Last updated July, 2020
We take your privacy seriously
Collection and Use of Personal Information
This Privacy Statement covers our privacy practices with respect to the collection, use, and disclosure of information obtained: (i) through the Locus website at www.locusrobotics.com (hereinafter, our “Website”); (ii) in connection with the use of our autonomous robotics solution (the “Subscription Service”) and related support services, including customer success and other professional services (the “Support Services”) that we provide to Customers, and (iii) in connection with human resource functions for our employees and prospective employees, as described below.
For the purposes of this Privacy Statement:
- “Customer” means any entity that purchases a license to any portion or component of the Services.
- “Customer Data” means the personal information uploaded into or otherwise made accessible to any portion of the Services by or for Customer or its Users, as further described below.
- “Services” shall mean, collectively, the Subscription Service and Support Services.
- “User” means an individual authorized by or on behalf of the Customer to access and/or make use of any portion or component of the Services, as further described in the Customer Agreement.
- “Visitor” means a visitor of the Website.
When you interact with the Websites or the Services, you consent to the collection, use and disclosure of information as described in this Privacy Statement. If you do not consent to the terms of this Privacy Statement, do not continue to interact with or use the Websites or the Services.
Due to the global nature of the use of the Websites and Services, our privacy practices may vary among the states, countries and regions in which we operate in order to comply with applicable legal requirements.
For all Visitors, Locus operates as the controller of your personal information. The following information applies to the personal information collected by Locus from Visitors of our Website. For information with regard to the Cookies we collect on our Visitors, please refer to Cookie Settings. For information with respect to any applicable data access rights, please refer to the section below: Your Rights and Choices with Locus as a Controller of your personal data.
What Personal Data do we collect?
The following information reflects information that we have collected about you over the past 12 months.
Personal Data Collected Directly from you
When you access, use and/or interact with our Websites, we directly collect information you voluntarily provide us, such as when you download content or contact us, which includes:
- If you express an interest in obtaining additional information about our services, use our “Contact Us” or similar features, request a demo, or download certain content, we may require that you provide to us your contact information such as your name, job title, company name, phone number, or email address.
- When you register or request further information or services from us or participate in interactive features of our Website.
- When you report a problem with our Website.
Information collected from third parties
Locus may collect and use information we receive from third parties in connection with your use of the Websites. For instance, Locus may use a third party for reporting and analytics to measure the effectiveness of our Websites and marketing efforts, and to identify areas for improvement.
- Information collected by our marketing service providers on our behalf, which are a variety of marketing lead generation service providers, marketing opt-in lists or data aggregators or professional event organizers
- Information shared with us by Locus business partners as part of their referral activities
- Public databases or other data you may have made publicly available, such as social media posts on professional networks and social media platforms; and
information shared with us by a third party who recommended you, once you have confirmed your agreement for us to keep and process such data (for the purpose of providing you with updates about Locus’s services).
Information we collect as you navigate through the Website
As you navigate through the Website, we also collect details about your visits to our Website including, but not limited to, your IP address, usage patterns, traffic data, location data, logs and other communication data and the resources that you access, as well as information about your computer and internet connection, including your operating system, mobile device and browser type.
Cookies and Other Forms of Automated Collection
What is a Cookie?
When you visit our Websites, we, or an authorized third party may place a small text file called a “Cookie” on your computer’s browser directory. Cookies are designed to collect information, which includes Personal Data, about your online activities over time and across different sites.
The following describes how we use different categories of cookies and similar technologies and your options for managing our collection of Cookies.
Different Categories of Locus Cookies:
The Cookies that Locus uses fall into the following categories:
- Necessary: Without these Cookies, we are unable to provide many services needed for the Websites to function (e.g. essential cookies to help protect the security of the Websites). Because these Cookies are required for the Websites to function, you cannot refuse them.
- Performance and Analytics: These Cookies track information about how the Website is being used so we can make improvements and report on the Websites’ performance. These cookies are designed to enhance the function, performance and services on the website, and may track behavior of Visitors for analytics and advertising purposes. These Cookies may either be first party Cookies (set by Locus) or third-party Cookies (set by authorized third parties). Our third party Cookies include the use of Google Analytics, Eloqua, Facebook and LinkedIn.
- Functional Cookies: These are Cookies used to enhance the performance of our Websites, and to remember information you entered, and choices you made with respect to our Websites, but are not essential to your use of the Websites. We may use our own technology or third party technology, including Eloqua to provide functional Cookies.
