V-Count Data Protection & Privacy

Legal Disclaimer

The information provided in this document is intended for informational purposes only and is subject to change without notice. Information may be changed or updated without notice. V-Count may also make improvements and/or changes in the products, pricing and/or the programs described in this information at any time without notice.

Definitions

  • Customer: Stakeholder that employs V-Count with a contract to process its visitor data.
  • Visitor: An individual visiting physical locations of any stakeholder.
  • Employer: Any organization that employs V-Count.
  • Staff: All the people within physical locations that employed by Employer.
  • Contract: A written document which defines liabilities and scope of work between stakeholders.
  • 3rd Party: Stakeholder who has not direct relationship with V-Count.
  • ISO 27001: ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.
  • GDPR: The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
  • AWS: Amazon Web Services is a subsidiary of Amazon.com that provides on-demand cloud computing platforms to individuals, companies and governments, on a paid subscription basis.

Introduction

Aim of this document is to inform reader on how V-Count process, store and protect the data which is being formed with V-Count Products and Services and how V-Count is compliant with General Data Protection Regulation.

The General Data Protection Regulation hereinafter (“GDPR”) is a legal framework that sets guidelines for the collection and processing of personal information of individuals from European Union (EU).

GDPR can be seen here: https://gdpr-info.eu/

Below articles are related to V-Count’s activities:

GDPR Article 3 Territorial Scope

1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.

2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or

(b) the monitoring of their behavior as far as their behavior takes place within the Union.

3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law “

Since V-Count is globally available and processing data of individuals everywhere, V-Count is obliged to answer GDPR. V-Count values its customers as well as their data. In order to profoundly understand what type of information is being processed and how V-Count is compliant with GDPR, first personal data needs to be defined very well.

GDPR Article 4 Definitions

“Personal data “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”

Pseudonymisation and Anonymisation

According to GDPR Article 4(5) “’pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;”

Although similar, anonymization and pseudonymisation are two distinct techniques that permit data controllers and processors to use de-identified data. The difference between the two techniques rests on whether the data can be re-identified.

In pseudonymisation original data can be re-identified but masked where as in anonymization original data cannot be re-identified.

In order to process data safely and protect PII, GDPR mentions about pseudonymisation and anonymisation of data. Both Recital 78 and Article 25 list pseudonymisation as a method to show GDPR compliance with requirements such as Privacy by Design.

Statistical Purpose

In Recital 26 & 126 GDPR instructs the details in pseudonymisation & anonymisation of data and place of statistical data in context. They can be found below. 
According to Recitals, if PII is being transformed into anonymous data by any means -including aggregate form- it shall not be considered as PII.

GDPR Recital 26 Not Applicable to Anonymous Data

“The principles of data protection should apply to any information concerning an identified or identifiable natural person. Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person. To determine whether a natural person is identifiable, account should be taken of all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly. To ascertain whether means are reasonably likely to be used to identify the natural person, account should be taken of all objective factors, such as the costs of and the amount of time required for identification, taking into consideration the available technology at the time of the processing and technological developments.The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.
GDPR Recital 162 Processing for Statistical Purposes

“Where personal data are processed for statistical purposes, this Regulation should apply to that processing. Union or Member State law should, within the limits of this Regulation, determine statistical content, control of access, specifications for the processing of personal data for statistical purposes and appropriate measures to safeguard the rights and freedoms of the data subject and for ensuring statistical confidentiality. Statistical purposes mean any operation of collection and the processing of personal data necessary for statistical surveys or for the production of statistical results. Those statistical results may further be used for different purposes, including a scientific research purpose. The statistical purpose implies that the result of processing for statistical purposes is not personal data, but aggregate data, and that this result or the personal data are not used in support of measures or decisions regarding any particular natural person.This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.”

Processed Data Types

Introduction

In this section,we will describe the 5 types of products & services which produce data and the precautions that V-Count takes for GDPR compliance:

  • People Counting,
  • Wi-Fi Counting,
  • Mood/Age/Gender Analysis,
  • Queue Management,
  • Staff Exclusion.

We will answer the questions below:

  • How is related information being collected?
  • What information does V-Count collects and why?
  • How does related information is being collected?
  • If V-Count do not contain any PII, then how are our solutions useful?
  • With whom is related information shared?
  • How and where the data is stored?
  • How long data is being stored?
  • How the data is protected?
  • What is the responsibility of V-Count regarding GDPR?
  • How does V-Count work with governments and law enforcement?
  • In case of opt out request from individuals, how V-Count process the data?

2.1 Common Compliance information for all V-Count Solutions

Answers in the section below are valid for all products & services of V-Count. For compliance matters involving specific solutions, please refer to 2.2 Compliance information for specific solution.

How is related information being collected?


As a GDPR requirement, V-Count and each customer shall sign an agreement which includes scope of work and liabilities, before producing any data. According to the GDPR, customer employ V-Count to proves their visitor data. V-Count provides visitor data in aggregate form with a cloud based Business Intelligence Platform.

Related information is shared with whom?

Access to this platform is restricted and only related personnel can access it. Related personnel are determined by our customers. Thus, the data can only be seen by appointed V-Count and its system users. Please note that no individual data is accessible by customers or V-Count.

How and where the data is stored?

Data is stored by the Amazon Web Services hereinafter (“AWS”) servers. Primary data location is in Dublin/Ireland. Data is being backed up in second location within the borders of European Union. The precise location is not disclosed by AWS.

How long data is being stored?

GDPR indicates there should be a reasonable amount of time to store the data unless given written notice by customer, V-Count agrees with the Customer in their contract on the amount of time that the data will be stored.

How the data is protected?

In-rest (server side): worldwide known cloud service provider AWS is protecting our data, using 256bit cryptographic algorithm 
In-rest(device side): access to services are protected by username/password combination. Customers can also use firewall systems in their physical locations to restrict inbound connections to devices.
In-transit security of data is being protected by TSL 1.2 standard.
V-Count provides data on a cloud-based Business Intelligence Platform. Access to this platform is monitored and restricted. Access is only possible by a username/password combination which is unknown to V-Count employees. Upon request, passwords can be reset by users.

How does V-Count protect privacy?

In compliance with ISO 27001 standard, our personnel are trained on how to approach and handle PII. V-Count is also having legal consultancy from law firms specialized in personal data protection.

What is the responsibility of V-Count regarding GDPR?

According to GDPR, V-Count’s customers are defined as the main data processor since individuals are visiting our customer’s physical locations and data is collected on their premises.

By contract, V-Count is employed by the customer to process the data. V-Count has the position of sub processor in this context. V-Count commits its responsibilities & liabilities regarding GDPR.

V-Count is also appointing AWS as its sub processor since the information is being stored in AWS datacenters. This relationship is also bounded by a contract between V-Count and AWS and AWS is committing its responsibilities & liabilities to V-Count in the context.

Thus, our customers are responsible for our actions whereas AWS is also responsible for its actions

Since V-Count customers are obliged to inform their visitors, V-Count is also clearly expressing its customer’s liabilities and suggest them to inform their customers by indicating the data processing in their stores with clear logos and information letters.

How does V-Count work with governments and law enforcement?

V-Count will answer in good faith to any government or legal enquiry. However, is not obliged to respond to governments unless it is mandated by law and requires a warrant or court order.

In case of law enforcement order, V-Count discloses only the information requested.

2.2 Compliance information for specific solution

People Counting

What information does V-Count collects and why?
V-Count 3D Alpha+ unit is monitoring the entrances of physical locations and producing visitor numbers as IN/OUT aggregate format. You can see sample interface report below.

How is data being collected?

