The following Privacy Policy governs the online information collection practices of WINTLT TECHNOLOGIES PRIVATE LIMITED (Visu.ai). It outlines the types of information that we gather about you while you are using our website https://www.WINTLT TECHNOLOGIES PRIVATE LIMITED.com/ and the ways in which we use this information.

Introduction about your organisation – Please add or edit the below content

At Visu.ai, we’re a team of innovators with deep expertise in retail operations and advanced AI technologies. After managing retail stores across Europe and Asia, we identified a silent profit killer—theft. From customer shoplifting to internal losses, the problem persisted while traditional CCTV systems failed to offer proactive solutions.

We set out to change that. Visu.ai is the industry’s first Vision Analytics startup, transforming existing CCTV cameras into smart theft prevention tools. Our AI-powered solution helps retailers reduce losses by up to 70% within months, significantly boosting profits and delivering lasting peace of mind.

If you wish to exercise your privacy rights, have any questions, suggestions, concerns or complaints please contact our Data Protection Officer by emailing dpo@visu.ai

We operate under the Data Protection Act 2018 incorporating the UK General Data Protection Regulations (collectively referred to below as the DPA).

What we do

We provide systems and process personal data and special category personal data for the prevention and detection of crime. Our AI solution detects shoplifters in real time and blocks repeat offenders with facial recognition, reducing theft by up to 70% and boosting your profits. Visu.AI are the Data Controller for all personal data we process. Our customers are businesses (subscribers) who must display signage saying that Visu.AI facial recognition is in operation.

The Visu.AI Real Time Alerting system uses facial recognition to instantly alert a subscriber when a person reasonably suspected of involvement in crime (a Subject of Interest – SOI) enters their premises. See below for a fuller description of a SOI.

Subscribers are able to report new SOIs through incidents of crime which include a formal witness statement to justify an offence has taken place and the reasonable grounds to suspect the SOI as responsible. Visu.AI reviews every incident to ensure both are demonstrated. The Subscriber can only view incidents and SOIs that they have uploaded.

Your rights under the DPA are as follows:
The right to be informed – Subscribers are responsible for displaying "CCTV under surveillance" signage, not Visu.AI. Details on processing and your rights are available in our privacy notice on our website.

• The right to rectification – we will fulfil your right to rectify any inaccurate personal data concerning you.

• The right to erasure – Article 17 UKGDPR lists the circumstances where you have the right to be forgotten and have data concerning you erased from our records. We will fulfil this right where it exists in the listed circumstances.

• The right to restrict processing – Article 18 UKGDPR lists the circumstances where you have the right to obtain from us a restriction of processing. If one of these circumstances apply we will restrict our processing of your personal data in the ways required by Article 18.

• The right to data portability – this right is not applicable in our processing activity.

• The right to object – we will fulfil your right to object to us processing your personal data where the requirements of Article 21 UKGDPR apply.

• Rights in relation to automated decision making and profiling – this right is not applicable in our processing activity due to the meaningful human involvement in decision making during our processing.

• Right of access: The right of access – you have the right to submit a Subject Access Request in order to obtain from us confirmation as to whether or not we are processing your personal data. Where this is the case we will provide you with a copy of your personal data and additional information required by DPA. A subject access request can be made here or by email to dpo@visu.ai.  We will need to obtain proof of your identity before providing you with information we hold about you.

• You have the right to submit a complaint to the Information Commissioners Office at www.ICO.org.uk

• If you require more information about items raised in this notice we would recommend the ICO website.

• This privacy notice includes the following information to help you understand clearly how your data is being used.

Explaining AI Decisions

The Visu.AI System examines facial images collected by a dedicated customer’s CCTV camera of everyone entering a subscriber premises and utilises an AI software application to compare the biometric data of those images to a database of SOIs held by Visu.AI.

Where there is a match, the output of the application is a recommendation in the form of an alert that an image may match that of a SOI.

This information is provided to assist a human review by the person receiving the alert who will have sight of the relevant person and be in a position to decide if they consider the match to be accurate. If the person receiving the alert considers the alert image matches the person subject of the alert, they will implement their organisational procedure for responding to a matched alert. If the subscriber determines that the alert is not a match, they can select “No Match.” The alert and associated biometric data will be deleted as per the criteria mentioned -If the alert is tagged as Subject of Interest (SOI), it will be retained for 24 to 48 months. If not tagged as SOI, it will be retained for 35 days.

If the subscriber operates multiple locations, an individual blacklisted at one location will automatically be blacklisted across all locations and globally.

If the subscriber using our app marks someone as theft/SOI, we will notify them the next time that individual enters their store with an alarm in the app subject to Visu.ai analyst verification too.

If there is an event of SOI , then our facial analysts will have the facility to blacklist the user on the subscribers behalf after due diligent evidence verification. 

In effect the algorithms are simply there to filter potential matches to a very high degree of accuracy and then humans take over.

Whose personal data we process
The data we process is different depending on who you are:

•  Subjects of Interest (SOI’s): Individuals reasonably suspected of carrying out unlawful acts (evidenced by personal witness or CCTV) who have been uploaded to Visu.AI by our business subscribers to our database of SOIs.

•  Members of the Public:
Subscribers are responsible for displaying "CCTV under surveillance" signage, not Visu.AI. Details on processing and your rights are available in our privacy notice on our website.

•  General enquiries: Individuals who contact us through our website or by phone for more information

We explain below what personal data we process and how we use that data using the above definitions.

Subjects of Interest (SOIs)

We hold personal data about SOIs for the purposes of the prevention and detection of unlawful acts.

A person of interest is someone who has been identified as a potential threat to the safety and security of the public, our customer's employees and/or their business. This may include individuals who have been banned from a location, individuals who have committed a crime or individuals who have been involved in anti-social behaviour.

Subscribers upload information about an SOI. This is only accepted by Visu.AI where there are reasonable grounds to suspect that the individual is responsible for an unlawful act. This is strictly controlled and anyone who uploads any data which is not compliant could be subject to fines or censure by the ICO.

Visu.ai maintains a database of SOI facial images for legitimate business requirement"

We convert the facial images captured by CCTV of persons entering a subscriber premises to facial recognition algorithm templates which are then used to compare to the facial recognition template of our database of SOIs and create alerts if there is a potential match. We do not send alerts to subscribers that do not meet our high accuracy standards – all alerts are double checked with a second algorithmic check before sending and only sent if there is at least a 99% similarity or a Visu.AI facial analyst considers there is a match. The alert is then verified by the relevant Visu.AI subscriber before acting on the alert.

If the subscriber decides the alert is not a match, they can select "No Match." The alert and associated biometric data will be deleted according to the following criteria: If the alert is tagged as Subject of Interest (SOI), it will be retained for 24 to 48 months. If not tagged as SOI, it will be retained for 35 days.All alerts, whether sent to subscribers or not, are kept for 7 days to enable our Facial Analysts to review them for accuracy to enable us to continuously improve on the already exceptionally high accuracy of our alerts.

We share a subset of SOI personal data with our Subscribers when a facial recognition alert is generated by our system, comprising: facial image(s); alert date; the percentage of certainty that the images are a match and a gallery of images held of the subject of interest; offence type and any warning markers (e.g. violence) which is the minimum amount of data we believe we can share to achieve the purposes noted above. Using automatic age estimation, we only record individuals under 18 or adults over 80 if they are tagged as Subjects of Interest (SOIs) based on their actions, which may indicate a threat to the safety of others or themselves.

We share the SOI data with a subscriber premises when a facial recognition alert is generated for those premises based on what we believe is adequate, relevant and necessary for achieving the purpose of preventing and detecting crime. A subscriber may only see SOI images in incidents that they have uploaded.

The lawful basis for processing SOI personal data is that it is in our legitimate interest and that of our subscribers to do so.

