Privacy Policy
Last updated: January 19, 2024
This Privacy Policy applies to the Navori services and products (the “Navori Services”). It describes how Navori collects, uses, and discloses personal data through the Navori Services. It also contains information on how individuals can exercise their rights regarding their personal data. If you have any questions, concerns, or inquiries regarding the processing of your personal data or this Privacy Policy, do not hesitate to reach out to us. Below you will find the information needed to contact us either by email or by mail at:
If to Navori Inc:
Navori Inc
1000 Sherbrooke West # 710, Montreal, H3A 3G4 Canada
Attn: Privacy Officer
With a copy to legalnotice@navori.com
If to Navori SA:
Navori SA
Attn: Data Protection Officer
Avenue Mon-Repos 22, Lausanne 1005, Switzerland
With a copy to legalnotice@navori.com
If to Navori Software Private Limited
Navori Limited
C-601, Spectrum Metro Mall, Sector 75, Noida, UP, India – 201301
Attn: Privacy Officer
With a copy to legalnotice@navori.com
We deliver the Navori Software on behalf of our clients which may use the Navori Services for various purposes and may not use all the functionalities. Please refer to their respective privacy policies to get more information on how they collect, use, or disclose your personal data. In some locations, the laws regarding personal data distinguish between a data controller and a data processor. We deliver the Navori Services as data processors.
1. What do we consider personal data?
In this Privacy Policy, we consider as personal data any information which relates to an identified or identifiable natural person, such as an identification number, gender, or age. Some data may not be personal on their own but may become personal when combined with others. We also consider such data to be personal data. However, depending on your locations, some of the data that we refer to as “personal data” may not be protected by law in your jurisdiction. For instance, you may not be able to exercise some of the rights that we describe in this Privacy Policy.
2. When does this privacy policy not apply?
Our clients are responsible for implementing their own privacy policy which describes in further detail how they process your personal data, including as part of the Navori Services. We do not have full control on how our clients collect, use, and disclose personal data. The Navori Services can be licensed as software and installed on-premises by our clients, which means that we process personal data because of the use of the Navori Services. This privacy policy does not apply when the Navori Services are installed on-premises by our clients, except to the extent that it relates to the processing of business contact information for maintenance, technical support, and customer relationship management.
This Privacy Policy is specific to the Navori Services and does not apply to any other Navori products or services.
3. What type of personal data do we collect, and why?
The Navori Services collect the personal data described in the table below, which also provides you with information on the purpose of the collection. We do not sell your personal data and the Navori Services are designed with privacy-by-design principles. The Navori Audience Measurement Services only uses degraded embeddings to aggregate data upon collection and such as to generate analytics and metrics for our clients. They can use these metrics for purposes such as screen performance management or improving the position of their digital signage.
The Navori Services analyzes the video streams inputted by clients through camera systems and similar video inputs. We do not control the video streams which are inputted by clients. Our clients are under contractual obligation to act in compliance with privacy laws and to respect privacy rights of individuals when using the Navori Services.
As we are the data processor, we process personal data collected on the legal bases that the data controller determines. Should you wish to obtain more information on how a client collects personal data, and on which legal basis, please contact them directly.
Category of Personal Data | Examples and Purposes | |
---|---|---|
Video Streams | The Navori Services makes human and object detection based on video streams. The object or people attributes remain at the point of collection, they do not allow for the identification of individuals, but it helps to determine resemblance to the metrics below through artificial intelligence.
This technology is based on detection and do not allow for facial recognition. These video streams can come from various cameras and monitoring systems, such as in-store surveillance cameras. |
|
Login credentials |
|
This information is collected to create and manage the Client’s administrator and end user accounts. |
Payment Information |
|
Credit card information is not stored by Navori or by a third party |
Transaction History Data |
|
The history of purchases, payments and invoices is accessible by the user from his Navori account |
Consent Data |
|
The consent of customers and users to the service or an Navori product are stored in the user account to which the service or license is attached. |
Support and Maintenance Data |
|
Repository of all communication between Navori support employees and the user |
4. Where do we collect, use, and disclose your personal data?
We are based in Switzerland, Canada and India. The Navori Services are hosted in Germany.
We may also use third party service providers in other countries, in which case, they will collect, use, or disclose your data in those countries.
Those countries may not have the same data protection laws as the country in which you initially provided that information. Before transferring personal data outside the European Economic Area, we ensure that adequate safeguards are in place, such as by entering into agreements with such third parties that incorporate standard contractual clauses.
