Zenseact’s Privacy Policy

 

1. INTRODUCTION

This Privacy Policy describes what personal data Zenseact may collect, use, disclose and further process, and for what purposes.

Zenseact processes personal data in accordance with applicable laws and regulations, including the General Data Protection Regulation (GDPR) and laws of your jurisdiction. Zenseact is in its capacity as a so-called “data controller” is responsible for ensuring the lawful processing of your personal data and will at all times take necessary technical, physical and organizational measures in order to protect your personal data.Zenseact values transparency. Thus, Zenseact wishes to share with you, information on what personal data Zenseact is processing and for what purposes. That is why we encourage you to read through this Privacy Policy, describing Zenseact’s processing of your personal data, and also describing your legal rights.

This Privacy Policy explains how Zenseact processes personal data relating to you who;

• Represent a customer, supplier or other business partner of Zenseact (Business Contact);
• Visit Zenseact’s website or interact with Zenseact via Zenseact’s digital communication channels, such as social media;
• Visit Zenseact’s premises; or
• Apply for a position at Zenseact.

This Privacy Policy also addresses Zenseact’s collection and further processing of personal data in connection with the development of Zenseact’s software for advanced driver assistance systems and automated driving. Data collected and analyzed by Zenseact, for the purpose of analyzing various traffic situations, such as footage of traffic environments (referred to as Public Traffic Environment Data) may include personal data.

Please read through this Privacy Policy, describing Zenseact’s processing of your personal data, and also describing your legal rights. Where the laws of your jurisdiction require consent for data processing, by using our website, digital communication channels, or by otherwise interacting with us, you agree to the collection, use, disclosure and further processing of your personal data, as described in this Privacy Policy.

It is important that you read this information, together with any other information that may be provided to you directly, in connection with situations addressed below, or in other situations not specifically addressed in this Privacy Policy.

Zenseact may receive e-mails or other information from third parties, containing personal data about you, and may in such case process such personal data. If required, Zenseact will inform you of such processing separately.

This Privacy Policy will be updated from time to time by Zenseact. If you have questions or concerns about our processing of your personal data, do not hesitate to contact us. Please see contact details set forth below.

 SUMMARY

• We may collect the following personal data:
• We may use your personal data for the following purposes:
• We may share your personal data with:
• Contact us:

2. CONTACT DETAILS

Controller / Privacy Officer

Name:	Zenseact AB
Company organization No.:	559228-9358
Postal address:	Lindholmspiren 2, 417 56 Göteborg, Sweden
E-mail address:	privacy@zenseact.com
Telephone No.:	+46 (0)31 31 36 000

 

Supervisory Authority (Sweden)

Name:	Integritetsskyddsmyndigheten, IMY
Postal address:	Box 8114, 104 20 Stockholm, Sweden
E-mail adress:	imy@imy.se
Telephone No.:	+46 (0)8 657 61 00

 Privacy Regulators (Canada)Please note that if we are unable to resolve your privacy concerns, you may have the right to complain to the Office of the Privacy Commissioner of Canada or the appropriate provincial Information and Privacy Commissioner.

Name:	Office of the Privacy Commissioner of Canada
Postal address:	Victoria Street, Gatineau, Quebec, K1A 1H3
Telephone No.:	1-800-282-1376

 

3. USEFUL DEFINITIONS

“Data Protection Laws and Regulations”– means all laws and regulations applicable to the Processing of Personal Data in your jurisdiction.

“Personal data”– means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing”– means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Data controller”– means the physical or legal entity that determines the purpose and means of the processing of personal data. Zenseact, and ultimately the Zenseact company processing your personal data, is regarded the data controller for the processing of such personal data.

“Data processor”– means the physical or legal entity that process personal data on behalf of a data controller, for example an IT service provider.A data processor may only process the personal data in accordance with the data controller’s given instructions.

 

4. WHAT PERSONAL DATA, FOR WHICH PURPOSES, AND FOR HOW LONG, DOES ZENSEACT PROCESS YOUR PERSONAL DATA?

Zenseact’s processing of your personal data, will be limited to only the appropriate, relevant, accurate and necessary personal data for each purpose. Zenseact will process your personal data only for the specific purposes that such data was collected for.

