Cepton Privacy Policy

EFFECTIVE DATE: May 9th, 2021

Cepton Technologies, Inc. (“Cepton,” “we,” “us,” or “our”) values your privacy. In this Privacy Policy (“Policy”), we describe how we collect, use, and disclose information that we obtain about visitors to our website at hwww.cepton.com (the “Site”) and the services available through our Site, (collectively, the “Services”), and how we use and disclose that information.

By visiting the Site, or using any of our Services, you agree that your personal information will be handled as described in this Policy. If you do not agree with this Policy, please do not use the Site or the Services.

The Information We Collect About You

We collect information about you directly from you and from third parties, as well as automatically through your use of our Site or Services.

Information We Collect Directly From You. We collect personal information from you when you submit information through the ‘Contact Us’ form at the Site or request support from us regarding our products and services:

1. Full Name
2. Job Title
3. Company Name
4. Email Address
5. Phone Number
6. Company Website

In addition, if you are providing personal information for third parties in connection with using our Services, you are responsible for ensuring that you have all required permissions and consents to provide such personal information to us for use in connection with the Service sand that our use of such personal information to provide the Services does not violate any applicable law, rule, regulation, or order.

Information We Collect Automatically.  We may automatically collect the following information about your use of our Site or Services through cookies and other technologies:  your domain name; your browser type and operating system; web pages you view; links you click; your IP address; your location, the date and time, and length of time you visit our Site or use our Services; and the referring URL, or the webpage that led you to our Site; distinguished unique users and distinguished sessions for a user.  We do not combine this information with your personal information.  Please see the section “Our Use of Cookies and Other Tracking Mechanisms” below for more information.

Products.  Please note that we do not generally collect information from the products that we sell our customers, except that we may collect certain reliability and failure data if provided by a customer.  That data is not associated with any particular individual.  We are not responsible for the data collection activities of our customers in using our products.  Please be sure to review their privacy policy before using a product provided by them.

How We Use Your Information

We use your information, including personal information, for the following purposes:

• Provide Our Site and Services. We use your information to provide our Site and Services, communicate with you about your use of our Site and Services, to respond to your inquiries, to fulfill your orders, and for other customer service purposes.
• Provide Personalized Services.  We use your information to tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the Site and Services.
• Improve and Develop our services.  We use your information to ensure our Site and Services are working as intended, to better understand how users access and use our Site and Services, both on an aggregated and individualized basis, to make improvements to our services, to develop new Services, and for other research and analytical purposes.
• Marketing and Promotion.  We use your information for marketing and promotional purposes.  For example, we may use your information, such as your email address, to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you.  We also may use the information that we learn about you to assist us in advertising our Services on third-party websites.

How We Share Your Information

We may share your information, including personal information, as follows:

• Consent.  Where you have provided consent, we share your information, including personal information, as described at the time of consent, such as when you authorize a third-party application or website to access your Cepton account or when you participate in promotional activities conducted by Cepton partners or third parties.
• Affiliates.  We may disclose the information we collect from you to our affiliates or subsidiaries solely for the purpose of providing Services to you; however, if we do so, their use and disclosure of your personally identifiable information will be maintained by such affiliates and subsidiaries in accordance with this Policy.
• Service Providers.  We may disclose the information we collect from you to third-party vendors, service providers, contractors, or agents who perform functions on our behalf.
• Business Transfers.  If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, or are in negotiations for any of these types of transactions, we may transfer the information we have collected from you to the other company.
• In Response to Legal Process.  We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a subpoena.
• To Protect Us and Others.  We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our contracts or this Policy, or as evidence in litigation in which we are involved.
• Aggregate and De-Identified Information.  We may share aggregate or de-identified information about users and their use of the Services with third parties and publicly for marketing, advertising, research, or similar purposes.

Please note that except as noted above, we will not sell or share your personal information with any third party for their direct marketing purposes without your consent.

Our Use of Cookies and Other Tracking Mechanisms

We and our service providers use cookies and other tracking mechanisms to track information about your use of our Site and Services.  We may combine this information with other personal information we collect from you (and our third-party service providers may do so on our behalf).

Currently, our systems do not recognize browser “do-not-track” requests.  You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies), but such disabling will impair use of the Site and Services.

• Cookies.  Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes.  Some cookies allow us to make it easier for you to navigate our Site and Services, while others are used to enable a faster log-in process or to allow us to track your activities at our Site and Services.  There are two types of cookies:  session and persistent cookies.
• Session Cookies.  Session cookies exist only during an online session.  They disappear from your computer when you close your browser or turn off your computer.  We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Site.  This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Site.
• Persistent Cookies.  Persistent cookies remain on your computer after you have closed your browser or turned off your computer.  We use persistent cookies to track aggregate and statistical information about user activity.
• Disabling Cookies.  Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future.  The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.  Visitors to our Site who disable cookies will not be able to browse certain areas of the Site or use the Services.

Third-Party Analytics

We use automated devices and applications, such as Google Analytics, to evaluate usage of our Site and our Services.  We also may use other analytic means to evaluate our Services.  We use these tools to help us improve our Services, performance, and user experiences.  These entities may use cookies and other tracking technologies to perform their services.  We do not share your personal information with these third parties.

Third-Party Links

Our Site and Services may contain links to third-party websites.  Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites.  We are not responsible for the information practices of such third-party websites.

Security of My Personal Information

We have implemented commercially reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.  Please be aware that despite our efforts, no data security measures can guarantee 100% security.

