Co-founder and CEO of Applied Intuition, former COO and Partner of Y Combinator.
Topics of this page
The data controller is:
(“Vay”; “We” “Us” “Our”)
The contact person for your data protection questions is our data protection officer. You can contact our data protection officer at the above address or by emailing to email@example.com and/or firstname.lastname@example.org.
Vay is a technology company developing teledriven and automated vehicles as well as next generation mobility services. Our vehicles are operated by so-called teledrivers who control the vehicle remotely from our teledrive stations located in our Berlin headquarters and/or our local offices (“teledrive centers”).
Our vehicles are equipped with sensors (i.a. radar, ultrasound, GPS/location sensors) and cameras on every side of the vehicle. These cameras collect a 360°-live stream of video footage which is on average buffered for a duration of under 1 second. The video recordings are used by our teledrivers to participate in road traffic in any given operational terrain. For this purpose, pedestrians, road markings, cars, motorcycles, bicycles and other objects in the surroundings of the test vehicle as well as their position and movement in relation to our test vehicles are processed.
Our vehicles are also equipped with microphones, providing our teledrivers with audio recordings (e.g. sirens) to hear what is happening in the surrounding of the vehicle. We recreate an equal audio environment of a traditional driver located inside a vehicle in order to participate safely and legally compliant in road traffic in any given operational design domain . Audio Recordings help our teledrivers to recognize the approach of an emergency vehicle and to clear the roadway for such vehicles or to respond to other road users and traffic situations.
Personal Data we process may contain the following personal information, depending on the individual position to and interaction with the test vehicle:
Most importantly Vay is not interested in identifying individuals on the basis of the collected data and none of our systems is configured to do so. However, due to the technical nature of the described processing, we cannot rule out that a natural person might become theoretically identifiable through our processing activities.
Vay uses its marked test vehicles for research, development, testing and validation of its services on private and public grounds. The test vehicles are equipped with cameras, sensors (i.a. radar, ultrasound, GPS/location sensors) and microphones. The purposes for which Vay processes personal data may include:
The primary legal basis for the collection, processing and storing of the above-mentioned data by Vay is the protection of legitimate interests pursuant to Article 6 (1) lit. f GDPR:
Additionally, we may be obliged to process certain data due to statutory obligations under national or European law. In these cases, the legal basis for the collection, processing and storing of the above-mentioned data is Art. 6 (1) lit. c GDPR.
Vay secures your data utilizing state-of-the-art technologies, consisting of but not limited to the following security measures which are applied to protect your personal data from misuse or other unauthorized processing:
Vay treats personal data with care and confidentiality. We only pass data to third parties to the extent described here and within the scope of the purpose limitation under data protection law.
Categories of recipients to whom data may be disclosed in the context of this processing are in particular:
We do not share, sell, rent, or trade personal data for any promotional purposes. All of these service providers are carefully selected and contractually committed to process data only in accordance with our instructions and the GDPR as well as to ensure the protection of the rights of the data subjects.
We store the data only for the duration of the aforementioned research, development, testing and safety purposes.
The data collected for the safe operation of the vehicle as described in Section 3 above is streamed in real-time (with a buffer of under 1 second) and may be stored for later analysis, research and development purposes as described under Section 4 of this policy in a pseudonymized form or as clear data, in case the data is required for incident- or accident management as described in Section 4 above. In some cases, legal provisions (e.g. our exemption permits for test operations granted by the respective authorities) or other (legal) obligations and requirements may require us to store the data for a longer period. After this duration, your personal data will be deleted or stored in an anonymized form that cannot be traced back to you.
In the context of the processing of personal data, data subjects are entitled to the following rights under GDPR:
Information about your Right of Objection under Article 21 of the GDPR
You have the right, for reasons arising from your particular situation to object to the processing of your personal data, that we process based on legitimate interests as described in Section 4 above. If you file an objection, we will, based on the information provided re-evaluate the grounds for the processing and whether they outweigh your interests, rights and freedoms or the processing, e.g. where the processing is necessary to assert, exercise, or defend legal claims or to fulfill a legal obligation, and, if possible, stop further processing and delete your data if this is not the case.
If you have any questions regarding your data or if you would like to exercise your rights as a data subject, please do not hesitate to contact us via email@example.com and/or firstname.lastname@example.org.
This Privacy Statement also describes our information practices and the choices available to you under EU data protection laws regarding our use of information of your personal data, including under the EU General Data Protection Regulation (“GDPR”).
You can contact our Data Protection Officer at the above address or by emailing to email@example.com.
