At Dexibit, we take privacy seriously. This includes:
- Facilitating presentations, workshops and webinars on best practices for managing visitor privacy in the attractions industry
- Providing additional resources such as whitepapers and advisory tips to to help our customers understand more about visitor privacy
- Pursuing a strategy which avoids using personal data for analytics purposes where possible
This policy was last updated 28th January 2020 and may change from time to time; any amendments will apply from the date published here.
General Data Protection Regulation (GDPR)
Dexibit is a Data Controller of data it collects via its website, newsletter, customer management or software use and a Data Processor of data it receives from client venues. As a Data Controller, our legal basis for collecting data is dependent on your consent to the processing of your personal data for the specific purposes identified in this policy, for the performance of a contract to which you are a party or in order to take steps at your request prior to entering a contract or as necessary for pursuing a legitimate interest as outlined in this policy. Under the GDPR, European Union citizens have the right to be informed, to access, to rectification, to be forgotten, to restrict processing, to portability, to procession and not to be subject to automated decision making.
Mobile Location Analytics Code of Conduct
Dexibit aligns with the Mobile Location Analytics Code of Conduct. We make a public commitment to maintain depersonalized data, to not to try to reidentify data and to prohibit downstream recipients from trying to use data to identify a particular individual. For more information about location analytics or to log a request with the industry’s Central Opt Out facility, see smart-places.org.
Engaging with a venue powered by Dexibit
Dexibit provides big data analytics to visitor attractions, to help them make data informed decisions which power our cultural future. To do so, we integrate with systems or otherwise receive a variety of data such as footfall counters, WiFi presence, ticketed admission, membership management, point of sale, email marketing, social media, website traffic, tourism, events, weather and more. We store a copy of this data in our system and process it to predict and analyze visitor behaviour. The client venue retains ownership over this data and may extract it from Dexibit.
If you physically visit one of these client venues or otherwise engage with it via a digital channel (such as visiting a website, downloading an app or interacting over social media), data about your visit may be shared with us. Where the source systems of this data hold personally identifiable information such as your name or email address (for example, if you submitted this information to join a membership program), we redact this data so that personally identifiable information is not stored on our systems, to respect your privacy. Other data we consider to be delicate but not identifiable is often hashed, to further protect your privacy. Where we integrate with location positioning technologies (such as WiFi) we treat this data only as aggregate traffic, pursue suitable safeguards via our security standards, do not identify this data to an individual’s behavior and do not allow reverse look up.
We retain data we receive for the length of our commitment to our customer and may share benchmark industry insights taken from aggregate data. We will not otherwise share data with third parties, however if we are required by law or believe it necessary to protect our rights, we may disclose your information to a legal process or proceeding.
We recommend to these venues that they:
- Comply with all privacy regulations applicable to their organization and consider a higher ethical standard
- Indicate to you if the WiFi network is used for analytics purposes (including signage in the venue and notes in the WiFi access policy)
- Encourage the appointment of a privacy officer, conduct privacy audits and improvements and review privacy processes such as forget requests
- Consider providing a means for you to visit the attraction anonymously and only ask you for information they need and use it for only stated intentions
If you wish to remain anonymous during your visit, you can also select not to share your data with the venue, turn off your device’s WiFi and Bluetooth, set your web browsing to private and not download any apps provided by the venue.
Any questions about your privacy at an attraction you have visited should be directed to that organization in the first instance.
Browsing our website
Subscribing to our newsletter
When you subscribe to our newsletter we record your name, email address and interests to provide regular updates. You can update your information or unsubscribe at any time. If you are a shareholder, we are contractually and legally required to provide you with regular updates. We will not share your data with third parties, however if we are required by law or believe it necessary to protect our rights, we may disclose your information to a legal process or proceeding.
Using Dexibit’s software
When your organization purchases a subscription to Dexibit as a client venue, we record personal information to aid communication, provide the services and complete billing.
In becoming a user we record your name, email address, venue and role. You will receive an email notification to confirm your subscription and be able to access your data to update it. You can elect to provide additional information such as a profile picture and your preferences. We use this information to provide you with access to Dexibit and to personalize the content we show you. If you no longer wish to be a user of Dexibit, your account administrator can remove your access.
Your Dexibit settings let you decide whether you wish to receive additional notifications, such as automated reports via email. Your colleagues may also send you notifications via Dexibit. Your account administrator will be able to see your information, edit it on your behalf or adjust your access. Our system administrators will also be able to see your information, edit it on your behalf or adjust your access in order to provide you with our services.
Dexibit and the cloud
Because our website and software are managed on the cloud, data is transmitted across the Internet and stored in our servers hosted with Amazon Web Service (AWS) in the United States or processed by our partners such as Google Analytics who access data on our behalf to provide us with services bound by confidentiality and security commercial requirements. As we are a global business, we may need to send your information to our teams in various countries to provide our services, including engineering in New Zealand and customer service in the United States. We have taken steps to protect your information, however the security of information on the Internet cannot be guaranteed and if you are not satisfied with this risk, you should not share your information with us.
Your rights and responsibilities
You can always contact us to:
- Access your own personally identifiable information
- Make amendments to your own personally identifiable information
- Ask us to remove your own personally identifiable information
Dexibit is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
What you need to do:
- Make sure to keep your Dexibit login credentials safe and notify us as soon as you are aware your security may be at risk
- Be responsible for keeping your information up to date
- If you ever need to share information with us on another person (such as adding new users), you need to ensure you have their consent
If Dexibit is involved a merger, acquisition or asset sale, your data may be transferred as part of that transaction and this policy will apply to your data under the new entity.