Surfsight Privacy Policy

HomePrivacy PolicySurfsight Privacy Policy

Version: July 1, 2020

In a nutshell:

  • The Surfsight™ platform enables customers to collect and process videos, location data, and driving events from
    dashcam devices installed in an organization’s vehicles (cars or trucks), and lets such organizations – our
    customers – keep sight of the driving safety of their staff and the operation of their vehicles, and protect their
    interests in case of accidents or insurance claims. In the process, personal data is also collected on the platform.
  • Our customers manage their Surfsight data independently on our cloud platform. They decide what information to
    collect through their dashcam devices and for what purposes to use it. If you’re an employee or Surfsight user and
    have any question regarding your data on the Surfsight Platform – please first approach your employer, who can
    assist you with any question and right you might have with respect to such data.
  • Like most businesses, we also collect and process personal information of our website visitors, business contacts,
    and customers.
  • We respect your rights regarding your personal data.
  • Have a question and can’t find an answer? Contact us, we’re here to help: [email protected]

Now in more detail:

  1. Introduction and Definitions
    The Surfsight solution is a technology platform and service owned and operated by us, Lytx, Inc. and our
    wholly-owned subsidiaries (“Company”). You can find our contact details below.

    The Surfsight solution helps organizations to protect their staff and vehicles on the road, and to protect their
    legal interests in claims and disputes. These organizations are our Customers.

    The Surfsight solution is a cloud Platform, connected to Dash Camera Devices (which the Customer buys, owns,
    installs, and operates), and accessible to Customers and their permitted Users through a dedicated Web Portal.

    As soon as they’re turned on upon the vehicle’s ignition, Devices record Videos and collect various Location Data
    and Driving Data, which might include personal information or personally identifiable information (personal data) of
    the vehicle’s Drivers, Passengers, or Other People, as explained in detail below.

    Our Customers decide the purposes for which they use the Surfsight solution, as well as the means for collecting
    data, including without limitation the configuration of features available in the Platform and Devices. Our
    Customers control the data processed on their behalf via the Surfsight solution and they are responsible under our
    End User License Agreement (EULA) for handling any data rights and data requests of
    their employees and contractors, Users, Drivers, Passengers, and Other People as Data Controllers. We also use the
    data collected, uploaded or available to the Surfsight solution for the provision of services to our Customers,
    product improvement, research and development and commercial uses, as described in detail below. With respect to the
    processing of personal data of Customers, Company is a Data Processor, as further described in the Privacy and Data
    Processing Agreement sections of the EULA.


    To make things clear with an example: if you’re an employee of CorpCo and got a CorpCo company car that has a
    Surfsight Device installed in it, then you are a Driver, CorpCo is our Customer and has full control over your
    personal data, and we process your personal data on CorpCo’s behalf and according to its instructions. If CorpCo
    gave you access to the Surfsight Portal, you’re also a User, and you can access the Platform to view videos, get
    statistics, and take some actions, all according to your permissions as defined by CorpCo.


    If you’re a User, Driver, or Passenger and have any issue regarding your personal information, please contact
    your employer first! Our Customer’s contact details appear on or around the Device and in the Portal.

    In addition, we also operate several Websites – such as Surfsight.com – and collect personal data of Visitors. Some
    Visitors and other people who communicate with us, become our business Contacts or Customers. We collect and process
    various personal information regarding our Visitors, Contacts, and Customers, and we are the Data Controllers for
    such personal data.


    If you are a Visitor, Contact or Customer of ours and have any issue regarding your personal information that we
    control, please contact us (details below).

  2. How Do We Collect Personal Data?
    If you’re a Contact or Customer of ours, there might be several ways in which we receive your personal data:

    1. When you share it with us directly, through your communication with us on the Websites’ contact forms, by
      email, phone, or facsimile, in conferences, meetings, or via any other communication channel.
    2. When other Customers, Contacts, resellers, business partners or third parties, share your information with us,
      based on their interaction with you, their purposes, their legal bases, and their privacy policy. In such cases,
      we take responsibility for controlling only the personal data that we have received.
    3. We might augment the personal data we have about you with information you provided us directly, information
      others have provided us about you, and data we’ve collected about you from your use of the Surfsight solution or
      Websites (see below).

