Privacy Policy – Fuel Management Platform

1. Who we are

Vetrol ("Vetrol", "we", "our", "us") is a fuel management technology company. We operate the Vetrol platform — a fuel authorization, settlement, and reporting system for businesses that manage vehicle fleets.

We are incorporated and operates in different countries (as mentioned here). Our platform is subject to the country of operation's Data Protection Act where applicable.

For any privacy-related matters, you can reach our data protection contact at: [email protected]

2. Data we collect

We collect data in three categories depending on your relationship with Vetrol:

2.1 Business account data

When an organization signs up for Vetrol, we collect:

Company name, registration number, and industry
Billing address and contact details
Administrator name, email address, and phone number
Payment information (processed securely by our payment processors — Vetrol does not store card numbers)

2.2 Fleet & operational data

When you use Vetrol to manage your fleet, we collect:

Vehicle registration numbers, make, model, and fuel type
Smart tag identifiers assigned to each vehicle
Fueling transaction records: timestamp, volume, station, vehicle, and value
Transaction approval and rejection events with reasons
Fleet rules and authorization limits configured by your administrators

2.3 Website visitor data

When you visit our marketing website (vetrol.io), we collect:

IP address and browser information
Pages visited and time spent on each page
Referral source (how you found us)
Any information you voluntarily submit through our contact form

3. How we use your data

We use the data we collect for the following purposes:

Service delivery: Processing fuel authorization requests, maintaining transaction records, and generating reports and invoices.
Account management: Creating and managing your organization's account, authenticating users, and communicating important service updates.
Fraud prevention and security: Detecting anomalous transaction patterns, investigating potential abuse, and protecting the integrity of the platform.
Customer support: Responding to inquiries, troubleshooting issues, and improving service quality.
Product improvement: Analyzing aggregated, anonymized usage patterns to improve platform features and performance.
Legal compliance: Meeting our obligations under applicable laws, including responding to lawful requests from regulatory or law enforcement authorities.

4. Legal basis for processing

We process your data under one or more of the following lawful bases:

Contract performance: Processing is necessary to provide the Vetrol service under your agreement with us.
Legitimate interests: We process certain data to improve our platform and prevent fraud, where these interests are not overridden by your privacy rights.
Legal obligation: Where we are required by law to process or retain certain data.
Consent: For marketing communications and non-essential cookies, where you have provided explicit consent.

5. Data sharing

We do not sell your data. We share data only in the following limited circumstances:

Fuel station partners: Transaction data is shared with the relevant station to confirm and settle fueling events. Stations only receive data relating to transactions at their location.
Service providers: We use third-party services for cloud infrastructure, payment processing, email communication, and analytics. These providers are contractually bound to handle data only as directed by Vetrol and cannot use it for their own purposes.
Legal requirements: We may disclose data when required by court order, regulation, or lawful request from governmental authorities.
Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, with notice provided to affected customers.

6. Data retention

We retain data for as long as necessary to fulfil the purposes described in this policy, or as required by law. Specifically:

Transaction records are retained for a minimum of 7 years to comply with financial and tax record-keeping requirements.
Account data is retained for the duration of your contract and for 2 years thereafter, unless a longer period is required by law.
Website visitor data is retained for up to 12 months in aggregated/anonymized form.

Upon account termination, we will delete or anonymize personal data within 90 days, except where retention is legally required.

7. Security

Protecting your data is central to how we build and operate Vetrol. Our security measures include:

Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
Access controls with role-based permissions and multi-factor authentication options
Regular security assessments and penetration testing
Cryptographically secured smart tag authentication that prevents cloning
Comprehensive audit logging of all data access and administrative actions

In the event of a data breach that affects your personal data, we will notify you and the relevant supervisory authority within the timeframes required by applicable law.

8. Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Right to access

Request a copy of the personal data we hold about you.

Right to rectification

Request correction of inaccurate or incomplete data.

Right to erasure

Request deletion of your data, subject to legal retention requirements.

Right to portability

Receive your data in a structured, machine-readable format.

Right to restrict processing

Request that we limit how we use your data in certain circumstances.

Right to object

Object to processing based on legitimate interests, including direct marketing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies

Our website uses cookies and similar technologies. We use:

Strictly necessary cookies: Required for core website functionality. These cannot be disabled.
Analytics cookies: Help us understand how visitors interact with our site. We use privacy-respecting analytics that anonymize IP addresses.
Preference cookies: Remember your settings, such as dark mode preference.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

10. International data transfers

Vetrol operates in Rwanda and other countries. Your data may be processed in either jurisdiction and by cloud service providers located in other countries. Where data is transferred outside of countries of operation, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the relevant data protection authority
Transfers only to countries with adequate data protection laws or certified frameworks

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you are a registered customer) or by posting a prominent notice on our website with the updated date.

Continued use of the Vetrol platform after changes are posted constitutes your acceptance of the updated policy.

12. Contact us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:

Vetrol Data Privacy

Email: [email protected]

General: [email protected]