Wayve is strongly committed to protecting your personal data. This privacy statement outlines what data we process, personal or otherwise, how we process that data, our responsibilities as controllers of that data, and your data rights.
Personal data refers to any information relating to an identified, or an identifiable person. Wayve processes personal data in the context of its legal and legitimate activities. We also process general information that is not used to identify you and is not considered personal data.
Processing refers to any operation or set of operations that we may perform on your personal data. We will only process your personal data when it is legal for us to do so and when it is for:
The purposes of our legitimate interests, except where those interests are overridden by your legitimate interests, or your fundamental rights
In order to comply with our legal obligations
When we have your prior informed consent
We do not collect any marketing data, or profile data e.g. usernames and passwords.
We process your personal data when you contact us, or when you apply for a job with us.
This personal data includes:
Your first name
Your last name
Your social media identifier
Your date of birth
Your employment history/references
Any unspent criminal convictions and offences
Your driving licence records
Your postal address
Your email address
Your telephone number
Your bank account and card details
We do not hold ‘special category’ data on you. This is data relating to your ethnic or racial origins, your political opinions, your religious or philosophical beliefs, your trade union membership, your genetic or biometric data, your health data, or data concerning your sex life or sexual orientation.
We also process your personal data when you interact with our website. This includes:
How you use and interact with our website
Your computer’s IP address and location
Your computer’s browser type
Your computer’s time zone
Your computer’s operating system
Your computer’s hardware (CPU and GPU)
In addition, we process general information that is not defined as personal data.
When we drive our vehicles on the road we process sequences of instantly captured data in real-time, and offline, in the form of images. We process these images for the purposes of predicting the motion of objects in our immediate environment, not to track, or identify individuals. In other words, we are passive observers of an ever-changing scene and our algorithms classify agents (e.g. pedestrians, cars etc.) in our environment as objects distinguishable between themselves, but not as directly identifiable people.
Is this data considered personal data?
No. The images in our video feeds are clear enough that we are able to distinguish one person from another. We process this data for the legitimate purpose of predicting the movement of objects in our immediate environment, not to identify data subjects. As such, the data we process from our images is not considered personal data. For more information see the Regulation (EU) 2016/679 (General Data Protection Regulation). There are two further key points to consider here:
The data subjects in our images are not directly identifiable from the image information alone, and do we not collect additional information, such as a name, or a date or birth. For more information see the Information Commissioner’s Office Guide to the General Data Protection Regulation, 2019. As such, we cannot directly identify a data subject without collecting and combining additional information.
We process this data by classifying objects as objects, not to track or identify people, and this classification does not persist across the data we collect in a given set of video images. For example, we are only concerned with the predicted path of an object in our immediate field of view, and clearly distinguish between objects that might leave our field of view and return several seconds later. This means we cannot detect whether a specific pedestrian has returned to the scene, just that another pedestrian is in our field of view.
There is a small chance that an individual or an organisation could reconstruct the data we process in such a way that the data subjects are identifiable. For example, by taking the raw images and combining them with additional information they may hold. We mitigate this through stringent security measures and only retain this data for as long as is absolutely necessary for our legitimate purposes.
Using Your Personal Data
We use your personal data to:
Fulfill the services we owe to you, or you have requested we fulfill for you
Conduct financial transactions between us and you
Verify the personal data we hold on you
Send you information relevant to the services you have asked us to provide
Carry out our legal obligations and/or enforce our legal rights
Enable greater website functionality
We do not transfer your personal data outside the EU, or allow third party access to it, unless we are legally obligated to do so.
Our Responsibilities as Data Controllers
We take our personal data responsibilities very seriously. We will only ever process your personal data in accordance with the Regulation (EU) 2016/679 (General Data Protection Regulation), and the UK’s Data Protection Act 2018.
We will always obtain your consent before we process your personal data, and we always protect your personal data against unauthorised, or unlawful processing, or breaches.
Your Data Rights
Under the Regulation (EU) 2016/679 (General Data Protection Regulation) you have certain data rights pertaining to your personal data that you may exercise at any time:
You have the right to access any of your personal data held by us
You have the right to request we rectify the personal data we hold on you, for example, to rectify an incorrect address or date, or date of birth
You have the right to have the personal data we hold on you erased
You have the right to restrict the processing of the personal data we hold on you, for example, you may request that we limit the personal data we collect or hold on you
You have the right to receive the personal data that you have provided us and that we hold on you
You have the right to object to the processing of personal data we hold on you, for example, you may request that we do not process any of your personal data; however, this may impact on our ability to provide you with the services you need fulfilling.
You have the right to request transfer of personal data and the right to withdraw your consent.
In all cases you must inform us in writing using this email address: firstname.lastname@example.org
We will aim to respond to your request within 1 month, and without delay. If you request that we erase or rectify your personal data, then we will notify you when we have done so.
Storage of Personal Data
Your personal data is accessible to a limited number of people in Wayve for the sole purpose of processing your data legally and legitimately. We will keep your personal data and other general information for no longer than is absolutely necessary for us to carry out our legal and legitimate activities.
Complaints and Questions
If you need to make a complaint about how we process your personal data, please email our Data Protection Officer email@example.com with the details of your complaint.
You always have the right to make a complaint through the ICO here.
If you have further questions about your data rights ,or about how we process your personal data, please see the Regulation (EU) 2016/679 (General Data Protection Regulation) and the ICO’s Guide to the General Data Protection Regulation (GDPR), or email our Data Protection Officer: firstname.lastname@example.org.