    If you’re a User or Driver, there are two ways in which we receive personal data about you that we process on behalf
    of our Customer:

    1. Our Customer provides us with your personal data through the Surfsight solution, the Portal, Devices owned and
      operated by the Customer, Customer’s use of the Platform, or otherwise.
    2. You provide us personal data directly through your use of a Device in a vehicle you’re driving, which sends
      the Platform videos and data, or through your use of the Portal, Websites, customer support channels, or
      otherwise.

    You can usually shut down the Device or unplug it from electricity to stop its operation and collection of
    information. However, your handling of the Customer’s Devices and vehicles is subject to your relationship with your
    employer, our Customer. If the Platform does not receive data from the Device, it might not function properly. The
    data provided by the Surfsight solution to our Customer who controls your account might be incomplete or inaccurate,
    and that might affect your relationship, work or compensation. Please consult with your employer regarding the
    potential effect of disabling or tampering with the Device and its operations.

    If you’re a Passenger or another person unrelated to the Customer (Other People), we might still process some
    personal data about you. Such data is received from the Customer’s Device assigned to the Driver that picked your
    video footage, location information, or other visible or inferred personal data, inside the Customer’s vehicle or
    around it. If you have any question or request regarding your data, please approach first the Driver whose
    vehicle you’ve ridden, or our Customer, the Driver’s employer.

    If you’re a Visitor to our Websites or a User using the Surfsight solution, we might receive some personal data
    through your device, operating system, and browser, and various hosting, tracking, analytics and advertising
    technologies used on our Websites, such as cookies (see below), Amazon Web Services, WordPress and WordPress
    plugins, Analytics and Advertising technologies by Google and others, Customer support services by Freshdesk, Social
    Login APIs by Google, Facebook, Twitter and others, and other technologies. Our Websites do not currently respond to
    “Do Not Track” signals sent by your browser or device.

  3. What Personal Data Do We Process?
    If you’re a Contact or Customer of ours, or a Surfsight User, we may collect and process these types of personal
    data about you:

    • Identification and Account information, such as full name, identification number (e.g. Employee ID, ID number,
      car plate number, gender, profile photo, username and password
    • Contact details, such as country/time zone, work and home addresses, phone numbers, and email address
    • Social networking information you’ve shared with us
    • Work-related information, such as company, division, department, role, and title information
    • Payment information, such as bank account number, credit card details, PayPal account, or other billing
      information
    • Any personal data contained in any photos, media, and other files sent to us or uploaded to the Platform
    • Any other personal data you provide us on any communication channel, such as email correspondence, customer
      support, and product feedback.

    On the Surfsight Platform, we process mostly data from and about Devices, not people. However, in the process of
    collecting such information, various types of personal data are also collected. Our Customers decide what data to
    collect from Devices, whether and to which extent to associate Devices with specific people in their organization,
    and what personal data of Users and Drivers to store on the Platform.

    These are the types of personal data about Drivers, Passengers, and Other People that we may process on Customers’
    behalf:

    • Identification information and contact details of Drivers and recipients of data shared via the Platform, as
      entered by the Customer or its Users on the Platform, such as name, identification number, car plate number,
      gender, profile photo, phone numbers, and email addresses
    • Videos from Devices might be used to identify:

      • The vehicle
      • The vehicle’s surroundings, which might include videos of unidentified Other People in the public domain,
        such as pedestrians and cyclists. Our Customer’s ultimately determine the location of the Devices and are
        therefore responsible for complying with applicable laws. If you’re a Customer, User or Driver, please
        do not place Devices in the interior of private residences or any other publicly inaccessible locations or
        no photo zones. Videos from other private locations should also be avoided, unless you’ve attained the
        owner’s consent.
      • The vehicle’s interior, which might include face and body videos, expressions, behaviors and activity
        within the vehicle of the Driver and Passengers. Gender and approximate age can also be inferred from the
        videos.

      • Please be aware that the Device and Platform automatically record and process videos taken outside and
        inside the vehicle if the Customer has configured it to do so. Any conduct within the vehicle, whether
        appropriate or not, legitimate or illegal (such as texting and driving or use of alcohol and drugs), might
        be recorded by the Device, stored on the Platform, and become available to the Customer, its permitted
        Users, and others at the Customer’s discretion (See “Who is Your Information Shared With?” below). If
        you’re a Customer, User or Driver, make Passengers in the vehicle aware of the Device, about the Surfsight
        solution, and their processing of personal data. Please don’t record, process, transfer, or publish photos
        or videos in which people are identifiable without their permission, or if you have another legally
        justifiable reason to do so. You have control over data within the Surfsight solution, along with this
        control comes responsibility. Consider your use of the data in your control carefully, and consult with
        your managers, lawyers, or privacy professionals when in doubt.
    • Detailed location, travel and route information, for example GPS signals (combined with a time-stamp) and
      other information from the Device, which can indicate, especially in combination with the videos or other data, the
      location of the vehicle, its Driver and Passengers, and Other People around the vehicle.
    • Driving Data, such as speed, acceleration, deceleration (breaks), turns, stops, and crashes – which can document
      and indicate, especially in combination with Location Data and Videos, the occurrence of traffic violations such as
      speeding, illegal parking, reckless driving, and more. We collect, and may use a third party to collect, sensory
      and motion data from Devices, including information from its gyroscope, accelerometer, and compass, in order to
      calculate and detect various driving events and behaviors.
    • Any personal data contained in any videos, media, and other files uploaded by Devices, Customers, or Users
    • Any other personal data our Customers or Users enter or share on the Surfsight Platform

    • Important notice: Not all videos and data from Customer’s Devices are processed on the Surfsight Platform.
      Customers define on the Platform the means and triggers for data collection for each Device. Still, Device
      data might contain the personal data such as mentioned above, which is stored locally on the Device memory card.
      Devices are owned, installed, and operated by the Customers, under the Customers’ sole and complete control.
      We take no responsibility over videos and data on the Devices that are not processed on the Platform. Please
      contact your employer for any question regarding the use of Devices in Customer vehicles.

    We also collect and process these types of personal data about anyone using the Devices, Surfsight Platform, Portal,
    or Websites:

    • Usage, logs, analytics, and other device and technical data collected when you use our Websites or the
      Surfsight Platform, including device information and identification numbers, operating system information, IP address,
      browser and session information, browsing history and referrals, cookies information, advertising identification
      numbers, language information, connectivity information, configuration information, metadata of files, and usage
      information (such as screen views, clicks, and usage time).
  4. What About Personal Data of Children?
    Surfsight is a technology platform for driving safety and documentation, and is not intended for children. We do not
    knowingly collect or process information about children, although Passengers and Other People who are children might
    be captured on Customer videos coincidentally. The Surfsight solution makes no attempt whatsoever to personally
    identify Children, Passengers, or Other People, who appear on Customer’s videos processed on the Platform.

    Occasionally, parents use the Surfsight solution to keep track and sight of their children’s driving, location, and
    conduct in their cars. Such children usually have a driving license and are older than 16 years old. Even in such
    cases, the Surfsight solution is intended to be used with significant parental involvement and approval, and with
    the children/Drivers’ awareness.

    Please contact our Customer or the Driver if you have any concern with respect to Children’s personal data on
    Devices. Please contact us (contact details below) if you have any concern with respect to Children’s personal data
    on the Platform.

  5. What About Cookies?

    A cookie is a small data file that your browser saves on your computer or mobile device. We use cookies to collect
    information and provide our services. We may use cookies to save your login credentials, enable certain features,
    understand how you interact with us, monitor your usage of our Portal and Websites, products and services, and
    personalize your experience and advertising displayed to you. You can set your browser to prevent the use of
    cookies. If you don’t accept cookies, our Websites and the Surfsight Platform might not function properly.

