SAFR Privacy Policy

Last modified: December 3, 2024.

 

Welcome to the SAFR® Privacy Policy (“Policy”). This Policy describes the ways in which RealNetworks LLC (“Real”) collects and uses personal information from customers of the SAFR facial and object recognition software solution and the SAFR website (collectively “Services”).

Please note:  SAFR is provided to, and intended for use by, organizations such as schools and businesses. If an organization using SAFR collects personal information about individuals (including images and facial recognition data), that information is subject to that organization’s policies. If Real processes such data, it is because our customer (the organization that uses SAFR) has enabled cloud hosting and our processing is at the direction and on behalf of our customer. If you have questions about the processing of personal information collected through SAFR, or if you wish to exercise rights under the California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation (GDPR), or similar privacy law, you should direct inquiries to that organization. Real is not responsible for the privacy or security practices of our customers, which may differ from ours.

If you are a SAFR customer or a user of the SAFR website, and have any questions about our policies and practices, we encourage you to contact us via the contact information provided at the end of this Policy.

Information We Collect About You.

We collect information that is necessary to provide and improve our Services, to communicate with you, to conduct our operations effectively, and to support customer relations. Information collected may include:

  • Your contact information. This may include information you provide to us when you register for Services, such as: your name, username, and contact details—including your email address, mailing address, telephone number and information about the institution you represent.
  • Information concerning your use of Services. This information may relate to your activities on our SAFR website, including pages visited.
  • Information about your hardware. This information may include your unique device ID (persistent/ non-persistent, MAC or IMEI), hardware, software, platform, and Internet Protocol (IP) address.

How We Use Your Personal Information.

We use information to provide you with our Services, as well as to enable our operations. Such uses might include:

  • Verifying your access rights;
  • Determining whether your device meets our minimum system requirements;
  • Enabling compatibility and interoperability;
  • Initiating automatic updates to downloaded Services;
  • Providing language and location customization;
  • Developing aggregated statistics that help us better understand how our Services are used and how to market them;
  • Improving our Services, such as fixing problems and continually improving the performance of features you may use; and
  • Communicating with you, such as sending you messages concerning your account and customer service issues; asking you to participate in surveys; and delivering news, updates, promotions, and special offers.

When and How We Share Personal Information with Third Parties.

We will not share your personal information with third parties without your consent, except as necessary for the purposes set forth in this Policy. In order to effectively operate our services and also provide optimal customer experience we share personal information with the following partners.

Service providers:

We may disclose personal information about our customers to our service providers in order for them to provide specific services to us. For example, we share personal information with third-party data center service providers such as AWS for secure storage. Our service providers are bound to keep all personal information they process confidential.

Analytics Providers:

We use third-party analytics providers such as Google Analytics to help us compile aggregated statistics about the operation and effectiveness of our websites. Analytics providers set or read their own cookies or other identifiers on your device, through which they can collect information about your use of our websites and those of other companies.  You can learn more about Google Analytics, including how to opt-out, by visiting Google’s Privacy & Terms for Partners.

Third-Party Partners

In some cases, access to certain products and services may require the provision of personal information to a third party. In such cases, this will be stated during the registration process, in the terms of use, through the distribution process, or in a similar manner. The third party’s use of such information is governed by that party’s privacy policy. Please visit the privacy policy of the third party to make sure you understand how they use the personal information you provide to them. If you do not wish for such transfer to take place, you should not register for the applicable product or service.

In addition, SAFR websites may link to third-party websites or services.  Certain products also allow the addition of third-party plug-ins.  This Privacy Policy does not apply to any such third-party websites, services, or plug-ins.

We may transfer personal information in connection with a sale, merger, transfer, exchange or other disposition (whether of assets, stock or otherwise) of all or a portion of a business of Real and/or its subsidiaries.

We may also disclose your personal information, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law; (b) comply with the order of a competent judicial authority in any jurisdiction; or (c) comply with legal process served on Real.

