As you made your way to this privacy statement, it appears that you care about privacy – and so do we. We therefore pursue a privacy-by-design approach you can read about here.

As we apply the same high standards to our privacy policy as we do to the quality of our products, we do not wish to leave any questions unanswered. We therefore set-up the following data privacy statement for the use of our iw.hub robot. We aim to make it as comprehensive yet straightforward to understand as possible.

In the following, we provide you with the answers to:

IDEALworks GmbH, Riesstraße 22, 80992 Munich, domicile and court of registry: Munich HRB 260546 (hereinafter “idealworks” or simply “we”) is the data controller in the meaning of the General Data Protection Regulation (hereinafter "GDPR”). We are responsible for the data processing as well as the measures to ensure data protection as described in the following.

The iw.hub robot is equipped with a camera that collects images during operations. As the robot is employed in various environments, it might capture natural persons while doing so. These images are considered personal data according to GDPR.

As we follow a strict data-minimization approach, no further personal data is collected on the iw.hub. Instead, we rely on the processing of “non-human-readable” and therefore non-personal data like depth images or LiDAR data wherever we can.

The iw.hub robot autonomously navigates within a variety of sites like logistic centers or warehouses. As each use case differs, the robot needs to perceive and understand differing environments to appropriately interact with its surroundings. Many functionalities (for example distance estimations or detection of specific objects) can be based on non-personal data like LiDAR or depth images.

To provide our customers with an even more reliable driving behavior, we developed features that enable the robot to constantly recognize as well as remember different obstacles in its environment. These functionalities are based on pre-trained artificial neural network models. As common scenarios which the robot encounters can strongly differ, these models need to be fine-tuned during operations for optimal performance. Here, non-personal data no longer suffice.

The fine-tuning is done by feeding the models images the robot collects while executing its daily tasks. These images are referred to as training data. By continuously refining our models through up-to-date training data, we can ensure that our robot’s interactions with its surroundings are tailor-made for each customer’s use case and achieve most appropriate and dependable autonomous behavior.

The images are initially stored on the robot’s local file system that can only be viewed by the customer operators who are granted access rights on the robot. After a dedicated amount of time and when operations allow for it, the images are securely uploaded to a bucket on a cloud server using the customer’s wifi network.

After the upload, the images on the robot are deleted. In case the upload should not be feasible for an extended period of time, the images will nevertheless be auto-deleted on the robot after 30 days.

On the server, an anonymization service then fetches the images. This service detects and subsequently removes all natural persons pictured in the images. The fully anonymized images are then moved to a separate bucket and used to train and enhance the models. If the images are not fetched for anonymization within 30 days, they are auto-deleted from the bucket.

As the resulting data can no longer be related to a natural person, the anonymized images are not considered personal data and any further processing does not fall under the scope of GDPR. The processing of your personal data is therefore limited to the collection, storage, upload, and anonymization of collected images.

We execute every processing step in an appropriate and secure way to protect your privacy. For this purpose, we exclusively rely on state-of-the-art methods and technologies. In the following, you can find out how we assure data privacy step-by-step along the processing chain.

The images are saved on the robot’s local file system in encrypted form. The folder containing the collected images is password-protected and we encourage the customer to only share this password with trained employees on a need-to-know-basis. This folder is not accessible by idealworks.

The upload of the images to the cloud server is done through the customer’s private wifi network and fully encrypted using the TLS standard.

On the cloud server, the images are again stored in encrypted form. The cloud-bucket cannot be accessed by any employee’s account, but the root user. Only the algorithm that fetches the image data for anonymization can load the raw images data.

The images are anonymized using state-of-the-art AI-based algorithms. The employed models are pre-trained and use-case refined by idealworks. The algorithm is trained to detect any (partially) pictured person within an image. The detected pixels are then blackened in a subsequent processing step.

To assure full anonymization, the images are then once more passed to the AI-models trained for detecting humans. This way, we can double-check if all relevant pixels were successfully blackened. If the models detect any remaining pixel-sets they classify as belonging to a person, the picture is deleted and not kept as potential training data.

As we do not intend to ever identify any natural person within the collected images, we additionally clear the anonymized images of any meta-data that might facilitate identifying a natural person. This includes the exact time of when and location of where the picture was taken.

For further information on the code the anonymization is based on, please refer to the GitHub repository: BMW-InnovationLab/BMW-Anonymization-API.

Due to the applied auto-deletion regimes, the images remain on the robot for a maximum of 30 days and a maximum of 30 days in the bucket they were initially uploaded to. In total, any personal data is therefore kept for no longer than 60 days.

For storing our data, we rely on the infrastructure of our cloud computing provider that fully commits to GDPR-compliance and applies state-of-the-art security measures. We assure that all our acquired processing services are based on EU servers.

The legal basis for the collection and processing of the images as described above is the legitimate interest of idealworks pursuant to Art. 6 (1) lit. f GDPR.

Our legitimate interest in the processing of image data results from our interest in further developing and enhancing our robot’s navigation features. Also, after the initial release of a feature, the processing of image data remains relevant to develop and validate updates for the released software.

Additionally, we have a keen interest in continually improving our robot’s situational awareness to reduce bottlenecks and enable smooth operations. Developing and refining methods to assure safe cooperations of humans and robots at the same site could serve the interest of the general public.

As the party affected by the processing of your data, you may claim certain rights under the GDPR and other relevant data protection regulations. If you wish to execute any of your rights listed below or have any other questions regarding our privacy policy, please contact us with your concern by sending an email to [email protected].

In certain situations, we may be unable to respond to your request as a data subject due to legal requirements or information available to us. For instance, we may not be able to retrieve images of pictured persons without additional information. Since the persons captured by the robot cannot be identified without additional information, and since such identification is neither necessary nor ever intended for the purposes pursued by idealworks, we are prevented by law from carrying out additional data processing for the purpose of identification. In such cases, your rights under Art. 15 to 20 GDPR may not be applicable.

Your data subject's rights may only apply if you provide us with additional information which enables us to clearly identify you. Even with this additional information, we may not be able to verify your entitlement to access or delete the data, since we do not identify any persons in the images and would therefore not know who the data subjects on the images are, and your data subject rights are restricted due to rights of others or the need to keep the data for reasons of law.

Under the GDPR, you are entitled to claim the following specific rights vis-à-vis idealworks as the data subject:

You have the right to request information on the data we hold about you from us at any time. This information includes, but is not limited to, the categories of data we process, the purposes for which it is processed, the source of the data if not collected directly from you, and, if applicable, the recipients with whom we have shared your data. You can obtain a copy of your data from us free of charge.

You have the right to request that we rectify inaccurate data relating to you. Images are by nature "correct" because they represent a photographed person in reality. We will not edit images prior to their anonymization in any way so that the (briefly) stored data is accurate and up-to-date at any time.

You have the right to request that we erase your data, as long as the legal requirements for this are satisfied. This may be the case under Art. 17 GDPR if

You have the right to request that we restrict processing of your data if

You have the right to request that we transfer your data – if technically possible – to another responsible party. However, you may only enforce this right if data processing is based on your consent or is necessary for the performance of a contract. Rather than receiving a copy of your data, you may also ask us to submit the data directly to another responsible party specified by you.