Privacy-by-design: GDPR-compliant proactive safety

At intenseye, we are dedicated to protecting your data by strictly adhering to the EU's General Data Protection Regulation (GDPR), which is reflected in our use of cutting-edge security measures and protocols to ensure the secure handling of your information. Rest assured that your data is in safe hands with Intenseye.

GDPR Compliance Overview

Privacy by Design and by Default

The Privacy by Design and by Default principle of the GDPR mandates organizations to integrate personal data protection into the design and default settings of their products and systems. Intenseye prioritizes privacy and has implemented privacy-by-design strategies at every stage of the platform development to safeguard individuals’ information while providing valuable insights to businesses for maintaining safety in their facilities.

Transparency

The GDPR mandates organizations that use security cameras and video surveillance systems to inform their employees and third parties involved in recording about the surveillance. Intenseye prioritizes transparency and recommends its customers to inform their employees and contractors about the collected security camera data for improving occupational safety in their facilities.

No biometric data processing

The GDPR applies to the storage of biometric data for unique identification, but video footage alone does not qualify as biometric data unless it involves measuring physical, physiological, or behavioral characteristics. Intenseye complies with these requirements by never storing biometric data, using technology to blur faces in images and videos, and implementing a cutting-edge 3D anonymization technique to make employees completely unidentifiable.

  • Data Segregation and Retention
  • Encryption in-transit and at-rest
  • Regular third party penetration test
  • Data Backups and Disaster Recovery
  • Authentication and Authorization
  • Training and Awareness
  • Data Segregation and Retention
  • Encryption in-transit and at-rest
  • Regular third party penetration test
  • Data Backups and Disaster Recovery
  • Authentication and Authorization
  • Training and Awareness
  • Data Segregation and Retention
  • Encryption in-transit and at-rest
  • Regular third party penetration test
  • Data Backups and Disaster Recovery
  • Authentication and Authorization
  • Training and Awareness

Data Security: Organizational and technical measures

Data Segregation and Retention

Intenseye’s system ties each user’s ID with exactly one tenant, which is then used to access the Intenseye Service. All the objects are tenant-based so every time a new object is created it is irrevocably linked to the user’s tenant. The Intenseye system manages these links automatically and restricts access to every object based on user ID, user role, and permissions and their respective tenant. When a user requests any sort of data, the system automatically applies a tenancy filter to ensure that it retrieves only information corresponding to the user’s tenant.

Encryption in-transit and at-rest

Intenseye encrypts every attribute of customer data within the application before it is stored in our database. Intenseye relies on the Advanced Encryption Standard algorithm with a key size of 256 bits. User’s access Intenseye via the internet, protected by Transport Layer Security (TLS). This secures network traffic from passive eavesdropping, active tampering, and forgery of messages.

Regular third party penetration test

Vulnerability assessments and penetration testing of the Intenseye network infrastructure is also evaluated and conducted on a regular basis by both internal Intenseye resources and external third-party vendors.

Data Backups and Disaster Recovery

We have developed a Disaster Recovery Plan that covers emergency and non-emergency conditions to ensure that the company will be able to continue supporting its customers. Intenseye has defined a mature approach to ensure that its information and data are backed up securely and frequently and that its restoration occurs in the most timely and efficient manner possible.

Authentication and Authorization

Intenseye security access is role-based and supports SAML for single-sign-on (SSO). Intenseye allows customers to set up different authentication requirements for different user populations. Intenseye also enables users to select an authentication type in situations where organizations wish to use multiple authentication types for users due to geographical and/or organizational variances.

Training and Awareness

All employees within Intenseye are to undergo annual security awareness training initiatives to ensure they stay abreast of significant security issues that pose a credible threat to the organization as a whole, including, but not limited to, Intenseye’s network infrastructure and all supporting system resources. The training and awareness program is reviewed on at least an annual basis to ensure that it is effective for the organization’s current and future state.

Lawfulness of Video Surveillance

In order for a data processing activity to be legal under the GDPR, it needs to be based on one of the six lawful bases for processing personal data, which are Consent, Contract, Legal obligation, Vital interests, Public task and Legitimate interests.

At intenseye, our use of video surveillance meets the standards established by the GDPR since it serves the lawful basis of Legitimate Interests, with the sole purpose of ensuring a risk-free environment in workplaces.

Learn more

Under the GDPR, organizations can use the legitimate interests lawful basis to process personal data for the legitimate interests of the organization or a third party, as long as they don’t infringe on individuals’ fundamental rights and freedoms. 

The purpose of data processing at Intenseye is simple – to create a safe and healthy work environment free of potential hazards.

This purpose of ensuring physical security, protecting the workforce against any workplace hazards, and enhancing occupational health and safety constitutes a legitimate interest for video surveillance, and thus complies with the GDPR.

Data Minimization

The GDPR’s data minimization principle means collecting and keeping only the essential personal data for a specific purpose. This is critical for video surveillance, as excessive collection and storage of personal data can create severe privacy issues.

 

Intenseye only collects the minimum amount of data necessary to achieve our only purpose: Facilitating the elimination of hazards and the maintenance of a safe working environment in facilities.

Data Pseudonymization

GDPR-compliant technique, pseudonymization processes personal data in a way that it cannot be linked to a specific subject without extra info. In video surveillance, this can be done by obscuring faces with face blur algorithms, or completely anonymizing individuals to protect their identities.

 

Intenseye neither collects biometric data nor recognizes faces, and faces are pseudonymised by default face blurring algorithms to prevent retaliation, and protect the privacy. Additionally, Intenseye implements a cutting-edge 3D anonymization technique by removing the individuals from the scene and placing realistic rendered animation on the inpainted image, ensuring irreversible anonymization.

Schedule a demo
Join our community of EHS professionals. Share your knowledge and experience with peers and develop best practices together.
Schedule a Demo