Announcing Aurora Flow - our most advanced genAI model. Learn more
LEGAL

Our Position on GDPR

Eluviant Data Protection Guidance  ·  July 2026

OVERVIEW

Eluviant is committed to supporting our customers and partners in meeting their GDPR obligations.

The General Data Protection Regulation (GDPR) requires organisations to protect the personal data and privacy of individuals, and to give them the means to exercise their rights over that data. Because CCTV and video analytics involve personal data, this applies directly to how our technology is deployed and used.

Our software is designed with data protection in mind from the outset, and we provide the technical capabilities, documentation, and guidance needed to help you deploy and operate our platform compliantly.

We are clear about where responsibility sits. Our customers determine how and why their systems are used, and remain responsible for their own compliance. Eluviant and our Integrator partners support that responsibility as processors, providing the platform and the safeguards it depends on.

PRIVACY BY DESIGN — TRANSPARENCY

Provide clear signage and accessible privacy notices for all monitored areas.

  • Provide clear signage before individuals enter any monitored area
  • Publish a full privacy notice explaining the purpose of monitoring, how long footage is kept, and how individuals can exercise their rights
  • Avoid placing cameras in areas with a high expectation of privacy, such as washrooms or changing areas
  • Clearly explain any use of video analytics in your privacy notice, in accessible language
LAWFUL BASIS AND NECESSITY

Identify and document a lawful basis for every camera and analytics feature before deployment.

  • Confirm that monitoring is necessary and proportionate to its stated purpose, and consider whether a less intrusive approach would achieve the same result
  • Complete a Data Protection Impact Assessment (DPIA) where processing is likely to be high risk, such as large-scale monitoring or the use of advanced analytics
  • Ensure any use of facial recognition or watch-list functionality is separately justified and documented
DATA SECURITY

Restrict access to footage and system functions to authorised users only, based on role.

  • Maintain individual named accounts and strong authentication practices
  • Keep systems patched and hardened in line with the Security Hardening Guide
  • Periodically review access logs and security configuration
DATA RETENTION

Set a retention period no longer than necessary to achieve your stated purpose.

  • Configure automated deletion so footage does not outlive its retention period
  • Apply privacy masking to exclude out-of-scope areas from capture
  • Review retention settings periodically as your deployment or its purpose changes
SUPPORTING INDIVIDUAL RIGHTS

Maintain a process for locating, reviewing, and providing footage in response to access requests.

  • Be able to delete footage on request where there is no legitimate ground for retention
  • Ensure analytics outputs are reviewed by a human before informing any decision about an individual
  • Make it easy for individuals to understand how to contact you about your use of their data
GUIDANCE AND SUPPORT

We provide a set of GDPR guidance documents and templates to support you.

To support you further, we provide a set of GDPR guidance documents and templates covering data protection roles, security configuration, and best practice for compliant deployment. These are further supported in our GDPR Customer Guidance document. We work with integrators to support end users in the best implementation of these practices during product configuration.

For further information, please contact your Channel Partner or reach out to Eluviant directly at info@Eluviant.com