  6. What Are The Purposes For Processing Personal Data? How Is Your Personal Data Used?

    Surfsight Solution

    The purposes for the processing of personal data with the Surfsight solution are determined by our Customers. Each
    Customer might use the Surfsight solution for different purposes. Such purposes might include encouraging and
    monitoring driving safety; protecting Customer assets, such as their vehicles; protecting the Customers, staff,
    and third parties in case of accidents, legal proceedings, and insurance claims; tracking vehicles and fleet
    management; determining or corroborating the circumstances of a lawsuit, claim, loss or theft; preventing and
    detecting fraud; supervising professional drivers; route planning; traffic measurement and documentation;
    and
    more.

    If you’re a Driver, we collect and use your personal data to provide our services to our Customers, according to
    their instructions and settings, so they can achieve their respective purposes. We may use your Device and contact
    details, according to Customer’s instructions and settings on the Portal, to communicate with you and to provide you
    with support and handle requests and complaints. Such interactions are performed on Customers’ request, and based on
    the Customer’s settings, or on your own requests or based on your settings in the Device and Portal (if you’re also
    a User).

    Our purpose in processing personal data via the Surfsight solution is to provide our services to the Customers
    according to our agreements with them and applicable law. An integral part of our services to Customers is the
    continual improvement of the Device and Surfsight Platform, and therefore we also use of the data collected on
    Surfsight to ensure our products and services are working as intended; to analyze, measure and understand how our
    services are used; to improve our products and services; to develop new features, products, and services; to protect
    our company, staff, Customers and Users, as well as Drivers, Passengers, and the general public; and to comply with
    any applicable law and assist law enforcement agencies where required under any applicable law.

    As part of the processing activities undertaken on behalf of Customer, we may create derivative data containing
    insights from Customer data but which does not itself consist of personal data (such as aggregated, anonymized or
    de-identified data). We may also use anonymous, statistical or aggregated information collected on the Platform, in
    a form that does not enable the identification of a specific user, by posting, disseminating, transmitting or
    otherwise communicating or making available such information to customers, vendors, partners and any other third
    party. For example, GPS information that we receive from your Device may be provided to municipalities in an
    aggregated and/or anonymous form to help improve road safety and solve traffic problems.

    We also process usage and analytics information, as well as some statistical and aggregate data derived from
    personal data, for the improvement and further development of the Surfsight solution, Platform, App, Devices, and
    the Portal, or for research purposes.

    Websites, Customers, Contacts and Visitors

    If you’re a Customer, Contact, or Visitor on our Websites, we may process your personal data for our own business
    purposes, including:

    1. Delivering our products and services, improving them, and developing new features, products, and services
    2. Providing information about our company, products, and services
    3. Providing customer support, billing and invoicing
    4. Contacting you via any communication channel, including email, phone, SMS, and other messaging platforms
    5. Analyzing and optimizing Websites and Surfsight solution traffic and usage
    6. Protecting of our company, staff, Customers, and systems
    7. Online advertising in all forms and channels, including targeting you and others who share similar
      characteristics as you (lookalikes) online on search engines, websites, apps, messaging platforms, social
      networking platforms, and offline
    8. Direct Marketing in all forms and channels, including email, SMS, messaging, postal service, and more; you can
      always opt-out from Direct Marketing by unsubscribing yourself through links on any communication or by
      contacting us and notifying us accordingly.
  7. What Is The Basis For The Processing of Data?

    Surfsight Solution

    As Data Controllers, our Customers often process personal data via the Surfsight solution (and we process such data
    as data processor on behalf of our Customers and according to their instructions) for any or some of the following
    reasons:

