This is the Privacy & Cookies Policy (the “Policy”) of Purple Transformation Group (Company No. 13145293) under the laws of England and Wales whose registered office is at The Granary, Kingston House Estate, Kingston Bagpuize, Oxfordshire, England, OX13 5AX (hereafter “PTG”, “we” or “us”). This Policy describes the ways in which PTG collects and uses information about you when you access and use its SiYtE software (the “Software”), as well as what data is collected and used by PTG in connection with the Software itself.
PTG may change this Policy at any time and, where you are a user of the Software, when this happens we will notify you of any changes to this Policy via the Software platform, with any material changes being notified to you via e-mail. The changes will apply to your use of the Software after we have notified you. If you do not wish to accept the new Policy you should stop using the Software. If you continue to use the Software after the changes, your continued use of the Software shows us your agreement to be bound by the new Policy.
If we have collected information about you to incorporate into the Software, unless you object to the information we have collected about you (which you can do as set out in this Policy), you agree to us collecting and using such information as set out in this Policy.
This Policy was last changed in April 2022.
For the purposes of data protection legislation, PTG is the controller for the processing of your personal data and has registered with the Information Commissioner’s Office (“ICO”). PTG’s registration number is ZB282656.
Your e-mail address
Name
Department/Role
A user access token placed via the use of a cookie as set out below
When you choose to engage us to use our Software
To allow you to access and use our Software
Contractual necessity and/or legitimate interests. We need this information to authenticate you as a user and allow you to access and use our Software
Image data being snapshots of a particular station area which may include individual people in such image. Such individuals will, however, immediately have their faces blurred and so be anonymised upon our first processing of this image
On a daily basis.
In order for the customer to get a visual representation of the particular station area in order to better understand the analytics data provided by the Software
Legitimate interests. This legitimate interests based processing does not outweigh the rights/freedoms of the passengers because: (a) in a very high percentage of cases a passenger wouldn’t be able to be recognised anyway; and (b) even where they were to be able to be recognised the blurring of their faces happens so quickly that the small risk of someone being able to recognise such passenger is outweighed by the benefits the use of the Software has on that passenger in relation to e.g., making the station safer to use, easier to use and so forth moving forward.
Anonymous analytics data
On a continuous basis
As the core feature of our Software i.e., providing analytics
N/A – the data is anonymous
Some of the information PTG collects from you is passed to third parties. These third parties are:
Our storage provider, currently AWS
Bizmate S.R.L, Via G. Leopardi, 96 95127 Catania, our subcontractor which has developed and offers V-App, used in connection with our provision of the Software
Our regulator (the ICO) and other professional advisers that we may work with from time to time such as our lawyers and accountants
Other companies within the PTG group
In anonymised form, PTG may share the information with
any third party, in relation to the sale of some or all of PTG’s business, or its assets, or as part of any business restructuring or reorganisation. PTG will take steps with the aim of ensuring that your rights continue to be protected if your personal data is transferred under these circumstances;
data aggregators and platform providers as part of an analysis of user metrics or sales performance; or
law enforcement agencies in compliance with law enforcement.
PTG is not responsible for the privacy policies and practices of other sites even if you access them via the Software platform. You should check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.
PTG has implemented technology and policies to safeguard your privacy from unauthorised access and improper use.
We store your personal data in the UK. We retain your personal data for as long as reasonably necessary in line with the purposes for which it was originally collected. Where we engage any third party which transfers your personal data outside the UK and/or EEA then we ensure that we have in place appropriate agreements with such third party dealing with any adequacy requirements and transfer impact assessment requirements as required under applicable data protection legislation.
Cookies are small text files that are placed on your device when you use the Software. PTG’s use of cookies is detailed below.
To find out more about how cookies work, how to manage and delete them and to see which ones have been set please visit www.aboutcookies.org or www.allaboutcookies.org.
PTG uses cookies and similar technologies in the following ways when you use the Software:
PTG uses the following necessary cookies to: (a) manage sessions between customers/users and the AUTH server; and (b) to store access & refresh tokens.
authorizationCode
limited availability (60 min)
bound to a clientId and userId
can be exchanged for an accessToken and refreshToken once
accessToken
limited availability (2h)
bound to a userId
can be used for an unlimited number of requests before expiration
JSON web token, containing the basic user profile
refreshToken
unlimited availability (never expires)
bound to a userId
can be exchanged for a new accessToken and refreshToken once
Login flow
Redirect to the login page (passing response_type=code, redirect_uri and client_id as query parameters).
Exchange client credentials (and TOTP) for an authorizationCode.
Redirect to the callbackUrl (passing the authorizationCode).
Exchange authorizationCode for an accessToken and refreshToken.
Exchange refreshToken for a new accessToken and refreshToken, when accessToken is expired/invalid.
Redirect to the logout page on logout.
You can contact us using the details set out in paragraph 10 below if you wish to: (i) access a copy of the personal data that we hold about you; (ii) correct any items of personal data that we hold about you; and/or (iii) have any items of personal data that we hold about you erased or object to our processing of such items of personal data. Please note that the foregoing rights only apply to the information set out in paragraph 2. The information set out in paragraph 3 is anonymous (in the case of the analytics data) or we process it to make it anonymous (in the case of the image data). In order to exercise your rights (where permitted by law to do so) in connection with such image data, you will need to contact the entity which is responsible for placing such smart cameras at the particular location.
If at any time you would like to contact PTG about your views on this Policy or any enquiry relating to your personal information, you can do so by sending an e-mail to us at data@purpletransform.com or write to us at “Data Protection Query, Purple Transformation Group, The Granary, Kingston House Estate, Kingston Bagpuize, Oxfordshire, England, OX13 5AX”. You also have the right to make a complaint to the ICO by contacting them at any time.
If you have any questions regarding how your data is used don't hesitate to get in touch and we will be happy to answer as soon as possible.
Contact us