This policy outlines the data we collect and process for our LiveReach Media (LRM) Analytics products. The policy is subject to change and will be updated as need be. LRM adheres to the Mobile Location Analytics Code of Conduct developed by The Future of Privacy Forum.
For more information, or any specific concerns, you may contact our Data Privacy Officer at firstname.lastname@example.org or by sending a letter addressed to Data Privacy Officer at the following address:
260 S. Sunnyvale Ave.
Suite 3 & 4
Sunnyvale, CA 94087
What is LiveReach Media Analytics?
LRM Analytics is a data processing and analytics solution. We collect and process data on our end customer’s behalf to provide them with an understanding of the visitors in a physical location. In most cases, for the purposes of data protection law our customer will be the data controller and we are processor.
De-personalized Data: Data that cannot be reasonably used to infer information about a particular consumer, but that may be associated with a particular computer or device, e.g, a hashed MAC address.
De-identified Aggregated Metrics: Data that cannot be reasonably used to infer information about or otherwise linked to a particular consumer, computer, or other device, e.g., five percent of the store’s visitors today were seen at some point in the past week.
What information do we collect?
The information collected by LRM is the following:
Device Identifier: A de-personalized identifier derived from the MAC address of a wireless device.
Device Manufacturer: The manufacturer of a device as derived by the first three octets of the MAC address.
Ins, Outs, & Occupancy: The number of people that entered, exited, or currently occupy a location.
Timestamp: The time and date when the wireless device was seen or a camera image was captured .
Location: The physical location within which the wireless device was detected by our sensor or a camera image was captured . For example, “Store A” or “Section B in Store A.”
What data is processed and how do we protect individual privacy?
To collect the above described information, we process and aggregate the following data:
Wifi & Bluetooth Broadcast Beacons: LRM captures two types of data from Wifi & Bluetooth broadcast beacons: (1) PII, specifically the MAC address and Service Set data; (2) packet transmission information, such as RSSI.
Camera Images: LRM captures de-identified aggregated metrics, specific to location occupancy, from cameras at regular intervals.
The following steps are taken to ensure individual privacy:
Wifi & Bluetooth Broadcast Beacons: Collected PII data is never sent over the network or saved in long term storage. When collected, the data is immediately de-personalized in-memory by hashing the PII. This is a one-way process that cannot be reasonably reversed. The original data is discarded, while only the new de-personalized data is ever sent over the network for further processing on our servers. We technically cannot reasonably and will not try to identify the individual persons.
Camera Images: Camera images are never sent over the network or saved in long term storage. When collected, the image is immediately processed in-memory. The original image is discarded, while only the de-identified aggregated metrics are ever sent over the network for further processing on our servers. We technically cannot and will not try to retrieve the original images or identify individual persons.
How will we use the data?
We use the data to provide de-identified aggregated metrics of the movement and behavior of the visitors in a venue. The venue owner or operator will often use this for the purposes of enhancing the customer experience, conducting internal audits, optimizing revenue generating activities, and more. A good example of a report we provide is, N number of individuals were seen at Location A between these times. We have seen a subset of those people in the past and on average the N people spent Y minutes at the location.
How long do we store data?
The data storage duration is dependent on the type of data. We don’t store data longer than necessary and irreversibly delete it once the de-identified aggregated metrics have been produced.
PII: The original MAC address and service set data is only kept in memory for the brief time it takes to de-personalize it, generally less than sixty (60) seconds.
Opted-out MAC Address: Opted-out MAC addresses, stored for the purposes of providing individuals the ability to opt-out of the data collection and processing, are stored indefinitely.
De-Personalized Data: This data is stored as needed for ongoing data optimization and calibration. Storage will not extend beyond a ninety (90) day window. Customers may request a shorter time frame if need-be.
De-identified Aggregated Metrics: These are stored as long as we have a business relation with the customer or data owner.
How do we protect the data?
We have designed our systems to keep as little information as possible and we always store it on encrypted storage with limited access. All communication is done using encrypted channels. All access and activity on our devices is logged for future audit.
No PII data, de-personalized or not, that is collected in the European Economic Area (EEA) is transferred outside.
What is LRM’s policy on responding to law enforcement requests?
LRM respects the rules and laws of the jurisdictions in which we operate as well as the privacy and rights of our customers. Consequently, LRM provides data in response to law enforcement requests only when we believe that we are legally required to do so.
To obtain data, law enforcement must provide the appropriate legal documents required for the type of information being sought, such as a subpoena, court order, or a warrant. To protect our customers’ rights, we scrutinize all requests to make sure they comply with the law.
What data is sold, transferred or shared with third parties, excluding law enforcement?
None of the device specific de-personalized data is ever shared with or sold to third parties, unless legally required. LRM only shares or sells de-identified aggregated metrics, described in the section entitled “How will we use the data?”.
Can I request the deletion of my data?
It is not possible for us to retroactively delete any data that may be about you. Because the only thing we store long-term is de-identified aggregated metrics; we cannot determine which data belongs to you.
Can I get a copy of my data?
It is not possible to request a copy of your data. Because the only thing we store long-term is de-identified aggregated metrics; we cannot determine which data belongs to you.
How can I opt-out from any further data collection or processing?
Navigate to https://smart-places.org/ in order to opt-out.
Last updated 14th of February 2019