5. Do we engage in profiling or automated decision-making?
The Navori Software allows our Clients to collect business intelligence information about visitors to their premises. Specifically, the Navori Software is installed in an edge device or PC. The Navori Software analyzes video images captured by a USB or IP camera in real time and stores this data in RAM memory. Once the image data has been acquired, an algorithm based on a mathematical formula detects human shapes data to individualize people or objects based on the video image. For example, the Navori Software may identify the gender and age group of a visitor and what they are looking at, and for how long. This information is aggregated to detect patterns for business intelligence.
6. How do we protect your personal data?
We use reasonable organizational, technical, and administrative measures to protect information within our organization. Access to end users’ accounts is protected with multi-factor authentication, and our data centers have multiple certifications and third-party audits attesting to the security controls in place, including an end to end encryption.
The Navori Software has been built to incorporate privacy-by-design. We do not store images or video streams. Almost as soon as information is collected about specific attributes such as age and gender, the personal information is anonymized and aggregated. Furthermore, in order to minimize risk exposure, we aggregate personal data as meta data in a period of minutes after its acquisition and then permanently destroy the raw data.
The Navori Software assigns a unique anonymous identifier to each visitor, and only recognizes visitors by his or her physical characteristics through their identifier so it’s impossible to identify a person’s name or other personal data. These aggregated demographic data sets are stored by the Client and can be analyzed according to their requirements and in compliance with relevant local legislation.
7. How long do we keep your personal data?
We retain information about end users for as long as they have an active account with us. In general, we use data minimization to reduce our retention of personal data to what is necessary for the purpose of the collection, unless we are required to keep it longer to comply with a legal obligation or in accordance with the law.
However, it should be noted that we do not store personal data that is collected by visitors through Navori SaaS, as data is aggregated and anonymized soon after we receive it, and the stored data cannot be used to identify an individual.
8. With which categories of recipients do we share personal data?
We do not sell your personal data. We disclose your personal data as required to provide our clients with the Navori Services. Here are the categories of recipients with whom we share personal data:
Category | Explanations |
---|---|
IT Service providers | We use service providers to enable some of our functionalities. |
Law enforcement and other authorities | We may receive requests from law enforcement or the authorities to access personal data. Whenever permitted by law, we advise our users or clients before responding to such requests. We also validate that the request is legitimate before responding. |
Business Transactions | We may disclose your personal data in connection with, or during negotiations of, any merger, sale of assets, financing, or acquisition of all or a portion of our business by another entity or investors. For instance, if we sell our assets, your personal data may be part of such assets. |
9. How can users exercise their rights regarding their personal data?
Applicable laws contain rights which individuals can exercise over their personal data.
Depending on where you are located, different rights are granted to you over your personal data. These rights generally include the rights to access and rectify personal data. In the European Union, additional rights including the rights to:
- be informed about how we process your personal data;
- request the erasure of your personal data;
- revoke your consent when our processing is based on your consent;
- object to the processing of your personal data;
- restrict the processing of your personal data;
- have automated decision making reviewed in accordance with the law;
- the portability of your personal data;
Some of these rights may not be applicable, depending on the circumstances. If you would like to learn more about these rights, please click here for a more detailed explanation.
If you reach out to us to exercise your rights, we will respond to you within 30 days of receiving your request, or faster if required by applicable laws. In some cases, we may need additional information to validate your identity. We will only use this information for this purpose. If you do not agree with how we responded to your request, you have the right to lodge a complaint with your local authorities. To consult the list of data protection authorities by country in the European Union, please click here.
If you are located in Canada, the Officer of the Privacy Commissioner of Canada drafted this FAQ to help you access your personal information when it is held by a business. You can also contact the Office of the Privacy Commissioner of Canada’s Information Center:
Telephone
9:00 am to 4:00 pm EST
Toll-free: 1-800-282-1376
Mailing address
Office of the Privacy Commissioner
30 Victoria Street
Gatineau, Québec
K1A 1H3
If you’re not satisfied with how we process your request, you can lodge a complaint with the OPC, by filling out this form.
10. Will this Privacy Policy be updated?
Yes, we will update this Privacy Policy from time to time to reflect technological changes, new functionalities and new legislations, or as required. Please refer to the latest update date above to know when we last updated this Privacy Policy.