Privacy Policy

This Privacy Policy applies to the Aquaji services and products (the “Aquaji Services“). It describes how Navori collects, uses, and discloses personal data through the Aquaji Services. It also contains information on how individuals can exercise their rights regarding their personal data. If you have any questions, concerns, or inquiries regarding the processing of your personal data or this Privacy Policy, do not hesitate to reach out to us. Below you will find the information needed to contact us either by email or by mail at:

If to Navori Inc:
Navori Inc
1000 Sherbrooke West # 710, Montreal, H3A 3G4 Canada
Attn: Privacy Officer With a copy to legalnotice@navori.com

If to Navori SA:
Navori SA
Rue du lion d’or 4, CH-1003 Lausanne, Switzerland
Attn: Data Protection Officer With a copy to legalnotice@navori.com

We deliver the Aquaji Software on behalf of our clients which may use the Aquaji Services for various purposes and may not use all the functionalities described in this Privacy Policy. Please refer to their respective privacy policies to get more information on how they collect, use, or disclose your personal data. In some locations, the laws regarding personal data distinguish between a data controller and a data processor. We deliver the Aquaji Services as data processors.

1. What do we consider personal data?

In this Privacy Policy, we consider as personal data any information which relates to an identified or identifiable natural person, such as an identification number, gender, or age. Some data may not be personal on their own but may become personal when combined with others. We also consider such data to be personal data. However, depending on your locations, some of the data that we refer to as “personal data” may not be protected by law in your jurisdiction. For instance, you may not be able to exercise some of the rights that we describe in this Privacy Policy.

2. When does this privacy policy not apply?

Our clients are responsible for implementing their own privacy policy which describes in further detail how they process your personal data, including as part of the Aquaji Services. We do not have full control on how our clients collect, use, and disclose personal data. The Aquaji Services can be licensed as software and installed on-premises by our clients, which means that we process personal data because of the use of the Aquaji Services. This privacy policy does not apply when the Aquaji Services are installed on-premises by our clients, except to the extent that it relates to the processing of business contact information for maintenance, technical support, and customer relationship management.

This Privacy Policy is specific to the Aquaji Services and does not apply to any other Navori products or services.

3. What type of personal data do we collect, and why?

The Aquaji Services collect the personal data described in the table below, which also provides you with information on the purpose of the collection. We do not sell your personal data and the Aquaji Services are designed with privacy-by-design principles. The Aquaji Services only uses degraded embeddings to aggregate data upon collection and such as to generate analytics and metrics for our clients. They can use these metrics for purposes such as performance management or improving the position of their digital signage.

The Aquaji Services analyzes the video streams inputted by clients through camera systems and similar video inputs. We do not control the video streams which are inputted by clients. Our clients are under contractual obligation to act in compliance with privacy laws and to respect privacy rights of individuals when using the Aquaji Services.

As we are the data processor, we process personal data collected on the legal bases that the data controller determines. Should you wish to obtain more information on how a client collects personal data, and on which legal basis, please contact them directly.

Category of Personal Data Examples and Purposes
Video Streams The Aquaji Services makes human and object detection based on video streams. The object or people attributes remain at the point of collection, they do not allow for the identification of individuals, but it helps to determine resemblance to the metrics below through artificial intelligence.

  • Gender classification (male or female).
  • Age segment classification.
  • Length of stay, field of vision, attention and engagement.
  • Employee status.

This technology is based on detection and do not allow for facial recognition. These video streams can come from various cameras and monitoring systems, such as in-store surveillance cameras.

Behavioural Data Pictures The Aquaji Services can decide to upload pictures of employees to the system, the Aquaji Services can make provide additional behavioral data, such as the employee performances.

Depending on how our clients use the services, some data may be personal, or not. They are required to define what is appropriate based on the context.

Aquaji provides the following metrics:

  • Length of stay.
  • Whether a visitor is a first-time visitor or has visited multiple times.
  • Whether a visitor visited multiple stores.
  • Time spent waiting in line.
  • Time spent browsing, looking at specific displays, store sections, advertisements or items.
  • Time exposed to a camera’s field of view.
  • Unique people count.
  • Measurement of attention and engagement.

This personal data is collected about visitors through the Client’s cameras. This information is collected to understand visitor behaviour. This information is used by Clients to for multiple purposes such as to determine visitor profiles, attendance, and experience, to collect business intelligence, and to customize digital signage.

Login credentials
  • Username.
  • Password.
This information is collected to create and manage the Client’s administrator and end user accounts.
Employee Photograph
  • Photograph of the employee.
Aquaji Software can identify the Client’s employees based on a previously uploaded photograph to distinguish whether a person within view of the camera is an employee or a visitor.Aquaji Software can identify the Client’s employees based on a previously uploaded photograph to distinguish whether a person within view of the camera is an employee or a visitor.
Payment Information
  • Credit card information.
Credit card information is not stored by Navori or by a third party.
Payment History Data
  • Navori.com user account.
The history of purchases, payments and invoices is accessible by the user from his Navori account.
Consent Data
  • Consent to electronic agreements.
The consent of customers and users to the service or an Aquaji product are stored in the user account to which the service or license is attached.
Support and Maintenance Data
  • Support and maintenance exchanges.
Repository of all communication between Navori support employees and the user.

4. Where do we collect, use, and disclose your personal data?

We are based in Canada and Switzerland. The Aquaji Services are hosted in Germany.

We may also use third party service providers in other countries, in which case, they will collect, use, or disclose your data in those countries.

Those countries may not have the same data protection laws as the country in which you initially provided that information. Before transferring personal data outside the European Economic Area, we ensure that adequate safeguards are in place, such as by entering into agreements with such third parties that incorporate standard contractual clauses.

5. Do we engage in profiling or automated decision-making?

The Aquaji Software allows our Clients to collect business intelligence information about visitors to their premises. Specifically, the Aquaji Software is installed in an edge device or PC. The Aquaji Software analyzes video images captured by a USB or IP camera in real time and stores this data in RAM memory. Once the image data has been acquired, an algorithm based on a mathematical formula analyzes the data to individualize people or objects based on the video image. For example, the Aquaji Software may identify the gender and age group of a visitor and what they are looking at, and for how long. This information is aggregated to detect patterns for business intelligence, for example, to assign staff or to arrange displays based on visitor preferences. Moreover, the Aquaji Software can be used to customize programmatic add systems by triggering the most appropriate content based on the identified audience’s profile. For instance, a Client may show relevant content when a group of visitors that matches that profile walk by the sign. Navori does not make these determinations; as the data processor, we process personal data with the instructions received from our Clients

6. How do we protect your personal data?

We use reasonable organizational, technical, and administrative measures to protect information within our organization. Access to end users’ accounts is protected with multi-factor authentication, and our data centers have multiple certifications and third-party audits attesting to the security controls in place, including an end to end encryption.

The Aquaji Software has been built to incorporate privacy-by-design. We do not store images or video streams. Almost as soon as information is collected about specific attributes such as age and gender, the personal information is anonymized and aggregated. Furthermore, in order to minimize risk exposure, we aggregate personal data as meta data in a period of minutes after its acquisition and then permanently destroy the raw data.

The Aquaji Software assigns a unique anonymous identifier to each visitor, and only recognizes visitors by his or her physical characteristics through their identifier so it’s impossible to identify a person’s name or other personal data. These aggregated demographic data sets are stored by the Client and can be analyzed according to their requirements and in compliance with relevant local legislation.

7. How long do we keep your personal data?

We retain information about end users for as long as they have an active account with us. In general, we use data minimization to reduce our retention of personal data to what is necessary for the purpose of the collection, unless we are required to keep it longer to comply with a legal obligation or in accordance with the law.

However, it should be noted that we do not store personal data that is collected by visitors through Aquaji SaaS, as data is aggregated and anonymized soon after we receive it, and the stored data cannot be used to identify an individual.

8. With which categories of recipients do we share personal data?

We do not sell your personal data. We disclose your personal data as required to provide our clients with the Aquaji Services. Here are the categories of recipients with whom we share personal data:

Category Explanations
IT Service providers We use service providers to enable some of our functionalities.
Law enforcement and other authorities We may receive requests from law enforcement or the authorities to access personal data. Whenever permitted by law, we advise our users or clients before responding to such requests. We also validate that the request is legitimate before responding.
Business Transactions We may disclose your personal data in connection with, or during negotiations of, any merger, sale of assets, financing, or acquisition of all or a portion of our business by another entity or investors. For instance, if we sell our assets, your personal data may be part of such assets.

9. How can users exercise their rights regarding their personal data?

Applicable laws contain rights which individuals can exercise over their personal data.

Depending on where you are located, different rights are granted to you over your personal data. These rights generally include the rights to access and rectify personal data. In the European Union, additional rights including the rights to:

  • be informed about how we process your personal data.
  • request the erasure of your personal data.
  • revoke your consent when our processing is based on your consent.
  • object to the processing of your personal data.
  • restrict the processing of your personal data.
  • have automated decision making reviewed in accordance with the law.
  • the portability of your personal data.

Some of these rights may not be applicable, depending on the circumstances. If you would like to learn more about these rights, please click here for a more detailed explanation.

If you reach out to us to exercise your rights, we will respond to you within 30 days of receiving your request, or faster if required by applicable laws. In some cases, we may need additional information to validate your identity. We will only use this information for this purpose. If you do not agree with how we responded to your request, you have the right to lodge a complaint with your local authorities. To consult the list of data protection authorities by country in the European Union, please click here.

If you are located in Canada, the Officer of the Privacy Commissioner of Canada drafted this FAQ to help you access your personal information when it is held by a business. You can also contact the Office of the Privacy Commissioner of Canada’s Information Center:

Telephone
9:00 am to 4:00 pm EST
Toll-free: 1-800-282-1376

Mailing address
Office of the Privacy Commissioner
30 Victoria Street
Gatineau, Québec
K1A 1H3

If you’re not satisfied with how we process your request, you can lodge a complaint with the OPC, by filling out this form.

10. Will this Privacy Policy be updated?

Yes, we will update this Privacy Policy from time to time to reflect technological changes, new functionalities and new legislations, or as required. Please refer to the latest update date above to know when we last updated this Privacy Policy.