- Advertising Cookies: These third party Cookies are placed by advertising platforms or networks on our Websites in order to track ad performance, and to enable advertising networks to deliver ads that may be relevant to you based upon your activities (referred to as “re-marketing”). For more information on re-marketing, please see “Re-Marketing Activities” below. Locus contracts with third parties such as Facebook, and GoogleAds to support the advertising Cookies’ purpose.
Re-Marketing Activities: We use third-party pixels or web beacons on our Website to track activity for web analytics and for re-marketing activities. “Re-marketing activities” means that our third parties will continue to show ads to you across the internet but we will not be collecting any identifiable information about you through this remarketing system. The third-party vendors we use will place cookies on web browsers in order to serve ads based on past visits to our Website. This allows us to make special offers and continue to market our services to those who have shown interest in our service.
To change your cookie settings and preferences for the Website
Please refer to your browser tools for specific instructions. Here are a few of the more popular browsers:
How Do We Use the Personal Data Collected?
We may use Personal Data that we collect about Visitors for the following purposes:
- To protect the security of our Website.
- Enable the sharing of content across various social networks.
- Enhance the function, performance, and services on the Websites.
- To track the behavior of the users on the Websites.
- To present our Websites and their contents in a suitable and effective manner for you and for your computer.
- To diagnose and resolve technical problems with our Website.
- To improve our Websites.
- To provide you with information, products or services that you request from us.
- To notify you about changes to our Websites or obtain any required consent.
- To allow you to participate in interactive features of our Websites, when you choose to do so.
- For industry analysis, benchmarking, analytics, marketing, and other business purposes.
- To track your browsing behavior, such as the pages you visited over time.
If you ask us to contact you about our Services, we may use your Personal Data or permit selected third parties to use your Personal Data to provide you with such information. Visitors may withdraw consent for use of such personal data, at a later time by clicking on the “unsubscribe” or “Update Subscription Preferences” links located in the emails sent by Locus, or exercising their applicable Data Access Rights.
How Do We Share the Information Collected?
Subject to any applicable data privacy law, or regulation, we may share, disclose or transfer Personal Data that you provide to us via this Website, to the following third parties:
- To a buyer, investor, new affiliate, or other successor in the event Locus, or any affiliate, group or business unit thereof, undergoes a business transition, such as a merger, acquisition, consolidation, reorganization, divestiture, liquidation or dissolution (including bankruptcy), or a sale or other transfer of all or a portion of any assets of Locus or any affiliates or during steps in contemplation of such activities (e.g., negotiations and due diligence.
- We may also disclose your Personal Data to third parties to:
- Comply with any court order or other legal obligation.
- Protect the rights, property, or safety of Locus or others.
We do not sell, rent or trade information collected through the Website or the Services to third parties.
How long do we keep a Visitor’s Personal Data?
We may retain a Visitor’s Personal Data for the period of time which is consistent with the original purposes of collection, as determined in our sole discretion, and in accordance with our record retention policies. When determining the retention of your Personal Data, we will evaluate the amount, nature, and sensitivity of such Personal Data processed, the potential risk of harm from the unauthorized use or disclosure of your Personal Data, and whether we can achieve the purposes of the processing such personal data through other means, as well as applicable legal requirements. Upon the expiration of the applicable retention period, your Personal Data will be deleted. Any information we are unable to delete entirely from our systems will have measures in place to prevent any further access and use of such data.
International Transfer of Personal Data
Locus may store and process any information collected in connection with the Website in any country where we have facilities or in which we engage service providers. Because of this, your Personal Data may be processed outside of your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the EEA. We ensure that the recipient of your Personal Data offers an adequate level of protection, by complying with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce.
For all Customers and Users, Locus operates as the processor of applicable Customer Data. The following information applies to the Personal Data collected by Locus from Customers and Users of our Services. Data subject requests for Customer Data must be made through the applicable Customer as the controller of the Customer Data. Locus will comply with all data subject access requests in accordance with the provisions of the applicable contract between the applicable Customer and Locus.
What Customer Data do we collect?
We collect the following Customer Data from and/or about our Customers and Users (collectively, the “Customer Data”), including:
- General information, including a Customer’s company name and address, and the Customer’s representative’s contact information including name, email address, and telephone number (“General Information”) for billing and contracting purposes.
- Information our Customers and Users submit to us in connection with the use of our Services, including the User ID (can be pseudonymized or anonymized), Name (optional), picture of the user and language preference.
