Keeping Wellington safe one ID at a time!
We have started to use the PatronScan software to ensure that we are continuously improving the level of safety within our venues in Wellington. This means that regardless of age, everybody needs current identification to enter the bar. The ID is then scanned and basic details are saved to hold people accountable to their actions whilst on our premise.
Is PatronScan compliant against privacy laws across the world?
- We believe that it is fully compliant. In all consultations and investigations, the Patronscan system has been found to comply with all privacy laws in their respective jurisdictions. Patronscan limits the collection of personal information, uses of that information, and offers Patrons the ability to challenge flags that they believe are inappropriate.
Is data given away or sold?
No personal data is provided to third parties outside of law enforcement and venue staff. Again, unless a patron is flagged, data is permanently deleted shortly after visiting an establishment.
Can patrons request copies of their data?
Patrons have the right to request what private information has been collected, used and/or disclosed by navigating to the appropriate privacy page on the PatronScan website. On their privacy page you can do this by clicking on the “I want to dispute a flag” or “I want to check my info” buttons and by filling out a disclosure request form. Once Patronscan has received the completed form, a response will be provided within 10 business days.
How is data protected?
Patronscan uses a variety of security technologies and procedures to help protect patron personal data from unauthorized access, use or disclosure. Patronscan stores all personal data on computer servers with access controls and that are located in controlled facilities. When, transmitting sensitive data over the internet, Patronscan protects it through the use of encryption software such as software adhering to the Secure Socket Layer (SSL) protocol. Patronscan also encrypts all data stored on its database server.
Patronscan only uses certified data centers to store all data collected. The data centers are SSAE16 SOC 2 certified, security reviewed facilities with existing infrastructure of industry standard server and security technology. Procedures are in place to restrict logical access to this data center and client systems.
Who has access to the data?
The venue owner and management staff have limited access to this data for a short period of time. If the venue needs to log an incident and place a patron on the flagged list for example, the venue can reference a photo and data such as name, age, and gender. For an added layer of protection, Patronscan has enabled different user types, with limited access. Only users with administrative access can view patron personal data (usually management and/or security).
Patronscan combines all non-personally identifiable data points such as postal/zip codes, age and gender to create summarized totals reports. This information is cross-referenced with publicly available census data. The summarized totals reports contain aggregate data such as scan counts for the night and never contain any personal information about any specific individuals.
In case of a major incident concerning public safety, law enforcement may obtain access to a venues data, but only when an official investigation has been launched. The three conditions in which law enforcement may request Patronscan information include:
1. The law enforcement agency has identified its lawful authority to obtain the information.
2. The law enforcement agency has indicated that the disclosure is requested for the purpose of enforcing a law in its jurisdiction, carrying out an investigation relating to the enforcement of any such law, or gathering intelligence for the purpose of enforcing any such law.
3. The law enforcement agency has provided an investigation number or any other uniquely identifiable number that can be traced back to the purpose of the disclosure request.
What data is stored & how long for?
Unless a patron is flagged, data is retained for a limited period of time before being permanently deleted. This period allows crime victims sufficient time to report a crime and for law enforcement to review patron records to identify the alleged assailant(s). It is common for victims to report crimes several days to weeks later. Data is permanently deleted after 30 days in Australia and New Zealand
The only data that is saved beyond the above time frames is specific to patrons that are on the flag list.
Frequently Asked Questions: