General Privacy Policy (EU)

Zendar GmbH and Zendar SAS (collectively, “Zendar” or the “Company,” or “we” or “us”) are technology companies developing high-definition radars and related technology. We consider your privacy a top priority and are committed to protecting your privacy at all times. Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it.

Scope and Applicability

This Policy describes the types of information we may collect from you or that you may provide when you visit the website Zendar.io (the “Website”), communicate with us through a “zendar.io” email address, or otherwise provide us with information, including through a third party on your behalf (e.g., recruiter) (collectively, the “Communications”), and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This Policy only applies to individuals who are located within the European Economic Area (“EEA”) and the United Kingdom (UK), and supplements our General Privacy Policy (US) (available under “Privacy Policies” on our Website). Terms used but not defined herein have the meanings ascribed to them in Art. 4 of the General Data Protection Regulation (“GDPR”).

Responsible Parties

If you live within the EEA, the data controller responsible for your Personal Data is Zendar GmbH or Zendar SAS, as applicable. If you live outside the EEA, the data controller responsible for your Personal Data is Zendar Inc.

If you have any questions about this Privacy Policy, or have any questions, complaints, requests regarding your Personal Data, or would like to exercise any of your rights, you can contact us as described below:

Zendar GmbH
Kemptener Str. 99
88131 Lindau, Germany

Zendar SAS
38 rue de Berri
75008 Paris

Zendar Inc.
2560 Ninth St. Suite 216
Berkeley 94710, CA, USA

You can contact our Data Protection Officer by e-mail at [email protected].

Information We Collect About You and How We Collect It

Most of the information we collect from you is in the context of receiving and responding to your inquiries (either through our Website or otherwise through a zendar.io email address), job applications, or in connection with providing you with employment. In particular, we collect Personal Data from the following sources:

• Directly From You: We collect information when you send an inquiry through the “Contact” page on our Website, subscribe for a newsletter, email us directly, submit a job application or resume, in the scope of your employment with the Company, or from your computer when you visit our Website.
• From Third Parties: We collect information from our service providers, such as recruiters, job listing platforms, or HR or payroll platforms.
• Combining Information: We may combine information received from third parties with information already stored.

From these sources, we may collect the following categories of Personal Data in the manner described:

• General identification information – We may process your name, contact information (including home address and phone number), citizenship, and country of residence, date of birth, gender, and languages spoken, when you provide such information to us through the “Contact” page on our Website, when you email us directly, or when you subscribe to receive our newsletter through our Website. We may also receive such information from our third party service providers on your behalf (e.g., recruiters or job listing websites).
• Professional information – We may process information related to your profession including (without limitation) your job title, professional email address and phone number and your role/responsibility when you provide such information to us or apply for a job within the Company either directly or indirectly through a third party on your behalf.
• Information relating to sourcing and procurement – We may process information necessary for the provision of the services or the selling of the products including (without limitation) your contact details and financial details when you provide services or sell products to the Company or when the Company provides services or sells products to you.
• Other Information you choose to share with the Company – We may process Personal Data you choose to share with us, including (without limitation) information you share when you contact us for information about products or services, or inquire about job openings. This includes information provided at the time of requesting information from us, including name, email addresses, employment history, and any attachments.
• IP Address - We may process your IP address, which is necessarily sent from your device to our Website server each time you visit our Website.
• Visitor information – We may process your name, contact details, and car license plate when you visit our premises for the Company’s security.
• Survey results – We may process your responses to questions in our customer surveys upon your consent and/or voluntary submission.
• Proof of identity – We may, in certain circumstances, ask for a copy of your identity card or other proof of your identity (e.g. driver’s license) when you send a data privacy request to us or visit our premises for the Company’s security.
• Images and Vehicle Information - We may process your Personal Data obtained through camera recordings from our test vehicles for testing, research, and development purposes. See our Privacy Policy for Cameras in Vehicles for more information.

You are not obliged to provide us with your Personal Data and no consequences will arise from not providing it.

In addition, we do not use cookies or other automatic data collection techniques on our Website. Nor do we use automated decision making in the context of Art. 22 of the GDPR.

For more information on the information we collect, please see our General Privacy Policy (US) (available under “Privacy Policies” on the Website).