As seen below, thanks to image processing technology 3D Alpha+ is evaluating each frame and sensing the depth information in monitored area. It tracks and evaluates people as moving targets. When those targets coincide with imaginary entrance lines, counting occurs. As it seen, there is no meaningful information seen in the visual for PII. Device discards evaluated frames and do not store any visual anywhere as long as it is requested by customers for audit purposes.

Figure 2 Sample monitored area for people counter

If V-Count do not contain any PII, then how are our solutions useful?

Using 3D Alpha+ people counter, V-Count showcases on the Business Intelligence Platform how many people is entering customer’s locations and, combined with other data like sales figures, customers can measure many KPIs such as conversion rate.


Figure 3 Traffic vs Conversion data

How is the auditing process conducted?

V-Count, by contract, is responsible to audit accuracy of its sensors by doing manual people counting on video footage and to share related information with customers.

Unless it is expressed in written from by customers, V-Count deletes video footage after sharing with customers.

Unless it is demanded by customers, the audit period is limited by several hours only.

Since monitoring takes place top down, only top of head and shoulders of people are being monitored. This information cannot lead to PII. A snapshot from sample video footage and related accuracy report can be seen below.

Table 1 Sample audit result

Only authorized V-Count personnel is performing this audit and Non-Disclosure Agreement is available with every V-Count employee to protect the data and information.

Queue Management

What information do V-Count collects?

V-Count Queue unit is monitoring the zones which are defined by customers. Related zones can be any lines that are naturally accumulating due to customer/visitor waiting; such as waiting for payment, waiting for being processed by customs etc. Queue length, Waiting Time and Abandonment KPIs are being produced in aggregate format. A sample interface report can be seen below.


Figure 5 Queue interface

How is data being collected?


Figure 6 Several video footage from each device for complete monitoring

As seen above, similar to V-Count 3D Alpha+, V-Count Queue is evaluating each frame and sensing the depth information on monitored area. It tracks and evaluates people as moving targets. When those targets are idling in monitored area, device will start an imaginary counting so that it keeps dwelling time of each target and how many target is in area. As it seen, there is no meaningful information seen in screen for PII. Device discards evaluated frames and do not store any visual anywhere as long as it is requested by customers for audit purposes.

If V-Count do not contain any PII, then how are our solutions useful?

How many people are waiting and how much they are waiting are two main KPIs for this kind of queues so that facilitator acts on these KPIs to increase response time.


Figure 7 Average waiting time metric

How is the auditing process conducted?

Verification process of Queue Management devices is identical as people counting devices.

V-Count , by contract, is responsible to audit the accuracy of its sensors by conducting manual audits on video footage and to share this data with customers.

Unless it is demanded by customers, the audit period is taken briefly, depending on the configuration of the queue.

Only authorized V-Count personnel is performing this audit and Non-Disclosure Agreement is available with every V-Count employee to protect the data and information.

Since monitoring takes place top down, only top of head and shoulders of people are being monitored. This information cannot lead to PII.

Staff Exclusion

What information does V-Count collects and why?

V-Count collects location information of staff by detecting if they are inside of the physical locations or not. This information is used to deduct staff movements from visitor traffic so that the customer obtains refined aggregate visitor numbers which will lead to refined conversion rates.

How is data being collected?

V-Count provides Bluetooth technology-based tags to its customers, which track store staff movements anonymously throughout the location. V-Count does not keep track of which tag is given to whom. Whenever related personnel left or entered the store, V-Count devices inside the stores sense their Bluetooth signals and record the exact entrance/exit time. However, V-Count does not track, record nor showcases on its platform any individual data. It is only monitoring anonymous movement of staff in order to produce aggregate data.


Figure 8 Staff exclusion hardware couple

If V-Count do not contain any PII, then how are our solutions useful?

Employee movement is registered as IN/OUT in system for definite intervals. Related information is deducted from visitor IN/OUT numbers to provide refined visitor and conversion numbers.
How is the auditing process conducted?

