Purpose of this Privacy and Security Notice
If you are an authorised user of our Platform
This Privacy and Security Notice aims to provide other legal entities with the Bosch group and Bosch group business customers or potential business customers (“Clients”), and their authorised users (“you”), with information about how we collect and process personal information in connection with the provision of our Platform Services to Clients (in the case of our potential business customers being the access to a demonstration version of our Platform for demonstration purposes).
If you are a member of the public
Clients may share their own real world driving footage with us so that we may process this data and prepare and produce scenes and simulation environments on their behalf. This footage may contain information relating to members of the public. We explain how we process this footage in our
general privacy notice, which considers our broader use of real-world driving footage in greater detail.
Authorised users
In order to provide you with access to our Platform, we need to collect minimal amounts of personal information about you. Aside from our collection of Platform Analytics (see below), we will only process the personal information you provide, strictly on behalf of Clients (your employer) and in accordance with their instructions. This means, for the most part and for the purposes of applicable data protection laws, our role will be limited to that of a data processor. Your organisation, the Client, will be the party responsible for making decisions about how your personal information is processed (the data controller).
Platform Analytics and User Feedback
We collect data about your use of our Platform and use platform analytics to understand how our Services are used so that we may improve them. From time to time we may also ask you to give feedback on our Platform and our Services on a voluntary basis. To the extent possible all of this information will be aggregated and anonymised to ensure you cannot be identified by such information. We will be the party responsible for making decisions about how your personal information is processed (the data controller) in respect of this information.
If you have any questions about your personal information, how we look after it or if there are any changes to your personal information, please contact us using our contact details below:
Email address: privacy@five.aiPostal address: Privacy, Five AI Limited, Kett House, Station Road, Cambridge, CB1 2JH
Authorised users - information you give us
This includes:
- Account and contact details: When you create an account, you provide us with at least your login credentials, as well as some basic details necessary for the service to work, such as your name, email address, phone number and/or Slack ID.
- Customer service: If you contact our customer service team, we collect the information you give us during the interaction. Sometimes, we monitor or record these interactions for training purposes and to ensure a high quality of service.
- User feedback: From time to time, we may ask you to give feedback on your experience and thoughts on our Platform or our Services on a voluntary basis.
Authorised users - information we receive from others
In addition to the information you provide to us directly, we receive information about you from others, including:
- Your organisation, the Client: your organisation, the Client, may provide us with your name and contact information to facilitate the account creation process;
- Sign-in Authentication providers: We use third party authentication providers to secure our Platform. We ask when you sign into our Platform to do so through these providers. When you do so we will receive additional information linked to your profile, this can include your name, nickname, email address, phone number, business address, picture and profile URLs, date of birth, country and timezone.
Authorised users - information collected when you use our services
- Device information: We collect information from and about the device(s) you use to access our services, including:
- hardware and software information such as IP address, device ID and type, device-specific and apps settings and characteristics, app crashes, browser type, version and language, operating system, time zones, identifiers associated with cookies or other technologies that may uniquely identify your device or browser (e.g., IMEI/UDID and MAC address).
- Usage Information: We collect information about your activity on our services, for instance how you use them (e.g., date and time you logged in, features you’ve been using, and searches, clicks and pages which have been shown to you) and how you interact with other users (e.g., interaction with admin accounts, time and date of your exchanges, number of messages you send and receive).
- Location data: approximate location data (based on your IP address) will be collected in order to manage your sign in to our Platform and to the extent necessary, to provide our services,
Please see section 11 (Cookies and similar technologies) below for more information on why we use cookie derived information and how you can better control this use, through your browser settings and other tools.
Data protection laws require the parties responsible for personal information processing to disclose to individuals the purposes they use their personal information for and their legal basis for processing that information.
Our processing of your information is limited to:
- processing necessary for the provision of our Platform Services to you and your organisation, the Client.
This includes, registration and account management, customer support and communicating with you about the services
- our use of data analytics,
which we use to monitor and improve our Platform.
- our use of voluntary user feedback,
which we use to improve our Platform and Services.