Personal data that we process, and our purposes for such processing, vary depending on in what context you come into contact with Zenseact. Reading further, you will find information on how Zenseact processes your personal data, depending on your relationship with Zenseact.

 A. For Business Contacts

What personal data do we process?

Zenseact may process personal data related to you if you are acting on behalf of a company or organization, that interacts with Zenseact. It may be both personal data provided by you directly to Zenseact and personal data that we receive from the company or organization that you represent, or from a third party involved in the relevant business context.

Personal data Zenseact may process:

• Your first and last name
• Other contact details, such as organization/company name and address, e-mail address and phone number.
• Your title or role.

For what purposes, on what legal basis and for how long?

Fulfillment of contracts between you or your company/organization and Zenseact– For the purpose of being able to fulfill Zenseact’s commitments towards you or your company/organization, Zenseact may, if necessary, process your personal data. The legal basis for Zenseact’s processing of personal data regarding you as a private business, is that the processing is necessary for the performance of our contract, or to take necessary steps prior to entering into such contract. If you interact with Zenseact as a representative for a company/organization, the legal basis for Zenseact’s processing of your personal data is that the processing is necessary for the purpose of Zenseact’s legitimate interest in being able to communicate with a representative for Zenseact’s business partner, and the purpose of fulfilling any contract with the company/organization that you represent. Personal data that Zenseact processes for the mentioned purposes, will not be processed longer than it is necessary for Zenseact to fulfill its contract with you or your organization, or your implied consent for us to undertake such processing, in jurisdictions requiring consent as the basis for processing.

Accounting– For accounting purposes, Zenseact will process information about financial transactions between Zenseact and you or your company/organization. Zenseact may, if necessary, process your personal data in connection therewith. The legal basis for Zenseact’s processing in this regard, is that it is necessary to fulfill legal obligations required by accounting legislation, or your implied consent for us to undertake such processing in jurisdictions requiring consent as the basis for processing. Personal data that Zenseact processes for accountingpurposes will, in accordance with applicable accounting legislation, be stored for up to seven years or as long as applicable legislation otherwise requires.

 B. For Website Visitor, Social Media Interaction etc.

What personal data do we process?

When you visit Zenseact’s website www.zenseact.com or www.zenseact.cn or otherwise interact with Zenseact via our digital platforms such as our social media channels, we may process personal data about you.

Website visitor –You can generally browse our website without revealing who you are or sharing any other personal information about yourself. For system related and statistical purposes, including improving our website, Zenseact may store certain information on your computer in the form of “cookies” or similar technology. To read more about our use of cookies and the data that we collect when you visit the website, please see our Cookie Policy.

Social media interaction etc. –When you interact with Zenseact via our digital platform, such as our social media channels,we will process personal data made available by you through the specific social media channel (Facebook, Instagram, Twitter etc.).

Personal data that we typically may process is:

• Your name
• Your username
• Your profile picture
• Your comments and other results of your active engagement

For what purpose, on what legal basis and for how long?

We will process your personal data to understand how our digital platforms and communication channels are used, where our visitors come from and what content is of interest to our visitors. We use this information for our internal analytics purposes and to improve the quality and relevance of our digital platforms and communication channels. We will also process personal data provided to us by you, in order to respond to any questions or inquiries that you may have.

Your personal data will be processed on the basis of a balance of interests, where our legitimate interests are to (i) operate and improve our digital platforms and communication channels and (ii) promote our business and communicate with persons interested in Zenseact and Zenseact’s business or your implied consent for us to undertake such processing in jurisdictions requiring consent as the basis for processing.

Your personal data will not be processed longer than necessary with reference to the purposes for which it was collected.

 C. For Offices Visitors – Visitor System

What personal data do we process?

When you visit Zenseact’s offices, we will process your personal data. Note, that additional information on the processing of your personal data in connection with your visit, may be provided to you in connection with your visit.

Upon entering Zenseact’s premises you will be asked to register your visit in our visitor system. Personal data we will process is:

• Your first and last name
• The name of the company or organization you are representing
• Your e-mail address
• Your telephone number
• A photograph of you
• The time of your registration of your visit
• Your acceptance (and signature) of a confidentiality undertaking, which is an agreement between you and Zenseact (“NDA”).

For what purpose, on what legal basis and for how long?

