PRIVACY BY DESIGN
We will give you additional privacy information that is specific to a product or service in Supplements to this Policy and other notices you may see while using our products or services. If there is a difference between such notices and this Policy, the notices should be considered first.
Our products or services may contain links to other companies’ websites and services that have privacy policies of their own. Exposure Analytics is not responsible for the privacy practices of others and we recommend you read their privacy notices.
If you do not agree with this Policy, do not use our products and services or provide Exposure Analytics with your personal data.
What information do we collect?
Personal data is only collected when you interact with the Exposure Analytics web platform or the Exposure Calibrator mobile application. Both platforms require your explicit consent before any personal data is gathered.
Exposure Analytics web platform
We ask you to provide personal data such as full name and email address when the following occurs:
You are invited to the Exposure Analytics platform
You request an invite to the Exposure Analytics platform
You create a contact request within the Exposure Analytics platform.
Exposure Calibrator mobile application
The Exposure Calibrator mobile application requires the use of the MAC address on the device which is running Exposure Calibrator to detect it’s distance (in dB) away from Exposure Analytics wifi tracking devices. Once the MAC address has been used to establish a calibration value, the address is discarded by the application.
As part of Exposure Analytics data collection process, all MAC addresses are hashed, salted and truncated before they reach the platform. This ensures that we are not able to re-identify the original MAC address.
Exposure Wifi tracking devices (“EX Sensors”)
If you are within radius of an Exposure Analytics tracking device at an activation (e.g. event or retail location), if you are carrying devices that are capable of giving out Wifi probe requests (see here for more information), your device may be detected. This detection involves collection of your device’s MAC address, which is obfuscated before being sent to the Exposure Analytics web platform for processing (which is sometimes also called ‘on the edge’).
Exposure facial detection devices (“Aperture”)
Exposure Analytics facial detection devices relies on face detection and face analysis, not on face recognition. They cannot recognise an individual, either in absolute terms (full identity) or in terms of repeated exposures (e.g. recognising that someone was at a sequence of different locations, or visited the same location twice). Exposure Analytics facial detection devices can only determine if some anonymous individual is looking at a given interest point, for how long, estimate their basic demographic characteristics such as gender and age, and mood. It will never produce uniquely identifiable data.
Do you process Personal Data?
Exposure Analytics complies with the vast majority of privacy laws and regulations worldwide and does not process any data that is deemed personal data under GDPR guidelines.
What other data is processed?
Data gathered from Exposure Analytics Wifi tracking and facial detection devices is processed in various ways:
Exposure Wifi tracking devices (“EX Sensors”)
Exposure Analytics uses this data to understand the footfall patterns at an activation, such as dwell times, common routes and engagement times. Exposure Analytics do not, and will never, distribute individual data with third-parties or use the data to attempt to identify an individual (without their prior explicit consent.)
Exposure facial detection devices (“Aperture”)
Exposure Analytics facial detection devices only produce and store anonymous “metadata” that describes the size and the demographics of an audience.
Exposure Analytics facial detection devices do not store any uniquely identifiable data, doesn’t record any image or video. Our algorithm processes video stream on the fly, all data is processed locally in real time, at the player level (which is sometimes also called ‘on the edge’). No biometric information is stored in long-term memory or uploaded to the cloud.
Who has access to the data?
Exposure Analytics is the “data processor”. All the anonymous audience measurement data generated by our devices are securely encrypted and uploaded onto our servers, which only our clients can access.
Exposure Analytics clients are the “data controllers”: the anonymous data is never resold or shared to any third party without their consent.
Usage of your personal data
Some services may require an account to help you manage your content and preferences. For more information, see our account supplement.
Developing and managing products and services
We may use your personal data to develop and manage our products, services, customer care, sales and marketing. We may combine personal data collected in connection with your use of a particular Exposure Analytics product and/or service with other personal data we may have about you, unless such personal data was collected for a different purpose.
Communicating with you
We may use your personal data to communicate with you, for example to inform you that our services have changed or to send you critical alerts and other such notices relating to our products and/or services and to contact you for customer care related purposes.
Marketing, advertising and making recommendations
We may contact you to inform you of new products, services or promotions we may offer when we have your consent or it is otherwise allowed.
International transfers of personal data
Our products and services may be provided using resources and servers located in various countries around the world. Therefore your personal data may be transferred across international borders outside the country where you use our services, including to countries outside the European Economic Area (EEA) that do not have laws providing specific protection for personal data or that have different legal rules on data protection, for example, the United States of America. In such cases we ensure that there is a legal basis for such a transfer and that adequate protection for your personal data is provided as required by applicable law, for example, by using standard agreements approved by relevant authorities (where necessary) and by requiring the use of other appropriate technical and organizational information security measures.
We may be obligated by mandatory law to disclose your personal data to certain authorities or other third parties, for example, to law enforcement agencies in the countries where we or third parties acting on our behalf operate. We may also disclose and otherwise process your personal data in accordance with applicable law to defend Exposure Analytics’ legitimate interests, for example, in civil or criminal legal proceedings.
Mergers and Acquisitions
If we decide to sell, buy, merge or otherwise reorganize our businesses in certain countries, this may involve us disclosing personal data to prospective or actual purchasers and their advisers, or receiving personal data from sellers and their advisers.
How do we address the privacy of children?
Exposure Analytics products and services are typically intended for general audiences. Exposure Analytics does not knowingly collect information of children without the consent of their parents or guardians.
How do we address Data Quality?
We take reasonable steps to keep the personal data we possess accurate and to delete incorrect or unnecessary personal data.
We encourage you to access your personal data through your account from time to time to ensure that it is up to date.
You are at liberty to completely remove yourself from the Exposure Analytics platform and associated data collection at any time, via the link in your user profile page.
MEMBER_OF_ICO Reference ZA152139
Are Exposure Analytics GDPR compliant?
The General Data Protection Regulation (GDPR) is a European regulation on data protection which aims to strengthen privacy while providing increased harmonization across all EU member states. It will be effective as of May 25th, 2018.
Under the new GDPR framework, Exposure Analytics will be allowed to operate the same way as it does today, because of its privacy-by-design approach.
What steps are taken to safeguard Personal Data?
Privacy and security are key considerations in the creation and delivery of our products and services. We have assigned specific responsibilities to address privacy and security related matters. We enforce our internal policies and guidelines through an appropriate selection of activities, including proactive and reactive risk management, security and privacy engineering, training and assessments. We take appropriate steps to address online security, physical security, risk of data loss and other such risks taking into consideration the risk represented by the processing and the nature of the data being protected. Also, we limit access to our data bases containing personal data to authorized persons having a justified need to access such information.
What are your rights?
You have a right to know what personal data we hold about you. You have a right to have incomplete, incorrect, unnecessary or outdated personal data deleted or updated. You have a right to unsubscribe from direct marketing messages and to request that we stop processing your personal data for direct marketing purposes or on other compelling legal grounds.
Who is the controller of your Personal Data?
Exposure Analytics act as the “data processor” for our clients, Exposure Analytics clients are the “data controllers” of your personal data.
In matters pertaining to Exposure Analytics’ privacy practices you may also contact us at: firstname.lastname@example.org
Exposure Analytics may from time to time change this Policy or change, modify or withdraw access to this site at any time with or without notice. However, if this Policy is changed in a material, adverse way, Exposure Analytics will post a notice advising of such change at the beginning of this Policy and on this site’s home page for 30 days. We recommend that you re-visit this Policy from time to time to learn of any such changes to this Policy.