Privacy policy for test drives with video recording

In this privacy policy, we inform you which data is collected and processed as part of our test drives. These test drives are used to develop and validate automated driving functions and not for the targeted collection or processing of personal data. Nevertheless, personal data, in particular in the form of video recordings, may be collected and processed as part of the technical implementation.

It goes without saying that we treat all data collected with the utmost care and in accordance with the applicable data protection regulations.

1. Controller for data processing

The controller within the meaning of the EU General Data Protection Regulation (“GDPR”) for the processing of personal data collected during our test drives is:

ARRK Engineering GmbH
Frankfurter Ring 160
80807 Munich
Germany

You can contact our data protection officer at the following email address:

datenschutzbeauftragter (at) arrk-engineering.com

2. Purpose of video recording

As part of our test drives, we use cameras, Global Navigation Satellite System (location determination), as well as radar and IMU sensors (e.g. acceleration sensor) to improve the performance and safety of current and future vehicle systems. The recorded data is used to test and evaluate driver assistance systems, particularly in the field of autonomous driving, with the aim of improving and increasing road safety. For example, it is tested whether the test vehicle recognizes traffic signs, in particular speed limits, correctly and in good time, whether the assistance systems function properly and are able to reliably detect road users and basic traffic situations and control the vehicle accordingly.

Processing to identify pedestrians, individual vehicle types, their drivers or license plates is not intended and does not take place.

3 What data is recorded and processed?

The following data can be processed during the test drives:

• Video and image recordings of the surroundings (e.g. road users, license plates, road conditions) as a color image with a resolution of 2.3 megapixels
• Radar sensor images of the surroundings (point cloud with relative speeds of the detected objects)
• Internal vehicle sensor data (speed, GPS data, acceleration, system status)
• Sound recordings are not

The data collected may be personal data, i.e. information relating to an identified or identifiable natural person. Typically, these are images of people and vehicle license plates during the test drives. The sensor data alone is in no way suitable for identifying a real person (e.g. radar sensor and internal vehicle sensors).

4. Legal basis for processing

The processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR in the development and safeguarding of automated driving functions. Our legitimate interest in the development of innovative and safe vehicle systems serves to improve vehicle and road safety. Such developments and improvements serve general road safety and therefore also the common good. The functions we develop include algorithms for recognizing complex driving situations in a real environment, algorithms for preventive hazard detection in road traffic and algorithms for improved recognition of different road users and for predicting their behaviour depending on the traffic situation. Real, non-simulated traffic situations are essential for the development and validation of reliable systems.

The recording of personal data is unintentional but unavoidable during our test drives in public and is minimized through optimized camera positioning and a suitable choice of recording angle. The aim of image data collection and analysis is the recognition and classification of traffic situations and objects, not the identification of individual persons. The recorded persons, vehicles and other objects are classified and processed exclusively in classes such as “person”, “cyclist”, “motorcyclist”, ‘truck’ or “car”.

5. Data processing procedure, deletion

During test drives, data is recorded using cameras and other sensors. Remote data transmission is not used. Instead, the data is stored on an encrypted data carrier in the vehicle, removed at the end of the test drive and transferred to a secure internal server exclusively by an authorized group of people. The data on the encrypted data carrier is then deleted. The data stored on the internal server is used by us for the development and validation of vehicle systems.

As soon as the data is no longer required for further development and thus the underlying processing purpose, it is deleted or anonymized. The data is also anonymized if it does not lead to an impairment of the underlying processing purpose. The purpose of processing is impaired, for example, if the pixelation of faces makes it impossible to evaluate the direction in which people are looking or to recognize vehicles in difficult lighting conditions by making license plates unrecognizable. Earlier anonymization of the data is not possible in these cases, as it makes the clear analysis and evaluation of the traffic situation considerably more difficult or distorts the results and thus prevents the underlying processing purpose.

As soon as anonymization of the data does not prevent the purpose from being achieved, the data is anonymized by pixelating license plates and faces. Suitable state-of-the-art algorithms are used to recognize faces and license plates.

As a rule, developments that require non-anonymized data are completed after 3 years at the latest. The data is therefore usually deleted or anonymized after 3 years at the latest.

Information on how you can request the deletion of your personal data at any time can be found in section 7 (Rights of data subjects).

6. Transfer of data

Data could be transferred for future development partnerships (in particular automotive manufacturers and suppliers as well as with research institutions) if the protective measures in accordance with the GDPR are in place or if the data is anonymous. The data will only be transmitted if this is necessary for the above-mentioned purposes. We can only provide you with information about specific development partnerships on request. If a recipient of your data is located in a country outside the European Union or the European Economic Area (so-called third country), which does not have a comparable level of data protection, we will take appropriate measures to protect your personal data. These may, for example, be so-called EU standard data protection clauses.

7. Rights of data subjects

If you have been detected by one of our vehicles' sensors during a test drive or suspect that you have been detected, you can assert your rights under the GDPR at any time free of charge. Please contact us using the contact details provided in point 1.

Please note that the data collected is primarily used for the technical analysis of traffic situations and is not systematically evaluated to identify individuals. Subsequent identification and assignment of data to a specific person is therefore technically extremely complex and in most cases not possible without very precise information from you (in particular the exact place and time, but possibly also the license plate number, your involvement / role in road traffic, as well as other personal characteristics).

We will check your request, but ask for your understanding that we may not be able to assign data or, in the case of anonymization that has already taken place, we may not be able to identify you.

You can also request a deletion directly from the driver. The driver will document all relevant information and you will be informed about the deletion of your data on request. For technical and security reasons, it is not possible for the driver to access the data and delete it immediately.

You are entitled to the following rights as a data subject under the GDPR

• Right to information (Art. 15 GDPR):
  You have the right to obtain information from us at any time about the processing of your personal data.
   
• Right to rectification (Art. 16 GDPR): 
  You have the right to request the rectification of inaccurate or incomplete personal data concerning you at any time.
   
• Right to erasure (Art. 17 GDPR):
  You have the right to request the erasure of your data if the conditions specified in Art. 17 GDPR are met. Accordingly, you can, for example, request the erasure of your data if it is no longer necessary for the purposes for which it was collected or if you have objected to the processing in accordance with Art. 21 GDPR.
   
• Right to restriction of processing (Art. 18 GDPR):
  You have the right to request the restriction of the processing of your data if the requirements of Art. 18 GDPR are met. This is the case, for example, if you dispute the accuracy of your data. You can then request the restriction of processing for the duration of the verification of the accuracy of the data.
   
• Right to data portability (Art. 20 GDPR):
  Where technically feasible, we will transfer your data to another controller at your request. However, you are only entitled to this right if the data processing is based on your consent, is necessary for the performance of a contract or the processing is carried out using automated procedures. Instead of receiving a copy of your data, you can also ask us to transfer the data directly to another controller specified by you.
   
• Right to object (Art. 21 GDPR):
  If the data processing is based on your consent or on our legitimate interests or those of a third party, you can object to the processing of your data at any time for reasons arising from your situation.

We endeavor to comply with all requests within the statutory period of one month. Depending on the specific rights of the data subject or the complexity of your request, the deadline may be extended. In this case, we will inform you separately.

 ARRK Engineering GmbH takes its concerns and your personal rights very seriously. If you nevertheless believe that we have not adequately addressed your complaints or concerns, you have the right to lodge a complaint with the competent data protection authority, in particular the Bavarian State Office for Data Protection Supervision (BayLDA).

8. Security measures

We use technical and organizational measures to ensure the security of the data. These include access restrictions, encryption and regular security checks.

 9. Identification of our vehicles

You can recognize our recording vehicles by the following identification: