Product Privacy Sheet - Genetec™ Security Center

This document is a supplement to the Genetec Privacy Policy available at www.genetec.com/legal/privacy (the “privacy policy”) and applies to the following Genetec Product (the “Product”): Genetec™ Security Center.

Overview

As part of your use of the Product, you (either you as an individual, or the legal entity that you represent, as applicable; referred to as “you”, “your” or “yours”), or your users, may upload, receive or generate certain information or data (“Data”). This document outlines what type of Data is concerned and to what extent Genetec (also referred to as “we”, “us” or “our”) may access, store, use or otherwise process (referred to as “processing”, “process” or other similar words) your Data.

Deployment environment

Please keep in mind that the Product deployment environment may impact the scope of Data processing. It is therefore essential to determine how the Product will be deployed in order to fully understand the implications of Data access.

The deployment in a “Local Environment” means that the Product is deployed in an infrastructure not provided by Genetec, all Data is stored in the data hosting systems and servers provided by you and is not made available to Genetec except as outlined in this document.

The deployment in a “Cloud Environment” means that the Product is deployed in the hosting environment provided by Genetec (and hosted by Microsoft Azure in its secure Azure data centers). The environment will normally contain the data of other Genetec customers, but each customer’s respective Data is logically segregated so that no one single customer may see or access other customers’ Data. Your Data will not be visible to any other customer using their instance of the Product from the same Cloud Environment.

When the Product is provided in a combination of a Cloud Environment and a Local Environment, we refer to such deployment as a Hybrid Environment. In these cases, the accessibility of the Data will vary according to the design of the deployed Product. Please refer to the description of Data use cases above to determine how such Data will be processed by us.

What type of Data will be captured by the Product?

Common components

Directory

The Security Center Director (“Directory”) is the component of the Product that manages all system configurations, settings and other Data listed below, which will all remain in the Product until it is deleted.

User Data: The Directory is responsible for the authentication of all user connections and, as such, will capture user identifiers to uniquely identify authorized users. This includes their name, e-mail address, and contact information that is configured in the Product. Additionally, the Product keeps a record of all user activities as part of its audit trail, which may also include changes to the system configuration made by each user. By default, this Data is stored for a period of 90 days, but you may disable its capture.

Usage Data: The Directory captures certain non-personal statistical and usage Data, such as the user action type, the type of capture (manual or automatic), and so forth. Usage Data does not contain any of your personal or confidential Data.

System configuration: Various Data regarding your configuration settings will be captured by the Product through the Directory, such as the operating system language used, your Product identification, the version of the Genetec products installed on your device, and so forth.

GUS and SAM

The Product includes two connected services that you may enable at your discretion: GUS and SAM.

The first, the Genetec Update Service (GUS), enables you to update your Product when a new release becomes available to you. Among other things, GUS allows you to receive automated software and firmware updates, security notifications and other relevant non marketing content. To do so, GUS collects Data about your system usage, comprised of directories, roles, units, entities that you have in your security system and their availability (up and down times), which does not contain any personal information.

The second, the System Availability Monitor (SAM), allows your system administrators (which may include your system integrator) to have a general overview of the status and availability of any security systems connected to the Product. To do so, SAM will use the same Data as collected by GUS to compile statistics on the availability and health of the Product, such as the uptime percentage, the average time between errors and the average time an entity takes to come back online. SAM requires an active subscription to Genetec Advantage program to operate.

To facilitate proactive support and improve communication, GUS and SAM are configured to allow Genetec to receive Data described above by default. You may choose to enable GUS and SAM on an anonymous basis, meaning that all the Data submitted to Genetec will be kept in an aggregate manner with the like Data from other Genetec customers and we will not be able to identify you as the source of such Data. You may also select to disable GUS and SAM, in which case no Data will be collected. Please note, however, that these last two options might limit some of the respective service’s capabilities.

Optional components

As the Product is a modular platform, you need to obtain a license to use one or more of its optional components to fully leverage the capabilities of the Product. The Data collected by the Product will vary depending on the component covered by your license, as described below.

Omnicast™

Omnicast™ is our video management system, the core function of which is to record and enable you to manage video footage from your connected cameras. Omnicast™ is only available for deployment in Local Environments and, as such, none of the Data listed below will be made available to Genetec.

Video recording and metadata: The Product captures video recording from each camera enrolled in the Product, including the associated metadata, including timestamps, geolocation, and so forth.

Device Data: The Product will also capture Data on the connected cameras, such as their respective name and model. This information will also be used by the Product to recommend and make available to you firmware updates available for such cameras, where the feature is supported.

AutoVu™

AutoVu™ is our automatic license plate recognition system. AutoVu™ works natively with our AutoVu™ Sharp cameras. These cameras are designed to capture relevant Data allowing you to use them with AutoVu™, Genetec Patroller™ and/or Genetec Motoscan™ systems. To provide protection against system or network failures, these devices are designed to capture, and store internally, license plate identification, images and metadata (including timestamps and the geolocation) until such Data is offloaded.

Below is a list of the Data collected and stored as part of your use of AutoVu™, irrespective of the infrastructure in which you deploy the Product. AutoVu™ systems are available for deployments in Local, Cloud or Hybrid Environments. Additionally, the Data collected as described below is stored according to the retention periods you define, which may vary depending on the type of Data.

License plate identification: The Product will capture and recognise all license plate identification to enable you to geographically locate the vehicle identified using the Product. This includes the license plate number and the state / province / country of issuance.

Images and metadata: The Product further captures images of a vehicle identified using the Product, as well as the associated image metadata, such as the vehicle’s make and model, its speed, relative motion and the like. This may include images of the license plate of the vehicle, the vehicle itself and images of the surrounding areas, which may include images of individuals passing by at the time the images were captured.

Device Data: The Product captures device Data on the AutoVu™ Sharp cameras connected to your AutoVu™ system, including the name and model of the connected cameras. The Product will further capture unique device identifiers on devices used to capture the Data of the vehicle identified using the Product, which may include unique identifiers of cameras, computers, sensors and other hardware or software used to capture and process such Data as part of the use of the Product.

Event Data: Based on your configuration of the Product, it will use the license plate identification, images and metadata (as described above), as well as the time when the captured event occurred and its geolocation to generate Data related to the event, such as parking sessions information and parking ticket transactions.

You may also choose to import additional Data into the Product, such as permit lists and hot lists. With this imported Data, you can further configure the Product to handle events to include whether a vehicle is being looked for or not, whether a permit is valid or not, the capacity of the parking lot visited, descriptive information of vehicles you are looking for, and so forth.

Genetec Patroller™ and Genetec Motoscan™

Just like AutoVu™, Genetec Patroller™ and Genetec Motoscan™ are our specialized license plate recognition software. However, Genetec Patroller™ is intended for in vehicle deployments only, while Genetec Motoscan™ is intended for deployments on scooters and similar mobile vehicles. Genetec Patroller™ and Genetec Motoscan™ may connect to your instance of AutoVu™ but are designed to be autonomous and disconnected. Depending on your needs, you can therefore choose to store all Data locally, until offloaded into AutoVu™.

License plate Data: The Product will capture the same license plate Data as captured by AutoVu™ and described above.

Event Data: The Product will capture the same event Data as captured by AutoVu™ and described above.

Configuration settings: The Product will collect various information regarding its settings, such as whether the Product is configured for traffic or law enforcement purposes, and the version of the Genetec Patroller™ used.

IP address: Finally, the Product will share its IP address with your instance of AutoVu™, and vice-versa, to ensure that the two systems interconnect to enable you to offload your Data from Genetec Patroller™ to AutoVu™.

Synergis™

Synergis™ is our access control system and allows you to control people access and flow on your site.

Permanent users and visitor Data: To allow you to configure access rights, the Product will collect various Data about the individuals to whom you grant such access rights, whether they are permanent users (such as your employees or contractors) or visitors. This includes the first and last name of these individuals, as well as any other attributes that you choose to enter to identify a person. Depending on your choice, these custom fields may include personal Data. This Data will be stored in the Product until you decide to delete it.

Access history: The Product will collect Data regarding the access history of a permanent user or a visitor, such as the places visited, the check-in and check-out time, if an access was denied or granted and the reason for the denied access, and so forth. By default, access history Data will be kept in the Product for a period of 90 days, but you may choose a different retention period.

Device Data: To leverage the Product and associate access rights with entry points, various Data related to the devices and the physical location they control will be collected, such as the name and model of the door sensors, the name of the access control readers, the format of the access cards, the door name, the name of an area or a zone, and so forth.