V-Count does not store any individual information regarding staff movement. Thus, it is not possible to audit the results using V-Count hardware. Audits and crosschecks can be done manually or by local CCTV footage by crosschecking the deducted numbers with V-Count’s interface

Heatmap

What information does V-Count collects and why?

V-Count collects anonymous location, movement and waiting time data of visitors in physical locations to provide occupancy heat maps and dwell times of visitors to its customers.

How is data being collected?

Similar to queue and people counting solutions, every visitor is monitored top down in physical locations, so that collected information will not lead to PII.


Figure 9 Sample monitored area for heat map


If V-Count do not contain any PII, then how are our solutions useful?

Customers want to understand the occupancy levels of specific zones in physical locations as well as dwell times of visitors. This information is a marketing tool to improve the effectiveness of the locations, to optimize popular areas and to improve design.


Figure 10 Sample occupancy output for heatmap

How is the auditing process conducted?

V-Count, by contract, is responsible to audit accuracy of its sensors by recording video footage and share related information with customers.

Unless it is expressed in written from by customers, V-Count deletes video footage after sharing with customers.

Unless it is demanded by customers, the audit period is taken briefly, depending on the store configuration.

Only authorized V-Count personnel is performing this audit and Non-Disclosure Agreement is available with every V-Count employee to protect the data and information.

Mood/Age/Gender (MAG) Analysis

What information does V-Count collects and why?

V-Count collects facial data of visitors to form statistical male & female ratio, age groups and mood types. After forming statistical data, related identity information is discarded immediately. An example image can be seen below.


Figure 11 Sample entrance of store monitored by MAG

How is data being collected?

V-Count monitors entrances of physical locations, processes captured images, defines faces of visitors, processes this information and deletes the images immediately after it is being processed. An example to statistical information can be seen below.


Figure 12 MAG interface

If V-Count do not contain any PII, then how are our solutions useful?

Customers uses this type of statistical information to get insights like marketing effectiveness, gender related stock decisions etc.

How is the auditing process conducted?

V-Count does not store any image containing faces. Thus, it is not possible to audit the results with existing V-Count hardware. Audits and crosschecks can be done by manually or by local CCTV footage.

Please also note that mood and age recognition is a subjective matter. V-Count evaluates and provides related information by using machine learning.

Wi-Fi Counting (through a variety of hardware)

What information do V-Count collects?

A MAC Address is a unique identifier assigned to every hardware that can communicate through IEEE 802 technology. V-Count devices collect MAC Address information of nearby smart devices.

How is data being collected?

V-Count hardware continuously searches nearby to collect nearby smart device MAC Addresses. It is possible when nearby devices’ Wi-Fi option is enabled and smart devices tries to find nearby devices to connect. While collection, MAC Address string is hashed (encrypted) to protect the data. Server side is only processing the number of smart devices and it does not process any MAC ID information. Collection of MAC Address process does not harm to any device.
How the masking process done?

V-Count immediately hashes (encrypts) the MAC Address information before storing it. As a result, it is preventing any 3rd party use in case of a security breach. Diagram for hashing process can be seen below.


Figure 13 Hashing process

If V-Count do not contain any PII, then how are our solutions useful?

Wi-Fi Counting information provides a glance over nearby traffic of physical locations. Number of device/visitor information is combined with several data such as sales to track effectiveness of locations and effectiveness of showcase etc.

How long data is being stored?

By default, MAC ID data is being stored in database for 1 month. After it is being used for monthly retention rate calculation, it is discarded.

In case of opt out request from individuals, how V-Count process the data?

GDPR Article 17 Right to Erasure (‘right to be forgotten’)

“1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing”


In case of a request coming from any individual, V-Count is obliged to opt out their personal information. In this context, MAC Address information can be opted out in the system. Alternatively, visitors could turn off Wi-Fi on option on their smart devices. Please contact with help@v-count.com for further questions and queries.