Effective date: 1 May 2017
This policy relates to the practices of InReality regarding the products and services we sell and our websites.
This policy tells you how InReality handles the data of individuals (“you”). Our products are sold to companies, and we process data at their direction. To understand how these companies handle your data, you should review their privacy policies to determine their practices.
This policy also describes the personal information we collect on our own website.
Our Analytics Products & Services
InReality, and its partners, affiliates and/or associates, provide solutions that, in some cases, integrate facial detection software, business intelligence and analytics as well as content management functions with hardware and support. InReality’s Analytics Solution does not record video or store any images at any time. It is a completely anonymous solution that collects non-personally identifiable information (non-PII). Non-PII is information that cannot, by itself, be used to identify a particular person or entity. Instead, it detects the presence of human faces and then determines their gender and approximate age range based on generalized characteristics. This information may be shared across networks to other devices within a location but remains completely anonymous throughout.
The software uses images from a video sensor (usually a camera) and a suite of proprietary real-time computer vision algorithms to:
- detect the presence of human faces in the digital images provided by the camera;
- perform a tracking of each detected person while they remain within the camera’s field of view;
- assign a set of anonymous qualifying tags to each tracked person, such as a unique identifier, gender, age, and emotions.
The software converts video images into a set of abstract numeric descriptors such as the current number of viewers and their dwell time. User privacy is fully respected since the abstract numeric descriptors constitute aggregate anonymous data, the computer vision process takes place in real time and at no point in the processing chain is the visual information stored on non-volatile memory or relayed elsewhere.
The following defines how the software complies in full with current legislation concerning the protection of personal data.
Non-Persistency of Video Images
A digital video frame, as captured by a webcam or by an analog camera coupled with a frame grabber, is relayed to the processing unit running Facial Detection software as a stream of binary digits. The physical layer is usually a USB connection but can also be an Ethernet or Firewire link. The video image is stored in RAM (volatile memory) for the time necessary for analysis and processing; this time is dependent on the computing platform but is comprised between 66 and 200 milliseconds. The volatile storage area in which incoming digital images are stored is overwritten each time a new image is delivered thereby erasing all trace of previous visual information. As a consequence, no visual snapshot as is remains in the system for more than a few hundred milliseconds.
This solution employs longer-term processing for computer vision tasks such as background extraction and motion estimation. These algorithms rely on long-term averages of video information which, by definition, are fully static and do not contain any information which could be used to visually identify people or activities.
This software is not a video surveillance system: it does not record any video files and no video feedback is provided to an external operator during use.
Anonymity of the Data
The key point is that the information generated by the Facial Detection software cannot be considered “personal data”. The definition of “personal data” can be found in various pieces of legislation; for instance, it is defined by the European Directive 95/46/EC as “information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;”.
After the data is produced by the system, two utilizations are possible:
the data is recorded into a text file and uploaded into a central database where it is aggregated for statistical purposes. There is clearly no possibility to link any of the recorded information to a specific person. In particular, this data could not be cross referenced with any other database to identify individuals.
the data is sent in real time to an external device such as a media player to trigger an action adapted to the current context; for example, to play a video or a sound when a person comes within a given distance or when the audience fits a desired demographic profile.
InReality uses advanced computer vision techniques to provide non-identifiable and non-visual information to databases and devices, for marketing purposes. In terms of privacy and data protection, it is comparable to a sophisticated motion sensor or to an “intelligent turnstile”, similar to the devices which are commonly used in public spaces to count the flow of people and to trigger electronic devices.
When you visit our websites, InReality uses third-party services for hosting, analytics, advertising, customer support, content acceleration, and other promotional purposes, including Google (Analytics, Ad Services, Tag Manager, Hosted Libraries), NetResults, Salesforce, and others.
We collect the email addresses of those who communicate with us via email, information on pages visitors access, and information volunteered by the visitor (such as survey information or form submissions) to improve the content of our web pages and the quality of our service. We may use contact information you provide on our website for marketing and sales purposes. We honor requests to opt out of marketing and sales communications; if you opt out, we will maintain your contact information in our “do not contact” list.
Effective May 25th, 2018, we have also updated all our web forms to be GDPR compliant moving forward. We’ve also done our best to remove anyone from our mailing list that we felt we did not have clear consent from. If you feel you did not subscribe or would like to remove yourself from the list, scroll to the bottom of the email and select our Unsubscribe button. We have always had this unsubscribe option in place and will continue to do so.
When you purchase or evaluate our products and services we may ask for information such as your name, company name, email address, billing address, and credit card information. We use information that you provide to deliver and bill for those products and services, identify and authenticate you, contact you, and other purposes like research for product improvement.
The information we collect is not shared with or sold to other organizations for commercial purposes, except to provide products or services you’ve requested, when we have your permission, or under the circumstances described in this policy.