Sierra Portugal, S.A. proved that its IT-based service “Retail Movves (as implemented by Sonae Sierra)” complies with EU data protection law. Customers of Sierra can be sure that processing of MAC IDs and IMSIs of their mobile devices for the purpose of analysis of visitor flows in shopping centers is in line with the high requirements of EU data protection law: MAC IDs and IMSIs are de-identified immedately and only aggregated (de-identified) information is used for statistical analysis.
Retail Movves (as implemented by Sonae Sierra)
Function as provided in February 2015
Qualification: IT-based service
15/04/2015 – 30/04/2017
08/2016: Service currently not in use!
Sierra Portugal, SA
Torre Colombo Ocidente
Rua Galileu Galilei nº2 – 3ºPiso
1500 – 392 Lisboa
Retail Movves (as implemented by Sonae Sierra) adheres to the principle of data avoidance and minimisation: (1) Collected GUIDs are de-identifed by means of salted hashes immediately. (2) De-identified information is aggregated prior to being transmitted to a central server (where it is available for statistical evaluation).
If visitors of shopping centers in which Retail Movves has been implemented do not want their MAC ID and IMSI to be collected by means of the ToE, then their only option is to switch off their mobile devices for the duration of their visit to the respective shopping center.
The IT-based service Retail Movves (as implemented by Sonae Sierra) is a visitor flow analytic solution for indoor environments. Its objective is providing management information in a statistical way, to support shopping center managers in taking the best decisions. The seal at hand is not awarded for the Retail Movves software that is at the core of the service, but for the implementation of this software by Sierra Portugal at various shopping centers that are run by Sierra. Integral part of each implementation is the installation of antennas that passively collect MAC IDs and IMSIs from visitors’ mobile devices.
The ToE works as follows: Passively collected GUIDs (MAC ID and IMSI) are de-identified by means of salted hashes immediately after their collection. The original data is then discarded without any delay. De-identified information that is related to movements of a single person within a shopping center and that may contain the hashed GUIDs is usually deleted within a day. Only aggregated data is transmitted to a central server and available for statistical analysis by means of a graphical user interface. In the highest resolution, aggregated data is available in the form of hourly snapshots.
Transparency is ensured by means of a pictogram. This pictogram is printed on stickers that are then placed in the entrance doors of a shopping center where Retail Movves is deployed. On the sticker, the pictogram is accompanied by very basic information about the ToE. In addition, the sticker comes with reference to more detailed information that may be accessed by means of a specific website or a flyer that is available inside of the shopping center.
Flyer and website provide privacy-relevant information about the ToE. Among others, visitors are informed that they must switch-off their mobile devices in order to be excluded from data processing by means of Retail Movves.
Sigacus Gestion, S.L.
Plaza Azkoitia, 5, 2-D,
20011 Donostia San Sebastian
Inês Antas de Barros
Vieira de Almeida & Associados
Av. Duarte Pacheco, 26
1070 – 110 Lisboa
Formerly Certified Versions