You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private.  We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

What Rights Do I Have Regarding My Personal Information

You may request access, a copy, modification, or deletion of personal information that you have submitted to us by contacting us at privacy@cepton.com.  We will use reasonable efforts to accommodate such requests to the extent required by law, provided that we may be required to retain personal information to comply with legal obligations, accounting requirements, or for other business purposes.  We may request additional information to verify the identity of the requesting party before responding to a request.  Please note that copies of information that you have updated, modified, or deleted may remain viewable in cached and archived pages of the Site for a period of time.

What Choices Do I Have Regarding Use of My Personal Information for Marketing?

We may send periodic promotional or informational emails to you.  You may opt-out of such communications by following the opt-out instructions contained in the e-mail.  Please note that it may take up to 10 business days for us to process opt-out requests.  If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you e-mails about your account or any Services you have requested or received from us.

Location of Information

Our Site and Services are offered from the United States.  We store any information we collect in the United States.  If you access the Services or Site from outside the United States, you agree to the transfer of your information to the United States, which may have less protections for your personal information than your jurisdiction of residence.

Children Under 13

Our Site and Services are not designed for children under 13.  If we discover that a child under 13 has provided us with personal information, we will delete such information from our systems.

Contact Us

If you have questions about the privacy aspects of our Site or Services or would like to make a complaint, please contact us at privacy@cepton.com.

Changes to this Policy

This Policy is current as of the Effective Date set forth above.  We may change this Policy from time to time, so please be sure to check back periodically.  We will post any changes to this Policy on the Site.  If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site or if you have an account with us, providing notice to the email address in your account (for this reason you should make sure to update your account information promptly if it changes).

California Privacy Notice

Under California Civil Code § 1798.83, California residents who have provided personal information to Cepton may obtain information regarding Cepton’s disclosures, if any, of personal information to third parties for third-party direct marketing purposes.  Requests must be submitted to the following email address:  privacy@cepton.com.  Within 30 days of receiving such a request, we will provide a California Privacy Disclosure, which will include a list of certain categories of personal information disclosed during the preceding calendar year to third parties for their direct marketing purposes, along with the names and addresses of the third parties.  This request may be made no more than once per calendar year.

GDPR Privacy Notice

If you are a resident of the United Kingdom or the European Union, you may have additional rights under the Data Protection Act (“DPA”) or the EU General Data Protection regulation (“GDPR”), respectively.  This section serves as notice of your rights under the DPA and GDPR.  The controller of your personal information is Cepton Technologies, Inc., 2880 North First Street, San Jose, CA, 95134

A. LAWFUL BASIS FOR PROCESSING

We process the personal information collected for the purposes described in the section entitled “The Information We Collect About You” in our Policy.  We rely upon the following lawful bases for processing of your personal information:

• Legitimate Interest.  We process your personal information in our legitimate interest (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal information) such as for marketing purposes, to respond to your inquiries or provide technical and other support, or to otherwise inform you of our business operations, and to improve our products and services.  We may also rely upon a legitimate interest where we are processing your personal information to comply with law or legal obligations or in connection with a merger or sale of the company.
• Necessary to Perform Contract.  We process your personal information as necessary to enter into and perform contracts, such as to sell and ship products to our customers and provider warranty and other services.
• Consent.  We may request your consent to process your personal information.  Please note that if we rely upon consent, you may withdraw your consent at any time by emailing us at privacy@cepton.com, but such withdrawal will not affect the lawfulness of the processing prior to the withdrawal.

B. DATA RETENTION

We retain personal information about you for the time necessary to accomplish the purpose for which such information was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law.  Our retention policies reflect applicable statute of limitation periods and legal requirements.

C. DATA SUBJECT RIGHTS

Data subjects of the European Union and UK have the following rights:

• Access, Correction and Erasure Requests.  You have the right to:  (a) contact us to confirm whether we are processing your personal information; (b) receive information on how your personal information is processed; (c) obtain a copy of your personal information; (d) request that we update or correct your personal information, and (e) request that we delete personal information in certain circumstances.
• Right to Object to Processing.  You have the right to request that we cease processing of your personal information for marketing activities, including profiling for statistical purposes where such processing is based on our legitimate business interests, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your personal information for the establishment, exercise, or defense of a legal claim
• Right to Restrict Processing.  You have the right to request that we limit the processing of your personal information:  (a) while we are evaluating or in the process of responding to a request by you to update or correct your personal information where such processing is unlawful and you do not want us to delete your personal information; (b) where we no longer require such data, but you want us to retain the data for the establishment, exercise, or defense of a legal claim; (c) where you have submitted an objection to processing based on our legitimate business interests, pending our response to such request.
• Data Portability Requests.  You have the right to request that we provide you or a third party that you designate with certain of your personal information in a commonly used, machine readable format.  Please note, however, that data portability rights apply only to personal information that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.

If you believe our processing of your personal information violates data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection.  You may do so in the UK or EU member state of your habitual residence, your place of work, or the place of the alleged violation.

Submitting Requests:  You can submit requests under GDPR or the DPA by contacting us at privacy@cepton.com.  We will respond to all such requests within 30 days of our receipt of the request, unless there are extenuating circumstances, in which event we may take up to 60 days to respond.  We will inform you if we expect our response to take longer than 30 days.  Please note, however, that certain personal information may be exempt from such rights pursuant to applicable data protection laws.  In addition, we will not respond to any request unless we are able to appropriately verify the requester’s identity.  We may charge you a reasonable fee for subsequent copies of personal information that you request.  In addition, if we consider that a request is manifestly unfounded or excessive, we may either request a reasonable fee to deal with the request or refuse to deal with the request.

‍