Privacy Policy

GoGoo Fleet ("GoGoo", "we", "us", "our") provides an AI-native fleet intelligence platform for commercial vehicles, accessed primarily through WhatsApp and through web dashboards, supported by GPS hardware devices fitted to vehicles.

For the purposes of this Privacy Policy, the data controller responsible for the personal data described below is:

• GoGoo Fleet GmbH (name to be confirmed on incorporation)
• Registered address: German registered address
• Commercial register (Handelsregister): HRB number, local court
• Email: hello@gogoofleet.com

Our operations in Ghana are currently carried out through a local operating partner, Local Operating Partner name (registered in Ghana, registration number, address address), which acts as our data processor and, on our behalf, installs hardware, provides local service delivery and support, engages locally, and collects payments. The local operating partner is registered with the Ghana Data Protection Commission as required by Act 843. GoGoo Fleet GmbH, as a controller of personal data originating from Ghana, also registers with the Commission as required.

This Policy is issued under, and intended to comply with, both:

• the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") and applicable German data protection law (including the Bundesdatenschutzgesetz, "BDSG"); and
• the Ghana Data Protection Act, 2012 (Act 843) and the requirements of the Ghana Data Protection Commission ("DPC").

Where the two regimes differ, we apply the higher standard of protection.

GoGoo operates a business-to-business service. Our role differs depending on whose data is being processed:

(a) Data for which GoGoo is the controller (we decide why and how it is processed):

• Information about visitors to www.gogoofleet.com;
• Information about prospective customers and leads;
• Account, billing, support and communications data for our business customers (fleet owners, SMEs and partners);
• Aggregated and analytics data used to operate and improve the platform.

(b) Data for which GoGoo is typically a processor (we process it on behalf of, and on the instructions of, our business customer, who is the controller):

• Vehicle location, telematics and driver-related data that we collect and process on behalf of a fleet owner in order to deliver the service to that fleet owner.

Where GoGoo acts as a processor, the fleet owner (our customer) is responsible for having a lawful basis to track its vehicles and drivers, for informing its drivers, and for obtaining any consents required under applicable law. That relationship is governed by a separate Data Processing Agreement (DPA), not by this Privacy Policy. See Section 13.

This Privacy Policy primarily describes the personal data for which GoGoo is the controller.

3.1 Information you give us

• Identity and contact data: name, business name, role/job title, phone number (including WhatsApp number), email address, postal/business address.
• Account data: username, authentication tokens, account preferences and settings.
• Customer and commercial data: the fleet(s) you manage, vehicle details, your service plan, and information you submit through our lead-generation, onboarding or support channels.
• Communications: messages you exchange with us through WhatsApp, email, web forms, telephone or in person, including support requests and feedback.
• Payment data: billing details and records of transactions (we do not store full card details; payments may be processed by mobile money providers, banks or payment processors — see Section 7).

3.2 Information we collect automatically

• Device and usage data from www.gogoofleet.com and our dashboards: IP address, browser type, device identifiers, pages viewed, and similar technical data (see Section 11, Cookies).
• Platform interaction data: logs of how you and your authorised users interact with the service.

3.3 Telematics and vehicle data (see Section 2 on our role)

Through GPS hardware fitted to vehicles and connected systems, the platform processes data such as vehicle location, routes, trips, speed, mileage, driving behaviour (for example harsh braking or acceleration), engine/ignition status, and device status. Where this data can be linked to an identifiable driver, it constitutes personal data of that driver.

For most fleet customers, GoGoo processes this data as a processor on behalf of the fleet owner. The fleet owner is the controller and is responsible for the lawful basis and for driver transparency.

3.4 Data we receive from third parties

• From payment, mobile money and banking partners, confirmation of transactions.
• From channel partners (for example banks or insurers, where you have a relationship with them and have agreed to data sharing), information relevant to providing or arranging services.
• From local marketing, sales and distribution partners who promote GoGoo in the markets where we operate: contact details and business information of prospects and leads. These partners are required by contract to have collected and shared that data lawfully and to have given individuals appropriate notice.
• From service providers and authorised local partners that support our platform (see Section 9).

