Privacy and Personal Data Policy — Applicable for Persons Present at Sites from which Claviate Obtains Video Footage

1. Introduction

This privacy and personal data policy describes how Claviate ApS ("Claviate") as data processor processes personal data in connection with providing operational tracking services to its customers based on instructions from its customers in their capacity as data controllers.

The relevant data protection laws and regulations applicable for Claviate’s processing of personal data as at the date hereof (January 2025) are set out in the General Data Protection Regulation (Regulation no. 2016/679 of 27 April 2016 of THE EUROPEAN PARLIAMENT AND OF THE COUNCIL) (”GDPR”) and the Danish Data Protection Act (”Databeskyttelsesloven”, Act no. 502 of 23 May 2018) both as amended from time to time.

2. Processing Activities

In order to be able to provide key event data to its customers which can be used to identify and validate process and working method optimization potential, Claviate inter alia collects video data (images taken every 10 seconds) from video cameras present at its customers’ manufacturing, production and operational sites. Such video data may contain images of physical persons present at the sites. Video recording only takes place on instruction from Claviate’s customers.

Claviate detects "Person objects" in the video data using a customized neural network. Over time, the neural network will be retrained and updated using the objects identified from the specific site and context. Once validated, the detected objects will serve as input for an anonymization algorithm that creates a copy of the raw image, but with the "person objects" permanently removed by redaction, blurring or background replacement.

In practice, this means that all persons appearing in the video data will be anonymized and will not be recognisable/identifiable and as such no personal data will remain, as the personal data is considered erased when images are blurred with no retroactive ability to recover the personal data the images previously contained.

Claviate’s customers will only receive data in which all persons are anonymized and no personal data remains. Claviate will be in possession of raw video data obtained directly from the video cameras which may contain images of physical persons. Such raw video data will be stored by Claviate for cycles of up to 30 days for further processing, following which it will be deleted automatically. During this storage period, only data scientists employed by Claviate will have access to the raw video data. No third parties will have access to raw video data. Images are taken from the camera node which sends data directly to a virtual private cloud (VPC) for further processing via an encrypted VPN-connection or similar.

Raw video data containing personal data is stored in encrypted format making it non-readable for third parties in the unlikely case of un-authorised access.

The purpose of collecting and temporarily storing images that contain personal data in the "raw video database", is to improve and ensure high quality anonymization, i.e. to collect industry specific image data for the training and optimization of the neural network. This is necessary since the specific site might contain industry specific features and working positions, that are not accounted for in the standard training dataset. These include features such as work clothes, personal protection equipment, body poses specific to certain operations etc.

It should be noted that images of persons present at a site contained within the raw video data is only regarded as personal data to the extent that a person is in fact identifiable from the data.

Claviate will implement appropriate data protection, technical and organisational measures before the collection and processing of video footage is initiated from a site.

3. Your Rights as a Person on Site

If your personal data is processed, based on your presence on a site from which Claviate collects video data, you have the following rights:

These rights may be subject to conditions or restrictions. For example, you may not have the right to data portability in the case in question. This will depend on the specific circumstances in connection with the processing activities.

You can exercise your rights above or direct any questions, you may have to Claviates processing of personal data, by contacting Claviate by e-mail (info@claviate.com) or call us at +45 21 80 99 66. We will then forward your request to our customer as data controller and revert with a joint response to you.

If you are not satisfied with our response, you can always lodge a complaint with your local data protection authority.

In Denmark, the regulator is the Danish Data Protection Agency (Datatilsynet).
Tel.: +45 33 19 32 00
Email: dt@datatilsynet.dk
Website: datatilsynet.dk.

In France, the regulator is the Commission Nationale de l’Informatique et des Libertés (CNIL).
Tel.: +33 (0)1 53 73 22 22
Website: cnil.fr
Address:
Commission Nationale de l’Informatique et des Libertés
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07
FRANCE

In Taiwan, the regulator is the Personal Data Protection Commision (PDPC).
Tel.: +886 2 3356 8016
Website: pdpc.gov.tw
Address:
Personal Data Protection Commision
5F, No. 77, Guanqian Rd., Zhongzheng Dist.
Taipei City 100011
TAIWAN

4. Changes

This privacy policy replaces all previous versions. It may be necessary to update and amend this policy on an ongoing basis, and we thus reserve the right to update and amend it. In the event of an important amendment, we will notify you at claviate.com.

This policy is last updated in January, 2025.