Use of Cookies.

Please see our Cookies Policy for more information about how SAFR and our business partners use cookies and similar technologies, and how You may change your cookies settings.

How to Access, Update and Delete Your Personal Information.

We strive to give you autonomy over your personal information. To access, update or delete your personal information please contact us at safr-support@realnetworks.com.

Please, also refer to the “Contact us on Privacy” section for additional ways of contacting us.

We will also delete your personal information when you delete your account or three years from your last interaction with our Services, whichever occurs first.

EU DATA PROTECTION RIGHTS

If the processing of personal data about you is subject to European Union data protection law, you have certain rights with respect to that data:

  • You may request access to, and rectification or erasure of, personal data;
  • If automated processing of your personal data is based on a contract with you or your consent, you have certain rights to data portability;
  • If the processing of personal data is based on your consent, you have a right to withdraw consent at any time (without affecting the lawfulness of processing that occurred before its withdrawal); and
  • You have a right to object to, or obtain a restriction of, the processing of personal data under certain circumstances.

You may exercise those rights by contacting us as described below. When we are processing data on behalf of another party that is the “data controller,” you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.

 

EU-U.S., UK Extension, And Swiss-U.S. Data Privacy Framework Program.

We comply with the EU-U.S., UK Extension, and Swiss-U.S. Data Privacy Framework Program (collectively “DPF”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the European Union, the United Kingdom, and Switzerland, and have certified that it adheres to the DPF Principles. Our subsidiaries included in our DPF certification also adhere to the DPF Principles. If there is any conflict between this Privacy Policy and the DPF Principles, the DPF Principles shall govern.

In absence of an adequacy decision, Real provides appropriate safeguards for the transfers personal data to a third country or an international organization such as, but not limited to, standard contractual clause, and binding corporate rules. In absence of an adequacy decision and appropriate safeguards, Real will only make an international transfer of personal data if the transfer is necessary for the performance of a contract between You, as the data subject, and the controller, or for the implementation of pre-contractual measures taken at Your request. In some cases, we may remain liable if a third party processes personal data on our behalf in a manner inconsistent with the DPF Principles. To learn more about the DPF, and to view our certification, please visit https://www.dataprivacyframework.gov/list.

If you have a question or complaint related to our participation in the DPF, we encourage you to contact us via our contact information below. For any complaints related to the DPF that cannot be resolved with us directly, you may seek resolution of your complaint by contacting the International Centre for Dispute Resolution, the international division of the American Arbitration Association (ICDR-AAA). As further explained in the DPF Principles, binding arbitration is available to address residual complaints not resolved by other means. We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Changes to Our Privacy Policy.

We revise this Policy as needed to keep it up-to-date with Services. When we do, we will update the date at the top of this Policy. If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on this page. We encourage you to periodically review this page for the latest information on our privacy practices. 

Contact Information.

To ask questions or comment about this Policy and our privacy practices, contact us at:

Privacy Policy Group
RealNetworks LLC
568 First Avenue South, Suite 600
Seattle, WA 98104

 

You can also contact us via:

  • Web form by clicking here; or

Email at mydata@realnetworks.com

    SAFR Guard™ Privacy Policy

    Last Updated December 2, 2024

    This Privacy Policy governs the collection and processing of data through SAFR Guard™ retail camera solution provided by RealNetworks LLC (“RealNetworks”). SAFR Guard is designed for security purposes to assist retailers in preventing illegal activities and maintaining a safe environment by identifying individuals reasonably suspected of engaging in activities such as, but not limited to, shoplifting, fraud, violence, harassment, or other malicious, deceptive or unlawful activities. For information about how we handle your data when you visit our websites, please refer to our Website Privacy Policy.

