EU Data Protection Notice
Version 1.0 (May 15, 2023)
We, Plus Germany GmbH, Brienner Str. 45a-d, 80333 Munich, Germany, registered in the commercial register at Munich Local Court: HRB 274309 - hereinafter referred to as "Plus Germany" or “we” – develop and distribute solutions for assisted, automated and autonomous driving of vehicles (collectively "Solutions for Autonomous Driving"). These solutions are enabled by an end-to-end integration of software and hardware and they include functions for driver information and assistance, active and passive vehicle safety, and comfort (collectively our “System”). For the development, optimization and operation of our Solutions for Autonomous Driving, we use sensors, radars, lidars, and cameras to process data from vehicles equipped with our System (“Vehicles”).
We take the protection of your privacy very seriously. We work strictly in accordance with applicable data protection regulations, such as the EU General Data Protection Regulation (hereinafter "GDPR") that applies to data processing by Plus Germany.
Below we inform you about our data processing in detail, and we explain your rights:
1. Data Controller and Contact Person
Responsible for the data processing in the meaning of GDPR is Plus Germany (address and commercial register number see above, contact: firstname.lastname@example.org), partly together with cooperation partners who operate special test vehicles (see Section 3.2 below).
2. Scope of Data Processing, Purposes and Legal Grounds
The subject of data protection laws is the protection of personal data, i.e., information relating to an identified or identifiable natural person.
We process personal data relating to you depending on the type of service:
1. In order to test and develop our driving assistance systems that assist drivers (and at a later stage autonomously take over tasks) to detect obstacles, avoid accidents, to navigate on track and comply with traffic rules, we collect and process data about the Vehicle’s operation and environment (including time and location) from radars, lidars, sensors, and cameras on the Vehicle, including recordings of road traffic and traffic participants around the Vehicle as well as trigger event notifications (e.g. take over maneuvers, construction site, etc.) (hereinafter “Vehicle Test Data”).
2. In case a driver’s vehicle is equipped with and has enabled a driver monitoring system (“DMS”), we process the recording of the driver operating such vehicle caught by a camera from inside the vehicle (e.g. the face of drivers (hereinafter “DMS Data”) and generate some trigger event notifications from some DMS Data (e.g. driver inattentive).
For the services described above, it is not possible for Plus Germany to completely exclude personal data from the data that we process, in particular images of individuals may be recorded by the Vehicle cameras. However, Plus Germany never aims at identifying individuals and has no need or interest in identifying individuals; identification is irrelevant for its business purposes. Also, Plus Germany’s systems are not configured to include any identification features or purposes.
2.1 Vehicle Test Data
In order to develop and refine our Solution for Autonomous Driving, i.e. to train these systems, we need Vehicle Test Data that we collect in cooperation with our Truck Partners set forth in Section 3.2 (“Truck Partners”). We do not aim at identifying any specific individual. We do not aim at collecting or using any special categories of personal data according to Article 9 (1) GDPR and will avoid using them if incidentally recorded.
The Vehicle Test Data is recorded, transmitted, stored, and processed by us in whole or in part for the purposes of training, analyzing, and improving our assistance systems and complying with applicable laws and regulations. Analysis is done automatically by trained computers and/or manually by human review of the recordings. When doing so, Plus Germany’s systems are never configured for any personal identification. For example, traffic objects are categorized and distinguished (e.g. by shape or colors) only as vehicles, motorcycles, pedestrians, bicyclists, etc. In the case of a human review process (which is only performed on a small subset of recordings when Plus Germany deems such review to be necessary), we blur faces and license plates unless we need the raw camera recording for research and development purposes.
We process Vehicle Test Data on the basis of legitimate interests pursuant to Article 6 (1), lit. (f) GDPR. Our legitimate business interests are the review of the proper functioning of our Solutions for Autonomous Driving and the continued development and training of our System, which serves the safety of the driver and other traffic participants and the respective evaluation, development and optimization of the automated/autonomous driving and security functions.
The Vehicles in which Plus Germany's Systems are installed are marked, for example, with stickers or QR codes, which are attached to the vehicles that either will provide more information via the Truck Partners’ website or on our website.
To the extent we are required by applicable laws and regulations to keep Vehicle Data and disclose it to authorities, etc., the legal basis is Article 6 (1) lit. (c) GDPR.
2.2 Driver Monitoring System
In some cases, we provide vehicles with a DMS that requires that a camera watches the interior space of the vehicle, in particular the face of the driver for classification of attention state and gazing direction. The DMS is trained to note situations where the driver is assumed to not be paying full attention (e.g. sleeping or closed eyes, looking away, talking on the phone) and to react accordingly (e.g. by giving an alarm signal). In some cases, the drivers need to activate the DMS with a driver code. Such codes are not provided by us, but by our business partners or the fleet owners of the vehicles. While we technically may be able to distinguish a use by a driver based on the respective code, we do not have further identifying information on the drivers and do not aim at and process such codes for our own purposes. Depending on the business partner’s or fleet owner’s request, the code may at times even be shared among multiple drivers.
