Privacy & Cookie Policy
How we handle your data

This is the Privacy & Cookies Policy (the “Policy”) of Purple Transformation Group (Company No. 13145293) under the laws of England and Wales whose registered office is at The Granary, Kingston House Estate, Kingston Bagpuize, Oxfordshire, England, OX13 5AX (hereafter “PTG”, “we” or “us”). This Policy describes the ways in which PTG collects and uses information about you when you access and use its SiYtE software (the “Software”), as well as what data is collected and used by PTG in connection with the Software itself.

PTG may change this Policy at any time and, where you are a user of the Software, when this happens we will notify you of any changes to this Policy via the Software platform, with any material changes being notified to you via e-mail. The changes will apply to your use of the Software after we have notified you. If you do not wish to accept the new Policy you should stop using the Software. If you continue to use the Software after the changes, your continued use of the Software shows us your agreement to be bound by the new Policy.

If we have collected information about you to incorporate into the Software, unless you object to the information we have collected about you (which you can do as set out in this Policy), you agree to us collecting and using such information as set out in this Policy.

This Policy was last changed in April 2022.

  1. ICO registration:

    For the purposes of data protection legislation, PTG is the controller for the processing of your personal data and has registered with the Information Commissioner’s Office (“ICO”). PTG’s registration number is ZB282656.

  2. Information we use about you if you engage with us to use our Software (as a customer admin or individual user):

    What information do we collect and process?

    • Your e-mail address

    • Name

    • Department/Role

    • A user access token placed via the use of a cookie as set out below

    When do we collect this?

    When you choose to engage us to use our Software

    How do we use this information?

    To allow you to access and use our Software

    Our reasons

    Contractual necessity and/or legitimate interests. We need this information to authenticate you as a user and allow you to access and use our Software

  3. Information we use about you within the Software:

    1. What information do we collect and process?

      Image data being snapshots of a particular station area which may include individual people in such image. Such individuals will, however, immediately have their faces blurred and so be anonymised upon our first processing of this image

      When do we collect this?

      On a daily basis.

      How do we use this information?

      In order for the customer to get a visual representation of the particular station area in order to better understand the analytics data provided by the Software

      Our reasons

      Legitimate interests. This legitimate interests based processing does not outweigh the rights/freedoms of the passengers because: (a) in a very high percentage of cases a passenger wouldn’t be able to be recognised anyway; and (b) even where they were to be able to be recognised the blurring of their faces happens so quickly that the small risk of someone being able to recognise such passenger is outweighed by the benefits the use of the Software has on that passenger in relation to e.g., making the station safer to use, easier to use and so forth moving forward.

    2. What information do we collect and process?

      Anonymous analytics data

      When do we collect this?

      On a continuous basis

      How do we use this information?

      As the core feature of our Software i.e., providing analytics

      Our reasons

      N/A – the data is anonymous

  4. Sharing your information with third parties:

    Some of the information PTG collects from you is passed to third parties. These third parties are:

    1. Our storage provider, currently AWS

    2. Bizmate S.R.L, Via G. Leopardi, 96 95127 Catania, our subcontractor which has developed and offers V-App, used in connection with our provision of the Software

    3. Our regulator (the ICO) and other professional advisers that we may work with from time to time such as our lawyers and accountants

    4. Other companies within the PTG group

    5. In anonymised form, PTG may share the information with

      1. any third party, in relation to the sale of some or all of PTG’s business, or its assets, or as part of any business restructuring or reorganisation. PTG will take steps with the aim of ensuring that your rights continue to be protected if your personal data is transferred under these circumstances;

      2. data aggregators and platform providers as part of an analysis of user metrics or sales performance; or

      3. law enforcement agencies in compliance with law enforcement.

  5. Links to third party websites:

    PTG is not responsible for the privacy policies and practices of other sites even if you access them via the Software platform. You should check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.

  6. Security:

    PTG has implemented technology and policies to safeguard your privacy from unauthorised access and improper use.

  7. Storage and Data Retention:

    We store your personal data in the UK. We retain your personal data for as long as reasonably necessary in line with the purposes for which it was originally collected. Where we engage any third party which transfers your personal data outside the UK and/or EEA then we ensure that we have in place appropriate agreements with such third party dealing with any adequacy requirements and transfer impact assessment requirements as required under applicable data protection legislation.

  8. Cookies:

    1. What are Cookies?

      Cookies are small text files that are placed on your device when you use the Software. PTG’s use of cookies is detailed below.

    2. More information

      To find out more about how cookies work, how to manage and delete them and to see which ones have been set please visit or

    PTG uses cookies and similar technologies in the following ways when you use the Software:

    Necessary Cookies

    PTG uses the following necessary cookies to: (a) manage sessions between customers/users and the AUTH server; and (b) to store access & refresh tokens.


    1. limited availability (60 min)

    2. bound to a clientId and userId

    3. can be exchanged for an accessToken and refreshToken once


    1. limited availability (2h)

    2. bound to a userId

    3. can be used for an unlimited number of requests before expiration

    4. JSON web token, containing the basic user profile


    1. unlimited availability (never expires)

    2. bound to a userId

    3. can be exchanged for a new accessToken and refreshToken once

    Login flow

    1. Redirect to the login page (passing response_type=code, redirect_uri and client_id as query parameters).

    2. Exchange client credentials (and TOTP) for an authorizationCode.

    3. Redirect to the callbackUrl (passing the authorizationCode).

    4. Exchange authorizationCode for an accessToken and refreshToken.

    5. Exchange refreshToken for a new accessToken and refreshToken, when accessToken is expired/invalid.

    6. Redirect to the logout page on logout.

  9. Exercising your rights:

    You can contact us using the details set out in paragraph 10 below if you wish to: (i) access a copy of the personal data that we hold about you; (ii) correct any items of personal data that we hold about you; and/or (iii) have any items of personal data that we hold about you erased or object to our processing of such items of personal data. Please note that the foregoing rights only apply to the information set out in paragraph 2. The information set out in paragraph 3 is anonymous (in the case of the analytics data) or we process it to make it anonymous (in the case of the image data). In order to exercise your rights (where permitted by law to do so) in connection with such image data, you will need to contact the entity which is responsible for placing such smart cameras at the particular location.

  10. PTG Details:

    If at any time you would like to contact PTG about your views on this Policy or any enquiry relating to your personal information, you can do so by sending an e-mail to us at or write to us at “Data Protection Query, Purple Transformation Group, The Granary, Kingston House Estate, Kingston Bagpuize, Oxfordshire, England, OX13 5AX”. You also have the right to make a complaint to the ICO by contacting them at any time.

Still have questions?

Contact us

If you have any questions regarding how your data is used don't hesitate to get in touch and we will be happy to answer as soon as possible.

Contact us