The 12CU application provides information in the form of counts about people and buildings. The counts are split into predefined categories. These categories can for example be departments or courses of study. The categories contain a minimum number of people.
In the 12CU application the history of the counts per category is shown through a dashboard with graphs about selected buildings and / or categories. These counts do not contain any data that can be traced to unique persons or a pseudonym created via a hash key, and therefore also does not contain any privacy sensitive information.
In addition to dashboards on which the counts per category are shown with the help of graphs, there are also interfaces (APIs) to gain software access to the results of the counts per category. The results of the counts per category that are offered through the interfaces only contain the results of the counts per category and the categories themselves. No data that can be traced to unique persons or a pseudonym created via a hash key is part of the data offered via the interface.
Both the information shown through the dashboard and the data delivered through the interface (API) are protected with an authorization process per category.The 12CU application is a product of 12CU b.v. from Utrecht, the Netherlands.
For making the counts, location information from the Wi-Fi network is used. The counts of the number of visitors at the same time are made directly in the working memory of the application and are not recorded. Only the result of the counts is recorded as occupancy data.
For counting unique visitors within a week it is necessary to be able to relate the different time moments to unique visitors during this week. To identify unique visitors, a unique anonymous ID is created based on a one-way encryption. See also chapter Encryption.
The 12CU application contains data about categories that belong to usernames. These categories are only used in the process of splitting the results of the counts into the different categories. These categories are not accessible outside the application.
The WiFi location data processed by 12CU falls under the law “Algemene Verordening Gegevensbescherming” (AVG) in the Netherlands. The AVG indicates that personal data is all information about an identified or identifiable natural person. This means that information is either directly about someone or can be traced back to this person.
When processing by 12CU, this concerns the following data:
Protection of privacy is a fundamental right. This right is regulated in the Netherlands in:
These articles indicate that there must be a law for the protection of personal data. So that everyone’s right to privacy is guaranteed.
12CU b.v. is the controller to whom the data processing is outsourced. 12CU b.v. has a number of derived legal obligations based on the AVG, for, among other things, security and confidentiality of the data. 12CU b.v. is aware of the fact that they must meet these legal quality requirements.
The data from the WiFi data is encrypted before it is saved. The method used is PBKDF2 function with sha-512 digest. This encrypted data is only accessible to the 12CU application and not accessible to users. The encrypted data is practically impossible to trace to people without a key.
In connection with the totalization of the counts with regard to unique visitors, it is necessary to keep the encrypted data for at least 1 week. A new key is applied at the transition to a new week.