Please find attached the following documents related to our data processing. Each section on this page provides a detailed explanation of the key aspects of these documents, with the full versions available for download at the bottom:
-
Statement from the Swedish Data Protection Authority from a Prior Consultation
-
Data flow map - Illustrates how the processing is carried out
-
Third-party providers that will process the data (all are in the EU/EEA)
-
Comparison between our solution and other visitor counters
-
Duty to inform - example of purpose and sign for the entrance
-
Previously conducted DPIAs (Balance test) - conducted by DLA Piper
-
Technical summary - conducted by DLA Piper
-
Our Data Processing Agreement (DPA)
1. Statement by Swedish Data Protection Authorities
The Swedish Data Protection Authority (now IMY, formerly the Datainspektionen) has concluded that our planned processing activities can be supported under Article 6(1)(f) of the GDPR, which refers to legitimate interests. IMY specifically noted that "the processing that the company is planning could be carried out with the support of Article 6.1 f of the data protection regulation."
This means that Indivds processing does not process, store or use biometric data and that Indivds patented anonymisation method sufficiently mitigates the risks.
2. Data Flow Map
As a data processor, we manage image material to anonymize it and then analyze the anonymized data for our customer's specific needs. Here’s an overview of the process:
- Video Capture: Cameras record video footage of visitors as they enter the premises.
- Secure Transfer: The recorded images are encrypted and transmitted through an IPSec tunnel to a cloud-based processing instance. This process takes between 1-10 seconds, depending on network buffering and firewall traversal.
- Data Detection: The processing instance identifies and isolates relevant portions of the image, reducing the data to essential elements.
- Encoding and Anonymization: The isolated image segments are processed by a neural network to generate encoding vectors, which are immediately anonymized using advanced and patented methods such as group ID and noise.
- Instant deletion: After processing, all image data is automatically deleted within milliseconds, without reaching or being stored on any hard disk or other permanent storage device.
Insight Generation: The anonymized identifiers are securely stored and analyzed within Indivd’s processing environment to generate actionable insights.
3. Third-Party Provider
Third-party provider 1
- Name: GleSYS
- Sub-processor: GleSYS AB, Kanslistvägen 12, 311 39 Falkenberg, Sweden
- Categories of data subjects: Visitors in locations
- Categories of personal data: Image data
- Description of processing: Provide infrastructure for anonymization/deletion of image data
- Retention period: No PII ever stored and anonymization and deletion happen within 1-3 milliseconds, plus buffering of 1-10 seconds
- Location of processing: Sweden
- Contact person: info@glesys.se
- Transfer mechanism: All processing is conducted within the EU
- Safeguards: All processing is conducted within the EU
- AI/Automated Decision-Making: Not involved
Third-party provider 2
- Name: Digital Ocean
- Sub-processor: Digital Ocean Holdings Inc, 101 Avenue of the Americas, 10th Floor, New York, New York, 10013, United States
- Categories of data subjects: Users in the platform
- Categories of personal data: Email address, first name, last name, and weblogs
- Description of processing: Storage of user data
- Retention period: Until the subscription or user is terminated.
- Location of processing: Germany
- Contact person: support@digitalocean.com and/or privacy@digitalocean.com
- Transfer mechanism: All processing is conducted within the EU
- Safeguards: All processing is conducted within the EU
4. Differences/Similarities with Other People Counters
While both our solution and other people counters (2D and 3D) use cameras to capture image data of visitors, key distinctions include:
- Data Processing Agreement: All different types of people counters (2D and 3D cameras) require a data processing agreement and measures to mitigate the risks due to the type of large-scale personal data processing involved in analysing or deleting personal data (visitors entering the location).
- Approval: Indivd is the first and only people counter audited and approved by the authorities.
5. Obligation to inform
Under Articles 12 and 13 of the GDPR, controllers must provide clear and accessible information when collecting personal data, and ensure that it is concise, transparent and understandable. This can be done at different levels, with basic information on signs and detailed information on websites or in leaflets. For Indivds processing, clarity is crucial due to its use of AI and anonymisation techniques. This is based on guidance from the Swedish Data Protection Authorities and is not legal advice.
For more information, please read the attached document "Duty to provide information to visitors"
Examples of Processing Purposes
These purposes have been assessed within the framework of the prior consultation with the Swedish Data Protection Authority. We therefore presuppose that these are correct.
- Understand how different objects in the store environment (shelves, aisles, furnishings, entrance, signage, lightings, etc.) attract interest (attention, integracts with, leads to conversion) from visitors to be able to make changes that lead to the store environment becoming more efficient and relevant to all visitors.
- Understand where and when queues are formed (e.g checkouts, dressing rooms, toilets, customer service counters) in order to be able to make changes that lead to a streamlining of store operations and minimization of queue formations.
- Understand how visitor flows take place in order to be able to make changes that lead to a streamlining of customer flows in the store.
- Streamline internal operations by understanding visitor flows and then adapting staffing at different locations/departments in the store.
- Understand how visitors navigate the store's planned visitor journey turns (i.e which paths visitors walk in the store) in order to implement changes that lead to increased efficiency and relevance of the visitor journey.
- Enable clearer comparisons and thereby understand differences between different stores, e.g the impact of our store environments, queuing, visitor flows, the attraction of objects, visitors 'navigation in the stores' planned visitor journeys, etc. to learn about the differences and make changes that lead to a streamlining of our organization's overall operations. We could, for example, make two separate investments in two stores with similar conditions. In one store we invest in education for the staff, and in the other store, we invest in a new store interior. If the results of such a study would show that it is more favourable to provide our staff with more education, it could lead us to restructure our investments and increase the efficiency of our organization's overall operations.
- Enable clearer comparisons and thereby understand differences between different stores, e.g the impact of our store environments, queuing, visitor flows, the attraction of objects, visitors 'navigation in the stores' planned customer turns, etc. to streamline/adapt planned establishments, including identifying new cities/areas for establishment.
- Enable clearer comparisons and thereby understand differences between our stores and other stores over time, for example regarding the impact of store environments, the attraction of objects, queuing, visitor flows, visitors 'navigation in the stores, planned visitor journeys, etc. to get and try new ideas and offers, e.g by introducing a yoga studio or running club to increase innovation and strengthen our competitiveness. For example, insights that a large proportion of visitors are attracted to (pay attention to, interact with) sports products could lead us to temporarily try to launch a running club in the store. A recurring activity in the store could lead to visitors gathering to run and discuss running in order to strengthen the store's brand towards that target group. An increased understanding of differences, the attractiveness of objects, visitor flows, etc. could lead to an increased understanding of the investment's profitability if (i) more visitors visit us (ii) new target groups visit us (iii) it leads to increased attractiveness for other products (iii) we have an increased frequency of visits and an increased attractiveness in relation to benchmark data, which in itself leads to increased competitiveness.
To make it easier for you, we have created an example sign showing how to present this information, based on recommendations from the European Data Protection Board (EDPB). You can download the "Example sign" for more information.
Disclaimer
This document is for general information purposes and should not be considered legal advice. For legal advice, please consult a lawyer.