We will process your personal data in order to administrate your visit and uphold our high safety and security standards, applicable for all of Zenseact’s premises. In addition, we will also process your personal data for the purpose of keeping a record of the confidentiality undertaking executed within the visitor system.

Your personal data will be processed on the basis of a balance of interests, where Zenseact’s legitimate interests are to (i) administrate your visit, (ii) uphold Zenseact’s high safety and security standards and (iii) keep a record of the confidentiality undertaking signed by you, or your implied consent for us to undertake such processing in jurisdictions requiring consent as the basis for processing.

Your personal data will not be processed longer than necessary with reference to the purposes for which it was collected. Your photograph will be stored no longer than seven days after your visit. Other personal data will be stored as long as we store the NDA signed by you, which depends on the reason to your visit.

 D. For Offices Visitors – Security Camera Surveillance

Zenseact operates a security camera surveillance system within its premises. Note that further information on the processing of your personal data in connection with your visit is displayed on signs on the premises and may be provided to you by other means upon your visit.

What personal data do we process?

Personal data that we will process is video recordings (no sound) from the security camera surveillance system.

For what purpose, on what legal basis and for how long?

We will process your personal data for the purposes of security, prevention of theft and sabotage and securing evidence in case of events threatening security.

Your personal data will be processed on the basis of a balance of interests, where our legitimate interests are to protect the premises and our assets, to ensure security and to secure evidence, or your implied consent for us to undertake such processing in jurisdictions requiring consent as the basis for processing. Interests which are not overridden by the interests, rights or freedoms of the persons subject to camera surveillance and storage of recordings.

Your personal data will not be processed longer than necessary with reference to the purposes for which it was collected. Recordings will be stored for a maximum of seven days, unless we have reasons to keep them longer for the purpose of further investigation or securing evidence.

 E. For Job Applicants

When you submit your job application to us, you will also submit personal data about yourself. Note that further information on the processing of personal data in connection with your job application may be provided to you upon our receipt of your application.

What personal data do we process?

The personal data that we will process about you can both be information provided by you and information that we choose to collect from recruitment agencies, other third parties engaged by us and potential references.

Personal data we will process is:

• Your first and last name, other contact details such as address, e-mail address and phone number
• Information set forth in your cover letter and CV, such as employment history, education, leisure interests etc.
• If applicable – test results, grades, certificates, references, comments, notes from interviews, employment offer (financial terms).

Note, we kindly ask you to not submit information on references until we ask you to do so.

For what purpose, on what legal basis and for how long?

We will process your personal data in order to administrate and appraise your job application. In addition, we will also process your personal data in order to respond to any criticism/claims relating to the recruitment process, if necessary.

Your personal data will be processed on the basis of a balance of interests, or your implied consent for us to undertake such processing in jurisdictions requiring consent as the basis for processing. Our legitimate interests are to (i) administrate and appraise your job application on the basis of the business conducted by Zenseact and Zenseact’s business needs, and (ii) administrate you application to an advertised position, assess your eligibility and career possibilities, confirm your actual knowledge and employ the right person based on the business needs of Zenseact. Your personal data may also be processed based on our legitimate interest to be able to respond to any future criticism/claims relating to our recruitment process.

Your personal data will not be processed longer than necessary with reference to the purposes for which it was collected, and subject to applicable laws. Therefore, Zenseact regularly sorts out and erases information and personal data that is no longer necessary. Your personal data will as a main rule be deleted as soon as the relevant position is filled. Please note that Zenseact may need to store your application documents for a period of two years thereafter, in order to be able to respond to any possible future legal claims relating to a recruitment process where you have been one of the applicants. If we wish to save you application, in case of other available positions later on, we will ask for you consent to do so.

It is voluntary to apply for an employment and provide us with your personal data, but to enable us to compare your application with the other applicants we will need your complete application documents.

 F. Public Traffic Environment Data

Zenseact collects and processes images of various public traffic environments (“Public Traffic Environment Data”), for the purpose of analyzing various traffic situations. Such data may, as an unintended effect, include personal data.

What personal data do we process?

The Public Traffic Environment Data collected by Zenseact includes images of identifiable individuals moving around in the public traffic environment where Zenseact’s collection of Public Traffic Environment Data takes place, as well as vehicles with visible license plates. The data also contains information on time, location and speed.

For what purposes?

