fbpx
Menu

Privacy policy (EU)

Privacy policy – robot fleet (EU)

Privacy policy – vehicle fleet (EU)

Introduction

This privacy policy provides an overview of the processing of personal data in the operation of Clevon's autonomous robot carriers (the "robots"). “Personal data” means the information specified in Article 4 (1) of the EU General Data Protection Regulation (“GDPR”).

1. Who does this privacy policy apply to?

The privacy policy gives data subjects information on which data Clevon processes, on which basis and for which purposes, in the course of operating its fleet of robots on public roads as well as in closed territories. Anyone in the vicinity of a Clevon robot may potentially be a data subject.

2. Who is the data controller?

The data controller is Clevon AS, registry code 16472103, address Reinu tee 48, 71020 Viljandi, Estonia, e-mail legal@clevon.com (“Clevon”, “we”, “us”, "our").

3. What personal data do we process?

Clevon is a technology company developing and manufacturing autonomous, teleoperated robot carriers. Our robots are monitored and, if necessary, controlled remotely (teleoperated) via a remote control centre. The robots are equipped with sensors, including cameras, which allow the robot to operate independently and to provide information to the remote driver. The screens in front of the remote operator display a real-time video feed of the traffic environment around the robot, including nearby road users, vehicles and their registration plates, etc. Video recordings may also be stored and used in later analysis to improve our teleoperation and autonomous driving technology.

Depending on the location of an individual relative to a Clevon robot, the processed data may potentially include:

  • physical characteristics of other road users in the vicinity of the vehicle (pedestrians, cyclists, drivers), e.g., faces;
  • data from other sensors of the robot, e.g., location, timestamp

Given the technical nature of our data processing, it is theoretically possible that the personal data processed would enable to identify a specific natural person. However, we emphasize that Clevon does not aim to identify any person based on the data referred to in this privacy policy. We never use any software that would enable such identification and take steps to minimize the possibility of identification.

4. For which purposes is the data processed?

Clevon may process personal data for the following purposes:

  • Ensuring the safe monitoring and remote control of our fleet
  • The transmission of live video from the cameras of the vehicle to the remote control station serves the purpose of enabling the robot to navigate traffic safely.
  • Development and testing of teleoperation and autonomous driving functionalities
  • To ensure the safe and law-abiding participation of our robots in traffic, we collect data on the surrounding traffic environment and other conditions, such as network quality and reliability in different areas. Stored data is also used to improve the robots’ perception of surroundings.
  • Establishing facts and fulfilling legal obligations in case of incidents
  • Should a traffic accident or other incident involving a Clevon robot take place, we will use video recordings to determine the circumstances of the accident and the person(s) responsible.

5. What is the legal basis for processing data?

The principal legal basis for the processing of data is a legitimate interest in accordance with Article 6 (1) (f) GDPR.

Clevon's legitimate interest lies in the development and testing of remotely controlled, autonomous robot carriers. The transmission of video from the robot's cameras to the remote control station is a key element of this control system in terms of safety, ensuring remote monitoring, support and direct control of the robot. As this technology harbors the potential to improve overall road safety and reduce accidents, development and testing also serve the long-term interests of the wider public.

The likelihood that the use of cameras in this case would allow a particular data subject to be identified or for anyone's right to privacy to be breached is minimal. The aim of recording video is not to capture or identify any specific person and appearing on the video feed can only be incidental. During our development and testing process, we never use software that would allow for the identification of anyone from a video image. The robots’ cameras are not of a stationary nature, minimizing the risk that the cameras would consistently or repeatedly have the same person in their field of view – in other words, the risk of profiling. If there is an increased risk of systematic monitoring of certain areas, such as in the context of driving fixed routes due to conditions imposed by regulatory operating permits, we take special precautions, such as minimizing video storage time.

In certain cases, the legal basis for the processing of data may also be compliance with a legal obligation pursuant to Article 6 (1) (c) GDPR.

We may be obliged under national or European Union law to transfer data to competent authorities for the purposes of determining the circumstances of an accident and assessing the continued compliance of the robot/driving system with applicable technical requirements. In this case, any transfers shall be limited in scope to the data relevant to the particular case.

6. Where do we store the data?

The servers for storing data are located in Estonia/within the European Union. We do not transfer data covered by this privacy policy to third countries.

7. With whom may we share the data?

We always treat data with care and confidentiality. Transfers of data may take place only to the extent described herein and to designated recipients:

  • Service providers
  • To keep our testing and delivery services running, we may on occasion use partner companies in different locations. These partners may operate the fleet, provide technical support, and/or respond to incidents. All of our service providers are carefully selected, trained and contractually obliged to comply with data protection laws and Clevon policies when processing data.
  • Supervisory and law enforcement authorities and insurance companies.
  • In the event of an accident or other incident involving one of our robots, Clevon may be obliged to share data with the competent authorities and insurance providers in order to identify the circumstances and the person(s) liable for damages.

8. How long do we store the data?

Storage periods depend on the video recording mode used and the purposes of processing. In general, storage periods are kept to a minimum and data is only stored as long as it is needed for a justifiable purpose outlined in this privacy policy.

Video data recorded during normal operation is stored for the purposes of further development of the autonomous driving functionalities and the robots’ perception of their surroundings, enabling us to continuously improve the safety and capability of our robots in traffic. It may also be stored for the purpose of determining the circumstances of an accident involving a Clevon robot carrier and for complying with legal obligations. Video data that is not necessary for the purpose or which has achieved its intended purpose is deleted thereafter.

Video data recorded during reduced mode (lower video quality) or recording-only mode (activated when the robot is stationary) is stored on board the robots and not transferred to servers. This data is automatically erased after 2 or 15 days respectively.

9. Your rights as a data subject

In accordance with the GDPR, you, as a data subject, have the following rights:

  • The right to information about the processing of personal data and the right to access personal data (Art. 15 GDPR). The right of access is conditional on the ability of you as a data subject to provide us with the information necessary for identification purposes (such as when and where you entered the area monitored by the robot carrier). In case we are unable to identify the data subject, the exception in Art. 11(2) of the GDPR applies and you will be notified accordingly;
  • The right to request rectification of inaccurate personal data (Art. 16 GDPR);
  • The right to request the erasure of data under the conditions set out in Article 17 GDPR;
  • The right to request restriction of processing of personal data (Art. 18 GDPR);
  • The right to data portability (Art. 20 GDPR), to the extent this does not adversely affect the rights and freedoms of others and is possible taking into account the nature of the data;
  • The right to object at any time to the processing of personal data concerning you (Art. 21 GDPR), where this is possible taking into account the nature of the processing. For example, this right may be difficult to exercise and overridden by other legal obligations in the context of robot carriers operating on publicly accessible roads, but could be exercised in the context of operation on private roads;
  • The right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

10. Exercise of rights and contact

Please contact Clevon at legal@clevon.com to obtain more information about data processing, to exercise your rights or to file a complaint.