“What security and privacy measures has AWS implemented to protect customer data, and how does their Data Processing Agreement (DPA) relate to GDPR compliance?”

AWS has implemented a comprehensive set of security and privacy measures to protect customer data, including data encryption, access control, and audit logging. AWS also offers a Data Processing Agreement (DPA) that incorporates AWS's commitments as a data processor under the GDPR.

"What are the storage requirements for personal data under the GDPR, and how does it relate to the protection of EU residents' personal data?"

The GDPR does not specify where data must be stored (although it does require that data controllers take appropriate measures to protect the personal data of EU residents).

“What is the level of GDPR compliance in AWS data centers located in the US, especially in North Virginia, and where can I find up-to-date documentation on this matter?”

All AWS data centers are compliant with DGPR, including the ones in the US in general, and North Virginia in particular. See for example this up-to-date White Paper by AWS:

• EU-US data transfers - European Commission (europa.eu)

• Implementing decision - 2023/1795 - EN - EUR-Lex (europa.eu)

• https://www.dataprivacyframework.gov/s/article/FAQs-EU-U-S-Data-Privacy-Framework-EU-U-S-DPF-dpf

• Navigating GDPR Compliance on AWS - AWS Whitepaper (amazon.com)

“What kind of information Galooli processes? “

The kind of information Galooli processes is detailed in Galooli's Privacy Policy, especially in the sections “Data,” and “Data Collecting.” The latter reads: "Data is collected under the legitimate business interests of the Asset Owner to enable it to monitor aspects such as, but not limited to: Asset Location, Fleet Optimization, Road and Driver Safety, Environmental Impact, Fuel Usage, Power usage."  

Note: Galooli does not directly process sensitive personal data. We do process non-identifiable information, such as anonymized meter identifiers and beyond-the-meter readings related to energy consumption, as well as technical factors associated with connected assets and energy sources. This data cannot be linked to any specific individual. All data transfers by Galooli are fully encrypted, utilizing HTTPS and TLS (no less than 1.2) encryption protocols. In addition, Galooli collects data on how users interact with the platform (e.g., login times, session durations, interactions with various features), including anonymized data This data is used to compile aggregate statistics and improve user experience (e.g., making popular features more visible and user-friendly). This helps us enhance the functionality and performance of our platform. The Galooli online platform also gives customer-administrators the option to manage user access and upload employees’ names, email addresses, and phone numbers, if they see fit.

“What categories of personal data Galooli transfers?”

Galooli does not directly process sensitive personal data. However, it does collect data on how users interact with the platform to improve user experience (UX), and allows customer-administrators to manage user authorization and upload employees’ names, email addresses, and phone numbers, if they see fit.