- Server logs in support of the Services, which may contain login and logout times, device identification numbers etc.
We also collect information that is not defined as Personal Data in providing the Services to Customers such as: (1) task data from the Customers’ warehouse management system including Task ID, Task Description, Task Type, Task Location and Quantities associated with the task; (2) performance or statistical data derived and/or generated from the operation of the Service, including pick/activity rates, location of picks/activities and timing of when the work is completed (the “Derived Data”). Such Derived Data may include User IDs if Customer chooses to store and report on Derived Data by User, however, the User ID can be pseudonymized or anonymized. Other than fulfilling specific data processing and/or reporting obligations for our Customers pursuant to Customer Agreements, all of this Derived Data collected, used, and disclosed will be in aggregate form only and will not identify any Customer or its Users, unless otherwise provided in a Customer Agreement.
How do we use Customer Data?
We use Customer Data to provide, maintain and improve the Services, including providing Support Services. Notwithstanding anything else to the contrary in this Privacy Statement, we will not use, disclose, review, share, distribute, transfer or reference any Customer Data except as permitted in the Customer Agreement, or as required by law.
What Cookies do we use with the Services?
- Authenticate your access to the Subscription Service
- Route a browser request to a specific node when multiple nodes are assigned
- Recognize you when you return to the Subscription Service
A User may refuse to accept the “remember me” cookie, which will then require a User to provide their username and password to log into the Subscription Service.
How Do We Share the Personal Data Collected?
As a processor of Customer Data, we only share the Personal Data collected in accordance with the Customer’s instructions, as permitted in the applicable Customer Agreement. Subject to any applicable data privacy and protection law and regulation, we may disclose Customer Data to third parties solely to:
- Comply with any court order or other legal obligation.
- Enforce or apply the terms of the definitive agreement between Customer and Locus pursuant to which the Customer purchased access to any portion or component of the Services (the “Customer Agreement”).
- Protect the rights, property, or safety of Locus, our Customers, Users or others.
We do not sell, rent or trade Customer Data with third parties.
How long do we keep your Personal Data?
We may keep Customer Data for the period of time which is agreed upon in the applicable Customer Agreement.
Communication Preferences and Choices and Accessing and Correcting Your Personal Data
Since each Customer is the controller of the Personal Data submitted to Locus as a processor, Users and such individuals must contact the applicable Customer administrator with any inquiries about how the Customer uses and discloses Personal Data and how to access or correct Personal Data contained in Customer Data. Locus will comply with all obligations agreed to between the relevant Customer and Locus to effectuate any data access rights a User may have with respect to the Locus’s processing of the relevant Personal Data.
Employee and Applicant Information
How Do We Obtain and Use Employee and Applicant Personal Information?
As a controller of our employees’ personal information, we collect personal information and sensitive personal information provided to us by you which may include, without limitation, name, address, email address, date of birth, gender, ethnicity, physical address, phone number, citizenship, education, employer (current or former), job title, passport number, driver’s license number, spouse or dependents, compensation, personal health information, payment instructions, credit card information, and EEOC data, in each case, collected only for Locus’ legitimate business purposes, including (1) the management and operations of our company, its functions and activities, (2) employee communications, including employee surveys, (3) maintaining a global directory, (4) carrying out obligations under employment contracts and employment, tax and benefits laws, and in connection with other working relationships or arrangements, (5) development and training programs, (6) assessing employee qualifications and performance, (7) managing employee performance, (8) determining employee compensation or payment, (9) managing the employee termination process, and (10) other general human resources purposes. Our European Union and Swiss Employees at the time of their employment are notified in detail how their personal information will be used. Employee information on health, performance evaluations, and disciplinary actions and other sensitive employee matters, whether it is stored manually or electronically, is accessible by other Locus employees only if necessary with respect to legitimate human resource functions or issues, and in accordance with applicable laws. Locus will obtain affirmative consent from an employee before using such employee’s personal information for any purpose other than as described above. Employees may decline to provide this consent, and employees may withdraw their consent at any time.
Employees may choose to voluntarily disclose personal information about family members, in which cases, such personal information shall be treated, for the purposes of this Privacy Statement, the same as an employee’s personal information. Employee personal information is never sold, leased, or rented to any third party.
In accordance with applicable law, employees may have the right to opt-out of disclosing their personal information provided that Locus does not need such personal information for a legitimate business purpose. Employees can contact our Human Resources Team at firstname.lastname@example.org or our Privacy Team at email@example.com if they wish to exercise these rights.
