Privacy-by-design: GDPR-compliant proactive safety

At intenseye, we are dedicated to protecting your data by strictly adhering to the EU's General Data Protection Regulation (GDPR), which is reflected in our use of cutting-edge security measures and protocols to ensure the secure handling of your information. Rest assured that your data is in safe hands with Intenseye.

View details

GDPR Compliance Overview

Privacy by Design and by Default

The Privacy by Design and by Default principle of the GDPR mandates organizations to integrate personal data protection into the design and default settings of their products and systems. Intenseye prioritizes privacy and has implemented privacy-by-design strategies at every stage of the platform development to safeguard individuals’ information while providing valuable insights to businesses for maintaining safety in their facilities.

Transparency

The GDPR mandates organizations that use security cameras and video surveillance systems to inform their employees and third parties involved in recording about the surveillance. Intenseye prioritizes transparency and recommends its customers to inform their employees and contractors about the collected security camera data for improving occupational safety in their facilities.

No biometric data processing

The GDPR applies to the storage of biometric data for unique identification, but video footage alone does not qualify as biometric data unless it involves measuring physical, physiological, or behavioral characteristics. Intenseye complies with these requirements by never storing biometric data, using technology to blur faces in images and videos, and implementing a cutting-edge 3D anonymization technique to make employees completely unidentifiable.

  • Data Segregation and Retention
  • Encryption in-transit and at-rest
  • Regular third party penetration test
  • Data Backups and Disaster Recovery
  • Authentication and Authorization
  • Training and Awareness
  • Data Segregation and Retention
  • Encryption in-transit and at-rest
  • Regular third party penetration test
  • Data Backups and Disaster Recovery
  • Authentication and Authorization
  • Training and Awareness
  • Data Segregation and Retention
  • Encryption in-transit and at-rest
  • Regular third party penetration test
  • Data Backups and Disaster Recovery
  • Authentication and Authorization
  • Training and Awareness

Data Security: Organizational and technical measures

Data Segregation and Retention

Intenseye’s system ties each user’s ID with exactly one tenant, which is then used to access the Intenseye Service. All the objects are tenant-based so every time a new object is created it is irrevocably linked to the user’s tenant. The Intenseye system manages these links automatically and restricts access to every object based on user ID, user role, and permissions and their respective tenant. When a user requests any sort of data, the system automatically applies a tenancy filter to ensure that it retrieves only information corresponding to the user’s tenant.

Encryption in-transit and at-rest

Intenseye encrypts every attribute of customer data within the application before it is stored in our database. Intenseye relies on the Advanced Encryption Standard algorithm with a key size of 256 bits. User’s access Intenseye via the internet, protected by Transport Layer Security (TLS). This secures network traffic from passive eavesdropping, active tampering, and forgery of messages.

Regular third party penetration test

Vulnerability assessments and penetration testing of the Intenseye network infrastructure is also evaluated and conducted on a regular basis by both internal Intenseye resources and external third-party vendors.

Data Backups and Disaster Recovery

We have developed a Disaster Recovery Plan that covers emergency and non-emergency conditions to ensure that the company will be able to continue supporting its customers. Intenseye has defined a mature approach to ensure that its information and data are backed up securely and frequently and that its restoration occurs in the most timely and efficient manner possible.

Authentication and Authorization

Intenseye security access is role-based and supports SAML for single-sign-on (SSO). Intenseye allows customers to set up different authentication requirements for different user populations. Intenseye also enables users to select an authentication type in situations where organizations wish to use multiple authentication types for users due to geographical and/or organizational variances.

Training and Awareness

All employees within Intenseye are to undergo annual security awareness training initiatives to ensure they stay abreast of significant security issues that pose a credible threat to the organization as a whole, including, but not limited to, Intenseye’s network infrastructure and all supporting system resources. The training and awareness program is reviewed on at least an annual basis to ensure that it is effective for the organization’s current and future state.

Lawfulness of Video Surveillance

In order for a data processing activity to be legal under the GDPR, it needs to be based on one of the six lawful bases for processing personal data, which are Consent, Contract, Legal obligation, Vital interests, Public task and Legitimate interests.