3.5 Special category and sensitive data

We do not seek to collect special category data (such as health, biometric or religious data) as defined under Article 9 GDPR. Please do not send us such data unless specifically requested. Vehicle and location data, while not "special category" data, is sensitive and is treated by us with heightened care.

3.6 Children

Our service is intended for businesses and is not directed at children. We do not knowingly collect personal data from anyone under the age of 18. (In Germany, the digital-consent age under Article 8 GDPR is 16.)

Under GDPR we must have a lawful basis for each processing activity. The table below sets out the main purposes and bases. Under Ghana's Act 843, processing must in each case be lawful, fair, for a specified purpose, and not excessive, and we rely on consent or another lawful justification accordingly.

Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms; you may ask us for further information about that balancing assessment, and you may object (see Section 8).

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Our service is WhatsApp-first. When you interact with GoGoo through WhatsApp:

• We process your phone number, profile name, message content and delivery/status information.
• WhatsApp is operated by Meta Platforms, Inc. / Meta Platforms Ireland Ltd, which processes message metadata and routing data under its own terms and privacy policy, over which we have no control. Your use of WhatsApp is subject to Meta's terms.
• Messages sent over WhatsApp may be transmitted through, and stored on, infrastructure located outside Ghana and outside the European Economic Area (EEA), including in the United States (see Section 10).

If you prefer not to use WhatsApp, contact us at hello@gogoofleet.com to discuss alternative channels where available.

The platform uses analytics and algorithmic ("AI") techniques to generate insights about fleet performance, driving behaviour and risk.

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing without human involvement, except where:

• it is necessary for a contract between us; or
• you have given explicit consent.

Where channel partners (such as banks or insurers) use fleet or driving data to make their own decisions (for example about credit, pricing or eligibility), those decisions are made by the partner as a separate controller under its own terms, and you should review that partner's privacy notice. If any GoGoo feature would involve automated decisions with significant effects on an individual, we will identify it, explain the logic involved in general terms, and provide the right to obtain human intervention, to express a view, and to contest the decision (Article 22 GDPR).

Payments for the service may be collected via mobile money, bank transfer, card or other payment methods. Payment processing is carried out by third-party payment providers, mobile money operators and banks, who process your payment data as controllers under their own privacy notices. We retain transaction records (date, amount, reference) as needed to provide the service and to meet legal and tax obligations.

Subject to the conditions and exceptions in applicable law, you have the right to:

• Access the personal data we hold about you and obtain a copy;
• Rectify inaccurate or incomplete data;
• Erase your data ("right to be forgotten") in certain circumstances;
• Restrict processing in certain circumstances;
• Object to processing based on legitimate interests, and to object to direct marketing at any time;
• Data portability — receive certain data in a structured, commonly used, machine-readable format;
• Withdraw consent at any time where we rely on consent;
• Not be subject to a solely automated decision with legal or similarly significant effects, except as permitted by law (Section 6).

These rights reflect both GDPR (Articles 15–22) and the data-subject participation rights under Ghana's Act 843, including the right to access, to request correction, to withdraw consent, and to object to direct marketing.

How to exercise your rights: contact us at hello@gogoofleet.com. We will respond within one month (GDPR) and without undue delay. We may need to verify your identity. There is normally no fee, although we may charge a reasonable fee or refuse requests that are manifestly unfounded or excessive.

Where GoGoo is a processor (telematics/driver data — see Section 2): if you are a driver and wish to exercise rights over vehicle/driver data, please contact the fleet owner who is the controller; we will support that controller in responding.

We share personal data only as needed and under appropriate safeguards, with:

• Service providers and authorised local partners (processors / sub-processors) acting on our instructions, including: Google LLC / Google Ireland Ltd (hosting, Google Workspace, Apps Script and Sheets infrastructure used by our platform); Meta Platforms (WhatsApp messaging — Section 5); local hardware-installation partners (technicians who fit GPS hardware to vehicles and link devices to accounts — they access only the data needed to perform installation and are bound by confidentiality, security and data-protection obligations); local software-deployment and technical-support partners (who configure, provision or support the platform — access is limited, controlled, logged and revoked when no longer needed); and payment, SMS, hosting, analytics and support providers.
• Our local operating partner in Ghana, which provides local installation, service, support and payment collection on our behalf as our processor.
• Local marketing, sales and distribution partners, who promote and sell GoGoo in the markets where we operate. In respect of leads and prospects they source, these partners generally act as independent controllers for their own outreach and share qualified leads with us under a data-sharing arrangement; they are contractually required to source and share personal data lawfully.
• Channel partners (banks, insurers and lenders) — only where you have a relationship with them and have requested or consented to the sharing.
• Professional advisers (lawyers, accountants, auditors) under duties of confidentiality.
• Authorities, regulators and courts where required by law, including the Ghana DPC and German supervisory authorities, and to establish, exercise or defend legal claims.
• A buyer or successor in the event of a merger, acquisition, financing or sale of assets, subject to confidentiality.

