1. Introduction
This privacy policy explains how personal data is processed in the context of ADAS (Advanced Driver Assistance Systems) road testing projects carried out by MINIEYE TECHNOLOGY CO., LTD (the "Company" or "Data Controller") and ZHEJIANG ATTC AUTOMOBILE TECHNOLOGY SERVICE CO., LTD (the "Data Processor" or "Processor").
As part of developing, testing, and validating assisted and automated driving technologies in real-world environments, test vehicles are used on public roads. These vehicles are equipped with sensors and cameras that may inadvertently record personal data—such as images of pedestrians, other vehicles, or license plates—while recording their surroundings.
The collection of such data is not intended to identify individuals, but solely to support the technical development of ADAS. Test vehicles are clearly marked to indicate video recording may occur in their vicinity. A QR code is displayed on the vehicle, linking directly to this policy.
2. Definitions
Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation or set of operations performed on personal data, such as collection, recording, storage, adaptation, retrieval, or erasure.
Controller: The entity that determines the purposes and means of the processing of personal data.
Processor: The entity that processes personal data on behalf of the Controller, in accordance with Article 28 GDPR.
3. Responsibility for Data Processing and Contact Details
25F, Tower A, Building 1, Zhongzhou Binhai Commercial Center,
9285 Binhe Avenue, Futian District, Shenzhen, Guangdong 518000, China
DPO Contact: Heiko Kucza · hfkucza@web.de
Building 3, Essence Adream of Space, No. 350, Jinghua Road,
Ningbo Hi-tech Zone, Zhejiang, China
If you have any questions or requests regarding the processing of your personal data, you may contact the Controller or its EU Representative at the above details.
4. Duration of Processing
Personal data will only be recorded in a subsidiary manner, and anonymization (e.g., blurring or masking faces and license plates) will be implemented after collection. Processing of anonymized data shall continue for the duration of the main contract and end upon its termination, unless otherwise agreed in writing. Upon termination, the Processor shall delete or return all data to the Controller, unless Union or Member State law requires storage.
5. Nature, Purpose and Data Subjects
5.1 Nature and Purpose
The Processor provides data collection services on behalf of the Controller, including recording, storage, and transfer of environmental and vehicle data. The purpose is to enable the Controller to validate and improve the performance and safety of intelligent driving assistance systems.
5.2 Type of Data Processed
- Vehicle dynamics data: speed, acceleration, torque, steering, engine operating status, gear position, handbrake request, throttle opening, pedal position, etc.
- Environmental perception data: video recordings from surround/front cameras, radar, ultrasonic, lidar sensors capturing external objects (vehicles, pedestrians, obstacles), spatial relations, relative speed, speed limit signs, lane type/width, etc.
- ADAS module status: switch states for AEB (Automatic Emergency Braking), FCW (Forward Collision Warning), LKA (Lane Keeping Assist), etc.
- Driver status data: hands-on/off detection, distraction monitoring, fatigue detection, etc.
- Map and location data: GPS, road types, curvature, tunnels, ramps, speed limits, country of operation, etc.
- Vehicle subsystem and signal data: IBCU, EPS (Electric Power Steering), indicators, door status, hazard lights, windshield wiper status, etc.
5.3 Categories of Data Subjects
Processing may concern employees of the Controller and Processor (drivers and engineers), as well as other traffic participants including pedestrians, passengers, and drivers of other vehicles on public roads.
6. Legal Basis for Processing
Processing is based on Article 6(1)(f) GDPR — legitimate interests of the Controller in improving road safety and technical development of ADAS. The Controller has carried out a Legitimate Interest Assessment confirming these interests do not override the rights and freedoms of data subjects. The Processor acts solely on behalf of and under the documented instructions of the Controller.
7. Duties of the Processor
The Processor shall act only on documented instructions from the Controller and ensure that all personnel authorized to process personal data are bound by confidentiality. In accordance with Article 28 GDPR, the Processor implements appropriate technical and organizational measures such as encryption, access control, and incident response procedures. The Processor also supports the Controller in fulfilling its GDPR obligations, including data subject rights and breach notification.
8. Data Security and Safeguards
Appropriate technical and organizational measures are implemented, including:
- Anonymization at the earliest feasible stage (masking faces and license plates)
- Storage on encrypted hard drives
- End-to-end encryption (AES-256 and TLS 1.3) for cloud uploads
- Strict access control limited to authorized project staff
- Full audit logging and incident response procedures
9. International Data Transfers
Data may be collected outside the EU/EEA (e.g., Turkey). Where such transfers occur, they are safeguarded under Standard Contractual Clauses (SCCs) in accordance with Article 46 GDPR, combined with encryption and other technical measures. No transfer of personal data to China takes place. A copy of the applicable safeguards may be requested from the Controller.
10. Data Subject Rights
Data subjects have the following rights under Articles 15–21 GDPR:
- Right of Access
- Right to Rectification
- Right to Erasure
- Right to Restriction of Processing
- Right to Object
- Right to Data Portability
Due to anonymization measures, it may not be possible to identify individuals in the dataset, in which case rights may be limited. If you believe you may have been recorded, contact us with details (e.g., time, location) and we will make reasonable efforts to locate and erase the relevant data. You also have the right to lodge a complaint with a supervisory authority.
11. Changes to This Policy
We may update this policy to reflect legal, technical, or operational changes. The effective date indicates when the policy was last revised.