Privacy policy

When you contact Oxa, you trust us to look after any personal data we need you to give us. This Privacy Policy is meant to help you understand what the data is that we collect from you, why we collect it and what we do with it. This is important, so we hope that you take the time to read it carefully.

1. How do we collect data?

We collect and combine personal data from the following sources:

Information you provide to us

You may provide us with personal data by filling in forms on our website, submitting information to one of our product or service portals, meeting with us, or contacting us via post, telephone, email, chat or other forms of communication.

Information we collect ourselves

When you visit our website, we may automatically collect information about the device you are using and the way that you use the site or portal.

As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.

Our vehicles are fitted with multiple cameras that capture video footage of the surrounding road and traffic environment in which the vehicle is manoeuvring to inform navigation, with no facility for identifying individuals.

Information we receive from others

We may receive personal data from publicly available sources and other organisations such as advertisers, suppliers, service providers, trade agents and resellers. If you apply for a job with us, we may receive information from recruitment agencies, employment background screening agencies and your named referees.

We may receive personal data about you from various third parties and public sources including: social media platforms, our own corporate prospect/client databases or online or offline research referrals.

2. Information we collect

We collect the information that is necessary to conduct our business, to provide the services you have requested and to keep you informed. We may also use the information you provide to communicate with you about our products and services.

We may collect, use, store and transfer different kinds of personal data about you:

  • Identity Data: including first name, last name, social media handle or similar identifier, title, date of birth.
  • Contact Data: including billing address, postal address, email address, and telephone numbers.
  • Financial Data: including bank account and payment card details (we only use this data for payment processing purposes).
  • Transaction Data: including details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data: including internet protocol (IP) address, traffic data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and other communication data which gives us information about how you accessed our website.Usage Data: including information about how you use our website, products and services.
  • Marketing and Communications Data: including your preferences in receiving marketing from us and your communication preferences.

We do not hold any “special category” data about you (such as data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union memberships, data about your health and genetic and biometric data).

No personal data is collected by the vehicle cameras, other than road/street scene images that may include pedestrians.

3. How we use the information we collect

If you apply for a job with us, we may use the personal data you provide during the recruitment process for evaluating your suitability for current and future employment opportunities, record keeping in relation to recruiting, and improving our recruitment processes.

If you accept an offer of employment with us, any relevant personal data collected during the recruitment process will become part of your personnel records. In other cases, we will retain your information on file for a period of 24 months. At the end of this period, we may contact you to ask if you would like us to retain the information for a further period.

Other ways we use your personal data:

  • To verify your identify and entitlements to our products and services when you contact us or access our services.
  • To supply services to you.
  • To send statements and invoices to you and collect payments from you.
  • To provide commercial quotes to you.
  • For statistical analysis (e.g. on the use of our website).
  • To operate and improve our website and services.
  • To notify you of any changes to our website or our services and products which may affect you.
  • To ask your opinion or feedback on our services or industry questions.
  • To enforce our legal rights or comply with legal requirements.

We will only use your personal data when the law allows us to. We will typically use your personal data in the following circumstances:

  • Where it is in our legitimate interests, including our commercial interests in operating as a business. We make sure that we consider and balance any potential negative impact on you and your rights before we process your personal data.
  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where we need to comply with a legal or regulatory obligation.

Vehicle camera data will be processed to extract visual information for use in vehicle navigation alone, with no facility for identifying individuals. Video footage from the cameras may be shared with the parties set out below:

  • Insurance partners, for the purpose of reviewing road, traffic and weather conditions as input to insurance research and related calculations.
  • Technical partners, for the purpose of validating visual data for use within the navigation software. These images are not used to identify individuals.
  • Oxford Robotics Institute, for the purpose of supporting their involvement within the DRIVEN project.

4. How we protect Personal Data

Oxa maintains physical, technical and procedural safeguards to protect your personal data and ensure that it doesn’t get lost, and to secure it from unauthorised access, copying, use, modification or disclosure.

Data may be transferred outside of the EU for the following purposes:

  • Oxa data storage
  • Where Oxa service providers operate services outside of the EU
  • To further business interests

Where any of the above apply, we will ensure that such transfers are made in compliance with data protection laws in force and that your rights under the relevant legislation are not compromised.

5. Data Breaches

If we are made aware of any data breach resulting in the loss or theft of your Personal Data, we will report it to the Information Commission within 72 hours of us being aware of the breach.

The ICO (the Information Commissioners Office) is a non-departmental public body which reports directly to Parliament. The Data Protection Act 1998 requires every data controller who is processing personal information to register with the ICO. In the event of a serious breach of personal data, Oxa has obligations to the ICO and the data subject impacted by the breach.

6. How long we keep your information

Oxa has a policy to keep most Personal Data in line with regulated statutory retention periods and only for as long as it is strictly necessary. For clarity, your personal data is held for a period of 24 months, or for such longer period required by law or otherwise necessary to defend or exercise our legal rights. At the end of this period we may contact you to ask if you would like us to retain the information for a further period, after which we will either delete or anonymise the personal data.

Vehicle camera footage is retained indefinitely for the active lifetime of the data used for navigation.

7. How can I find out what Personal Data you have about me?

You have a right to know what personal data we hold about you, a right to rectify it if it’s wrong and a right to delete it. Should you wish to know what the information is, or manage or delete the information, please contact us at the following email address: privacy@oxa.tech

We will respond without delay and within 1 month of the request, or you can write to us at:
Oxa, 8050 Alec Issigonis Way, Oxford Business Park North, Oxford, OX4 2HW

If you are unhappy with the way Oxa process your personal data, you have the right to complain to the Information Commissioner’s Office (ICO).