GDPR & PCI Compliance

Vector 4D devices utilize Time of Flight technology, which illuminates the area below the device with invisible infrared light. The reflected signal is detected, and the time taken to return is used to build up a height map of the scene which is then used to track people through the field of view. This technology does not have any associated GDPR issues.

A CCTV component is included to allow for initial configuration (via a remote workstation if required), and for any validation audits to be performed, for example, if the accuracy is ever questioned.

The CCTV image is only used for these two purposes, and the resolution and image quality provided from the onboard CCTV component is purposefully as low as possible in order to reduce bandwidth requirements and also negate any PCI compliance issues.

Because the CCTV image is not used internally by the device for any of the tracking or counting functionality, the CCTV lens it can be permanently covered if privacy is of concern (once configured).

 

Stored Images

Because a Vector does not use CCTV images for any of its counting functionality, images are not processed or stored during normal operation.

When configuring the device remotely, video is streamed to allow the setup process, but these frames are not stored and are simply thrown away.

Only when recordings are captured for validation purposes does storage of images become relevant.

It should be noted that recordings used for validation purposes are only used when absolutely required – usually to fulfill contractual obligations – and the video only captures images of people’s heads, in a low quality, low resolution image, and usually from some distance away.

Once accuracy has been established the recordings should be deleted by the one validating. If validation is done through the Estate Manager platform, recordings are deleted automatically on a rolling schedule.