How We Use Your Information and the Legal Basis For Such Use

We only process your Personal Data as described in Section 3 above when we have a valid legal basis for processing under applicable data protection laws.

The main information collected and processed from our Website is information you submit in a request for information or when you subscribe to our newsletter. In both cases, we obtain your consent to collect and process your Personal Data for the purposes submitted (Art. 6 (1) (a) GDPR). Our Website server may collect information, such as your IP address, from your device when you visit our Website. The legal basis for processing this data is the proper and secure provision of the Website as a legitimate interest (Art. 6 (1) (f) GDPR).

We also collect and process information received from our third party recruitment/job listing service providers when you submit information to apply for a job with Zendar. In such cases, we or our service providers obtain your consent to collect and process your Personal Data for the purposes you submitted (Art. 6 (1) (a) GDPR) or, alternatively, have a legal basis under (Art. 6 (1) (b) GDPR), to fulfill our obligations in considering you for employment with the Company.

Similarly, we collect and process your Personal Data when you become employed with Zendar. In that case, we process your Personal Data in order to perform under our employment contract (Art. 6 (1) (b) GDPR).

We may also have a legitimate interest in collecting and processing your Personal Data to, for example, operate our business, purchase or sell goods and services, provide customer service, or to protect Company property or personnel (Art. 6 (1) (f) GDPR).

Finally, we may process your Personal Data when we are required to do so by national or European law (Art. 6 (1) (c) GDPR).

For more information on how we use your information, please see our General Privacy Policy (available under “Privacy Policies” on our Website).

For more information on our collection practices for applicant and employee Personal Data, please see our Notice at Collection for Applicants and Employees (available under “Privacy Policies” on our Website).

Disclosure of Your Information

Zendar treats Personal Data with care and confidentiality. We only pass data to our affiliates and third parties to the extent described here and within the scope of the purpose limitation under data protection law.

Zendar may disclose Personal Data as described in this Policy to the following categories of recipients:

• To Zendar affiliates: Zendar Inc. is the corporate parent of Zendar GmbH and Zendar SAS. Due to shared corporate IT systems, and because of the international nature of our business, Personal Data collected and processed by Zendar GmbH and Zendar SAS can be shared with or accessed by Zendar Inc. and its subsidiaries for the purposes above.
• To IT and collaboration service providers and other service providers: For technical reasons, we use external IT and related collaboration service providers who provide server infrastructure, IT maintenance tasks, IT solutions (such as cloud services), and/or software solutions on behalf of Zendar. We also use other service providers to support our business. These service providers may have access to the Personal Data to the extent necessary to perform such services for Zendar. When disclosing your Personal Data to third parties that will process your Personal Data on Zendar’s behalf, your Personal Data will only be disclosed to carefully selected data processors acting on the basis of Zendar’s instructions to comply with the applicable legal and contractual obligations. Such service providers will process the data on our behalf in accordance with this Policy as “processors.”
• If Zendar is under a duty to disclose or share your Personal Data in order to comply with any legal obligation or to protect the rights, property or safety of Zendar, its customers or others. This includes exchanging Personal Data with public authorities (including judicial and police authorities) or insurance companies, in the event of, for example, a cyber security incident.

Zendar does not share, sell, rent, or trade Personal Data for any promotional purposes.

Data Security

Zendar has implemented appropriate technical and organizational measures to ensure an appropriate security level for the risk involved. The risk analysis takes into account the risk of infringing against the rights of individuals concerned, the costs for implementation, as well as the type, extent, context and purposes of the data processing.

These measures include:

• Monitoring of the Company’s IT systems in order to detect and prevent misuse.
• Storing Personal Data on secure servers behind firewalls.
• Continuous testing, assessing, and reviewing of the Company’s security measures to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services in connection with the processing, as well as the effectiveness of the technical and organizational measures for ensuring the security of the processing.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted through the Communications. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website or with respect to any Communications.

How Long is Your Data Stored

Zendar will not retain your Personal Data for longer than is allowed under the applicable data protection laws and regulations or for longer than is justified for the purposes for which it was originally collected. Zendar will delete the Personal Data when we no longer need it for the purposes for which it was collected, unless Zendar is required by law to keep data for a certain period of time.