As a data processor we rely on your organisation’s legal basis to process your personal information. Clients’ legal basis in these circumstances tends to be either (i) contract necessity (depending on the nature of your role); or (ii) their legitimate interests to provide you access to our Platform to assist in the performance of your role.
As a data controller, we rely on our legitimate interests to use user feedback and data analytics to monitor the usage of and make improvements to our Platform or our Services, and/or where necessary (due to the use of cookies and similar technologies - see section 11 (Cookies)), your consent.
Less routinely
We may also process your personal information if we are required to do so to ensure legal compliance. This includes processing necessary to comply with legal requirements, assist law enforcement and enforce or exercise our rights, for example the terms of our Agreements with Clients.
We may share your personal information with the parties set out below, for the purposes set out in section 4 above.
Clients
Your organisation may receive personal information relating to your use of our Platform for billing purposes, and to manage their authorised users.
With our service providers and partners
We use third parties to help us operate and improve our services. These third parties assist us with various tasks, including customer support, personal information hosting and maintenance, sign-in authentication, software development, data labelling, analytics, and security operations.
With other Bosch Group businesses
We may share your personal information with other Bosch group entities for them to assist us in processing your personal information, as service providers, upon the Client’s instructions and on their behalf.
Where we process information as a data controller, or in response to a legal requirement, we may also share information with other Bosch Group entities for legitimate business purposes such as corporate audit, analysis and consolidated reporting as well as compliance with applicable laws.
A list of these Bosch Group entities is available on request.
In corporate transactions
We may transfer your personal information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.
When required by law
We may disclose your personal information if reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government / law enforcement investigation or other legal requirements; (ii) to assist in the prevention or detection of crime (subject in each case to applicable law); or (iii) to protect the safety of any person.
To enforce legal rights
We may also share information: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you or Clients; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
We work with several trusted third-party vendors who operate globally, meaning it can necessary to send your personal information outside of your country. In doing so we ensure that we have in place adequate safeguards to do so as required by applicable data protection laws. This includes standard contract clauses approved by the European Commission and/or the UK, or other suitable safeguards to permit personal information transfers from the European Economic Area (“EEA”) and the UK to other countries.
In certain circumstances, for example if you live in the UK and the European Economic Area, you may exercise the rights available to you under applicable data protection laws as follows:
- If you wish to access, correct, update or request deletion of your personal information.
- You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
- If we have collected, and process, your personal information with your consent, then you can withdraw your consent at any time. This may mean your access to certain services is restricted or denied as a result. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
You can exercise your rights at any time by contacting us using our contact details above, or contacting your organisation directly.
We respond to all requests we receive from users in accordance with instructions from Clients and applicable data protection laws. We may ask you to provide proof of identity before we can answer the above requests, or ask you to engage with your organisation directly. In some cases, we may reject requests for certain reasons (for example, if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user).
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, officers, consultants, agents, contractors and other third parties who have a need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your personal information will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this Privacy and Security Notice or as otherwise required by applicable law. As a minimum, information is likely to be retained at least for as long as your organisation, the Client, is a client of ours.
This section of the Privacy and Security Notice explains what cookies are, what types of cookies are placed on your device when you use our Services.
What are cookies?
Cookies are small text files that are sent to or accessed from your web browser or your device’s memory. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e. when it expires) and a randomly generated unique number or other identifier. A cookie also may contain information about your device, such as user settings, browsing history and activities conducted while using our Platform.
Who can drop cookies?
First-party cookies are placed on your device directly by us. For example, we use first-party cookies to secure our Services and better understand your use of our Platform.
Third-party cookies are placed on your device by our partners and service providers. For example, third-party cookies are used on our Platform to facilitate the sign-in authentication process (please see Okta’s own privacy policy for more information about what cookies Okta places for authentication) or, with your consent, to analyse how our Platform is being used (please see the section on
Google Analytics below).
How long does a cookie stay on my device?
There are session cookies and persistent cookies. Session cookies only last until you close your browser. We use session cookies for a variety of reasons, including to learn more about your use of our Platform during a single browser session. Persistent cookies have a longer lifespan and aren’t automatically deleted when you close your browser.