We do not sell your personal data.

We require all processors and sub-processors (including installation and deployment partners) to act only on our documented instructions and to protect your data under written contracts that impose data-protection obligations equivalent to ours, meeting Article 28 GDPR and Act 843 requirements. We remain responsible to you for the performance of our sub-processors. Where partners act as independent controllers (such as marketing partners for their own outreach), we require them by contract to comply with applicable data-protection law.

GoGoo operates across Ghana and Germany. As a result, personal data is transferred between Ghana, the EEA, and — through our service providers — other countries including the United States.

• Transfers into the EEA / Germany: data originating in Ghana is accessed and processed by our German controller. We apply GDPR-level protection to it.
• Transfers from the EEA to countries without an EU "adequacy" decision (including Ghana): we rely on appropriate safeguards, principally the European Commission's Standard Contractual Clauses (SCCs), together with any additional measures required.
• Transfers to the United States (e.g. Google, Meta): we rely on the providers' certification under the EU–US Data Privacy Framework and/or SCCs.
• Transfers of Ghana-originating data abroad: we comply with the requirements of Act 843, including ensuring an adequate level of protection where required.

You may request a copy of the relevant safeguards by contacting hello@gogoofleet.com.

www.gogoofleet.com uses cookies and similar technologies. Strictly necessary cookies are used to operate the site. Analytics, functional and marketing cookies are used only with your consent, which we collect through our cookie banner. You can withdraw or change your consent at any time via cookie settings link.

A full list of cookies, their purposes and durations is set out in our Cookie Notice at link.

We keep personal data only as long as necessary for the purposes described, then delete or anonymise it. In particular:

• Account and customer data: for the duration of the relationship and a reasonable period afterwards.
• Accounting and tax records: retained for the periods required by German and Ghanaian law (under German commercial and tax law, certain records must be kept for up to 10 years).
• Telematics data: retained for the period agreed with the relevant fleet-owner controller, as set out in the DPA.
• Marketing data: until you opt out or after a period of inactivity.

Our detailed retention schedule is available on request.

If you are a fleet owner / business customer, the processing of your vehicle and driver data by GoGoo as your processor is governed by a separate Data Processing Agreement that forms part of your contract with us. That DPA sets out our obligations under Article 28 GDPR and Act 843, including security, sub-processors, breach notification, and assistance with data-subject requests. Contact hello@gogoofleet.com to obtain the DPA.

We implement appropriate technical and organisational measures, including access controls, token-based authentication, encryption in transit, least-privilege access, staff confidentiality obligations, and a documented breach-response process. No system is completely secure, but we work to protect your data and to limit access to those who need it.

If a personal data breach occurs, we will:

• notify the competent German supervisory authority within 72 hours where required under GDPR;
• notify the Ghana Data Protection Commission and affected individuals as required under Act 843; and
• where the breach is likely to result in a high risk to individuals, notify the affected individuals without undue delay.

If you have a concern, please contact us first at hello@gogoofleet.com. You also have the right to lodge a complaint with a supervisory authority:

• Germany: the data protection authority of the federal state in which GoGoo Fleet GmbH is registered — name and address of competent Landesdatenschutzbehörde.
• Ghana: the Data Protection Commission, Accra (www.dataprotection.org.gh).

We may update this Policy from time to time. We will post the updated version at www.gogoofleet.com with a revised "Last updated" date and, where changes are significant, notify you directly.

• Data protection / privacy enquiries: hello@gogoofleet.com
• Data Protection Officer / Data Protection Supervisor: name and contact
• Postal: GoGoo Fleet GmbH, address (controller); local operating partner, address.