Privacy by design - MindEarth

SECURITY & PRIVACY

Privacy by Design.
Security by Default.

Overview

MindEarth collects and processes different types of location-based data using advanced AI-based technologies with the aim of providing its customers a wide range of information on consumer goods, physical infrastructure and human behavior. This includes geo-referenced, time-stamped street-level imagery and third-party mobility records and satellite imagery.

This includes both first-party and third-party data.

First-party data. MindEarth produces and operates hardware and software designed to take photographic images from both private and public open spaces and to extract information on detectable visible features in a certain area using machine learning technologies which also include face detection algorithms.

Third-party data. MindEarth obtains data licenses from third party suppliers and brokers for the processing of commercially available information and data, in order to create products and services. This includes, but is limited to user interaction with retail locations, websites, applications, and devices (including mobile device type and advertising identifiers, such as Apple IDFA or Google Advertising ID, and location data).

In both cases, personal and sensitive data is treated following principles of lawfulness, fairness and transparency and ensuring that processing is adequate, relevant and limited to the stated purpose, abiding to the provisions of the General Data Protection Regulation (GDPR) and the New Federal Act on Data Protection (nFADP).

MindEarth takes these obligations seriously and develops all its hardware, software and services, following a "Privacy by Design" and "Privacy by Default" philosophy. Additionally, to ensure the protection of data security and the respect for the privacy of all data subjects, and to avoid accidents, leaks and breaches, MindEarth set up and constantly updates a set of organizational and technical measures, the most important of which are listed below.

Secure data storage

All street-level data collected and processed by MindEarth is locally encrypted immediately at collection, transmitted in real-time to a secure cloud server located in the EU and provided by a AICPA SOC 2 Type II certified third-party provider and permanently deleted from the local drive to prevent any unauthorized access.

Image anonymization

This form of processing occurs immediately after transmission and ensures that any information about the number of faces in an area belonging to a specific gender or age group, or about the number, make and color of a vehicle are extracted without storing any information on identifiable natural persons. Full-body obfuscation is performed for any image containing people collected at sensitive locations (i.e. hospitals, worship places, military areas, brothels) and, in any case, within 6 months from collection.

This form of processing occurs immediately after transmission and ensures that any information about the number of faces in an area belonging to a specific gender or age group, or about the number, make and color of a vehicle are extracted without storing any information on identifiable natural persons. Full-body obfuscation is performed for any image containing people collected at sensitive locations (i.e. hospitals, worship places, military areas, brothels) and, in any case, within 6 months from collection.

Operational transparency

Operators collecting street-level images using MindEarth’s acquisition systems are provided with uniforms so as to make the audience aware that pictures are being taken and with business cards reporting contact information details and linking to MindEarth’s information notice on the processing of personal data by means of links or QR codes. At any moment, if an individual found that a certain image should be removed, for either personal, privacy or security reasons, they can report it to MindEarth’s dedicated communication channel for review, and, potentially, removal.

These are some of the ways in which MindEarth takes care of your right to privacy. For a complete list, you can refer to our Privacy Policy or contact our Data Protection Officer.