Privacy

We take privacy and security seriously, and we ensure that the Auror Crime Intelligence Platform (the Platform) and our customers adhere with all relevant privacy legislation. The Platform has been built using Privacy-by-Design principles and we regularly undertake Privacy Impact Assessments to continually improve our privacy practices.

Our public privacy statement explains how the Platform helps customers to gather, use, and share information about events and retail crime lawfully and respectfully. We also provide some of the key callouts from this privacy statement below.

Image of shield

The Purpose

The Platform is designed to protect retailers, their customers and the community from harm by giving retailers, organizations, law enforcement agencies, and their staff (our “Users”), a safe and secure way to gather and use information about events and risks. The Platform then enables Users to access and share their data in a controlled and responsible way.

Auror is a data processor, which means we do not use personal information uploaded by our Users for our own purposes. The Platform stores and processes personal information on behalf of Users and according to the instructions of our Users.

Guiding privacy principles

Our business, products, and services are designed to meet a set of universal guiding privacy principles that underpin privacy laws the world over. Adherence to these principles is important to our company, our customers, and their data subjects.

Be transparent
Ensure that we are as open as possible with the public about the collection and use of personal information. Help customers embrace the privacy rights of their data subjects and consider the people behind the data.

Stay secure
Ensure that we protect the personal information held on our Platform, and only provide access to those that need it.

Data minimisation
Ensure that the platform limits the personal information customers can upload and retain to that which is necessary for the Platform's purposes.

Keeping your information safe

Auror is a Software as a Service (‘SaaS’) platform, accessed via a secure web portal. Auror processes personal data uploaded to the Platform on behalf of the customer and does not sell, license, or share customer data, to any other third-party, without the customer’s permission. For this reason, Auror is regarded as the data processor and the customer owns the data (data controller).This does mean that customers must ensure that they have a lawful basis to collect and process personal data relating to criminal events and offences, and that their use of the platform complies with any local laws.  Retailers already collect this information through their CCTV systems and existing incident reporting processes. However, the collection, storage, and use of this information is often poorly undertaken and without proper storage, security, or use of it. We often see social media platforms and messaging services, such as Whatsapp and Facebook, used by stores to share information and images between them. Auror provides a safe and secure way of managing this information across your organisation with enterprise control of your data.

We adhere to universal privacy principles

Wherever our customers are based, we’ve designed our platform to adhere to a set of universal privacy principles that underpin privacy laws the world over.

Data minimization

Ensuring that data collected and retained on the Platform is necessary.

Security, accountability and control

Ensuring that personal information is protected and secure on the Platform.

Use and disclosure limitation

Ensuring that the Platform has been designed with clear use and disclosure limitations to protect against scope creep and maintain public trust.

Empowering individuals and enabling rights

Ensuring that Auror and its Users have sufficiently considered the people behind the data, is as open as possible with the public, and facilitates key privacy rights.

“Auror has taken a Privacy by Design approach that delivers even stronger default privacy protections for customers and data subjects.”

Daimhin Warner
CIPP/E, Director of Simply Privacy, NZ Country Leader for IAPP
(International Association of Privacy Professionals)

Auror helps retailers comply with privacy legislation

We assist you to ensure your collection, storage, and use of retail offender information meets today’s data and privacy compliance requirements.

NZ & Australian Privacy Principles Compliant

GDPR Compliant

CCPA Compliant

We are data custodians

As a data processor, we’re custodians of personal information and we’ve built the Platform on strong foundations of privacy and security because we want to ensure that our Users can deliver great community outcomes while protecting the privacy of the people involved. The Platform helps Users to:

  • Collect and share only information that is relevant to protecting them and their community from harm, and assisting with public safety and crime prevention.

  • Use information only in ways that support this core purpose.

  • Enable crime reduction in the community.

  • Limit access to information to a closed group of trusted Users.

  • Protect information with strong security safeguards.

  • Delete information when no longer needed.

  • Ensure that the public can exercise privacy rights or raise privacy concerns.

Enabling lawful and respectful processing of personal information

Users rely on the Platform to collate information about retail crime and other similar events to provide them and the other Users in their chosen community, with intelligence that assists with the prevention of crime and the protection of people and assets. The Platform is designed to control the use and sharing of personal information, reducing the reliance on ad-hoc information sharing techniques.

To achieve this, the Platform allows its Users to process personal information to:

  • Prevent any events that may present a risk to a User or to the public.

  • Investigate an event or criminal offence.

  • Prevent criminal offences.

  • Identify repeat offenders and organized crime groups.

  • Notify Police and Law Enforcement that an event has occurred.

  • Provide real-time alerts to other Users.

  • Prosecute or otherwise take legal action in respect of an event or criminal offence

  • Research crime patterns and behaviors.

Auror helps retailers to collect personal information lawfully

Many businesses already collect information on crime and share it with others. However, their collection, storage, use, and disclosure of this information has often been poorly undertaken with manual processes, poor controls, and uncontrolled sharing of information with others. We are helping organizations move away from the bulging file folders in back offices, offender photos stuck on walls, and sensitive information being sent via email and social media platforms. Auror changes all this by modernizing and improving the collection, distribution, use, and de-identification procedures of this information.

