We share a subset of SOI personal data with our Subscribers when a facial recognition alert is generated by our system, comprising: facial image(s); alert date; the percentage of certainty that the images are a match and a gallery of images held of the subject of interest; offence type and any warning markers (e.g. violence) which is the minimum amount of data we believe we can share to achieve the purposes noted above. Using automatic age estimation, we choose not to record as SOIs nor generate alerts for children under 18 or adults aged 80 or over unless, by their recorded actions, they pose a threat to the safety of others or themselves.
We share the SOI data with a subscriber premises when a facial recognition alert is generated for those premises based on what we believe is adequate, relevant and necessary for achieving the purpose of preventing and detecting crime. A subscriber may only see SOI images in incidents that they have uploaded.
The lawful basis for processing SOI personal data is that it is in our legitimate interest and that of our subscribers to do so.
We have to comply with a higher threshold of compliance when processing criminal offence data and using facial recognition algorithms, which are deemed to be Special Category data under UKGDPR. We lawfully process this data because we are able to demonstrate that it is necessary in the Substantial Public Interest for us to do so. The substantial public interest is the prevention and detection of crime.
We retain SOI data for a period of up to 12 months from their last recorded incident. Findings of no crime, not guilty or cessation of proceedings will lead to removal of that incident record against the SOI.
SOI alert records are retained for 48 hours to enable the audit processes to take place.
When an alert has been generated the biometric data of the match is always deleted instantly to ensure no tracking is possible.