Privacy policy (EU)

Privacy policy – vehicle fleet (EU)

Privacy policy – vehicle fleet (EU)


This privacy policy provides an overview of the processing of personal data in the operation of Clevon's autonomous delivery vehicles (the "vehicles"). “Personal data” means the information specified in Article 4 (1) of the General Data Protection Regulation (“GDPR”).

1. Who does this privacy policy apply to?

The privacy policy gives data subjects information on which data Clevon processes, on which basis and for which purposes, in the course of operating its vehicle fleet on public roads as well as in closed territories. Anyone in the vicinity of a Clevon vehicle may potentially be a data subject.

2. Who is the data controller?

The data controller is Clevon AS, registry code 16472103, address Reinu tee 48, 71020 Viljandi, Estonia, e-mail legal@clevon.com (“Clevon”, “we”, “us”, "our").

3. What personal data do we process?

Clevon is a technology company developing and manufacturing autonomous, teleoperated vehicles. Our vehicles are monitored and, if necessary, controlled remotely (teleoperated) via a remote control centre. The vehicles are equipped with sensors, including cameras, which allow the vehicle to operate independently and to provide information to the remote driver. The screens in front of the remote driver display a real-time video feed of the traffic environment around the vehicle, including nearby road users, vehicles, and their registration plates, etc. Video recordings may also be stored and used in later analysis to improve our teleoperation and autonomous vehicle technology.

Depending on the location of an individual relative to a Clevon vehicle, the processed data may potentially include:

Given the technical nature of our data processing, it is theoretically possible that the personal data processed would enable to identify a specific natural person. However, we emphasize that Clevon does not aim to identify any person based on the data referred to in this privacy policy. We never use any software that would enable such identification and take steps to minimize the possibility of identification.

4. For which purposes is the data processed?

Clevon may process personal data for the following purposes:

5. What is the legal basis for processing data?

The principal legal basis for the processing of data is a legitimate interest in accordance with Article 6 (1) (f) GDPR.

Clevon's legitimate interest lies in the development and testing of remotely controlled, autonomous vehicles. The transmission of video from the vehicle's cameras to the remote control station is a key element of this control system in terms of safety, ensuring remote monitoring, support and direct control of the vehicle. As this technology harbors the potential to improve overall road safety and reduce accidents, development and testing also serve the long-term interests of the wider public.

The likelihood that the use of cameras in this case would allow a particular data subject to be identified or for anyone's right to privacy to be breached is minimal. The aim of recording video is not to capture or identify any specific person and appearing on the video feed can only be incidental. During our development and testing process, we never use software that would allow for the identification of anyone from a video image. Vehicle cameras are not of a stationary nature, minimizing the risk that the cameras would consistently or repeatedly have the same person in their field of view – in other words, the risk of profiling.

In certain cases, the legal basis for the processing of data may also be compliance with a legal obligation pursuant to Article 6 (1) (c) GDPR.

We may be obliged under national or European Union law to transfer data to competent authorities for the purposes of determining the circumstances of an accident and assessing the continued compliance of the vehicle/driving system with applicable technical requirements. In this case, any transfers shall be limited in scope to the data relevant to the particular case.

6. Where do we store the data?

The servers for storing data are located in Estonia/within the European Union. We do not transfer data covered by this privacy policy to third countries.

7. With whom may we share the data?

We always treat data with care and confidentiality. Transfers of data may take place only to the extent described herein and to designated recipients:

8. How long do we store the data?

We store data for 14 days, after which it will be deleted, unless it is necessary to determine the circumstances of an accident and to comply with legal obligations. We may also occasionally store data for longer for development purposes, but storage time is always kept as short as possible.

9. Your rights as a data subject

In accordance with the GDPR, you, as a data subject, have the following rights:

10. Exercise of rights and contact

Please contact Clevon at legal@clevon.com to obtain more information about data processing, to exercise your rights or to file a complaint.