Head-Counter ® Privacy Policy based on EU Regulation no. 679/2016 (General Data Protection Regulation)
“Head-Counter” is an innovative device that aims to provide some statistics in regards of people who enter its field of action (“Head-Counter” or “Device”).
In order to acquire the numerical data, the Device processes some personal data as defined by the art. 4(1) of EU Regulation 679/2016 (“Regulation” or “GDPR”).
This document describes the methods of processing such personal data. The information is provided pursuant to art. 13 of the GDPR to all those who fall within the field of vision of the Device, first in a simplified form and then, via link or QR code access, in an extended manner.
The data is processed by adopting the necessary technical and organizational measures required by the law. This privacy policy refers to the relationship between the interested party and Vivenda Group s.p.a., qualified as data controller.
The Data Controller is:
Vivenda Group S.p.a.
Via di Torre Rossa N°66 – 00165 ROMA
Contact: info@vivenda.it
The data processor for the Device is:
Blimp srl
Via San Martino 12
20122 Milano
Contact: privacy@blimp.ai
Head-Counter, installed by the Data Controller, acquires and processes internally a series of images in order to extract the following statistics (depending on the type of installation):
The image processes in a maximum time of 500 milliseconds, during which a series of proprietary algorithms process the images within the volatile memory (RAM) of the Device in order to extrapolate the numerical parameters indicated above. At the end of the processing, the Device automatically and irreversibly deletes the image, without it being able to be saved in any way or made accessible to internal operators or third parties during this period of time.
It is not possible to track the mobility of individuals between multiple devices.
The system can not recognize and identify a natural person through the use of biometric data (so-called “face recognition”) or through the use of other references (for example the vehicle license plate), but is limited solely to the recording of the numerical information indicated above, acquired through the analysis of individual images by an artificial intelligence algorithm (so-called “face detection”).
It is not possible for the Data Controller to trace the identity of the subjects within the range of action of the Device, as only aggregate and anonymous data reports are extracted and stored.
The data processing takes place on the basis of the legitimate interest of the Data Controller, pursuant to article 6.1.(f) of the Regulation, for the purposes referred to in point 4.
Legitimate interest is considered a valid legal basis, as a balancing judgment has been carried out between the rights and freedoms of the interested party and the interests of the Data Controller, in compliance with the provisions of the Regulation.
This balance is based on the minimization and proportionality of the personal data collected consisting of the automated analysis of images for the sole purpose of extracting statistics and through the adoption of all technical and organizational measures deemed adequate based on the current legislation and as indicated by the Guarantor for the Protection of Personal Data (See prov. n. 551 of 21 December 2017) for the purpose of guaranteeing and safeguarding the rights and freedoms of the individual.
In addition, we inform you that the anonymized data is also shared with the Data Controller and processed by him solely for statistical purposes to improve the functionality of the Device.
The processing carried out by the Data Controller is aimed at counting the number of subjects and the percentage by age group who watch an advertising system; record the level of engagement depending on the advertising shown; customize the proposed creative content according to the parameters identified by the Head-Counter.
The Data Controller uses the collected data for the purposes of improving the Device and the security of its systems.
The Data Controller processes the users’ personal data, anonymized by an algorithm, adopting proper security measures aimed at preventing unauthorized access, disclosure, modification or destruction of personal data..
It also guarantees the security of the Device itself with proper security measures, pursuant to article 32 of the Regulation and sector legislation.
The processing is carried out using telematic and non-telematic tools, with organizational methods and logic strictly related to the purposes indicated, in order to guarantee an adequate level of protection of personal data.
The Data Controller may access the Device for maintenance purposes, adopting all technical and organizational measures aimed at guaranteeing the rights of the third parties.
The personal data may be viewed by the Data Controller if necessary for the purposes of maintenance, assistance and calibration of the Devices. These activities are regulated by a contractual relationship between the parties, which guarantees the legitimacy of the processing. Therefore, in compliance with the requirements of the legislation on the protection of personal data, the manufacturer of the Device is appointed Data Controller pursuant to art. 28 GDPR.
The data processing takes place at the location of the Device and in any other place where the parties legitimately involved in the processing are located. The interested party can always request information relating to the place of processing.
Personal data are not transferred outside the European Union, given their immediate deletion within the volatile memory of the Device and are processed in Italy.
The personal data obtained from the Device remains within the Device for 100 to 500 milliseconds, then immediately undergoes anonymization and/or cancellation processes.
The Data Controller and the Data Processor therefore do not retain personal data relating to the interested parties, except within the limits of what is described.
The purposes of the processing described in this policy do not require the identification of potential data subjects, therefore the Data Controller, pursuant to Article 11.1 of the Regulation, is not required to retain, acquire or process further information to identify the data subject for the sole purpose of complying with the Regulation.
Since the Data Controller is not able to identify the individual interested parties, pursuant to articles 11.2 and 12.2 of the Regulation, the articles relating to the right of access (art. 15), right of rectification (art. 16), right to cancellation (art. 17), right to limitation of processing (art. 18), right to portability (art. 20).
In any case, you can contact us directly at the e-mail: info@vivenda.it for further details on the point and to know how we protect your personal data.
The Owner reserves the right to make changes to this privacy policy at any time by advertising it to users on this page. Therefore, please consult this page or section of the site periodically, taking as a reference the date of last modification indicated at the bottom. In the event of non-acceptance of the changes made to this privacy policy, the user is required to cease using the service and may request the Data Controller to remove their personal data.
For any complaint, please contact the Guarantor for the Protection of Personal Data, by writing, in the manner provided by law and available on the website www.garanteprivacy.it