In general, the DMS Data is only stored and processed within the vehicle for a limited time and the camera footage is regularly overwritten upon further operation of the vehicle. During normal operations, all analysis is done on board of the vehicles and stored there, the DMS Data is not transmitted to us. In particular the camera footage can only be accessed directly on the vehicle during its storage period and will not be transmitted to us. In any event, with regard to the drivers' face images, we do not have a reference file or similar that would allow us to identify drivers; our DMS only seeks to identify facial cues that indicate that the driver was not paying sufficient attention.
When the DMS generates trigger events (e.g. driver inattentive), the trigger event, telemetric information from our System, and camera recordings from external facing cameras around the time of the trigger event (up to approximately one (1) minute before or after the incident) is transmitted to us. We process and use this data on trigger events to analyze and improve our systems (e.g. to allow remote diagnostics, review and triage issues and create and re-simulate scenarios) and as required by applicable laws and regulations. To the extent legally required, we provide information to authorities and others to whom we are legally obligated to provide such information.
We process the DMS Data on the basis of legitimate interests pursuant to Article 6 (1), lit. (f) GDPR. Our legitimate business interests are the provision of our DMS services, which serves the safety of the driver and other traffic participants and the respective evaluation, development and optimization of the security functions (vigilance control and vigilance deficit alarms). Our legitimate business interest in processing DMS Data to generate trigger events is the review of the proper functioning of our Solutions for Autonomous Driving and the continued development and training of our System, which serves the safety of the driver and other traffic participants and the respective evaluation, development and optimization of the automated/autonomous driving and security functions.
To the extent we are required by applicable laws and regulations to keep DMS Data and trigger events and disclose them to authorities, etc., the legal basis is Article 6 (1) lit. (c) GDPR.
3. Recipients of Personal Data
Within Plus Germany, only those persons who need your personal data for the respective purposes mentioned have access to it. Your personal data will only be passed on to external recipients if we have legal permission to do so or have your consent. Below you will find an overview of the corresponding categories of recipients. Depending on the purpose, data will be transmitted to external recipients in encrypted format or using pseudonymisation or anonymization technologies, such as blurring of faces and license plates.
3.1 Data Processors
Plus Germany uses other Plus group companies or external service providers, for example to provide IT services, or conducting and documenting trials, who are carefully selected and reviewed. The processors may only use the data in accordance with our instructions, and according to data processing agreements according to Art. 28 GDPR.
3.2 Truck Partners for the collection of Vehicle Test Data – Controllers or Joint Controllers
When collecting Vehicle Test Data, we cooperate with our Truck Partners. In general, we provide the systems for data collection to the Truck Partners. They carry out the test drives and provide the data to us. In case no further processing is done by them, our Truck Partners are separate data controllers.
However, for the collection of Vehicle Test Data from the test vehicles there, in some cases, is a so called joint responsibility with some of our Truck Partners (joint controllers under GDPR), in case our Truck Partners are collecting and making use of the Vehicle Test Data for their own purposes as well. The scope of joint control of the Parties is limited to the data collection and its initial storage in the test trucks with the Systems of Plus Germany. Plus Germany’s role during the collection of Vehicle Test Data is to provide the Systems. The Truck Partners role is to provide the test trucks, integrate these Systems and provide the truck drivers that will run the test drives. Once the Vehicle Test Data is collected during the test drives, each party is solely responsible for the further data processing of the Vehicle Test Data. We have described above, what Plus Germany is then doing with the Vehicle Test Data (refer to section 2.1).
For this joint data processing, a legally required agreement with the other joint controllers, our Truck Partners, has been concluded (Article 26 (1) DSGVO). These agreements describe the scope of the joint controllership and the roles of the parties as described in the preceding paragraph. Furthermore, while data protection rights (such as described below in Section 6) can be asserted both with Plus Germany and with its respective Truck Partner, we have agreed that the primary point of contact is the Truck Partner. Both the respective Parties will inform each other without delay about data subject requests, provide each other with all information necessary to respond to requests for information.
Our current Truck Partners are:
3.2.1 Scania CV AB (acting as a joint controller with Plus Germany)
Scania CV AB (publ), incorporated under the laws of Sweden, company registration No. 556084-0976, having its registered address at 151 87 Södertälje.
Scania Privacy Statement: https://www.scania.com/group/en/home/admin/misc/privacy-statement.html
3.2.2 Iveco S.p.A. (acting as a sole controller)
IVECO S.p.A. company with a sole shareholder, Via Puglia 35, 10156 - Turin, Italy
Company Register of Turin / Fiscal Code 9709770011
3.3 Public Bodies
To the extent required by applicable laws and regulations we will provide information to authorities and state institutions, such as tax authorities, public prosecutors' offices or courts, e.g. to fulfill legal obligations or to protect legitimate interests.
4. Data Processing in Third Countries
If a data transfer takes place to entities whose registered office or place of data processing is not located in a member state of the European Union, another state party to the Agreement on the European Economic Area or a state for which an adequate level of data protection has been determined by a decision of the European Commission, we will ensure prior to the transfer that either the data transfer is covered by a statutory permit, that guarantees for an adequate level of data protection with regard to the data transfer are in place (e.g., through the agreement of contractual warranties, officially recognized regulations or binding internal data protection regulations at the recipient), or that you have given your consent to the data transfer.