At intenseye, our use of video surveillance meets the standards established by the GDPR since it serves the lawful basis of Legitimate Interests, with the sole purpose of ensuring a risk-free environment in workplaces.

Learn more

Under the GDPR, organizations can use the legitimate interests lawful basis to process personal data for the legitimate interests of the organization or a third party, as long as they don’t infringe on individuals’ fundamental rights and freedoms. 

The purpose of data processing at Intenseye is simple – to create a safe and healthy work environment free of potential hazards.

This purpose of ensuring physical security, protecting the workforce against any workplace hazards, and enhancing occupational health and safety constitutes a legitimate interest for video surveillance, and thus complies with the GDPR.

Principles of Data Processing

GDPR describes seven (7) principles to ensure privacy while processing personal data. At Intenseye, all of our data processing activities are conducted in accordance with these principles to safeguard the privacy and protection of personal data.

Lawfulness, Fairness, and Transparency

Personal data must be processed in a lawful, ethical and transparent manner with a valid reason and without causing harm to individuals.

Purpose limitations

Personal data must only be collected for specified, explicit and legitimate purposes with the individual's knowledge.

Data minimization

Personal data collected must be relevant, limited and essential, only necessary information should be gathered and stored.

Accuracy

The GDPR requires accurate and up-to-date personal data, with systems in place for individuals to update it.

Storage limitations

Personal data must only be kept for necessary time, with proper security measures and removal of unnecessary data.

Integrity and confidentiality

Data controllers must ensure the protection of personal data's confidentiality and integrity from unauthorized actions, loss, damage, or destruction.

Accountability

Data controllers are accountable for ensuring GDPR compliance in data processing.

Data Minimization

The GDPR’s data minimization principle means collecting and keeping only the essential personal data for a specific purpose. This is critical for video surveillance, as excessive collection and storage of personal data can create severe privacy issues.

 

Intenseye only collects the minimum amount of data necessary to achieve our only purpose: Facilitating the elimination of hazards and the maintenance of a safe working environment in facilities.

View details

Data Pseudonymization

GDPR-compliant technique, pseudonymization processes personal data in a way that it cannot be linked to a specific subject without extra info. In video surveillance, this can be done by obscuring faces with face blur algorithms, or completely anonymizing individuals to protect their identities.

 

Intenseye neither collects biometric data nor recognizes faces, and faces are pseudonymised by default face blurring algorithms to prevent retaliation, and protect the privacy. Additionally, Intenseye implements a cutting-edge 3D anonymization technique by removing the individuals from the scene and placing realistic rendered animation on the inpainted image, ensuring irreversible anonymization.

View details

Other certifications Intenseye has taken

SOC 2 Type I

Intenseye has officially received SOC 2 Type I Report, covering the Security, Availability, Privacy, and Confidentiality principles.

SOC 2 Type II

Intenseye has been certified SOC 2 Type II for maintaining high levels of information security and data protection.

EU Seal of Excellence

Intenseye has been awarded the Seal of Excellence by EU Horizon Research and Innovation Fund.

AI Ethics Lab

Intenseye follows The Ethics Guidelines for Trustworthy Artificial Intelligence (AI) from European Commission and is independently audited by AI Ethics Lab.

Penetration Test

Intenseye regularly tests its application and network-level security.

Resources

View all resources
Journey to zero: A guideline to an injury-free workplace
Blog

Journey to zero: A guideline to an injury-free workplace

David Lemon
David Lemon
-Aug 24, 2023
Misleading EHS Indicators – ROI and Cost
Blog

Misleading EHS Indicators – ROI and Cost

Evren Şener
Evren Şener
-Jul 27, 2023
Mastering Test Reporting with Allure
Blog

Mastering Test Reporting with Allure

Nurdan Akman
Nurdan Akman
-Jul 20, 2023
View all resources
Schedule a demo
Join our community of EHS professionals. Share your knowledge and experience with peers and develop best practices together.
Get a demo
Schedule a Demo
Contact Us
Our website uses cookies

Our websites use cookies. By continuing, we assume
your permission to deploy cookies as detailed in our
Privacy Policy.