We have to comply with a higher threshold of compliance when processing criminal offence data and using facial recognition algorithms, which are deemed to be Special Category data under UKGDPR. We lawfully process this data because we are able to demonstrate that it is necessary in the Substantial Public Interest for us to do so. The substantial public interest is the prevention and detection of crime.

We retain SOI data for a period of up to 24-48 months from their last recorded incident other than SOIs with incidents involving Weapons or Assault Causing Bodily Harm or Threat of either which are retained for two years. Findings of no crime, not guilty or cessation of proceedings will lead to removal of that incident record against the SOI.

When an alert has been generated the biometric data of the match is always deleted instantly to ensure no tracking is possible

Members of the Public
Subscribers are responsible for displaying "CCTV under surveillance" signage, not Visu.AI. Details on processing and your rights are available in our privacy notice on our website

The Visu.AI Facial Recognition System works by detecting faces from CCTV sited at our subscriber properties. These images are fully encrypted and transmitted to our highly secure Cloud server where they are converted into a set of facial biometric measurements which are then compared to the Subjects of Interest on our database. If there is no match the biometric data is instantly deleted thereby protecting the data of anyone not on the SOI database.

We keep detected faces from the camera feed and alerts for up to 7 days so that images of individuals reasonably suspected of crime or disorder can be uploaded after the event to the Visu.AI system. All alerts are retained for 7 days to enable our Facial Analysts to review them for accuracy to enable us to continuously improve on the already exceptionally high accuracy of our alerts. No biometric data, other than that of Subjects of Interest, is retained for anything more than an instant.

The lawful basis for processing your personal data is that it is in our legitimate interest and that of our subscribers to do so for the purpose of the prevention and detection of unlawful acts. We have taken every precaution to ensure that it is not disproportionately intrusive on your privacy.

We have to comply with a higher threshold of compliance when processing using facial recognition algorithms which are deemed to be Special Category data under GDPR. We lawfully process this data because we are able to demonstrate that it is necessary in the Substantial Public Interest for us to do so. The substantial public interest is the prevention and detection of crime. We never hold your biometric data for more than an instant, and no-one can ever track where you have been using our system.

Other Recipients of Personal Data

Visu.AI use AWS servers to host our processing operation which includes use of AWS facial recognition software as a service as a secondary check for accuracy alongside our own software. This processing is conducted using a non-storage API operation in which the software does not retain any information discovered about the input image.

Data Retention

If you complete a survey or a form on our website requesting information or call us or submit a subject access request we will retain that data for a maximum of 6 years and use it to follow up with you. The rationale for this period of retention is to comply with the Accountability Principle whereby we must be able to demonstrate our compliance with the DPA. We delete any proof of identity information provided for fulfilment of a subject access request as soon as your identity is verified.

We will retain your email address and name for marketing purposes only if you have opted into this service but this will not be shared with any other organisations.

You can opt out of marketing emails at any time and request us to delete your information at any time using the SAR process explained above.

A record of your telephone calls and e-mails to us may be recorded in our contact management system and may be retained for up to 6 years. We may also intercept communications made to individual members of staff at Visu.AI when this is required for business purposes.

The lawful basis for processing your personal data is that it is both necessary and in our legitimate interest and that of those who communicate with us to do so for the purpose of the efficient conduct of our business.

We balance our legitimate interest against the individual’s interests, rights and freedoms and only use such personal data for the efficient conduct of our business.

Cookies

Our website uses cookie preference management software.
We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

To see the full Cookie Declaration and manage Cookie preferences, click here (please add a link to redirect to your Cookie Policy)

Changes to the Privacy Notice
From time to time we may amend the way in which we process personal data. This may lead to changes in how we collect and/or use your personal information.

We may amend the terms of this Privacy Policy at any time. Please check this page periodically.

Other Websites
We are not responsible for the privacy policies and practices or the content of any websites which are linked to our Website.
Contact us
If you have any queries relating to this Privacy Notice, please contact us by e-mail at: support@visu.ai