As a controller of our prospective employees’ personal information, we collect personal information and sensitive personal information provided to us by applicants or indirectly from third parties (e.g., LinkedIn, recruitment agencies or referrals from other third-parties) which may include, without limitation, name, address, email address, date of birth, gender, ethnicity, physical address, phone number, citizenship, education, employer (current or former), title, driver’s license number, spouse or dependents, compensation, payment instructions, and EEOC data only for legitimate business purposes, including (1) the recruiting and hiring of job applicants, (2) performing background checks and verifying references, (3) communications with the applicant, (4) assessing applicant qualifications and performance, (5) determining applicant compensation or payment, (6) other general human resources purposes. For information with respect to any applicable data access rights, please refer to “Your Rights and Choices with Locus as a Controller of your personal data” section.
How Do We Share Employee and Applicant Personal Information Collected With Third Parties?
Employee Personal Information
Employee personal information will never be disclosed to third parties except as follows: (1) to those retained by Locus as agents for the purposes set forth above, (2) where required pursuant to an applicable law or regulation, governmental or judicial order, or to protect the rights or property of Locus, (3) where authorized in writing by the employee, and (4) where the employee voluntarily provides personal information and the context makes it clear that such information will be provided to a third party.
Applicant Personal Information
Applicant personal information will only be disclosed to third parties as follows:
- Disclosure to our Service Providers: We use third party service providers to process your personal information to assist us in business and technical operations for applying for employment with Locus. Locus has data processing agreements with such service providers which provide specific instructions for processing and accessing an applicant’s personal information.
- Required Disclosure: We may release personal information about you to comply with a law or a subpoena, bankruptcy proceeding, or similar legal process. Such disclosure may include disclosing personal information about you, such as your name and contact information, to enforce our contractual rights, or to protect the rights and safety of Locus, our Customers, Users, and others, or as is reasonably necessary for litigation purposes.
- Disclosure in Event of Merger/Acquisition/Sale: If Locus is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred to the acquiring entity as part of the transaction, such transfer subject to applicable personal data protections.
How long do we keep your employee personal information?
We may retain an employee’s personal information for the period of time which is consistent with the original purposes of collection, as determined in our sole discretion, and in accordance with our record retention policies; provided, however, that the use of such data is retained in accordance with a legitimate business purpose. When determining the retention of your personal information, we will evaluate the amount, nature, and sensitivity of such personal information processed, the potential risk of harm from the unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing such personal data through other means, as well as applicable legal requirements. Upon the expiration of the applicable retention period, your personal information will be deleted. Any information we are unable to delete entirely from our systems will have measures in place to prevent any further access and use of such data.
How long do we keep your applicant Personal Information?
We may retain an applicant’s personal information for the period of time which is consistent with the original purposes of collection, as determined in our sole discretion, and in accordance with our record retention policies. When determining the retention of your personal information, we will evaluate the amount, nature, and sensitivity of such personal information processed, the potential risk of harm from the unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing such personal data through other means, as well as applicable legal requirements. Upon the expiration of the applicable retention period, your personal information will be deleted. Any information we are unbale to delete entirely from our systems will have measures in place to prevent any further access and use of such data.
International Transfers of Data
Where personal information is transferred from the EU or Switzerland to the US in the context of the employment relationship, we will cooperate in investigations by and to comply with the advice of the competent EU or Swiss Authorities, as applicable. See further details below.
Locus complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce (collectively, the “Privacy Frameworks”). Locus’s commitments under the Privacy Frameworks are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. Locus certifies that it follows the Privacy Shield Principles, which will supersede and govern should there be any conflict with this Privacy Statement. Please visit the official Privacy Shield website for more information and to view Locus’s certification: https://www.privacyshield.gov.
In accordance with the Privacy Shield Principles, Locus commits to resolving complaints about its data collection and use of your Personal Data. We can be contacted by email at firstname.lastname@example.org
with regard to any inquiries or complaints and we are committed to responding to your inquiry in a timely manner. Locus has committed to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you. Locus has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States, at no cost to you. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit the website https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Locus may transfer Personal Data received under the Privacy Shield to a third party. In such instances, the third party’s access, use, and disclosure of the personal data must also comply with our Privacy Shield obligations. However, Locus is ultimately liable for ensuring that the third party remains compliant with our obligations unless we prove that we are not responsible for the event giving rise to the damage.