     

    Privacy Commitment Statement

    We understand that privacy policies can be lengthy, and we know not everyone will read every word. That’s why we want to make it clear from the outset: protecting your privacy is not just a legal obligation for us—it’s a core value. We are deeply committed to upholding the highest standards of care in how we handle, protect, and respect your personal data. This Privacy Policy provides clear answers to the key questions about our data practices—how, when, and why we collect, use, and process your information.

    Our technology is designed to enhance safety, security, and convenience in communities, always with a strong emphasis on protecting individual privacy. By maintaining transparency and ensuring ethical use of personal data, we aim to build trust and contribute to a safer world for everyone.

     

    How Does SAFR Guard Work?

    Cameras installed at the participating stores capture facial images of individuals entering the store.  Captured images are processed locally using in-camera software to create encrypted facial recognition templates. These templates are designed to represent unique facial features and are compared to a secure, in-camera database containing information about individuals reasonably suspected of shoplifting or engaging in other unlawful activities.

     

    How Do We Keep Your Information Secure?

    At RealNetworks, we are committed to protecting the personal information collected and processed through our SAFR Guard solution. To achieve this, we implement robust technical and organizational measures tailored to the level of sensitivity and risk associated with the data. These measures include, but are not limited to:

    • Use of industry-standard encryption to safeguard data both at rest and in transit, ensuring it is protected against unauthorized access.
    • Access to personal data is strictly controlled, with permission granted only to authorized personnel and retailers who require it for legitimate purposes.
    • Routine audits and monitoring to maintain the integrity and accuracy of the solution, ensuring compliance with applicable privacy and security standards.

    By adopting these measures, we strive to ensure that the personal information entrusted to us remains secure and protected while enabling the effective operation of SAFR Guard.

     

    What Personal Data Do We Collect?

    We can process the following types of personal data to support the security purposes of its collection:

    • Facial images (photos) of individuals entering stores, and the unique facial recognition templates relating to the said image.
    • CCTV footage from the camera.
    • Information provided by the retailer about individuals suspected of shoplifting, violence, fraud or other similar suspected criminal conduct within the store. The information includes, but is not limited to, facial images, facial recognition templates, and a description of the suspected criminal conduct.
    • Information on individuals that are suspected of or known to have committed illegal activities in the retail environment, and which have been provided by other retailers who use SAFR Guard.
    • Alerts generated through matches between camera captures and the database.

    SAFR Guard is not targeted to children and we do not intentionally or knowingly collect personal information from children under the age of 13.

     

    How Do We Use Your Information?

    We use personal data for the following purposes:

    • Facial Matching: To identify individuals who match records in a carefully maintained database of individuals reasonably suspected of engaging in unlawful activities.
    • Retailer Support: To help retailers prevent theft by providing actionable alerts.
    • Neighborhood Safety: To enhance security by sharing verified data with other participating retailers within a reasonable geographic area.
    • Customer Inquiries: To respond to requests such as data access, correction, or deletion, where applicable.
    • Audit and Compliance: To maintain accuracy, fairness, and adherence to privacy laws.
    • Improving our Services: To fix problems and continually improve the performance of features.

     

    Who Controls the Data?

    RealNetworks acts as the data controller of SAFR Guard. This means RealNetworks is in control of how the data is handled and secured, ensuring compliance with privacy laws and industry standards. Retailers contribute information about individuals suspected of theft, including their images and reasons for suspicion and have a shared responsibility to upload only valid, accurate and lawful information.

     

    When and How Do We Share Your Information?

    We do not share personal information with third parties without your consent, except as necessary to fulfill the purposes outlined in this policy. In certain circumstances, we may share personal information we collect or receive as follows:

    • With Subsidiaries, Affiliates, and Successors: We may share information with our subsidiaries, affiliates, and successors to support our operations, and to further the security purpose of its collection.
    • With Contractors and Service Providers: We work with third parties who assist us in providing our services. These parties are bound by contractual obligations to maintain the confidentiality of the information and to use it solely for the purposes for which it was provided.
    • With Other Retailers: To enhance the safety and security of a specific geographic location, we may share information provided by retailers about individuals suspected of shoplifting or other related illegal activities. This information may include, but is not limited to, images of individuals, facial recognition templates, and descriptions of the suspected incidents. This sharing is conducted in compliance with applicable privacy laws and aims to foster a safer and more secure retail environment.