As a way to guarantee an adequate level of data protection, we make use of the Standard Contractual Clauses of the EU Commission on the basis of Article 46 (2) lit. (c) GDPR. You can obtain from us a copy or reference to the availability of the guarantees for an adequate level of data protection in relation to the data transfer. Please use the contact information provided under Section 1.
5. Storage Duration and Data Erasure
5.1 Vehicle Test Data
We store Vehicle Test Data, if there is legal permission to do so, only as long as necessary to achieve the intended purposes or as long as required by applicable laws (which to some extent require us to store training data of automated driving systems for longer periods). In the event of an objection to processing, we will delete your personal data, unless further processing is still required by law. We will also delete your personal data if we are obliged to do so for other legal reasons. Applying these general principles, we will usually delete Vehicle Test Data that may contain your personal data
after the legal permission has ceased to apply and provided that no other legal basis (e.g. commercial and tax law retention periods) intervenes. If the latter applies, we will delete the data after the other legal basis has ceased to apply;
if the Vehicle Test Data is no longer required for the purposes we pursue (typically ten (10) years) and no other legal basis (e.g. regulatory (i.e. potential validation of algorithms), commercial and tax law retention periods) intervenes. If the latter is the case, we will delete the data after the other legal basis has ceased to apply.
The DMS Data, in general, is only processed and stored locally on the vehicle itself (and may be accessed there during that period). There, it will generally be stored for only approximately 24 Vehicle operating hours and then irretrievably overwritten.
We store the limited DMS Data and the trigger events generated from the DMS Data that we obtain and process only for as long as necessary to achieve the intended purposes or as long as required by applicable laws (which to some extent require us to store training data of automated driving systems for longer periods). Applying these general principles, we will delete such DMS Data and DMS Data generated trigger events
after the legal permission has ceased to apply and provided that no other legal basis (e.g. commercial and tax law retention periods) intervenes. If the latter applies, we will delete the data after the other legal basis has ceased to apply
if the DMS Data and DMS Data generated trigger events are no longer required for the purposes we pursue (typically ten (10) years) and no other legal basis (e.g. regulatory, commercial and tax law retention periods) intervenes. If the latter is the case, we will delete the data after the other legal basis has ceased to apply.
6. Your Rights
Regarding personal data relating to you, you have certain rights under GDPR that we describe in this section. However, please be aware that the exercise of your rights depends on certain practical conditions and requirements, and that certain exemptions may apply.
6.1 Requirements to Exercise of Your Rights
In particular, please note that, in relation to our System described above (Section 2), we do not store your identity and do not aim or need to process that. We typically only process the images of road traffic to record the environment of the vehicle or the interior of the vehicle. An identification of data relating to you, is therefore not possible on the basis of your name or other contact information. If at all, an identification is only possible with additional information that you need to provide us (e.g. location, time and date, type of vehicle, information about their appearance, potentially an image of yourself, etc.). If identification is not possible even after providing further information (e.g. because we only store blurred images), we will explain this to you.
Furthermore, due to the nature of the data, typically camera footage, it is not possible to implement some rights such as rectification or restriction, while a deletion might be possible. Again, we will explain to you what we can do in a particular case.
Finally, when applying your rights, we may need to protect the rights of other individuals (e.g. when a camera footage covers other persons apart from yourself), so redactions etc. may be required.
6.2 Right to Access
Subject to Section 6.1, you have the right to receive information about your personal data stored by us, as well as a copy of your data.
6.3 Right to Rectification and Erasure
Subject to Section 6.1, you can demand that we correct incorrect data and, if the legal requirements are met, delete your data.
6.4 Restriction of Processing
Subject to Section 6.1, you can demand that we restrict the processing of your data, provided that the legal requirements are met.
6.5 Data Portability
Subject to Section 6.1, if you have provided us with data on the basis of a contract or consent, you may, if the legal requirements are met, demand that the data you have provided us with are handed over in a structured, common and machine-readable format or that we transfer it to another controller.
You have the right to object at any time to data processing by us based on the safeguarding of legitimate interests for reasons arising from your particular situation. If you make use of your right to object, we will stop processing the data unless we can prove compelling reasons for further processing worthy of protection which outweigh your rights and interests (e.g. because the storage is required by law or it is required for safety reasons). This Section 6.6 is subject to the limitations set forth in Section 6.1.
6.7 Right to lodge a complaint with a supervisory authority
You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. You can contact the supervisory authority responsible for your place of residence or your country or the supervisory authority responsible for us, i.e. Bayrisches Landesamt für Datenschutzaufsicht, https://www.lda.bayern.de/de/index.html.
6.8 Your Exercise of Your Rights
You can contact us free of charge if you have questions regarding the processing of your personal data and your rights as a data subject. Please contact us at email@example.com or by letter mail to the address provided in the introductory paragraph. Please make sure that we can definitely identify you.