Depending on how you interact with us, we process different kinds of data and in different ways. Accordingly, the extent and purpose of the data processing will vary depending on the situation:
Some data is automatically processed if you visit our Website (see Section 1. below). Other data is only processed if you actively submit it to us, like using our web forms to get in touch with us or apply for an open role at our company (see Section 2. below) or, when registering for our newsletters (see Section 3. below).
When we provide our Website to you, for technical reasons, it will be necessary for us to process personal data. These are data that we automatically process for every visitor when the Website is accessed.
Data that we automatically collect when you use our Website:
We process Website Usage Data to allow you to surf the Website and to ensure its functionality. We also process aggregated Website Usage Data to perform analyses on the performance of the Website, to continuously improve the Website and correct errors, to ensure IT security and operation of our systems, as well as to prevent or uncover abuse. We further process this data to improve the user experience on our Website and guarantee the safety of our IT systems. We are not able to identify you as an individual, based on such Website Usage Data (data processing will remain pseudonymous at all times).
The abovementioned processing purposes represent our legitimate interests. The legal basis for processing Website Usage Data in server log files is, hence, Art. 6 (1) lit. f) of the GDPR.
We offer interested parties the possibility to contact us through our website forms or by emailing us. You might contact us either because you have a sales or customer support inquiry or because you’d like to apply for an open position with our company. In both cases we will process your personal data only for the purpose of complying with your request.
Personal data includes, in particular, information about you (e.g. first and last name) and contact information (e.g. address, telephone number, e-mail address) including the data resulting from any attachments you send along (e.g. CV, cover letter, certificates, data on qualifications and school and university degrees, professional experience, language skills, etc.).
Certain personal data to be provided on the contact form, which we need to process your application, are mandatory fields. Nevertheless, the provision of this data is voluntary. However, if you do not provide us with these mandatory fields, we may not be able to process your application. All other information that is not marked as mandatory fields can be filled in voluntarily.
Our legal basis for this is Art. 6 (1) lit. a) of the GDPR (your consent). We seek the best applicants regardless of racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual identity (collectively "sensitive data"). If you nevertheless disclose sensitive data without being asked and voluntarily, we may also process this data for the purpose of processing your application.
When you register for our newsletter, we process your e-mail address for the purpose of sending it. You will receive a registration notification by e-mail, which you must confirm in order to receive the newsletter (so-called double opt-in). This serves as proof for us that the registration was actually initiated by you.
The legal basis is your consent, Art. 6 (1) lit. a) of the GDPR. You can revoke your consent at any time, e.g. via the unsubscribe link at the end of each newsletter.
We treat your personal data with care and confidentially and will only pass it on to third parties to the extent described below and not beyond. We do not share, sell, rent, or trade personal data with third parties for any promotional purposes. For technical reasons, however, we share personal data with our service providers (such as Amazon Web Services who host our online and cloud resources). We have chosen Europe as our server location. Where our service providers process personal data, they will do so solely on our instructions or under our common joint control and have undertaken to comply with strict contractual requirements for the security of your data (including, but not limited to, complying with this Privacy Statement). This includes the service provider hosting the Website.
We do not transfer your personal data to countries outside the EEA (so-called “Third Countries”) without implementing appropriate safeguards to guarantee the security of processing and an adequate level of data protection at all times.
Some of our service providers (see above) are affiliates of companies based in Third Countries. Hence, legally speaking, personal data may be transferred to Third Countries, even where the actual storage capacities/serves are located inside the territory of the EEA. However, we will ensure that an adequate level of data protection is maintained at all times. We will only transfer your personal data if
Guarantees according to Article 46 of the GDPR can be so-called standard contractual clauses. In these standard contractual clauses, the recipient assures to protect the data sufficiently and thus to ensure a level of protection comparable to the GDPR.
We delete Website Usage Data as soon as it is no longer required for the purposes we collect them for. Provided that the data is no longer required for the fulfilment of legal obligations (e.g. tax or commercial law), it will be deleted, unless the subsequent processing is necessary for the preservation of evidence or for the defence of legal claims against us. Server log files will be deleted after 30 days. If you contact us, we will delete the data you have provided after the request has been processed, unless you give us your consent to store this data for a longer period of time.
We do not use your personal data to identify you as an individual or create a profile of your interests and/or interactions.
You, as a data subject (i.e. the person whose data are processed), have the following statutory rights under the GDPR:
You also have a right to lodge a complaint with the competent data protection supervisory authority, the Berlin Commissioner for Data Protection and Freedom of Information, in the EU Member State of your habitual residence, place of work or place of the alleged infringement.
If you would like to exercise your data subject rights, please contact firstname.lastname@example.org.