Zenseact’s processing of the Public Traffic Environment Data, including personal data, is necessary for the purposes of:

1. developing safe and reliable software for advanced driver assistance systems and autonomous drive systems, with the overall purpose of protecting all life on the road, and
2. being able to perform scientific research within artificial intelligence in general, and in relation to traffic safety and environmental sustainability in particular, such research to be performed by Zenseact, by third party, or by Zenseact in collaboration with a third party.

Based on what legal basis?

Legitimate interest:The personal data included in the Public Traffic Environment Data, will be processed on the basis of a balance of interests or your implied consent for us to undertake such processing in jurisdictions requiring consent as the basis for processing, where Zenseact has a legitimate interest of processing the personal data for the purposes mentioned above. Zenseact being able to fulfill the purposes set out above, is in the interest of the public in general, but also the individuals visible or identifiable based on the Public Traffic Environment Data. The successful development of a safe and reliable software for advanced driver assistance systems and autonomous drive systems, protecting all life on the road, is in the interest of the public, and it is not possible to pursue this interest, without processing personal data.

Pedestrians, cyclists, people in vehicles, vehicles having license plates etc. are all things that naturally exist in a public traffic environment. Zenseact needs to collect data on real traffic environment and real traffic situations. The Public Traffic Environment Data must be authentic to fulfil the purposes it is collected for, and cannot be manipulated. Thus, it is not possible to achieve the intended purpose, without processing of personal data, if for example blurring faces or license plates.

To protect the integrity of the individuals visible in or identifiable based on Public Traffic Environment Data, the collection of this data is performed in public areas, where such data collection is appropriate and may be expected by the individuals concerned. Further, Zenseact has taken measures to limit the access to the Public Traffic Environment Data, and Zenseact will only transfer the data to other controllers that will process the data for the same purposes as set out above, and for no other purposes, applying the same level of security as Zenseact.

Zenseact does not process the personal data included in the Public Traffic Environment Data for any other purposes, than the purposes explicitly describe here in. Zenseact is not interested in and does not in any way attempt to identify the individuals visible in or identifiable based on the Public Traffic Environment Data,or extract any other personal data.

Vital interest: Zenseact also processes the personal data included in the Public Traffic Environment Data for the purposes as set out above, on the basis of protecting the vital interest of the public, such vital interest being enabling the autonomous vehicle. Striving towards Vision Zero, advanced driver assistant systems and autonomous vehicles will be part of successfully reaching the vision.

For how long?

The personal data included in the Public Traffic Environment Data will not be processed longer than necessary for the purposes described above. Therefore, Zenseact regularly sorts out and erases data that is no longer needed.

To whom will the data be transferred?

Sets of data, containing Public Traffic Environment Data, that are used by Zenseact for the purposes described above, may be transferred to third parties. Such third parties will be collaboration partners of Zenseact’s, such as other developers of software or AI, as well as universities and collaboration partners performing scientific research and development within AI, either privately or state funded, such as research institutes and research and development organizations.

Transfer of the Public Traffic Environment Data to a third party will only be made for purposes that are in line with Zenseact’s purposes for its processing of the personal data, as described above. Third parties receiving the Public Traffic Environment Data will process the personal data included therein as independent data controllers. Such controllers are requested to apply the same level of security for processing of personal data, as Zenseact does.

Your rights

At the end of this document (see Sections 8 and 9, Your Legal Rights), you will find information on your rights. If you want to exercise any of your rights, as a data subject, concerning Public Traffic Environment Data, you will be asked to provide us with the place, date and time for when you believe that you may have been part of Zenseact’s collection of Public Traffic Environment Data.

If you have any questions regarding our Public Traffic Environment Data, do not hesitate to contact us. Please see contact details set forth in Section 2.

5. TRANSFER OF YOUR PERSONAL DATA

Your personal data may be submitted to, and processed by, third parties. These may include Zenseact group companies, customers, service providers, banks, legal advisors, auditors, business consultants, agencies, etc. Examples of situations when your personal data may be transferred to third parties is when such action is required due to law, dispute, government request or decision, outsourcing of payroll administration, at your own request, or when required to fulfill a legitimate interest for Zenseact. Zenseact remains the responsible data controller for the personal data provided, while third parties, depending on the circumstances, become either an independent data controller or Zenseact’s data processor.