Your Rights and Choices with Locus as a Controller of your Personal Data
Where Locus is considered a controller of your Personal Data under relevant data protection laws, you have certain rights relating to the Personal Data we collect about you, subject to the applicable data protection laws. These rights are detailed below.
Specifically, if you are located in the EEA, or are a resident of California, you may have the following rights:
- Right of Access: A right to access the personal information we have collected about you
- o As a resident of California, this right may include the right to receive specific information we collected about you, the business purpose for that collection, and the categories of any third parties we shared your Personal Data, if applicable.
- Right of Erasure: A right to erase or delete the Personal Data we collected about you, subject to applicable verifiability requirements below.
The following rights are related to Personal Data that we have collected about you if you are located in the EEA:
- Right to Restrict Processing: You have the right to request a restriction on our processing of your Personal Data.
- Right to data Portability: You have the right to transfer your Personal Data to another controller, to the extent possible.
- Right to Object: You have the right to object to any processing of your Personal Data carried out on the basis of legitimate interests. Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.
- Rights related to automated decision-making and profiling: You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects. (Locus does not participate in automated decision-making and profiling at this time.)
- Right to Withdraw Consent: If we collect, process, and share your Personal Data based on your consent, you have the right to withdraw such consent at any time. This withdrawal will not affect the lawfulness of the processing based on such consent before its withdrawal.
- Right to lodge a complaint with the data protection authority: If you believe that we have not assisted with a complaint or concern related to your data privacy rights, you have the right to lodge a complaint with the competent EEA supervisory authority.
If you are a resident of California, we will not engage in any of the following discriminatory acts against you for exercising your rights related to our collection of your Personal Data, in accordance with the California Consumer Protection Act (“CCPA”). The acts we will not engage in include:
- Denying you goods or services;
- Charging you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties;
- Providing you a different level or quality of goods or services;
- Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Exercising Access, Data Portability, and Deletion Rights
To exercise your access, data portability, and/or deletion rights, please submit a verifiable customer request to us emailing us at email@example.com.
CCPA Rights Request
If you are a resident of California, only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Data. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must: (1) provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative, and (2) describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.
We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. We will only use Personal Data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
To prevent Personal Data from loss, misuse and unauthorized access, disclosure, alteration or destruction, to maintain data accuracy, and to ensure the appropriate use of Personal Data, we employ administrative, technical and organizational measures that are reasonably designed to help safeguard the information we collect. Only authorized Locus personnel have access to the Personal Data, including server logs and cookie utilization data, that we collect. These individuals are required to follow strict security policies and procedures. Locus may use encryption, secure socket layer, firewall, password protection and other physical and logical security measures to help prevent unauthorized access to such. Locus may also place internal restrictions on who in the company may access data to help prevent unauthorized access to such information.
Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. Therefore, despite our efforts, we cannot guarantee its absolute security. We do not warrant or represent that Personal Data will be protected against, loss, misuse, or alteration by third parties.
If you use the Websites or the Services, you are responsible for maintaining the confidentiality of any of your access credentials, including any password. You are responsible for restricting access to your computer, and you agree to accept responsibility for all activities that occur under your access credentials. We cannot secure any Personal Data that you release on your own, that you request us to release or that is released through another third party to whom you’ve given access.
Where required under applicable law or by contract, we will notify the appropriate parties or individuals of any loss, misuse and unauthorized access, disclosure, alteration or destruction of Personal Data so that such parties or individuals can take the appropriate actions for the due protection of their rights. If such Personal Data is information of a Locus Customer, we will notify such Customer and coordinate with them regarding any required notices to particular individuals, including any Users. Please report any known or suspected security violations at firstname.lastname@example.org.
Third Party Websites and Applications
Class Action Waiver
YOU AND WE AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR OUR INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.
Changes to Our Privacy Statement
Locus reserves the right to update or change this Privacy Statement from time to time. If Locus’s Privacy Statement is updated, we will notify you by posting the new Privacy Statement on this web page and updating the revision date below (and obtain your consent where required). Except where express consent is required by applicable law, Customer Agreements or End User License Agreements, your continued use of the Website and/or Services is deemed to be acceptance of any updates or changes we make to this Privacy Statement. Accordingly, we ask that you review the Privacy Statement periodically for any updates or changes that we may have made.
If you have any questions about this Privacy Statement or our privacy practices contact us at:
Locus Robotics Corporation
301 Ballardvale St.
Wilmington, MA 01887
Attn: Data Privacy