International Data Transfers

Personal Data collected in Germany is stored in Germany or otherwise within the EEA, and Personal Data collected in France is stored in France or otherwise within the EEA. In addition, due to shared corporate systems, and because of the international nature of our business, Personal Data collected and processed by Zendar GmbH and Zendar SAS may be shared with, accessed by, and/or stored with Zendar GmbH and Zendar SAS’s corporate parent, Zendar Inc. and its subsidiaries and service providers, and/or may be collected directly by Zendar Inc., outside of the EEA and UK, including the United States of America (and, specifically, within the State of California).

Where Personal Data is collected, transferred, and/or stored outside of the EEA and the UK, Zendar guarantees compliance with the current standard contractual clauses of the European Commission. Appropriate safeguards are thus established to ensure an appropriate level of data protection outside the European Union as well.

If you wish to receive more information relating to the transfers of your Personal Data outside the EEA and the UK and/or the safeguards that have been implemented, you can contact the Zendar Data Privacy Officer or [email protected].

Your Data Privacy Rights Under the GDPR

In the context of the processing of Personal Data, data subjects are entitled to the following rights under GDPR:

• Right of access: The right pursuant to Art. 15 GDPR to obtain a copy of the information from the data controller as to whether or not Personal Data concerning you is being processed. Where that is the case, you have the right to obtain access to the Personal Data and information on how they are processed.
• Right to rectification: The right pursuant to Art. 16 GDPR to obtain from the controller without undue delay the rectification of inaccurate Personal Data as well as the right to have incomplete Personal Data completed.
• Right to erasure (“right to be forgotten”): The right to pursue Art. 17 DSGVO to obtain from the controller the erasure of Personal Data concerning you without undue delay, if the conditions of this provision are met.
• Right to object: The right pursuant to Art. 21 GDPR to object at any time to processing of Personal Data which is based on legitimate interests pursuant to Article 6(1)1(f) GDPR. In case of an objection to the processing, your Personal Data will no longer be processed for these purposes, unless compelling legitimate grounds for the processing can be demonstrated which override the interests, rights, and freedoms of the data subject. For more information on your right to object, see Section 10 below.
• Right to restriction of processing: The right pursuant to Art. 18 GDPR to obtain restriction of processing, if the conditions of this provision are met.
• Right to data portability: The right pursuant to Art. 20 GDPR to receive the Personal Data in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller, if the conditions of this provision are met.
• Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, the data subject that considers the processing of Personal Data relating to him or her infringes the General Data Protection Regulation has the right pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement.
• Right to withdraw consent: Where we rely on your consent as the legal basis for processing your Personal Data, as set out on Section 4 above, pursuant to Art. 7 GDPR, you may withdraw your consent at any time by contacting us. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

You can exercise the foregoing rights at any time by contacting us (see contact details above under Section 2). In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your Personal Data.

For the rights of US residents, see our General Privacy Policy (US) (available under “Privacy Policies” on our Website).

Right to Object

You have the right to object to the processing of your Personal Data that we process based on legitimate interests as described in Section 4 above. If you file an objection, we will, based on the information provided, re-evaluate the grounds for the processing, and whether they outweigh your interests, rights and freedoms or the processing, e.g. where the processing is necessary to assert, exercise, or defend legal claims or to fulfill a legal obligation, and, if possible, stop further processing and delete your data if this is not the case. You can exercise this right by contacting us (see contact details above under Section 2).

Use of Cookies

“Cookies” are a small piece of information sent to your device and stored on its hard drive to allow websites to recognise you when you visit. We do not collect any cookies.

Changes to Our Privacy Policy

We reserve the right to amend this Privacy Policy at our discretion and at any time. When we make changes to this Privacy Policy, we will post the updated notice on our Website and update the Policy’s effective date. Your continued use of Communications following the posting of changes constitutes your acceptance of such changes.

Contact

If you have any questions or comments about this notice, the ways in which the Company collects and uses your Personal Data as described here, your choices and rights regarding such use, or wish to exercise your rights under applicable privacy law, please do not hesitate to contact us as set forth in Section 2.

Please note that under many countries’ laws, you have the right to lodge a complaint with the supervisory authority in the place in which you live or work. A full list of EU supervisory authorities’ contact details is available here.