Last modified: March 31, 2023
1. Who is responsible for the processing of personal data?
Attn: Data Protection Officer
2560 Ninth St. Suite 216
Berkeley 94710, CA, USA
2. Which data is processed and where does it come from?
Zendar is a technology company developing high-definition radars and related technology for use, among other things, in autonomous driving vehicles. We equip Zendar-marked test vehicles with radar sensors and cameras to test our radar technology. These cameras collect live-stream video footage from private and public grounds where they are driven. The video recordings are used by our engineering team to test and evaluate the safety, accuracy, and functionality of our radars.
While Zendar has no interest in collecting any personal data or identifying individuals in this process, pedestrians, drivers, road markings, cars, motorcycles, bicycles, and other objects in the surroundings of the Zendar test vehicle, as well as their position and movement in relation to the Zendar test vehicles, may be collected and processed incidentally. Such data may be considered personal information or data under state privacy laws or the General Data Protection Regulation (“GDPR”).
For example, the collected data may contain the following personal data, depending on the individual position to and interaction with the Zendar vehicle:
- Behavior and characteristics (e.g., faces) of individuals in the proximity of the Zendar test vehicles, including those of vehicle drivers, cyclists, and pedestrians
- Behavior and characteristics (e.g., license plates) of vehicles and other objects in the proximity of the test vehicles
- Time and place of the recordings (e.g., GPS data)
3. For which purposes is the data processed?
Zendar uses its test vehicles and the data collected during the drives to test and evaluate the safety, accuracy, and functionality of our radars. The processing serves the legitimate interest of Zendar for the purposes stated above, including without limitation, carrying out research, development, testing, evaluation and validation of our radar technology and ensuring public safety. In addition, in the event of an accident, we may use the data to investigate the cause of the accident, to clarify responsibilities, and to protect the rights, property, or safety of Zendar, our customers, our employees, or others (e.g., in legal proceedings). In addition, we may process the personal data mentioned under Section 2 when we are required to do so by law.
4. How is the data secured?
Zendar has implemented appropriate technical and organizational measures to ensure an appropriate security level for the risk involved. The risk analysis takes into account the risk of infringing against the rights of individuals concerned, the costs for implementation, as well as the type, extent, context and purposes of the data processing.
Zendar’s technical and organizational measures include:
- The raw data from the recordings are written from the cameras directly onto an internal Zendar drive, which can only be accessed by certain Zendar employees with access credentials and cannot directly be accessed without a Zendar computer. This drive containing raw data is frequently and regularly purged.
- To the extent any data from the recordings are to be stored, they are transferred and kept on internal Zendar drives, which can only be accessed by Zendar employees with access credentials and/or using a Zendar computer, and which are kept in a separate location from other Zendar servers and systems.
- To the extent any data from the recordings are to be backed up or stored for archival purposes, they are transferred and kept on Zendar cloud storage servers, which can only be accessed by certain Zendar employees with access credentials.
- To the extent the recordings (or any portion thereof) are shared with third parties or on publicly-accessible websites (e.g., LinkedIn, YouTube), any decipherable personal data is manually blurred to avoid identification.
- Access to Zendar’s IT systems is monitored in order to detect and prevent misuse.
- Where applicable and commercially reasonable, any personal data obtained from the recordings is encrypted and/or password-protected.
- Zendar’s security measures are continuously tested, assessed, and reviewed to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services in connection with the processing, as well as the effectiveness of the technical and organizational measures for ensuring the security of the processing.
5. With whom will the data be shared?
Zendar treats personal data with care and confidentiality. We only pass data to our affiliates and third parties to the extent described here and within the scope of the purpose limitation under data protection law.
Zendar may disclose personal data as described in this policy to the following categories of recipients:
- To Zendar affiliates: Zendar Inc. is the corporate parent of Zendar GmbH. Due to shared corporate IT systems, and because of the international nature of our business, personal data collected and processed by Zendar Inc. can be shared with or accessed by Zendar GmbH and its personnel and service providers, and personal data collected and processed by Zendar GmbH can be shared with or accessed by Zendar Inc. and its personnel and service providers, for the purposes above.
- To IT and collaboration service providers and other service providers: For technical reasons, we use external IT and related collaboration service providers who provide server infrastructure, IT maintenance tasks, IT solutions (such as cloud services), and/or software solutions on behalf of Zendar. We also use other service providers to support our business. These service providers may have access to the personal data to the extent necessary to perform such services for Zendar. When disclosing your personal data to third parties that will process your personal data on Zendar’s behalf, your personal data will only be disclosed to carefully selected data processors acting on the basis of Zendar’s instructions to comply with the applicable legal and contractual obligations. Such service providers will process the data on our behalf in accordance with this policy as “processors”.
Zendar may also disclose personal data to third parties as follows:
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Zendar’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which the personal data described in this policy is among the assets transferred.
- If Zendar is under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property or safety of Zendar, its customers or others. This includes exchanging personal data with public authorities (including judicial and police authorities) or insurance companies, in the event of, for example, a cyber security incident; and
- If you specifically consented thereto.
Zendar does not share, sell, rent, or trade personal data for any promotional purposes.
6. Where is the data stored and is it transferred internationally?
Data collected from the camera recordings in the United States is stored in the United States and, specifically, within the State of California. Data collected from the camera recordings in Germany is stored in Germany or otherwise within the European Economic Area (“EEA”). To the extent personal data needs to be backed up or stored for archival purposes, such data may also be stored on secure cloud storage servers.
Due to shared corporate IT systems, and because of the international nature of our business, personal data collected and processed by Zendar Inc. may be shared with, accessed by, and/or stored with Zendar Inc.’s subsidiary, Zendar GmbH and its service providers, outside of the United States, including the EEA and UK (and, specifically, within the Germany). Conversely, personal data collected and processed by Zendar GmbH may be shared with, accessed by, and/or stored with Zendar Inc. and its subsidiaries and service providers, outside of the EEA and UK, including the United States of America (and, specifically, within the State of California).
If you wish to receive more information relating to the transfers of your personal data internationally and/or the safeguards that have been implemented, you can contact the Zendar Data Privacy Officer or [email protected].
7. How long is the data stored?
Zendar will not retain your personal data for longer than is allowed under the applicable data protection laws and regulations or for longer than is justified for the purposes for which it was originally collected. As a basic principle, the data collected will be stored for the duration of the testing, research, and/or development projects.
8. What rights do data subjects have?
In the context of processing personal data of U.S. residents, certain states provide their residents with additional rights under state consumer privacy laws if such laws are applicable to the data collector/processor. For example:
California, Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:
- Confirm whether their personal information has been processed.
- Access and delete certain personal information.
- Data portability.
- Opt-out of personal information processing for targeted advertising and sales.
California, Colorado, Connecticut, and Virginia also provide their state residents with rights to:
- Correct inaccuracies in their personal information, taking into account the data’s nature and processing purpose.
- Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
Nevada provides its residents with a limited right to opt-out of certain personal data sales. However, please know we do not currently sell data triggering that statute's opt-out requirements.
If you have questions about any of these rights with respect to Zendar’s data processing, please contact us as described in Section 9 below. We will not discriminate against you for exercising any of your privacy rights.
If you have any questions or comments about this notice, the ways in which the Company collects and uses your information described here, your choices and rights regarding such use, or if you wish to exercise your rights under applicable privacy law, please do not hesitate to contact us at:
2560 Ninth St. Suite 216
Berkeley 94710, CA, USA