Are other tracking technologies used?
Other technologies (which we also call cookies) that we use and could use include web beacons (also called pixel tags or clear gifs), tracking URLs or software development kits (SDKs). Web beacons are tiny graphics files that contain a unique identifier that enable us to recognise when someone has visited our Platform or opened an e-mail that we have sent them. Tracking URLs are custom generated links that help us understand where the traffic to our webpages comes from. SDKs are small pieces of code included in apps, which function like cookies and web beacons.
What are cookies (and other tracking technologies) used for in our Platform?
Like most providers of online services, we use cookies to provide, secure and improve our Platform, including by remembering your preferences and recognizing you when you visit our Platform. To accomplish these purposes, we also may link information from cookies with other personal information we hold about you.
We use cookies and similar technologies in some or all of the following ways when you use our Services:
-
Cookie type
Essential cookies
What does it do?
These cookies are strictly necessary to provide you with services available through our Platform and to use some of its features, such as signing in to our Platform. The legal basis for the use of essential cookies is our legitimate interest (Article 6(1)(f) GDPR). We do not ask for your consent before placing essential cookies.
-
Cookie type
five_auth, five_auth_csrf
What does it do?
These cookies allow us to recognise users during their time on our Platform and perform essential security functions such as request forgery prevention. These cookies only remain in place for the user’s session and at most a period of 10 hours following a user’s session.
-
Cookie type
Analytics cookies
What does it do?
These cookies help us understand how our Platform is being used, and help us customize and improve our Platform for Clients and Authorised Users. In order to properly perform their function these cookies need to be persistent. How long each cookie lasts is set out in the list below. The legal basis for the use of Analytics Cookies is your consent (Article 6(1)(a) GDPR) and we will ask for your consent before placing these cookies.
-
Cookie type
_ga, _ga_<container-id>
What does it do?
These are the main cookies used by Google Analytics, to distinguish one visitor from another and to track sessions, respectively. These last for two years. Each ‘_ga’ cookie is unique to the specific property, so it cannot be used to track a given user or browser across unrelated websites. For our use of Google Analytics see further “Google Analytics”.
-
How can you control cookies?
Browser and device controls. Some web browsers provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer. The procedure for managing cookies is slightly different for each internet browser. You can check the specific steps in your particular browser help menu. You also may be able to reset device identifiers by activating the appropriate setting on your mobile device. The procedure for managing device identifiers is slightly different for each device. You can check the specific steps in the help or settings menu of your particular device.
Google Analytics. We use Google Analytics, which is a Google service that uses cookies and other data collection technologies to collect information about your use of our Platform, in order to create reports and statistics about how our Platform is used to help us improve and develop our Platform. Data collected is de-identified and aggregated; it is not processed in a way to directly identify anyone. We use Google Analytics with the additional functionality offered by Google to anonymise IP addresses. We do not use the advertising features of Google Analytics. More information about how Google Analytics works and data privacy can be found at
How Google uses cookies – Privacy & Terms – Google,
How Google uses information from sites or apps that use our services – Privacy & Terms – Google,
Safeguarding your data - Analytics Help (google.com). You will be given an option to block or allow analytics cookies the first time you log in to the platform. You can change your cookie settings when you are on the platform at any time by visiting the privacy page on the settings menu. Alternatively, to block Google Analytics Cookies generally you can download the Google Analytics opt-out browser add-on at
https://tools.google.com/dlpage/gaoptout.
What happens if I disable all cookies?
The changes you make to your cookie preferences may make browsing our Platform a less satisfying experience. In some cases, for example in relation to sign-in authentication, you will find yourself unable to use our Platform.
More information
To find out more about
how cookies work, how to manage and delete them and to see which ones have been set please visit
www.aboutcookies.org or
www.allaboutcookies.org.
This Privacy and Security Notice may be amended from time to time. We will post any changes we may make on
www.five.ai/plaform-privacy-and-security-notice and, where appropriate, may notify you via e-mail or through our Platform. When amendments are made, we will update the "last updated" date at the top of this Privacy and Security Notice.