Zenseact has agreements with engaged data processors (processing personal data on Zenseact’s behalf) ensuring that the data processors process your personal data in accordance with what is set forth in this Privacy Policy and in accordance with Zenseact’s instructions.

Your personal data may be transferred to countries outside of the EU/EEA or your home country, to Zenseact’s service providers (data processors) outside the EU/EEA or your home country, or to other Zenseact legal entities within the Zenseact group. All Zenseact legal entities have by agreement and policies adopted the same procedures and level of protection and security measures, in order to safeguard your data. Accordingly, any transfer of data outside the EU/EEA is made in line with data protection laws. Unless there is another legitimate basis our international transfers of personal data are based on the EU Commission’s standard contractual clauses or comparable requirements in other jurisdictions. When your information is processed outside of your home jurisdiction, it may be subject to access by and disclosure to law enforcement and government agencies under the applicable foreign legislation.

 

6. SECURITY

Zenseact makes large investments to implement and maintain a very high level av security to protect the company’s data, including such personal data that the company processes. Security is always considered and prioritized, in all decision making affecting Zenseact’s day-to-day operations, including how logistics, facilities and digital systems and architecture are set up. Zenseact is a data driven company, with a data driven security strategy, based on use of artificial intelligence and machine learning. Zenseact has adopted a solid security framework and is continuously improving the security initiatives, to keep Zenseact’s position as a front runner in when it comes to cyber security.

Zenseact has implemented data security procedures and technologies, including physical, technical and organizational security measures. Please note that security can never be 100% guaranteed when information is transmitted or stored, including electronically. 

7. MISCELLANEOUS

Automated individual decision making/profiling– Zenseact conducts no automated individual decision-making or profiling.

It is voluntary to provide Zenseact with personal data, but if you do not provide your personal data to Zenseact– it may be that we cannot fulfil certain undertakings towards you or your company/organization, or that we may have to restrict your access to our premises etc. If you have any doubts or concerns about leaving certain personal information, please contact Zenseact (see contact details in the beginning of this Privacy Policy, Section 2) for further information.

 

8. YOUR LEGAL RIGHTS (GDPR)

When Zenseact processes your personal data, you have certain rights under law. Please note that the exercising of these rights is subject to certain requirements and conditions set forth in law (GDPR or the laws of your home jurisdiction).

Your right to be informed and your right to access

You have the right to receive information about how Zenseact processes your personal data. Thus, we have established this Privacy Policy, which Zenseact encourages you to carefully read.

In addition, you have the right to, free of charge, upon written request, receive information about what personal data Zenseact stores about you and how your personal data is used and processed.

You are entitled to request in writing, free of charge, a copy of the personal data that Zenseact has registered about you.

If your request is unfounded or your request is excessive, e.g. should you frequently and within short intervals ask to receive information on or a copy of your personal data, Zenseact has the right to refuse to act on your request, or to charge a reasonable fee which covers the administrative costs of the action requested by you.

Your right to rectification and erasure

In the event that your personal data is inaccurate or incomplete, you have the right to request that Zenseact corrects or removes the personal data, including the right to have incomplete personal data completed.

You have the right to request the erasure of your personal data under certain circumstances (set forth in the GDPR). Provided that your request falls within one of those circumstances, we will erase your personal data.

Your right to object

You have the right to object to your personal data being processed for direct marketing purposes, including profiling analysis made for direct marketing purposes.

If you do not want your data to be used for direct marketing, including profiling analysis, you can notify us by sending an e-mail to privacy@Zenseact.com.

Your right to restrict processing

Under certain circumstances (set forth in the GDPR or the laws of your home jurisdiction) you have the right to request the restriction of processing of your personal data. In such case, your personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

Your right to data portability

Under certain circumstances (set forth in the GDPR or the laws of your home jurisdiction) you have the right to receive your personal data, which you have provided to Zenseact, in a structured, commonly used and machine-readable format, for transmitting such data to another controller. You may also have the right to request that personal data is transmitted directly from us to another controller, where technically feasible.

Your right to file a complaint

We encourage you to contact us if you have any questions regarding this Privacy Policy or if you are unhappy with the way Zenseact is processing your personal data.

You also have the right to file a complaint with the supervisory authority regarding Zenseact’s processing of your personal data or handling of any inquires related to it. You find the contact details of the relevant supervisory authority above in beginning of this Privacy Policy.