AV1 Privacy Statement
The data controller is No Isolation AS (Norway), No Isolation BV (the Netherlands), No Isolation GmbH (DACH) and No Isolation Ltd (UK) jointly. No Isolation AS is the main responsible and contact point.
AV1 is developed with privacy as a basic principle. We collect as little data as possible and have taken a number of security measures to protect the data we process.
Learn more about which personal information we collect, what security measures we take and which rules apply when individuals, organisations and schools or municipalities purchase AV1.
Personal data
Briefly explained: We collect name and contact information data belonging to our Customers. We do not store personally identifiable information from the AV1 user. Some metadata is collected when AV1 is in use for the purpose of invoicing and support.
Customer data
When you (school, organisation, municipality or a child's parents) conclude a subscription agreement with us, we collect and process the following data:
- Name
- Phone number
- E-mail address
- Delivery address
- Payment details
The information is stored for the duration of the customer agreement in order to administer the customer relationship we have with you, and to fulfil our obligations.
Livestream data
While using AV1, a direct stream is sent from the classroom between the AV1 and a separate AV1 app that the child uses. During this stream, audio and video data are transmitted from the robot to the AV1 app, and audio data can be transmitted from the AV1 App to the robot.
The stream is end-to-end encrypted, which means that it is not possible for anyone other than the user of the app to access what is happening in the classroom. The video stream cannot be stored, either by No Isolation, the user or anyone else.
As we only collect personally identifiable information on customers, we do not know who the user of the AV1 app is, only the subject which the AV1 device has been purchased from. The AV1 app collects metadata about usage needed for proper billing and necessary technical support.
The metadata logged is:
- Length and quality of video transmission
- Date and time of video transfer
- Wireless network information
- Connection Strength
- Cellular Network Information
The information is only linked to the robot's serial number and customer, and it is therefore not possible for No Isolation to directly identify who the user of the AV1 app is. All metadata is furthermore anonymized when there no longer is an active subscription for AV1. Personal data can also be deleted on request by sending an email to privacy@noisolation.com.
Only technical personnel at No Isolation subject to the duty of confidentiality have access to the information mentioned above. The information is never disclosed to third parties, unless it is subject to mandatory law. No Isolation will notify the data subjects by requesting the disclosure of information to other parties unless it follows from mandatory law that it is not allowed to notify the registered persons.
Our administration system (AV1 Admin Portal)
AV1 customers administer their AV1s through our administration system, the AV1 Admin Portal. Access control in the AV1 Admin Portal is divided into two roles: An Admin and an Assistant.
An Admin has access to all the AV1s that are connected to the customer’s main contact person (for example all AV1s allocated to a single school). In connection with the use of the administration system, the following data for all relevant AV1s is available to the administrator:
- the AV1s nickname
- Its' status (allocated or not)
- If the AV1 is connected or not (in current use or not)
- If the AV1 is blocked from use
- Which school the AV1 is allocated to
- The AV1s serial number
The purpose of this is to give the AV1 Admin a full overview of the AV1s the Customer owns. By having this overview, the Admins are also able to easily identify and resolve any technical issues pertaining to the use of the AV1.
An Admin can also assign an Assistant to one or more AV1s. The Assistants have access to the same information and functionalities as Admins relating to the AV1(s) assigned to them.
Donations
In some cases where an AV1 has been donated, for example from a foundation or an organisation, there will be a need to keep an overview of whether an AV1 has been used. The overview will then be shared with the foundation or organisation that has donated AV1. The user must be informed of this by the organisation/foundation.
Privacy by design
Briefly explained: To safeguard the privacy of users and those around the robot, and to ensure that video streaming is as secure as possible, we apply a measures to improve inherent privacy by design. Examples are the on/off button, the end-to-end encryption of the live stream, data minimisation steps and prohibitions against misusing the AV1.
The robot clearly shows when the user is connected
When the user is online, the AV1 lights its’ eyes and head. This way, people around the AV1 can know when the live stream is active.
AV1 when the user is connected
The robot can be turned off
If it is not appropriate to use AV1 at a given time, you can turn off the robot with a button on the back next to the charging input.
One user
The first time the user connects to their AV1, they use a one-time keyword. Then, he/she creates a secret PIN. The terms of the app state that parents/others are not allowed to connect to AV1, and it is considered a breach of contract if they do so. No Isolation has the ability to permanently remove the user's access.
The user can only be connected with one device at a time, and must use a new one-time keyword if they are to change device. They then lose access to the original device.
End-to-end encrypted video stream
The video-stream is end-to-end encrypted, and it is only possible to access the stream for the app user. Neither No Isolation nor anyone else can access and decrypt the stream with any measures reasonably likely to be used.
No audio or video data may be stored
It is only possible to use AV1 in real time. This means that you cannot record or store a video stream.
If the user attempts to take a screenshot during streaming, he/she will be warned that it is not allowed, and will be blocked from using AV1. Administrators and school assistants (with permission to unblock) can unblock the AV1 in the Admin portal. For iOs devices, the screenshot saved will furthermore only be a white picture. On Android devices, it is not possible to take a screenshot at all.
It is also not possible to connect the tablet or phone to an external TV or computer monitor to display the video stream. Both screens will then go black, and the user will then be banned from the app. In both cases, the user must contact their administrator or No Isolation’s support team to unlock their access again. No Isolation has the ability to permanently remove the user's access.
Network Overview
Your rights
You have the right to request access, correction, restriction of processing, and deletion of your personal information. You also have the right to complain to the relevant Data Protection Authority.
Joint processing responsibility
No Isolation AS, No Isolation BV, No Isolation GmbH and No Isolation Ltd have joint processing responsibility for processing personal data.
Subprocessors
No Isolation uses the following subcontractors to deliver the service:
- Amazon Web Services Inc. is a cloud service provider that we use for our servers that process metadata and customer data. The processing takes place in the EU/EEA.
- Google Cloud EMEA Limited provides us with e-mail services for customer support and internal communication purposes. The processing takes place in the EU/EEA.
- Simple Analytics B.V grant is used to get insight on AV1 Admin Portral usage on an aggregated and non-identifiable basis. The processing takes place in the EU/EEA.
- Aircall SAS provides telephony services that we use to provide support to our customers or users with enquiries regarding our services. The processing takes place in the EU/EEA.
- Hubspot Ireland is a CRM provider which we use for live chat and email services for customer support and other customer inquiries. The processing takes place in the EU/EEA.
- Odoo SA provides us with necessary billing and accounting services. The processing takes place in the EU/EEA.
Data sent out of the EU/EEA
Some of our subprocessors use processors who are either located in the USA, or who have engaged sub-processors who are located in the USA. The legal grounds for this transfer is the Data Privacy Framework entered into between the EU and US, adopted July 2023.
For transfers to other third countries, the legal basis for these would be either the European Standard Contractual Clauses (SCCs) which we have entered into with each of our subprocessors, or an Adequacy Decision where applicable. You can find a complete list of our subprocessors here.
Technical measures are in place ensuring that the livestream video or audio data can neither be accessed, transmitted or in any other way made available for anyone else other than the End User. This includes No Isolation’s staff and the company’s processors, making it impossible to transfer such data outside the EU/EEA.
Our contact information
No Isolation Ltd, company number: 11744705
Phone number: +44 20 3695 9242
Address: The Trampery, 239 Old Street, EC1V 9EY, London, UK