Information about your Right of Objection under Article 21 of the GDPR
In addition to the rights already mentioned, you have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, where it is processed on the basis of Article 6 (1) lit. f) of the GDPR (data processing on the basis of a balance of interests). If you file an objection, we will no longer process your personal data unless we can prove compelling grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise, or defend legal claims. Please also note that, if we terminate the processing due to your objection, the Website may no longer be available to you or only to a limited extent.
You also have the right to object at any time to the processing of your personal data for the purpose of direct marketing, including any subscription to our newsletters or personalized ads; this also applies to profiling, insofar as it is associated with such direct marketing. If you object, we will no longer process your personal data in the future.
The objection can be filed informally and should be sent to: email@example.com
Information on Cookies and Similar Technologies
Vay Technology GmbH
c/o The Drivery
Mariendorfer Damm 1
Phone: +49 176 34649004
Authorized to represent Thomas von der Ohe
Registration: District Court of Berlin-Charlottenburg
Commercial Register Number: HRB 200064 B
This document informs Users about the technologies that help vay.io to achieve the purposes described below. Such technologies allow the Owner to access and store information (for example by using a Cookie) or use resources (for example by running a script) on a User’s device as they interact with vay.io.
For simplicity, all such technologies are defined as "Trackers" within this document – unless there is a reason to differentiate.
For example, while Cookies can be used on both web and mobile browsers, it would be inaccurate to talk about Cookies in the context of mobile apps as they are a browser-based Tracker. For this reason, within this document, the term Cookies is only used where it is specifically meant to indicate that particular type of Tracker.
Some of the purposes for which Trackers are used may also require the User's consent. Whenever consent is given, it can be freely withdrawn at any time following the instructions provided in this document.
Vay.io uses Trackers managed directly by the Owner (so-called “first-party” Trackers) and Trackers that enable services provided by a third-party (so-called “third-party” Trackers). Unless otherwise specified within this document, third-party providers may access the Trackers managed by them.
The validity and expiration periods of Cookies and other similar Trackers may vary depending on the lifetime set by the Owner or the relevant provider. Some of them expire upon termination of the User’s browsing session.
In addition to what’s specified in the descriptions within each of the categories below, Users may find more precise and updated information regarding lifetime specification as well as any other relevant information – such as the presence of other Trackers - in the linked privacy policies of the respective third-party providers or by contacting the Owner.
Activities strictly necessary for the operation of vay.io and delivery of the Service
Vay.io uses so-called “technical” Cookies and other similar Trackers to carry out activities that are strictly necessary for the operation or delivery of the Service.
Other activities involving the use of Trackers
Vay.io uses Trackers to measure traffic and analyze User behavior with the goal of improving the Service.
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
Google Analytics is a web analysis service provided by Google LLC or by Google Ireland Limited, depending on the location vay.io is accessed from, (“Google”). Google utilizes the Data collected to track and examine the use of vay.io, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data processed: Tracker and Usage Data.
How to manage preferences and provide or withdraw consent
There are various ways to manage Tracker related preferences and to provide and withdraw consent, where relevant:
Users can manage preferences related to Trackers from directly within their own device settings, for example, by preventing the use or storage of Trackers.
Additionally, whenever the use of Trackers is based on consent, Users can provide or withdraw such consent by setting their preferences within the cookie notice or by updating such preferences accordingly via the relevant consent-preferences widget, if available.
It is also possible, via relevant browser or device features, to delete previously stored Trackers, including those used to remember the User’s initial consent.
Other Trackers in the browser’s local memory may be cleared by deleting the browsing history.
Locating Tracker Settings
Users can, for example, find information about how to manage Cookies in the most commonly used browsers at the following addresses:
Users may also manage certain categories of Trackers used on mobile apps by opting out through relevant device settings, such as the device advertising settings for mobile devices, or tracking settings in general (Users may open the device settings, view and look for the relevant setting).
Owner and Data Controller
Vay Technology GmbH
c/o The Drivery
Mariendorfer Damm 1
Owner contact email: firstname.lastname@example.org.
Since the use of third-party Trackers through vay.io cannot be fully controlled by the Owner, any specific references to third-party Trackers are to be considered indicative. In order to obtain complete information, Users are kindly requested to consult the privacy policies of the respective third-party services listed in this document.
Given the objective complexity surrounding tracking technologies, Users are encouraged to contact the Owner should they wish to receive any further information on the use of such technologies by vay.io.
|CONSENT||2 years||YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.|
|cookielawinfo-checkbox-advertisement||1 year||Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .|
|cookielawinfo-checkbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checkbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|
|VISITOR_INFO1_LIVE||5 months 27 days||A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.|
|YSC||session||YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.|
|_ga||2 years||The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.|
|_ga_XLNYFJ2YGX||2 years||This cookie is installed by Google Analytics.|