Privacy and GDPR
Effective Date: 1st September 2022
Last Reviewed: 1st September 2022
VisionR's Scout© does not collect any identifiable information from shoppers. Our clients may make Personal Information available to us from their various loyalty programs. We only analyse this data when the end-user has agreed to third-party sharing.
Who We Are
VisionR is a company limited by shares and registered in the Republic of Ireland.
You can contact us at our main business address: 18 Merrion Row, Dublin 02, Ireland. Our Data Protection Officer can be contacted via firstname.lastname@example.org
Consumer Privacy, Data Protection and anonymisation are a core concept of VisionR in all our technology. Data Protection by design is implemented in our software which has been designed as a visitor analyses tool by means of completely anonymous meta-data measurements. We do not collect any identifiable information from shoppers
What We Do
The mission of VisionR is to improve and enhance the offline shopping experience for customers and retailers using actionable anonymised data.
How Do We Obtain Your Data?
VisionR does not collect data that can identify an individual in terms of full identity or in terms of repeated exposures which would arise through recognising that an individual was at a sequence of different locations or visited the same location twice. We use sensors and other supporting devices which assess an image of an individual in order to note certain characteristics of that individual for the purposes of creating statistical data on the types of customers that enters a given premises.
We obtain data in one or more of the following ways:
- Coordinate data in frame is assessed by anaylsing where visitors are positioned in a video stream in terms of x & y coordinates. These coordinates are then combined to create a shopper journey through a frame. No images or videos are stored, just bytes of data.
- Demographic data is assessed from visual cues with image processing being performed in real-time, meaning no image is ever stored.
How Do We Use Data
Image Specific Security Protocol
Images taken from a VisionR device are processed in real-time, on the edge (on device) using the latest Machine Learning Embedded Chip, they do not leave the device and are never human readable. Images are only stored in temporary memory, one image at a time, and each image is permanently deleted as the next one is assessed. Hence, no more than one image can be stored in temporary memory at any given time. We store one blurred maintenance image per hour, to ensure all sensor components are functioning correctly. This image is stored for maintenance purposes and is not processed for any other purpose. If a device is unplugged, the image in temporary storage is automatically destroyed. These images are temporary and exist exclusively, meaning not even administrators can view previous images taken while in production mode.
Machine Access Code (MAC) Collection Protocol – (If applicable)
Our sensors can detect the MAC addresses being publicly broadcast from the mobile devices of visitors as they pass in the vicinity of the sensor. A hash is applied to these codes by the sensor before they are processed. This hash irreversibly scrambles the MAC address so that it cannot be used in any way to identify an individual. These hashed addresses are batched and sampled to ensure further protection. The same hash is applied by all VisionR sensors, meaning that we can detect the same encrypted code appearing again. This means we can relay crowd movement and loyalty over time to our customers while respecting shopper privacy.
Categories of Data We Process
We only process anonymous crowd demographic characteristics together with the movement of these demographic characteristics within a premises and whether they are engaging with a given interest point. Examples or descriptions of categories of data provided here are not exhaustive and are for information purposes.
- IT Service Providers
- VisionR uses a range of IT service providers to host our systems, develop and maintain software, and support our internal information management processes.
- Accounting, and Finance Service Providers
- We avail of the services of a number of third parties to support our accounting and payments management processes.
Categories of Recipients
We do not share any of the data collected with third parties. The data is only visible to the client who bought the hardware, and no third parties receive access to the data.
How Long Do We Keep Your Data?
We retain the metadata and anonymous data, and this is kept indefinitely
Cross-border Data Transfers
There are no cross-border transfers of data.
Keeping Data Safe and Secure
We place great importance on the security of all data associated with our customers. We have security measures in place to protect against the loss, misuse, and alteration of data.
Internal security audits of the entire VisionR system are done on a regular monthly basis, with specific systems being audited on a more frequent basis along with automated alarm monitoring 24/7.
All data is encrypted at rest and in transit using a minimum RSA 1024-bit encryption and in some cases up to RSA 2048-bit encryption.
Your Rights under GDPR
Where VisionR is acting as a Data Controller, you have rights under EU Data Protection law. These rights are:
- A right of access which allows you to request a copy of your data in an intelligible form (Article 15 GDPR)
- A right of rectification which allows you to request a correction of errors or inaccuracies in the data that we hold relating to you (Article 16 GDPR)
- A right to object to processing and to “opt-out” of having your data processed by us on the basis of consent, our legitimate interests or a public interest basis unless we can demonstrate compelling legitimate grounds that over-ride your interests, rights, and freedoms. (Article 21 GDPR)
- A right to erasure in certain specified circumstances. This right does not apply where we are processing data for compliance with a legal obligation, for reasons of public interest in relation to public health, for archiving purposes for historical or scientific research, or where necessary to establish or defend legal claims (Article 17)
- A right to restrict processing in certain circumstances (Article 18)
- Under GDPR individuals also have rights to seek compensation for infringement of their data protection rights under the legislation.
Right to Complain to the Data Protection Commission
You have the right to file a complaint to the Data Protection Commission.
Their contact information can be found online at this link: https://dataprotection.ie/en/contact/how-contact-us
How To Opt Out Of Device Analysis
If you wish to opt-out of anonymised Wi-Fi device analysis you can do so here.
What Gets Measured, Gets Managed!
VisionR mines data directly from shoppers as they navigate stores, empowering retailers with real-time insights to maximise their decisions & revenues.