests from public and government authorities including public and government authorities; (3) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect our rights, privacy, safety or property of, our affiliates, you and others; (7) to enforce our terms and conditions; and (8) to identify, contact or bring legal action against someone who may be causing injury to you, Gatekeeper Systems Inc. or someone else

VI. Our Retention Period

We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy, in order to provide you the Services, comply with our legal obligations, to conduct audits, resolve disputes, and enforce of our agreements.

VII. Our Data Security Measures

We use reasonable organizational, technical, and physical measures to maintain the privacy and security of your Personal Information within our organization. These include encryption to safeguard data both in storage and in transit, access controls limited to essential personnel, and the use of secure infrastructure featuring firewalls and intrusion detection systems.

We minimize data collection to what is necessary and adhere to legal retention guidelines to prevent excessive data storage. We also maintain an incident response plan to ensure rapid action and communication in the event of a security breach.

However, it is important that you understand that no website or database is completely secure, or “hacker proof.”  You can help us by protecting and keeping your passwords safe at all times. You can protect yourself and help us prevent computer crime by promptly notifying us if you suspect that your username or password is lost, stolen or used without permission.  Also, you can reduce many risks by using up to date antivirus software.

VIII. Children’s Privacy

We will not knowingly collect personal information on our Sites or Applications from children under the age of 13 without the prior consent of the child’s parent or guardian. When we do so, we act as a Data Processor and we process the children’s personal information in the performance of our Services for and upon the instructions of our Clients, the Data Controllers.   If you believe that a child under the age of 13 may have provided personal information to us without consent of the child’s parent or guardian, please contact us at privacy@gatekeeper-systems.com

IX. Your Privacy Rights

A. Understanding Your Rights

Subject to applicable Data Privacy Law, you may have certain rights to know, access, update, port your personal data, correct inaccuracies, delete, restrict processing of your personal information in our custody and control.

You right over your personal information depends on the Data Privacy Law applicable where you reside.

1. Right to Know

You have the right to know whether we process your personal information.

2. Right to Access

You can make a request to access the categories or specific pieces of personal and sensitive personal information we collected, used, or shared about you.  Along with your verified request, we will give you any categories of sources from which the personal or sensitive personal information is collected; the purpose for collecting, selling, or sharing; and any categories of third parties with whom we share such personal information.

3. Right to Data Portability

You have the right to access and obtain a copy of your personal information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another business without hindrance, where the processing is carried out by automated means. You may request such personal information up to twice annually, subject to certain exceptions.

4. Right to Delete

You have the right to delete personal information that you have provided by or that we have obtained about you. Please note that we may deny such a request if the requested deletion falls under an exception to this right set forth in Data Privacy Laws. If the personal data is no longer needed for any purposes that justify its retention and we are no required by law to retain it, we will do what we can to delete. We may need certain types of data so that we can provide our Services to you.  If you ask us to delete it, you may no longer be able to access or use our Services.

5. Right to Opt Out of Selling or Sharing

You have the right to opt out of the processing of the personal information for purposes of: (i) targeted advertising; (ii) the sale of personal information; or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you (provision or denial of services, insurance, employment opportunities, or access to essential goods or services; decisions that have a foreseeable risk of unfair or unlawful treatment, financial or physical injury or other substantial injury). The Data Privacy Laws’ broad definition of “sale” may include information such as online identifiers or browsing activity that we make available to third parties that help deliver interest-based ads to you or analyze our website traffic.

If you would like to opt out of “selling” or “targeted advertising”, you may do so as outlined on the following page: Your Privacy Choices

You may also opt out by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

We do not knowingly “sell” or “share” the personal information of people under 16 years old.

6. Right to Limit the Use or Disclosure of Sensitive Personal Information

To the extent we collect any sensitive personal information, we only use it for legitimate business or operational purposes directly tied to the provision of our service (e.g. servicing, quality improvement, fraud detection, security, legal).

We will notify you in an update to this policy if at any point we intend to use your sensitive personal information for any additional purposes.

7. Right to Correct

You have the right to correct inaccuracies in the personal information we collect from you, taking into account the nature of the personal information and the purposes for which we process it.

8. Right to Nondiscrimination

We value giving consumers control over their privacy and personal information.  If you choose to exercise any of your data privacy rights, we will not differentiate our services as a result of your decision.  We also do not offer any financial incentives to opt-in to sell your personal information.

9. Your Right to Appeal

Under applicable Data Privacy Laws, if we decline to take action or do not respond regarding a request that you have submitted pursuant to one of the privacy rights set forth in this section, you have the right to appeal our refusal to take action within a thirty (30) calendar days after you receive our decision. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, we will also provide you with an online mechanism, if available, or other method through which you may contact your state attorney general’s office to submit a complaint.

B. Exercising Your Rights

This section outlines how to exercise your rights under applicable data privacy laws.

1. How to Exercise Your Rights

Request to exercise your rights can be submitted via:

• Email: Send your request to privacy@gatekeeper-systems.com with “Privacy Right Request” as the subject line. In the email body, specify the right you wish to exercise and specify the State/Country where you are residing.
• Telephone: Call us at 1-888-666-4833

To ensure the security of your personal information, we will verify your identity (and your agent’s identity, if applicable) before processing your request. Please provide sufficient details for us to understand, evaluate, and respond effectively. During verification, we consider the complexity of ensuring the data belongs only to you and the risks of disclosing it to the wrong person. Consequently, access to certain data may be limited. To protect your personal information, we will verify your identity before processing your request. Please include enough detail in your request for us to understand, evaluate, and respond accordingly.

2. Use of an Authorized Agent

If you are making a request through an authorized agent, you must provide the authorized agent with written permission to do so, and a power of attorney that fulfills the requirements of the Data Privacy Laws. We may require additional information to verify the agent’s identity and prevent fraud or security breaches.

3. Gatekeeper as a Service Provider

Most of the time we act as a “Service Provider” to other companies, our Clients — for instance, when we help other businesses use their own customers’ information as we provide our Services to them. As to personal information that we hold as a “Service Provider,” you would generally need to reach out to the business (our Clients) or we will refer your request to them so they can act on your request to exercise your rights stated here.

X. Changes to the Policy

We may change this Policy from time to time, by posting the revised Policy on our Site. The changes will only apply to the personal information we collect after we have posted the revised Policy.

If we make a material change to our privacy practices, we will provide notice on our Site or by other means as appropriate. However, it is your responsibility to check this Site for updates as you will be bound by them if you choose to visit our Sites.

XI. Contact Us

If you have any questions, or complaints, regarding the collection or use of your personal information or the content of this notice, please contact our Privacy Officer at the address below.

Privacy Officer
Gatekeeper Systems Inc.

301-31127 Wheel Avenue

Abbotsford, BC V2T 6H1

Canada

privacy@gatekeeper-systems.com

We respect your privacy rights and commit to the security of your personal information. If you do not agree to how we process your personal information as discussed in this Privacy Notice, please reach out to us. Please also see our Terms and Conditions for more information on the Site, Applications and Services we provide.