    1. Processing is necessary for compliance with a legal obligation to which the Customer is subject, for example
      regulation regarding companies with large vehicle fleets;
    2. Processing is necessary for the performance of a contract to which the data subject is party (for example, an
      employment and contractor agreement with our Customer) or in order to take steps at the request of the data
      subject prior to entering into a contract;
    3. Processing is necessary in order to protect the vital interests of the data subject (such as Drivers and
      Passengers) or of another natural person (such as Other People), for example the right to personal safety when
      driving or walking next to traffic, and the right to defend themselves in legal proceedings with relevant
      evidence;
    4. Processing is necessary for the performance of a task carried out in the public interest, such as increasing
      personal and public safety on the roads, or protecting law enforcement officers and others in the performance of
      their duties;
    5. Processing is necessary for the purposes of the legitimate interests pursued by our Customer or by a third
      party, for example: conducting their business; providing their products and services; protecting the security of
      its workforce, vehicles, and other property; protecting themselves, their staff, and third parties in case of
      accidents, legal proceedings, and insurance claims; tracking their vehicles and managing their fleets; assigning
      projects and tasks to remote workforce in transit based on employees’ location; validating attendance for work;
      supervising professional drivers; planning routes; measuring and documenting traffic; etc.
    6. In certain cases, processing is necessary for the performance of a task carried out in the public interest or
      in the exercise of official authority vested in our Customer as Data Controller;
    7. The data subject (Customer, Customer representative, User, or Driver) has given consent through Customer
      forms, the Portal, Device, or otherwise (e.g. by installing on his or her own the Device in the vehicle, or by
      accessing the Portal and Platform), to the processing of his or her personal data for specific purposes
      communicated by the Customer or in this Privacy Policy.

    As a Data Processor for certain personal data, we process personal data based on the instructions from our
    Customers.

    Websites, Customers, Contacts, and Visitors

    As a Data Controller for our Customers, Contacts and Visitors’ personal data, we process personal data based on any
    or some of the following legal bases:

    1. The data subject has given us consent to the processing of his or her personal data for specific purposes
      communicated in this policy;
    2. Processing is necessary for the performance of a contract to which the data subject is party – for example, an
      agreement with us or the terms of use of the Websites – or in order to take steps at the request of the data
      subject prior to entering into a contract;
    3. Processing is necessary in order to protect the vital interests of the data subject or of another natural
      person, for example protecting our Customers and our staff;
    4. Processing is necessary for compliance with a legal obligation to which we are subject, for example the need
      to maintain billing records for transactions;
    5. Processing is necessary for the purposes of the legitimate interests pursued by us, or our Customers, for
      example the conduct of our business, the development and delivery of our products and services, and the
      promotion and sales of such products and services.
  8. Who Is Your Information Shared With?

    Our services sometime enable our Customers, their Users, or you, to share information, including personal data,
    based on your consent or other legal bases, as referenced above. Our Customers, Users, or you, decide about the
    sharing of videos and other data on the Platform, the identity of the recipients, and the distribution of the
    information. For example, the Customer may use the Platform to transfer Videos or Driving Data captured on its
    Devices to employees within the organization, insurance companies, law firms, law enforcement agencies, government
    or municipal authorities, etc.

    This section deals with information we share about you with others.

    Surfsight Solution

    For the delivery of our services, we share all User, Device, and Platform data on the Surfsight Platform (which
    includes identifiable information of Drivers, Passengers and Other People) with the Customer who is the Data
    Controller with respect to such data. This means that your employer has access and control over all the information
    we collect about you. We also share Customer’s representatives contact details to all the Customer’s Users and
    others who might need such details, to comply with any applicable law. Our Customers may select to share the
    information with some of their staff and other organizations and bodies, as mentioned above. As further described
    below, we also utilizes third party processors in the provision of services, including cloud hosting providers, IT
    and system administration, payment processing, technical support, research and analytics, telecommunication vendors,
    and customer support.

    Customers, Contacts, and Visitors

    We process your details on our servers and computers, cloud CRM services, support systems and services (such as
    Freshdesk), billing systems (such as Priority), SMS gateways, Email and SMS communication services (such as Twilio
    and MailChimp), and backup systems. We may share some of your details with our staff, consultants, resellers,
    affiliates, and other third-party business partners for research and analysis, cooperation opportunities, joint
    promotions, sales, and events.

    Everybody

    We use additional processors around the world for various processing activities needed for the performance of the
    Surfsight solution, our Websites, our other products and services, our operations, and our business, and share
    information with such processors on a need basis. Such processors include hosting and backup providers (such as
    Amazon Web Services), analytics providers (such as Google and Heap), website technology (such as WordPress and
    WordPress plugins), advertising technology (such as Google), telecommunication services, media transmission services
    (such as Velia.net), security technology, and more. We limit the information we share with each processor based on
    the business need in using such processor, to protect your information while still effectively benefiting from the
    services of such processor.

