Third Party Privacy Notice

Dated 1st January 2023

  1. INFORMATION REGARDING THE PROCESSING OF THIRD-PARTY PERSONAL DATA

    1. Protecting the privacy of your “Personal Data” (as defined below) is important to the Hexagon Autonomy and Positioning division1 of Hexagon AB (“Hexagon Autonomy and Positioning”) and to the way in which we conduct our business in compliance with laws on privacy, data protection and data security across the world. This “Third Party Privacy Policy” will help you understand what information Hexagon Autonomy and Positioning may collect, how we use and safeguard that information and with whom we may share it with, and your rights relating to your Personal Data (as defined below) in accordance with all applicable data protection laws and regulations including the European Union General Data Protection Regulation (“GDPR”).
    2. It is important that you read this Third-Party Privacy Notice together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your Personal Data. This Third-Party Privacy Notice supplements other notices and privacy policies and is not intended to override them.
    3. This Third-Party Privacy Notice is issued on behalf of Hexagon Autonomy and Positioning, so when we mention “we”, “our”, “us” and “company”, we are referring to the relevant company in the Hexagon Autonomy and Positioning division responsible for the processing of your Personal Data.

      1. What Personal Data do we collect?
      2. How do we collect your Personal Data?
      3. How do we collect, use, share or disclose your Personal Data?
      4. How do we protect your Personal Data?
      5. How long do we keep your Personal Data?
      6. Your Rights
      7. For Californian Residents only
      8. Changes to our Third-Party Privacy Notice
      9. Website links
      10. How to contact us
  2. WHAT PERSONAL DATA DO WE COLLECT?

    1. Personal Data Personal Data means any information about an identified or identifiable living natural individual. This may include a singular identifier or a collection of information which may identify an individual that we interact with. It does not include any information which has been anonymised whereby the individual can no longer be identified. Hexagon Autonomy and Positioning may collect, use, store or transfer the following types of Personal Data about you, as illustrated below:

      1. Personal Identifiers such as names, titles, usernames, your country of origin and the company you are employed by, work for or are contracted to.
      2. Contact Data such as personal and business email addresses, contact telephone numbers, billing and delivery addresses.
      3. Enquiry Data includes any Personal Data which you might submit to us in the form of an enquiry.
      4. Transaction Data such as details of the interactions you and/or your organisation have had with Hexagon Autonomy and Positioning such as your financial data (bank account and payment card details) required for the sale and purchase of our goods and services.
      5. Marketing and Communications Data such as any marketing and communication preferences, industry interests and your engagement history with us which help us to ensure that our marketing remains relevant.
      6. Usage Data such as information about how you use our websites, products and services.
      7. Technical Data such as any login data used to access our products and services, IP addresses, browser types, time zone and location, operating systems and other technology on the devices you use to access this website.
  3. SENSITIVE PERSONAL DATA AND CHILDREN

    1. Hexagon Autonomy and Positioning employs special security measures to protect sensitive Personal Data commensurate with the information collected. Hexagon Autonomy and Positioning does not actively collect any special categories of Personal Data about you (i.e., race, ethnicity, religion, political beliefs, sex life, sexual orientation, trade union membership and genetic and biometric data) and we discourage you from sharing any such information with Hexagon Autonomy and Positioning.
    2. Hexagon Autonomy and Positioning products and services are not offered for sale to minors. As such, Hexagon Autonomy and Positioning does not collect Personal Data about children. Any such information collected in error or by other means will be deleted as soon as we are made aware of it.
  4. IF YOU FAIL TO PROVIDE PERSONAL DATA

    Where we need to collect Personal Data to the extent required by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
  5. HOW DO WE COLLECT YOUR PERSONAL DATA?

    Direct interaction

    1. You may provide us with your Personal Data directly when:

      1. You are attending webinars, training and tradeshow events;
      2. You are undertaking business with us;
      3. You are interacting with our website(s);
      4. We are providing you with technical support;
      5. You request marketing material;
      6. You create an account on our website;
      7. You are providing us feedback on our products and services;
      8. You are attending at our premises;
      9. We are updating and upgrading products and service delivery;
      10. You are giving us references for a previous employee.
  6. AUTOMATED COLLECTION OF PERSONAL DATA

    1. When you visit a Hexagon Autonomy and Positioning website we may use cookies to simplify and improve your use and experience of the website. Cookies are small text files stored on the device you are using to access this website. For further information on our use of cookies, please see the Cookie policy available on the applicable company website.
  7. THIRD PARTY OR PUBLICLY AVAILABLE RESOURCES

    1. We may receive Personal Data about you from various third parties and public resources to such extent permitted by law:

      1. We may collect Personal Data from third parties such as:

        • technical, payment, credit and delivery services who may provide us with your Personal Identifiers, Contact Data, and Transaction Data;
        • analytics providers such as Google based either inside or outside of the EU;
        • data brokers, aggregators, suppliers and search information providers who may provide us with Personal Identifiers and Transaction Data;
        • publicly available resources such as government company registration websites and debarment and sanctions list which may provide us with Personal Identifiers and Contact Data;
        • due diligence brokers, suppliers and search information providers pursuant to commercial transactions or other corporate transactions who may provide us with Personal Identifiers, Contact Data, and Transaction Data.