    We may also disclose personal information in the following situations:

    • Legal Compliance: To comply with legal requirements, such as court orders, laws, or other legal processes. Whenever possible, we will take reasonable steps to inform you in advance of such requests.
    • Safety and Protection: When necessary to protect the rights, property, or safety of RealNetworks, our customers, or others.

    Your privacy remains a top priority, and any disclosures or uses of information are carefully managed to align with our commitment to data protection and transparency.

     

    How Long Do We Retain Your Data?

    We retain personal information only as long as necessary to fulfill the security purposes described in this privacy policy, and in accordance with the chart below.

     

    Data Type Retention Period and Details
    Encrypted images of non-SOI* Retained for a rolling period of 7 days, deleted automatically if no incident is filed and approved on the image.
    CCTV video from the camera Stored locally for 30 days. Used by retailers for incident review and event creation. Deleted after 30days.
    Facial recognition data of non-SOI Retained up to 1 second on the camera, deleted immediately after processing without leaving the camera.
    Retailer-created incident records Retained for up to 12 months after being reviewed and verified by RealNetworks. Records older than 12 months are revalidated for relevance or purged.
    Internal review or correction requests Records may be purged earlier if flagged for review or upon receipt of a valid correction request.
    Encrypted images and incident data of the SOI Up to 12 months, subject to review every 12 months to determine if continued retention is necessary.
    Matched SOI images added to the image gallery Held for up to 12 months, reviewed periodically for relevance.
    Facial recognition data of the SOI Deleted immediately after verification of match or retained for up to 12 months if linked to an incident. Retained beyond 12 months after review and determination that continued retention is necessary up to another 12 months.

    *Subject Of Interest

     

    This policy ensures data is retained only as long as necessary to maintain system efficiency, accuracy, and fairness, while upholding privacy standards.

     

    What Rights Do You Have?

    We respect the privacy rights of all individuals. If you believe your data is included in our system, you may exercise the following rights:

    • Right to Access: You have the right to request access to copies of your personal data processed by RealNetworks. If applicable, a small administrative fee may be charged for this service.
    • Right to Rectification: If you believe any information we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it promptly.
    • Right to Erasure: Under certain conditions, you have the right to request that we delete your personal data. We will honor such requests where required by law or when the data is no longer necessary for its intended purpose.
    • Right to Restrict Processing: Under certain conditions, you have the right to request restrictions on how we process your personal data.
    • Right to Object to Processing: If you believe our processing of your personal data is inappropriate, you have the right to object to such processing. We will review and respond to your objection promptly, in accordance with applicable laws.
    • Right to Data Portability: Where applicable, you have the right to request that your personal data be transferred to another organization or directly to you in a structured, commonly used, and machine-readable format.

     

    Contact Us

    For questions or concerns about this privacy policy, or to exercise any of your privacy rights, you can reach us at:

    Privacy Policy Group

    RealNetworks LLC

    568 1st Avenue S, Suite 600

    Seattle, WA 98104 USA

    You can also contact us via:

     

    Changes to Our Privacy Policy

    We may update this privacy policy from time to time to reflect changes to our services, practices or legal requirements. When updates are made, the “Last Updated” date at the top of this policy will be revised. If any material changes are introduced, we will reasonably notify you through a prominent notice on this page. We encourage you to review this page periodically to stay informed about our privacy practices and any updates.

    At RealNetworks, we believe technology should be used responsibly, respectfully, and for the common good. We are proud to offer a solution that promotes security, and helps retailers maintain safety while upholding the privacy rights of individuals. Thank you for trusting us!