    We may also share non-personally identifiable information and aggregate information for any purpose. Such data is
    not personal data, and its sharing cannot be used to identify you.

    We may need to share your information with law enforcement agencies, courts of law, and other governmental
    organizations, if ordered to do so by competent bodies and according to applicable law.

    Mergers and Acquisitions

    If we are involved with a merger, asset sale, financing, liquidation, bankruptcy, or the acquisition of all or part
    of our business to another company, we may share your information with that company and its advisors before and
    after the transaction date.

  9. How Do We Safeguard Your Personal Data?

    We take information security very seriously. We implement industry standard security controls to prevent
    unauthorized access, maintain data accuracy, and ensure data availability. We also implement appropriate
    organizational measures to protect your information.

    We apply our security controls also when working with business and technology partners. We only select and contract
    with processors and third parties who use appropriate security measures and provide sufficient guarantees, including
    technical and organizational measures, to ensure the appropriate protection of the data we entrust with them.
    Unfortunately, although we make every effort to keep your data safe, we cannot fully ensure or warrant the security
    of your personal information.


    You can take part in securing your personal data. Always lock the vehicle where the Customer’s Device is
    installed. If you’re a User, prevent unauthorized access to your Surfsight account and personal information by
    selecting a strong password and protecting your login credentials appropriately. Limit access to your computer and
    mobile device. If you’re using the Portal, sign off when you finish accessing your account.

  10. Do We Transfer Personal Data Internationally?

    Most of our information is stored in the cloud on Amazon Web Services in the U.S. and Europe. Amazon takes extreme
    measures with respect to privacy and data security. Read
    more about it here.
    Our R&D and customer support center are located in Israel.

    At the same time, our business is international – we serve Customers that keep sight on their vehicles around the
    world utilizing the Surfsight solution, and we utilize additional processors and service providers in various
    countries. Therefore, we transfer, store or otherwise process your personal information in other countries. We take
    appropriate safeguards in the selection of our processing vendors around the world to require that your personal
    data is well protected. Despite our efforts, it may be the case that a country where your personal data is processed
    has different, or less protective, data protection and privacy regulation than the country you live in.

  11. For How Long Do We Keep Personal Data?

    We keep personal data we collect for different periods, depending on the type of information, the period of our
    contract with our Customers, legal requirements regarding certain types of data, and other factors. Generally
    speaking, we will retain your personal data for a period reasonably needed to fulfill the purposes outlined in this
    Privacy Policy or the EULA, unless a longer retention period is required or permitted by law. We will also retain
    your personal data for as long as necessary to resolve disputes, enforce our rights and agreements, and protect our
    staff and Customers.

    Where permissible, we may de-identify or anonymize in lieu of deleting your personal data. In certain occasions we
    might not be able to fully delete, de-identify or anonymize your personal data due to technical or operational
    reasons, for example deleting from backup storage and archives. In such cases, we shall take reasonable measures to
    secure any information still maintained by us according to our standard data security practices.

    Please be aware, that our Customers may also retain on their own systems and computers copies of personal data
    collected through the Surfsight solution, even after we completed the provision of our services, ended our
    contractual relationships, and deleted, de-identified or anonymized any data related to Customers’ accounts on the
    Platform. Such data retention by Customers is subject to their privacy policy, purposes, legal bases, agreements
    with data subjects, and any applicable law. We take no responsibility over Customers’ use of personal data outside
    of the Surfsight Platform.

  12. What Are Your Rights With Respect to Your Personal Data?


    If you’re an User or Driver on Surfsight, please approach your employer to exercise any rights you may have, as
    they are the Data Controllers of your personal data. Otherwise, please contact us (details below).

    According to the data protection and privacy regulation where you live, you may have certain rights with respect to
    your personal information.