      2. We may collect Personal Identifiers, Contact and Marketing and Communications Data from tradeshow hosts, academic, research and industry associations.
      3. We may collect Personal Identifiers and Contact Data from our customers and suppliers where they have given us such information to fulfil our contractual obligations with them.
      4. We may collect Personal Identifiers, Transaction Data and Contact Data from our customers and share that information with third-party debt collection agencies to enable us to collect outstanding sums due to us.
      5. We may collect Personal Identifiers and Contact Data from the internet and social media if you have interacted with our content on social media or if necessary, for lead verification purposes.
      6. We may collect Technical Data from analytics providers and advertising networks.
      7. We may collect third party Personal Identifiers and Contact Data from our employees or potential future employees as an emergency contact.
      8. We may collect third party Personal Identifiers and Contact Data from past employers acting as a referee in support of a job application
      9. We may collect Personal Identifiers and Contact Data and share that information with a third-party broker, to enable us to enrol you, at the request of one of our employees, as a beneficiary in one of our employee benefit schemes.
      10. We may collect Personal Identifiers and Contact Data and share that information with a third-party broker, to enable you to interact with our products and services or participate in company activities.
  8. HOW DO WE COLLECT, USE, SHARE OR DISCLOSE YOUR PERSONAL DATA?

    Processing and Transferring of Your Personal Data

    1. We will only use your Personal Data when applicable law allows us to and where:

      1. it is necessary for our assessed business purposes and legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
      2. we need to comply with a legal obligation;
      3. it is necessary for the performance of a contract we are about to enter with you;
      4. you have given your consent. Generally, we do not rely on consent as a legal basis for processing your Personal Data although we will get your explicit consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw any given consent to marketing at any time by contacting us; or
      5. there is a vital or public interest to do so in accordance with the law.
    2. Below we have set out a range of activities where we may use, share or disclose your Personal Data. This information includes the types of Personal Data used and the justification for such processing activity:

      1. when we are processing, delivering or placing orders and payments for our goods and services, including repairs, upgrades and/or replacements, we will need your Personal Identifiers, Contact Data, and Transaction Data to fulfil the order placed by you or with you on behalf of your company. The collection, use and storing of this Personal Data is required for us to perform our contract with you, or the organisation that you work for, in order that purchase orders placed by us and with us can be processed.
      2. when we are managing and supporting our customer relationship with you and your organisation, we may store and use your Personal Identifiers, Contact Data, Enquiry Data, Usage Data, Transaction Data, and Marketing and Communications Data. We may also share such information with others within your organisation to enhance levels of customer service. This is for our assessed legitimate interests to follow up on enquiries and purchases, and to obtain feedback on how we can improve our products and services.
      3. depending on where you are located, we may share Personal Data with our registered agents, dealers and distributors to better service your business needs. Where the collection, use and transfer of this Personal Data is necessary for our assessed legitimate interests to understand how our customers are using our products and services, to demonstrate our products and services and so that we can continue to make improvements.
      4. to enable you to access white papers, videos, webinars and other technical content published by Hexagon Autonomy and Positioning and its associated companies we will require to collect, use and store Personal Identifiers, Contact Data, and Technical Data necessary for our assessed legitimate interests to follow-up, provide you with supplementary information, and recommend similar future content.
      5. to administer and protect our business and websites we will collect, use and store Personal Identifiers, Contact Data, and Technical Data necessary for our assessed legitimate interests to run our business, provide administration and IT services, control access to our business facilities, for network security, to prevent fraud, to protect business security and confidentiality and to comply with legal obligations where necessary.
      6. to deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you, we will collect, use and store Personal Identifiers, Contact Data, Transaction Data, Technical Data, Usage Data, and Marketing and Communications Data necessary for our assessed legitimate interests to develop our products and services, to develop our business and inform our marketing strategy.
      7. to use data analytics to improve our website, products/services, marketing, customer relationships and experiences we will collect, use and store Personal Identifiers, Contact, Usage and Technical Data necessary for our assessed legitimate interests to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.
      8. to make suggestions and recommendations to you about our goods and services that may be of interest to you, we will collect, use and store Personal Identifiers, Contact, Transaction, Technical, Usage and Marketing and Communications Data necessary for our assessed legitimate interests to develop our products and services and to develop our business.
      9. to provide our goods and services, we will share Personal Identifiers, Contact, Transaction, Technical, Usage and Marketing and Communications Data with our group of companies for our assessed legitimate interests to assist with administrative tasks and security measures associated with the provision of our goods and services.
      10. to support our business operations we may share Personal Identifiers and Contact Data within our group of companies (for reference purposes) and with third party professional advisors (such as recruitment and legal advisors) for our assessed legitimate interests when evaluating job applicants.
      11. to support our business operations and to protect our legal rights, we may share Personal Identifiers, Contact, Transaction, Technical, Usage and Marketing and Communications Data with potential new business customers and suppliers (for reference purposes) and with third party professional advisors (such as auditors, credit and debt collection agencies, insurance brokers or financial and legal advisors) for our assessed legitimate interests to maintain, build and protect our business.
      12. to record and maintain certain Personal Data required to fulfil our legal obligations under the GDPR as a result of a request raised by you to us.
      13. to verify information (including Personal Data) that you have provided us with in connection with transactions, we will share Personal Identifiers, Contact and Transaction Data with third parties for our assessed legitimate interests to verify the accuracy of such information including possibly using restricted party screening (RPS).
      14. to apply or enforce this Third-Party Privacy Notice, we may require to collect, use, share or store Personal Identifiers, Contact, Transaction, Technical, Usage and Marketing and Communications Data for our assessed legitimate interests to enforce our Third-Party Privacy Notice and to otherwise comply with the law.
      15. to comply with laws, law enforcement agencies (such as fraud prevention agencies) and pursuant to regulatory requests, we may require access and use of your Personal Data for our assessed legitimate interest to detect and prevent crime and to prevent regulatory non-compliance and to otherwise comply with our legal obligations.
  9. MARKETING

    1. We provide you with choices regarding certain use of Personal Data, particularly around marketing and advertising. We may send you marketing communications if you engage with us in activities such as participation at trade booths and trade shows or attending one of our webinars or by engagement on our social media sites about the goods and services we offer and by requesting information from us. We will provide you with a mechanism to unsubscribe from receiving marketing communications.
    2. We will ask for your explicit opt-in consent to undertake certain marketing activities including if we intend to share your Personal Data with third parties for marketing purposes. We will also provide a mechanism for you to withdraw that consent at any time.
  10. AGGREGATED DATA AND ANONYMISED DATA

    1. We also collect, use and share aggregated data such as scientific, statistical or demographic data for business or regulatory purposes. Aggregated data may be derived from your Personal Data but is not considered personal data under applicable law as this data does not directly or indirectly reveal your identity.
    2. When you access our website, we may automatically collect Technical Data that is anonymised and not personally identifiable such as type of internet browser and computer operating system used; domain name of the website from which you came, number of visits, average time spent, pages viewed, search terms used, and search analytics. We may use this information to measure the use of our website and improve its content.
  11. HOW DO WE PROTECT YOUR PERSONAL DATA?

    1. Personal Data shall be kept as accurate, complete and current as necessary for the purposes for which it is to be used. We take several technical, organisation and administrative precautions to ensure appropriate security of your Personal Data, to guard against unauthorised and unlawful processing, and against accidental loss, destruction or damage. We will notify any relevant supervisory body for data privacy in the event of a data security breach in accordance with applicable laws.
    2. Please note that we use internal servers and cloud-based services hosted by third parties to store information. These third parties may work in a support and/or development role but are bound by confidentiality and non-use data protection obligations that are at least as restrictive as the terms of this Third-Party Privacy Notice. Where Personal Data is stored or processed outside of your local jurisdiction, it is subject to the laws of that foreign jurisdiction, and may be accessible to that jurisdiction’s government, courts or law enforcement or regulatory agencies.
    3. As a global organisation, Hexagon Autonomy and Positioning has an international network of offices.
    4. Where we transfer, including making available, your personal data outside of your home country, the transfer will comply with the applicable laws.
    5. For transfers from the European Economic Area: we will only transfer your data to the recipient that is either located in a country that offers an adequate level of data protection as determined by the European Commission or has entered into EU Standard Contractual Clauses with us after we have ensured through a data transfer impact assessment and/or implementation of supplementary measures that the recipient can comply with them.
    6. For transfers from the UK: we will only transfer your data to the recipient that is either located in a country that offers an adequate level of data protection as determined by the UK adequacy regulations or has entered into UK Standard Contractual Clauses with us after we have ensured through a data transfer impact assessment and/or implementation of supplementary measures that the recipient can comply with them.
  12. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

    1. We will keep your Personal Data for only as long as is necessary to fulfil the purposes for which it was collected. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you all in accordance with our data retention policy.
    2. Our data retention policy has been determined by considering the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and considering the applicable legal, regulatory, tax, accounting or other requirements and whether we need to keep it to protect you or us.
  13. YOUR RIGHTS

    1. You may have certain rights under applicable law relating to your Personal Data. Where applicable: you are entitled to know and have access to the Personal Data we are processing about you and to receive copies of Personal Data or have it transferred to third parties; you are entitled to have incorrect Personal Data about you corrected; and in some cases, you may request that we delete or refrain from certain processing of your Personal Data. However, deletion or limitation of your Personal Data may result in Hexagon Autonomy and Positioning not being able to fulfil its commitments to you or your employer.
    2. You have the right to object to any processing of Personal Data which includes automated profiling and for direct marketing purposes that we may carry out on grounds relating to your individual situation unless we can demonstrate compelling legitimate grounds for us not doing so.
    3. Any requests to exercise the above rights must be made in writing to the address below or by email to the Privacy Mailbox. Upon receipt of your request, you will be required to verify your identity. Any such documentation provided shall be used for verification purposes only. Hexagon Autonomy and Positioning will respond to an individual’s rights to Personal Data within thirty (30) days of receipt of the request but may be permitted to an extension of that time under applicable privacy legislation. Where permitted by law, a fee for reasonable costs incurred may be charged when responding to more complex requests. You will be informed of any applicable fee prior to processing such request. Hexagon Autonomy and Positioning will be as specific as possible when describing to which third parties and to whom it has disclosed Personal Data. Hexagon Autonomy and Positioning may not always be obliged to comply with a request received from you for deletion, restriction, objection, transferral or portability for specific legal reasons which will be notified to you at the time, where applicable.
  14. FOR CALIFORNIAN RESIDENTS ONLY

    1. As used in this section: “personal data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household; “consumer” means a natural person who is a Californian resident; ‘processing’ means any operation or set of operations that are performed on personal data or on sets of personal data, whether or not by automated means; and, “sell’ means selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating orally, in writing or by electronic or other means, a consumer’s personal data by the business to another business or a third party for monetary or other valuable consideration
    2. While processing personal data that you, a consumer, supply or is collected by us in connection with you, we agree to comply with all applicable data protection laws, including the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”).
    3. To the extent that we receive from you any personal data for processing on your behalf, we shall:

      1. not sell your personal data;
      2. retain, use and disclose the ‘personal data’ only as permitted by the CCPA;
      3. not retain, use or disclose the ‘personal data’ for any purpose other than specified; and
      4. promptly, and, in any case within ten (10) days of receipt, comply with any written instructions in connection with responding to requests of consumer’s exercising their rights under the CCPA and CPRA.
  15. CHANGES TO OUR THIRD-PARTY PRIVACY NOTICE

    We keep our Third-Party Privacy Notice updated and under regular review to ensure it is accurate and in compliance with all applicable laws. As such, we will update this Third-Party Privacy Notice from time to time. To find out when we last reviewed our Third-Party Privacy Notice, please check the revision date. If we make any material changes to this Third-Party Privacy Notice, we will update the revision date and post a notice on our website with a link to the updated Third-Party Privacy Notice.
  16. HOW TO CONTACT US

    Any questions, enquiries, requests or complaints concerning compliance with this Third-Party Privacy Notice should be emailed to the Hexagon A&P Privacy Officer at our Privacy Mailbox.

    If you would prefer to contact us in writing, please direct your mail to the Privacy Officer at the address below:

    Privacy Officer
    Hexagon Autonomy and Positioning
    Veripos House
    1B Farburn Terrace
    Dyce
    Aberdeen, UK

    Should you not be satisfied with the response you receive, you may have recourse to additional remedies under applicable privacy legislation. For further information, please contact your local supervisory body for data privacy. If you would like help determining your applicable supervisory body for data privacy, please email us at our Privacy Mailbox.

1 The Hexagon Autonomy and Positioning division consist of NovAtel Inc., NovAtel America, Inc. Antcom Corporation, Autonomous Stuff LLC, Veripos Limited, Veripos (Singapore) Pte Ltd, Veripos (Australia) Pty Ltd, Veripos (US) LLC., Veripos Brasil Ltda, Veripos de México, S. de R.L. de C.V. and TerraStar GNSS Limited, that serve as controller, joint controller or controller in common or processor as the case dictates. Hexagon Autonomy and Positioning has put in place safeguards through technical and organisational measures, and intercompany agreements to manage the flow of information within its division.