We respect your right to privacy and will only process your personal information in accordance with applicable data protection and privacy laws.
This Policy explains how Mapillary collects, stores, uses and discloses information from you when you submit Content to and use Mapillary products, services, mobile applications and websites. This Policy applies to users of the Mapillary "Service", defined as the services, APIs, and functionality we make available either through our website at www.mapillary.com and related site pages, including https://www.mapillary.com/app (the "Website"), via private sites or repositories, or through third party sites that utilize our services and functionality, as well as through our mobile application (the "App").
This Policy does not apply to websites, applications, or services that do not display or link to this Policy or that display or link to different privacy statements; nor does this Policy apply to practices of companies that we do not control or to people we do not employ or manage.
It may be possible for you to browse certain parts of the Website without telling us who you are or revealing any information that enables us to directly identify you as an individual. However, you may lose anonymity once you give us personal information about you. In particular and as applicable, this applies to any personal data you voluntarily submit in your bio/profile page and the geolocation data indexed to photos submitted.
B. Information Collected
When you register for an account, and in the course of your use of the Service, we collect and process the following Personal Data attributable to you as a user:
If you visit our website without being a registered user of the Service, we collect and process the following Personal Data attributable to you:
Here is a list of the cookies that will be used and installed as essential, as well as those that may be used and installed on your computer or device with your consent (optional).
User authentication—these cookies allow us to customize the Website based on your login status (i.e. whether you're signed in or signed out of your Mapillary account).
Site analytics—these cookies help us to understand how visitors use our Website, so we can improve how the Website works.
C. Our Use of Information
We process the Personal Data listed in section B (a), (b) and (j) to resolve disputes, collect fees and enforce our terms and policies. This processing is done on the basis of our legitimate interest of overseeing, monitoring and properly policing our Service.
We process the Personal Data listed in section B (e) - (i) to analyze user behavior in order to understand user preferences, for product development and training purposes, to troubleshoot problems and to enhance your experience and enjoyment using our Service and Website. This processing is done on the basis of our legitimate interest of improving and developing our Service.
Within the scope of Capture Projects and the Mapillary Marketplace, we process your live geolocation data (section B (k)), whilst you are collecting images for a Requester/Organization. This live geolocation data is only processed to provide our Services within Capture Projects and the Mapillary Marketplace, and to facilitate the Requester’s/Organization’s supervision of the task they have assigned to you. Such processing is done on the basis of your explicit consent.
If you visit our Website we process the Personal Data listed in section B (l) - (n) to analyze the flow of visitors to our Website, to customize our Service, optimize user interfaces and to measure promotional effectiveness. This processing is done on the basis of our legitimate interest of developing and improving our Website and Service.
Face and plates included in submitted Content
If any Personal Data attributable to you is included in submitted Content, we will process such Personal Data in order to properly provide our Service. This processing is done on the basis of our legitimate interest of providing our Service. In order to protect your personal integrity, we automatically blur any faces and vehicle license plates in any submitted Content before it is posted to the Website.
We only store your Personal Data as long as it is needed for the purpose for which it was collected. In relation to our registered users we will keep the Personal Data listed in section B (a) - (j) only as long as you are registered as a user. However, after you de-register as a user we may process such Personal Data as is necessary for us to fulfill an agreement with you, or such Personal Data as we are required to keep by law.
In order for us to provide our Service and for the purposes described in this policy, we will keep any submitted Content, as well as data and statistics regarding your use of the Service and geolocational data included in the Content, indefinitely. However, we will remove all information in relation to such Content, data and/or statistics, which connects it to you as a user. Furthermore, we do not store the live geolocational data in section B (k) after the completion of the project or Task to which the live geolocational data pertains in any other form than the metadata accompanying any images contributed.
Personal faces and vehicle license plates in all submitted Content are automatically blurred before being posted to the Website, in order to respect and protect the personal integrity of any persons pictured. However, we will always keep a clean master version of the Content for 6 months after the Content was submitted, and for so long as permitted by applicable law. This is done for the purpose of product development, including training and improving the blurring algorithm, and in case the Content would contain important information to us, you, or our customers, that our algorithm accidentally blurred. In order to protect the personal integrity of any persons pictured, the master version of the Content is stored as strictly controlled confidential information in such a way that only a select number of Mapillary employees and authorized persons have access to it. We also employ strict guidelines for our moderators regarding what Content, and what Personal Data included in such Content, that we are allowed to keep and post to the Website.
We may use and provide data and information to our partners and customers for commercial purposes after we have removed your name or any other personally identifying information from it, or have combined it with other people's data in a way that it is no longer associated with you.
You have the option of submitting Content and using the Service anonymously as the user name and e-mail address you submit may certainly be created specifically to avoid identifying you as an individual. If you do not submit a valid e-mail address however, this may interfere with your use of the Service through i.a. loss of relevant notifications. However, we cannot guarantee absolute anonymity and make no guarantee that other users will never be able to determine your identity, such as (without limitation) by observations of your activity, the manner in which you express yourself, and other patterns of conduct or behavior. Moreover, all of your activities on the Service will be traceable to your username, from which your actual identity may be known. Notices may be sent to other users regarding suspicious activity and policy violations and refer to usernames and specific items. Please understand that if you link your name with your username or e-mail address, others will be able to personally identify your activities.
Further, we may use Personal Data to respond to legal requirements, in connection with a merger, sale of assets, or other similar corporate transactions, to respond to claims that Content violates the rights of others, or to protect the rights, property, or safety or any person.
Your choices regarding our use of your Personal Information for marketing purposes
If you no longer wish to receive marketing-related emails from us on a going-forward basis, you may opt-out of receiving these marketing-related emails by following the unsubscribe instructions in any such message, or by emailing us at firstname.lastname@example.org. We aim to comply with such request(s) as soon as reasonably practicable. Please note that if you do opt-out of receiving marketing-related emails from us, we may still send you administrative messages; you cannot opt-out from receiving administrative messages.
D. Personal data within Capture Projects and the Mapillary Marketplace
This Policy applies to such processing of Personal Data over which Mapillary is the data controller pursuant to the GDPR. However, for Marketplace or Capture Projects, Mapillary, and the Organization/Requester for which images are collected, will be joint controllers in relation to the processing of personal data within the scope of such Services.
If the Requester/Organization is a private individual acting in their private capacity, Mapillary is instead the sole data controller of personal data processed within the scope of the Mapillary Marketplace or Capture Projects, and this Policy (except for this section D) applies to that processing.
E. Sharing Information
We do not disclose, sell or rent your Personal Data to third parties for their marketing purposes without your prior consent. If you do consent but later change your mind, you may contact us and we will cease any such activity. We only share your Personal Data as follows:
(i) at your direction and control via your normal and intended operation of the Service, or with your consent, for example, when you agree to our sharing your Personal Data with other selected third parties for their own marketing purposes subject to their separate privacy policies;
(ii) with service providers, consultants or similar contractors, Requesters/Organizations (within the scope of Capture Projects or the Mapillary Marketplace), or third parties who provide services or content in connection with our Service in order to support or enhance our or such parties’ products and services or our or such parties’ business operations, or to make available and consummate initiated transactions;
(iv) under written obligations of confidentiality, in connection with or during negotiation of any merger, financing, acquisition, or dissolution, transaction, or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another company.
We may also share and disclose Nonpersonal Data for the same purposes as described above.
When other companies, e.g. our service providers, process your Personal Data on our behalf, we always enter into binding data processing agreements that ensure that your Personal Data always enjoys the same level of protection as under this Policy.
F. No Guarantee of Security
We apply appropriate technical and organizational safeguards and take all reasonable steps to help protect your Personal Data in an effort to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction. However, no one can create a completely secure website, app or service and third parties may unlawfully intercept, steal or access transmissions or private communications. Therefore, we cannot guarantee that your Information or private communications that you transfer over the internet to us will always be secure or remain confidential.
Your password deserves careful thought and protection. Use unique numbers, letters, and special characters and do not disclose your password to anyone. You shall not share your password or your personal sign-in credentials with others, and please remember that you are responsible for all actions taken in the name of your account. If you lose control of your password, you may lose substantial control over your personal information and may be subject to legally binding actions taken on your behalf. If your password has been compromised for any reason, you should immediately access your profile to change your password and notify us immediately at email@example.com.
H. International Transfers
We may process Information on servers located in a number of countries. Accordingly, we may share Information with our service providers and affiliated companies for such companies to carry out any of the activities specified in this Policy. We may also subcontract processing to or share Information with third parties located in countries other than your home country. Information collected within the European Economic Area, for example, be transferred to, and processed by our affiliates or other third parties identified above that are located in, a country outside of the EEA. However, regardless of country, we will always process Information in accordance with this Policy. In respect to our service providers, we will always enter into a data processing agreement that ensure that their processing gives the same level of protection to your Personal Data as this Policy.
In addition to the above, any transfer of Personal Data from the EEA to a third country outside the EEA, will only be made if permitted by the applicable EU data protection regulation. This means that we will only initiate such transfer of Personal Data if the receiving country outside the EEA has been deemed by the EU Commission to ensure an appropriate level of protection, if we have entered into the Commission’s standard data protection clauses with the receiving company, or if there are other safeguards in place that permits such a transfer. You can receive a copy of such safeguards by e-mailing firstname.lastname@example.org.
The Services are not directed at or intended for children under sixteen (16) years of age, and we do not knowingly collect Personal Data from such children. If you believe that we might have any Personal Data from a child under 16 years of age, please contact us at email@example.com.
J. Policy Changes
We may amend this Policy from time to time. If we make any changes to this Policy, we will post the amended terms on Mapillary.com, change the "Last Updated" date above, and where appropriate, notify you by email or via our other notification mechanisms.
K. Your Information, Rights and Choices
You have the right to ask us not to process your Personal Data for marketing or promotional purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You may also opt out of receiving promotional emails from us by following the instructions in the emails themselves or by emailing firstname.lastname@example.org. If you opt out, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations.
You can see, review and change your personal information by logging into the Service or by contacting us at email@example.com. You should promptly update your personal information if it changes or is inaccurate.
You have the right to receive confirmation on whether or not we process Personal Data concerning you, and in such cases get access to such personal data and also information regarding the personal data and how we process it.
You have the right to have inaccurate Personal Data concerning you rectified without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data about you completed.
You have, under certain circumstances, the right to have Personal Data concerning you erased, for example if the Personal Data are no longer necessary in relation to the purposes for which they were collected or if the personal data have been unlawfully processed.
You have the right to withdraw a consent provided by you at any time by contacting us. If your consent is withdrawn, we will no longer process your personal data for the purpose that you had given your consent to.
In some circumstances you have the right to obtain restriction of the processing of your Personal Data. For example if you contest the accuracy of the Personal Data, you can also require that we restrict the processing of your Personal Data for such a period that enables us to verify the accuracy of the Personal Data.
You have the right to object to processing of your Personal data that is based on our legitimate interests. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights and freedoms, in order to proceed with the processing of your Personal Data.
You have the right to receive the Personal Data relating to you and that you have provided to us, in a commonly used electronic format. You have the right to transmit that data to another controller (data portability).
You may always contact Mapillary at firstname.lastname@example.org if you have any questions or comments regarding our processing of your Personal Data. You also have the right to complain about the processing of your Personal Data by lodging a complaint to the relevant data protection authority.
You may delete your account any time by emailing email@example.com. Deletion is your sole means of terminating your account. We will in our own discretion keep Nonpersonal Data and explicitly the images submitted and the associated geolocation data which is required, if any, to maintain the uninterrupted and intended Mapillary Solution functionality. This Nonpersonal Data may be stored under a new username not attributable to you.
In addition to the above, you may opt-out of providing information via the App to Mapillary at any time by uninstalling the App using the standard uninstall process available on your mobile device or via the mobile application marketplace or store.
Please note that once you make a public posting, you may not be able to change or remove it.
If you have any questions about this Policy, please contact us and our data protection officer at firstname.lastname@example.org.
CALIFORNIA PRIVACY RIGHTS
If you are a California resident, California law may provide you with certain rights regarding our use of your personal information.
A. “Do Not Track” under the California Online Privacy Protection Act. We support “do not track” (a preference you may be able to set in your web browser to inform websites that you do not want to be tracked). We are not aware of any processes for others collecting personal information about your activities on our websites over time and across third party websites, apps, or other online services, nor do we knowingly collect information about your activities over time across third party sites and services.
B. California's "Shine the Light" law (Civil Code Section § 1798.83). This law permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to us at email@example.com.
C. California Consumer Privacy Act (CCPA). This part (C) serves as a privacy notice for California residents and applies solely to residents of California. This part is effective upon the effective date of enforcement of the CCPA. We adopt this policy to comply with the CCPA as of the effective date of this policy, and any terms defined in the CCPA have the same meaning when used in this notice. Note that provision of this CCPA notice is not an admission on our part that we are a “business” within the meaning of the CCPA, and nothing in this policy may be construed as such an admission.
Personal information we collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person (“personal information”) that falls within the following categories of personal information, and have done so within the last 12 months:
|Identifiers||A real name, postal address, unique identifier, online identifier, Internet Protocol address, email address, and account name.|
|Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))||A name, address, telephone number; identification numbers; financial details|
|Commercial information||Records of services purchased, obtained, or considered, or other transaction histories|
|Internet or other similar network activity||A consumer’s interaction with a website; browsing and search history.|
Personal information does not include: (a) publicly available information from government records; (b) deidentified information or aggregate consumer information; (c) information excluded from the CCPA’s scope; and (d) personal information covered by certain sector-specific privacy laws.
We obtain the categories of personal information listed above from the following categories of sources:
Our use of personal information
We may use or disclose the personal information we collect for the purposes set forth in this policy, and one or more of the following business purposes:
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We do not sell personal information of consumers to businesses or third parties (as the terms “sell”, “consumers”, “businesses” and “third parties” are defined in the CCPA).
Sharing personal information
We may disclose any or all of the categories above of your personal information to a third party for a business purpose, as set forth in this policy, and we have done so in the last 12 months. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. The CCPA prohibits third parties who purchase the personal information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.
We disclose your personal information for a business purpose to the following categories of third parties:
Your rights and choices
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you (unless an exception applies):
We do not provide these access and data portability rights for B2B personal information to the extent such an exception remains in effect under the CCPA.
Deletion request rights
California residents have the right under the CCPA to request that we delete any of their personal information that we have collected and retained, subject to certain exceptions. Once we receive and confirm a verifiable consumer request (see below), we will delete (and direct our service providers to delete) relevant personal information from our records, unless an exception applies (such as the B2B exception referenced above).
We may deny California residents’ deletion request if doing so is permitted or required by applicable law, or if retaining the information is necessary for us or our service provider(s) to:
Verifiable consumer request
To exercise the access, data portability, and deletion rights under the CCPA described above, please submit to us a verifiable consumer request as set forth above.
Only a California resident, or a person registered with the California Secretary of State that a California resident has authorized to act on their behalf, may make a verifiable consumer request related to their personal information. A California resident may also make a verifiable consumer request on behalf of their minor child.
A verifiable consumer request for access or data portability can only be made twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify the California resident about whom we collected personal information or an authorized representative, and contain sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account on our website. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
We will endeavour to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Except as permitted by the CCPA, we will not:
(Effective Date: 12 March 2020)