    If you are a resident of the European Union, your rights may include, under certain terms and conditions set in the
    EU General Data Protection Regulation (GDPR) or other applicable law:

    • Right of Access to your personal data processed by us
    • Right to Rectification of inaccurate or incomplete personal data
    • Right to Erasure of your personal data (“Right to be Forgotten”)
    • Right to Restriction of Processing for a certain period or under certain conditions
    • Right to Data Portability of your personal data to another data controller in a structured format
    • Right to Object the processing of your personal data. Specifically, you have the right to object further
      processing of your personal data for direct marketing purposes.
    • Right Not To Be Subject to a Decision Based Solely on Automated Decision-Making. We do not make any decisions
      based solely on automated decision-making, and our Customers commit to us in our EULA or other agreements that
      they avoid such practice as well.
    • Right to File a Complaint with the applicable data protection authority in your country

    After deletion or anonymization of your personal data following its retention period, the rights to access, erasure,
    rectification, and data portability cannot be enforced.

    If you are a resident of the state of California:

    • You have the right to request disclosure of what personal data we collect, use, disclose and sell;
    • You have the right to request deletion of your personal data collected or maintained by us which is subject to
      this Privacy Policy. Please note, if your request relates to personal data processed by us in connection with
      our role as a service provider (or data processor) for Customers, you must direct your request to the Customer;
    • You have the right to opt-out of the sale of your Personal Data; however please note that we do not sell
      personal data as described in this Privacy Policy;
    • You have the right to not receive discriminatory treatment because you exercised any of your privacy rights;
      and
    • You have the right to designate an authorized agent to make requests under the California Consumer Privacy
      Act; provided however that you must submit written proof of such designation to us and we may require additional
      verification.

    To exercise your rights, please contact us either by email or mail in accordance with the Contact Us section below.
    Please note that we must verify any requests pursuant to this section to ensure the individual making such request
    is authorized to exercise such rights. Therefore, you must submit your name and email address, as well as confirm
    access to such email address, in order for us to process your request. We will comply with the applicable data
    protection laws and the exercising of your rights under such laws, however please note that such rights specified
    above are not absolute, and exemptions may be applicable. We try to respond to all legitimate requests within one
    month and will contact you if we need additional information from you in order to honor your request. Occasionally
    it may take us longer than a month, taking into account the complexity and number of requests we receive.
    If your personal data has been submitted to us in connection with our provision of services to a Customer, and you
    wish to exercise any rights you may have under applicable data protection laws, please inquire with the specific
    Customer directly. Because we may only respond to a request related to our Customer’s data with such Customer’s
    permission, if you wish to make your request directly to us, please provide the name of the Customer who submitted
    your information when contacting us. We will refer your request to that Customer, and will support them as needed in
    responding to your request within a reasonable timeframe. If you are an employee of a Customer, we recommend you
    contact your company’s system administrator for assistance in correcting or updating your information.

    Notice to California Residents: We have not sold any personal data to third parties for a commercial purpose in the
    preceding twelve months.

  13. Do We Ever Change Our Privacy Policy?

    Occasionally, we change this Privacy Policy to accommodate product and service development, industry standards, or
    new regulation. Updates to this Privacy Policy will be posted to this URL.

    Please read the latest Privacy Policy available here from time to time. Note that we may require your consent to our
    up-to-date EULA and Privacy Policy whenever you use our Websites, the Surfsight solution, Devices, or Portal. If you
    do not agree to these terms and policy, please do not use our services. If you’re a Surfsight User or Driver,
    please check the effect of such decision with your employer.

  14. Who Can You Contact Regarding Your Personal Data?


    If you’re a User or Driver, please contact your employer first with any issue, as they are the Data Controllers
    of your personal information. Your organization’s contact details appear on or around the Device, in the Portal,
    and in any communications processed via the Platform. If you do not know who your Data Controller is, please
    contact our customer support and we will attempt to determine who the Data Controller is and forward your
    request.

  15. How to Contact Us?

    You can contact us with any question or concern you have at:
    Via email: [email protected]
    Via mail:
    Lytx, Inc.
    9785 Towne Centre Drive
    San Diego, California 92121
    USA

General Data Protection Regulation (GDPR) – European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Lytx has appointed European Data Protection
Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
– by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
– by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

UK General Data Protection Regulation (GDPR) – UK Representative

Pursuant to Article 27 of the UK GDPR, Lytx has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You
can contact EDPO UK regarding matters pertaining to the UK GDPR:
– by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/
– by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom