Privacy Statement CamenAI Applications: protection of privacy and information security
This Privacy Statement CamenAI Recorder and Dashboard (including API) (together referred to as “CamenAI Applications”) describes the protection of privacy and information security concerning the data processed by CamenAI at customer- and user level while using the CamenAI Applications. It explains why certain data are processed, how these data are stored and secured and which rights data subjects have in relation to these data. The privacy aspects concerning the processing of personal data in visual material , which are gathered on the public road via the CamenAI Recorder and are put at the disposal of users via the CamenAI Dashboard, are not a part of this Privacy Statement.
CamenAI processes personal data in accordance with its privacy and information security policy and with the requirements in the General Data Protection Regulation (GDPR). CamenAI has appointed a Privacy Officer who supervises the application of and compliance with the GDPR within CamenAI.
1. Purposes for processing and legal basis
The data of CamenAI customers and the personal data of customers’ employees, representatives and consultants and as explicitly submitted by the user of the CamenAI Applications are processed by CamenAI for entering and executing agreements concerning the services by CamenAI and the management of the relations resulting from it. CamenAI has a legitimate interest to process these data, because this is needed to fulfill the agreement with the customer and to provide the CamenAI services. To perform its services, CamenAI must:
– provide employees of customers access codes for CamenAI Applications;
– collect and process personal data to provide the CamenAI services as accounted for the in the agreements between CamenAI and its customer.
– record how the CamenAI Dashboard is used for purposes of billing, management, maintenance and improvement; and
– provide information to administrators and/or users at the customers in case of outages or planned innovations or modifications.
By entering an agreement with CamenAI, the customer acknowledges that the aforementioned data will need to be processed.
2. Types of data
For its services CamenAI processes ‘ordinary’ personal data, which are:
• contact details: name and email address of the employees of the customer and other organizations that have been authorized to use the CamenAI Applications*;
• access codes & passwords for Camen AI Applications (for the CamenAI Dashboard no passwords are provided in case ‘Single sign-on’ has been implemented);
• log data of users of the CamenAI Dashboard;
• IP address of a user of the CamenAI Applications for as far as traceable to a natural person.
• Location data as of start, during drive and stop while using the CamenAI Recorder and for as far as traceable to a natural person*. The GPS position and the e-mail address used for the CamenAI Recorder App are stored together with the image.
• Voice notes (optional and as activated by the user), for as far as traceable to a natural person, may be added to comment on what is visible at a certain location while driving and capturing with the CamenAI Recorder App. These voice notes are transferred to text and stored together with the image and location.
These personal data are not used for purposes other than provision of the CamenAI services and are not sold or transferred as such other than explicitly included in this Privacy Statement.
* When downloading the CamenAI Recorder App, it is recommended to use an email address that is not traceable by CamenAI to the driver of the vehicle on which the mobile phone is mounted and on which the CamenAI Recorder App is running. This will ensure that the location data captured in the CamenAI Recorder App cannot be traced by CamenAI to the driver of the vehicle.
3. Storage and security
The storage of the email address and location data takes place in the CamenAI Recorder App together with the image. This storage is secured on the closed memory of the mobile phone on which the CamenAI Recorder is downloaded. When the mobile phone connects to Wi-Fi or the mobile data network, this data is automatically sent to the servers in CamenAI’s cloud environment. For transfer data CamenAI uses encryption by means of https. A request for runtime rights before accessing data shielded by Android rights is in place. Once the upload of this data has been completed, this data is deleted from the closed memory of the cell phone.
Two different databases store and secure the data of customers and users of the CamenAI Dashboard: the ‘account management database’ and the ‘usage statistics database’. These databases are located in our cloud environment at a third party, Microsoft Azure, with storage facilities and a back-up within the European Union. Microsoft Azure is certified according to the ISO27000 guideline.
The account management database and the usage statistics database:
– are separate databases;
– are only accessible based on roles;
– use SSL and Client IP filtering for access security.
Account management database
The account management application is used to create customers and users who are allowed to use the CamenAI Dashboard. To this end, data of customers are being recorded, such as the name of the customer, email address of the contact who receives the access codes and the encrypted password for access to the CamenAI Dashboard (unless Single Sign-on is in place). The account management database further records whether the application itself or the API is used, which functionality is applied and which user settings are applicable. These usage data are used for statistical analysis concerning the use of the different image databases and the used functionalities . To get insight into the access of the imagery in the account management database, data from the usage statistics database are used, namely the number of views. In the account management database it is not recorded nor displayed at which location a user has searched or viewed; so it will not be known when and which images a user has accessed.
Access to the account management database is based on roles and dependent on the function fulfilled within CamenAI.
Usage statistics database
The usage statistics database logs the use of the database and is the ‘source file’ of the usage data. This database records various parameters, such as:
– TimeStamp (the moment at which a certain functionality is applied);
– UserKey (user identification);
– ResponseTime (time frame in which the requested server obtains a response);
– LayerType (type of data layer, like the data layer with captured images);
– ImageID (identification number of the image);
– Action (type of functionality that is being used);
– Zoomlevel (zoom level of the visual material that is being viewed);
– Application (type of application that is being used, such as the CamenAI Dashboard or the API);
– Source IP-address of the customer.
No direct location information of a viewed object is recorded, such as an address or a zip code. The data in this database are used to supply the account management application with data about its use. The link between the databases is established by means of a unique personID linked to a user. Only CamenAI administrators have access to this database.
In addition the following data is included in the logfiles: device name, device brand (e.g. Samsung) and Android version. This logging is for support purposes and only ends up in the local log files.These log files can only be transferred from the device upon explicit user interaction.
4. Transfer of data
Transfer of data takes place by means of storage at the cloud service provider Microsoft Azure. To this end, a data processing agreement has been made with Microsoft. As Microsoft’s headquarters are located in the United States of America, the standard contractual clauses as adopted by the European Commission are incorporated in this data processing agreement.
5. Retention periods
CamenAI removes the (personal) data of customers and users of the CamenAI Dashboard one (1) year after a customer is no longer a customer. From that moment on, the usage data can no longer be traced back to an individual user.
The statistics as recorded in the usage statistics database are stored for 18 months.
6. Cookies CamenAI Dashboard
The CamenAI Dashboard uses Google and Statcounter cookies as part of their “Analytics” services. These cookies are needed to analyze the use of the CamenAI Dashboard and align the development thereof with the users’ needs. For this purpose, we for instance analyze from which country our service is consulted and which browser is used. The information collected with the Analytics service does not include personal data, for example the used IP-address is expressly not part of the collected information within this service. Google and Statcounter are not authorized to use the obtained information for other services and this information is not supplied to third parties, unless they are legally obliged to do so, or insofar as third parties process data on behalf of them.
7. Rights of data subjects
A data subject of which CamenAI processes personal data, has the right to request CamenAI for access, rectification, erasure, restriction of the processing, or data portability.
You can direct your written objection to the use of personal data as follows: by email to firstname.lastname@example.org, or using the contact page on our website or by mail to the address below:
3526 KS UTRECHT
When you request access, CamenAI may – in order to prevent misuse – ask for proof of identification. Should the personal data processed by us contain inaccuracies, you can request CamenAI to rectify or remove the incorrect data.
Data subjects have the right to file a complaint with the Dutch Data Protection Authority.