We also encourage Users to be open with the public about the personal information they may upload and share with their chosen community. They may do this by displaying signage on their premises or within their own privacy statements.

Sharing and Disclosing Information

Users can determine which trusted third parties it wishes to share its information with (if any). This is controlled at an organization level and the Platform also limits the information a particular user can view on the basis of their role, selected preferences, and the preferences of others in their community.

Where Auror receives a third-party request for personal information, we will always direct this request to the relevant organization that controls that information and assist the User with any requests. We do not use or disclose the personal information uploaded by Users for our own purposes.

We securely and safely store personal information

The Platform is hosted by Microsoft Azure. We take all reasonable steps to keep all data, including personal information, safe and secure. This means we encrypt all information in transit to and from Auror using SSL 256-bit encryption. The Platform is also securely encrypted and Microsoft Azure complies with industry leading security policies and standards.

Check out our Security Page for more information.

We prevent processing that isn’t respectful

As a responsible custodian of personal information, we have built safeguards into the Platform that control the way information can be processed by our Users. All our Users must agree to Terms of Use that limit access to the Platform and the ways in which they can use the Platform.

Here are some specific things the Platform does not facilitate for Users:

  • Racial profiling.

  • On-selling personal information to third parties.

  • Automated decision-making about people.

  • Sharing information about minors outside of their organization (though such information may be used by law enforcement agencies to intervene and assist minors to stay out of trouble).

We help our customers respect their customers’ privacy rights

Everyone has important privacy rights with respect to the data and personal information that is collected and used by our Users. While you can make requests directly to a User and organizations, we’re committed to making sure you can exercise your rights easily - so we’ve created pathways for you to make requests via us to the organization(s) that have uploaded personal information to the Platform. To exercise any of your rights we recommend you get in touch with the User in the first instance. Alternatively please contact us by email (privacy@auror.co) or using our contact form here. Check out the FAQs below for what information you should provide when making a request.

Frequently asked questions

How does information get into the platform?

Auror Customers and their registered users upload information to the Platform using our online reporting form. Information may be collected directly from a person, from a staff member or customer who has witnessed an event in store, or from CCTV footage they have captured. The event reporting form is designed to ensure that users upload only personal information that is relevant, accurate, and up to date.

Why would my information be in the Platform?

If your personal information is on the Platform, it is because a user from a retailer or law enforcement agency has chosen to upload your information.

How do you ensure innocent bystanders are not captured in images?

The Platform has built-in tools to crop and obscure any images of innocent bystanders to ensure that they are not identifiable.

Does Auror comply with GDPR?

Yes. Auror’s Privacy by Design approach and commitment to security and transparency ensures that not only is the Platform compliant as a “Data Processor”, but that use of the Platform supports our customers’ compliance with EU data protection requirements, including those set out in the General Data Protection Regulation (“GDPR”).

Does Auror comply with CCPA?

Yes. Auror’s Privacy by Design approach and commitment to security and transparency ensures that not only is the Platform compliant as a “Service Provider”, but that use of the Platform supports our customers’ compliance with new data protection and privacy requirements, including those set out in the California Consumer Privacy Act (“CCPA”).

How long is information retained?

We make sure Customers don’t hold on to personal information forever. The Platform is configured to help ensure that personal information is retained only for as long as they have a lawful purpose to use it. Information may also be anonymised and aggregated to remove personal information.

Can I request access to my personal information?

Yes - you can make a personal data request to an organization directly or we can assist you by forwarding on your request to the relevant organization(s). Please note that Auror cannot make a decision on your request, but we can help our customers to process requests.

What information should I include in a personal data request?

You should provide your full name, date of birth and the time and location of the incident in order to verify your identity or authority. Once your details have been verified, we’ll notify the organization(s) that may hold your information and help them process your request as soon possible. Please note that Auror cannot make a decision on your request, but we can help our customers to process requests.

How can I complain about use of the Platform?

If you have any concerns about the way someone has collected or processed your personal information on the Platform, you should contact that User directly and let us know at privacy@auror.co. If the User cannot resolve your concerns, you have the right to complain to the data protection authority in the country you live. Ask the User if you’re not sure which authority to contact, or ask us and we’ll try our best to point you in the right direction.

Do you use CCTV or Cameras?

No. Auror is a software platform and does not use or provide cameras. Evidence obtained from CCTV may be put into the Evidence Locker within the Platform to assist with investigating an incident.

How do you work with ANPR / LPR Systems?

Automatic Number Plate Recognition (ANPR) and License Plate Recognition (LPR) systems can detect vehicles and provide a license plate result. These systems can be integrated with Auror to provide this plate data. The Platform has automated processes to handle the collection, storage, and deletion of this data, as well as providing alerts to the right people at the right time.
There is limited access to this data by our Users for the purposes of preventing and investigating crime.