Ottometric – Accelerating ADAS Validation and AV Training
Contact us
Contact us

Copyright © 2026 Ottometric LLC. All rights reserved.

Ottometric & GDPR

Last updated 31 December, 2025

Ottometric, Inc. (“Ottometric”, “we”, “us”, or “our”) is committed to protecting personal data and supporting our customers’ compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable privacy laws. This page explains, in plain language, how we approach GDPR as it relates to our website, our data‑driven ADAS/AV platform, and our customer relationships.

For full legal details, please refer to our Privacy Policy and Cookie Policy.

1. Roles and responsibilities

Depending on the context, Ottometric may act as:

  • Data controller For personal data collected through our websites, events, and direct communications (for example, when you fill out a contact form, sign up for a newsletter, or interact with our marketing content), Ottometric determines the purposes and means of processing and acts as the data controller.
  • Data processor For ADAS/AV datasets and related information that our customers upload to or generate within our platform, Ottometric typically acts as a data processor, processing data on behalf of the customer in accordance with our contracts and data processing agreements.

If you are unsure whether we are acting as a controller or processor in your specific engagement with us, please contact us using the details in our Privacy Policy.

2. Legal bases for processing

When we process personal data subject to the GDPR or UK GDPR, we rely on one or more of the following legal bases:

  • Consent – for example, when you choose to receive marketing communications or when non‑essential cookies are used on our website.
  • Contract – when processing is necessary to provide our platform and services under an agreement with you or your organisation.
  • Legitimate interests – when we process data to operate, secure, and improve our Services in ways that do not override your rights and freedoms (for example, aggregated product analytics, security logging, and fraud prevention).
  • Legal obligations – when processing is necessary to comply with laws, regulations, or lawful requests.
  • Vital interests – in rare cases, where processing is necessary to protect someone’s vital interests.

More detailed information about the purposes and legal bases for specific processing activities is set out in our Privacy Policy.

3. Your GDPR rights

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have certain rights in relation to your personal data, subject to applicable law:

  • Right of access – to request confirmation of whether we process your personal data and to receive a copy.
  • Right to rectification – to request correction of inaccurate or incomplete data.
  • Right to erasure – to request deletion of your personal data in certain circumstances.
  • Right to restriction – to request that we temporarily or permanently stop processing all or some of your personal data.
  • Right to object – to object to processing based on legitimate interests or to direct marketing.
  • Right to data portability – to request a copy of your personal data in a structured, commonly used, machine‑readable format.
  • Right not to be subject to decisions based solely on automated processing, including profiling, that have legal or similarly significant effects, except where permitted by law.

To exercise your rights, you can submit a data subject access request using the link provided in our Privacy Policy or contact us at the email address listed there. We will review and respond to all requests in accordance with applicable data protection laws and may need to verify your identity before acting on your request.

You also have the right to lodge a complaint with your local data protection authority.

4. International data transfers

Ottometric is a global company. This means your personal data may be processed in countries outside of the EEA, UK, or your country of residence, including the United States and other locations where we and our service providers operate.

When we transfer personal data from the EEA or UK to countries that do not have an adequacy decision from the European Commission or UK authorities, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms, as required by applicable law.

Additional information on international transfers and the safeguards we use is available in our Privacy Policy.

5. Data security and ADAS/AV datasets

Our platform helps customers work with large volumes of real‑world driving data, which can include information that is subject to GDPR, such as images, video, location, or other identifiers.

To protect this data, we implement appropriate technical and organisational measures, which may include:

  • Encryption of data in transit and at rest where appropriate.
  • Role‑based access control and the principle of least privilege.
  • Logging and monitoring of access and system activity.
  • Secure development and change‑management practices.
  • Vendor due diligence and contractual safeguards for sub‑processors.

Customers can further support GDPR compliance by using features that enable data minimisation, structured workflows, and traceability across the development and validation lifecycle. Details of our security measures and data‑processing commitments are available in our contracts and, where applicable, in our data processing agreements.

6. Cookies, analytics, and consent

When you visit our website from the EEA, UK, or other regions with similar requirements, we only set non‑essential cookies (such as analytics and marketing cookies) after obtaining your consent through our cookie banner or preferences tool.

Our Cookie Policy explains:

  • What types of cookies and similar technologies we use.
  • Which providers set cookies through our Services.
  • How you can manage your preferences, including withdrawing consent at any time via the “Cookie settings” link in the website footer.

For more information on how cookies relate to personal data, profiling, and your privacy rights, please see both our Cookie Policy and Privacy Policy.

7. Contact and further information

If you have questions about how we apply GDPR, your rights under GDPR, or our data protection practices more broadly, you can contact us using the contact details set out in the “How can you contact us about this notice?” section of our Privacy Policy.