Federation™

Federation™ allows you to connect multiple Security Center installation instances that you use to secure your premises into a single virtual system. Federation™ allows you to use individual instances of Security Center to view, manage and control remotely other compatible Security Center installation instances forming part of your virtual system.

Federation™ does not store any Data, but solely allows remote access and transfer of your Data between interconnected Security Center instances forming part of your security infrastructure. However, certain Data related to your federated systems will be retained in the Directory of your local Security Center system, such as the name of your connected cameras, and other non-personal Data. In the case of Synergis™, a copy of your Permanent users and visitors Data (as defined above) will also be stored in the Directory. The retention period for this Data is configured by you.

Genetec Citigraf™

Genetec Citigraf™ enables you to connect sensors and other data sources to have a centralized view of your operations. It solely allows remote access to Data from connected sources and is not designed to store any of that Data. Genetec Citigraf™ may, however, allow you to retain the geolocation and timestamps for events that you choose to track to improve event searching capabilities.

Genetec Citigraf™ is only available for deployment in Local Environments.

Genetec Mission Control™

Genetec Mission Control™ is our collaborative decision management system. Available for deployment only in Local Environments, Genetec Mission Control™ remotely accesses Data from connected sensors and security devices to guide your security team to follow your organization-specific processes when an event (such as an incident) occurs.

Genetec Mission Control™ allows remote access to Data from connected sources and is not designated to store any of that source Data.

Incident Data: To allow for efficient incident management, the Product will collect various Data related to each captured incident, including the time at which it occurred and the source of the event. This Data will be retained in the Product for a period of 90 days by default, but you may choose to define a different retention period.

Operator performance Data: You can further monitor the performance of your operators and the actions taken to resolve the incident. As such, the Product will therefore retain the time to response and the time to resolution to each incident. Plus, the Product allows you to pre-set questions to be answered by your operators and provides a section should you or your operations wish to add comments in relation to a specific incident. This Data will be retained in the Product for a period of 90 days by default, but you may choose to define a different retention period.

Sipelia™

Sipelia™ allows you to make, receive and manage session initiation protocol (SIP) based voice and video calls over a network.

Audio/Video recording and metadata: To allow you to manage your calls, either to answer them, forward them or put them on hold, the Product will capture various Data related to the calls received. This includes the audio and video recording of the call, the call start and end time, the call type, the call state, and so forth. By default, this Data will be kept for a period of 30 days, but you may choose a different retention period. The Product also allows you to solely retain video or audio content, or none, as part of your retention configuration.

Device information: The Product captures Data related to the devices connected to it, such as the name of the intercom, the intercom extension, and so forth. This Data is captured to allow you to generate reports based on your needs.

Third-Party Software and Plugins

The Product further allows you to connect to compatible third-party software, hardware and plugins in order to import Data into the Product. Therefore, depending on your configuration and these third parties’ policies, your Data may be accessible to them. In this event, such access is subject to their own terms and conditions and is expressly excluded from the scope of this document.

The same applies to the various add-ons that you can procure to complement the Product, which are not covered by this document.

Data access

Your Data may be accessed only by the authorized system administrators (which may include your system integrator) and users with appropriate access privileges, as defined by you.

To the extent that you deploy the Product in a Local Environment, no Data will be made available to Genetec, except for GUS and SAM, when enabled.

To the extent that you deploy the Product in our Cloud Environment, your Data will be processed in our data centers in the manner described in this document. A limited number of our employees will have access to your Data to enable us to provide you with the service.

To that extent that Genetec provides support to you with regards to the Product, our support team will only have access to information that you submit to us as part of your support request or to which you decide to grant us access through the Product. As such, in certain cases, we may ask you to share additional information with us to be able to respond to your request for support. Unless otherwise stated in this document, Genetec employees will not have access to your Data.

Data ownership

You will always remain the owner of your Data. You are fully responsible for the content of your Data, which includes obtaining all rights, consents, authorizations and other approvals from all relevant third parties which may be necessary for you to make available your Data to us as part of your use of the Product, and for us to process your Data in accordance with the terms of our privacy policy and this document.

This document has been last updated on December 4, 2019. The latest version of this document may be found at www.genetec.com/legal/pps-gsc. We invite you to subscribe to the legal notifications in our Email Subscription Center to, among other things, be notified of any major changes to this document.