Privacy policy (EU)
Privacy policy – vehicle fleet (EU)
Privacy policy – vehicle fleet (EU)
Introduction
This privacy policy provides an overview of the processing of personal data in the operation of Clevon's autonomous delivery vehicles (the "vehicles"). “Personal data” means the information specified in Article 4 (1) of the General Data Protection Regulation (“GDPR”).
1. Who does this privacy policy apply to?
The privacy policy gives data subjects information on which data Clevon processes, on which basis and for which purposes, in the course of operating its vehicle fleet on public roads as well as in closed territories. Anyone in the vicinity of a Clevon vehicle may potentially be a data subject.
2. Who is the data controller?
The data controller is Clevon AS, registry code 16472103, address Reinu tee 48, 71020 Viljandi, Estonia, e-mail legal@clevon.com (“Clevon”, “we”, “us”, "our").
3. What personal data do we process?
Clevon is a technology company developing and manufacturing autonomous, teleoperated vehicles. Our vehicles are monitored and, if necessary, controlled remotely (teleoperated) via a remote control centre. The vehicles are equipped with sensors, including cameras, which allow the vehicle to operate independently and to provide information to the remote driver. The screens in front of the remote driver display a real-time video feed of the traffic environment around the vehicle, including nearby road users, vehicles, and their registration plates, etc. Video recordings may also be stored and used in later analysis to improve our teleoperation and autonomous vehicle technology.
Depending on the location of an individual relative to a Clevon vehicle, the processed data may potentially include:
- physical characteristics of other road users in the vicinity of the vehicle (pedestrians, cyclists, drivers), e.g., faces;
- data from other sensors of the vehicle, e.g., location, timestamp.
Given the technical nature of our data processing, it is theoretically possible that the personal data processed would enable to identify a specific natural person. However, we emphasize that Clevon does not aim to identify any person based on the data referred to in this privacy policy. We never use any software that would enable such identification and take steps to minimize the possibility of identification.
4. For which purposes is the data processed?
Clevon may process personal data for the following purposes:
- Ensuring the safe monitoring and remote control of our vehicle fleet
- The transmission of live video from the cameras of the vehicle to the remote control station serves the purpose of enabling the vehicle to navigate traffic safely.
- Development and testing of teleoperation and autonomous functionalities
- To ensure the safe and law-abiding participation of our vehicles in traffic, we collect data on the surrounding traffic environment and other conditions, such as network quality and reliability in different areas.
- Establishing facts and fulfilling legal obligations in case of incidents
- Should a traffic accident or other incident involving a Clevon vehicle take place, we will use video recordings to determine the circumstances of the accident and the person(s) responsible.
5. What is the legal basis for processing data?
The principal legal basis for the processing of data is a legitimate interest in accordance with Article 6 (1) (f) GDPR.
Clevon's legitimate interest lies in the development and testing of remotely controlled, autonomous vehicles. The transmission of video from the vehicle's cameras to the remote control station is a key element of this control system in terms of safety, ensuring remote monitoring, support and direct control of the vehicle. As this technology harbors the potential to improve overall road safety and reduce accidents, development and testing also serve the long-term interests of the wider public.
The likelihood that the use of cameras in this case would allow a particular data subject to be identified or for anyone's right to privacy to be breached is minimal. The aim of recording video is not to capture or identify any specific person and appearing on the video feed can only be incidental. During our development and testing process, we never use software that would allow for the identification of anyone from a video image. Vehicle cameras are not of a stationary nature, minimizing the risk that the cameras would consistently or repeatedly have the same person in their field of view – in other words, the risk of profiling.
In certain cases, the legal basis for the processing of data may also be compliance with a legal obligation pursuant to Article 6 (1) (c) GDPR.
We may be obliged under national or European Union law to transfer data to competent authorities for the purposes of determining the circumstances of an accident and assessing the continued compliance of the vehicle/driving system with applicable technical requirements. In this case, any transfers shall be limited in scope to the data relevant to the particular case.
6. Where do we store the data?
The servers for storing data are located in Estonia/within the European Union. We do not transfer data covered by this privacy policy to third countries.
7. With whom may we share the data?
We always treat data with care and confidentiality. Transfers of data may take place only to the extent described herein and to designated recipients:
- Service providers
- To keep our testing and delivery services running, we may on occasion use partner companies in different locations. These partners may operate the vehicle fleet, provide technical support, and/or respond to incidents. All of our service providers are carefully selected, trained and contractually obliged to comply with data protection laws and Clevon policies when processing data.
- Supervisory and law enforcement authorities and insurance companies.
- In the event of an accident or other incident, Clevon may be obliged to share data with the competent authorities and insurance providers in order to identify the circumstances and the person(s) liable for damages.
8. How long do we store the data?
We store data for 14 days, after which it will be deleted, unless it is necessary to determine the circumstances of an accident and to comply with legal obligations. We may also occasionally store data for longer for development purposes, but storage time is always kept as short as possible.
9. Your rights as a data subject
In accordance with the GDPR, you, as a data subject, have the following rights:
- The right to information about the processing of personal data and the right to access personal data (Art. 15 GDPR);
- The right to request rectification of inaccurate personal data (Art. 16 GDPR);
- The right to request the erasure of data under the conditions set out in Article 17 GDPR;
- The right to request restriction of processing of personal data (Art. 18 GDPR);
- The right to data portability (Art. 20 GDPR);
- The right to object at any time to the processing of personal data concerning you (Art. 21 GDPR);
- The right to lodge a complaint with a supervisory authority (Art. 77 GDPR).